Internet was designed for transporting data packets over a distributed network from a sending computer to a receiving computer. An Internet Protocol (IP) is used for transporting data between nodes of the global computer network, popularly known as Internet. The IP protocol assigns each computer a unique IP address in the form of a hierarchical sequence of numbers, where each sequence is limited in size to 256. For example the IP address may be 54.29.40.97, where 54, the first sequence refers to the first or root level router identification and so on.
The data between the routers is routed in the form of a data packet. A data packet has a header part and a data part. The data part is also referred to sometimes as a payload. The header part contains essential information for the packet to be routed to the destination computer or node. The header part contains header information such as receiving computer IP address and sending computer IP address, and a few other data fields. The data part contains the data that is being used to send to the destination computer. The data part may pertain to any application, data, or any command that is sent to or needed by the destination computer and may have its own application specific format and content. For example, the data part may contain the remote user authentication data of a password and user id. The data part can be encrypted or it can be plain text. For example, when communicating to a secure https:// server, the data part is always encrypted. The size of the data part is limited. If the data to be sent cannot be accommodated in one packet, then the sending computer breaks the data into a series of one or more packets and the packets are then sequentially numbered. The destination computer can then reassemble the original data file from these sequences of packets.
The information in the header part of the data packet is always plain text that is un-encrypted. The information in the header is used by a network of routers to route the packet to the destination computer.
The routers in the network are also able to decide the best path to route the data packet. There are specific router protocols such as Transmission Control Protocol (TCP) that the routers use to communicate with other routers of the global network to learn the health and status information about these routers. One example of TCP is a data ping that is sent to another router, and the router responds with the same data indicating that the router is alive and functioning. Thus the routers of the network use router protocols to check the status of other routers to determine a most efficient routing path for a data packet.
When the packets are routed over the network of routers, each successive router check the destination IP address in the header to determine the best routing path and deliver the packet to the destination computer. The data packets that have not reached their destination in sixteen hops are considered lost and dropped by using a time-to-live (TTL) field in the header. The routers, by design, never check the data part of a packet and are limited by their design to find the destination IP address and find the best routing path.
Therefore, the routers that are the basic transport mechanism of the Internet have no underlying mechanism to be able to validate the source of the data packet. The identification of source of a packet is in the form of an IP address. This IP address is created and can be changed or altered to be set at any value by the source computer. Therefore, the destination computer cannot truly know where the packet came from or which computer it originated from.
In not being able to validate the source of data packets is a fundamental security weakness of the Internet. Since there is no certainty that the sender of these data packets is who it says it is, the current Internet infrastructure may allow entry of data packets into a network that are harmful to a destination computer. The harm that may be caused to the destination computer may take any number of forms such as, deleting files, crashing the system, making the system unavailable for some time to the users, stealing data files, and many other known and as yet unknown types of harm. This security weakness is exploited in many different ways by all types of hackers and people intent on causing harm or to have fun. That is the reason various types of worms, virus and other mischief can enter and circulate on the global network from any part in the world.
The current security technologies leave it entirely up to the destination computer to screen the incoming data packets. To accomplish this purpose, current technologies provide various types of firewalls and intrusion detection and intrusion prevention systems, which operate at the packet level. Other security technologies such as virus checkers and application specific proxy firewalls operate at the file level. Yet another security technology of remote user authentication via user id and password operates at the session level.
The entire information security industry is geared towards providing better and improved forms of these tools to protect the destination computer from data packets that may be harmful to the destination computer. This approach to security leaves the sender of harm causing data packets to keep on trying sending the harm causing packets and the businesses to defend themselves from such attacks and intrusions on a continual basis. That explains, why, over the years, there has been such a large proliferation in different types of threats in the form of harm causing packets that are sent via the servers or via the e-mail servers. As soon as the destination computers implement a defense mechanism, against a known type of threat, the senders employ different techniques to defeat that defense by creating new type and variety of harm causing packets.
Using this inherent weakness, new types of harm are discovered and exploited on a regular basis. For example, in a recent news story, titled “New Virus Snarls Thousand of Computers” by Anick Jesdanun dated May 3, 2004, says “Unlike most outbreaks, the Sasser worm does not require users to activate it by clicking on an e-mail attachment. Sasser is known as a network work because it can automatically scan the Internet for computers with the security flaw and send a copy of itself there.”
In light of the above, it is an objective of the present invention to create an adaptation of or improvements in the global computer network structure that would enhance security and potentially guard against all these type of threats.