SYSTEM AND METHOD FOR ROUTING-BASED INTERNET SECURITY

US 20120166582A1
Filed: 12/14/2011
Published: 06/28/2012
Est. Priority Date: 12/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method for improving the security of transferring a message including a succession of message elements from a sender location to a recipient location over multiple paths in the Internet using a plurality of intermediate servers, wherein the sender location, the recipient location and the servers are each associated with an IP (Internet Protocol) address for being addressable in the Internet, the method comprising:

(a) partitioning the message into a plurality of message slices, each message slice containing at least one of the message elements;

(b) assigning to one or more of said message slices the address of a selected intermediate server; and

(c) sending the one or more of said message slices together with the IP address of the recipient location to the intermediate server to which the message slice is assigned.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and system for improving the security of storing digital data in a memory or its delivery as a message over the Internet from a sender to a receiver using one or more hops is disclosed. The message is split at the sender into multiple overlapping or non-overlapping slices according to a slicing scheme, and the slices are encapsulated in packets each destined to a different relay server as an intermediate node according to a delivery scheme. The relay servers relay the received slices to another other relay server or to the receiver. Upon receiving all the packets containing all the slices, the receiver combines the slices reversing the slicing scheme, whereby reconstructing the message sent.

391 Citations

212 Claims

1. A method for improving the security of transferring a message including a succession of message elements from a sender location to a recipient location over multiple paths in the Internet using a plurality of intermediate servers, wherein the sender location, the recipient location and the servers are each associated with an IP (Internet Protocol) address for being addressable in the Internet, the method comprising:
- (a) partitioning the message into a plurality of message slices, each message slice containing at least one of the message elements;
  
  (b) assigning to one or more of said message slices the address of a selected intermediate server; and
  
  (c) sending the one or more of said message slices together with the IP address of the recipient location to the intermediate server to which the message slice is assigned.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
- - 2. The method according to claim 1, wherein each of the plurality of intermediate servers executes at least the steps of:
    - (a) receiving and identifying each message slice assigned to the intermediate server and the IP address of the recipient location; and
      
      (b) sending the message slice to the recipient location.
  - 3. The method according to claim 2, further comprising the steps of:
    - encrypting at least part of the message slices after said partitioning step; and
      
      decrypting the at least part of the message slices having at least an encrypted part at the intermediate server prior to said step of sending of the message slice to the recipient location.
  - 4. The method according to claim 2, further comprising the step of encrypting a message slice at the intermediate server after the slice is received at the intermediate server.
  - 5. The method according to claim 1, wherein at least one out of a plurality of intermediate servers executes at least the steps of:
    - (a) receiving and identifying each message slice assigned to the at least one intermediate server and the IP address of the recipient location; and
      
      (b) sending each received message slice with the IP address of the recipient location to another server.
  - 6. The method according to claim 5, comprising operating at least one of the intermediate servers to store at least one of:
    - the assigned message slice;
      
      the IP address of the sender location; and
      
      the IP address of the recipient location.
  - 7. The method according to claim 1, further comprising, at the recipient location, at least the steps of:
    - (a) receiving and identifying a plurality of the message slices; and
      
