Network communications
First Claim
1. A method comprising:
- at a network processor connected to a local network, intercepting a network communication message originating from a user processor that is different from the network processor connected to the local network and which network communication message is destined for a remote processor connected to the local network via an external network;
creating a unique message appendix for the intercepted network communication message to prevent replay attacks on the intercepted network communication message using;
message attributes extracted directly from the intercepted network communication message,externally derived attributes derived by querying services external to an encoding agent of the network processor using the extracted message attributes as query parameters, andinternally derived attributes derived by querying services internal to the network processor using message attributes as query parameters,wherein the unique message appendix contains information associated with the local network that is available at the local network;
encrypting the unique message appendix using a combination of an asymmetric encryption technique that does not require key exchanges and a symmetric encryption technique that is different from the asymmetric encryption technique so that the information in the unique message appendix associated with the local network may be transmitted securely over a public network;
encoding the encrypted unique message appendix to allow the unique message appendix to be added to the network communication message without altering the contents of the network communication message; and
appending the encoded, encrypted unique message appendix to the network communication message for transmission between the network processor connected to the local network and the remote processor.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for communicating information between computer networks in which the information to be communicated is required at one location (e.g. for processing) but only available at another location. The information may be absent deliberately (for privacy reasons) or may simply be unavailable as an artifact of the computer network(s) involved. The required information, such as the internal client IP address, is inserted into the outgoing network communication in a manner that does not to materially affect the normal transit or utility of the network communication (e.g. as custom headers). The information is preferably inserted in an encrypted form, so that it may pass over a public network and be invulnerable to unauthorised scrutiny.
65 Citations
32 Claims
-
1. A method comprising:
-
at a network processor connected to a local network, intercepting a network communication message originating from a user processor that is different from the network processor connected to the local network and which network communication message is destined for a remote processor connected to the local network via an external network; creating a unique message appendix for the intercepted network communication message to prevent replay attacks on the intercepted network communication message using; message attributes extracted directly from the intercepted network communication message, externally derived attributes derived by querying services external to an encoding agent of the network processor using the extracted message attributes as query parameters, and internally derived attributes derived by querying services internal to the network processor using message attributes as query parameters, wherein the unique message appendix contains information associated with the local network that is available at the local network; encrypting the unique message appendix using a combination of an asymmetric encryption technique that does not require key exchanges and a symmetric encryption technique that is different from the asymmetric encryption technique so that the information in the unique message appendix associated with the local network may be transmitted securely over a public network; encoding the encrypted unique message appendix to allow the unique message appendix to be added to the network communication message without altering the contents of the network communication message; and appending the encoded, encrypted unique message appendix to the network communication message for transmission between the network processor connected to the local network and the remote processor. - View Dependent Claims (2, 5, 10, 11, 17, 18, 19, 20, 21, 22, 23, 27, 28, 29, 30)
-
-
3. A method comprising:
-
at a remote processor connected to a local network via an external network, receiving a network communication message from a network processor connected to the local network, wherein the network communication message includes an encoded and encrypted unique message appendix used to prevent replay attacks on the intercepted network communication message; decrypting the unique message appendix using a combination of an asymmetric decryption technique that does not require key exchanges and a symmetric decryption technique that is different form the asymmetric decryption technique; extracting the unique message appendix that was generated from; message attributes extracted directly from the network communication message, externally derived attributes derived by querying services external to an encoding agent of the network processor using the extracted message attributes as query parameters, and internally derived attributes derived by querying services internal to the network processor using message attributes as query parameters; and processing the unique message appendix to obtain local network information available at the network processor from which the communication message originated. - View Dependent Claims (4, 6, 7, 8, 9, 26)
-
-
12. An apparatus comprising:
a network processor configured to connect to a local network, the network processor executing an encoding agent that is configured to; intercept a network communication message that originates from a user processor connected to the local network and that is destined for a remote processor connected to the local network via an external network; create a unique message appendix for the intercepted network communication message using; message attributes extracted directly from the intercepted network communication message, externally derived attributes derived by querying services external to an encoding agent of the network processor using the extracted message attributes as query parameters, and internally derived attributes derived by querying services internal to the network processor using message attributes as query parameters, wherein the unique message appendix contains information associated with the local network that is available at the local network; encrypt the unique message appendix using a combination of an asymmetric encryption technique that does not require key exchanges and a symmetric encryption technique that is different from the asymmetric encryption technique so that the information in the unique message appendix associated with the local network may be transmitted securely over a public network; encode the encrypted unique message appendix to allow the unique message appendix to be added to the network communication message without altering the contents of the network communication message; and append the encoded, encrypted unique message appendix to the network communication message for transmission between the network processor connected to the local network and the remote processor. - View Dependent Claims (15, 16, 24, 25, 31, 32)
-
13. An apparatus comprising:
a network processor configured to connect to a local network via an external network, the network processor executing a decoding agent that is configured to; receive a network communication message from another network processor connected to the local network, wherein the network communication message includes an encoded and encrypted unique message appendix used to prevent replay attacks on the intercepted network communication message; and decrypt the unique message appendix using a combination of an asymmetric decryption that does not require key exchanges and a symmetric decryption technique that is different from the asymmetric decryption technique; extract the unique message appendix that was generated from; message attributes extracted directly from the network communication message, externally derived attributes derived by querying services external to an encoding agent of the network processor using the extracted message attributes as query parameters, and internally derived attributes derived by querying services internal to the network processor using message attributes as query parameters; and the network processor executing a processing agent that is configured to process the unique message appendix to obtain local network information available at the network processor from which the communication message originated. - View Dependent Claims (14)
Specification