Network data obfuscation

US 10,382,450 B2
Filed: 02/21/2017
Issued: 08/13/2019
Est. Priority Date: 02/21/2017
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an endpoint device connected to a first network, wherein the endpoint device includes a first obfuscation driver and the first obfuscation driver is in one of two states, an uninitialized state and an initialized state, and the initialized state has an active mode and a passive mode;

one or more processors connected to the first network, wherein a first obfuscation gateway executes on the one or more processors to;

initialize the first obfuscation driver operating in the active mode while the endpoint device is connected to the obfuscation gateway with a secure connection, wherein initializing the first obfuscation driver includes collaboratively generating a first unique machine identifier of the endpoint device by the first obfuscation driver and the first obfuscation gateway over the secure connection;

establish a first obfuscated communication session with the first obfuscation driver operating in the active mode;

receive, from the first obfuscation driver, a first obfuscated message of the first obfuscated communication session, wherein the first obfuscated message includes a first obfuscation seed and a first message payload, the first obfuscated message is received from the first endpoint device over the first network, and the first obfuscated message is received as a first plurality of message segments, the first plurality of message segments being reordered prior to transmission;

receive, from the first obfuscation driver, first de-obfuscation instructions associated with the first obfuscated message;

de-obfuscate the first obfuscated message, including reordering the first plurality of message segments based on the first de-obfuscation instructions resulting in a first de-obfuscated message;

forward the first de-obfuscated message to an application;

receive, from the application, a first response message including a second message payload;

create second de-obfuscation instructions associated with the first response message;

generate a second obfuscation seed from at least part of the first obfuscation seed;

send the second obfuscation seed to the first obfuscation driver;

receive, from the first obfuscation driver, a third obfuscation seed;

obfuscate the first response message by reordering a second plurality of message segments of the first response message based on the second de-obfuscation instructions resulting in a first obfuscated response message;

send, to the first obfuscation driver, the second de-obfuscation instructions and the first obfuscated response message, wherein the third obfuscation seed is included in the first obfuscated response message;

receive, from the first obfuscation driver, a second obfuscated message of the first obfuscated communication session, wherein the second obfuscated message includes a fourth obfuscation seed and a third message payload, the second obfuscated message is received from the first endpoint device over the first network, and the second obfuscated message is received as a third plurality of message segments, the third plurality of message segments being reordered prior to transmission;

receive, from the first obfuscation driver, third de-obfuscation instructions associated with the second obfuscated message; and

de-obfuscate the second obfuscated message, including reordering the third plurality of message segments based on the third de-obfuscation instructions resulting in a second de-obfuscated message.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network data obfuscation is disclosed. For example, an obfuscation driver is initialized in an endpoint device connected to an obfuscation gateway over a secure connection by collaboratively generating a unique machine identifier of the endpoint device. An obfuscated communication session is established between the obfuscation driver and the obfuscation gateway. Obfuscated messages including obfuscation seeds, de-obfuscation instructions and message payloads are exchanged between the obfuscation driver and the obfuscation gateway. Obfuscating and de-obfuscating a given message includes reordering a plurality of message segments of the message based on the de-obfuscation instructions. A de-obfuscated message from the obfuscation driver is forwarded to an application, and a response is obfuscated by the obfuscation gateway before being transmitted to the obfuscation driver. An obfuscation seed exchange occurs between the obfuscation gateway and the obfuscation driver while the application is processing the de-obfuscated message.

Citations

49 Claims

1. A system comprising:
- an endpoint device connected to a first network, wherein the endpoint device includes a first obfuscation driver and the first obfuscation driver is in one of two states, an uninitialized state and an initialized state, and the initialized state has an active mode and a passive mode;
  
  one or more processors connected to the first network, wherein a first obfuscation gateway executes on the one or more processors to;
  
  initialize the first obfuscation driver operating in the active mode while the endpoint device is connected to the obfuscation gateway with a secure connection, wherein initializing the first obfuscation driver includes collaboratively generating a first unique machine identifier of the endpoint device by the first obfuscation driver and the first obfuscation gateway over the secure connection;
  
  establish a first obfuscated communication session with the first obfuscation driver operating in the active mode;
  
  receive, from the first obfuscation driver, a first obfuscated message of the first obfuscated communication session, wherein the first obfuscated message includes a first obfuscation seed and a first message payload, the first obfuscated message is received from the first endpoint device over the first network, and the first obfuscated message is received as a first plurality of message segments, the first plurality of message segments being reordered prior to transmission;
  
