Agile network protocol for secure communications with assured system availability
First Claim
1. A method of transmitting data packets from a first computer to a second computer, comprising the steps of:
- (i) determining a sender'"'"'s Internet Protocol (IP) address selected from a first set of IP addresses allocated to the first computer;
(ii) determining a receiver'"'"'s IP address selected from a second set of IP addresses allocated to the second computer;
(iii) creating a packet header comprising the sender'"'"'s and receiver'"'"'s IP addresses; and
(iv) the first computer transmitting to the second computer a data packet comprising the packet header.
3 Assignments
0 Petitions
Accused Products
Abstract
A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. These techniques include a self-synchronization technique in which a sync field is transmitted as part of each packet, and a “checkpoint” scheme by which transmitting and receiving nodes can advance to a known point in their hopping schemes. A fast-packet reject technique based on the use of presence vectors is also described. A distributed transmission path embodiment incorporates randomly selected physical transmission paths.
-
Citations
14 Claims
-
1. A method of transmitting data packets from a first computer to a second computer, comprising the steps of:
-
(i) determining a sender'"'"'s Internet Protocol (IP) address selected from a first set of IP addresses allocated to the first computer;
(ii) determining a receiver'"'"'s IP address selected from a second set of IP addresses allocated to the second computer;
(iii) creating a packet header comprising the sender'"'"'s and receiver'"'"'s IP addresses; and
(iv) the first computer transmitting to the second computer a data packet comprising the packet header. - View Dependent Claims (2, 3)
-
-
4. A method of transmitting data packets between a first computer and a second computer, comprising the steps of:
-
(i) the second computer receiving a data packet including a packet header comprising a first sender Internet Protocol (IP) address and a first receiver IP address;
(ii) determining a second sender IP address selected from a first set of IP addresses allocated to the first computer;
(iii) determining a second receiver IP address selected from a second set of IP addresses allocated to the second computer;
(iv) accepting the packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet. - View Dependent Claims (5, 6, 7)
-
-
8. A receiving computer that receives data packets from a transmitting computer, wherein the receiving computer comprises computer instructions that execute the steps of:
-
(i) receiving data packets from a transmitting computer including a packet header comprising a first sender Internet Protocol (IP) address and a first receiver IP address;
(ii) for each data packet, determining a second sender IP address selected from a first set of IP addresses allocated to the first computer;
(iii) for each data packet, determining a second receiver IP address selected from a second set of IP addresses allocated to the second computer;
(iv) for each data packet, accepting the packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet. - View Dependent Claims (9, 10, 11)
-
-
12. A transmitting computer that transmits data packets to a receiving computer, wherein the transmitting computer comprises computer instructions that execute the steps of:
-
(i) determining a sender'"'"'s IP address selected from a first set of IP addresses allocated to the first computer;
(ii) determining a receiver'"'"'s IP address selected from a second set of IP addresses allocated to the second computer;
(iii) creating a packet header comprising the sender'"'"'s and receiver'"'"'s IP addresses; and
(iv) the first computer transmitting to the second computer a data packet comprising the packet header. - View Dependent Claims (13, 14)
-
Specification