Secure routing based on the physical locations of routers

US 9,178,894 B2
Filed: 03/15/2013
Issued: 11/03/2015
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:

defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes;

defining, by the at least one user, at least one security constraint, wherein at least one of the at least one security constraint is based on a physical geographical location of at least one of the network nodes, wherein the at least one security constraint is at least one of;

the at least one data packet is routed through network nodes that are physically located within at least one specified geographic region, or through network nodes that are not physically located within the at least one specified geographic region,the at least one data packet is routed through network nodes that can have their physical locations authenticated by using at least one of;

satellite geolocation techniques, network ping ranging measurements, or triangulation methods,if any network nodes are unable to have their physical locations authenticated, the at least one data packet can be routed through such network nodes if the at least one data packet is encrypted while the at least one data packet passes through such network nodes, andthe at least one data packet travels from the source network node to the destination network node on a route that has a length less than a threshold distance;

comparing, by at least one processor, available network nodes in a map of the network nodes with the at least one security constraint to determine which of the available network nodes are qualified network nodes, wherein the qualified network nodes are the available network nodes that meet the at least one security constraint, wherein the map of the network nodes comprises at least one of;

information regarding whether any of the network nodes are physically located within the at least one specified geographic region, or are not physically located within the at least one specified geographic region,information regarding whether the physical location of any of the network nodes can be authenticated by using at least one of;

satellite geolocation techniques, network ping ranging measurements, or triangulation methods,information regarding whether any of the network nodes can encrypt or decrypt data packets, andinformation regarding whether any of the network nodes have been determined to be qualified network nodes;

determining, by the at least one processor, a route comprising at least one of the qualified network nodes to route the at least one data packet through from the source network node to the destination network node, wherein any of the network nodes that does not meet the at least one security constraint is removed from consideration, and wherein the route comprises a network path that is optimized both for efficiency and security based on a requirement that the at least one security constraint is met by the at least one qualified network node; and

transmitting the at least one data packet from the source network node to the destination network node through the optimal route comprising the at least one qualified network node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus for secure routing based on the physical location of routers are disclosed herein. The disclosed method for secure data transmission of at least one data packet through a plurality of network nodes involves defining a source network node, a destination network node, and at least one security constraint, which is based on the physical location of at least one of the network nodes. The method further involves comparing available network nodes with the security constraint(s) to determine which of the available network nodes meet the security constraint(s) and, thus, are qualified network nodes. Additionally, the method involves determining a route comprising at least one of the qualified network nodes to route the data packet(s) through from the source network node to the destination network node. Further, the method involves transmitting the data packet(s) through the route of the qualified network node(s).

37 Citations

View as Search Results

13 Claims

1. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:
- defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes;
  
  defining, by the at least one user, at least one security constraint, wherein at least one of the at least one security constraint is based on a physical geographical location of at least one of the network nodes, wherein the at least one security constraint is at least one of;
  
  the at least one data packet is routed through network nodes that are physically located within at least one specified geographic region, or through network nodes that are not physically located within the at least one specified geographic region,the at least one data packet is routed through network nodes that can have their physical locations authenticated by using at least one of;
  
  satellite geolocation techniques, network ping ranging measurements, or triangulation methods,if any network nodes are unable to have their physical locations authenticated, the at least one data packet can be routed through such network nodes if the at least one data packet is encrypted while the at least one data packet passes through such network nodes, andthe at least one data packet travels from the source network node to the destination network node on a route that has a length less than a threshold distance;
  
  comparing, by at least one processor, available network nodes in a map of the network nodes with the at least one security constraint to determine which of the available network nodes are qualified network nodes, wherein the qualified network nodes are the available network nodes that meet the at least one security constraint, wherein the map of the network nodes comprises at least one of;
  
  information regarding whether any of the network nodes are physically located within the at least one specified geographic region, or are not physically located within the at least one specified geographic region,information regarding whether the physical location of any of the network nodes can be authenticated by using at least one of;
  
  satellite geolocation techniques, network ping ranging measurements, or triangulation methods,information regarding whether any of the network nodes can encrypt or decrypt data packets, andinformation regarding whether any of the network nodes have been determined to be qualified network nodes;
  
  determining, by the at least one processor, a route comprising at least one of the qualified network nodes to route the at least one data packet through from the source network node to the destination network node, wherein any of the network nodes that does not meet the at least one security constraint is removed from consideration, and wherein the route comprises a network path that is optimized both for efficiency and security based on a requirement that the at least one security constraint is met by the at least one qualified network node; and
  
  transmitting the at least one data packet from the source network node to the destination network node through the optimal route comprising the at least one qualified network node.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the at least one user is at least one of a person, an entity, an application, a program, a node, a router, a mobile device, a processor, and a computer.
  - 3. The method of claim 1, wherein the at least one specified geographic region is at least one of a nation, a state, a province, a county, a government facility, and a city.
  - 4. The method of claim 1, wherein at least one of the at least one specified geographic region is defined by a polygon, which is defined by points, wherein the polygon is one of a regular shape or an irregular shape.
  - 5. The method of claim 4, wherein the points are defined by the at least one user specifying a longitude and a latitude of each of the points.

6. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:
- defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes;
  
  defining, by the at least one user, at least one security constraint, wherein at least one of the at least one security constraint is based on physical geographical location of at least one of the network nodes, wherein the at least one security constraint is at least one of;
  
  the at least one data packet is routed through network nodes that are physically located within at least one specified geographic region, or through network nodes that are not physically located within the at least one specified geographic region,the at least one data packet is routed through network nodes that can have their physical locations authenticated by using at least one of;
  
  satellite geolocation techniques, network ping ranging measurements, or triangulation methods,if any network nodes are unable to have their physical locations authenticated, the at least one data packet can be routed through such network nodes if the at least one data packet is encrypted while the at least one data packet passes through such network nodes, andthe at least one data packet travels from the source network node to the destination network node on a route that has a length less than a threshold distance;
  
  encoding, by at least one processor, the at least one security constraint into the at least one data packet;
  
  comparing, by the source network node, available network nodes in a map of the network nodes with the at least one security constraint to determine which of the available network nodes connected to the source network node are qualified network nodes, wherein the qualified network nodes are the available network nodes that meet the at least one security constraint, wherein the map of the network nodes comprises at least one of;
  
  information regarding whether any of the network nodes are physically located within the at least one specified geographic region, or are not physically located within the at least one specified geographic region,information regarding whether the physical location of any of the network nodes can be authenticated by using at least one of;
  
  satellite geolocation techniques, network ping ranging measurements, or triangulation methods,information regarding whether any of the network nodes can encrypt or decrypt data packets, andinformation regarding whether any of the network nodes have been determined to be qualified network nodes;
  
  transmitting, by the source network node, the at least one data packet to one of the qualified network nodes, wherein any connected network node that does not meet the at least one security constraint is removed from consideration;
  
  determining, by any network node that receives the at least one data packet, which available network nodes connected to the network node that receives the at least one data packet are qualified network nodes based on the map of network nodes; and
  
  transmitting, by any network node that receives the at least one data packet, the at least one data packet to one of the qualified network nodes, wherein any connected network node that does not meet the at least one security constraint is removed from consideration, wherein the at least one data packet is transmitted in an optimal route from the source network node to the destination network node through the qualified network nodes, wherein the route comprises a network path that is optimized for both efficiency and security based on a requirement that the at least one security constraint is met by the qualified network nodes.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, wherein the at least one user is at least one of a person, an entity, an application, a program, a node, a router, a mobile device, a processor, and a computer.
  - 8. The method of claim 6, wherein the at least one specified geographic region is at least one of a nation, a state, a province, a county, a government facility, and a city.
  - 9. The method of claim 6, wherein at least one of the at least one specified geographic region is defined by a polygon, which is defined by points, wherein the polygon is one of a regular shape or an irregular shape.
  - 10. The method of claim 9, wherein the points are defined by the at least one user specifying a longitude and a latitude of each of the points.
  - 11. The method of claim 6, wherein when the source network node determines that there are not any available network nodes connected to the source network node that are qualified network nodes, a negative acknowledgment message is sent to the user indicating that the at least one data packet will not be able to reach the destination network node.
  - 12. The method of claim 6, wherein when any network node that receives the at least one data packet determines that there are not any available network nodes connected to the network node that received the at least one data packet that are qualified network nodes and determines that the at least one data packet did not reach the destination network node, a negative acknowledgment message is sent to the user.
  - 13. The method of claim 11 or 12, wherein in response to receiving the negative acknowledgment message, the at least one user may define at least one different security constraint to be used for the retransmission of the at least one data packet, and attempt to resend the at least one data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
O'Connor, Michael Lee, Schmalzried, Rachel Ran, Lawrence, David G., Whelan, David A., Gutt, Gregory M.
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
RUPRECHT, CHRISTOPHER S

Application Number

US13/842,238
Publication Number

US 20130232565A1
Time in Patent Office

963 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04B 7/18584   Arrangements for data netwo...

H04B 7/18593   Arrangements for preventing...

H04L 63/0227   Filtering policies mail mes...

H04L 63/107   wherein the security polici...

H04L 9/3236   using cryptographic hash fu...

Secure routing based on the physical locations of routers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Secure routing based on the physical locations of routers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others