  receive, from the first obfuscation driver, first de-obfuscation instructions associated with the first obfuscated message;
  
  de-obfuscate the first obfuscated message, including reordering the first plurality of message segments based on the first de-obfuscation instructions resulting in a first de-obfuscated message;
  
  forward the first de-obfuscated message to an application;
  
  receive, from the application, a first response message including a second message payload;
  
  create second de-obfuscation instructions associated with the first response message;
  
  generate a second obfuscation seed from at least part of the first obfuscation seed;
  
  send the second obfuscation seed to the first obfuscation driver;
  
  receive, from the first obfuscation driver, a third obfuscation seed;
  
  obfuscate the first response message by reordering a second plurality of message segments of the first response message based on the second de-obfuscation instructions resulting in a first obfuscated response message;
  
  send, to the first obfuscation driver, the second de-obfuscation instructions and the first obfuscated response message, wherein the third obfuscation seed is included in the first obfuscated response message;
  
  receive, from the first obfuscation driver, a second obfuscated message of the first obfuscated communication session, wherein the second obfuscated message includes a fourth obfuscation seed and a third message payload, the second obfuscated message is received from the first endpoint device over the first network, and the second obfuscated message is received as a third plurality of message segments, the third plurality of message segments being reordered prior to transmission;
  
  receive, from the first obfuscation driver, third de-obfuscation instructions associated with the second obfuscated message; and
  
  de-obfuscate the second obfuscated message, including reordering the third plurality of message segments based on the third de-obfuscation instructions resulting in a second de-obfuscated message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 2. The system of claim 1, wherein establishing the first obfuscated communication session with the first obfuscation driver further comprises the first obfuscation gateway executing to:
    - receive a request from the endpoint device to initiate the first obfuscated communication session, wherein the request includes a first encrypted unique machine identifier generated by the first obfuscation driver from the first unique machine identifier;
      
      decrypt the first encrypted unique machine identifier resulting in a second unique machine identifier;
      
      verify that the second unique machine identifier matches the first unique machine identifier generated during the initialization of the first obfuscation driver;
      
      responsive to verifying that the second unique machine identifier matches the first unique machine identifier, generate a fifth obfuscation seed from the first unique machine identifier;
      
      send a first handshake message including the fifth obfuscation seed to the first obfuscation driver;
      
      receive from the first obfuscation driver a sixth obfuscation seed in a second handshake message;
      
      verify an authenticity of the sixth obfuscation seed;
      
      responsive to verifying the authenticity of the sixth obfuscation seed, generate a seventh obfuscation seed from at least one of the fifth obfuscation seed and the sixth obfuscation seed;
      
      send a third handshake message including the seventh obfuscation seed to the first obfuscation driver;
      
      receive from the first obfuscation driver an eighth obfuscation seed in a fourth handshake message;
      
      verify an authenticity of the eighth obfuscation seed; and
      
      send a fifth handshake message including at least a ninth obfuscation seed to the first obfuscation driver, wherein the fifth handshake message acknowledges a successful initiation of the first obfuscated communication session.
  - 3. The system of claim 2, wherein any failed verification by the first obfuscation gateway of any obfuscation seed sent by the first obfuscation driver results in a termination of the first obfuscated communication session.
  - 4. The system of claim 3, wherein the first obfuscation driver is prevented from establishing any further obfuscated communication sessions with the first obfuscation gateway as a result of a failed verification.
  - 5. The system of claim 3, wherein the first obfuscation driver is re-initialized on the secure connection to re-enable an obfuscated communication session establishment privilege of the first obfuscation driver.
  - 6. The system of claim 1, wherein the first obfuscation driver defaults to the passive mode, wherein the first obfuscation driver in the passive mode ignores a network traffic of the endpoint device and the first obfuscation driver in the active mode intercepts the network traffic of the endpoint device.
  - 7. The system of claim 6, wherein the first obfuscation driver enters the active mode responsive to a successful authentication, and the first obfuscation driver is required to be in the active mode to encrypt the first unique machine identifier.
  - 8. The system of claim 7, wherein the successful authentication includes at least one of a biometric scan, a password verification, a token verification, and a cellular network verification.
  - 9. The system of claim 1, wherein each obfuscation seed includes generation instructions for a next obfuscation seed.
  - 10. The system of claim 9, wherein a stream of obfuscation seeds are continually passed between the first obfuscation gateway and the first obfuscation driver based on at least one of a time elapsed and a message count, regardless of whether any payload data being ready to be transmitted between the endpoint device and the application.
  - 11. The system of claim 10, wherein the stream of obfuscation seeds are transmitted with decoy data.
  - 12. The system of claim 1, wherein the first obfuscation gateway remotely updates the first obfuscation driver.
  - 13. The system of claim 12, wherein updating the first obfuscation driver enables different types of obfuscation instructions to be generated.
  - 14. The system of claim 1, wherein the first plurality of message segments and are transmitted in a first plurality of packets.
  - 15. The system of claim 14, wherein a fourth plurality of message segments are interspersed with the first plurality of segments in the first plurality of packets during transmission.
  - 16. The system of claim 15, wherein the fourth plurality of message segments are comprised of decoy data.
  - 17. The system of claim 15, wherein the fourth plurality of message segments are segments of a third obfuscated message.
  - 18. The system of claim 14, wherein each packet of the first plurality of packets includes an internet protocol header, an obfuscation header, and a payload of obfuscated data.
  - 19. The system of claim 18, wherein the obfuscation header includes at least a portion of the first de-obfuscation instructions.
  - 20. The system of claim 18, wherein at least one of a location of the first obfuscation seed and a location of an obfuscation header of the first obfuscated message in the first obfuscated message is different from at least one of a location of the fourth obfuscation seed and a location of an obfuscation header of the second obfuscated message in the second obfuscated message.
  - 21. The system of claim 20, wherein the first response message includes instructions for locating the location of the fourth obfuscation seed and the location of the obfuscation header of the second obfuscated message in the second obfuscated message.
  - 22. The system of claim 1, wherein the first obfuscated message is encrypted prior to being obfuscated.
  - 23. The system of claim 1, wherein the first obfuscation driver is retrofit onto the endpoint device and the first obfuscation gateway is retrofit onto an existing application server.
  - 24. The system of claim 23, wherein a same version of the application executes identically both prior to and after retrofitting the first obfuscation driver onto the endpoint device and the first obfuscation gateway onto the existing application server.
  - 25. The system of claim 1, wherein the first network is an unsecure network.
  - 26. The system of claim 1, wherein the application requires protected data located across a second network.
  - 27. The system of claim 26, wherein the second network is a secure network.
  - 28. The system of claim 26, wherein the application sends a data request to a protected data storage and receives a data response from the protected data storage.
  - 29. The system of claim 28, wherein the data request is logged into a memory and reported to an administrator.
  - 30. The system of claim 28, wherein the data request is intercepted by a second obfuscation gateway and the second obfuscation gateway executes to:
    - establish a second obfuscated communication session with a second obfuscation driver;
      
      obfuscate the data request resulting in a third obfuscated message and fourth de-obfuscation instructions;
      
      transmit the third obfuscated message and fourth de-obfuscation instructions to the second obfuscation driver executing on the protected data storage; and
      
      receive, from the second obfuscation driver a fourth obfuscated message and fifth de-obfuscation instructions.
  - 31. The system of claim 1, wherein the first obfuscation gateway flags the endpoint device as an intruder responsive to at least one of a failure to establish the first obfuscated communication session and a failure in a validation of any obfuscation seed.
  - 32. The system of claim 1, further comprising:
    - a second obfuscation gateway located across the first network from the first obfuscation gateway, wherein the first network is an unsecured network and the second obfuscation gateway executes to;
      
      establish a secure and obfuscated connection with the first obfuscation gateway over the first network by;
      
      cross initializing with the first obfuscation gateway, wherein cross initializing with the first obfuscation gateway includes collaboratively generating a second unique machine identifier of the second obfuscation gateway by the first obfuscation gateway and the second obfuscation gateway and collaboratively generating a third unique machine identifier of the first obfuscation gateway by the second obfuscation gateway and the first obfuscation gateway through a secure channel;
      
      generating a conjoined machine identifier from the second unique machine identifier and the third unique machine identifier;
      
      encrypting the conjoined machine identifier;
      
      exchanging the conjoined machine identifier with the first obfuscation gateway;
      
      validating the conjoined machine identifier;
      
      generating a first conjoined obfuscation seed of a plurality of conjoined obfuscation seeds from the conjoined machine identifier;
      
      exchanging the first conjoined obfuscation seed between the obfuscation gateways; and
      