      (c) reconstructing at least part of the message as it existed before said partitioning step.
  - 8. The method according to claim 7, further comprising the preliminary step of encrypting the message before said partitioning step, wherein said partitioning step is carried out on the encrypted message, and decrypting the encrypted message at the recipient location after said reconstructing step.
  - 9. The method according to claim 7, further comprising encrypting at least part of the message slices after said partitioning step, and decrypting the encrypted message at the recipient location after said reconstructing step.
  - 10. The method according to claim 1, further comprising a preliminary step of determining the number of message slices into which the message is to be partitioned, and wherein said step of partitioning the message is carried out to partition the message into the determined number of message slices.
  - 11. The method according to claim 10, wherein the number of message slices to use for the message partitioning is a randomly generated number.
  - 12. The method according to claim 1, further comprising a preliminary step of determining the number of message elements in each of the message slices, and wherein said step of partitioning the message is carried out to partition the message into message slices each having the respective determined number of message elements.
  - 13. The method according to claim 12, wherein part of or all message slices have the same number of message elements.
  - 14. The method according to claim 12, wherein the number of message elements included in each of the message slices is a randomly generated number.
  - 15. The method according to claim 1, wherein said step of partitioning is carried so that each of the message elements is included in only one message slice.
  - 16. The method according to claim 1, wherein each of the message elements is included in at least two message slices.
  - 17. The method according to claim 1, wherein the message elements in at least one of the message slices follow one another in the same order as in the message.
  - 18. The method according to claim 1, wherein the message elements in at least one of the message slices follow one another in an order different from the order of the same message elements in the message.
  - 19. The method according to claim 18, where the message elements in at least one of the message slices are separated by at least one intervening element in the message.
  - 20. The method according to claim 1, wherein said each of said message elements is a bit, a nibble, a byte, or a multi-byte word.
  - 21. The method according to claim 1, wherein said each of said message elements represents a number, a character or a letter.
  - 22. The method according to claim 1, comprising a preliminary step of padding the message.
  - 23. The method according to claim 1, wherein at least one of the message slices is padded.
  - 24. The method according to claim 1, wherein said partitioning into slices is performed based on the current date or the current TOD (Time-of-Day).
  - 25. The method according to claim 1, wherein information about the partitioning step is sent together with one of the message slices.
  - 26. The method according to claim 1, wherein information about a message slice is sent together with a different slice.
  - 27. The method according to claim 1, comprising a preliminary step of encrypting the message before said partitioning step, and said partitioning step is performed on the encrypted message.
  - 28. The method according to claim 1, further comprising encrypting at least part of the message slices after the partition step.
  - 29. The method according to claim 1, wherein at least two of said intermediate servers are located at geographically disparate locations.
  - 30. The method according to claim 29, wherein at least two of said intermediate servers are located in different cities, in different states, in different countries, or on different continents.
  - 31. The method according to claim 29, further comprising the preliminary step of providing at least two of the intermediate servers and locating the at least two intermediate servers at geographically disparate locations.
  - 32. The method according to claim 1, further comprising the preliminary step of storing a list composed of a plurality of IP addresses of available intermediate servers.
  - 33. The method according to claim 32, wherein at least one respective message slice is assigned to each of the intermediate servers in said list.
  - 34. The method according to claim 32, wherein a respective intermediate server in said list is associated with each message slice.
  - 35. The method according to claim 32, wherein at least one of the intermediate servers in said list is not associated with a message slice.
  - 36. The method according to claim 32, wherein the addresses of the intermediate servers in said list are sequentially assigned to a respective one of a succession of message slices.
  - 37. The method according to claim 32, wherein for each message slice, an intermediate server is randomly selected from said list.
  - 38. The method according to claim 32, wherein a geographical location is associated with each intermediate server in said list, and the intermediate servers are selected for assignment from the list based on their geographical location.
  - 39. The method according to claim 32, wherein, for each message slice, an intermediate server is selected based on a former selection for a message or message slice.
  - 40. The method according to claim 32, wherein, for each message slice, an intermediate server is selected based on the current date, or the current TOD (Time-of-Day).
  - 41. The method according to claim 1, wherein the order of sending the message slices is based on the order of the first message element in each message slice in the message.
  - 42. The method according to claim 1, wherein the order of sending the message slices is selected at random.
  - 43. The method according to claim 1, wherein said intermediate servers are dedicated servers, and the method further comprising the preliminary step of providing the plurality of intermediate servers.
  - 44. The method according to claim 1, wherein said intermediate servers are integrated with other servers having a specific distinct, different functionality.
  - 45. The method according to claim 44, wherein at least one of the other servers is one of:
    - a web server;
      
      a database server;
      
      a mail server;
      
