Method and system for checking security of data received by a computer system within a network environment

US 5,991,401 A
Filed: 12/06/1996
Issued: 11/23/1999
Est. Priority Date: 12/06/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A method for checking security of data received by a computer system within a network environment, wherein said data is generated by a client computer system within said network environment, said method comprising the steps of:

decrypting an incoming encrypted packet received from a client computer system by utilizing a decryption key;

encrypting said decrypted incoming packet by utilizing an encryption key previously provided to said client computer system, wherein said encryption key is also assumed to be employed by said client computer system to encrypt said incoming encrypted packet;

determining whether or not a packet produced by said encrypting step is identical to said incoming encrypted packet; and

in response to a determination that a packet produced by said encrypting step is identical to said incoming encrypted packet, accepting said decrypted incoming packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for checking security of data received by a computer system within a network environment is disclosed. In accordance with a preferred embodiment of the present invention, an incoming packet from a client is first decrypted within a receiving communications adapter by utilizing a master decryption key. The decrypted incoming packet is then encrypted by utilizing an encryption key identical to an encryption key employed by the client. A determination is made as to whether or not a packet produced from the encryption is identical to the incoming packet. In response to a determination that a packet produced from the encryption is identical to the incoming packet, the decrypted incoming packet is forwarded to a system memory of the computer system. As such, any incoming packet that does not meet this criterion will be rejected as a security threat.

Citations

16 Claims

1. A method for checking security of data received by a computer system within a network environment, wherein said data is generated by a client computer system within said network environment, said method comprising the steps of:
- decrypting an incoming encrypted packet received from a client computer system by utilizing a decryption key;
  
  encrypting said decrypted incoming packet by utilizing an encryption key previously provided to said client computer system, wherein said encryption key is also assumed to be employed by said client computer system to encrypt said incoming encrypted packet;
  
  determining whether or not a packet produced by said encrypting step is identical to said incoming encrypted packet; and
  
  in response to a determination that a packet produced by said encrypting step is identical to said incoming encrypted packet, accepting said decrypted incoming packet.
- View Dependent Claims (2, 3, 4, 5, 15)
- - 2. The method according to claim 1, wherein said method further includes a step of rejecting said incoming encrypted packet, in response to a determination that a packet produced by said encrypting step is not identical to said incoming encrypted packet.
  - 3. The method according to claim 1, wherein said method further includes a step of providing an encryption key to a client computer system within said network environment.
  - 4. The method according to claim 3, wherein said method further includes a step of producing said incoming encrypted packet by said client computer system via said encryption key.
  - 5. The method according to claim 1, wherein said method is performed within a communications adapter of said computer system.
  - 15. The method according to claim 1, wherein said accepting step further includes a step of forwarding said decrypted incoming packet to a system memory of said computer system.

6. A computer system, within a network environment, capable of checking incoming data, said computer system comprising:
- a communications adapter coupled to said network environment;
  
  means for decrypting an incoming encrypted packet received from a client computer system by utilizing a decryption key;
  
  means for encrypting said decrypted incoming packet by utilizing an encryption key previously provided to said client computer system, wherein said encryption key is also assumed to be employed by said client computer system to encrypt said incoming encrypted packet;
  
  means for determining whether or not a packet produced by said encrypting step is identical to said incoming encrypted packet, within said communications adapter; and
  
  means for accepting said decrypted incoming packet within said communications adapter, in response to a determination that a packet produced by said encrypting step is identical to said incoming packet.
- View Dependent Claims (7, 8, 9)
- - 7. The computer system according to claim 6, wherein said computer system further includes a means for rejecting said incoming encrypted packet within said communications adapter, in response to a determination that a packet produced by said encrypting step is not identical to said incoming encrypted packet.
  - 8. The computer system according to claim 6, wherein said computer system further includes a means for providing an encryption key to a client computer system within said network environment.
  - 9. The computer system according to claim 6, wherein said accepting means further includes a means for forwarding said decrypted incoming packet from said communications adapter to a system memory of computer system.

10. A computer program product residing on a computer-usable medium for checking security of incoming data to a computer system within a network environment, said computer program product comprising:
- program code means for decrypting an incoming encrypted packet received from a client computer system by utilizing a decryption key;
  
  program code means for encrypting said decrypted incoming packet by utilizing an encryption key previously provided to said client computer system, wherein said encryption key is also assumed to be employed by said client computer system to encrypt said incoming encrypted packet;
  
  program code means for determining whether or not a packet produced by said encrypting step is identical to said incoming encrypted packet; and
  
  program code means for accenting said decrypted incoming packet, in response to a determination that a packet produced by said encrypting step is identical to said incoming encrypted packet.
- View Dependent Claims (11, 12, 13, 14, 16)
- - 11. The computer program product according to claim 10, wherein said computer program product further includes a program code means for rejecting said incoming encrypted packet, in response to a determination that a packet produced by said encrypting step is not identical to said incoming encrypted packet.
  - 12. The computer program product according to claim 10, wherein said computer program product further includes a program code means for providing an encryption key to a client computer system within said network environment.
  - 13. The computer program product according to claim 12, wherein said computer program product further includes a program code means for producing said incoming encrypted packet by said client computer system via said encryption key.
  - 14. The computer program product according to claim 10, wherein said computer program product is utilized within a communications adapter of said computer system.
  - 16. The computer program product according to claim 10, wherein said program code means for accepting further includes a program code means for forwarding said decrypted incoming packet to a system memory of said computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Escamilla, Terry Dwain, Neal, Danny Marvin, Daniels, Scott Leonard, Ng, Yat Hung
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
DARROW, JUSTIN T

Application Number

US08/761,548
Time in Patent Office

1,082 Days
Field of Search

380/21, 380/23, 380/25, 380/30, 380/49, 380/50
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 2211/007   Encryption, En-/decode, En-...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0464   using hop-by-hop encryption...

H04L 9/32   including means for verifyi...

Method and system for checking security of data received by a computer system within a network environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for checking security of data received by a computer system within a network environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links