      generating and exchanging subsequent conjoined obfuscation seeds of the plurality of conjoined obfuscation seeds from at least one other conjoined obfuscation seed of the plurality of conjoined obfuscation seeds.
  - 33. The system of claim 32, wherein the first obfuscation gateway separates a first plurality of computer systems connected to a first secure network from the first network, and the second obfuscation gateway separates a second plurality of computer systems connected to a second secure network from the first network.
  - 34. The system of claim 32, wherein the first obfuscation gateway and the second obfuscation gateway continuously exchange and validate conjoined obfuscation seeds to maintain a security of the secure and obfuscated connection.
  - 35. The system of claim 32, wherein each transmission between the first obfuscation gateway and the second obfuscation gateway is segmented into a plurality of transmission packets, and individual transmission packets of the plurality of transmission packets are exchanged through different network routes of a plurality of network routes between the first obfuscation gateway and the second obfuscation gateway.
  - 36. The system of claim 35, wherein each transmission between the first obfuscation gateway and the second obfuscation gateway includes at least one conjoined obfuscation seed.
  - 37. The system of claim 36, wherein at least part of each transmission between the first obfuscation gateway and the second obfuscation gateway is transmitted over the secure channel.
  - 38. The system of claim 32, wherein the secure channel includes at least one of an audio connection, an exchange of physical storage devices, a pre-synchronization of the first obfuscation gateway and the second obfuscation gateway at a same location, a dedicated secure connection, and a quantum communication network.
  - 39. The system of claim 37, wherein the secure channel lacks sufficient bandwidth for handling all of the transmissions between the first obfuscation gateway and the second obfuscation gateway.
  - 40. The system of claim 1, wherein the secure connection includes a wireless component.
  - 41. The system of claim 40, wherein the wireless component is one of a near-field communications connection, a short wave-length radio connection, and a Wi-Fi connection.
  - 42. The system of claim 1, wherein the secure connection is an encrypted internet connection with an authentication requirement.
  - 43. The system of claim 42, wherein the first unique machine identifier is generated by the first obfuscation driver with instructions from the first obfuscation gateway, the instructions from the first obfuscation gateway being sent to the first obfuscation driver in response to successful authentication over the encrypted internet connection.

44. A method comprising:
- initializing a first obfuscation driver included in an endpoint device connected to a first network, wherein the first obfuscation driver is in one of two states, an uninitialized state and an initialized state, and the initialized state has an active mode and a passive mode, and wherein the first obfuscation driver is operating in the active mode while the endpoint device is connected to a first obfuscation gateway with a secure connection, and wherein initializing the first obfuscation driver includes collaboratively generating a first unique machine identifier of the endpoint device by the first obfuscation driver and the first obfuscation gateway over the secure connection;
  
  establishing a first obfuscated communication session between the first obfuscation driver operating in the active mode, and the first obfuscation gateway;
  
  receiving, by the first obfuscation gateway, from the first obfuscation driver, a first obfuscated message of the first obfuscated communication session, wherein the first obfuscated message includes a first obfuscation seed and a first message payload, the first obfuscated message is received from the first endpoint device over the first network, and the first obfuscated message is received as a first plurality of message segments, the first plurality of message segments being reordered prior to transmission;
  
  receiving, from the first obfuscation driver, first de-obfuscation instructions associated with the first obfuscated message;
  
  de-obfuscating the first obfuscated message, including reordering the first plurality of message segments based on the first de-obfuscation instructions resulting in a first de-obfuscated message;
  
  forwarding the first de-obfuscated message to an application;
  
  receiving, from the application, a first response message including a second message payload;
  
  creating second de-obfuscation instructions associated with the first response message;
  
  generating a second obfuscation seed from at least part of the first obfuscation seed;
  
  sending the second obfuscation seed to the first obfuscation driver;
  
  receiving, from the first obfuscation driver, a third obfuscation seed;
  
  obfuscating the first response message by reordering a second plurality of message segments of the first response message based on the second de-obfuscation instructions resulting in a first obfuscated response message;
  
  sending, to the first obfuscation driver, the second de-obfuscation instructions and the first obfuscated response message, wherein the third obfuscation seed is included in the first obfuscated response message;
  
  receiving, from the first obfuscation driver, a second obfuscated message of the first obfuscated communication session, wherein the second obfuscated message includes a fourth obfuscation seed and a third message payload, the second obfuscated message is received from the first endpoint device over the first network, and the second obfuscated message is received as a third plurality of message segments, the third plurality of message segments being reordered prior to transmission;
  
