Secure routing based on the physical locations of routers
First Claim
1. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:
- defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes;
defining, by the at least one user, at least one security constraint, wherein at least one of the at least one security constraint is based on a physical geographical location of at least one of the network nodes, wherein the at least one security constraint is at least one of;
the at least one data packet is routed through network nodes that are physically located within at least one specified geographic region, or through network nodes that are not physically located within the at least one specified geographic region,the at least one data packet is routed through network nodes that can have their physical locations authenticated by using at least one of;
satellite geolocation techniques, network ping ranging measurements, or triangulation methods,if any network nodes are unable to have their physical locations authenticated, the at least one data packet can be routed through such network nodes if the at least one data packet is encrypted while the at least one data packet passes through such network nodes, andthe at least one data packet travels from the source network node to the destination network node on a route that has a length less than a threshold distance;
comparing, by at least one processor, available network nodes in a map of the network nodes with the at least one security constraint to determine which of the available network nodes are qualified network nodes, wherein the qualified network nodes are the available network nodes that meet the at least one security constraint, wherein the map of the network nodes comprises at least one of;
information regarding whether any of the network nodes are physically located within the at least one specified geographic region, or are not physically located within the at least one specified geographic region,information regarding whether the physical location of any of the network nodes can be authenticated by using at least one of;
satellite geolocation techniques, network ping ranging measurements, or triangulation methods,information regarding whether any of the network nodes can encrypt or decrypt data packets, andinformation regarding whether any of the network nodes have been determined to be qualified network nodes;
determining, by the at least one processor, a route comprising at least one of the qualified network nodes to route the at least one data packet through from the source network node to the destination network node, wherein any of the network nodes that does not meet the at least one security constraint is removed from consideration, and wherein the route comprises a network path that is optimized both for efficiency and security based on a requirement that the at least one security constraint is met by the at least one qualified network node; and
transmitting the at least one data packet from the source network node to the destination network node through the optimal route comprising the at least one qualified network node.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and apparatus for secure routing based on the physical location of routers are disclosed herein. The disclosed method for secure data transmission of at least one data packet through a plurality of network nodes involves defining a source network node, a destination network node, and at least one security constraint, which is based on the physical location of at least one of the network nodes. The method further involves comparing available network nodes with the security constraint(s) to determine which of the available network nodes meet the security constraint(s) and, thus, are qualified network nodes. Additionally, the method involves determining a route comprising at least one of the qualified network nodes to route the data packet(s) through from the source network node to the destination network node. Further, the method involves transmitting the data packet(s) through the route of the qualified network node(s).
37 Citations
13 Claims
-
1. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:
-
defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes; defining, by the at least one user, at least one security constraint, wherein at least one of the at least one security constraint is based on a physical geographical location of at least one of the network nodes, wherein the at least one security constraint is at least one of; the at least one data packet is routed through network nodes that are physically located within at least one specified geographic region, or through network nodes that are not physically located within the at least one specified geographic region, the at least one data packet is routed through network nodes that can have their physical locations authenticated by using at least one of;
satellite geolocation techniques, network ping ranging measurements, or triangulation methods,if any network nodes are unable to have their physical locations authenticated, the at least one data packet can be routed through such network nodes if the at least one data packet is encrypted while the at least one data packet passes through such network nodes, and the at least one data packet travels from the source network node to the destination network node on a route that has a length less than a threshold distance; comparing, by at least one processor, available network nodes in a map of the network nodes with the at least one security constraint to determine which of the available network nodes are qualified network nodes, wherein the qualified network nodes are the available network nodes that meet the at least one security constraint, wherein the map of the network nodes comprises at least one of; information regarding whether any of the network nodes are physically located within the at least one specified geographic region, or are not physically located within the at least one specified geographic region, information regarding whether the physical location of any of the network nodes can be authenticated by using at least one of;
satellite geolocation techniques, network ping ranging measurements, or triangulation methods,information regarding whether any of the network nodes can encrypt or decrypt data packets, and information regarding whether any of the network nodes have been determined to be qualified network nodes; determining, by the at least one processor, a route comprising at least one of the qualified network nodes to route the at least one data packet through from the source network node to the destination network node, wherein any of the network nodes that does not meet the at least one security constraint is removed from consideration, and wherein the route comprises a network path that is optimized both for efficiency and security based on a requirement that the at least one security constraint is met by the at least one qualified network node; and transmitting the at least one data packet from the source network node to the destination network node through the optimal route comprising the at least one qualified network node. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:
-
defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes; defining, by the at least one user, at least one security constraint, wherein at least one of the at least one security constraint is based on physical geographical location of at least one of the network nodes, wherein the at least one security constraint is at least one of; the at least one data packet is routed through network nodes that are physically located within at least one specified geographic region, or through network nodes that are not physically located within the at least one specified geographic region, the at least one data packet is routed through network nodes that can have their physical locations authenticated by using at least one of;
satellite geolocation techniques, network ping ranging measurements, or triangulation methods,if any network nodes are unable to have their physical locations authenticated, the at least one data packet can be routed through such network nodes if the at least one data packet is encrypted while the at least one data packet passes through such network nodes, and the at least one data packet travels from the source network node to the destination network node on a route that has a length less than a threshold distance; encoding, by at least one processor, the at least one security constraint into the at least one data packet; comparing, by the source network node, available network nodes in a map of the network nodes with the at least one security constraint to determine which of the available network nodes connected to the source network node are qualified network nodes, wherein the qualified network nodes are the available network nodes that meet the at least one security constraint, wherein the map of the network nodes comprises at least one of; information regarding whether any of the network nodes are physically located within the at least one specified geographic region, or are not physically located within the at least one specified geographic region, information regarding whether the physical location of any of the network nodes can be authenticated by using at least one of;
satellite geolocation techniques, network ping ranging measurements, or triangulation methods,information regarding whether any of the network nodes can encrypt or decrypt data packets, and information regarding whether any of the network nodes have been determined to be qualified network nodes; transmitting, by the source network node, the at least one data packet to one of the qualified network nodes, wherein any connected network node that does not meet the at least one security constraint is removed from consideration; determining, by any network node that receives the at least one data packet, which available network nodes connected to the network node that receives the at least one data packet are qualified network nodes based on the map of network nodes; and transmitting, by any network node that receives the at least one data packet, the at least one data packet to one of the qualified network nodes, wherein any connected network node that does not meet the at least one security constraint is removed from consideration, wherein the at least one data packet is transmitted in an optimal route from the source network node to the destination network node through the qualified network nodes, wherein the route comprises a network path that is optimized for both efficiency and security based on a requirement that the at least one security constraint is met by the qualified network nodes. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
Specification