Method for filtering and processing data in a packet-switched communication network
First Claim
1. A method for processing data in a packet-switched communication network, including a wireless communication network, having a plurality of network nodes between which data packets are transmitted, which method comprises the steps of:
- extracting, at least partially, information contained in at least one received data packet received in at least one network node;
ascertaining at least one physical transmission parameter of the received data packet, the physical transmission parameter specifying or being dependent on at least one characteristic of a physical transmission of the received data packet;
filtering the received data packet on a basis of a set of rules that take at least a part of the information extracted and at least a part of the physical transmission parameter into account and processed further in dependence on a filtering process; and
wherein the data packets received in the at least one network node include confiquration-data packets transmitted within a scope of a predefined configuration process, with the at least one network node being configured through the predefined configuration process, with a measure of confidence therein being ascertained on a basis of the at least one physical transmission parameter of the configuration-data packets received, the measure of confidence indicating a confidence that the configuration-data packets received belong to the predefined configuration process, with the predefined configuration process being canceled or interrupted if the measure of confidence represents a degree of confidence that is less than or less than or equal to a predefined minimum confidence.
1 Assignment
0 Petitions
Accused Products
Abstract
A method processes data in a packet-switched communication network having a plurality of network nodes, between which data packets are transmitted. Information contained in one data packet is extracted therefrom, the packet being received in a network node. One physical transmission parameter of the received data packet is ascertained, the physical transmission parameter specifies or is dependent on one property of the physical transmission of the received data packet. The received data packet is filtered based on a rule set, taking into account some of the extracted information and part of the physical transmission parameter, and further processed dependant on the filtering. An application of the method is “bootstrapping”, wherein network nodes are configured, cryptographic information being transmitted in the context of the configuration. A plausibility test of physical transmission parameters of the data packets that are transmitted during bootstrapping can ascertain whether an attacker is manipulating the bootstrapping process.
9 Citations
22 Claims
-
1. A method for processing data in a packet-switched communication network, including a wireless communication network, having a plurality of network nodes between which data packets are transmitted, which method comprises the steps of:
-
extracting, at least partially, information contained in at least one received data packet received in at least one network node; ascertaining at least one physical transmission parameter of the received data packet, the physical transmission parameter specifying or being dependent on at least one characteristic of a physical transmission of the received data packet; filtering the received data packet on a basis of a set of rules that take at least a part of the information extracted and at least a part of the physical transmission parameter into account and processed further in dependence on a filtering process; and wherein the data packets received in the at least one network node include confiquration-data packets transmitted within a scope of a predefined configuration process, with the at least one network node being configured through the predefined configuration process, with a measure of confidence therein being ascertained on a basis of the at least one physical transmission parameter of the configuration-data packets received, the measure of confidence indicating a confidence that the configuration-data packets received belong to the predefined configuration process, with the predefined configuration process being canceled or interrupted if the measure of confidence represents a degree of confidence that is less than or less than or equal to a predefined minimum confidence. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A packet-switched communication network, comprising:
-
a plurality of network nodes between which data packets are transmitted while the packet-switched communication network is operating, with the packet-switched communication network programmed to perform a method for processing data in the packet-switched communication network, which method comprises the steps of; extracting, at least partially, information contained in the data packets received in the network nodes; ascertaining physical transmission parameters of the data packets, the physical transmission parameters specifying or being dependent on at least one characteristic of a physical transmission of the data packets; filtering the data packets on a basis of a set of rules that take at least a part of the information extracted and at least a part of the physical transmission parameters into account and processed further in dependence on a filtering process; and wherein the data packets received in the network nodes include configuration-data packets transmitted within a scope of a predefined configuration process, with the network nodes being configured through the predefined configuration process, with a measure of confidence therein being ascertained on a basis of the at least one physical transmission parameter of the configuration-data packets received, the measure of confidence indicating a confidence that the configuration-data packets received belong to the predefined configuration process, with the predefined configuration process being canceled or interrupted if the measure of confidence represents a degree of confidence that is less than or less than or equal to a predefined minimum confidence. - View Dependent Claims (21)
-
-
22. A network node for use in a communication network, the network node comprising:
-
a radio receiver; a filter connected to said radio receiver; a processing unit connected to said filter; the network node programmed to; extract information contained in data packets received in the network node in the communication network from the data packets while the network node is operating; ascertain at least one physical transmission parameter of the data packets while the network node is operating, with the physical transmission parameter specifying or being dependent on at least one characteristics of a physical transmission of the data packets; filter the data packets on a basis of a set of rules taking account of at least a part of the information extracted and at least a part of the physical transmission parameter while the network node is operating and processed further in dependence on a filtering process; and wherein the data packets received in the network node include configuration-data packets transmitted within a scope of a predefined configuration process, with the network node being configured through the predefined configuration process, with a measure of confidence therein being ascertained on a basis of the at least one physical transmission parameter of the configuration-data packets received, the measure of confidence indicating a confidence that the configuration-data packets received belong to the predefined configuration process, with the predefined configuration process being canceled or interrupted if the measure of confidence represents a degree of confidence that is less than or less than or equal to a predefined minimum confidence.
-
Specification