Authenticated and metered flow control method

US 7,398,398 B2
Filed: 08/14/2002
Issued: 07/08/2008
Est. Priority Date: 03/16/2002
Status: Active Grant

First Claim

Patent Images

1. A communications control system, the system comprising:

an access point for coupling data packets to a network;

a computing subsystem for executing a first software application;

wherein the first software application comprises a user operative portion and a hidden program portion;

wherein the user operative portion provides for sending data packets for controlled transmission through the access point;

wherein the hidden program portion provides a security signal representative of the hidden program portion that is coupled to a controller for controlling coupling of the data packets via the access point to the network responsive to the security signal from the hidden program portion;

wherein the access point couples to the hidden program portion, information about ordering of a current data packet comprising at least one of;

a secure time-stamp, a sequence number signal, a sequence of security tags, a UTC (Universal Coordinated Time) signal, a sequence time-stamp generated responsive to a UTC (Universal Coordinated Time) signal; and

wherein the security signal is generated responsive to the ordering information about ordering of the current data packet and the hidden program portion.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authenticated and metered flow control method provides a network interface with the capability to determine the authenticity of programs used to generate and send data packets, thereby ensuring that users who send data packets are well behaved. The method is based on using a hidden program that was obfuscated into the program used for generating and sending data packets. More specifically, the hidden program generates a pseudo random sequence of security signals that are included in the sequence of data packets that are sent from the user to the network interface. Only the network interface knows how the pseudo random sequence of security signals was generated, and therefore, the network interface is able to check the validity of the pseudo random sequence of security signals, and thereby verify the authenticity of the programs used to generate and send data packets.

Citations

27 Claims

1. A communications control system, the system comprising:
- an access point for coupling data packets to a network;
  
  a computing subsystem for executing a first software application;
  
  wherein the first software application comprises a user operative portion and a hidden program portion;
  
  wherein the user operative portion provides for sending data packets for controlled transmission through the access point;
  
  wherein the hidden program portion provides a security signal representative of the hidden program portion that is coupled to a controller for controlling coupling of the data packets via the access point to the network responsive to the security signal from the hidden program portion;
  
  wherein the access point couples to the hidden program portion, information about ordering of a current data packet comprising at least one of;
  
  a secure time-stamp, a sequence number signal, a sequence of security tags, a UTC (Universal Coordinated Time) signal, a sequence time-stamp generated responsive to a UTC (Universal Coordinated Time) signal; and
  
  wherein the security signal is generated responsive to the ordering information about ordering of the current data packet and the hidden program portion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system as in claim 1, wherein the security signal authenticates that the first software application is properly executing its functions.
  - 3. The system as in claim 1, wherein the security signal is a digital signature which is derived from a UTC (Universal Coordinated Time) signal and is associated with at least one of the associated ones of the data packets and representative of the hidden program portion.
  - 4. The system as in claim 1, further comprising:
    - a UTC (Universal Coordinated Time) signal; and
      
      wherein the security signal is at least one of a digital signature, an encrypted value, and results of a cryptographic function and representative of the hidden program portion.
  - 5. The system as in claim 1, further comprising:
    - a mapping table;
      
      wherein the controller for controlling coupling is further responsive to the mapping table for associating the data packets with a priority class responsive to the security signal.
  - 6. The system as in claim 1, wherein the data packets are further comprised of a header portion and a payload portion;
    - wherein the security signal is part of at least one of the header portion and the payload portion.
  - 7. The system as in claim 5, wherein the data packets are further comprised of a header portion;
    - wherein the priority class is part of the header portion.
  - 8. The system as in claim 5, wherein the priority class is defined in accordance with at least one of the following:
    - differentiated services, DiffServ, IEEE 802.1p, class of service (CoS), time-driven priority.
  - 9. The system as in claim 1, further comprising:
    - a mapping table; and
      
      a flow identification (ID);
      
      wherein each flow ID is associated with at least one entry in the mapping table for determining a priority class;
      
      wherein the controller for controlling coupling is responsive to the priority class and the security signal.

10. A method of control of coupling of data packets via a network via an access point, the method comprising:
- providing a first software application comprising a user operative portion and a hidden program portion;
  
  executing the first software application on a computing subsystem;
  
  utilizing the user operative portion of the first software application program on the computing subsystem for sending data packets for transmission via the access point;
  
  utilizing the hidden program portion of the first software application on the computing subsystem for providing a security signal;
  
  controlling coupling of the data packets via the access point responsive to the security signal from the hidden program portion;
  
  coupling to the hidden program portion, information about ordering of a current one of the data packets, the information about ordering comprising at least one of a secure time-stamp, a sequence number signal, a sequence of security tags, a UTC (Universal Coordinated Time) signal, and a sequence time-stamp generated responsive to a UTC (Universal Coordinated Time) signal of the first software application from the access point, andgenerating the security signal responsive to the information about ordering of the current data packet and the respective hidden program portion; and
  
