Utilizing routing for secure transactions

US 9,288,215 B2
Filed: 03/08/2013
Issued: 03/15/2016
Est. Priority Date: 03/08/2013
Status: Active Grant

First Claim

Patent Images

1. Methodology for validating messages transmitted through a network, the network containing plural nodes connectable to form plural paths for communications transactions, comprising:

selecting first and second paths according to a rotating sequence of routing paths between a first node and a second node;

receiving a first message from the first node along a first path to the second node;

receiving at least one second message from the first node along a second path to the second node;

determining validity of at least one of the first message and the at least one second message based at least in part on the paths traveled by messages received by the second node, wherein determining the validity comprises comparing the paths taken by the first message and the at least one second message to determine whether the paths correspond to predetermined paths consistent with the rotating sequence of routing paths; and

requesting reauthentication from the first node for messages arriving by paths other than the predetermined paths.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to methodologies, networks, and nodes for providing secure transaction routing among network components. Network transactions (messages) may be intentionally routed though networks using different paths where the act of following the particular node paths or traversing particular nodes provides a security enhancing feature for the messages. A transaction receiving node will examine the paths taken from a sending node to determine if the paths correspond to predetermined paths to verify the authenticity of the transaction. In some embodiments, predetermined paths may change in a predetermined sequence where the sequence itself becomes a portion of the security feature.

44 Citations

33 Claims

1. Methodology for validating messages transmitted through a network, the network containing plural nodes connectable to form plural paths for communications transactions, comprising:
- selecting first and second paths according to a rotating sequence of routing paths between a first node and a second node;
  
  receiving a first message from the first node along a first path to the second node;
  
  receiving at least one second message from the first node along a second path to the second node;
  
  determining validity of at least one of the first message and the at least one second message based at least in part on the paths traveled by messages received by the second node, wherein determining the validity comprises comparing the paths taken by the first message and the at least one second message to determine whether the paths correspond to predetermined paths consistent with the rotating sequence of routing paths; and
  
  requesting reauthentication from the first node for messages arriving by paths other than the predetermined paths.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. Methodology as in claim 1, wherein determining validity further comprises comparing the first message and the at least one second message to determine whether they are identical.
  - 3. Methodology as in claim 1, wherein determining validity further comprises determining whether the first and at least one second message predetermined paths include a predetermined number of hops.
  - 4. Methodology as in claim 1, wherein the first message and the at least one second message comprise sub-messages of an overall message.
  - 5. Methodology as in claim 1, wherein determining validity further comprises determining whether at least one of the first message and the at least one second message passed through one or more predetermined nodes.
  - 6. Methodology as in claim 1, wherein plural nodes negotiate between each other the routing paths to be used for communications therebetween.
  - 7. Methodology as in claim 1, wherein:
    - the first message and the at least one second message are identical messages; and
      
      determining validity comprises determining whether the identical messages have been sent via plural predetermined paths.
  - 8. Methodology as in claim 1, wherein:
    - the first message and the at least one second message are identical messages; and
      
      determining validity comprises determining whether the identical messages have been received by the second node from plural predetermined nodes.
  - 9. Methodology as in claim 1, wherein:
    - the first message comprises plural preliminary messages transmitted through particular nodes; and
      
      wherein determining validity comprises determining whether the particular nodes correspond to predetermined nodes.
  - 10. Methodology as in claim 1, wherein:
    - the first message comprises plural preliminary messages transmitted through particular paths; and
      
      wherein determining validity comprises determining whether the particular paths correspond to predetermined paths to thereby permit passage of the at least one second message to the second node.

11. A network, comprising:
- a first node;
  
  a second node; and
  
  a plurality of nodes connectable to form plural paths for communications transactions between said first node and said second node;
  
  wherein said first node is configured to transmit a first message and at least one second message along one or more paths through said plurality of nodes to said second node and wherein said second node is configured to request reauthentication from said first node for messages arriving by paths other than predetermined paths; and
  
  wherein said second node is configured to determine validity of at least one of said first message and said at least one second message based at least in part on the paths traveled by messages received by the second node, and wherein said second node determines validity of said messages based at least in part on a number of hops in the paths traveled by messages received by the second node.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. A network as in claim 11, wherein said second node is configured to determine validity of message based on whether said first message and said at least one second messages are identical.
  - 13. A network as in claim 11, wherein the first node and second node are configured to negotiate the predetermined paths for messages therebetween.
  - 14. A network as in claim 13, wherein said second node is configured to determine validity of said messages by determining whether the predetermined paths include at least one predetermined node.
  - 15. A network as in claim 11, wherein said first message and said at least one second message comprise sub-messages of an overall message.
  - 16. A network as in claim 11, wherein said network comprises a mesh network.
  - 17. A network as in claim 11, wherein said network comprises plural types of connected networks.
  - 18. A network as in claim 11, wherein at least one of said first node and said at least one second node each comprise respective utility measurement devices.

