US2013219174A1PendingUtilityA1

Agile network protocol for secure communications with assured system availability

55
Assignee: MUNGER EDMUND COLBYPriority: Oct 30, 1998Filed: Sep 14, 2012Published: Aug 22, 2013
Est. expiryOct 30, 2018(expired)· nominal 20-yr term from priority
H04L 45/20H04L 63/0272H04L 63/0435H04L 63/1441H04L 63/1491H04L 69/14H04L 63/0428H04L 61/30H04L 9/065H04M 3/42008H04L 63/04H04L 63/0421H04L 61/2539H04L 63/0407H04L 45/24H04L 2101/604H04L 61/5092H04L 61/5076H04L 61/5007
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

Claims

exact text as granted — not AI-modified
1 . A method of transmitting data from a first computer to a second computer, the data comprising a plurality of data bytes arranged in a particular order, the method comprising the steps of:
 (1) establishing in the first computer and second computer a common algorithm that determines how data will be randomly distributed across a plurality of data packets;   (2) in the first computer, randomly distributing the plurality of data bytes across the plurality of data packets according to the common algorithm;   (3) transmitting the plurality of data packets from the first computer to the second computer; and   (4) in the second computer, extracting the randomly distributed plurality of data bytes from the plurality of data packets and reassembling them into the particular order according to the common algorithm.   
     
     
         2 . The method of  claim 1 , wherein step (3) comprises the step of transmitting each of the plurality of data packets across a different path in a computer network. 
     
     
         3 . A system comprising:
 a first computer including an algorithm that establishes a random distribution pattern for allocating data across a plurality of data packets, wherein the first computer randomly distributes data bytes from a data source across the plurality of data packets according to the random distribution pattern and transmits the plurality of data packets across a network; and   a second computer coupled to the first computer across the network, wherein the second computer receives the plurality of data packets from the first computer, extracts the randomly distributed data bytes, and reassembles them into their original order according to the algorithm.   
     
     
         4 . The system of  claim 3 , wherein the first computer transmits each of the plurality of data packets across a different path in the network. 
     
     
         5 . A method of securely transmitting a data packet between a sending computer and a receiving computer, comprising the steps of:
 (1) encrypting the data packet using session key known to the sending computer and the receiving computer, but not known by intermediate computers between the sending computer and the receiving computer;   (2) adding a packet header that identifies the data packet to the data packet encrypted in step (1);   (3) encrypting the combined packet header and encrypted data packet created in step (2) using a link key known to each of a plurality of intermediate computers arranged between the first computer and the second computer;   (4) adding a cleartext packet header to route the packet encrypted in step (3); and   (5) transmitting the packet created in step ( 4 ).   
     
     
         6 . The method of  claim 5 , further comprising the steps of:
 (1) at each intermediate computer, decrypting the packet received from a previous computer and decrypting it using the link key;   (2) re-encrypting the packet using a different link key known to a next intermediate computer in the network;   (3) adding a cleartext packet header to route the packet re-encrypted in step (6); and   (4) transmitting the packet created in step (7) to the next intermediate computer.   
     
     
         7 . The method of  claim 6 , further comprising the step of, at the receiving computer, decrypting the packet using the session key. 
     
     
         8 - 14 . (canceled)

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.