Location privacy for internet protocol networks using cryptographically protected prefixes
First Claim
Patent Images
1. A network comprising:
- a plurality of interconnected routers;
wherein data is transmitted over said network through said interconnected routers;
said data including an address, said address identifying at least a logical location of a destination of said data;
wherein said address is divided into a plurality of pieces and at least a subset of said plurality of pieces are encrypted, and wherein said interconnected routers transmit said data along routes within said network based on decrypting different ones of said encrypted pieces at different points along each of said routes, and wherein address is divided at least in part by an aggregation of routers within a routing domain tree, wherein said routing domain tree is representative of the interconnections between said plurality of interconnected routers, said aggregation occurring to a plurality of routers which share a common parent route.
2 Assignments
0 Petitions
Accused Products
Abstract
Cryptographically Protected Prefixes (“CPPs”) are used to create IP addresses, preventing any correlation between a CPP IP address and a host'"'"'s geographic location. An IP address is subdivided into address prefixes of multiple segments. Each segment is encrypted with a cryptographic key known only to a subset of routers in the access network domain (or Privacy Domain). Therefore, each router obtains the information it needs to forward a packet of information, but not any additional information.
48 Citations
61 Claims
-
1. A network comprising:
a plurality of interconnected routers;
wherein data is transmitted over said network through said interconnected routers;
said data including an address, said address identifying at least a logical location of a destination of said data;
wherein said address is divided into a plurality of pieces and at least a subset of said plurality of pieces are encrypted, and wherein said interconnected routers transmit said data along routes within said network based on decrypting different ones of said encrypted pieces at different points along each of said routes, and wherein address is divided at least in part by an aggregation of routers within a routing domain tree, wherein said routing domain tree is representative of the interconnections between said plurality of interconnected routers, said aggregation occurring to a plurality of routers which share a common parent route.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
18. A network comprising:
-
a plurality of interconnected routers; means for transmitting data over said network, wherein said data includes an address which identifies a destination of said data; dividing means for dividing said address into a plurality of pieces; encrypting means for encrypting at least a subset of said plurality of pieces, wherein said interconnected routers transmit said data along routes within said network based on decrypting different ones of said encrypted pieces at different points along each of said routes; and aggregation means for aggregating routers within a routing domain tree, wherein said routing domain tree is representative of the interconnections between said plurality of interconnected routers. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A method for sharing data over a network, where said network includes a plurality of interconnected routers;
- said method comprising;
transmitting data over said network, said data including an address; identifying in said address at least a logical location of a destination of said data; dividing said address into a plurality of pieces; encrypting at least a subset of said plurality of pieces, and wherein said interconnected routers transmit said data along routes within said network based on decrypting different ones of said encrypted pieces at different points along each of said routes, and wherein said encryption includes encrypting at least a first piece of said address separately from the other pieces; decrypting at least the first piece of said address within a subset of said interconnected routers said subset of interconnected routers being unable to decrypt at least a different piece of said address than said first piece; and dividing said address at least in part by an aggregation of routers within a routing domain tree, wherein said routing domain tree is representative of the interconnections between said plurality of interconnected routers, said aggregation occurring to a plurality of routers which share a common parent router. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- said method comprising;
-
48. A router comprising:
a processor and a data path, wherein;
data is transmitted to, through and/or from said router, said data being processed by said processor for transmission along said data path;
said data being processed by said processor including processing of an address such that said address identifies at least a logical location of a destination of said data, said router being a router within a group of interconnected routers;
wherein said processing includes said address being divided into a plurality of pieces wherein at least a subset of said plurality of pieces are encrypted, and wherein said interconnected routers transmit said data along said data path based on decrypting different ones of said encrypted pieces at different points along said data path, wherein said router is enabled to decrypt at least a piece of said address, and wherein at least a first piece of said address is separately encrypted from the other pieces, and wherein said router is unable to decrypt at least a different piece of said address than said first piece, and wherein said address is divided at least in part by an aggregation of routers within a routing domain tree, wherein said routing domain tree is representative of the interconnections between said group of interconnected routers, said aggregation occurring to a plurality of routers which share a common parent router.- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
Specification