Management of trusted flow system

US 7,305,704 B2
Filed: 08/14/2002
Issued: 12/04/2007
Est. Priority Date: 03/16/2002
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A system for validating proper execution of software modules on a computing subsystem at a remote location, the system comprising:

means for validating proper execution of respective software modules via messages that flow from a respective remote location via a flow of communication of security tags, the means for validating further comprising at least one a trusted flow generator (TFG) subsystem, each comprising trusted software for executing on a first computing subsystem at a remote network location;

at least one validating location comprising a second computing subsystem executing trusted tag checker software to provide a trusted tag checker (TTC) subsystems;

wherein each of the respective TFG subsystems locally generates a sequence of security tags, responsive to compliance logic that generates a valid sequence of security taps responsive only to proper execution of each said respective software module;

a communications network for coupling the locally generated security tags, between the TFG subsystems, and the respective TTC subsystems;

wherein the TFG subsystems is comprised of logic providing for execution of the respective software modules responsive to rules of transmission and for generating the sequence of the security tags;

wherein the TTC subsystem provides logic operating on the second computing subsystem providing for locally providing its own sequence of security tags on the TTC subsystem; and

wherein the TTC subsystem thereafter provides for validating proper execution of the respective software modules responsive to comparing the sequence of locally provided security tags as against the sequence of security tags generated by the respective TFG subsystem at the respective remote node location, wherein the TTC subsystem validates proper execution, without variation, of the respective software modules at the respective remote node location, responsive to the comparing.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

This invention discloses a method and system for detecting and reacting to unexpected communications patterns. The system consists of a plurality of end stations and a plurality of network interfaces, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The system further consists of a plurality of secure management servers, which continuously exchange management messages with the network interfaces. Consequently, the secure management servers have the information for detecting unexpected communications patterns. The method allows the control of end stations, and when an unexpected communication pattern is detected, selectively only packets from authenticated programs can be allowed to be transmitted.

29 Citations

View as Search Results

85 Claims

1. A system for validating proper execution of software modules on a computing subsystem at a remote location, the system comprising:
- means for validating proper execution of respective software modules via messages that flow from a respective remote location via a flow of communication of security tags, the means for validating further comprising at least one a trusted flow generator (TFG) subsystem, each comprising trusted software for executing on a first computing subsystem at a remote network location;
  
  at least one validating location comprising a second computing subsystem executing trusted tag checker software to provide a trusted tag checker (TTC) subsystems;
  
  wherein each of the respective TFG subsystems locally generates a sequence of security tags, responsive to compliance logic that generates a valid sequence of security taps responsive only to proper execution of each said respective software module;
  
  a communications network for coupling the locally generated security tags, between the TFG subsystems, and the respective TTC subsystems;
  
  wherein the TFG subsystems is comprised of logic providing for execution of the respective software modules responsive to rules of transmission and for generating the sequence of the security tags;
  
  wherein the TTC subsystem provides logic operating on the second computing subsystem providing for locally providing its own sequence of security tags on the TTC subsystem; and
  
  wherein the TTC subsystem thereafter provides for validating proper execution of the respective software modules responsive to comparing the sequence of locally provided security tags as against the sequence of security tags generated by the respective TFG subsystem at the respective remote node location, wherein the TTC subsystem validates proper execution, without variation, of the respective software modules at the respective remote node location, responsive to the comparing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 2. The system as in claim 1, wherein each of the TTC subsystems sends and receives messages and selectively generates a comparison tag for comparison to the security tag for each respective one of the data packets;
    - andwherein the plurality of TFG subsystems and the plurality of TTC subsystems exchange predefined messages.
  - 3. The system as in claim 2, wherein at least one of the TTC subsystem sends a count message that provides a report of a count of how many TFG subsystems are coupled for transmission of the data packets to the respective at least one of the TTC subsystems.
  - 4. The system as in claim 3, wherein the TTC subsystems upon receiving the count messages from at least one of the TTC subsystems sum them up into a TTC count.
  - 5. The system as in claim 4, wherein responsive to the TTC count exceeding a predefined threshold the TTC subsystem sends a notification message to a secure management server (SMS) subsystem.
  - 6. The system as in claim 5, wherein responsive to the notification message the SMS subsystem sends a disable message to selected ones of the TTC subsystems.
  - 7. The system as in claim 2, wherein a secure management server (SMS) subsystem sends an update information to the rules of transmission and security tag generation of selected one of the TFG subsystems.
  - 8. The system as in claim 2, wherein a secure management server (SMS) subsystem sends renewal information to the rules of transmission and security tag generation of selected one of the TFG subsystems.
  - 9. The system as in claim 2, wherein there are a first group of the data packets which are communicated with respective ones of the security tags;
    - andwherein there are a second group of the data packets which are communicated without respective ones of the security tags.
  - 10. The system as in claim 2, wherein a secure management server (SMS) subsystem sends and receives management messages.
  - 11. The system as in claim 2, wherein a secure management server (SMS) subsystem further comprising of a plurality of management modules;
    - wherein selected ones of the plurality of management modules operate on at least one of a dedicated computing subsystem, and a TTC subsystem.
  - 12. The system as in claim 2, further comprising:
    - wherein at least one of a plurality of security management servers (SMS) is coupled to the communication network which sends and receives messages; and
      
