Validating network communications
First Claim
1. A method comprising:
- receiving a message at a first network interface of a first node, the first node comprising;
a first network interface for communicating with a first network, the first network comprising a first security level, the first security level being a governmental security level defined in accordance with a governmental agency certification process; and
a second network interface for communicating with a second network, the second network comprising a second security level different than the first security level, wherein an enclave associated with the first security level is implemented using a protocol for secret or classified information and an enclave associated with the second security level is implemented using a protocol for non-classified information;
determining a set of expected tokens in response to analyzing the message at the first node;
determining an expected order of tokens in response to analyzing the message at the first node;
accessing a plurality of tokens generated prior to the first node receiving the message, each of the plurality of tokens indicating that a respective policy service of a plurality of policy services has been performed on the message, wherein a respective token of the plurality of tokens indicates a result of applying the respective policy service to the message, and wherein each token of the expected set of tokens is associated with the respective policy service of the plurality of policy services;
generating a plurality of decrypted tokens from the plurality of tokens using a first parameter associated with the plurality of policy services;
validating the decrypted tokens by comparing the decrypted tokens to the set of expected tokens and verifying that the policy services associated with the expected set of tokens have been applied to the message;
determining whether the decrypted tokens are in the expected order, wherein the expected order includes an order in which the plurality of policy services were to be applied to the message;
generating an approval in response to validating the decrypted tokens and determining that the decrypted tokens are in the expected order; and
sending the message through the second network interface to the second network, the message comprising the approval.
1 Assignment
0 Petitions
Accused Products
Abstract
In certain embodiments, a method includes receiving a message at a first network interface of a first node. The first network interface communicates with a first network while a second network interface communicates with a second network. The method includes determining a set of expected tokens and an expected order of tokens. A plurality of tokens are accessed that were generated for the message, each of the plurality of tokens associated with a policy service of a plurality of policy services. The method includes generating a plurality of decrypted tokens from the plurality of tokens using a first parameter associated with the plurality of policy services and validating the decrypted tokens by comparing the decrypted tokens to the set of expected tokens. In response to validating the decrypted tokens and determining that the decrypted tokens are in the expected order, an approval is generated.
62 Citations
18 Claims
-
1. A method comprising:
-
receiving a message at a first network interface of a first node, the first node comprising; a first network interface for communicating with a first network, the first network comprising a first security level, the first security level being a governmental security level defined in accordance with a governmental agency certification process; and a second network interface for communicating with a second network, the second network comprising a second security level different than the first security level, wherein an enclave associated with the first security level is implemented using a protocol for secret or classified information and an enclave associated with the second security level is implemented using a protocol for non-classified information; determining a set of expected tokens in response to analyzing the message at the first node; determining an expected order of tokens in response to analyzing the message at the first node; accessing a plurality of tokens generated prior to the first node receiving the message, each of the plurality of tokens indicating that a respective policy service of a plurality of policy services has been performed on the message, wherein a respective token of the plurality of tokens indicates a result of applying the respective policy service to the message, and wherein each token of the expected set of tokens is associated with the respective policy service of the plurality of policy services; generating a plurality of decrypted tokens from the plurality of tokens using a first parameter associated with the plurality of policy services; validating the decrypted tokens by comparing the decrypted tokens to the set of expected tokens and verifying that the policy services associated with the expected set of tokens have been applied to the message; determining whether the decrypted tokens are in the expected order, wherein the expected order includes an order in which the plurality of policy services were to be applied to the message; generating an approval in response to validating the decrypted tokens and determining that the decrypted tokens are in the expected order; and sending the message through the second network interface to the second network, the message comprising the approval. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
a first network interface for communicating with a first network, the first network comprising a first security level, the first security level being a governmental security level defined in accordance with a governmental agency certification process; a second network interface for communicating with a second network, the second network comprising a second security level different than the first security level, wherein an enclave associated with the first security level implemented using a protocol for secret or classified information and an enclave associated with the second security level is implemented using a protocol for non-classified information; at least one processor; wherein the first network interface is configured to receive a message; wherein the at least one processor is configured to; determine a set of expected tokens in response to analyzing the message; determine an expected order of tokens in response to analyzing the message; access a plurality of tokens generated for the message, each of the plurality of tokens indicating that a respective policy service of a plurality of policy services has been performed on the message, wherein a respective token of the plurality of tokens indicates a result of applying the respective policy service to the message, and wherein each token of the expected set of tokens is associated with the respective policy service of the plurality of policy services; generate a plurality of decrypted tokens from the plurality of tokens using a first parameter associated with the plurality of policy services; validate the decrypted tokens by comparing the decrypted tokens to the set of expected tokens and verifying that the policy services associated with the expected set of tokens have been applied to the message; determine whether the decrypted tokens are in the expected order, wherein the expected order includes an order in which the plurality of policy services were to be applied to the message; and generate an approval in response to validating the decrypted tokens and determining that the decrypted tokens are in the expected order; and wherein the second network interface is configured to send the message through the second network interface to the second network, the message comprising the approval. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. At least one computer-readable non-transitory medium comprising instructions that, when executed by at least one processor, are configured to:
-
determine a set of expected tokens in response to analyzing a message at a first node, the message received at a first network interface of the first node, the first node comprising; the first network interface for communicating with a first network, the first network comprising a first security level, the first security level being a governmental security level defined in accordance with a governmental agency certification process; and a second network interface for communicating with a second network, the second network comprising a second security level different than the first security level, wherein an enclave associated with the first security level is implemented using a protocol for secret or classified information and an enclave associated with the second security level is implemented using a protocol for non-classified information; determine an expected order of tokens in response to analyzing the message at the first node; access a plurality of tokens generated prior to the first node receiving the message, each of the plurality of tokens indicating that a respective policy service of a plurality of policy services has been performed on the message, wherein a respective token of the plurality of tokens indicates a result of applying the respective policy service to the message, and wherein each token of the expected set of tokens is associated with the respective policy service of the plurality of policy services; generate a plurality of decrypted tokens from the plurality of tokens using a first parameter associated with the plurality of policy services; validate the decrypted tokens by comparing the decrypted tokens to the set of expected tokens and verifying that the policy services associated with the expected set of tokens have been applied to the message; determine whether the decrypted tokens are in the expected order, wherein the expected order includes an order in which the plurality of policy services were to be applied to the message; generate an approval in response to validating the decrypted tokens and determining that the decrypted tokens are in the expected order; and send the message through the second network interface to the second network, the message comprising the approval. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification