Secure routing based on degree of trust

US 9,201,131 B2
Filed: 02/03/2012
Issued: 12/01/2015
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method to improve routing security, the method comprising:

assigning, by at least one processor, at least one level of trust to at least one network node; and

utilizing, by the at least one processor, the at least one level of trust to determine a degree of security of the at least one network node,wherein the at least one level of trust of the at least one network node is related to an amount of certainty of a physical location of the at least one network node that is attained from verification of the physical location by using satellite geolocation techniques, which use liveness information from at least one secure spot beam based authentication signal to derive at least one secret key, in order to obtain the physical location of the at least one network node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus for secure routing based on a degree of trust are disclosed herein. The disclosed method involves assigning a level of trust to at least one network node, and utilizing the level of trust to determine a degree of security of the network node(s). The level of trust of the network node(s) is related to an amount of certainty of the physical location of the network node(s). The amount of certainty is attained from the network node(s) being located in a known secure location, and/or from verification of the physical location of the network node(s) by using satellite geolocation techniques or by using network ping ranging measurements. The method further involves utilizing the level of trust of the network node(s) to determine a degree of trust of at least one path for routing the data, where the path(s) includes at least one of the network nodes.

Citations

23 Claims

1. A method to improve routing security, the method comprising:
- assigning, by at least one processor, at least one level of trust to at least one network node; and
  
  utilizing, by the at least one processor, the at least one level of trust to determine a degree of security of the at least one network node,wherein the at least one level of trust of the at least one network node is related to an amount of certainty of a physical location of the at least one network node that is attained from verification of the physical location by using satellite geolocation techniques, which use liveness information from at least one secure spot beam based authentication signal to derive at least one secret key, in order to obtain the physical location of the at least one network node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein the at least one level of trust of the at least one network node is at least one of very high, high, medium, and low.
  - 3. The method of claim 1, wherein the amount of certainty of the physical location of the at least one network node is alternatively attained from the at least one network node being located in a known secure location.
  - 4. The method of claim 1, wherein the at least one secure authentication signal is transmitted by at least one transmission source, and is received by at least one receiving source associated with the at least one network node.
  - 5. The method of claim 4, wherein the at least one transmission source is employed in at least one of at least one satellite and at least one pseudo-satellite.
  - 6. The method of claim 5, wherein the at least one satellite is at least one of a Lower Earth Orbiting (LEO) satellite, a Medium Earth Orbiting (MEO) satellite, and a Geosynchronous Earth Orbiting (GEO) satellite.
  - 7. The method of claim 6, wherein the LEO satellite is an Iridium LEO satellite.
  - 8. The method of claim 1, wherein the amount of certainty of the physical location of the at least one network node is alternatively attained from estimating the physical location of the at least one network node by using network ping ranging measurements.
  - 9. The method of claim 8, wherein the network ping ranging measurements are obtained from an amount of time lapsed during ping messages being sent back and forth from at least one verified node with a verified physical location to the at least one network node.
  - 10. The method of claim 9, wherein the at least one verified node with a verified physical location has its physical location verified by satellite geolocation techniques.
  - 11. The method of claim 1, wherein the method further comprises:
    - utilizing the at least one level of trust of the at least one network node to determine a degree of trust of at least one path for routing the data, wherein the at least one path includes at least one of the at least one network node.
  - 12. The method of claim 11, wherein the degree of trust of the at least one path is one of very high, high, medium and low.
  - 13. The method of claim 11, wherein the degree of trust of the at least one path is equal to the lowest level of trust assigned to the at least one of the at least one network node in the at least one path.
  - 14. The method of claim 11, wherein the method further comprises:
    - choosing which of the at least one path to route the data through according to the degree of trust of the at least one path.
  - 15. The method of claim 1, wherein the method further comprises:
    - encrypting, with at least one processor, the data;
      
      transmitting, with one of the at least one network node, the encrypted data;
      
      receiving, with another one of the at least one network node, the encrypted data; and
      
      decrypting, with the at least one processor, the encrypted data.
  - 16. The method of claim 1, wherein the method further comprises:
    - utilizing, by at least one of the at least one network node, at least one secure router to transmit the data.
  - 17. The method of claim 1, wherein the method further comprises:
    - utilizing, by at least one of the at least one network node, at least one secure router to receive the data.
  - 18. The method of claim 1, wherein the method further comprises:
    - utilizing, by at least one of the at least one network node, at least one boundary firewall router to determine whether data is allowed through the at least one boundary firewall router based on a degree of trust of a path the data has traveled through.
  - 19. The method of claim 11, wherein at least one of the at least one path includes at least one secure autonomous system for routing the data through.
  - 20. The method of claim 1, wherein the method further comprises:
    - generating, with at least one processor, a mapping of the physical location of the at least one network node, wherein the mapping indicates the at least one level of trust for each of the at least one network node.
  - 21. The method of claim 1, wherein the at least one level of trust of the at least one network node is related to a behavior of the at least one network node.
  - 22. The method of claim 21, wherein the behavior of the at least one network node is related to at least one of the data passing through the at least one network node and a quantity of the data passing through the at least one network node.

23. A system to improve routing security, the system comprising:
- at least one network node; and
  
  at least one processor configured to assign at least one level of trust to the at least one network node, and configured to utilize the at least one level of trust to determine a degree of security of the at least one network node,wherein the at least one level of trust of the at least one network node is related to an amount of certainty of a physical location of the at least one network node that is attained from verification of the physical location by using satellite geolocation techniques, which use liveness information from at least one secure spot beam based authentication signal to derive at least one secret key, in order to obtain the physical location of the at least one network node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Whelan, David A., Gutt, Gregory M., Lawrence, David G., O'Connor, Michael Lee, Ayyagari, Arun
Primary Examiner(s)
HERZOG, MADHURI R

Application Number

US13/366,098
Publication Number

US 20130019317A1
Time in Patent Office

1,397 Days
Field of Search

713150-161, 713164-186, 709204-207, 709217-244, 726 1- 25, 726 26- 30, 4554561-4566, 455 121- 134
US Class Current

1/1
CPC Class Codes

G01S 1/725   Marker, boundary, call-sign...

G01S 19/42   Determining position

G06F 2221/2111   Location-sensitive, e.g. ge...

H04B 7/18593   Arrangements for preventing...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2209/84   Vehicles

H04L 45/12   Shortest path evaluation

H04L 45/26   Route discovery packet

H04L 63/0428   wherein the data content is...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3297   involving time stamps, e.g....

H04W 4/02   Services making use of loca...

H04W 40/20   based on geographic positio...

Secure routing based on degree of trust

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Secure routing based on degree of trust

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links