US2019166108A1PendingUtilityA1

System and method employing an agile network protocol for secure communications using secure domain names

71
Assignee: VIRNETX INCPriority: Oct 30, 1998Filed: Jan 10, 2019Published: May 30, 2019
Est. expiryOct 30, 2018(expired)· nominal 20-yr term from priority
H04L 61/2092H04L 63/08H04L 61/2007H04L 63/0478H04L 45/28G06F 16/951H04L 63/1466H04L 29/1232H04L 29/12801H04L 41/00H04L 63/0272H04L 29/12301H04L 29/12783H04L 63/0407H04L 63/1408H04L 63/0421H04L 63/0428H04L 61/2076H04L 63/164H04L 45/24H04L 63/168H04L 61/6004H04L 67/14H04L 61/1511H04L 63/0227H04L 63/105H04L 45/00H04L 63/0435H04L 29/12066H04L 29/12216H04L 61/3015H04L 63/1416H04L 63/1458H04L 61/303H04L 12/4641H04L 61/35H04L 67/141H04L 63/04H04L 63/0485G06F 21/606H04L 63/0876H04L 29/12594H04L 2101/30H04L 2101/604H04L 61/5076H04L 61/5007H04L 61/4511H04L 61/30H04L 61/5092
71
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method of establishing a secure communication link includes receiving, at a domain name server (DNS), a request to communicate securely, the request including an identifier of a client device and having been sent in response to a determination that a DNS request from the client device corresponds to a first computer configured to communicate securely. The method includes sending a second request to a server computer. In response to second request, the server computer compares the received client device identifier to one or more stored client device identifiers to determine a security level of the client device and determines a security level of the first computer. The sever computer determines, based on a comparison of the security level of the client device and the security level of the first computer, whether the client device is authorized to communicate with the first computer, and generates a resource used to establish the secure communication link between the client device and the first computer. The server computer generates a message in response to determining that the client device is not authorized to communicate with the first compute. The server computer, in response to determining that the client device is authorized to communicate with the first computer, makes the resource available to the client device to automatically establish the secure communication link.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . A method of establishing a secure communication link, comprising:
 receiving, at a domain name server (DNS), a request to communicate securely, the request including an identifier of a client device and having been sent in response to a determination that a DNS request from the client device corresponds to a first computer configured to communicate securely;   sending a second request to a server computer;   in response to second request, the server computer:
 comparing the received client device identifier to one or more stored client device identifiers to determine a security level of the client device; 
 determining a security level of the first computer; 
 determining, based on a comparison of the security level of the client device and the security level of the first computer, whether the client device is authorized to communicate with the first computer; 
 generating a resource used to establish the secure communication link between the client device and the first computer; 
 generating a message in response to determining that the client device is not authorized to communicate with the first computer; and 
 in response to determining that the client device is authorized to communicate with the first computer, making the resource available to the client device to automatically establish the secure communication link. 
   
     
     
         22 . The method of  claim 21 , wherein the resource includes at least one random or pseudorandom value used to establish the secure communication link. 
     
     
         23 . The method of  claim 22 , wherein the at least one random or pseudorandom value is an Internet Protocol (IP) address. 
     
     
         24 . The method of  claim 23 , wherein generating the resource includes establishing an IP address hopping regime that pseudorandomly changes IP addresses in packets transmitted between the client device and the first computer during a communications session. 
     
     
         25 . The method of  claim 21 , wherein the secure communication link is a virtual private network (VPN) secure communication link 
     
     
         26 . The method of  claim 21 , wherein the client device identifier is an Internet Protocol (IP) address. 
     
     
         27 . The method of  claim 21 , wherein the secure communication link uses modulation. 
     
     
         28 . The method of  claim 27 , wherein the modulation is based on one of frequency-division multiplexing (FDM), time-division multiplexing (TDM), or code division multiple access (CDMA). 
     
     
         29 . The method of  claim 21 , wherein the client device is a mobile device. 
     
     
         30 . The method of  claim 29 , wherein the mobile device is a notebook computer. 
     
     
         31 . The method of  claim 21 , further comprising sending a request to the client device for proof that the client device is authorized to access the first computer. 
     
     
         32 . A system for establishing a secure communication link, comprising:
 storage configured to store client device identifiers; and   one or more processors of a domain name server (DNS) being configured to:
 receive a request to communicate securely, the request including an identifier of a client device and having been sent in response to a determination that a DNS request from the client device corresponds to a first computer configured to communicate securely; 
 send a second request to a server computer, the server computer comprising one or more processors being configured to, in response to the second request:
 compare the received client device identifier to one or more of the stored client device identifiers to determine a security level of the client device; 
 determine a security level of the first computer; 
 determine, based on a comparison of the security level of the client device and the security level of the first computer, whether the client device is authorized to communicate with the first computer; 
 generate a resource used to establish the secure communication link between the client device and the first computer; 
 generate a message in response to determining that the client device is not authorized to communicate with the first computer; and 
 in response to determining that the client device is authorized to communicate with the first computer, make the resource available to the client device to automatically establish the secure communication link. 
 
   
     
     
         33 . The system of  claim 32 , wherein the resource includes at least one random or pseudorandom value used to establish the secure communication link. 
     
     
         34 . The system of  claim 33 , wherein the at least one random or pseudorandom value is an Internet Protocol (IP) address. 
     
     
         35 . The system of  claim 34 , wherein, to generate the resource, the one or more processors are configured to establish an IP address hopping regime that pseudorandomly changes IP addresses in packets transmitted between the client device and the first computer configured to communicate securely during a communications session. 
     
     
         36 . The system of  claim 32 , wherein the secure communication link is a virtual private network (VPN) secure communication link. 
     
     
         37 . The system of  claim 32 , wherein the client device identifier is an IP address. 
     
     
         38 . The system of  claim 32 , wherein the secure communication link uses modulation. 
     
     
         39 . The system of  claim 38 , wherein the modulation is based on one of frequency-division multiplexing (FDM), time-division multiplexing (TDM), and code division multiple access (CDMA). 
     
     
         40 . The system of  claim 32 , the one or more processors further configured to send a request to the client device for proof that the client device is authorized to access the first computer.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.