Computer based information systems are in widespread use today, ranging from simple small area file-sharing networks to global and sophisticated computer networked databases which provide the backbone for today's World Wide Web.
Computer based information systems comprise of a number of component nodes such as personal computers that communicate with one another, generally via a wide spectrum of communication mediums, such as local are networks (LAN) and wide area networks (WAN). Often, transmission data such as a data file or a system command message to be transmitted, is sent from a sender component node and traverses through numerous intermediary nodes such as network hubs, routers, bridges etc in these communication mediums before arriving at a recipient node. Generally, a set of predetermined communication protocols such as TCP/IP protocols are used to route the transmission data through these networks to a recipient, by using the recipient's destination address, such as the Internet Protocol (IP) address, typically included as part of transmission packet containing the transmission data.
Of essence in these communications is maintaining the integrity and correct delivery of the transmission data. Transmitted data are subject to transmission errors and other factors along the way that would lead to their corruption, as well as routing errors and mishaps that may result in their delivery to unintended recipients. These errors may have been brought upon by any combination of faulty or mismatching hardware or software, including usage of various middleware software supplied by different vendors. Currently, each of the two concerns of maintaining the integrity of the transmission data and delivery to the intended recipient have been addressed using separate solutions, one for each concern, which are then separately used at different stages of the data transmission. This approach, however, has important shortcomings as described below.
One common method for detection of data corruption in the communicated data during the transmission is the use of a generated checksum value. The checksum procedure begins at the sender location where a transmission message data to be transmitted over the network is initially broken into a set of data segments of predetermined length, such as into data octets. The checksum value is typically formed by adding together all data octets within the message. The checksum is then sent by the sender with the transmission packet containing the message data, typically as part of the header information for the message packet. When the data is received at the message destination, all received data octets are added together by the receiver using the same method of calculating as was used by the sender, and the receiver compares the newly calculated sum against the checksum generated by and received from the sender. If the two sums match, then no transmission errors are deemed present in the message data received from the sender. The checksum therefore functions as a mathematical fingerprint for matching the message data received by a receiver to the message data sent by the sender.
One common approach for the delivery of message data to an intended recipient is based on the network protocols used to transport a message to the recipient. Currently, the data file containing the message data is included in a transmission packet such as an IP packet, which contains the internet address of the recipient, such as an IP address, typically in the packet's header. The network protocols then use the IP address contained in the header to guide the packet to a network node, such a personal computer, with that IP address.
This approach for the delivery of message data to an intended recipient, however, is not without shortcomings. The recipient's IP address information in the packet header is prone to malicious or inadvertent corruption, resulting in the alteration of the recipient's IP-address and thus delivery of the transmitted message data to an unintended recipient. The unintended recipient is typically entirely dependent on the protocols of the network on which it resides to determine whether it is the intended recipient of the packet. Thus, often so long as the recipient's address is matched to that of the corrupted address in the header, the recipient assumes that it is the intended recipient of the transmitted packet. This particularly holds true in cases of unsophisticated networks which include scant network information with each transmitted packet delivered to each node. A shortcoming of this approach is that determination of the validity of the recipient as an intended recipient is based on the information in the packet header which is separate from the message data itself. Performing a prior art checksum on the message data by the recipient will likewise fail to reveal the validity of the recipient as the intended recipient.
Currently, one existing method to safeguard against the above scenario is to generate a checksum value for the IP-address in the header, and then compare the checksum value with the checksum value of the IP-address of the recipient, generated by the recipient. If the IP-address has been altered or corrupted, the checksum values will then not match, indicating that the recipient is an unintended recipient of the message data. A shortcoming of this approach is that a malicious intruder intercepting the transmission packet may replace the IP address and the IP address checksum value in the packet's header with the IP address and the IP address checksum value of the intruder's own recipient destination, then reroute the message to that destination, at where it would be successfully received.
In addition, neither of the above approaches would safeguard against malicious or inadvertent errors in the transmission message data prior to transmission by the sender. For example, if the message data is a command message data such as one for accessing information in a row in database table based on a provided bookmark to that table, it is important that the provided bookmark addresses the correct table in the database so that malicious or inadvertent accessing of a different table in the database does not occur. In the existing art, conducting a prior art checksum operation can not determine the validity of the bookmark as one validly accessing a row in a correct database table.
An ongoing need thus exists to verify the validity of a transmission data based on the information included in the transmission data to determine whether a transmission data has been delivered to an intended recipient, or is validly used to access information stored at a recipient's location.