      a FTP server; and
      
      a DNS server.
  - 46. The method according to claim 44, wherein at least one of said intermediate servers shares with the other server one of:
    - an enclosure;
      
      an Internet connection;
      
      an IP address;
      
      a processor; and
      
      a peripheral device.
  - 47. An apparatus comprising:
    - a memory; and
      
      a processor configured by said memory to perform the method of claim 1.
  - 48. An apparatus comprising:
    - a memory; and
      
      a processor configured by said memory to perform the method of claim 2.
  - 49. An apparatus comprising:
    - a memory; and
      
      a processor configured by said memory to perform the method of claim 5.
  - 50. An apparatus comprising:
    - a memory; and
      
      a processor configured by said memory to perform the method of claim 7.
  - 51. The method according to claim 1 where said intermediate servers are dedicated servers, and wherein the method is preceded by the step of providing said multiple intermediate servers.
  - 52. The method according to claim 1 where said intermediate servers are integrated with other servers having a specific distinct functionality.
  - 53. The method according to claim 52 where at least one out of said other servers is one out of a web server, a database server, a mail server, a FTP server, a DHCP server and a DNS server.
  - 54. The method according to claim 52 where at least one of said intermediate server share with the other server one out of an enclosure, an Internet connection, an IP address, a processor or a peripheral device.
  - 55. The method according to claim 1 wherein the message is delivered as part of a real-time service.
  - 56. The method according to claim 1 wherein the message includes audio or video information.
  - 57. The method according to claim 56 wherein the message is part of one out of VoIP, video conferencing, IPTV and Internet telephony service.
  - 58. The method according to claim 1 further including the step of generating a random number, and wherein the random number is used as part of the partition of the message or association of the message slices with said intermediate servers.
  - 59. The method according to claim 58, wherein the generating of said random number is based on a physical process.
  - 60. The method according to claim 59, wherein the physical process is one out of thermal noise, shot noise, nuclear decaying radiation, photoelectric effect and quantum phenomenon.
  - 61. The method according to claim 58, wherein the generating of said random number is based on an algorithm for generating pseudo-random numbers.
  - 62. The method according to claim 3, wherein at least one out of said plurality of intermediate server further executes at least the steps of partitioning the received message slice into a plurality of sub-slices, each sub-slice containing one or more of said message elements, and sending the sub-slices with the IP address of the recipient to another intermediate server or to the recipient.
  - 63. The method according to claim 1, wherein the sender steps or the recipient steps are executed by a dedicated software module.
  - 64. The method according to claim 1, wherein the sender steps or the recipient steps are respectively executed by a software module integrated with the application involved in generating the message to be sent or using the received message.
  - 65. The method according to claim 2, wherein the sender steps and the intermediate server steps are both executed by the same processor.
  - 66. The method according to claim 4, wherein the recipient steps and the intermediate server steps are both executed by the same processor.
  - 67. The method according to claim 2, wherein a dedicated device is executing the intermediate server steps.
  - 68. The method according to claim 2, wherein the intermediate server steps are executed by a server having another function.
  - 69. The method according to claim 1 wherein a second message is to be sent, the method further comprising the steps of:
    - partitioning the second message into a plurality of message slices, each message slice containing one or more of said second message elements;
      
      associating each message slice with an intermediate server; and
      
      sending each message slice together with the IP address of the recipient to the server associated with the message slice.
  - 70. The method according to claim 69 wherein the partitioning of the second message is based on a partitioning scheme distinct from the partitioning of the first message.
  - 71. The method according to claim 69 wherein the association of each of the second message slices with an intermediate server is based on an associating scheme distinct from the associating of the first message slices.
  - 72. The method according to claim 1 wherein the message partition is based on a slicing scheme, and the method is further preceded by the step of receiving and storing the slicing scheme.
  - 73. The method according to claim 72 wherein the slicing scheme is received via the Internet.
  - 74. The method according to claim 73 wherein the slicing scheme is received via the Internet from the recipient or from one of said intermediate servers.
  - 75. The method according to claim 73 wherein the slicing scheme is received via the Internet from the server distinct from said intermediate servers.
  - 76. The method according to claim 72 wherein the slicing scheme is periodically received.
  - 77. The method according to claim 76 wherein the slicing scheme is periodically received based on a date or on TOD.
  - 78. The method according to claim 76 wherein the periods between slicing schemes receptions is random.
  - 79. The method according to claim 1 wherein the association between the message slices and the intermediate servers is based on an associating scheme including an available intermediate servers list, and the method is further preceded with the step of receiving and storing the associating scheme.
  - 80. The method according to claim 79 wherein the associating scheme is received via the Internet.
  - 81. The method according to claim 80 wherein the associating scheme is received via the Internet from the recipient or from one of said intermediate servers.
  - 82. The method according to claim 80 wherein the associating scheme is received via the Internet from the server distinct from said intermediate servers.
  - 83. The method according to claim 79 wherein the associating scheme is periodically received.
  - 84. The method according to claim 83 wherein the associating scheme is periodically received based on a date or on TOD.
  - 85. The method according to claim 83 wherein the periods between slicing schemes receptions is random.
  - 86. The method according to claim 1 wherein the message to be sent is originated at a computer other than the sender, the method further preceded by the step of receiving the message to be sent from said computer.
  - 87. The method according to claim 86 wherein the message is received via a network.
  - 88. The method according to claim 87 wherein the network is a LAN, NGN or an intranet.
  - 89. The method according to claim 88 wherein the sender is integrated or co-located with a router, a NAT-enabled computer or a gateway.
  - 90. The method according to claim 86 wherein the sender is integrated or co-located with a security device.
  - 91. The method according to claim 90 wherein the security device is a firewall.
  - 92. The method according to claim 1 wherein the message slices are sent in IP packets having an IP source address selected from a list of IP addresses, and wherein the association between the packet including the message slices and the IP addresses is based on an associating scheme, and the method is further preceded by the step of receiving and storing the list of the available IP addresses and the associating scene.
  - 93. The method according to claim 92 wherein the associating scheme is received via the Internet.
  - 94. The method according to claim 93 wherein the associating scheme is received via the Internet from the recipient or from one of said intermediate servers.
  - 95. The method according to claim 93 wherein the associating scheme is received via the Internet from the server distinct from said intermediate servers.
  - 96. The method according to claim 92 wherein the associating scheme is periodically received.
  - 97. The method according to claim 96 wherein the associating scheme is periodically received based on a date or on TOD.
  - 98. The method according to claim 96 wherein the periods between slicing schemes receptions is random.

99. A method for improving the security of transferring a message composed of a succession of message elements from a sender to a recipient, the message is partitioned into multiple message slices each including one or more message elements and carried over a distinct path in the Internet, the sender, the recipient and the servers are each associated with an IP (Internet Protocol) address for being addressable in the Internet, the method [executed by the recipient] comprising the steps of:
- (a) receiving packets including said message slices;
  
  (b) identifying the message slices received in the packets;
  
  (c) determining that all message slices were received; and
  
  (d) reconstructing at least part of the message [before the partitioning].

100. An apparatus for connecting to a processor and to a location-addressable memory having an address space, the memory is connectable to the processor via a bus of a first type, the apparatus comprising:
- a first port couplable to a first bus of said first type for connecting to said processor;
  
  a first interface coupled to said first port for receiving a first address word in said address space from said processor;
  
  a second port couplable to a second bus for connecting to said memory;
  
  a second interface coupled to said second port for transmitting a second address word in said address space to said memory; and
  
