Geolocating network nodes in attenuated environments for cyber and network security applications

US 8,977,843 B2
Filed: 05/23/2011
Issued: 03/10/2015
Est. Priority Date: 05/30/2008
Status: Active Grant

First Claim

Patent Images

1. A system for verifying network nodes in attenuated environments for cyber and network security applications, the system comprising:

the network nodes, wherein the network nodes comprise;

an origination network node;

a destination network node; and

at least one router network node;

wherein the origination network node and the destination network node are connected to each other via the at least one router network node,wherein the origination network node is configured to transmit a data packet to the destination network node through the at least one router network node, andwherein the data packet contains a security signature portion, a routing data portion, and a payload data portion,wherein at least one of the network nodes receives at least one resultant signal from at least one transmission source,wherein the security signature portion comprises information that is obtained from the at least one resultant signal,wherein the information is used to verify a location of at least one of the network nodes,wherein the at least one transmission source is at least one of a satellite, a pseudo-satellite, and a terrestrial transmission source.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for verifying and/or geolocating network nodes in attenuated environments for cyber and network security applications are disclosed. The system involves an origination network node, a destination network node, and at least one router network node. The origination network node is configured for transmitting a data packet to the destination network node through at least one router network node. The data packet contains a security signature portion, a routing data portion, and a payload data portion. The security signature portion comprises a listing of at least one network node that the data packet travelled through from the origination network node to the destination network node. In addition, the security signature portion comprises geolocation information, identifier information, and timing information for at least one network node in the listing.

Citations

28 Claims

1. A system for verifying network nodes in attenuated environments for cyber and network security applications, the system comprising:
- the network nodes, wherein the network nodes comprise;
  
  an origination network node;
  
  a destination network node; and
  
  at least one router network node;
  
  wherein the origination network node and the destination network node are connected to each other via the at least one router network node,wherein the origination network node is configured to transmit a data packet to the destination network node through the at least one router network node, andwherein the data packet contains a security signature portion, a routing data portion, and a payload data portion,wherein at least one of the network nodes receives at least one resultant signal from at least one transmission source,wherein the security signature portion comprises information that is obtained from the at least one resultant signal,wherein the information is used to verify a location of at least one of the network nodes,wherein the at least one transmission source is at least one of a satellite, a pseudo-satellite, and a terrestrial transmission source.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the security signature portion comprises a digital signature.
  - 3. The system of claim 1, wherein the security signature portion comprises a listing of at least one network node that the data packet travelled through from the origination network node to the destination network node.
  - 4. The system of claim 3, wherein the security signature portion comprises timing information for the at least one network node in the listing indicating when the data packet was received by the at least one network node.
  - 5. The system of claim 3, wherein the security signature portion comprises identifier information for the at least one network node in the listing.
  - 6. The system of claim 5, wherein the identifier information is at least one of biometric information and a bit sequence identification code.
  - 7. The system of claim 3, wherein the security signature portion comprises geolocation information for the at least one network node in the listing.
  - 8. The system of claim 7, wherein the geolocation information is obtained by the network node receiving the resultant signal that is transmitted from the at least one transmission source,wherein the resultant signal contains at least one authentication signal, andwherein the network node location is verified by comparing properties of the resultant signal the network node receives to expected properties of the resultant signal that the network node should receive due to its location.
  - 9. The system of claim 1, wherein the satellite is one of a low Earth orbiting (LEO) satellite, a medium Earth orbiting (MEO) satellite, and a geosynchronous Earth orbiting (GEO) satellite.
  - 10. The system of claim 7, wherein the geolocation information is determined from ranging information obtained by a signal transmitted by the network node to another network node at a verified location and a signal received by the network node from the network node at the verified location.
  - 11. The system of claim 1, wherein the routing data portion contains routing information for the data packet,wherein the routing information includes information regarding the destination network node that the data packet is to be sent.
  - 12. The system of claim 1, wherein the payload data portion includes data to be transmitted from the origination network node to the destination network node.

