Network, network node with privacy preserving source attribution and admission control and device implemented method therfor

US 9,602,485 B2
Filed: 08/27/2014
Issued: 03/21/2017
Est. Priority Date: 04/15/2011
Status: Active Grant

First Claim

Patent Images

1. A device implemented network utilizing a carrier independent packet delivery universal addressing networking protocol, comprising:

a plurality of network nodes, said networking protocol for communication between said plurality of network nodes utilizing a packet;

an IP stack having a plurality of layers, at least some of the plurality of layers comprising;

privacy preserving source node attribution including a serial number and an agent identifier, wherein said agent identifier identifies an agent controlling access to an identity of an entity corresponding to said serial number; and

network admission control with said packet being admitted to said network only if a source node of said plurality of network nodes admits said packet;

wherein said source node has an identification address and wherein said packet carries said identification address of said source node; and

wherein said identification address of said source node is established by a trusted entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device implemented, carrier independent packet delivery universal addressing networking protocol for communication over a network between network nodes utilizing a packet. The protocol has an IP stack having layers. At least some of the layers have privacy preserving source node attribution and network admission control. The packet is admitted to the network only if a source node of the network nodes admits the packet.

Citations

21 Claims

1. A device implemented network utilizing a carrier independent packet delivery universal addressing networking protocol, comprising:
- a plurality of network nodes, said networking protocol for communication between said plurality of network nodes utilizing a packet;
  
  an IP stack having a plurality of layers, at least some of the plurality of layers comprising;
  
  privacy preserving source node attribution including a serial number and an agent identifier, wherein said agent identifier identifies an agent controlling access to an identity of an entity corresponding to said serial number; and
  
  network admission control with said packet being admitted to said network only if a source node of said plurality of network nodes admits said packet;
  
  wherein said source node has an identification address and wherein said packet carries said identification address of said source node; and
  
  wherein said identification address of said source node is established by a trusted entity.
- View Dependent Claims (2, 3)
- - 2. The networking protocol as in claim 1 wherein a destination node has an identification address and wherein said packet carries both said identification address of said source node and said identification address of said destination node.
  - 3. The networking protocol as in claim 2 further comprising a database of trusted identification addresses maintained by said trusted entity and wherein said destination node relies on said database and said identification address of said source node on admission of said packet to said network.

4. A network node configured for communication over a network utilizing a packet from a source node to a destination node, comprising:
- a protocol control having;
  
  a device implemented, carrier independent packet delivery universal addressing networking protocol having an IP stack, comprising;
  
  privacy preserving source node attribution running on said IP stack configured to communicate to said destination node, the privacy preserving source node attribution including a serial number and an agent identifier, wherein said agent identifier identifies an agent controlling access to an identity of an entity corresponding to said serial number; and
  
  network admission control with said packet configured to be admitted to said network only if the source node of said packet allows admission;
  
  wherein said source node has an identification address and wherein said packet carries said identification address of said originating node; and
  
  wherein identification address of said source node is established by a trusted entity.
- View Dependent Claims (5, 6, 20, 21)
- - 5. The network node as in claim 4 wherein a destination node has an identification address and wherein said packet carries both said identification address of said originating node and said identification address of said destination node.
  - 6. The network node as in claim 5 further comprising a database of trusted identification addresses maintained by said trusted entity and wherein said destination node relies on said database and said identification address of said source node on admission of said packet to said network.
  - 20. The network node of claim 4, wherein said entity corresponding to said serial number is an entity responsible for said source node.
  - 21. The network node of claim 4, wherein said agent controls access to said identity by releasing said identity only with the consent of said entity corresponding to said serial number or if permitted by governing laws.

7. A device implemented method for communicating over a network between a plurality of network nodes using a device implemented, carrier independent packet delivery universal addressing network protocol having an IP stack having a plurality of layers, at least some of said plurality of layers comprising a privacy preserving source node attribution and a network admission control, comprising the steps of:
- preserving a privacy of said source node using said privacy preserving source node attribution by including in a packet a serial number and an agent identifier, wherein said agent identifier identifies an agent controlling access to an identity of an entity corresponding to said serial number; and
  
  admitting said packet onto said network only if said source node admits said packet;
  
  wherein said source node has an identification address, wherein a destination node has an identification address, and further comprising the step of incorporating both said identification address of said source node and said identification address of said destination node into said packet; and
  
  wherein said network further comprises a trusted entity, and wherein said identification address of said source node is established by said trusted entity.
- View Dependent Claims (8)
- - 8. The method as in claim 7 where said network further comprises a database of trusted identification addresses maintained by said trusted entity, and further comprising the step of admitting said packet to said network relying on using said database and said identification address of said source node.

9. A network system for transmission of data, comprising:
- a packet;
  
  a plurality of nodes, said plurality of nodes being at least a source node and a destination node, said network being configured to transmit said packet from said source node to said destination node;
  
  a network protocol comprising a protocol in which source node credentials are presented to said destination node in a packet request and in which said destination node examines said source node credentials to determine whether said source node qualifies for transmission to said destination node and responds with an admit packet or a reject packet; and
  
  a trusted network interface configured to accept or reject said packet at or from said source node for said destination node based upon said admit packet or said reject packet sent by said destination node.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The network system as in claim 9 in which said communication between said source node and said destination node further enables said source node and said destination node to agree on a shared private key to encrypt said packet.
  - 11. The network system as in claim 10 in which said trusted network interface utilizes said shared private key to verify an integrity of said packet.
  - 12. The network system as in claim 9 wherein said admit packet and said reject packet is cryptographically signed by said destination node.
  - 13. The network system as in claim 9 wherein said trusted network interface is a component of said source node.
  - 14. The network system as in claim 9 wherein said trusted network interface is physically separate from said source node.
  - 15. The network system as in claim 9 wherein said trusted network interface comprises components located in both of said source node and physically separate from said source node.

16. A method for controlling admission of a packet to a network having a plurality of nodes being at least a source node, a destination node and a trusted network interface, comprising the steps of:
- transmitting, by said source node, a packet request comprising source node credentials from said source node to said destination node;
  
  determining, by said destination node, whether said source node qualifies for transmission to said destination node based on said source node credentials in said packet request;
  
  transmitting an accept packet or a reject packet from said destination node to said source node based, at least in part, on said determination; and
  
  controlling admission, by said trusted network interface, of a packet to said network based on said admit packet or said reject packet.
- View Dependent Claims (17, 18, 19)
- - 17. The method as in claim 16 wherein said source node and said destination node engage in communication based, at least in part, on the controlling admission step, and further comprising the step of agreeing, between said source node and said destination node, on a shared private key to encrypt said packet based, at least in part, on said communication.
  - 18. The method as in claim 17 further comprising the step of verifying, with said trusted network interface, an integrity of said packet with said shared private key.
  - 19. The method as in claim 17 further comprising the step of cryptographically signing said admit packet and said reject packet by said destination node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architectural technology Inc.
Original Assignee
Architectural technology Inc.
Inventors
Ramanujan, Ranga Sri
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US14/470,671
Publication Number

US 20140372749A1
Time in Patent Office

937 Days
Field of Search

713/155
US Class Current

1/1
CPC Class Codes

H04L 47/70   Admission control; Resource...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/12   Applying verification of th...

H04L 9/0847   involving identity based en...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/32   including means for verifyi...

H04L 9/3213   using tickets or tokens, e....

Network, network node with privacy preserving source attribution and admission control and device implemented method therfor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Network, network node with privacy preserving source attribution and admission control and device implemented method therfor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links