Method and apparatus for anonymous IP datagram exchange using dynamic network address translation
First Claim
1. A computer-implemented method for concealing the identity of a network device transmitting a datagram having a network layer header, comprising:
- determining, by operation of a computer, a unique next-hop identifier in accordance with a next-hop address that identifies a next-hop that the datagram will visit;
generating, by operation of said computer, a broadcast address in accordance with the next-hop address;
creating, by operation of said computer, a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier; and
encapsulating, by operation of said computer, the datagram with another network layer header whose address is set to the broadcast address.
17 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatus, system and computer program are provided for concealing the identity of a network device transmitting a datagram having a network layer header. A unique local identifier and broadcast address are determined in accordance with a next-hop address. A partially encrypted network layer header is determined by encrypting a plurality of identifying portions of the network layer header, where one portion of the network layer header is the unique local identifier. The datagram is encapsulated with another network layer header whose address is set to the broadcast address. The encapsulated datagram can be received and detunneled, and an address of a recipient can be extracted from the network layer header. The datagram is then admitted into a network domain.
-
Citations
49 Claims
-
1. A computer-implemented method for concealing the identity of a network device transmitting a datagram having a network layer header, comprising:
-
determining, by operation of a computer, a unique next-hop identifier in accordance with a next-hop address that identifies a next-hop that the datagram will visit; generating, by operation of said computer, a broadcast address in accordance with the next-hop address; creating, by operation of said computer, a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier; and encapsulating, by operation of said computer, the datagram with another network layer header whose address is set to the broadcast address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus for concealing the identity of a network device transmitting a datagram having a network layer header, comprising:
a processor including processing circuitry configured to determine a unique next-hop identifier in accordance with a next-hop address that identities a next-hop that the datagram will visit, generate a broadcast address in accordance with the next-hop address, create a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier, and encapsulate the datagram with another network layer header whose address is set to the broadcast address. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
24. An apparatus for forwarding a datagram having a network layer header, comprising:
-
a transceiver adapted to receive an encapsulated datagram from a network device; a processor including processing circuitry configured to detunnel the encapsulated datagram, extract an address from the network layer header, and admit the datagram into a network domain, wherein the network device is adapted to determine a unique next-hop identifier in accordance with a next-hop address that identifies a next-hop that the datagram will visit, generate a broadcast address in accordance with the next-hop address, create a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier, encapsulate the datagram with another network layer header whose address is set to the broadcast address, and transmit the encapsulated datagram.
-
-
25. A machine-readable medium having stored thereon a computer program, for concealing the identity of a network device transmitting a datagram having a network layer header, operable to:
-
determine a unique next-hop identifier in accordance with a next-hop address; generate a broadcast address in accordance with the next-hop address that identifies a next-hop that the datagram will visit; create a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier; and encapsulate the datagram with another network layer header whose address is set to the broadcast address. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A machine-readable medium having stored thereon a computer program, for forwarding a datagram having a network layer header, operable to:
-
receive and detunnel an encapsulated datagram from a transceiver; extract an address from the network layer header; and admit the datagram into a network domain, wherein the transceiver is adapted to determine a unique next-hop identifier in accordance with a next-hop address that identifies a next-hop that the datagram will visit, generate a broadcast address in accordance with the next-hop address, create a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier, encapsulate the datagram with another network layer header whose address is set to the broadcast address, and transmit the encapsulated datagram.
-
-
37. An apparatus for concealing the identity of a network device transmitting a datagram having a network layer header, comprising:
-
means for determining a unique next-hop identifier in accordance with a next-hop address that identifies a next-hop that the datagram will visit; means for generating a broadcast address in accordance with the next-hop address; means for creating a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier; and means for encapsulating the datagram with another network layer header whose address is set to the broadcast address. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. An apparatus for forwarding a datagram having a network layer header, comprising:
-
means for receiving an encapsulated datagram from a network device; means for detunneling the encapsulated datagram; means for extracting an address from the network layer header; and means for admitting the datagram into a network domain, wherein the network device is adapted to determine a unique next-hop identifier in accordance with a next-hop address that identifies a next-hop that the datagram will visit, generate a broadcast address in accordance with the next-hop address, create a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier, encapsulate the datagram with another network layer header whose address is set to the broadcast address, and transmit the encapsulated datagram.
-
-
49. A system for concealing the identity of a network device transmitting a datagram having a network layer header, comprising:
-
a first processor adapted to determine a unique next-hop identifier in accordance with a next-hop address, generate a broadcast address in accordance with the next-hop address that identifies a next-hop that the datagram will visit, create a partially encrypted network layer header by encrypting a plurality of identifying portions of the network layer header, wherein one portion of the network layer header is the unique next-hop identifier, and encapsulate the datagram with another network layer header whose address is set to the broadcast address; a first transceiver electrically coupled to said first processor for transmitting and receiving the encapsulated datagram; and a second transceiver adapted to receive the encapsulated datagram, a second processor, electrically coupled to said second transceiver, adapted to detunnel the encapsulated datagram, extract an address from the network layer header, and admit the datagram into a network domain via the second transceiver.
-
Specification