  a scrambler coupled between said first and second interfaces for converting said first address word to said second address word distinct from said first address word.
- View Dependent Claims (101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203)
- - 101. The apparatus according to claim 100, wherein said first address word is converted to said second address word using a one-to-one mapping.
  - 102. The apparatus according to claim 101, wherein said scrambler is based only on electrical connections.
  - 103. The apparatus according to claim 101, wherein each of said first and second address words define a sequence of bits, and wherein the conversion includes re-arranging the sequence of at least two bits in said address words.
  - 104. The apparatus according to claim 101, wherein each of said first and second address words comprises multiple bits, and wherein a level of significance is associated with each of said bits, and wherein the conversion includes changes the significance level of at least two bits in said address words.
  - 105. The apparatus according to claim 101, wherein said scrambler is based on logic gates implementing a Boolean function.
  - 106. The apparatus according to claim 105, wherein said scrambler is based on discretely packaged logic gates.
  - 107. The apparatus according to claim 105, wherein said scrambler is based on PLD.
  - 108. The apparatus according to claim 105, wherein said scrambler is based on a memory.
  - 109. The apparatus according to claim 105, wherein said scrambler is based on a processor.
  - 110. The apparatus according to claim 101, wherein said conversion is according to a pre-set conversion scheme.
  - 111. The apparatus according to claim 110, wherein said conversion scheme is programmable.
  - 112. The apparatus according to claim 111, wherein said conversion scheme is programmable by said processor.
  - 113. The apparatus according to claim 112, wherein said scrambler coupled to said first bus for being addressable by said processor.
  - 114. The apparatus according to claim 100, wherein said second bus type is of the same type of said first bus.
  - 115. The apparatus according to claim 100, wherein said second bus type is distinct from said first bus type.
  - 116. The apparatus according to claim 100, further including said memory.
  - 117. The apparatus according to claim 116, wherein said memory is based on electrostatic, ferroelectric, magnetic, acoustic, optical, chemical, electronic, electric, or mechanical storage medium, or any combination thereof.
  - 118. The apparatus according to claim 116, wherein said memory is file-addressable or content-addressable.
  - 119. The apparatus according to claim 116, wherein said apparatus is part of a NAS or a SAN.
  - 120. The apparatus according to claim 116, wherein said memory is a once written memory.
  - 121. The apparatus according to claim 116, wherein said memory is connectable to said processor to be read from, or written to, via second bus.
  - 122. The apparatus according to claim 121, wherein said second bus is a parallel bus.
  - 123. The apparatus according to claim 121, wherein said second bus is a bit-serial bus.
  - 124. The apparatus according to claim 100, further comprising a power supply having a power port couplable to be powered from a power source, said power supply having one or more DC outputs for powering at least part of said memory.
  - 125. The apparatus according to claim 124, further comprising a power connector for connecting to said power source, and wherein said power port is coupled to said power connector.
  - 126. The apparatus according to claim 125, wherein said second bus is based on a cable carrying a power signal, wherein said apparatus further comprising a bus connector for connecting to said cable, and wherein said power port is coupled to said bus connected for powering said power supply from said power signal.
  - 127. The apparatus according to claim 100, wherein said memory is a sequential accessed memory.
  - 128. The apparatus according to claim 100, wherein said memory is location-based, randomly-accessed, and can be written multiple times.
  - 129. The apparatus according to claim 100, wherein said memory is based on semiconductor storage medium.
  - 130. The apparatus according to claim 129, wherein said memory is volatile.
  - 131. The apparatus according to claim 130, wherein said memory is one out of:
    - RAM, SRAM, DRAM, TTRAM and Z-RAM.
  - 132. The apparatus according to claim 129, wherein said memory is non-volatile.
  - 133. The apparatus according to claim 132, wherein said memory is one out of:
    - ROM, PROM, EPROM and EEROM.
  - 134. The apparatus according to claim 129, wherein said memory is based on Flash technology.
  - 135. The apparatus according to claim 134, wherein said memory is a SSD drive or USB ‘
    - Thumb’
      