  receiving, from the first obfuscation driver, third de-obfuscation instructions associated with the second obfuscated message; and
  
  de-obfuscating the second obfuscated message, including reordering the third plurality of message segments based on the third de-obfuscation instructions resulting in a second de-obfuscated message.
- View Dependent Claims (45, 46)
- - 45. The method of claim 44, wherein establishing the first obfuscated communication session further comprises:
    - receiving a request from the endpoint device to initiate the first obfuscated communication session, wherein the request includes a first encrypted unique machine identifier generated by the first obfuscation driver from the first unique machine identifier;
      
      decrypting the first encrypted unique machine identifier resulting in a second unique machine identifier;
      
      verifying that the second unique machine identifier matches the first unique machine identifier generated during the initialization of the first obfuscation driver;
      
      responsive to verifying that the second unique machine identifier matches the first unique machine identifier, generating a fifth obfuscation seed from the first unique machine identifier;
      
      sending a first handshake message including the fifth obfuscation seed to the first obfuscation driver;
      
      receiving from the first obfuscation driver a sixth obfuscation seed in a second handshake message;
      
      verifying an authenticity of the sixth obfuscation seed;
      
      responsive to verifying the authenticity of the sixth obfuscation seed, generating a seventh obfuscation seed from at least one of the fifth obfuscation seed and the sixth obfuscation seed;
      
      sending a third handshake message including the seventh obfuscation seed to the first obfuscation driver;
      
      receiving from the first obfuscation driver an eighth obfuscation seed in a fourth handshake message;
      
      verifying an authenticity of the eighth obfuscation seed; and
      
      sending a fifth handshake message including at least a ninth obfuscation seed to the first obfuscation driver, wherein the fifth handshake message acknowledges a successful initiation of the first obfuscated communication session.
  - 46. The method of claim 44, further comprising:
    - establishing a secure and obfuscated connection between the first obfuscation gateway and a second obfuscation gateway located across the first network from the first obfuscation gateway by;
      
      cross initializing the second obfuscation gateway with the first obfuscation gateway, wherein cross initializing includes collaboratively generating a second unique machine identifier of the second obfuscation gateway by the first obfuscation gateway and the second obfuscation gateway and collaboratively generating a third unique machine identifier of the first obfuscation gateway by the second obfuscation gateway and the first obfuscation gateway through a secure channel;
      
      generating a conjoined machine identifier from the second unique machine identifier and the third unique machine identifier;
      
      encrypting the conjoined machine identifier;
      
      exchanging the conjoined machine identifier between the first obfuscation gateway and the second obfuscation gateway;
      
      validating the conjoined machine identifier;
      
      generating a first conjoined obfuscation seed of a plurality of conjoined obfuscation seeds from the conjoined machine identifier;
      
      exchanging the first conjoined obfuscation seed between the obfuscation gateways; and
      
      generating and exchanging subsequent conjoined obfuscation seeds of the plurality of conjoined obfuscation seeds from at least one other conjoined obfuscation seed of the plurality of conjoined obfuscation seeds.

47. A computer-readable non-transitory storage medium storing executable instructions, which when executed by a computer system, cause the computer system to:
- initialize a first obfuscation driver included in an endpoint device connected to a first network, wherein the first obfuscation driver is in one of two states, an uninitialized state and an initialized state, and the initialized state has an active mode and a passive mode, and wherein the first obfuscation driver is operating in the active mode while the endpoint device is connected to a first obfuscation gateway with a secure connection, and wherein initializing the first obfuscation driver includes collaboratively generating a first unique machine identifier of the endpoint device by the first obfuscation driver and the first obfuscation gateway over the secure connection;
  
  establish a first obfuscated communication session between the first obfuscation driver operating in the active mode, and the first obfuscation gateway;
  
  receive, by the first obfuscation gateway, from the first obfuscation driver, a first obfuscated message of the first obfuscated communication session, wherein the first obfuscated message includes a first obfuscation seed and a first message payload, the first obfuscated message is received from the first endpoint device over the first network, and the first obfuscated message is received as a first plurality of message segments, the first plurality of message segments being reordered prior to transmission;
  
  receive, from the first obfuscation driver, first de-obfuscation instructions associated with the first obfuscated message;
  
  de-obfuscate the first obfuscated message, including reordering the first plurality of message segments based on the first de-obfuscation instructions resulting in a first de-obfuscated message;
  
  forward the first de-obfuscated message to an application;
  
  receive, from the application, a first response message including a second message payload;
  
