Method and apparatus for providing secure network communications
First Claim
1. A method for preventing completed reception of an unauthorized packet by a network adaptor comprising:
- beginning to receive a packet from a communication channel;
using a count value and a value bit vector (VBV) to compare data in said packet at said count value to said value bit vector;
completing reception of said packet if said compare indicates that data in said packet matches said value bit vector; and
aborting reception of said packet without passing said packet to higher layer software if said compare indicates that data in said packet does not match said value bit vector.
6 Assignments
0 Petitions
Accused Products
Abstract
A data pattern enforcer provides secure network communications at an adaptor layer by comparing transmitted and received packets to a set of rules to verify that said packets are appropriately being transmitted or received. The data pattern enforcer prevents application or other software with access to an adaptor on a network from using the adaptor for packet sniffing or spoofing. In a specific embodiment, the data pattern enforcer verifies packets at the layer 2 adaptor level using a value bit vector (which may be alterable or may be preset to a value, including to zero), a count value, and a mask to compare to data found in packets.
-
Citations
24 Claims
-
1. A method for preventing completed reception of an unauthorized packet by a network adaptor comprising:
-
beginning to receive a packet from a communication channel; using a count value and a value bit vector (VBV) to compare data in said packet at said count value to said value bit vector; completing reception of said packet if said compare indicates that data in said packet matches said value bit vector; and aborting reception of said packet without passing said packet to higher layer software if said compare indicates that data in said packet does not match said value bit vector. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for preventing completed transmission of an unauthorized packet by an adaptor card comprising:
-
receiving a packet to transmit from a higher layer protocol; beginning to transmit a packet on a communication channel; using a count value and a value bit vector (VBV) to compare data in said packet at said count value to said value bit vector; if said compare indicates that data in said packet matches said value bit vector, completing transmission of said packet; and if said compare indicates that data in said packet does not match said value bit vector, aborting transmission of said packet. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method for preventing completed reception of an unauthorized packet by a network adaptor comprising:
-
beginning to receive a packet from a communication channel; applying a rule to said packet at a packet reception layer; completing reception of said packet if said rule indicates that said packet is valid; and aborting reception of said packet without passing said packet to higher layer software if said rule indicates that said packet is not valid.
-
-
18. A method for preventing completed transmission of an unauthorized packet by an adaptor card comprising:
-
receiving a packet to transmit from a higher layer protocol; applying a rule to said packet at a packet transmission layer; completing transmission of said packet if said rule indicates that said packet is valid; and aborting transmission of said packet if said rule indicates that said packet is not valid.
-
-
19. An adaptor driver for use in an end system comprising:
-
an application interface for passing packets between a network and higher network layers; a set of adaptor layer packet verification rules; a data pattern enforcer for applying said rules to packets at the adaptor layer; and a network interface for communicating packets on a network.
-
-
20. A method for preventing completed reception of an unauthorized packet by a network adaptor comprising:
-
beginning to receive a packet from a communication channel; using a count value and a value bit vector to apply a simple validation rule to packet values in said packet at said count value; completing reception of said packet if said simple validation rule indicates that data in said packet is valid; and aborting reception of said packet without passing said packet to higher layer protocols if said simple validation rule indicates that data in said packet is not valid. - View Dependent Claims (21, 22, 23, 24)
-
Specification