      drive.
  - 136. The apparatus according to claim 100, wherein said memory is based on non-volatile magnetic storage medium.
  - 137. The apparatus according to claim 136, wherein said memory is an HDD.
  - 138. The apparatus according to claim 100, wherein said memory is based on an optical storage medium.
  - 139. The apparatus according to claim 138, wherein said storage medium is recordable and removable, and wherein said memory includes an optical disk drive.
  - 140. The apparatus according to claim 139, wherein said storage medium is one out of:
    - CD-RW, DVD-RW, DVD+RW, DVD-RAM and BD-RE.
  - 141. The apparatus according to claim 139, wherein said storage medium is readable and removable, and wherein said memory includes an optical disk drive.
  - 142. The apparatus according to claim 141, wherein said storage medium is one out of:
    - CD-ROM, BD-ROM and DVD-ROM.
  - 143. The apparatus according to claim 100, wherein said memory form factor is an IC, a PCB on which one or more ICs are mounted, or a box-shaped enclosure.
  - 144. The apparatus according to claim 100, wherein said first or said second bus is a PAN or a WAN communication link.
  - 145. The apparatus according to claim 100, wherein said first or said second bus is a LAN communication link.
  - 146. The apparatus according to claim 145, wherein said first or said second bus is based on Ethernet and is substantially compliant to IEEE 802.3 standard.
  - 147. The apparatus according to claim 146, wherein said first or said second bus is based on one out of:
    - 100BaseT/TX, 1000BaseT/TX, 10 gigabit Ethernet substantially according to IEEE Std 802.3ae-2002 as standard, 40 Gigabit Ethernet, and 100 Gigabit Ethernet substantially according to IEEE P802.3ba standard.
  - 148. The apparatus according to claim 100 further comprising encryptor/decryptor using an encryption scheme coupled between said first and second interfaces, for encrypting and decrypting digital data between said first and second buses.
  - 149. The apparatus according to claim 148, wherein said encryption scheme is based on AES 128, 192 or 256 bits.
  - 150. The apparatus according to claim 100, wherein said first or said second bus is based on a multi-drop or a daisy-chain topology.
  - 151. The apparatus according to claim 100, wherein said first or said second bus is based on a point-to-point connection.
  - 152. The apparatus according to claim 108, wherein said first or said second bus employs master/slave scheme.
  - 153. The apparatus according to claim 108, wherein said first or said second bus is based on full-duplex communication.
  - 154. The apparatus according to claim 108, wherein said first or said second bus is based on half-duplex communication.
  - 155. The apparatus according to claim 100, wherein said first or said second bus is a wired-based, point-to-point, and bit-serial bus, and wherein a timing, clocking or strobing signal is carried over dedicated wires.
  - 156. The apparatus according to claim 100, wherein said first or said second bus is a wired-based, point-to-point, and bit-serial bus, and wherein a timing, clocking or strobing signal is carried using a self-clocking scheme.
  - 157. The apparatus according to claim 100, wherein said first or said second bus medium is based on a fiber-optics cable, and wherein said apparatus respectively further comprising a fiber-optics connector for connecting to said fiber-optics cable.
  - 158. The apparatus according to claim 100, wherein said first or said second bus medium is based on conductors.
  - 159. The apparatus according to claim 158, wherein said first or said second bus medium is based on a bus cable including multiple wires, and wherein said apparatus further comprising a bus connector for connecting to said bus cable.
  - 160. The apparatus according to claim 159, wherein said bus cable is further carrying one or more power signals.
  - 161. The apparatus according to claim 160, wherein said power signal is powering at least part of the apparatus.
  - 162. The apparatus according to claim 159, wherein said one or more power signals are DC type and are carried over dedicated wires.
  - 163. The apparatus according to claim 162, wherein said one or more power signals are DC type and are carried over the same wires carrying digital data, and wherein said apparatus further comprising a power/data splitter arrangement having first, second and third ports, wherein only digital data signal is passed between said first and second ports, and only power signal is passed between said first and third ports, and wherein said first port is coupled to said bus connector.
  - 164. The apparatus according to claim 162, wherein said power and digital data signals are carried using FDM, where the digital data signal is carried over a frequency band above and distinct from the power signal.
  - 165. The apparatus according to claim 164, wherein said power/data splitter comprising a HPF between said first and second ports and a LPF between said first and third ports.
  - 166. The apparatus according to claim 164, wherein said power/data splitter comprising a transformer and a capacitor connected to the transformer windings.
  - 167. The apparatus according to claim 163, wherein said power and digital data signals are carried using phantom scheme.
  - 168. The apparatus according to claim 167, wherein said power/data splitter comprising at least two transformer having a center-tap connection.
  - 169. The apparatus according to claim 168, wherein said power and digital data signals are carried substantially according to IEEE 802.3af-2003 or IEEE 802.3 at-2009 standards.
  - 170. The apparatus according to claim 160, wherein the apparatus is connected for at least in part supply said power signal.
