Authenticity of communications traffic

US 7,483,423 B2
Filed: 03/30/2005
Issued: 01/27/2009
Est. Priority Date: 03/30/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method capable of storing information in a packet, comprising:

performing a data integrity operation over one selectable portion of the packet to calculate an integrity check value using a secret key, wherein the one selectable portion of the packet includes a Virtual Local Area Network (VLAN) field, an Internet Protocol (IP) field, and a Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) field; and

performing a data transformation operation over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet, wherein the another selectable portion of the packet is a data field;

wherein the data transformation operation comprises a reversible operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a techniques for storing information in a packet. A data integrity operation is performed over one portion of the packet to calculate an integrity check value using a secret key. The data transformation operation is performed over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet.

Other embodiments are described and claimed.

Citations

26 Claims

1. A method capable of storing information in a packet, comprising:
- performing a data integrity operation over one selectable portion of the packet to calculate an integrity check value using a secret key, wherein the one selectable portion of the packet includes a Virtual Local Area Network (VLAN) field, an Internet Protocol (IP) field, and a Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) field; and
  
  performing a data transformation operation over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet, wherein the another selectable portion of the packet is a data field;
  
  wherein the data transformation operation comprises a reversible operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein data in a data field of the packet is encrypted before the data transformation operation is performed.
  - 3. The method of claim 1, wherein data in a data field of the packet is encrypted after the data transformation operation is performed.
  - 4. The method of claim 1, further comprising:
    - receiving the packet;
      
      performing the data integrity operation over the one portion of the packet to calculate the integrity check value; and
      
      performing the data transformation operation over the other portion of the packet to retrieve data from the packet using the calculated integrity check value.
  - 5. The method of claim 4, further comprising:
    - performing a data integrity check to verify whether the retrieved data in the packet was modified during transmission.
  - 6. The method of claim 1, wherein the secret key is negotiated between a first computing device transmitting the packet and a second computing device receiving the packet.
  - 7. The method of claim 1, wherein a field of the packet includes one or more tags that are capable of identifying a secret key used to calculate the integrity check value, the data transformation operation, and one or more portions of the packet to be used for the data transformation operation.
  - 8. The method of claim 1, wherein a field of the packet includes one or more tags that are capable of providing additional identity information, security posture information, and role information, which may be leveraged by a recipient for applying one or more access control policies.
  - 9. The method of claim 1, further comprising:
    - storing at least one of a key identifier or a portion of the integrity check value in an unused portion of the packet in response to determining that the data transformation operation to be performed.

10. A system, comprising:
- a packet to be transmitted over a communication path;
  
  a network adapter that is coupled to the communication path; and
  
  an authenticity system coupled to the network adapter;
  
  wherein the authenticity system performs a data integrity operation over one selectable portion of the packet to calculate an integrity check value using a secret key, wherein the one selectable portion of the packet includes a Virtual Local Area Network (VLAN) field, an Internet Protocol (IP) field, and a Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) field; and
  
  wherein the authenticity system performs a data transformation operation over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet, wherein the another selectable portion of the packet is a data field;
  
  wherein the data transformation operation comprises a reversible operation.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein data in a data field of the packet is encrypted before the data transformation operation is performed.
  - 12. The system of claim 10, wherein data in a data field of the packet is encrypted after the data transformation operation is performed.
  - 13. The system of claim 10, wherein the authenticity system is operable to:
    - receive the packet;
      
      perform the data integrity operation over the one portion of the packet to calculate the integrity check value; and
      
      perform the data transformation operation over the other portion of the packet to retrieve data from the packet using the calculated integrity check value.
  - 14. The system of claim 13, wherein the authenticity system is operable to:
    - perform a data integrity check to verify whether the retrieved data in the packet was modified during transmission.

15. A method capable of retrieving information from a packet, further comprising:
- receiving a packet, including, a Virtual Local Area Network (VLAN) field, an Internet Protocol (IP) field, a Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) field, and a data field;
  
  performing a data integrity operation over one portion of the packet to calculate an integrity check value using a secret key, wherein the one portion of the packet includes the Virtual Local Area Network (VLAN) field, the Internet Protocol (IP) field, and the Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) field;
  
  storing the integrity check value in the data field by performing a data transformation operation over the data field without increasing a size of the packet; and
  
  performing a data transformation operation over another portion of the packet to retrieve data from the packet using the calculated integrity check value, wherein the other portion of the packet is the data field;
  
  wherein the data transformation operation comprises a reverse data transformation operation relative to another data transformation operation performed on the packet prior to the packet being received.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, further comprising:
    - performing a data integrity check to verify whether the retrieved data in the packet was modified during transmission.
  - 17. The method of claim 15, wherein a field of the packet includes one or more tags that are capable of providing additional identity information, security posture information, and role information, which may be leveraged to apply one or more access control policies.

18. An article of manufacture for storing information in a packet, wherein the article of manufacture comprises a computer readable medium storing instructions, and wherein the article of manufacture is operable to:
- perform a data integrity operation over one selectable portion of the packet to calculate an integrity check value using a secret key, wherein the one selectable portion of the packet includes a Virtual Local Area Network (VLAN) field, an Internet Protocol (IP) field, and a Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) field; and
  
  perform a data transformation operation over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet, wherein the another selectable portion of the packet is a data field;
  
  wherein the data transformation operation comprises a reversible operation.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The article of manufacture of claim 18, wherein data in a data field of the packet is encrypted before the data transformation operation is performed.
  - 20. The article of manufacture of claim 18, wherein data in a data field of the packet is encrypted after the data transformation operation is performed.
  - 21. The article of manufacture of claim 18, wherein the article of manufacture is operable to:
    - receive the packet;
      
      perform the data integrity operation over the one portion of the packet to calculate the integrity check value; and
      
      perform the data transformation operation over the other portion of the packet to retrieve data from the packet using the calculated integrity check value.
  - 22. The article of manufacture of claim 21, wherein the article of manufacture is operable to:
    - perform a data integrity check to verify whether the retrieved data in the packet was modified during transmission.
  - 23. The article of manufacture of claim 18, wherein the secret key is negotiated between a first computing device transmitting the packet and a second computing device receiving the packet.
  - 24. The article of manufacture of claim 18, wherein a field of the packet includes one or more tags that are capable of identifying a secret key used to calculate the integrity check value, the data transformation operation, and one or more portions of the packet to be used for the data transformation operation.
  - 25. The article of manufacture of claim 18, wherein a field of the packet includes one or more tags that are capable of providing additional identity information, security posture information, and role information, which may be leveraged by a recipient for applying one or more access control policies.
  - 26. The article of manufacture of claim 18, wherein the article of manufacture is operable to:
    - store at least one of a key identifier or a portion of the integrity check value in an unused portion of the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Durham, David M., Grewal, Karanvir
Primary Examiner(s)
Vu; Thong H

Application Number

US11/096,843
Publication Number

US 20060227773A1
Time in Patent Office

1,399 Days
Field of Search

370/252, 713/168
US Class Current

370/389
CPC Class Codes

H04L 63/123 received data contents, e.g...

Authenticity of communications traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticity of communications traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links