Secure proximity verification of a node on a network
First Claim
1. A method of determining proximity of a target node to a source node, comprising:
- preparing a first response at the target node prior to receiving any part of a query from the source node;
communicating the query from the source node to the target node;
communicating the first response from the target node to the source node, immediately after the query is received and before the query is processed at the target node;
receiving the first response at the source node;
processing the query at the target node to produce therefrom a second response that facilitates a verification of the target node and its first response;
communicating the second response from the target node to the source node;
determining a measure of communication time between communicating the query and receiving the first response; and
determining the proximity of the target node based on the measure of communication time, wherein determining proximity includes comparing the measure of communication time with a threshold value, and if the communication time is below the threshold, the target node is determined to be local, otherwise the target node is determined to be remote, further comparing the measure of communication time with multiple applied thresholds for providing a relative measure of a degree of remoteness of the target node from the source node, and wherein the source node uses the remote/local proximity determination to control subsequent communications with the target node and to control access of the target node to system resources based on the determined proximity.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method determines the proximity of the target node to the source node from the time required to communicate messages within the node-verification protocol. The node-verification protocol includes a query-response sequence, wherein the source node communicates a query to the target node, and the target node communicates a corresponding response to the source node. The target node is configured to communicate two responses to the query: a first response that is transmitted immediately upon receipt of the query, and a second response based on the contents of the query. The communication time is determined based on the time duration between the transmission of the query and receipt of the first response at the source node and the second response is compared for correspondence to the query, to verify the authenticity of the target node.
-
Citations
28 Claims
-
1. A method of determining proximity of a target node to a source node, comprising:
-
preparing a first response at the target node prior to receiving any part of a query from the source node; communicating the query from the source node to the target node; communicating the first response from the target node to the source node, immediately after the query is received and before the query is processed at the target node; receiving the first response at the source node; processing the query at the target node to produce therefrom a second response that facilitates a verification of the target node and its first response; communicating the second response from the target node to the source node; determining a measure of communication time between communicating the query and receiving the first response; and determining the proximity of the target node based on the measure of communication time, wherein determining proximity includes comparing the measure of communication time with a threshold value, and if the communication time is below the threshold, the target node is determined to be local, otherwise the target node is determined to be remote, further comparing the measure of communication time with multiple applied thresholds for providing a relative measure of a degree of remoteness of the target node from the source node, and wherein the source node uses the remote/local proximity determination to control subsequent communications with the target node and to control access of the target node to system resources based on the determined proximity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A node on a network including:
-
a processor that is configured to prepare a first response at the node prior to receiving any part of a query from a source node, a communication device that is configured to; receive the query from the source node, transmit the first response to facilitate proximity verification of the node, to the source node immediately upon receipt of the query and before the query is processed, and transmit a second response that facilitates a verification of the node to the source node, and the processor configured to process the query and produce therefrom the second response, wherein the source node determines a measure of communication time between communicating the query and receiving the first response, determines a proximity of the node based on the measure of communication time, wherein determining proximity includes comparing the measure of communication time with a threshold value, and if the communication time is below the threshold, the node is determined to be local, otherwise the node is determined to be remote, further comparing the measure of communication time with multiple applied thresholds for providing a relative measure of a degree of remoteness of the node from the source node, and wherein the source node uses the remote/local proximity determination to control subsequent communications with the node and to control access of the node to system resources based on the determined proximity. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A node on a network including:
-
a communication device that is configured to; transmit a query to a target node, receive an immediate first response that has been prepared before receipt of any part of the query by the target node and transmitted by the target node before the query is processed at the target node, and receive a second response from the target node; and a processor that is configured to; measure a communication time between transmitting the query and receiving the first response, determine a proximity of the target node relative to the node based on the communication time, and verify the target node based on the second response, wherein determining proximity includes comparing the measure of communication time with a threshold value, and if the communication time is below the threshold, the target node is determined to be local, otherwise the target node is determined to be remote, further comparing the measure of communication time with multiple applied thresholds for providing a relative measure of a degree of remoteness of the target node from the source node, and wherein the source node uses the remote/local proximity determination to control subsequent communications with the target node and to control access of the target node to system resources based on the determined proximity. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification