System and method for secure transactions over a network
First Claim
1. A method of providing reliable transactions over a communication network comprising the steps of:
- determining a need in a node in a transaction network to update a transmission path capacity indicator between the node and a designation node in the transaction network;
formulating an application layer transaction request message in the node as a probe packet for the purposes of updating the transmission path capacity indicator;
selecting one of a plurality of output ports on the node for transmitting the probe packet to the destination node;
transmitting the probe packet to an adjacent node;
receiving an application layer transaction response message from the adjacent node correlated with the probe packet using a message identifier number;
determining a time duration in the node based on a first time associated with the transmission of the probe packet and a second time associated with the receipt of the application layer transaction response message; and
updating the transmission path capacity indicator based on the time duration.
14 Assignments
0 Petitions
Accused Products
Abstract
The public Internet is the world'"'"'s largest system of inter-networked computers. Adequate security means for protecting sensitive data communicated over the Internet is not, however, provided. The present invention, therefore, provides a system and method for performing secure transactions over an insecure packet-switched communication network. This is achieved by interconnecting a number of master nodes over the insecure communication network. The master nodes are capable of transmitting encrypted data packets over the insecure network via pseudo-random communication paths. The master nodes are further capable of returning to any state in a secure transaction in the event of a network failure. The master nodes are also capable of using new keys to encrypt each data packet.
-
Citations
16 Claims
-
1. A method of providing reliable transactions over a communication network comprising the steps of:
-
determining a need in a node in a transaction network to update a transmission path capacity indicator between the node and a designation node in the transaction network; formulating an application layer transaction request message in the node as a probe packet for the purposes of updating the transmission path capacity indicator; selecting one of a plurality of output ports on the node for transmitting the probe packet to the destination node; transmitting the probe packet to an adjacent node; receiving an application layer transaction response message from the adjacent node correlated with the probe packet using a message identifier number; determining a time duration in the node based on a first time associated with the transmission of the probe packet and a second time associated with the receipt of the application layer transaction response message; and updating the transmission path capacity indicator based on the time duration. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
-
2. A method for providing reliable transactions over a communication network comprising the step of:
-
receiving a node in a transaction network an application layer transaction response message serving as a probe response from an adjacent node; determining an associated probe request is enqued in a memory of the node; determining that the node receiving the probe response generated the associated probe request; updating a transmission path capacity indicator based in part on the probe response; and de-enquing the probe request in the memory of the node.
-
-
3. A method for providing secure transactions over a network node comprising the steps of:
-
receiving an encrypted data packet comprising an application layer message at an input port on a first network node from a second network node, the encrypted data packet comprising a checksum, message identifier, and data; determining that a message-received timer has not expired; validating the encrypted data packet by processing the checksum and the data; determining the message identifier is a currently active message identifier; retrieving a first current encryption key from memory; using the current first encryption key and the data packet to derive a first new encryption key; decrypting the data using the first new encryption key to produce a second data; replacing the first current encryption key with the first new encryption key; selecting an output port based on a criteria; formulating a second encrypted data packet using the second data and the first new encryption key; transmitting the second encrypted data packet on the output port; and sending a positive acknowledgement message to the second network node. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for providing secure transactions at a node in a communications network comprising:
-
receiving an application layer message from a second network node on an input port on the network node wherein the message comprises a message identifier, payload and checksum; determining the integrity of the message by processing the checksum; determining a current decryption key is defined; deriving a new decryption key using the current decryption key; attempting to decrypt the message; determining the message has not been successfully decryption; selecting one from a plurality of re-start keys as the new decryption key; attempting to decrypt the message; determining the message has not been successfully decrypted; using one of the plurality of re-start keys to encrypt a negative response message; and sending the negative response message to the second network node. - View Dependent Claims (15)
-
-
16. A method for providing reliable transactions over a communications network comprising the steps of:
-
receiving an application layer transaction request message functioning as a probe request message in a node of a transaction network; determining that a corresponding application layer transaction response message functioning as a probe response message is enqued in a memory of the node; determining that the node did not generate the corresponding probe request message; de-enquing the probe request message from the memory of the node; transmitting the probe response message to a second node from which the node receiving the probe request; and enquing the probe response message in the memory of the node.
-
Specification