Packet interception system including arrangement facilitating authentication of intercepted packets
First Claim
1. A packet verification system for verifying message packets intercepted over a network, the packet verification system comprising:
- A. a processed packet store configured to store a header and a series of processed message packets each processed message packet including a message packet and a hash value; and
B. a packet verification processor configured to, in verification of a selected one of said processed message packets in said series, process successive processed message packets prior thereto in the series, for each processed message packet, as a current processed message packet, the packet verification processor being configured to process the message packet of the current processed message packet and a hash value associated with a hash value associated with a previous processed message packet in the series in connection with a selected hash algorithm thereby to generate a hash value for the message packet, compare the generated hash value to the hash value associated with the current processed message packet and determine whether the message packet is verified based on the comparison.
3 Assignments
0 Petitions
Accused Products
Abstract
A packet interception system intercepts message packets transmitted from a packet source or to a packet destination, and processes them so as to facilitate verification of the contents and the sequence with which the message packets are intercepted, and for storing the processed message packets for later use. The packet interception system generates for each intercepted message packets respective hash values based on the respective intercepted message packet and the hash value generated for the previously-intercepted message packet, or, for the first intercepted message packet, a value that is provided to identify the session. To verify a previously-stored intercepted message packet, the packet interception system, or another device, using the same hash algorithm, can process the sequence of stored intercepted message packets up to and including the intercepted message packet to be verified, to and compare the hash value generated to the previously-generated hash value for each of the message packets. If the sequence of hash values so generated corresponds to the previously-stored sequence, both the integrity and the sequence of message packets is verified. In addition to the hash values, the packet interception system can, for selected ones of the intercepted message packets, generate digital signatures using any convenient encryption algorithm.
44 Citations
10 Claims
-
1. A packet verification system for verifying message packets intercepted over a network, the packet verification system comprising:
-
A. a processed packet store configured to store a header and a series of processed message packets each processed message packet including a message packet and a hash value; and
B. a packet verification processor configured to, in verification of a selected one of said processed message packets in said series, process successive processed message packets prior thereto in the series, for each processed message packet, as a current processed message packet, the packet verification processor being configured to process the message packet of the current processed message packet and a hash value associated with a hash value associated with a previous processed message packet in the series in connection with a selected hash algorithm thereby to generate a hash value for the message packet, compare the generated hash value to the hash value associated with the current processed message packet and determine whether the message packet is verified based on the comparison. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A packet verification method for verifying message packets intercepted over a network and stored in a processed packet store configured to store a header and a series of processed message packets each processed message packet including a message packet and a hash value verification of a selected one of said processed message packets in said series, the method comprising the steps of iteratively, up to the selected one of said processed message packets:
-
A. process, for a current one of said processed message packets, the message packet of the current processed message packet and a hash value associated with a hash value associated with a previous processed message packet in the series in connection with a selected hash algorithm to generate a hash value for the message packet;
B. compare the generated hash value to the hash value associated with the current processed message packet; and
C. determine whether the message packet is verified based on the comparison. - View Dependent Claims (7, 8, 9, 10)
-
Specification
-
- Resources
-
Current AssigneeNiksun, Inc.
-
Original AssigneeSandstorm Enterprises, Inc. (Niksun, Inc.)
-
InventorsGarfinkel, Simson L.
-
Primary Examiner(s)Pham, Chi
-
Assistant Examiner(s)Boakye, Alexander O.
-
Application NumberUS09/267,449Time in Patent Office1,768 DaysField of Search370/252, 370/394, 370/389, 370/401, 370/410, 370/349, 370/355, 370/356, 370/392, 370/395.32, 370/428, 370/488, 370/471, 370/497, 380/277, 380/2, 382/124, 713/153US Class Current370/392CPC Class CodesH04L 63/126 the source of the received ...H04L 63/306 intercepting packet switche...H04L 67/146 Markers for unambiguous ide...
