System and Method of Encrypting Network Address for Anonymity and Preventing Data Exfiltration

US 20090228708A1
Filed: 03/05/2009
Published: 09/10/2009
Est. Priority Date: 03/05/2008
Status: Active Grant

First Claim

Patent Images

1. A method of sending a data packet from a client through a network and to a server, the data packet having an originating address portion and destination address portion, the network having a first mix router and a second mix router, the client having a client address, the first mix router having a first mix router address, the second mix router having a second mix router address and the server having a server address, said method comprising:

encrypting the originating address portion of the data packet based on the client address and encrypting the destination portion of the data packet based on one of the first mix router address and the second mix router address to generate an encrypted data packet;

transmitting the encrypted data packet to the one of the first mix router and the second mix router;

decrypting the originating address portion of the encrypted data packet and the destination portion of the encrypted data packet to generate a decrypted data packet;

providing a first data packet based on the decrypted data packet to the other of the first mix router and the second mix router; and

providing a second data packet to the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for sending a data packet from a client through a network and to a server. The data packet is a data structure having an originating address portion and destination address portion. The network includes a first mix router and a second mix router. The client has a client address, whereas the first mix router has a first mix router address, the second mix router has a second mix router address and the server has a server address. The method includes encrypting the originating address portion of the data packet and encrypting the destination portion of the data packet, transmitting the encrypted data packet, decrypting the originating address portion of the encrypted data packet and the destination portion of the encrypted data packet, providing a first data packet and providing a second data packet. Specifically, the encrypting the originating address portion of the data packet is based on the client address and the encrypting the destination portion of the data packet is based on one of the first mix router address and the second mix router address. The encrypting generates an encrypted data packet. The encrypted data packet is transmitted to the one of the first mix router and the second mix router, wherein it is decrypted to generate a decrypted data packet. The first data packet is based on the decrypted data packet and is provided to the other of the first mix router and the second mix router. The second data packet is provided to the server.

125 Citations

20 Claims

1. A method of sending a data packet from a client through a network and to a server, the data packet having an originating address portion and destination address portion, the network having a first mix router and a second mix router, the client having a client address, the first mix router having a first mix router address, the second mix router having a second mix router address and the server having a server address, said method comprising:
- encrypting the originating address portion of the data packet based on the client address and encrypting the destination portion of the data packet based on one of the first mix router address and the second mix router address to generate an encrypted data packet;
  
  transmitting the encrypted data packet to the one of the first mix router and the second mix router;
  
  decrypting the originating address portion of the encrypted data packet and the destination portion of the encrypted data packet to generate a decrypted data packet;
  
  providing a first data packet based on the decrypted data packet to the other of the first mix router and the second mix router; and
  
  providing a second data packet to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein said providing a first data packet based on the decrypted data packet to the other of the first mix router and the second mix router comprisesre-encrypting the originating address portion of the decrypted data packet based on the one of the first mix router address and the second mix router address and re-encrypting the destination portion of the decrypted data packet based on the other of the first mix router address and the second mix router address to generate an re-encrypted data packet,transmitting the re-encrypted data packet to the other of the first mix router and the second mix router, anddecrypting the originating address portion of the re-encrypted data packet and the destination portion of the re-encrypted data packet to generate a twice-decrypted data packet.
  - 3. The method of claim 2, wherein said providing a second data packet to the server comprisesre-encrypting the originating address portion of the twice-decrypted data packet based on the other of the first mix router address and the second mix router address and re-encrypting the destination portion of the twice-decrypted data packet based on the server address to generate a twice-re-encrypted data packet, andtransmitting the twice-re-encrypted data packet to the server.
  - 4. The method of claim 3, further comprising:
    - determining to transmit the encrypted data packet to the first mix router from the client,wherein said encrypting the originating address portion of the data packet based on the client address and encrypting the destination portion of the data packet based on one of the first mix router address and the second mix router address to generate an encrypted data packet comprises encrypting the originating address portion of the data packet based on the client address and encrypting the destination portion of the data packet based on the first mix router address to generate an encrypted data packet, andwherein said transmitting the encrypted data packet to the one of the first mix router and the second mix router comprises transmitting the encrypted data packet to the first mix router.
  - 5. The method of claim 4, further comprising distributing encryption keys to the first mix router and to the second mix router.
  - 6. The method of claim 5, wherein said distributing encryption keys to the first mix router and to the second mix router comprisesdistributing a first encryption key to the first mix router, anddistributing a second encryption key to the second mix router.
  - 7. The method of claim 6,wherein said distributing a first encryption key to the first mix router comprises distributing a first encryption key that is operable to decrypt one of the encrypted data packet and the re-encrypted data packet, andwherein said distributing a second encryption key to the second mix router comprises distributing a second encryption key that is operable to decrypt the other one of the encrypted data packet and the re-encrypted data packet.
  - 8. The method of claim 7, wherein said transmitting the encrypted data packet to the first mix router comprises transmitting the encrypted data packet having a global prefix identifier portion, an encrypted code portion and a pseudo-randomly generated value portion.
  - 9. The method of claim 8, wherein said transmitting the encrypted data packet having a global prefix identifier portion, an encrypted code portion and a pseudo-randomly generated value portion comprises transmitting the encrypted code portion being based on the pseudo-randomly generated value.
  - 10. The method of claim 9, wherein transmitting the re-encrypted data packet to the other of the first mix router and the second mix router comprises transmitting the re-encrypted data packet having the global prefix identifier portion, the encrypted code portion and the pseudo-randomly generated value portion.
  - 11. The method of claim 10, wherein said transmitting the re-encrypted data packet having the global prefix identifier portion, the encrypted code portion and the pseudo-randomly generated value portion comprises transmitting the re-encrypted code portion being based on the pseudo-randomly generated value.
  - 12. The method of claim 11, wherein transmitting the twice-re-encrypted data packet to the server comprises transmitting the twice-re-encrypted data packet having the global prefix identifier portion, the encrypted code portion and the pseudo-randomly generated value portion.
  - 13. The method of claim 12, wherein said transmitting the twice-re-encrypted data packet having the global prefix identifier portion, the encrypted code portion and the pseudo-randomly generated value portion comprises transmitting the twice-re-encrypted code portion being based on the pseudo-randomly generated value.
  - 14. The method of claim 1, wherein said transmitting the encrypted data packet to the one of the first mix router and the second mix router comprises transmitting the encrypted data packet having a global prefix identifier portion, an encrypted code portion and a pseudo-randomly generated value portion.
  - 15. The method of claim 14, wherein said transmitting the encrypted data packet having a global prefix identifier portion, an encrypted code portion and a pseudo-randomly generated value portion comprises transmitting the encrypted code portion being based on the pseudo-randomly generated value.
  - 16. The method of claim 2, wherein transmitting the re-encrypted data packet to the other of the first mix router and the second mix router comprises transmitting the re-encrypted data packet having the global prefix identifier portion, the encrypted code portion and the pseudo-randomly generated value portion.
  - 17. The method of claim 16, wherein said transmitting the re-encrypted data packet having the global prefix identifier portion, the encrypted code portion and the pseudo-randomly generated value portion comprises transmitting the re-encrypted code portion being based on the pseudo-randomly generated value.
  - 18. The method of claim 3, wherein transmitting the twice-re-encrypted data packet to the server comprises transmitting the twice-re-encrypted data packet having the global prefix identifier portion, the encrypted code portion and the pseudo-randomly generated value portion.