  create second de-obfuscation instructions associated with the first response message;
  
  generate a second obfuscation seed from at least part of the first obfuscation seed;
  
  send the second obfuscation seed to the first obfuscation driver;
  
  receive, from the first obfuscation driver, a third obfuscation seed;
  
  obfuscate the first response message by reordering a second plurality of message segments of the first response message based on the second de-obfuscation instructions resulting in a first obfuscated response message;
  
  send, to the first obfuscation driver, the second de-obfuscation instructions and the first obfuscated response message, wherein the third obfuscation seed is included in the first obfuscated response message;
  
  receive, from the first obfuscation driver, a second obfuscated message of the first obfuscated communication session, wherein the second obfuscated message includes a fourth obfuscation seed and a third message payload, the second obfuscated message is received from the first endpoint device over the first network, and the second obfuscated message is received as a third plurality of message segments, the third plurality of message segments being reordered prior to transmission;
  
  receive, from the first obfuscation driver, third de-obfuscation instructions associated with the second obfuscated message; and
  
  de-obfuscate the second obfuscated message, including reordering the third plurality of message segments based on the third de-obfuscation instructions resulting in a second de-obfuscated message.
- View Dependent Claims (48, 49)
- - 48. The computer-readable non-transitory storage medium storing executable instructions of claim 47, wherein establishing the first obfuscated communication session further comprises:
    - receiving a request from the endpoint device to initiate the first obfuscated communication session, wherein the request includes a first encrypted unique machine identifier generated by the first obfuscation driver from the first unique machine identifier;
      
      decrypting the first encrypted unique machine identifier resulting in a second unique machine identifier;
      
      verifying that the second unique machine identifier matches the first unique machine identifier generated during the initialization of the first obfuscation driver;
      
      responsive to verifying that the second unique machine identifier matches the first unique machine identifier, generating a fifth obfuscation seed from the first unique machine identifier;
      
      sending a first handshake message including the fifth obfuscation seed to the first obfuscation driver;
      
      receiving from the first obfuscation driver a sixth obfuscation seed in a second handshake message;
      
      verifying an authenticity of the sixth obfuscation seed;
      
      responsive to verifying the authenticity of the sixth obfuscation seed, generating a seventh obfuscation seed from at least one of the fifth obfuscation seed and the sixth obfuscation seed;
      
      sending a third handshake message including the seventh obfuscation seed to the first obfuscation driver;
      
      receiving from the first obfuscation driver an eighth obfuscation seed in a fourth handshake message;
      
      verifying an authenticity of the eighth obfuscation seed; and
      
      sending a fifth handshake message including at least a ninth obfuscation seed to the first obfuscation driver, wherein the fifth handshake message acknowledges a successful initiation of the first obfuscated communication session.
  - 49. The computer-readable non-transitory storage medium storing executable instructions of claim 47, further comprising:
    - establishing a secure and obfuscated connection between the first obfuscation gateway and a second obfuscation gateway located across the first network from the first obfuscation gateway by;
      
      cross initializing the second obfuscation gateway with the first obfuscation gateway, wherein cross initializing includes collaboratively generating a second unique machine identifier of the second obfuscation gateway by the first obfuscation gateway and the second obfuscation gateway and collaboratively generating a third unique machine identifier of the first obfuscation gateway by the second obfuscation gateway and the first obfuscation gateway through a secure channel;
      
      generating a conjoined machine identifier from the second unique machine identifier and the third unique machine identifier;
      
      encrypting the conjoined machine identifier;
      
      exchanging the conjoined machine identifier between the first obfuscation gateway and the second obfuscation gateway;
      
      validating the conjoined machine identifier;
      
      generating a first conjoined obfuscation seed of a plurality of conjoined obfuscation seeds from the conjoined machine identifier;
      
      exchanging the first conjoined obfuscation seed between the obfuscation gateways; and
      
      generating and exchanging subsequent conjoined obfuscation seeds of the plurality of conjoined obfuscation seeds from at least one other conjoined obfuscation seed of the plurality of conjoined obfuscation seeds.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
San Jacinto Digital Services
Original Assignee
Sanctum Solutions Inc.
Inventors
Stephens, Noel Shepard
Primary Examiner(s)
Leung, Robert B
Assistant Examiner(s)
Wickramasuriya, Sameera

Application Number

US15/438,176
Publication Number

US 20180241760A1
Time in Patent Office

903 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

Network data obfuscation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Network data obfuscation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links