  providing a security signal representative of the hidden program portion couple to the controller for controlling the access point for coupling of respective associated ones of the data packets via the network.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method as in claim 10, further comprising:
    - utilizing the security signal to authenticate that the first software application is properly executing its functions.
  - 12. The method as in claim 10, further comprising:
    - deriving the security signal as a digital signature derived from a UTC (Universal Coordinated Time) signal and associated with at least one of the data packets and representative of the respective hidden program portion.
  - 13. The method as in claim 10, further comprising:
    - generating the secure time-stamp responsive to a UTC (Universal Coordinated Time) signal; and
      
      wherein the security signal is at least one of;
      
      a digital signature, an encrypted value, and results of a cryptographic function; and
      
      representative of the hidden program portion.
  - 14. The method as in claim 13, further comprising:
    - providing a UTC signal, wherein the security signal is a digital signature derived from a UTC signal and representative of the hidden program portion.
  - 15. The method as in claim 10, further comprising:
    - providing for a mapping table;
      
      providing a flow identification (ID) for each data packet;
      
      accessing at least one entry in the mapping table for each flow ID for determining a priority class; and
      
      enabling the coupling by the controller responsive to the priority class and the security signal.

16. A communications control system comprising, the system comprising:
- an access point for coupling data packets to a network;
  
  a first computing subsystem for executing a first software application;
  
  a second computing subsystem for executing a second software application;
  
  wherein each of the first software application and the second software application respectively comprise a respective user operative portion for controlling transmission through the access point by providing respective security signals;
  
  wherein the respective security signals of the first software application and the second software application are coupled to the access point;
  
  wherein each of the first software application and the second software application have a respective hidden program portion for providing respective security signals coupled to the access point, for sending of data packets;
  
  software application logic for sending the data packets between the respective first software application and the respective second software application responsive to the respective user operative portion; and
  
  a controller for controlling coupling of the respective data packets as between the respective first software application and the respective second software application via the access point, responsive to respective security signals from the respective hidden program portions of the respective first software application and the respective second software application.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The system as in claim 16 wherein a first security signal is produced utilizing the hidden program portion of the first software application, and a second security signal is produced utilizing the hidden program portion of the second software application, wherein the first security signal and the second security signal are coupled to the controller for controlling coupling of associated ones of the data packets.
  - 18. The system as in claim 17, wherein the first security signal authenticates the first software application and the second security signal authenticates the proper execution of functionality of the second software application.
  - 19. The system as in claim 17, wherein the first security signal and the second security signal are digital signatures derived from at least one of the associated ones of the data packets and representative of the hidden program portion of the respective first software application and the respective second software application.
  - 20. The system as in claim 17, wherein the access point couples a secure time-stamp to at least one of the hidden program portions of the respective first software application and the respective hidden program portion of the second software application,wherein at least one of the first security signal and the second security signal are generated responsive to the secure time-stamped and the hidden program portions.
  - 21. The system as in claim 20, wherein the secure time-stamp is generated responsive to a UTC (Universal Coordinated Time) signal.
  - 22. The system as in claim 19, further comprising:
    - a UTC signal; and
      
      wherein the digital signature is derived from the UTC signal utilizing the hidden program portion.

23. A communications control method, the method comprising:
- coupling data packets via an access point to a network;
  
  sending data packets for transmission through the access point responsive to a first software application executing on a first computing subsystem and a second software application executing on a second computing subsystem, each of the first software application and the second software application comprising a respective user operative portion and a respective hidden program portion;
  
  utilizing the respective user operative portion for sending the data packets between the first software application and the second software application;
  
  utilizing the respective hidden program portions of the first software application and the second software application for providing respective security signals; and
  
  controlling coupling of the respective data packets via the access point responsive to the respective security signals.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The method as in claim 23 further comprising:
    - coupling a first security signal representative of the hidden program portion of the first software application and a second security signal representative of the hidden program portion of the second software application to the controller for controlling the access point coupling of respective associated ones of the data packets.
  - 25. The method as in claim 24, further comprising:
    - authenticating the first software application is properly executing its functions responsive to the first security signal;
      
      authenticating the second software application responsive to the second security signal.
  - 26. The method as in claim 24, further comprising:
    - deriving the first security signal and the second security signal as digital signatures derived from at least one of the associated ones of the respective data packets and provided by utilizing the respective hidden program portion.
  - 27. The method as in claim 24, further comprising:
    - coupling a secure time-stamp to at least one of the hidden program portions of the first software application and the hidden program portion of the second software application, andgenerating at least one of the first security signal and the second security signal responsive to the secure time-stamp utilizing the hidden program portions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Attestwave LLC (Jeffrey M. Gross)
Original Assignee
Trustedflow Systems, Inc.
Inventors
Ofek, Yoram, Baldi, Mario
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Okoronkwo; Chinwendu C

Application Number

US10/218,830
Publication Number

US 20030177391A1
Time in Patent Office

2,155 Days
Field of Search

726/11, 726/13, 726/2, 713/154, 380/277
US Class Current

713/180
CPC Class Codes

G06F 21/14   against software analysis o...

H04L 47/10   Flow control; Congestion co...

H04L 47/193   at the transport layer, e.g...

H04L 47/27   Evaluation or update of win...

H04L 47/283   in response to processing d...

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

Y04S 40/20   Information technology spec...

Y10S 707/99939   Privileged access

Authenticated and metered flow control method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated and metered flow control method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links