Process and system for establishing a moving target connection for secure communications in client/server systems
First Claim
Patent Images
1. A secure communication network, comprising:
- at least one server connected to the network and accessing a Distributed Hash Table (DHT), the server having a private and public cryptographic key pair (Spri, Spub);
a plurality of clients connected to the network and in communication with the server, each client having a unique private and public cryptographic key pair (Cpri, Cpub);
the server and a communicating client implementing a randomly generated key that changes at some predetermined interval, the server publishing a descriptor dT calculated using the server'"'"'s private key Spri and the client'"'"'s public key Cpub and storing the descriptor dT in the DHT, and the client querying for the descriptor dT stored in the DHT to obtain configuration information;
wherein when the server publishes to the DHT, the server generates a descriptor for time period T, dT, and a message m, where dT is calculated by the server using the following equation;
dT=H(Spri·
Cpubi)∥
T)0→
159 where H is a strong hashing algorithm, Spri is the server'"'"'s private key, Cpubi is the public key for client Ci, and T defines the time period, and the message, m, is calculated by using the following equation;
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method performs a moving target blind rendezvous by exchanging data through a distributed hash table. The system allows users to securely send small pieces of information over a network while only requiring an exchange of public keys ahead of time. The system relies on the size and resilience of the BitTorrent Distributed Hash Table and the security properties of cryptographic constructions such as Elliptic Curve Diffie-Hellman key exchange and secure one-way hash functions.
-
Citations
12 Claims
-
1. A secure communication network, comprising:
-
at least one server connected to the network and accessing a Distributed Hash Table (DHT), the server having a private and public cryptographic key pair (Spri, Spub); a plurality of clients connected to the network and in communication with the server, each client having a unique private and public cryptographic key pair (Cpri, Cpub); the server and a communicating client implementing a randomly generated key that changes at some predetermined interval, the server publishing a descriptor dT calculated using the server'"'"'s private key Spri and the client'"'"'s public key Cpub and storing the descriptor dT in the DHT, and the client querying for the descriptor dT stored in the DHT to obtain configuration information; wherein when the server publishes to the DHT, the server generates a descriptor for time period T, dT, and a message m, where dT is calculated by the server using the following equation;
dT=H(Spri·
Cpubi)∥
T)0→
159where H is a strong hashing algorithm, Spri is the server'"'"'s private key, Cpubi is the public key for client Ci, and T defines the time period, and the message, m, is calculated by using the following equation; - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of providing secure communication over a network, comprising the steps of:
-
connecting at least one server to the network, the server accessing a Distributed Hash Table (DHT) and having a private and public cryptographic key pair (Spri, Spub); connecting a plurality of clients to the network so as to be in communication with the server, each client having a unique private and public cryptographic key pair (Cpri, Cpub); implementing by the server and a communicating client a randomly generated key that changes at some predetermined interval; publishing by the server a descriptor dT calculated using the server'"'"'s private key Spri and the client'"'"'s public key Cpub; storing by the server the descriptor dT in the DHT, and querying by the client for the descriptor dT stored in the DHT to obtain configuration information; the step of publishing by the server to the DHT, the step of publishing including the steps of; generating by the server a descriptor for time period T, dT, and a message m, where dT is calculated by the server using the following equation;
dT=H(Spri·
Cpubi)∥
T)0→
159where H is a strong hashing algorithm, Spri is the server'"'"'s private key, Cpubi is the public key for client Ci, and T defines the time period, and generating by the server the message, m, is calculated by calculating equation; - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification