SPOOFING PROTECTION PROTOCOL FOR NETWORK-CONNECTED THINGS

US 20170118187A1
Filed: 10/22/2015
Published: 04/27/2017
Est. Priority Date: 10/22/2015
Status: Active Grant

First Claim

Patent Images

1. A system including instructions recorded on a non-transitory computer-readable storage medium, and executable by at least one processor, the system comprising:

a protocol controller configured to cause the at least one processor to execute a spoofing protection protocol for verifying a message received over a network from a network-connected thing, in the presence of a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing, the protocol controller including a message handler configured to implement the spoofing protection protocol includingreceiving a message identified as originating from the network-connected thing;

executing a verification of a transmission characteristic of the message against an expected transmission characteristic previously stored with respect to the network-connected thing within a transmission characteristic repository, anddetermining whether the message originated from the network-connected thing, based on the verification.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protocol controller may execute a spoofing protection protocol for verifying a message received over a network from a network-connected thing, in the presence of a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing. The protocol controller may include a message handler configured to implement the spoofing protection protocol, including receiving a message identified as originating from the network-connected thing, executing a verification of a transmission characteristic of the message against an expected transmission characteristic previously stored with respect to the network-connected thing within a transmission characteristic repository, and determining whether the message originated from the network-connected thing, based on the verification.

24 Citations

View as Search Results

20 Claims

1. A system including instructions recorded on a non-transitory computer-readable storage medium, and executable by at least one processor, the system comprising:
- a protocol controller configured to cause the at least one processor to execute a spoofing protection protocol for verifying a message received over a network from a network-connected thing, in the presence of a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing, the protocol controller including a message handler configured to implement the spoofing protection protocol includingreceiving a message identified as originating from the network-connected thing;
  
  executing a verification of a transmission characteristic of the message against an expected transmission characteristic previously stored with respect to the network-connected thing within a transmission characteristic repository, anddetermining whether the message originated from the network-connected thing, based on the verification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the message handler is configured to execute the verification including determining that the message shares the transmission characteristic with a second message addressed as having been received from the network-connected thing, and therefore exceeds an expected number of messages from the network-connected thing having the transmission characteristic.
  - 3. The system of claim 1, wherein the message handler is configured to execute the verification including determining that the message does not possess the transmission characteristic, and identifying the message as violating the spoofing protection protocol.
  - 4. The system of claim 1, wherein the message handler is configured to change the transmission characteristic, based on the verification.
  - 5. The system of claim 1, wherein the transmission characteristic includes transmission within an expected time window.
  - 6. The system of claim 1, wherein the transmission characteristic includes a location parameter specifying transmission of the message in accordance therewith.
  - 7. The system of claim 6, wherein the location parameter specifies a geophysical location or route of the network-connected thing.
  - 8. The system of claim 6, wherein the location parameter specifies a network address of the network-connected thing.
  - 9. The system of claim 1, wherein the transmission characteristic includes transmission within an expected time window and a location parameter specifying transmission of the message in accordance therewith, and wherein the message handler is configured to execute the verification including selecting one or both, based on a previous verification of a preceding message from the network-connected thing.
  - 10. The system of claim 1, wherein the message handler is configured to send a request to the network-connected thing using a backchannel to complete the verification.

11. A computer-implemented method for executing instructions stored on a non-transitory computer readable storage medium, the method comprising:
- establishing, with a network-connected thing, an expected plurality of time windows in which messages from the network-connected thing are expected to be received;
  
  establishing, with the network-connected thing, an expected location parameter of the network-connected thing;
  
  receiving a message identified as originating from the network-connected thing and identified as potentially being a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing;
  
  selecting one or both of the expected plurality of time windows and the expected location parameter; and
  
  executing a verification of the message as originating from the network-connected thing, based on the selecting.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the executing the verification includes determining that the message shares an expected time window of the plurality of time windows with a second message addressed as having been received from the network-connected thing and therefore exceeds an expected number of messages from the network-connected thing within the expected time window.
  - 13. The method of claim 11, wherein the executing the verification includes determining that the message is outside of an expected time window of the plurality of time windows, and thereafter treating the message as the potential spoofed message.
  - 14. The method of claim 11, wherein the executing the verification includes determining that the message either does not have the expected location parameter or shares the expected location parameter with a second message addressed as having been received from the network-connected thing, and thereafter treating the message as the potential spoofed message.
  - 15. The method of claim 11, comprising sending a backchannel message to the network-connected thing as part of the spoofing protection protocol and to verify an identity thereof.

16. A computer program product, the computer program product being tangibly embodied on a non-transitory computer-readable storage medium and comprising instructions that, when executed, are configured to cause at least one computing device to:
- store a spoofing protection protocol specifying at least one transmission characteristic of at least one message to be sent by a network-connected thing;
  
  receive, in accordance with the spoofing protection protocol, a message identified as originating from the network-connected thing and identified as potentially being a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing;
  
  select, based on the message and in accordance with the spoofing protection protocol, the at least one transmission characteristic as including one or both of an expected plurality of time windows in which messages from the network-connected thing are expected to be received and an expected location parameter of the network-connected thing;
  
  verify whether the at least one transmission characteristic complies with the spoofing protection protocol; and
  
  send, in a case where the transmission characteristic does not comply with the spoofing protection protocol, a backchannel message to the network-connected thing to verify an identify thereof.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein the instructions, when executed, are further configured to select one or both of the expected plurality of time windows and the expected location parameter for use in verification of the message, based on a previous verification of a preceding message from the network-connected thing.
  - 18. The computer program product of claim 16, wherein a second backchannel message is sent at an interval that is independent of receipt of the message.
  - 19. The computer program product of claim 16, wherein the backchannel message alters one or more parameter values of the at least one transmission characteristic.
  - 20. The computer program product of claim 16, wherein the instructions, when executed, are further configured to:
    - determine that the message does not possess the at least one transmission characteristic; and
      
      discard the message from use within the spoofing protection protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
EL KHOURY, Paul, KLING, Oliver

Granted Patent

US 9,985,945 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/1408   by monitoring network traff...

H04L 63/1466   Active attacks involving in...

H04L 67/12   specially adapted for propr...

SPOOFING PROTECTION PROTOCOL FOR NETWORK-CONNECTED THINGS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SPOOFING PROTECTION PROTOCOL FOR NETWORK-CONNECTED THINGS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links