13. A method for verifying network nodes in attenuated environments for cyber and network security applications, the method comprising:
- transmitting, with an origination network node, a data packet to a destination network node through at least one router network node,wherein the origination network node and the destination network node are connected to each other via the at least one router network node,wherein the network nodes comprise the origination network node, the destination network node, and the at least one router network node,wherein the data packet contains a security signature portion, a routing data portion, and a payload data portion;
  
  receiving, by at least one of the network nodes, at least one resultant signal from at least one transmission source,wherein the security signature portion comprises information that is obtained from the at least one resultant signal; and
  
  verifying, a location of at least one of the network nodes by using the information,wherein the at least one transmission source is at least one of a satellite, a pseudo-satellite, and a terrestrial transmission source.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method of claim 13, wherein the security signature portion comprises a listing of at least one network node that the data packet travelled through from the origination network node to the destination network node.
  - 15. The method of claim 14, wherein the security signature portion comprises timing information for the at least one network node in the listing indicating when the data packet was received by the at least one network node.
  - 16. The method of claim 14, wherein the security signature portion comprises identifier information for the at least one network node in the listing.
  - 17. The method of claim 16, wherein the identifier information is at least one of biometric information and a bit sequence identification code.
  - 18. The method of claim 14, wherein the security signature portion comprises geolocation information for the at least one of the network node in the listing.
  - 19. The method of claim 18, wherein the geolocation information is obtained by the network node receiving the resultant signal that is transmitted from the at least one transmission source,wherein the resultant signal contains at least one authentication signal, andwherein the network node location is verified by comparing properties of the resultant signal the network node receives to expected properties of the resultant signal that the network node should receive due to its location.
  - 20. The method of claim 13, wherein the satellite is one of a low Earth orbiting (LEO) satellite, a medium Earth orbiting (MEO) satellite, and a geosynchronous Earth orbiting (GEO) satellite.
  - 21. The method of claim 18, wherein the geolocation information is determined from ranging information obtained by a signal transmitted by the network node to another network node at a verified location and a signal received by the network node from the network node at the verified location.
  - 22. The method of claim 13, wherein the routing data portion contains routing information for the data packet,wherein the routing information includes information regarding the destination network node that the data packet is to be sent.
  - 23. The method of claim 13, wherein the payload data portion includes data to be transmitted from the origination network node to the destination network node.

24. A network node device for cyber and network security applications, the device comprising:
- a receiver, wherein the receiver is to receive a signal from at least one signal source,wherein the at least one signal source is at least one of a satellite, a pseudo-satellite, and a terrestrial transmission source; and
  
  a processor, wherein the processor is to append information as a security signature onto data packets, which are routed through the network node device,wherein the information is related to the signal, andwherein the information is used to verify a location of the network node device.

25. An authentication system for cyber and network security applications, the system comprising:
- a network node device, wherein the network node device comprises;
  
  a receiver that is to receive a signal from at least one signal source, anda processor that is to append information as a security signature onto data packets, which are routed through the network node device,wherein the information is related to the signal,wherein the at least one signal source is at least one of a satellite, a pseudo-satellite, and a terrestrial transmission source; and
  
  a processing device, wherein the processing device is to authenticate the network node device when verifying a location of the network node device by using the information.
- View Dependent Claims (26, 27, 28)
- - 26. The system of claim 25, wherein authentication of the network node device is at least partly comprised of determining if the network node device is physically located in its anticipated geographic location.
  - 27. The system of claim 25, wherein the network node device is authenticated before data is authorized to be passed.
  - 28. The system of claim 25, wherein the processing device is one of a cell phone, a personal digital assistant (PDA), a personal computer, a computer node, an internet protocol (IP) node, a server, a Wi-Fi node, a tethered, and an untethered node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Gutt, Gregory M., Ayyagari, Arun, Whelan, David A., Lawrence, David G.
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US13/114,013
Publication Number

US 20120144451A1
Time in Patent Office

1,387 Days
Field of Search
US Class Current

713/153
CPC Class Codes

G01S 5/0289   of multiple transceivers, e...

H04L 45/00   Routing or path finding of ...

H04L 63/126   the source of the received ...

H04L 63/1466   Active attacks involving in...

H04L 67/52   specially adapted for the l...

H04W 12/122   Counter-measures against at...

Geolocating network nodes in attenuated environments for cyber and network security applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Geolocating network nodes in attenuated environments for cyber and network security applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links