SYSTEM AND METHOD TO COMMUNICATE SENSITIVE INFORMATION VIA ONE OR MORE UNTRUSTED INTERMEDIATE NODES WITH RESILIENCE TO DISCONNECTED NETWORK TOPOLOGY
First Claim
1. A method of communicating using a system configured to exchange encrypted data via at least two nodes, the method comprising:
- executing an agent in the system configured with (i) an internal DNS address to point to one of the at least two nodes, and (ii) an external DNS address to point to another one of the at least two nodes;
establishing a communication link between one of the at least two nodes and the agent;
signing a payload containing data using a private key to produce an envelope; and
encrypting the envelope using a public key associated with one of the at least two nodes and the agent,wherein the at least two nodes are configured to authenticate the agent when establishing the communication link between the one of the at least two nodes and the agent.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method to communicate secure information between a plurality of computing machines using an untrusted intermediate with resilience to disconnected network topology. The system and method utilize agnostic endpoints that are generalized to be interoperable among various systems, with their functionality based on their location in a network. The system and method enable horizontal scaling on the network. One or more clusters may be set up in a location within a network or series of networks in electronic communication, e.g., in a cloud or a sub-network, residing between a secure area of the network(s) and an unsecure area such as of an external network or portion of a network. The horizontal scaling allows the system to take advantage of a capacity of a local network. As long as an agent has connectivity to at least one locale of the network, the agent is advantageously operable to move data across the system.
194 Citations
29 Claims
-
1. A method of communicating using a system configured to exchange encrypted data via at least two nodes, the method comprising:
-
executing an agent in the system configured with (i) an internal DNS address to point to one of the at least two nodes, and (ii) an external DNS address to point to another one of the at least two nodes; establishing a communication link between one of the at least two nodes and the agent; signing a payload containing data using a private key to produce an envelope; and encrypting the envelope using a public key associated with one of the at least two nodes and the agent, wherein the at least two nodes are configured to authenticate the agent when establishing the communication link between the one of the at least two nodes and the agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A communication system comprising:
-
at least one memory storing instructions, that when executed by at least one processor are configured to (i) compress data, (ii) sign the data using a private key, and (iii) encrypt the data using a public key to form a data payload; an agent configured to establish a communication link and transmit the data payload using the communication link; and a node configured to (i) receive the data payload, and (ii) process metadata associated with the data payload to determine whether an entirety of the data payload was transmitted successfully from the processor to the node. - View Dependent Claims (24, 25, 26, 27)
-
-
28. A communication node comprising:
-
a memory configured to store an agent; and a processor configured to execute the agent to (a) establish a communication link with another node, (b) authenticate the other node to obtain a public key, (c) encrypt a specified amount of data using the public key to form a data envelope, and (d) transmit the data envelope to the other node. - View Dependent Claims (29)
-
Specification