Agile Network Protocol For Secure Communications With Assured System Availability.

US 20110185169A1
Filed: 03/29/2011
Published: 07/28/2011
Est. Priority Date: 10/30/1998
Status: Abandoned Application

First Claim

Patent Images

1. A method for establishing an encrypted channel between a client and a target, comprising the steps of:

(i) generating a DNS request from the client; and

(ii) based on the DNS request, automatically establishing the encrypted channel between the client and the target,wherein the encrypted channel is capable of supporting services.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.

Citations

52 Claims

1. A method for establishing an encrypted channel between a client and a target, comprising the steps of:
- (i) generating a DNS request from the client; and
  
  (ii) based on the DNS request, automatically establishing the encrypted channel between the client and the target,wherein the encrypted channel is capable of supporting services.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein step (ii) comprises steps of:
    - (a) determining whether the client is authorized to access the target identified by the DNS request;
      
      (b) when the client is authorized to access the target, initiating the encrypted channel; and
      
      (c) when the client is not authorized to access the target, sending an error message to the client.
  - 3. The method of claim 2, wherein step b) comprises sending encrypted channel parameters to the client.
  - 4. The method of claim 1, wherein step (ii) occurs in a communication protocol independently of an application program.
  - 5. The method of claim 1, wherein the method further comprises intercepting the DNS request using a DNS proxy server.
  - 6. The method of claim 1, wherein step (ii) comprises establishing the encrypted channel responsive to the DNS request for a domain name comprising a predetermined domain name extension.
  - 7. The method of claim 1, wherein step (ii) comprises establishing an IP address hopping scheme between the client and the target.
  - 8. The method of claim 1, wherein step (ii) comprises concealing a true IP address of the target.
  - 9. The method of claim 1, wherein the encrypted channel uses tunneling.
  - 10. The method of claim 1, wherein the encrypted channel supports various communication protocols.
  - 11. The method of claim 1, wherein the encrypted channel supports a plurality of application programs.
  - 12. The method of claim 1, wherein the encrypted channel supports multiple sessions.

13. A method for establishing a secure communication link between a first device and a second device, the method comprising steps of:
- generating a request for access to a second device and automatically initiating a secure communication link between a first device and the second device, wherein the secure communication link is capable of supporting a plurality of services.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 14. The method of claim 13, wherein the first device has an IP address, and the second device has an IP address.
  - 15. The method of claim 13, wherein the request uses a DNS request.
  - 16. The method of claim 13, wherein the secure communication link is automatically initiated in response to the request.
  - 17. The method of claim 13, wherein the request is a DNS request that requests an IP address associated with the second device.
  - 18. The method of claim 13, wherein the step of automatically initiating a secure communication link is performed in a communication protocol independently of an application program.
  - 19. The method of claim 13 further comprising a step of automatically establishing the secure communication link between the first device and the second device.
  - 20. The method of claim 13 further comprising a step of automatically establishing the secure communication link between the first device and the second device, wherein the first device has an IP address, the second device has an IP address, the second device is a secure device, and the secure communication link is automatically initiated in response to the request.
  - 21. The method of claim 13, wherein each of the first device and the second device comprises a computer.
  - 22. The method of claim 13, wherein the secure communication link uses encryption.
  - 23. The method of claim 13, wherein the first device sends a tunneled packet.
  - 24. The method of claim 13, wherein the secure communication link uses tunneling.
  - 25. The method of claim 13, wherein the secure communication link supports various communication protocols.
  - 26. The method of claim 13, wherein the secure communication link supports a plurality of application programs.
  - 27. The method of claim 26, wherein the plurality of application programs comprises video conferencing.
  - 28. The method of claim 26, wherein the plurality of application programs comprises e-mail.
  - 29. The method of claim 26, wherein the plurality of application programs comprises a word processing program.
  - 30. The method of claim 26, wherein the plurality of application programs comprises telephony.
  - 31. The method of claim 26, wherein the plurality of application programs comprises video.
  - 32. The method of claim 26, wherein the plurality of application programs comprises audio.
  - 33. The method of claim 26, wherein the plurality of application programs comprises items selected from a group consisting of the following:
    - video conferencing, e-mail, a word processing program, and telephony.
  - 34. The method of claim 13, wherein the secure communication link supports multiple sessions.
  - 35. The method of claim 13, wherein the secure communication link supports the plurality of services.
  - 36. The method of claim 13, wherein the plurality of services comprises a plurality of communication protocols, a plurality of application programs, multiple sessions, or a combination thereof.
  - 37. The method of claim 13, wherein the secure communication link is an authenticated link.