      wherein the respective SMS is responsive to the received messages for controlling the flow of the data packets on the communications network.
  - 13. The system as in claim 12, wherein there are a plurality of TTC subsystems, each of which provides a respective report count message;
    - andwherein the at least one SMS subsystem is responsive to the report count messages from the plurality of TTC subsystems for controlling flow of the data packets in the communications network.
  - 14. The system as m claim 13, wherein the SMS subsystem is disabling and enabling the flow of the data packets responsive to the report count messages.
  - 15. The system as in claim 13, wherein the SMS subsystem provides for limiting to a predefined number the flow of the data packets responsive to the report count messages.
  - 16. The system as in claim 13, wherein the SMS subsystem provides for selectively disabling and enabling at least one of:
    - a first group of the data packets and a second group of the data packets.
  - 17. The system as in claim 16, wherein the first group of the data packets is originated from a set of premium users.
  - 18. The system as in claim 13, wherein the SMS subsystem is limiting to a predefined number at least one of:
    - a first group of the data packets and a second group of the data packets.
  - 19. The system as in claim 12, wherein the SMS monitors the received messages from the TTC subsystems to detect an attack pattern responsive to attack analysis logic.
  - 20. The system as in claim 19, wherein the attack analysis logic is responsive to input from at least one of:
    - type of data packets sent by the TFG subsystems, type of data packets received by the TTC subsystems, number of data packets sent by the TFG subsystems, rate of data packets sent by the TFG subsystems, number of data packets received by the TTC subsystems, rate of data packets received by the TTC subsystems, sources of data packets sent by the TFG subsystems, sources of data packets received by the TTC subsystems, destinations of data packets sent by the TFG subsystems, destinations of data packets received by the TTC subsystems, routes of data packets sent by the TFG subsystems, and routes of data packets received by the TTC subsystems.
  - 21. The system as in claim 20, wherein the attack analysis logic is responsive to the input for determining selected control messages to be sent to respected ones of the plurality of the TTC subsystems and respected ones of the plurality of the TFG subsystems.
  - 22. The system as in claim 20, wherein the attack analysis logic, responsive to the input, determines an attack location.
  - 23. The system as in claim 22, wherein the attack analysis logic sends selected control messages responsive to the attack location.
  - 24. The system as in claim 23, wherein the selected control messages determine for each of the TTC subsystems at least one of:
    - disabling the first group of the data packets, disabling the second group of the data packets, enabling the first group of the data packets, enabling the second group of the data packets, limiting the first group of the data packets, and limiting the second group of the data packets.
  - 25. The system as in claim 21, wherein the selected control messages provide for at least one of:
    - disabling the first group of the data packets, disabling the second group of the data packets, enabling the first group of the data packets, enabling the second group of the data packets, limiting the first group of the data packets, and limiting the second group of the data packets.
  - 26. The system as in claim 21, wherein the selected control messages determine for each of the TFG subsystems at least one of:
    - disabling the first group of the data packets, disabling the second group of the data packets, enabling the first group of the data packets, enabling the second group of the data packets, limiting the first group of the data packets, and limiting the second group of the data packets.
  - 27. The system as in claim 21, wherein the selected control messages determine for each of the TTC subsystems at least one of:
    - disabling the first group of the data packets, disabling the second group of the data packets, enabling the first group of the data packets, enabling the second group of the data packets, limiting the first group of the data packets, and limiting the second group of the data packets.
  - 28. The system as in claim 2, wherein the send and receive messages contain at least one of:
    - an authentication field, a digital signature field, a time-stamp field, an encrypted field, an encrypted portion of the message, and a keying information field.
  - 29. The system as in claim 1, wherein the TFG subsystem is further comprised of a TFG challenge controller comprising a communication subsystem for interaction with users and programs that produce inputs for packet processing.
  - 30. The system as in claim 29, wherein the communication subsystem sends a challenge message to the users and the programs that produce the inputs for packet processing.
  - 31. The system as in claim 30, wherein the challenge message is comprised of at least one of:
    - a cryptographic field, an encryption field, a clear text field, a request for users to perform a task using a keyboard, a request for users to perform a task using a mouse, a request for users to perform a task using a biometrics reader, a request for users to perform a task using a terminal input function, requesting an answer to a verbal question, requesting an answer to an audiovisual question, requesting an answer to a previously stored data item, requesting an answer related to published information within the user and the program computing subsystems, requesting payment, requesting digital form of payment, requesting a credit card number, requesting information retrievable from a smart card, requesting information retrievable from a portable device, an activation of a sensor enabling the receipt of sensory information, and requesting information based on means of computing received from the TTC subsystem.
  - 32. The method as in claim 1, wherein the TFG challenge controller receives a response message from users and programs that produce input for packet processing.
  - 33. The system as in claim 32, wherein the response message is comprised of at least one of:
    - a cryptographic field, an encryption field, a clear text field, a response to a request for users to perform a task using a keyboard, a response to a request for users to perform a task using a mouse, a response to a request for users to perform a task using a biometrics reader, a response to a request for users to perform a task using a terminal input function, a response to a message requesting an answer to a verbal question, a response to a message requesting an answer to an audiovisual question, a response to a message requesting an answer to a previously stored data item, a response to a message requesting an answer related to published information within the user and the program computing subsystems, a response with payment, a response with a digital form of payment, a response with a credit card number, a response with information retrievable from a smart card, a response with information retrievable from a portable device, a response with a signal, a response with a radio signal, a response with a wireless signal, a response with an RE information, a response with an IR information, response with sensory information, response with audio information, response with olfactory information,and an answer to a message requesting information based on means of computing received from the SMS subsystem.
  - 34. The system as in claim 1, wherein the TFG challenge controller provides for user and program input to be used in packet processing responsive to a response message received from a user and a program.
  - 35. The system as in claim 1, wherein the TFG challenge controller does not allow user and program input to be used in packet processing responsive to a response message received from user and program.
  - 36. The system of claim 33, wherein the TFG subsystems selectively generates data packets with security tags responsive to the response messages.
  - 37. The system as in claim 36, wherein the TTC subsystem validates the security tags responsive to the TFG subsystem.
  - 38. The system as in claim 37, further comprising:
    - means for mapping the data packet with security tags to a first communications class of service responsive to the validating the respective security tags; and
      
      means for mapping the data packet to a second communications class of service responsive to a failure of the validating of the security tags.
  - 39. The system as in claim 38, wherein the first communications class of service is coupling the data packet for further communication therefrom.
  - 40. The system as in claim 39, wherein the second communications class of service is denial of further communication therefrom.
  - 41. The system as in claim 39, wherein the second communications class of service is local storage without further transmission.
  - 42. The system as in claim 39, wherein the second communications class of service is at a lower priority level than the first communications class of service.
  - 43. The system as in claim 42, wherein the priorities are determined responsive to set bits within the security tag.

44. A method for validating proper execution of software modules at a remote location, the method comprising:
- executing trusted software on a first computing subsystem providing a TFG subsystem, at a remote node location;
  
  generating a sequence of security tags, responsive to compliance logic that generates a valid sequence of security tags responsive only to proper execution of each said respective software module;
  
  validating the execution of respective software modules, from said remote node location, at said at least one validating location, each said validating location comprised of trusted tag checker software executing on a second computing subsystem to provide a trusted tag checker (TTC) subsystem;
  
  providing for execution of the respective software modules on the TFG subsystem, responsive to rules of transmission for generating a respective sequence of security tags; and
  
  coupling the respective sequence of security tags generated by the TFG subsystem to the trusted tag checker (TTC) subsystem;
  
  locally providing from each said respective TTC subsystem, a TTC sequence of security tags associated with proper execution of the respective software modules responsive to rules of transmission for generating the sequence of security tags; and
  
  validating at the TTC subsystem, proper execution without variation of the respective software modules at the respective remote node location, responsive to validating the TTC sequence of security tags provided by the TTC subsystem relative to the sequence of security tags generated by the TFG subsystem.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85)
- - 45. The method as in claim 44, wherein the sending and receiving messages is from at least one trusted flow generator (TFG) subsystem, the method further comprising:
    - sending and receiving messages and selectively generating a comparison tag for comparison to the security tag for each respective one of the security tags, in at least one trusted tag checker (TTC) subsystem.
  - 46. The method as in claim 45, further comprising:
    - sending a count message from at least one of the TTC subsystems that provides a report of a count of how many TFG subsystems are coupled for transmission of the security tags to the respective at least one of the TTC subsystems.
  - 47. The method as in claim 46, further comprising:
    - receiving the count messages from at least one of the TTC subsystems; and
      
      summing up the count messages into a TTC count.
  - 48. The method as in claim 47, further comprising:
    - sending a notification message responsive to the TTC count exceeding a predefined threshold.
  - 49. The method as in claim 48, further comprising:
    - sending a disable message to selected ones of the TTC subsystems responsive to the notification message.
  - 50. The method as in claim 45, further comprising:
    - sending update information to the rules of transmission and security tag generation of selected one of the TFG subsystems.
  - 51. The method as in claim 45, further comprising:
    - sending renewal information to the rules of transmission and security tag generation of selected one of the TFG subsystems.
  - 52. The method as in claim 45, further comprising:
    - communicating a first group of the-data packets with respective ones of the security tags; and
      
      communicating a second group of the-data packets without respective ones of the security tags.
  - 53. The method as in claim 45, wherein at least one secure management server (SMS) subsystems sends and receives management messages.
  - 54. The method as in claim 45, wherein a secure management server (SMS) subsystem is further comprised of a plurality of management modules;
    - wherein selected ones of the plurality of management modules operate on at least one of;
      
      a dedicated computing subsystem, one of the TTC subsystems.
  - 55. The method as in claim 45, further comprising:
    - coupling to the communication network, for sending and receiving messages; and
      
      controlling the flow of the data packets on the communications network responsive to the received messages.
  - 56. The method as in claim 55, wherein there are a plurality of the TTC subsystems, each of which provides a respective report count message;
    - the method further comprising;
      
