Establishing secure TCP/IP communications using embedded IDs
First Claim
1. A method for selectively requiring secure TCP/IP communications between a source node and a destination node within a computer network, the method comprising:
- assigning a unique user identifier to each authorized user within the computer network;
creating a plurality of policy rules defining when secure communications are required for TCP/IP communications within the computer network as a function of the authorized users initiating the TCP/IP communications;
identifying the respective authorized user logged into the source node;
retrieving the unique user identifier associated with the respective authorized user;
upon initiation of a TCP/IP communication from the source node, intercepting by a first interceptor a TCP SYN packet of the TCP/IP communication prior to transmission of the TCP SYN packet to the destination node, wherein the packet includes a packet header;
embedding the unique user identifier into the packet header;
forwarding the TCP SYN packet with the embedded unique user identifier to the destination node;
intercepting by a second interceptor the TCP SYN packet with the embedded unique user identifier prior to arrival of the packet at the destination node;
determining whether secure communications are required for the respective authorized user logged into the source node by comparing the unique user identifier embedded in the TCP SYN packet header to the plurality of policy rules to identify a policy rule for the respective authorized user;
if secure communications are required for the respective authorized user logged into the source node based on an identified policy rule, refusing passage of the TCP SYN packet to the destination node and returning an embed signal RST packet to the source node, the RST packet including a secure communications identifier to indicate that secure communications are required;
intercepting by the first interceptor the RST packet and verifying the inclusion of the secure communications identifier; and
thereafterrequiring secure communications for all subsequent packets associated with the TCP/IP communication in either direction between the source node and the destination node until the TCP/IP communication is completed.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for establishing secure TCP/IP communications for individual network connections include the steps of intercepting a conventional TCP SYN packet prior to transmission from a source node to a destination node, embedding unique identifiers into standard fields of the packet header, wherein the unique identifiers are associated with the specific connection attempt and wherein the unique identifiers identify the user account and/or the computer hardware initiating the communication attempt, then forwarding the modified TCP SYN packet to the destination node and intercepting the modified TCP SYN packet prior to arrival, determining whether secure communications are required based on the unique identifiers extracted from the packet headers, based on other TCP/IP information, and based on predefined rules associated with the same. If secure communications are required, such requirement is communicated within either an RST or a SYN-ACK back to the source node.
-
Citations
28 Claims
-
1. A method for selectively requiring secure TCP/IP communications between a source node and a destination node within a computer network, the method comprising:
-
assigning a unique user identifier to each authorized user within the computer network; creating a plurality of policy rules defining when secure communications are required for TCP/IP communications within the computer network as a function of the authorized users initiating the TCP/IP communications; identifying the respective authorized user logged into the source node; retrieving the unique user identifier associated with the respective authorized user; upon initiation of a TCP/IP communication from the source node, intercepting by a first interceptor a TCP SYN packet of the TCP/IP communication prior to transmission of the TCP SYN packet to the destination node, wherein the packet includes a packet header; embedding the unique user identifier into the packet header; forwarding the TCP SYN packet with the embedded unique user identifier to the destination node; intercepting by a second interceptor the TCP SYN packet with the embedded unique user identifier prior to arrival of the packet at the destination node; determining whether secure communications are required for the respective authorized user logged into the source node by comparing the unique user identifier embedded in the TCP SYN packet header to the plurality of policy rules to identify a policy rule for the respective authorized user; if secure communications are required for the respective authorized user logged into the source node based on an identified policy rule, refusing passage of the TCP SYN packet to the destination node and returning an embed signal RST packet to the source node, the RST packet including a secure communications identifier to indicate that secure communications are required; intercepting by the first interceptor the RST packet and verifying the inclusion of the secure communications identifier; and
thereafterrequiring secure communications for all subsequent packets associated with the TCP/IP communication in either direction between the source node and the destination node until the TCP/IP communication is completed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 23, 24, 25, 26, 27, 28)
-
-
9. A method for selectively requiring secure TCP/IP communications between a source node and a destination node within a computer network, the method comprising:
-
assigning a unique user identifier to each authorized user within the computer network; intercepting by a first interceptor a TCP SYN packet associated with a TCP/IP communication prior to arrival of the packet at the destination node, the TCP SYN packet including a packet header with a unique user identifier embedded therein; extracting the unique user identifier from the packet header of the TCP SYN packet; determining whether secure communications are required for the respective authorized user associated with the TCP/IP communication based on the unique user identifier extracted from the TCP SYN packet header; if secure communications are required for the respective authorized user associated with the TCP/IP communication, refusing passage of the TCP SYN packet to the destination node and returning an embed signal RST packet to the source node, the RST packet including a secure communications identifier to indicate that secure communications are required; intercepting by a second interceptor the RST packet and verifying the inclusion of the secure communications identifier; and
thereafterrequiring secure communications for all subsequent packets associated with the TCP/IP communication in either direction between the source node and the destination node until the TCP/IP communication is completed. - View Dependent Claims (10)
-
-
11. A method for selectively requiring secure TCP/IP communications between a source node and a destination node within a computer network, the method comprising:
-
assigning a unique user identifier to each authorized user within the computer network; identifying the respective authorized user logged into the source node; retrieving the unique user identifier associated with the respective authorized user; upon initiation of a TCP/IP communication from the source node, intercepting by a first interceptor a TCP SYN packet of the TCP/IP communication prior to transmission of the TCP SYN packet to the destination node, wherein the packet includes a packet header; embedding the unique user identifier into the packet header; forwarding the TCP SYN packet with the embedded unique user identifier to the destination node; intercepting by a second interceptor the TCP SYN packet with the embedded unique user identifier prior to arrival of the packet at the destination node; determining whether secure communications are required for the respective authorized user logged into the source node based on the unique user identifier embedded in the packet header of the TCP SYN packet; if secure communications are required for the respective authorized user logged into the source node, allowing passage of the TCP SYN packet to the destination node; intercepting by the second interceptor a SYN-ACK packet traveling from the destination node to the source node; embedding a secure communications identifier into the SYN-ACK packet header to indicate that secure communications are required; sending the SYN-ACK packet with the embedded secure communications identifier to the source node; intercepting by the first interceptor the SYN-ACK packet and verifying the inclusion of the secure communications identifier; and
thereafterrequiring secure communications for all subsequent packets associated with the TCP/IP communication in either direction between the source node and the destination node until the TCP/IP communication is finished. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for selectively requiring secure TCP/IP communications between a source node and a destination node within a computer network, the method comprising:
-
assigning a unique user identifier to each authorized user within the computer network; intercepting by a first interceptor a TCP SYN packet associated with a TCP/IP communication prior to arrival of the packet at the destination node, the TCP SYN packet including a packet header with a unique user identifier embedded therein; extracting the unique user identifier from the packet header of the TCP SYN packet; determining whether secure communications are required for the respective authorized user associated with the TCP/IP communication based on the unique user identifier extracted from the TCP SYN packet header; if secure communications are required for the respective authorized user associated with the TCP/IP communication, allowing passage of the TOP SYN packet to the destination node; intercepting by the first interceptor a SYN-ACK packet traveling from the destination node to the source node; embedding a secure communications identifier into the SYN-ACK packet header to indicate that secure communications are required; sending the SYN-ACK packet with the embedded secure communications identifier to the source node; intercepting by a second interceptor the SYN-ACK packet and verifying the inclusion of the secure communications identifier; and
thereafterrequiring secure communications for all subsequent packets associated with the TCP/IP communication in either direction between the source node and the destination node until the TCP/IP communication is finished. - View Dependent Claims (22)
-
Specification