Agile Network Protocol For Secure Communications With Assured System Availability
First Claim
1. A method of routing packets on a packet network, comprising the steps of:
- block-encrypting, with a session key, message data to form payloads;
dividing an encrypted block resulting from the block-encrypting into at least two data payloads such that interleaving portions of data resulting from the block-encrypting step are among the at least two data payloads;
encrypting, with a link key, each of the at least two data payloads, together with destination data identifying a final destination for the packets;
combining, with a first payload resulting from the last step of encrypting, a first hop address indicating a first intermediate destination address and transmitting a first packet resulting thereby to the first intermediate destination address;
combining, with a second payload resulting from the last step of encrypting, a second hop address indicating a second intermediate destination address and transmitting a second packet resulting thereby to the second intermediate destination address.
2 Assignments
0 Petitions
Accused Products
Abstract
A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
-
Citations
3 Claims
-
1. A method of routing packets on a packet network, comprising the steps of:
- block-encrypting, with a session key, message data to form payloads;
dividing an encrypted block resulting from the block-encrypting into at least two data payloads such that interleaving portions of data resulting from the block-encrypting step are among the at least two data payloads; encrypting, with a link key, each of the at least two data payloads, together with destination data identifying a final destination for the packets; combining, with a first payload resulting from the last step of encrypting, a first hop address indicating a first intermediate destination address and transmitting a first packet resulting thereby to the first intermediate destination address; combining, with a second payload resulting from the last step of encrypting, a second hop address indicating a second intermediate destination address and transmitting a second packet resulting thereby to the second intermediate destination address. - View Dependent Claims (2, 3)
- block-encrypting, with a session key, message data to form payloads;
Specification