Agile Network Protocol For Secure Communications With Assured System Availability
First Claim
1. A method of transmitting data from a first computer to a second computer, the data comprising a plurality of data bytes arranged in a particular order, the method comprising the steps of:
- (1) establishing in the first computer and second computer a common algorithm that determines how data will be randomly distributed across a plurality of data packets;
(2) in the first computer, randomly distributing the plurality of data bytes across the plurality of data packets according to the common algorithm;
(3) transmitting the plurality of data packets from the first computer to the second computer; and
(4) in the second computer, extracting the randomly distributed plurality of data bytes from the plurality of data packets and reassembling them into the particular order according to the common algorithm.
4 Assignments
0 Petitions
Accused Products
Abstract
A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
-
Citations
14 Claims
-
1. A method of transmitting data from a first computer to a second computer, the data comprising a plurality of data bytes arranged in a particular order, the method comprising the steps of:
-
(1) establishing in the first computer and second computer a common algorithm that determines how data will be randomly distributed across a plurality of data packets; (2) in the first computer, randomly distributing the plurality of data bytes across the plurality of data packets according to the common algorithm; (3) transmitting the plurality of data packets from the first computer to the second computer; and (4) in the second computer, extracting the randomly distributed plurality of data bytes from the plurality of data packets and reassembling them into the particular order according to the common algorithm. - View Dependent Claims (2)
-
-
3. A system comprising:
- a first computer including an algorithm that establishes a random distribution pattern for allocating data across a plurality of data packets, wherein the first computer randomly distributes data bytes from a data source across the plurality of data packets according to the random distribution pattern and transmits the plurality of data packets across a network; and
a second computer coupled to the first computer across the network, wherein the second computer receives the plurality of data packets from the first computer, extracts the randomly distributed data bytes, and reassembles them into their original order according to the algorithm. - View Dependent Claims (4)
- a first computer including an algorithm that establishes a random distribution pattern for allocating data across a plurality of data packets, wherein the first computer randomly distributes data bytes from a data source across the plurality of data packets according to the random distribution pattern and transmits the plurality of data packets across a network; and
-
5. A method of securely transmitting a data packet between a sending computer and a receiving computer, comprising the steps of:
-
(1) encrypting the data packet using session key known to the sending computer and the receiving computer, but not known by intermediate computers between the sending computer and the receiving computer; (2) adding a packet header that identifies the data packet to the data packet encrypted in step (1); (3) encrypting the combined packet header and encrypted data packet created in step (2) using a link key known to each of a plurality of intermediate computers arranged between the first computer and the second computer; (4) adding a cleartext packet header to route the packet encrypted in step (3); and (5) transmitting the packet created in step (4). - View Dependent Claims (6, 7)
-
-
8. A method of transmitting data over a computer network, comprising the steps of:
-
at an originating terminal connected to the computer network, receiving a stream of data, and forming first level data pack payloads therefrom; identifying a network destination address for the stream of data and adding first level headers containing data representing the network destination address to each of the data packets to form a first level packet; encrypting each of the first level packets to form second level packet payloads;
attaching to the second level packet, payloads headers containing as destination addresses, addresses of at least one intermediate router connecting the originating terminal to the destination to form second level packets;sending the second level packets to the at least one intermediate router; at the at least one intermediate router, decrypting at least one of the second level payloads and determining from the first level headers he destination address, forming new packets containing at least the first level packet payloads, and attaching headers thereto containing the destination address, whereby a true destination of the data stream is concealed behind a layer of encryption for at least a portion of its travel over the network. - View Dependent Claims (9, 10, 11)
-
-
12. A method of routing packets on a packet network, comprising the steps of:
- block-encrypting, with a session key, message data to form payloads;
dividing an encrypted block resulting from the block-encrypting into at least two data payloads such that interleaving portions of data resulting from the block-encrypting step are among the at least two data payloads; encrypting, with a link key, each of the at least two data payloads, together with destination data identifying a final destination for the packets; combining, with a first payload resulting from the last step of encrypting, a first hop address indicating a first intermediate destination address and transmitting a first packet resulting thereby to the first intermediate destination address; combining, with a second payload resulting from the last step of encrypting, a second hop address indicating a second intermediate destination address and transmitting a second packet resulting thereby to the second intermediate destination address. - View Dependent Claims (13, 14)
- block-encrypting, with a session key, message data to form payloads;
Specification