Method and apparatus to establish routes based on the trust scores of routers within an IP routing domain
First Claim
Patent Images
1. A method for selecting a second router as part of a path from a first router to a destination, comprising:
- identifying a plurality of routers that are part of a network including the first router;
identifying at least a first portion of the identified routers as each having an integrity/trust score;
flagging first data as being sensitive to trustworthiness;
identifying from among only the first portion of the identified routers a first path between the first router and the destination;
selecting a second router from said identified first path; and
transmitting the first data that is flagged as being sensitive to trustworthiness from the first router to the second router;
identifying a second portion of the identified routers;
identifying from among the second portion of the identified routers a second path between the first router and the destination;
selecting a third router from said identified second path; and
transmitting second data that is not flagged as being sensitive to trustworthiness from the first router to the third router based on a load balancing factor between the first path and the second path,wherein the third router includes either no integrity/trust score or an integrity/trust score that is lower than the integrity/trust score of the second router.
8 Assignments
0 Petitions
Accused Products
Abstract
A router includes a management module and a routing module. The routing module can be used to route data around a network. The management module can be used to manage the operation of the routing module, including generating an integrity report for the router, which can be used to generate a trust report for the router. The trust report can include an integrity/trust score for the router. The management module can control the routing module via a secure control interface.
79 Citations
17 Claims
-
1. A method for selecting a second router as part of a path from a first router to a destination, comprising:
-
identifying a plurality of routers that are part of a network including the first router; identifying at least a first portion of the identified routers as each having an integrity/trust score; flagging first data as being sensitive to trustworthiness; identifying from among only the first portion of the identified routers a first path between the first router and the destination; selecting a second router from said identified first path; and transmitting the first data that is flagged as being sensitive to trustworthiness from the first router to the second router; identifying a second portion of the identified routers; identifying from among the second portion of the identified routers a second path between the first router and the destination; selecting a third router from said identified second path; and transmitting second data that is not flagged as being sensitive to trustworthiness from the first router to the third router based on a load balancing factor between the first path and the second path, wherein the third router includes either no integrity/trust score or an integrity/trust score that is lower than the integrity/trust score of the second router. - View Dependent Claims (2, 3)
-
-
4. A router, comprising:
-
a management module, including; a trust engine; and a first trusted hardware configured to receive a first owner authorization string of a network administrator using a secure interface of the trust engine and to store the first owner authorization string; a routing module, including; a second trusted hardware configured to receive a second owner authorization string of the network administrator using the secure interface of the trust engine, to store the second owner authorization string, and to transmit a copy of the second owner authorization string to the first trusted hardware, wherein the first trusted hardware is configured to store the second owner authorization string received from the second trusted hardware; storage configured to store information about at least one adjacent router, said information including an integrity/trust score for at least one of said adjacent router; and a path selection module to select a first of said adjacent routers along which to route a first packet that is flagged as being sensitive to trustworthiness based at least on said integrity/trust score for at least one of said adjacent router, the path selection module operative to select a second of said adjacent routers along which to route a second packet that is not flagged as being sensitive to trustworthiness based on a load balancing factor between the first path and the second path, wherein the second of said adjacent routers includes either no integrity/trust score or an integrity/trust score that is lower than the integrity/trust score of the first of said adjacent routers. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An article comprising a non-transitory storage-readable medium having associated data that, when executed by a machine, results in a machine:
-
identifying a plurality of routers that are part of a network including the first router; identifying a first portion of the identified routers as each having an integrity/trust score; flagging data as being sensitive to trustworthiness; identifying from among only the first portion of the identified routers a first path between the first router and the destination; selecting a second router from said identified first path; transmitting the data that is flagged as being sensitive to trustworthiness from the first router to the second router; identifying a second portion of the identified routers; identifying from among the second portion of the identified routers a second path between the first router and the destination; selecting a third router from said identified second path; and transmitting second data that is not flagged as being sensitive to trustworthiness from the first router to the third router based on a load balancing factor between the first path and the second path, wherein the third router includes either no integrity/trust score or an integrity/trust score that is lower than the integrity/trust score of the second router. - View Dependent Claims (17)
-
Specification