  - 171. The apparatus according to claim 170, wherein said one or more power signals are DC type and are carried over dedicated wires.
  - 172. The apparatus according to claim 170, wherein said one or more power signals are DC type and are carried over the same wires carrying digital data, and wherein said apparatus further comprising a power/data combiner arrangement having first, second and third ports, wherein only digital data signal is passed between said first and second ports, and only power signal is passed between said first and third ports, and wherein said first port is coupled to said bus connector.
  - 173. The apparatus according to claim 172, wherein said power and digital data signals are carried using FDM, where the digital data signal is carried over a frequency band above and distinct from the power signal.
  - 174. The apparatus according to claim 173, wherein said power/data combiner comprising a HPF between said first and second ports and a LPF between said first and third ports.
  - 175. The apparatus according to claim 173, wherein said power/data combiner comprising a transformer and a capacitor connected to the transformer windings.
  - 176. The apparatus according to claim 172, wherein said power and digital data signals are carried using phantom scheme.
  - 177. The apparatus according to claim 176, wherein said power/data combiner comprising at least two transformer having a center-tap connection.
  - 178. The apparatus according to claim 177, wherein said power and digital data signals are carried substantially according to IEEE 802.3af-2003 or IEEE 802.3 at-2009 standards.
  - 179. The apparatus according to claim 100 further implemented as a separate physical entity.
  - 180. The apparatus according to claim 179, further implemented in the form of a die, an IC, a box-shaped enclosure or a PCB carrying ICs and other electronic components, a plug-in card or a removable enclosure.
  - 181. The apparatus according to claim 100 further integrated with said memory.
  - 182. The apparatus according to claim 100 further integrated with said processor.
  - 183. The apparatus according to claim 100 further integrated with an intermediate device.
  - 184. The apparatus according to claim 183 further integrated with the intermediate device, wherein said intermediate device is one of a hub, a switch, a router and a bus expander.
  - 185. The apparatus according to claim 100, wherein said first bus or said second bus is based on a cable, and wherein said respective first port or said second port is a connector connectable to said cable.
  - 186. The apparatus according to claim 185, wherein said cable includes conductive wires or is a fiber-optic cable.
  - 187. The apparatus according to claim 185, wherein said first interface or said second interface comprising a transmitter and a receiver coupled to said connector for respectively transmitting to, and receiving from, said cable.
  - 188. The apparatus according to claim 187, wherein said transmitter uses differential signaling, emphasis shaping, and self-clocking line-code.
  - 189. The apparatus according to claim 188, wherein said transmitter further employs error detection, alignment, clock-correction or channel-bonding.
  - 190. The apparatus according to claim 187, wherein said receiver uses equalization, impedance matching termination, and PLL.
  - 191. The apparatus according to claim 190, wherein said receiver further uses decoding and detecting encoding-based errors.
  - 192. The apparatus according to claim 100, wherein said first bus is a serial bus, and wherein the apparatus further comprises a serializer and de-serializer coupled between said first interface and said scrambler, for converting to parallel the digital data received from said first interface and for serializing the digital data received from said scrambler.
  - 193. The apparatus according to claim 192, wherein said second bus is a serial bus, and wherein the apparatus further comprises a serializer and de-serializer coupled between said second interface and said scrambler, for converting to parallel the digital data received from said second interface and for serializing the digital data received from said scrambler.
  - 194. The apparatus according to claim 100, further integrated with said processor or said memory.
  - 195. The apparatus according to claim 194, further comprising a component shared with said processor or said memory.
  - 196. The apparatus according to claim 195 further comprising a single enclosure housing said first and second ports, said first and second and said scrambler, said enclosure further housing said processor or said memory.
  - 197. The apparatus according to claim 195 further comprising a power supply for powering at least part of the apparatus, said power supply connected to power said processor or said memory.
  - 198. The apparatus according to claim 195 further comprising components mounted on a substrate, and wherein said substrate is used to support said processor or said memory.
  - 199. A set of two or more apparatuses each according to claim 100, wherein said apparatuses use scramblers having implementing the same scrambling schemes.
  - 200. The set according to claim 199, wherein said apparatuses are mechanically attached.
  - 201. The set according to claim 200, wherein said apparatuses are mechanically detachable.
  - 202. A set of the apparatus of claim 100 and a memory, wherein said apparatus is formed as a plug-in and removable unit with said memory.
  - 203. A set of the apparatus of claim 100 and a computer including said processor, wherein said apparatus is formed as a plug-in and removable unit with said computer.

