Trusted communications system
First Claim
1. An authentication system, the system comprising:
- a first computing subsystem providing execution of a first application and, providing generation of security tags responsive to authenticating the execution of the first application;
a second computing subsystem;
wherein the security tags are transmitted to the second computing subsystem;
wherein the second computing subsystem receives the security tags and locally generates local security tags and provides validation of the authenticating of the execution of the first application, by comparing the locally generated security tags with the security tags received from the first computing subsystem;
wherein the execution of the first application further comprises sending trusted data packets to the second computing subsystem, independently of the generation of the security tags; and
wherein the second computing subsystem determines which further processing to do to the received trusted data packets, responsive to the validation by the second computing subsystem of the authenticating of the execution of the first application.
4 Assignments
0 Petitions
Accused Products
Abstract
This invention discloses a method and system for communication that consist of an end station and a network interface, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The method is based on using a hidden program that was obfuscated and encrypted within the program that is used to generate and send data packets from the end station. The hidden program is being updated dynamically and it includes the functionality for generating a pseudo random sequence of security signals. Only the network interface knows how the pseudo random sequence of security signals were generated, and therefore, the network interface is able to check the validity of the pseudo random sequence of security signals, and thereby, verify the authenticity of the programs used to generate and send data packets. The method further comprises of means for coordinating the initialization of the end station and network interface.
221 Citations
41 Claims
-
1. An authentication system, the system comprising:
-
a first computing subsystem providing execution of a first application and, providing generation of security tags responsive to authenticating the execution of the first application; a second computing subsystem; wherein the security tags are transmitted to the second computing subsystem; wherein the second computing subsystem receives the security tags and locally generates local security tags and provides validation of the authenticating of the execution of the first application, by comparing the locally generated security tags with the security tags received from the first computing subsystem; wherein the execution of the first application further comprises sending trusted data packets to the second computing subsystem, independently of the generation of the security tags; and wherein the second computing subsystem determines which further processing to do to the received trusted data packets, responsive to the validation by the second computing subsystem of the authenticating of the execution of the first application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An authentication method, the method comprising:
-
executing a first application on a first computing subsystem; authenticating the execution of the first application; providing generation of security tags responsive to the authenticating of the executing of the first application; transmitting the security tags to a second computing subsystem; generating local security tags at the second computing subsystem; validating, at the second computing subsystem, the authenticating by comparing the transmitted security tags with the local security tags; sending trusted data packets to the second computing subsystem independently of the generation of security tags by executing of the first application; and determining, at the second computing subsystem, which further processing to do to the trusted data packets responsive to the validating at the second computing subsystem of the authenticating of the execution of the first application. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of authentication utilized between at least two computing elements, the method comprising:
-
generating a unique sequence of security tags, at a first computing element, responsive to authenticating executing a first application at the first computing element; sending a data package, from the first computing element to a second computing element, independently of the generating the unique sequence of security tags; wherein the data packet includes a security portion comprising at least one of;
none of the security tags and at least one of the security tags in the unique sequence of security tags;controlling communications data flow over a communications path responsive to the first computing element, to provide transmitting the data packet over the communications path; receiving the data packet and the security tags at the second computing element; authenticating the first application remotely in the second computing element responsive to validating the unique sequence of security tags received from the first computing element responsive to a compliance logic; wherein the compliance logic is responsive to the controlling of the communications data flow at the first computing element; processing the data packet at the second computing element to provide a validation result by authenticating the compliance logic by validating the respective security portion of the data packet responsive to analysis of the respective security portion and at least a portion of the data packet; and controlling communications data flow by controlling the transmitting of the data packet responsive to the validation result. - View Dependent Claims (22, 23, 24, 25)
-
-
26. An authentication system the system, comprising:
-
a plurality of individual computing elements, wherein at least a first one of the individual computing elements provides processing of data packets in accordance with a processing protocol; wherein each of the data packets has a defined payload; a tag generator providing security tag generation comprised of operating from an initial generator state to generate a unique sequence of security tags and providing association of respective ones of the security tags each with respective ones of the data packets for transmission; wherein the security tag generation is independent of the defined payload and is responsive to the processing of the data packets in accordance with the processing protocol; means providing for transmission of the data packets with the respective associated security tags; a tag verifier, operating responsive to the respective associated security tags, from an initial verification state, to generate a unique sequence of comparison security tags which are provided for selective comparison to the respective associated security tags; wherein the tag verifier provides for authenticating at a second one of the individual computing elements that the security tag generation in the first individual computing element is properly responsive to the processing of the data packets in accordance with the processing protocol at the first one of the individual computing elements; means for coordinating the initial generator state and the initial verifier state, prior to transmission of any of the data packets; wherein the tag verifier provides the unique sequence of comparison tags responsive to the means for coordinating; and wherein further data packet processing is provided at the second one of the individual computing elements responsive to the authenticating by the tag verifier. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A method providing authentication among a plurality of computing subsystems, the method comprising:
-
processing of data packets, in accordance with a first processing protocol, in at least a first one of the computing subsystems, wherein the data rackets are comprised of defined payloads; operating, from an initial generator state, for generating in the at least a first one of the computing subsystems, a unique sequence of generated security tags associated with respective ones of the data packets for transmission; wherein the generating of the unique sequence of security tags is responsive to the processing protocol, utilized in processing of the data packets with defined payloads, independently of the defined payloads; providing transmission of the data packets combined with associated ones of the generated security tags; operating from an initial verification state within at least a second one of the computing subsystems, to generate a sequence of comparison security tags; coordinating the initial generator state; and
the initial verifier stateproviding the comparison security tags responsive to the coordinating; comparing a respective one of the security tags with a respective one of the comparison security tags, to provide a comparison result; and selectively processing the data packets with the defined payloads on the second one of the computing subsystems responsive to the comparison result. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A system providing authenticating, the system comprising:
-
a first computing subsystem providing processing of data packets in accordance with a first processing protocol; wherein each of the data packets is comprised of a corresponding payload and a corresponding header; a tag generator, operating from an initial generator state, and responsive to the processing of the data packets independent of the corresponding payload, and in accordance with the first processing protocol, to provide security tag generation of a unique sequence of security tags and related information associated with respective ones of the corresponding headers of the respective data packets; means providing transmission of the data packets with the respective associated security tags; a tag verifier operating within a second computing subsystem, providing authentication that the security tag generation was properly responsive to the first processing protocol at the first computing subsystem, the tag verifier operating from an initial verification state to generate a unique sequence of comparison tags for selective comparison to respective ones of the security tags, responsive to the respective related information; and wherein the tag verifier provides authentication by comparing the respective comparison tags and the respective security tags for the respective data packets. - View Dependent Claims (39)
-
-
40. A method for providing authentication the method comprising:
-
processing data packets in a first computing subsystem in accordance with a first processing protocol; wherein each data packet is comprised of a corresponding payload and a corresponding header; operating, from an initial generator state, to generate, independent of the corresponding payload, a sequence of security tags and related information responsive to the processing of the data packets; providing transmission of the data packets with the respective associated security tags; operating, from an initial verification states to generate, in a second computing subsystem, a unique sequence of comparison tags, responsive to the respective related information; providing synchronization of the initial generator state and the initial verification state; providing a validation result authenticating that the processing at the first computing subsystem was done in accordance with the first processing protocol, responsive to comparing the respective comparison tags and the respective associated security tags for the respective data packets; and controlling the transmission responsive to the validation result. - View Dependent Claims (41)
-
Specification