Agile network protocol for secure communications with assured system availability
First Claim
1. A method of securely transmitting a datastream comprising a plurality of IP packets from a first computer to a second computer over a communication channel, the method carried out at the first computer and comprising the steps of:
- (1) interleaving a block of the plurality of IP packets;
(2) encrypting the interleaved packets in the block; and
(3) creating an IP header for each of the encrypted interleaved packets, each header including;
an interleave sequence identifier for deinterleaving the encrypted interleaved packet,an identification of the second computer as the destination of the interleaved encrypted packet, anda counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer.
3 Assignments
0 Petitions
Accused Products
Abstract
A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
-
Citations
45 Claims
-
1. A method of securely transmitting a datastream comprising a plurality of IP packets from a first computer to a second computer over a communication channel, the method carried out at the first computer and comprising the steps of:
-
(1) interleaving a block of the plurality of IP packets; (2) encrypting the interleaved packets in the block; and (3) creating an IP header for each of the encrypted interleaved packets, each header including; an interleave sequence identifier for deinterleaving the encrypted interleaved packet, an identification of the second computer as the destination of the interleaved encrypted packet, and a counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for securely transmitting a datastream comprising a plurality of IP packets from a first computer to a second computer over a communication channel, the system comprising:
-
a memory storing instructions; and one or more processors configured to execute the stored instructions to; (1) interleave a block of of the plurality of IP packets; (2) encrypt the interleaved packet in the block; and (3) creating an IP header for each of the interleaved encrypted packets the header including; an interleave sequence identifier for deinterleaving the interleaved encrypted packet, an identification of the second computer as the destination of the interleaved encrypted packet, and a counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A non-transitory machine readable medium comprising instructions to be executed by a first computer to implement a method of securely transmitting a datastream comprising a plurality of IP packets from the first computer to a second computer over a communication channel, the method comprising the steps of:
-
(1) interleaving a one block of the plurality of packets; (2) encrypting the interleaved packets in the block; and (3) creating an IP header for each of the interleaved encrypted packets, the header including; an interleave sequence identifier for deinterleaving the interleaved encrypted packet, an identification of the second computer as the destination of the interleaved encrypted packet, and a counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification