Trusted flow and operation control method
First Claim
1. A method of providing controlled communication, the method comprising:
- processing of data within a first computing system in accordance with a first defined logic;
generating a first security tag independent of the first data packets, responsive to validating the processing, within the first computing system, occurring in accordance with a second defined logic;
wherein the generating of the first security tag is unrelated to content of the first data packet,transmitting the first security tag as an output from the first computing system onto a communications path in accordance with the defined rules of transmission for coupling to a second computing subsystem;
transmitting a first data packet, after the transmitting of the first security tag, as an output from the first computing system onto a communications path in accordance with defined rules of transmission;
validating the first security tag responsive to independent generation in the second computing system therein of a second security tag; and
controlling communications with the first computing system responsive to the validating the first security tag responsive to the generation of the second security tag.
5 Assignments
0 Petitions
Accused Products
Abstract
The objective of this invention is to ensure that programs that generate and send data packets are well behaved. This invention discloses a method and system that consist of an end station and a network interface, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The method is based on using a hidden program that was obfuscated within the program that is used to generate and send data packets from the end station. The hidden program is being updated dynamically and it includes the functionality for generating a pseudo random sequence of security signals. Only the network interface knows how the pseudo random sequence of security signals were generated, and therefore, the network interface is able to check the validity of the pseudo random sequence of security signals, and thereby, verify the authenticity of the programs used to generate and send data packets.
-
Citations
92 Claims
-
1. A method of providing controlled communication, the method comprising:
-
processing of data within a first computing system in accordance with a first defined logic; generating a first security tag independent of the first data packets, responsive to validating the processing, within the first computing system, occurring in accordance with a second defined logic; wherein the generating of the first security tag is unrelated to content of the first data packet, transmitting the first security tag as an output from the first computing system onto a communications path in accordance with the defined rules of transmission for coupling to a second computing subsystem; transmitting a first data packet, after the transmitting of the first security tag, as an output from the first computing system onto a communications path in accordance with defined rules of transmission; validating the first security tag responsive to independent generation in the second computing system therein of a second security tag; and controlling communications with the first computing system responsive to the validating the first security tag responsive to the generation of the second security tag. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method of providing controlled communications, the method comprising:
-
generating a first computing system a respective generated security tag vector generated responsive to processing of the data within the first computing system according to a first defined logic; generating a local security tag vector within second computing system, responsive to a second defined logic; receiving data packets for local storage in the first computing system; controlling one of quality and class of service for communication of data packets responsive to the comparing of the local security tag vector to the generated security tag vector; and wherein the generated security tag vector and the local security tag vector are generated independent of the content of the data packets. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A system providing controlled communication of a first computing subsystem, the system comprising:
-
processing logic within the first computing subsystem providing processing in accordance with first defined rules; tag logic within the first computing subsystem providing generation a first security tag responsive to validating the processing in accordance with the first defined rules; wherein the first computing subsystem transmits the first security tag onto a communications path in accordance with defined rules of transmission; wherein the first computing subsystem transmits the first data packet onto a communications path in accordance with the defined rules of transmission; wherein the generating the first security tag is unrelated to content of the first data packet; and a second computing system, wherein the second computing subsystem receives the first security tag from the communications path; wherein the second computing subsystem validates the first security tag on the second computing system, responsive to second defined rules; and wherein the second computing subsystem controls communications between the first computing subsystem and the second computing subsystem, responsive to validating the first security tag. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85)
-
-
86. A system providing controlled signaling between separate computing subsystems, the system comprising:
-
first computing logic at a first computing subsystem, providing processing to provide a first defined operation responsive to first defined logic; tag logic providing generation of a first security tag vector in the first computing logic responsive to validating the processing at the first computing logic in accordance with the first defined logic; wherein the second computing subsystem receives the first security tag vector from the communications path; wherein the second computing subsystem validates the processing at the first computing subsystem by processing the first security tag vector in accordance with a second defined logic, to provide verification of integrity of the first security tag vector; and wherein the second computing subsystem controls communications between the first computing subsystem and the second computing subsystem, responsive to the verification of integrity of the first security tag vector. - View Dependent Claims (87, 88, 89, 90, 91, 92)
-
Specification