Network with protocol, privacy preserving source attribution and admission control and method

US 8,862,871 B2
Filed: 03/22/2012
Issued: 10/14/2014
Est. Priority Date: 04/15/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising computer network for a transmission of data utilizing a packet, comprising:

a plurality of nodes, said plurality of nodes being at least a source node and a destination node, said computer network being configured to transmit said packet from said source node to said destination node;

said source node having a unique source identifier;

said destination node having a public key;

a source network interface configured to generate a signature for said source node using a private key;

said packet comprising;

attribute information indicative of a status of said origination node;

said signature for said source node; and

said unique source identifier of said source node;

wherein said computer network is configured to utilize said signature for said source node and said unique source identifier of said source node to obtain an authentication of said packet and transmit said packet based, at least in part, on said authentication over said computer network; and

a trusted authority wherein said private key is encrypted according to an encryption scheme managed only by said trusted authority.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device implemented, carrier independent packet delivery universal addressing networking protocol for communication over a network between network nodes utilizing a packet. The protocol has an IP stack having layers. At least some of the layers have privacy preserving source node attribution and network admission control. The packet is admitted to the network only if a source node of the network nodes admits the packet.

20 Citations

View as Search Results

16 Claims

1. A system comprising computer network for a transmission of data utilizing a packet, comprising:
- a plurality of nodes, said plurality of nodes being at least a source node and a destination node, said computer network being configured to transmit said packet from said source node to said destination node;
  
  said source node having a unique source identifier;
  
  said destination node having a public key;
  
  a source network interface configured to generate a signature for said source node using a private key;
  
  said packet comprising;
  
  attribute information indicative of a status of said origination node;
  
  said signature for said source node; and
  
  said unique source identifier of said source node;
  
  wherein said computer network is configured to utilize said signature for said source node and said unique source identifier of said source node to obtain an authentication of said packet and transmit said packet based, at least in part, on said authentication over said computer network; and
  
  a trusted authority wherein said private key is encrypted according to an encryption scheme managed only by said trusted authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system as in claim 1 wherein said trusted authority is configured to revoke an effectiveness of said private key such that said source node does not obtain said authentication of said packet and does not transmit said packet.
  - 3. The system as in claim 1 wherein said packet further comprises attribute information indicative of a status of said origination node.
  - 4. The system as in claim 1, further comprising a crypto-token, comprising:
    - a unique certificate indicative of an authenticity of said source node; and
      
      a user identification unique to a user of said source node.
  - 5. The system as in claim 4, further comprising a trusted authority configured to supply said unique certificate.
  - 6. The system as in claim 5 wherein said crypto-token is encrypted by said trusted authority.
  - 7. The system as in claim 4 further comprising a network interface identification unique to said source node.
  - 8. The system as in claim 4 further comprising user attribute information indicative of a status of said source node.

9. A method for attributing a source of a packet in a device implemented network comprising a trusted authority, a plurality of nodes being at least a source node having a unique source identifier and a destination node having a public key, said network being configured to transmit said packet from said source node to said destination node, comprising the steps of:
- encrypting said private key according to an encryption scheme managed only by said trusted authority;
  
  generating a signature for said source node using a private key;
  
  generating said packet with attribute information indicative of a status of said origination node and with said signature and said unique source identifier;
  
  authenticating said packet based on said signature and said unique identifier to obtain an authentication; and
  
  transmitting said packet based on said authentication.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method as in claim 9, further comprising the step of revoking, with said trusted authority, an effectiveness of said private key such that said source node does not obtain said authentication of said packet and does not transmit said packet.
  - 11. The method as in claim 9 wherein said generating said packet step further comprises generating said packet with attribute information indicative of a status of said origination node.
  - 12. The method as in claim 9, further comprising the step of generating a crypto-token comprising a unique certificate indicative of an authenticity of said source node and a user identification unique to a user of said source node.
  - 13. The method as in claim 12 wherein said network further comprises a trusted authority, and further comprising the step of supplying said unique certificate using said trusted authority.
  - 14. The method as in claim 13, further comprising the step of encrypting said crypto-token by said trusted authority.
  - 15. The method as in claim 12, further comprising the step of generating a network interface identification unique to said source node.
  - 16. The method as in claim 12 further comprising the step of generating user attribute information indicative of a status of said source node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architectural technology Inc.
Original Assignee
Architectural technology Inc.
Inventors
Ramanujan, Ranga Sri
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US13/427,233
Publication Number

US 20120265984A1
Time in Patent Office

936 Days
Field of Search

713/156
US Class Current

713/155
CPC Class Codes

H04L 47/70   Admission control; Resource...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/12   Applying verification of th...

H04L 9/0847   involving identity based en...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/32   including means for verifyi...

H04L 9/3213   using tickets or tokens, e....

Network with protocol, privacy preserving source attribution and admission control and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Network with protocol, privacy preserving source attribution and admission control and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others