Method and apparatus for anonymous IP datagram exchange using dynamic network address translation
First Claim
1. A method comprising:
- receiving a datagram at a network device, the datagram having a first header;
determining, by the network device, a next-hop network element to which the datagram will be forwarded;
determining, by the network device, a unique next-hop identifier in accordance with a next-hop address associated with the next-hop network element;
generating, by the network device, a broadcast address in accordance with the next-hop address;
including, by the network device, the unique next-hop identifier in the first header;
encrypting, by the network device, a plurality of identifying portions of the first header, including the unique next hop identifier;
encapsulating, by the network device, the datagram with a second header whose address is set to the broadcast address; and
transmitting, by the network device, the datagram according to the broadcast address.
13 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatus, system and computer program are provided for concealing the identity of a network device transmitting a datagram having a network layer header. A unique local identifier and broadcast address are determined in accordance with a next-hop address. A partially encrypted network layer header is determined by encrypting a plurality of identifying portions of the network layer header, where one portion of the network layer header is the unique local identifier. The datagram is encapsulated with another network layer header whose address is set to the broadcast address. The encapsulated datagram can be received and detunneled, and an address of a recipient can be extracted from the network layer header. The datagram is then admitted into a network domain.
-
Citations
10 Claims
-
1. A method comprising:
-
receiving a datagram at a network device, the datagram having a first header; determining, by the network device, a next-hop network element to which the datagram will be forwarded; determining, by the network device, a unique next-hop identifier in accordance with a next-hop address associated with the next-hop network element; generating, by the network device, a broadcast address in accordance with the next-hop address; including, by the network device, the unique next-hop identifier in the first header; encrypting, by the network device, a plurality of identifying portions of the first header, including the unique next hop identifier; encapsulating, by the network device, the datagram with a second header whose address is set to the broadcast address; and transmitting, by the network device, the datagram according to the broadcast address.
-
-
2. A method, comprising:
-
providing in a network, by operation of a computer, an IP datagram including a first header; and anonymously exchanging, by operation of said computer, said datagram from a sending node to an intended recipient node in said network, by; wrapping said datagram inside another routable, datagram having a second header; setting the destination address of said second header to a broadcast address of a subnet of said network, nodes of said subnet including said recipient node; transmitting said another routable datagram via said broadcast address; said nodes of said subnet including said intended recipient node receiving said another mutable datagram; and said intended recipient node accessing said datagram inside said another routable datagram. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
-
Specification