      controlling flow of the security tags in the communications network responsive to the report count messages from the plurality of the TTC subsystems.
  - 57. The method as in claim 56, further comprising:
    - disabling and enabling the flow of the security tags responsive to the report count messages.
  - 58. The method as in claim 56, further comprising:
    - limiting to a predefined number the flow of the security tags responsive to the report count messages.
  - 59. The method as in claim 56, further comprising:
    - disabling and enabling at least one of;
      
      a first group of the security tags and a second group of the security tags.
  - 60. The method as in claim 59, wherein the first group of the security tags originated from a set of premium users.
  - 61. The method as in claim 56, further comprising:
    - limiting to a predefined number at least one of;
      
      a first group of the security tags and a second group of the security tags.
  - 62. The method as in claim 55, further comprising:
    - monitoring the received messages from the TTC subsystems to detect an attack pattern responsive to the attack analysis logic.
  - 63. The method as in claim 62, wherein the attack analysis logic gets as input at least one of:
    - type of data packets sent by the TFG subsystems, type of data packets received by the TTC subsystems, number of data packets sent by the TFG subsystems, rate of data packets sent by the TFG subsystems, number of data packets received by the TTC subsystems, rate of data packets received by the TTC subsystems, sources of data packets sent by the TFG subsystems, sources of data packets received by the TTC subsystems, destinations of data packets sent by the TFG subsystems, destinations of data packets received by the TTC subsystems, routes of data packets sent by the TFG subsystems, and routes of data packets received by the TTC subsystems.
  - 64. The method as in claim 63, further comprising:
    - determining selected control messages to be sent to respective ones of the plurality of the TTC subsystems and respective ones of the plurality of the TFG subsystems by the attack analysis logic responsive to its input.
  - 65. The method as in claim 63, further comprising:
    - determining an attack location responsive to the input to the attack analysis logic.
  - 66. The method as in claim 65, further comprising:
    - sending selected control messages from the attack analysis logic responsive to the attack location.
  - 67. The method as in claim 66, wherein the selected control messages determine for each of the TTC subsystems at least one of:
    - disabling the first group of the data packets, disabling the second group of the data packets, enabling the first group of the data packets, enabling the second group of the data packets, limiting the first group of the data packets, and limiting the second group of the data packets.
  - 68. The method as in claim 64, wherein the selected control messages determine at least one of:
    - disabling the first group of the data packets, disabling the second group of the data packets, enabling the first group of the data packets, enabling the second group of the data packets, limiting the first group of the data packets, and limiting the second group of the data packets.
  - 69. The method as in claim 64, wherein the selected control messages determine for each TFG subsystem at least one of:
    - disabling the first group of the data packets, disabling the second group of the data packets, enabling the first group of the data packets, enabling the second group of the data packets, limiting the first group of the data packets, and limiting the second group of the data packets.
  - 70. The method as in claim 64, wherein the selected control messages determine for each TTC subsystem at least one of:
    - disabling the first group of the data packets, disabling the second group of the data packets, enabling the first group of the data packets, enabling the second group of the data packets, limiting the first group of the data packets, and limiting the second group of the data packets.
  - 71. The method as in claim 45, wherein the send and receive messages contain at least on of:
    - an authentication field, a digital signature field, a time-stamp field, an encrypted field, an encrypted portion of the message, and a keying information field.
  - 72. The method as in claim 44, further comprising:
    - controlling interaction with users and programs that produce inputs for packet processing via a TFG challenge controller communication subsystem that sends a challenge message to the users and the programs that produce the inputs for packet processing.
  - 73. The method as in claim 72, wherein challenge message comprising at least one of:
    - a cryptographic field, an encryption field, a clear text field, a request for users to perform a task using a keyboard, a request for users to perform a task using a mouse, a request for users to perform a task using a biometrics reader, a request for users to perform a task using a terminal input function, requesting an answer to a verbal question, requesting an answer to an audiovisual question, requesting an answer to a previously stored data item, requesting an answer related to published information within the user and the program computing subsystems, requesting payment, requesting digital form of payment, requesting a credit card number, requesting information retrievable from a smart card, requesting information retrievable from a portable device, an activation of a sensor enabling the receipt of sensory information, and requesting information based on means of computing received from the SMS subsystem.
  - 74. The method as in claim 72, wherein the TFG challenge controller receives a response message from users and programs that produce input for packet processing.
  - 75. The method as in claim 74, wherein the response message is comprised of at least one of:
    - a cryptographic field, an encryption field, a clear text field, a response to a request for users to perform a task using a keyboard, a response to a request for users to perform a task using a mouse, a response to a request for users to perform a task using a biometrics reader, a response to a request for users to perform a task using a terminal input function, a response to a message requesting an answer to a verbal question, a response to a message requesting an answer to an audiovisual question, a response to a message requesting an answer to a previously stored data item, a response to a message requesting an answer related to published information within the user and the program computing subsystems, a response with payment, a response with a digital form of payment, a response with a credit card number, a response with information retrievable from a smart card, a response with information retrievable from a portable device, a response with a signal, a response with a radio signal, a response with a wireless signal, a response with an RF information, a response with an IR information, response with sensory information, response with audio information, response with olfactory information, and an answer to a message requesting information based on means of computing received from the SMS subsystem.
  - 76. The method as in claim 72, further comprising:
    - utilizing user and program input in packet processing responsive to a response message received from a user and a program.
  - 77. The method as in claim 72, further comprising:
    - preventing utilization of user and program input in packet processing responsive to a response message received from a user and a program.
  - 78. The method of claim 75, further comprising:
    - selectively generating data packets with security tags responsive to the response messages.
  - 79. The method as in claim 78, further comprising:
    - validating the data packet by analyzing the security tag responsive to receiving the data packet.
  - 80. The method as in claim 79, further comprising:
    - mapping the data packet with security tags to a first communications class of service responsive to the validating the data packet and verifying the respective security tag; and
      
