Agile network protocol for secure communications with assured system availability
First Claim
1. A method of communicating between a first node and a second node coupled via a network, comprising the steps of:
- (1) in the first node, using a first algorithm to select from among a first plurality of different network addresses each of which is mapped in the network to the first node, and using each selected network address in a header of a packet that is transmitted over the network to the second node; and
(2) in the second node, using a second algorithm to select from among a second plurality of network addresses each of which is mapped in the network to the second node, and using each selected network address in a header of a packet that is transmitted over the network to the first node.
4 Assignments
0 Petitions
Accused Products
Abstract
A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
-
Citations
13 Claims
-
1. A method of communicating between a first node and a second node coupled via a network, comprising the steps of:
-
(1) in the first node, using a first algorithm to select from among a first plurality of different network addresses each of which is mapped in the network to the first node, and using each selected network address in a header of a packet that is transmitted over the network to the second node; and
(2) in the second node, using a second algorithm to select from among a second plurality of network addresses each of which is mapped in the network to the second node, and using each selected network address in a header of a packet that is transmitted over the network to the first node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 13)
-
-
8. A method of communicating between first and second nodes in a network, comprising the steps of:
-
(1) in the first node, storing a transmit netblock comprising a plurality of pairs of source and destination IP addresses that will be used for communicating with the second node, and an algorithm for selecting pairs of source and destination IP addresses from among the plurality of pairs of source and destination IP addresses;
(2) in the first node, generating a plurality of IP packets each comprising one of the selected pairs or source and destination IP addresses; and
(3) in the first node, transmitting each IP packet generated in step (2) to the second node. - View Dependent Claims (9, 10, 11, 12)
-
Specification