Agile network protocol for secure communications with assured system availability

US 20060123134A1
Filed: 12/13/2005
Published: 06/08/2006
Est. Priority Date: 10/30/1998
Status: Active Grant

First Claim

Patent Images

1. A method of communicating between a first node and a second node coupled via a network, comprising the steps of:

(1) in the first node, using a first algorithm to select from among a first plurality of different network addresses each of which is mapped in the network to the first node, and using each selected network address in a header of a packet that is transmitted over the network to the second node; and

(2) in the second node, using a second algorithm to select from among a second plurality of network addresses each of which is mapped in the network to the second node, and using each selected network address in a header of a packet that is transmitted over the network to the first node.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

Citations

13 Claims

1. A method of communicating between a first node and a second node coupled via a network, comprising the steps of:
- (1) in the first node, using a first algorithm to select from among a first plurality of different network addresses each of which is mapped in the network to the first node, and using each selected network address in a header of a packet that is transmitted over the network to the second node; and
  
  (2) in the second node, using a second algorithm to select from among a second plurality of network addresses each of which is mapped in the network to the second node, and using each selected network address in a header of a packet that is transmitted over the network to the first node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 13)
- - 2. The method of claim 1, wherein the network comprises an Internet Protocol (IP) network, and wherein each network address comprises an Internet Protocol (IP) source or destination address.
  - 3. The method of claim 2, wherein:
    - step (1) comprises the step of using each selected IP address as the destination address of the second node; and
      
      step (2) comprises the step of using each selected IP address as the destination address of the first node.
  - 4. The method of claim 2, wherein:
    - step (1) comprises the step of using each selected IP address as the source address of the first node; and
      
      step (2) comprises the step of using each selected IP address as the source address of the second node.
  - 5. The method of claim 1, further comprising the steps of:
    - (3) in the first node, evaluating a header of received packets to determine whether it contains a network address that conforms to the second algorithm;
      
      (4) in the first node, upon determining that the header contains a network address that conforms to the second algorithm, accepting the packet for processing; and
      
      (5) in the first node, upon determining that the header does not contain a network address that conforms to the second algorithm, rejecting the packet for processing.
  - 6. The method of claim 1, wherein the first and second algorithms select each network address on a quasi-random basis.
  - 7. The method of claim 1, wherein the first and second algorithms select a different network address for each outgoing packet.
  - 13. The method of claim 2, further comprising the step of discarding received IP packets containing an IP address that was previously received.

8. A method of communicating between first and second nodes in a network, comprising the steps of:
- (1) in the first node, storing a transmit netblock comprising a plurality of pairs of source and destination IP addresses that will be used for communicating with the second node, and an algorithm for selecting pairs of source and destination IP addresses from among the plurality of pairs of source and destination IP addresses;
  
  (2) in the first node, generating a plurality of IP packets each comprising one of the selected pairs or source and destination IP addresses; and
  
  (3) in the first node, transmitting each IP packet generated in step (2) to the second node.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein the algorithm selects a different pair of source and destination addresses for each IP packet transmitting in step (3).
  - 10. The method of claim 8, further comprising the step of receiving the transmit netblock and the algorithm from the second node.
  - 11. The method of claim 8, further comprising the step of receiving a plurality of IP packets from the second node and, for each received IP packet:
    - determining whether the received IP packet contains a valid source and destination IP address, wherein the validity of each address is determined with reference to a second algorithm;
      
      upon determining that the received IP packet contains a valid source and destination IP address, accepting the IP packet for further processing; and
      
      upon determining that the received IP packet does not contain a valid source and destination IP address, rejecting the IP packet.
  - 12. The method of claim 11, wherein the second algorithm determines whether each address is valid by generating a range of predictions encompassing a plurality of possible transmitted source and destination addresses, and comparing each address to the range of predictions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
Science Applications International Corporation
Inventors
Munger, Edmund Colby, Schmidt, Douglas Charles, Gligor, Virgil D., Short, Robert Dunham III, Sabio, Vincent J.

Granted Patent

US 7,996,539 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/245
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 45/20   Hop count for routing purpo...

H04L 45/24   Multipath

H04L 61/2539   Hiding addresses; Keeping a...

H04L 61/30   Managing network names, e.g...

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/0407   wherein the identity of one...

H04L 63/0421   Anonymous communication, i....

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04L 69/14   Multichannel or multilink p...

H04L 9/065   Encryption by serially and ...

H04M 3/42008   Systems for anonymous commu...

Agile network protocol for secure communications with assured system availability

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Agile network protocol for secure communications with assured system availability

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links