US2013019091A1PendingUtilityA1

Agile network protocol for secure communications with assured system availability

57
Assignee: VIRNETX INCPriority: Oct 30, 1998Filed: Sep 13, 2012Published: Jan 17, 2013
Est. expiryOct 30, 2018(expired)· nominal 20-yr term from priority
H04L 63/08H04L 63/0414H04L 45/28H04L 63/1458H04L 63/0272H04L 61/35H04L 63/1491H04L 63/0428H04L 63/0407H04L 63/10H04L 63/1466H04L 45/00H04L 65/403H04L 45/243H04L 45/24H04L 2101/604H04L 61/5076H04L 61/4511H04L 61/5007H04L 61/5092
57
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.

Claims

exact text as granted — not AI-modified
1 . A method for establishing an encrypted channel between a client and a target, comprising the steps of:
 generating a DNS request from the client; and   based on the DNS request, automatically establishing the encrypted channel between the client and the target, wherein the encrypted channel is capable of supporting services.   
     
     
         2 . The method of  claim 1 , wherein step (ii) comprises steps of:
 (a) determining whether the client is authorized to access the target identified by the DNS request;   (b) when the client is authorized to access the target, initiating the encrypted channel; and   (c) when the client is not authorized to access the target, sending an error message to the client.   
     
     
         3 . The method of  claim 2 , wherein step b) comprises sending encrypted channel parameters to the client. 
     
     
         4 . The method of  claim 1 , wherein step (ii) occurs in a communication protocol independently of an application program. 
     
     
         5 . The method of  claim 1 , wherein the method further comprises intercepting the DNS request using a DNS proxy server. 
     
     
         6 . The method of  claim 1 , wherein step (ii) comprises establishing the encrypted channel responsive to the DNS request for a domain name comprising a predetermined domain name extension. 
     
     
         7 . The method of  claim 1 , wherein step (ii) comprises establishing an IP address hopping scheme between the client and the target. 
     
     
         8 . The method of  claim 1 , wherein step (ii) comprises concealing a true IP address of the target. 
     
     
         9 . The method of  claim 1 , wherein the encrypted channel uses tunneling. 
     
     
         10 . The method of  claim 1 , wherein the encrypted channel supports various communication protocols. 
     
     
         11 . The method of  claim 1 , wherein the encrypted channel supports a plurality of application programs. 
     
     
         12 . The method of  claim 1 , wherein the encrypted channel supports multiple sessions. 
     
     
         13 . A method for establishing a secure communication link between a first device and a second device, the method comprising steps of:
 generating a request for access to a second device and automatically initiating a secure communication link between a first device and the second device, wherein the secure communication link is capable of supporting a plurality of services.   
     
     
         14 . The method of  claim 13 , wherein the first device has an IP address, and the second device has an IP address. 
     
     
         15 . The method of  claim 13 , wherein the request uses a DNS request. 
     
     
         16 . The method of  claim 13 , wherein the secure communication link is automatically initiated in response to the request. 
     
     
         17 . The method of  claim 13 , wherein the request is a DNS request that requests an IP address associated with the second device. 
     
     
         18 . The method of  claim 13 , wherein the step of automatically initiating a secure communication link is performed in a communication protocol independently of an application program. 
     
     
         19 . The method of  claim 13 , further comprising a step of automatically establishing the secure communication link between the first device and the second device. 
     
     
         20 . A computer readable medium comprising computer readable instructions that, when executed, perform steps of: when a DNS request corresponds to a secure device, determining whether a client is authorized to access the secure device and, if so, automatically initiating an encrypted channel between the client and the secure device, wherein the encrypted channel is capable of supporting services.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.