      mapping the data packet to a second communications class of service responsive to the validating the data packet with security tags resulting in failed verifying of the security tag.
  - 81. The method as in claim 80, further comprising:
    - coupling the data packet for further communication therefrom in the first communications class of service.
  - 82. The method as in claim 81, further comprising:
    - denying further communication therefrom in the second communications class of service.
  - 83. The method as in claim 81, further comprising:
    - providing local storage of the data packet without further transmission in the second communications class of service.
  - 84. The method as in claim 81, further comprising:
    - providing the second communications class of service at a lower priority level than the first communications class of service.
  - 85. The method as in claim 84, further comprising:
    - determining relative priorities of the first and the second communications class of service responsive to set bits within the data packet.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Attestwave LLC (Jeffrey M. Gross)
Original Assignee
Trustedflow Systems, Inc.
Inventors
Ofek, Yoram, Yung, Marcel Mordechay
Primary Examiner(s)
Song; Hosuk

Application Number

US10/219,380
Publication Number

US 20030177383A1
Time in Patent Office

1,938 Days
Field of Search

726/5, 726/22, 726/29, 726 1- 2, 726 13- 15, 713/168, 713/176, 713/178, 380/46
US Class Current

726/15
CPC Class Codes

G06F 21/14   against software analysis o...

H04L 47/10   Flow control; Congestion co...

H04L 47/193   at the transport layer, e.g...

H04L 47/27   Evaluation or update of win...

H04L 47/283   in response to processing d...

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

Y04S 40/20   Information technology spec...

Y10S 707/99939   Privileged access

Management of trusted flow system

First Claim

3 Assignments

Litigations

0 Petitions

Accused Products

Abstract

29 Citations

85 Claims

Specification

Solutions

Use Cases

Quick Links

Management of trusted flow system

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

85 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links