38. A method for establishing an encrypted channel between a client and a secure device, comprising the step of automatically creating the encrypted channel as a response to a DNS request for a domain name, wherein the encrypted channel is capable of supporting services.
- View Dependent Claims (39, 40, 41)
- - 39. The method of claim 38, wherein the creating step is performed in a communication protocol independently of an application program.
  - 40. The method of claim 38, wherein creating the encrypted channel comprises establishing an IP address hopping scheme between the client and the secure device.
  - 41. The method of claim 38, wherein creating the encrypted channel comprises concealing a true IP address of the secure device.

42. A method for establishing an encrypted channel between a client and a secure device, comprising the step of automatically creating the encrypted channel in response to a request for access to an IP address, wherein the encrypted channel is capable of supporting services.
- View Dependent Claims (43, 44, 45)
- - 43. The method of claim 42, wherein the creating step is performed in a communication protocol independently of an application program.
  - 44. The method of claim 42, wherein automatically creating the encrypted channel comprises establishing an IP address hopping scheme between the client and the secure device.
  - 45. The method of claim 42, wherein automatically creating the encrypted channel comprises concealing a true IP address of the secure device.

46. A computer readable medium comprising computer readable instructions that, when executed, perform steps of:
- when a DNS request corresponds to a secure device, determining whether a client is authorized to access the secure device and, if so, automatically initiating an encrypted channel between the client and the secure device, wherein the encrypted channel is capable of supporting services.
- View Dependent Claims (47, 48)
- - 47. The computer readable medium of claim 46, wherein automatically initiating the encrypted channel between the client and the secure device comprises establishing an IP address hopping scheme between the client and the secure device.
  - 48. The computer readable medium of claim 46, wherein automatically initiating the encrypted channel between the client and the secure device comprises concealing a true IP address of the secure device.

49. A machine readable medium comprising machine readable instructions for performing steps of:
- generating a request for access to a second device and automatically initiating a secure communication link between a first device and the second device, wherein the secure communication link is capable of supporting a plurality of services.

50. A device comprising memory, the device for performing a method for creating a secure communication link, the method comprising steps of:
- generating a request for access to a second device and automatically initiating a secure communication link between the device and the second device, wherein the secure communication link is capable of supporting a plurality of services.
- View Dependent Claims (52)
- - 52. The device of claim 50, wherein the device is for performing a step of:
    - when the DNS request is not associated with a secure device, receiving an IP address of a nonsecure device.

51. A device comprising memory, the device for performing the steps of:
- receiving information as to whether a DNS request is associated with a secure device; and
  
  when the DNS request is associated with a secure device, automatically initiating a secure communication link with the secure device, wherein the secure communication link is capable of supporting a plurality of services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Inventors
Larson, Victor, Munger, Edmund Colby, Schmidt, Douglas Charles, Short, Robert Dunham III, Williamson, Michael

Application Number

US13/075,081
Publication Number

US 20110185169A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 45/00   Routing or path finding of ...

H04L 45/24   Multipath

H04L 45/243   using M+N parallel active p...

H04L 45/28   using route fault recovery

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0272   Virtual private networks

H04L 63/0407   wherein the identity of one...

H04L 63/0414   during transmission, i.e. p...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 63/1491   using deception as counterm...

H04L 65/403   Arrangements for multi-part...

Agile Network Protocol For Secure Communications With Assured System Availability.

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Agile Network Protocol For Secure Communications With Assured System Availability.

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links