19. A method of sending a data packet from a client through a network and to a server, the data packet having an originating address portion and destination address portion, the network having a first mix router and a second mix router, the client having a client address, the first mix router having a first mix router address, the second mix router having a second mix router address and the server having a server address, said method comprising:
- encrypting the originating address portion of the data packet based on the client address and encrypting the destination portion of the data packet based on one of the first mix router address and the second mix router address to generate an encrypted data packet;
  
  transmitting the encrypted data packet to the one of the first mix router and the second mix router;
  
  decrypting the originating address portion of the encrypted data packet and the destination portion of the encrypted data packet to generate a decrypted data packet;
  
  re-encrypting the originating address portion of the decrypted data packet based on the one of the first mix router address and the second mix router address and re-encrypting the destination portion of the decrypted data packet based on the other of the first mix router address and the second mix router address to generate an re-encrypted data packet;
  
  transmitting the re-encrypted data packet to the other of the first mix router and the second mix router;
  
  decrypting the originating address portion of the re-encrypted data packet and the destination portion of the re-encrypted data packet to generate a twice-decrypted data packet;
  
  re-encrypting the originating address portion of the twice-decrypted data packet based on the other of the first mix router address and the second mix router address and re-encrypting the destination portion of the twice-decrypted data packet based on the server address to generate a twice-re-encrypted data packet; and
  
  transmitting the twice-re-encrypted data packet to the server,wherein each of the encrypted data packet, re-encrypted data packet and the twice-re-encrypted data packet includes a global prefix identifier portion, an encrypted code portion and a pseudo-randomly generated value portion, andwherein the encrypted code portion is based on the pseudo-randomly generated value.

20. A data processing system program product for executing instructions in a data processing system, the data processing system program product comprising a data processing system-readable storage medium having data processing system-readable program code embodied in the medium, the data processing system being operable to send a data packet through a network and to a server, the data packet having an originating address portion and destination address portion, the network having a first mix router and a second mix router, the data processing system having a data processing system address, the first mix router having a first mix router address, the second mix router having a second mix router address and the server having a server address, the data processing system-readable program code being operable to instruct the data processing system to perform a method comprising:
- encrypting the originating address portion of the data packet based on the data processing system address and encrypting the destination portion of the data packet based on one of the first mix router address and the second mix router address to generate an encrypted data packet;
  
  transmitting the encrypted data packet to the one of the first mix router and the second mix router;
  
  decrypting the originating address portion of the encrypted data packet and the destination portion of the encrypted data packet to generate a decrypted data packet;
  
  providing a first data packet based on the decrypted data packet to the other of the first mix router and the second mix router; and
  
  providing a second data packet to the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Johns Hopkins University
Original Assignee
Johns Hopkins University
Inventors
Trostle, Jonathan T.

Granted Patent

US 8,533,465 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/0421   Anonymous communication, i....

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/164   at the network layer

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/167   Adaptation for transition b...

H04L 69/22   Parsing or analysis of headers

System and Method of Encrypting Network Address for Anonymity and Preventing Data Exfiltration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

125 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method of Encrypting Network Address for Anonymity and Preventing Data Exfiltration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links