System and method employing an agile network protocol for secure communications using secure domain names
Abstract
A method of establishing a secure communication link includes receiving, at a domain name server (DNS), a request to communicate securely, the request including an identifier of a client device and having been sent in response to a determination that a DNS request from the client device corresponds to a first computer configured to communicate securely. The method includes sending a second request to a server computer. In response to second request, the server computer compares the received client device identifier to one or more stored client device identifiers to determine a security level of the client device and determines a security level of the first computer. The sever computer determines, based on a comparison of the security level of the client device and the security level of the first computer, whether the client device is authorized to communicate with the first computer, and generates a resource used to establish the secure communication link between the client device and the first computer. The server computer generates a message in response to determining that the client device is not authorized to communicate with the first compute. The server computer, in response to determining that the client device is authorized to communicate with the first computer, makes the resource available to the client device to automatically establish the secure communication link.
Claims
exact text as granted — not AI-modified1 - 20 . (canceled)
21 . A method of establishing a secure communication link, comprising:
receiving, at a domain name server (DNS), a request to communicate securely, the request including an identifier of a client device and having been sent in response to a determination that a DNS request from the client device corresponds to a first computer configured to communicate securely; sending a second request to a server computer; in response to second request, the server computer:
comparing the received client device identifier to one or more stored client device identifiers to determine a security level of the client device;
determining a security level of the first computer;
determining, based on a comparison of the security level of the client device and the security level of the first computer, whether the client device is authorized to communicate with the first computer;
generating a resource used to establish the secure communication link between the client device and the first computer;
generating a message in response to determining that the client device is not authorized to communicate with the first computer; and
in response to determining that the client device is authorized to communicate with the first computer, making the resource available to the client device to automatically establish the secure communication link.
22 . The method of claim 21 , wherein the resource includes at least one random or pseudorandom value used to establish the secure communication link.
23 . The method of claim 22 , wherein the at least one random or pseudorandom value is an Internet Protocol (IP) address.
24 . The method of claim 23 , wherein generating the resource includes establishing an IP address hopping regime that pseudorandomly changes IP addresses in packets transmitted between the client device and the first computer during a communications session.
25 . The method of claim 21 , wherein the secure communication link is a virtual private network (VPN) secure communication link
26 . The method of claim 21 , wherein the client device identifier is an Internet Protocol (IP) address.
27 . The method of claim 21 , wherein the secure communication link uses modulation.
28 . The method of claim 27 , wherein the modulation is based on one of frequency-division multiplexing (FDM), time-division multiplexing (TDM), or code division multiple access (CDMA).
29 . The method of claim 21 , wherein the client device is a mobile device.
30 . The method of claim 29 , wherein the mobile device is a notebook computer.
31 . The method of claim 21 , further comprising sending a request to the client device for proof that the client device is authorized to access the first computer.
32 . A system for establishing a secure communication link, comprising:
storage configured to store client device identifiers; and one or more processors of a domain name server (DNS) being configured to:
receive a request to communicate securely, the request including an identifier of a client device and having been sent in response to a determination that a DNS request from the client device corresponds to a first computer configured to communicate securely;
send a second request to a server computer, the server computer comprising one or more processors being configured to, in response to the second request:
compare the received client device identifier to one or more of the stored client device identifiers to determine a security level of the client device;
determine a security level of the first computer;
determine, based on a comparison of the security level of the client device and the security level of the first computer, whether the client device is authorized to communicate with the first computer;
generate a resource used to establish the secure communication link between the client device and the first computer;
generate a message in response to determining that the client device is not authorized to communicate with the first computer; and
in response to determining that the client device is authorized to communicate with the first computer, make the resource available to the client device to automatically establish the secure communication link.
33 . The system of claim 32 , wherein the resource includes at least one random or pseudorandom value used to establish the secure communication link.
34 . The system of claim 33 , wherein the at least one random or pseudorandom value is an Internet Protocol (IP) address.
35 . The system of claim 34 , wherein, to generate the resource, the one or more processors are configured to establish an IP address hopping regime that pseudorandomly changes IP addresses in packets transmitted between the client device and the first computer configured to communicate securely during a communications session.
36 . The system of claim 32 , wherein the secure communication link is a virtual private network (VPN) secure communication link.
37 . The system of claim 32 , wherein the client device identifier is an IP address.
38 . The system of claim 32 , wherein the secure communication link uses modulation.
39 . The system of claim 38 , wherein the modulation is based on one of frequency-division multiplexing (FDM), time-division multiplexing (TDM), and code division multiple access (CDMA).
40 . The system of claim 32 , the one or more processors further configured to send a request to the client device for proof that the client device is authorized to access the first computer.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.