19. A node for use in a network environment with one or more other nodes, comprising:
- an input/output (I/O) component;
  
  a controller component;
  
  a communications device; and
  
  a memory;
  
  wherein said memory contains program logic to cause said controller to;
  
  negotiate with other nodes to establish a rotating sequence of routing paths to be used for communications therebetween;
  
  compare paths taken by a first message and at least one second message to determine whether the paths correspond to predetermined paths consistent with the rotating sequence of routing paths;
  
  validate received data based in part on paths taken by the first message and taken by the at least one second message received at said communications device, wherein the validation is based at least in part on the comparing; and
  
  request re-authentication from a transmitting node for messages arriving by paths other than the predetermined paths.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. A node as in claim 19, wherein said memory further contains program logic to cause said controller to validate received data by comparing the first received message and the at least one second received message to determine whether they are identical.
  - 21. A node as in claim 19, wherein said memory further contains program logic to cause said controller to validate received data by comparing a first received message and at least one second received message to determine whether said paths taken correspond to predetermined paths.
  - 22. A node as in claim 21, wherein said memory further contains program logic to cause said controller to validate received data by comparing a first received message and at least one second received message to determine whether the first and at least one second message predetermined paths include a predetermined number of hops.
  - 23. A node as in claim 19, wherein said memory further contains program logic to cause said controller to determine whether at least one of the first message and the at least one second message passed through one or more predetermined nodes.
  - 24. A node as in claim 19, wherein said memory further contains program logic to cause said controller to determine whether identical received messages have been sent via plural predetermined paths.
  - 25. A node as in claim 19, wherein said memory further contains program logic to cause said controller to determine whether identical received messages have been sent via plural predetermined nodes.
  - 26. A node as in claim 19, wherein:
    - said first message comprises plural preliminary messages transmitted through particular nodes; and
      
      wherein validating received data comprises determining whether the particular nodes correspond to predetermined nodes to thereby permit passage of the at least one second message to the second node.

27. Methodology for validating messages transmitted through a network, the network containing plural nodes connectable to form plural paths for communications transactions, comprising:
- selecting first and second paths according to a rotating sequence of routing paths between a first node and a second node;
  
  transmitting a first message from the first node along the first path to the second node;
  
  determining validity of the first message based at least in part on the first path, a number of hops in the first path, and consistency of the first path within the rotating sequence of routing paths; and
  
  requesting reauthentication from a transmitting node for messages determined to be invalid.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. Methodology as in claim 27, wherein determining validity comprises determining whether the first path encompasses a particular node known to be on the network.
  - 29. Methodology as in claim 28, wherein determining validity further comprises rejecting messages whenever it is determined that the first path does not encompass the particular node known to be on the network.
  - 30. Methodology as in claim 27, wherein the first message comprises a sub-message of an overall message.
  - 31. Methodology as in claim 27, further comprising programming a set of devices associated with the network to send packets through a particular node known to be on the network.
  - 32. Methodology as in claim 31, wherein such programming for such set of devices is done during manufacturing or further includes using at least one of an out-of-band mechanism, including one of optical, wired, or wireless communication, or a smart card, or an in-band mechanism through a trusted third party, including one of a router or host application that is aware of the network paths.

33. Methodology for validating messages transmitted through a network, the network containing plural nodes connectable to form plural paths for communications transactions, comprising:
- selecting first and second paths according to a rotating sequence of routing paths between a first node and a second node;
  
  receiving a first message from the first node along a first path to the second node;
  
  receiving at least one second message from the first node along a second path to the second node; and
  
  determining validity of at least one of the first message and the at least one second message based at least in part on the paths traveled by messages received by the second node, wherein determining the validity comprises comparing the paths taken by the first message and the at least one second message to determine whether the paths correspond to predetermined paths consistent with the rotating sequence of routing paths;
  
  wherein the plural nodes negotiate between each other the rotating sequence of routing paths to be used for communications therebetween.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Itron, Inc.
Original Assignee
Itron, Inc.
Inventors
Buffington, John E., Garrison Stuber, Michael T., Jetcheva, Jorjeta G.
Primary Examiner(s)
Okeke, Izunna

Application Number

US13/790,484
Publication Number

US 20140259107A1
Time in Patent Office

1,103 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 63/12   Applying verification of th...

H04L 63/18   using different networks or...

Utilizing routing for secure transactions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Utilizing routing for secure transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others