Network watermark

US 8,625,574 B2
Filed: 08/01/2011
Issued: 01/07/2014
Est. Priority Date: 06/12/2007
Status: Active Grant

First Claim

Patent Images

1. A network communications method utilizing a network watermark process, the network watermark process comprising the step of creating a verifiable communications path through a network of nodes between a first end node and a second end node, the verifiable communications path being collectively created,(a) by the first end node performing the step of sending a communication including a class identifier of the first end node and an identification of the second end node to an immediately succeeding node in the verifiable communications path;

(b) by each respective intermediate node, if any, between the first end node and the second end node in the verifiable communications path, performing the steps of,(i) receiving a communication from an immediately preceding node, the communication including the class identifier and respective first path data,(ii) verifying the communication that is received from the immediately preceding node using first maintained class rules corresponding to the class identifier, and(iii) upon successful verification of the communication from the immediately preceding node, sending a communication to an immediately succeeding node of the respective intermediate node, the communication including the class identifier and respective second path data that at least identifies a network communications path from the first end node to the respective intermediate node; and

(c) by the second end node performing the steps of,(i) receiving a communication from the immediately preceding node, the communication including the class identifier and path information that at least identifies a network communications path from the first end node to the immediately preceding node,(ii) verifying the communication that is received from the immediately preceding node using class rules corresponding to the class identifier that are maintained by the second end node, and(iii) validating the communications path through the network of nodes between the first end node and the second end node.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes.

Citations

20 Claims

1. A network communications method utilizing a network watermark process, the network watermark process comprising the step of creating a verifiable communications path through a network of nodes between a first end node and a second end node, the verifiable communications path being collectively created,(a) by the first end node performing the step of sending a communication including a class identifier of the first end node and an identification of the second end node to an immediately succeeding node in the verifiable communications path;
- (b) by each respective intermediate node, if any, between the first end node and the second end node in the verifiable communications path, performing the steps of,(i) receiving a communication from an immediately preceding node, the communication including the class identifier and respective first path data,(ii) verifying the communication that is received from the immediately preceding node using first maintained class rules corresponding to the class identifier, and(iii) upon successful verification of the communication from the immediately preceding node, sending a communication to an immediately succeeding node of the respective intermediate node, the communication including the class identifier and respective second path data that at least identifies a network communications path from the first end node to the respective intermediate node; and
  
  (c) by the second end node performing the steps of,(i) receiving a communication from the immediately preceding node, the communication including the class identifier and path information that at least identifies a network communications path from the first end node to the immediately preceding node,(ii) verifying the communication that is received from the immediately preceding node using class rules corresponding to the class identifier that are maintained by the second end node, and(iii) validating the communications path through the network of nodes between the first end node and the second end node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The network communications method of claim 1, wherein the path data that is included in the communication sent by a respective intermediate node identifies the network communications path from the first end node to the respective intermediate node by identifying a sequence of unique identifiers (UIDs) of the nodes of the network communications path.
  - 3. The network communications method of claim 2, wherein the step of validating, by the second end node, the communications path through the network of nodes between the first end node and the second end node includes checking the class in information of the communication that is received by the second end node against class identifiers of the nodes identified by the path information in order to confirm that a class identifier of each node identified by the path information corresponds to the class identifier of the communication received by the second end node.
  - 4. The network communications method of claim 3, wherein the second end node maintains the class identifiers associated with known nodes.
  - 5. The network communications method of claim 3, wherein the communication received by the second end node includes a request by the first end node for the transfer of information from the second end node.
  - 6. The network communications method of claim 5, wherein the second end node is a server.
  - 7. The network communications method of claim 1, further comprising communicating an acknowledgement from the second end node to the first end node, and creating a second verifiable communications path through a second network of nodes between the second end node and the first end node.
  - 8. The network communications method of claim 7, wherein the acknowledgment communicated to the first end node represents an acknowledgement by the second end node of a request for the transfer of information to the first end node for use by a specific application program, and wherein the method comprises checking UIDs of nodes identified by path data against information maintained for valid UIDs of known nodes in order to confirm that the information maintained for each identified node matches criteria specified by the specific application program.
  - 9. The network communications method of claim 7, wherein the acknowledgment communicated to the first end node represents an acknowledgement by the second end node of a request for the transfer of information to the first end node for use by a specific application program, and wherein the method comprises checking UIDs of the nodes identified by path data against security levels that are maintained for valid UIDs of known nodes in order to confirm that the security levels of each identified node matches a required security level specified by the specific application program.
  - 10. The network communications method of claim 7, wherein the class identifier of communications for the acknowledgment that are sent by the second end node and the respective intermediate nodes in the second verifiable communications path from the first end node to the second end node is different from the class identifier of the communications that are sent by the first end node and the respective intermediate nodes in the first verifiable communications path from the first end node to the second end node.
  - 11. The network communications method of claim 1, wherein, for each respective intermediate node, the respective second path data represents updated path data as compared to the respective first path data.
  - 12. The network communications method of claim 1, wherein, for each respective intermediate node, the respective second path data represents updated path data as compared to the respective first path data, the updated path data being updated to include information associated with that respective intermediate node.
  - 13. The network communications method of claim 1, wherein, for each respective intermediate node, the respective second path data is the same as the respective first path data.

