Agile network protocol for secure communications with assured system availability
First Claim
1. A method of transmitting data packets from a first computer to a second computer, comprising the steps of:
- (i) determining a sender'"'"'s Internet Protocol (IP) address selected from a first set of IP addresses allocated to the first computer;
(ii) determining a receiver'"'"'s IP address selected from a second set of IP addresses allocated to the second computer;
(iii) creating a packet header comprising the sender'"'"'s and receiver'"'"'s IP addresses;
(iv) the first computer transmitting to the second computer a data packet comprising the packet header;
(v) the second computer receiving the data packet;
(vi) determining a second sender IP address selected from a third set of IP addresses allocated to the first computer;
(vii) determining a second receiver IP address selected from a fourth set of IP addresses allocated to the second computer; and
(viii) accepting the data packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet,wherein in steps (vi) and (vii) the IP address determination is based on a pseudo-random algorithm that selects an IP address pair.
3 Assignments
0 Petitions
Accused Products
Abstract
A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. These techniques include a self-synchronization technique in which a sync field is transmitted as part of each packet, and a “checkpoint” scheme by which transmitting and receiving nodes can advance to a known point in their hopping schemes. A fast-packet reject technique based on the use of presence vectors is also described. A distributed transmission path embodiment incorporates randomly selected physical transmission paths.
324 Citations
18 Claims
-
1. A method of transmitting data packets from a first computer to a second computer, comprising the steps of:
-
(i) determining a sender'"'"'s Internet Protocol (IP) address selected from a first set of IP addresses allocated to the first computer; (ii) determining a receiver'"'"'s IP address selected from a second set of IP addresses allocated to the second computer; (iii) creating a packet header comprising the sender'"'"'s and receiver'"'"'s IP addresses; (iv) the first computer transmitting to the second computer a data packet comprising the packet header; (v) the second computer receiving the data packet; (vi) determining a second sender IP address selected from a third set of IP addresses allocated to the first computer; (vii) determining a second receiver IP address selected from a fourth set of IP addresses allocated to the second computer; and (viii) accepting the data packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet, wherein in steps (vi) and (vii) the IP address determination is based on a pseudo-random algorithm that selects an IP address pair. - View Dependent Claims (2, 3, 4)
-
-
5. A method of transmitting data packets between a first computer and a second computer, comprising the steps of:
-
(i) the second computer receiving a data packet including a packet header comprising a first sender Internet Protocol (IP) address and a first receiver IP address; (ii) determining a second sender IP address selected from a first set of IP addresses allocated to the first computer; (iii) determining a second receiver IP address selected from a second set of IP addresses allocated to the second computer; (iv) accepting the data packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet, wherein the first receiver IP address periodically changes between successive data packets, wherein in steps (ii) and (iii) the IP address determination is based on a pseudo-random algorithm that selects an IP address pair of the second sender IP address and the second receiver IP address. - View Dependent Claims (6)
-
-
7. A receiving computer that receives data packets from a transmitting computer, wherein the receiving computer comprises computer instructions that execute the steps of:
-
(i) receiving data packets from a transmitting computer including a packet header comprising a first sender Internet Protocol (IP) address and a first receiver IP address; (ii) for each data packet, determining a second sender IP address selected from a first set of IP addresses allocated to the transmitting computer; (iii) for each data packet, determining a second receiver IP address selected from a second set of IP addresses allocated to the receiving computer; (iv) for each data packet, accepting the data packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet, wherein the first receiver IP address periodically changes between successive data packets, wherein in steps (ii) and (iii) the IP address determination is based on a pseudo-random algorithm that selects an IP address pair of the second sender IP address and the second receiver IP address. - View Dependent Claims (8)
-
-
9. A transmitting computer that transmits data packets to a receiving computer, wherein the transmitting computer comprises computer instructions that execute the steps of:
-
(i) determining a sender'"'"'s IP address selected from a first set of IP addresses allocated to the transmitting computer; (ii) determining a receiver'"'"'s IP address selected from a second set of IP addresses allocated to the receiving computer; (iii) creating a packet header comprising the sender'"'"'s and receiver'"'"'s IP addresses; (iv) the transmitting computer transmitting to the receiving computer a data packet comprising the packet header; (v) receiving an indication from the receiving computer of a result of the receiving computer performing steps of; a. the receiving computer determining a second sender IP address selected from a third set of IP addresses allocated to the transmitting computer; b. determining a second receiver IP address selected from a fourth set of IP addresses allocated to the receiving computer; and c. accepting the data packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet, wherein in steps a. and b. the IP address determination is based on a pseudo-random algorithm that selects an IP address pair. - View Dependent Claims (10, 11, 12)
-
-
13. A method of transmitting data packets between a first computer and a second computer, comprising the steps of:
-
(i) the second computer receiving a data packet including a packet header comprising a first sender Internet Protocol (IP) address and a first receiver IP address; (ii) determining a second sender IP address selected from a first set of IP addresses allocated to the first computer; (iii) determining a second receiver IP address selected from a second set of IP addresses allocated to the second computer; (iv) accepting the data packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet, wherein the first receiver IP address periodically changes between successive data packets, wherein in steps (ii) and (iii) the IP address determination is based on a pseudo-random algorithm that selects an IP address pair. - View Dependent Claims (14, 15, 16)
-
-
17. A receiving computer that receives data packets from a transmitting computer, wherein the receiving computer comprises computer instructions that execute the steps of:
-
(i) receiving data packets from a transmitting computer including a packet header comprising a first sender Internet Protocol (IP) address and a first receiver IP address; (ii) for each data packet, determining a second sender IP address selected from a first set of IP addresses allocated to the transmitting computer; (iii) for each data packet, determining a second receiver IP address selected from a second set of IP addresses allocated to the receiving computer; (iv) for each data packet, accepting the data packet when first and second sender IP addresses match and first and second receiver IP addresses match, otherwise, rejecting the packet, wherein the first receiver IP address periodically changes between successive data packets, wherein in steps (ii) and (iii) the IP address determination is based on a pseudo-random algorithm that selects an IP address pair. - View Dependent Claims (18)
-
Specification