System and method employing an agile network protocol for secure communications using secure domain names

US 8,843,643 B2
Filed: 07/25/2013
Issued: 09/23/2014
Est. Priority Date: 10/30/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing an encrypted communication link between a first device and a second device over a communication network, the method comprising:

enabling, at the first device, a secure communication mode without a user entering any cryptographic information for establishing the secure communication mode; and

establishing, based on a determination that the secure communication mode has been enabled, the encrypted communication link between the first device and the second device over the communication network, the establishing including;

constructing a domain name based on an identifier associated with the second device;

sending a query using the domain name;

receiving, in response to the query, at least one network address associated with the domain name; and

initiating establishment of the encrypted communication link between the first device and the second device over the communication network using the at least one network address and encrypted communication link resources received from a server that is separate from the first device.

View all claims

1 Assignment

Timeline View

Assignment View

2 Petitions

Accused Products

Abstract

A method and system are used to transparently create an encrypted communications channel between a client device and a target device. Audio video communications between the client device and the target device are allowed over the encrypted communications channel once the encrypted communications channel is created. The method comprises: (1) receiving from the client device a request for a network address associated with the target device; (2) determining whether the request is requesting access to a device that accepts an encrypted channel connection with the client device; and (3) depending on the determination made in step (2) providing provisioning information required to initiate the creation of the encrypted communications channel between the client device and the target device such that the encrypted communications channel supports secure audio/video communications transmitted between the two devices.

299 Citations

32 Claims

1. A method for establishing an encrypted communication link between a first device and a second device over a communication network, the method comprising:
- enabling, at the first device, a secure communication mode without a user entering any cryptographic information for establishing the secure communication mode; and
  
  establishing, based on a determination that the secure communication mode has been enabled, the encrypted communication link between the first device and the second device over the communication network, the establishing including;
  
  constructing a domain name based on an identifier associated with the second device;
  
  sending a query using the domain name;
  
  receiving, in response to the query, at least one network address associated with the domain name; and
  
  initiating establishment of the encrypted communication link between the first device and the second device over the communication network using the at least one network address and encrypted communication link resources received from a server that is separate from the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein enabling the secure communication mode includes receiving a command entered into the first device by the user, and the command specifies the secure communication mode.
  - 3. The method of claim 2, wherein the command defines a setup parameter associated with the secure communication mode.
  - 4. The method of claim 2, wherein receiving the command includes:
    - displaying, at the first device, a user interface including a user interface element for enabling the secure communication mode; and
      
      receiving the command from the user via the user interface element.
  - 5. The method of claim 4, wherein the user interface comprises an application stored on the first device.
  - 6. The method of claim 5, wherein the application comprises a web browser.
  - 7. The method of claim 1, wherein sending the query using the domain name includes sending, to a secure domain name service (SDNS), a query for a network address associated with the domain name.
  - 8. The method of claim 7, further comprising receiving the at least one network address in response to the query from the SDNS.
  - 9. The method of claim 7, further comprising, receiving, in response to the query, a list of network addresses associated with the domain name.
  - 10. The method of claim 9, wherein the list of network addresses includes a plurality of pseudorandom network addresses.
  - 11. The method of claim 9, further comprising communicating with the second device over the encrypted communication link, the communicating comprising:
    - transmitting, by the first device, packets to the second device;
      
      for each transmitted packet;
      
      selecting, by the first device, a network address from the list of network addresses; and
      
      inserting, by the first device, the selected network address into the transmitted packet; and
      
      receiving, by the first device, packets from the second device over the communication network; and
      
      for each received packet;
      
      comparing, by the first device, a network address in the received packet to the list of network addresses;
      
      rejecting, by the first device, the received packet if it contains a network address that is not in the list of network addresses; and
      
      accepting, by the first device, the received packet if it contains a network address that is in the list of network addresses.
  - 12. The method of claim 1, wherein:
    - the identifier includes a non-secure domain name; and
      
      constructing the domain name includes replacing the non-secure domain name with a secure domain name.
  - 13. The method of claim 1, further comprising:
    - determining, by the first device in response to enabling the secure communication mode, whether a secure communication software module should be downloaded and stored on the first device;
      
      accessing, by the first device and based on a determination that the secure communication software module should be downloaded and stored on the first device, a network address for loading the secure communication software module; and
      
      storing the secure communication software module at the first device.
  - 14. The method of claim 1, wherein the encrypted communication link comprises a virtual private network communication link over the communication network.
  - 15. The method of claim 1, further comprising displaying a visible indication on a display of the first device that the encrypted communication link is established.
  - 16. The method of claim 1, wherein the enablement of the secure communication mode triggers establishing of the encrypted communication link.

17. A first device configured to communicate with a second device over an communication network, the first device comprising:
- a communications component that communicates over the communication network;
  
  a memory storing computer program instructions; and
  
  at least one processor that executes the instructions to;
  
  enable a secure communication mode without a user entering any cryptographic information for establishing the secure communication mode; and
  
  establish, based on a determination that the secure communication mode has been enabled, the encrypted communication link between the first device and the second device over the communication network, the establishing including;
  
  constructing a domain name based on an identifier associated with the second device;
  
  sending a query using the domain name;
  
  receiving, in response to the query, at least one network address associated with the domain name; and
  
  initiating establishment of the encrypted communication link between the first device and the second device over the communication network using the at least one network address and encrypted communication link resources received from a server that is separate from the first device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The first device of claim 17, further comprising:
    - a display device;
      
      wherein the at least one processor further executes the instructions to;
      
      display, on the display device, a user interface including a user interface element for enabling the secure communication mode;
      
      receive a command from the user via the user interface element; and
      
      enable the secure communication mode in response to receiving the command.
  - 19. The first device of claim 17, wherein the command defines a setup parameter associated with the secure communication mode.
  - 20. The first device of claim 17, wherein the user interface comprises an application stored in the memory device.
  - 21. The first device of claim 20, wherein the application comprises a web browser.
  - 22. The first device of claim 17, wherein sending the query using the domain name includes sending, to a secure domain name service (SDNS), a query for a network address associated with the domain name.
  - 23. The first device of claim 22, wherein the at least one processor further executes the instructions to receive, from the SDNS in response to the query, the network address associated with the domain name.
  - 24. The first device of claim 22, wherein the at least one processor further executes the instructions to receive, in response to the query, a list of network addresses associated with the domain name.
  - 25. The first device of claim 24, wherein the list of network addresses includes a plurality of pseudorandom network addresses.
  - 26. The first device of claim 25, wherein the at least one processor further executes the instructions to communicate with the second device over the encrypted communication link, including to:
    - transmit, via the communications device, packets to the second device over the electronic network;
      
      for each transmitted packet;
      
      select a network address from the list of network addresses;
      
      insert the selected network address into the transmitted packet; and
      
      receive, via the communications device, packets from the second device over the electronic network; and
      
      for each received packet;
      
      compare a network address in the received packet to the list of network addresses;
      
      reject the received packet if it contains a network address that is not in the list of network addresses; and
      
      accept the received packet if it contains a network address that is in the list of network addresses.
  - 27. The first device of claim 17, wherein:
    - the identifier includes a non-secure domain name; and
      
      the at least one processor further executes the instructions to construct the domain name by replacing the non-secure domain name with a secure domain name.
  - 28. The first device of claim 17, wherein the at least one processor is further configured to execute the instructions to:
    - determine, in response to enabling the secure communication mode, whether a secure communication software module should be downloaded and stored on the first device;
      
      access, via the communications device based on a determination that the secure communication software module should be downloaded and stored on the first device, a network address for loading the secure communication software module; and
      
      store the secure communication software module in the memory device.
  - 29. The first device of claim 17, wherein the encrypted communication link comprises a virtual private network communication link over the communication network.
  - 30. The first device of claim 17, wherein the encrypted communication link is one encrypted communication link in a hierarchy of a plurality of encrypted communication links established on the electronic network.
  - 31. The first device of claim 17, further comprising:
    - a display device;
      
      wherein the at least one processor further executes the instructions to display, on the display device, a visible indication that the encrypted communication link is established.
  - 32. The first device of claim 17, wherein the at least one processor executes the instructions to trigger the establishment of the encrypted communication link upon enablement of the secure communication mode.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Inventors
Larson, Victor, Short, Robert Dunham III, Munger, Edmund Colby, Williamson, Michael
Primary Examiner(s)
Lim, Krisna

Application Number

US13/950,919
Publication Number

US 20130311767A1
Time in Patent Office

425 Days
Field of Search

709222-227
US Class Current

709/227
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/606   by securing the transmissio...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2101/30   Types of network names

H04L 2101/604   Address structures or formats

H04L 41/00   Arrangements for maintenanc...

H04L 45/00   Routing or path finding of ...

H04L 45/24   Multipath

H04L 45/28   using route fault recovery

H04L 61/30   Managing network names, e.g...

H04L 61/3015   Name registration, generati...

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/0407   wherein the identity of one...

H04L 63/0421 : Anonymous communication, i....

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/0478 : applying multiple layers of...

H04L 63/0485 : Networking architectures fo...

H04L 63/08 : for authentication of entit...

H04L 63/0876 : based on the identity of th...

H04L 63/105 : Multiple levels of security

H04L 63/1408 : by monitoring network traff...

H04L 63/1416 : Event detection, e.g. attac...

H04L 63/1458 : Denial of Service

H04L 63/1466 : Active attacks involving in...

H04L 63/164 : at the network layer

H04L 63/168 : above the transport layer

H04L 67/14 : Session management for real...

H04L 67/141 : Setup of application sessio...

View All

System and method employing an agile network protocol for secure communications using secure domain names

First Claim

1 Assignment

2 Petitions

Accused Products

Abstract

299 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

System and method employing an agile network protocol for secure communications using secure domain names

First Claim

1 Assignment

Subscription Required

Subscription Required

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

299 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links