14. A network communications method utilizing a network watermark process, the network watermark process comprising the step of creating a verifiable communications path through a network of nodes between a first end node and a second end node, the verifiable communications path being collectively created,(a) by the first end node performing the step of sending a communication including a class identifier of the first end node and an identification of the second end node to an immediately succeeding node in the verifiable communications path;
- (b) by each respective intermediate node, if any, between the first end node and the second end node in the verifiable communications path, performing the steps of,(i) receiving a communication from an immediately preceding node, the communication including a respective first class identifier and respective first path data,(ii) verifying the communication that is received by the respective intermediate node from the immediately preceding node using class rules corresponding to the respective first class identifier that are maintained by the respective intermediate node, and(iii) upon successful verification of the communication from the immediately preceding node by the respective intermediate node, sending by the respective intermediate node a communication to an immediately succeeding node, the communication including a respective second class identifier and respective second path data that at least identifies a network communications path from the first end node to the respective intermediate node; and
  
  (c) by the second end node performing the steps of,(i) receiving a communication from the immediately preceding node, the communication including class information and path information that at least identifies a network communications path from the first end node to the immediately preceding node,(ii) verifying the communication that is received from the immediately preceding node using class rules corresponding to the class information that are maintained by the second end node, and(iii) validating the communications path through the network of nodes between the first end node and the second end node.
- View Dependent Claims (15, 16, 17)
- - 15. The network communications method of claim 14, wherein, for each respective intermediate node, the respective first class identifier is the same as the respective second class identifier.
  - 16. The network communications method of claim 14, wherein, for each respective intermediate node, the respective first class identifier is different than the respective second class identifier.
  - 17. The network communications method of claim 14, wherein, for at least one respective intermediate node, the respective first class identifier is different than the respective second class identifier.

18. A network communications method utilizing a network watermark process, the network watermark process comprising the step of creating a verifiable communications path through a network of nodes between a first end node and a second end node, the verifiable communications path being collectively created,(a) by the first end node performing the steps of,(i) communicating a first handshake message to an immediately succeeding node, the first handshake message including a first passcode,(ii) receving a first handshake answer message, the first handshake answer message including a derivative passcode,(iii) verifying, utilizing a reverse lookup algorithm, that the received first derivative passcode corresponds to the communicated first passcode,(iiii) upon the successful verification of the received first derivative passcode, establishing a communications link with the immediately succeeding node;
- (b) by each respective intermediate node, if any, between the first end node and the second end node in the verifiable communications path, performing the steps of,(i) receiving, by the respective intermediate node, a respective first handshake message from an immediately preceding node, the respective first handshake message including a respective first passcode,(ii) generating, by the respective intermediate node using a function utilizing the respective first passcode as input, a respective first output derivative passcode,(iii) communicating, by the respective intermediate node, the respective first output derivative passcode to the immediately preceding node in a respective first handshake answer message,(iv) receiving, by the respective intermediate node, a communication from the immediately preceding node,(v) communicating, by the respective intermediate node, a respective second handshake message to an immediately succeeding node of the respective intermediate node, the respective second handshake message including a respective second passcode,(vi) receving, by the respective intermediate node, a respective second handshake answer message, the respective second handshake answer message including a respective second derivative passcode,(vii) verifying, by the respective intermediate node utilizing a reverse lookup algorithm, that the received respective second derivative passcode corresponds to the communicated respective second passcode,(viii) upon the successful verification of the received respective second derivative passcode, establishing a communications link with the immediately succeeding node;
  
  (c) by the second end node performing the steps of,(i) receiving a second handshake message from an immediately preceding node of the second end node, the second handshake message including a passcode,(ii) generating, using a function utilizing the passcode as input, a second output derivative passcode,(iii) communicating the second output derivative passcode to the immediately preceding node in a second handshake answer message,(iv) receiving a communication from the immediately preceding node.
- View Dependent Claims (19, 20)
- - 19. The network communications method of claim 18, wherein the method further comprises validating, by the second end node, the communications path through the network of nodes between the first end node and the second end node.
  - 20. The network communications method of claim 18, wherein the method further comprises validating, by the first end node, the communications path through the network of nodes between the first end node and the second end node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Code-X Incorporated
Original Assignee
Robert W. Twitchell Jr
Inventors
Twitchell, Robert W. Jr., Smith, Delia J.
Primary Examiner(s)
Phan, Man
Assistant Examiner(s)
Mansoury, Nourali

Application Number

US13/195,435
Publication Number

US 20110289320A1
Time in Patent Office

890 Days
Field of Search

370/237, 370/252, 370/389, 370/392, 370/351
US Class Current

370/351
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/162   at the data link layer

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/102   Route integrity, e.g. using...

H04W 12/106   Packet or message integrity

H04W 12/67   Risk-dependent, e.g. select...

H04W 40/005   Routing actions in the pres...

H04W 48/08   Access restriction or acces...

H04W 48/16   Discovering, processing acc...

H04W 84/18   Self-organising networks, e...

Network watermark

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network watermark

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links