Agile Network Protocol For Secure Communications With Assured System Availability
First Claim
1. A method of routing packets on a packet network, comprising the steps of:
- block-encrypting, with a session key, message data to form payloads;
dividing an encrypted block resulting from the block-encrypting into at least two data payloads such that interleaving portions of data resulting from the block-encrypting step are among the at least two data payloads;
encrypting, with a link key, each of the at least two data payloads, together with destination data identifying a final destination for the packets;
combining, with a first payload resulting from the last step of encrypting, a first hop address indicating a first intermediate destination address and transmitting a first packet resulting thereby to the first intermediate destination address;
combining, with a second payload resulting from the last step of encrypting, a second hop address indicating a second intermediate destination address and transmitting a second packet resulting thereby to the second intermediate destination address.
2 Assignments
0 Petitions
Accused Products
Abstract
A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
-
Citations
3 Claims
-
1. A method of routing packets on a packet network, comprising the steps of:
- block-encrypting, with a session key, message data to form payloads;
dividing an encrypted block resulting from the block-encrypting into at least two data payloads such that interleaving portions of data resulting from the block-encrypting step are among the at least two data payloads; encrypting, with a link key, each of the at least two data payloads, together with destination data identifying a final destination for the packets; combining, with a first payload resulting from the last step of encrypting, a first hop address indicating a first intermediate destination address and transmitting a first packet resulting thereby to the first intermediate destination address; combining, with a second payload resulting from the last step of encrypting, a second hop address indicating a second intermediate destination address and transmitting a second packet resulting thereby to the second intermediate destination address. - View Dependent Claims (2, 3)
- block-encrypting, with a session key, message data to form payloads;
Specification
-
- Resources
-
Current AssigneeVirnetX Inc. (Virnetx Holding Corporation)
-
Original AssigneeVirnetX Inc. (Virnetx Holding Corporation)
-
InventorsMunger, Edmund Colby, Schmidt, Douglas Charles, Gligor, Virgil D., Short, Robert Dunham III, Sabio, Vincent J.
-
Application NumberUS13/154,021Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/168CPC Class CodesH04L 2101/604 Address structures or formatsH04L 45/20 Hop count for routing purpo...H04L 45/24 MultipathH04L 61/2539 Hiding addresses; Keeping a...H04L 61/30 Managing network names, e.g...H04L 61/5007 Internet protocol [IP] addr...H04L 61/5076 Update or notification mech...H04L 61/5092 by self-assignment, e.g. pi...H04L 63/0272 Virtual private networksH04L 63/04 for providing a confidentia...H04L 63/0407 wherein the identity of one...H04L 63/0421 Anonymous communication, i....H04L 63/0428 wherein the data content is...H04L 63/0435 wherein the sending and rec...H04L 63/1441 Countermeasures against mal...H04L 63/1491 using deception as counterm...H04L 69/14 Multichannel or multilink p...H04L 9/065 Encryption by serially and ...H04M 3/42008 Systems for anonymous commu...