204. An apparatus for connecting to a processor and to a location-addressable memory capable of storing data words in an address space, the memory is connectable to the processor via a bus of a first type, the apparatus comprising:
- a first port connectable to a first bus of said first type;
  
  a first interface coupled to said first port for receiving a first data word associated with an address in said address space;
  
  a second port connectable to a second bus;
  
  a second interface coupled to said second port for transmitting a second data word associated with said address; and
  
  a scrambler connected between said first and second interfaces for converting said first data word to said second data word distinct from said first data word;
  
  wherein one of said first and second buses is connectable to a processor and the other is connectable to a memory.

205. A method for relaying a message from a sender to a recipient, the sender and the recipient are each associated with an IP (Internet Protocol) address for being addressable in the Internet, the method [executed by an intermediate server] comprising the steps of:
- receiving a packet from the sender, the packet includes as a payload the message and the recipient IP address;
  
  extracting and identifying the message, the sender IP address and the recipient IP address from the received packet; and
  
  sending the message together with the sender IP address to the recipient or to an intermediate server.
- View Dependent Claims (206, 207, 208, 209, 210, 211, 212)
- - 206. The method according to claim 205 wherein at least part of the message is encrypted, and the method further comprising the step of decrypting the message after receiving it.
  - 207. The method according to claim 205 further comprising the step of encrypting the message before sending it.
  - 208. The method according to claim 205 wherein the message is composed of a succession of message elements, and the method further comprising the steps of partitioning the message into a plurality of message slices, each message slice containing one or more of said message elements;
    - and sending each message slice together with the IP address of the sender to the recipient or to an intermediate server.
  - 209. An apparatus executing the method according to claim 205, wherein the apparatus is a server.
  - 210. The apparatus according to claim 209 further integrated with another server further executes a specific distinct functionality.
  - 211. The apparatus according to claim 210, wherein the server is one out of a web server, a database server, a mail server, a FTP server, a DHCP server and a DNS server.
  - 212. The apparatus according to claim 210 where the apparatus share with the other server one out of an enclosure, an Internet connection, an IP address, a processor or a peripheral device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
May Patents Ltd.
Original Assignee
May Patents Ltd.
Inventors
BINDER, Yehuda

Granted Patent

US 9,177,157 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/217
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/78   to assure secure storage of...

G06F 21/80   in storage media based on m...

G06F 21/85   interconnection devices, e....

G06F 7/58   Random or pseudo-random num...

H04L 51/046   Interoperability with other...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/18   using different networks or...

H04L 67/63   Routing a service request d...

SYSTEM AND METHOD FOR ROUTING-BASED INTERNET SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

391 Citations

212 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR ROUTING-BASED INTERNET SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

391 Citations

212 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links