US2011307693A1PendingUtilityA1

Agile Network Protocol For Secure Communications With Assured System Availability

53
Assignee: MUNGER EDMUND COLBYPriority: Oct 30, 1998Filed: Jun 7, 2011Published: Dec 15, 2011
Est. expiryOct 30, 2018(expired)· nominal 20-yr term from priority
H04L 63/0435H04L 63/0428H04L 61/30H04L 63/1441H04L 9/065H04L 61/2539H04L 69/14H04L 63/0407H04L 45/20H04L 63/0272H04L 63/1491H04L 63/04H04M 3/42008H04L 45/24H04L 63/0421H04L 2101/604H04L 61/5092H04L 61/5007H04L 61/5076
53
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

Claims

exact text as granted — not AI-modified
1 . A method of securely transmitting a data packet between a sending computer and a receiving computer, comprising the steps of:
 (1) encrypting the data packet using session key known to the sending computer and the receiving computer, but not known by intermediate computers between the sending computer and the receiving computer;   (2) adding a packet header that identifies the data packet to the data packet encrypted in step (1);   (3) encrypting the combined packet header and encrypted data packet created in step (2) using a link key known to each of a plurality of intermediate computers arranged between the first computer and the second computer;   (4) adding a cleartext packet header to route the packet encrypted in step (3); and   (5) transmitting the packet created in step (4).   
     
     
         2 . The method of  claim 1 , further comprising the steps of:
 (6) at each intermediate computer, decrypting the packet received from a previous computer and decrypting it using the link key;   (7) re-encrypting the packet using a different link key known to a next intermediate computer in the network;   (8) adding a cleartext packet header to route the packet re-encrypted in step (7); and   (9) transmitting the packet created in step (8) to the next intermediate computer.   
     
     
         3 . The method of  claim 2 , further comprising the step of, at the receiving computer, decrypting the packet using the session key. 
     
     
         4 . A method of transmitting data over a computer network, comprising the steps of:
 at an originating terminal connected to the computer network, receiving a stream of data and forming first level data pack payloads therefrom;   identifying a network destination address for the stream of data and adding first level headers containing data representing the network destination address to each of the data packets to form a first level packet;   encrypting each of the first level packets to form second level packet payloads; attaching to the second level packet, payloads headers containing as destination addresses, addresses of at least one intermediate router connecting the originating terminal to the destination to form second level packets;   sending the second level packets to the at least one intermediate router;   at the at least one intermediate router, decrypting at least one of the second level payloads and determining from the first level headers he destination address, forming new packets containing at least the first level packet payloads, and attaching headers thereto containing the destination address, whereby a true destination of the data stream is concealed behind a layer of encryption for at least a portion of its travel over the network.   
     
     
         5 . The method of  claim 4 , wherein the step of attaching includes determining the at least one intermediate router by randomly selecting fro a group of intermediate routers. 
     
     
         6 . The method of  claim 4 , wherein the step of determining from the first level headers the destination address includes converting the data representing the network destination address with the network destination address by means of correlation data stored on the intermediate router. 
     
     
         7 . The method of  claim 4 , further comprising the step of including in one of the first and second layer headers, an indicator of a number of hops to be made by the first level packet before arriving at the network destination, the at least one intermediate router decrementing the indicator of a number of hops and sending the first level packet to another intermediate router responsively to a value of the indicator of a number of hops.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.