Agile network protocol for secure communications with assured system availability

US 8,874,771 B2
Filed: 08/16/2007
Issued: 10/28/2014
Est. Priority Date: 10/30/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method of securely transmitting a datastream comprising a plurality of IP packets from a first computer to a second computer over a communication channel, the method carried out at the first computer and comprising the steps of:

(1) interleaving a block of the plurality of IP packets;

(2) encrypting the interleaved packets in the block; and

(3) creating an IP header for each of the encrypted interleaved packets, each header including;

an interleave sequence identifier for deinterleaving the encrypted interleaved packet,an identification of the second computer as the destination of the interleaved encrypted packet, anda counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator'"'"'s parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

Citations

45 Claims

1. A method of securely transmitting a datastream comprising a plurality of IP packets from a first computer to a second computer over a communication channel, the method carried out at the first computer and comprising the steps of:
- (1) interleaving a block of the plurality of IP packets;
  
  (2) encrypting the interleaved packets in the block; and
  
  (3) creating an IP header for each of the encrypted interleaved packets, each header including;
  
  an interleave sequence identifier for deinterleaving the encrypted interleaved packet,an identification of the second computer as the destination of the interleaved encrypted packet, anda counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method according to claim 1, wherein the interleave sequence identifier represents the relationship of the interleaved encrypted packet with the IP packets of the block so that the datastream can be reconstructed at the second computer when decrypted and deinterleaved.
  - 3. A method according to claim 1, wherein a size of each block is within a predetermined maximum size of an interleave window.
  - 4. A method according to claim 1, wherein the IP header further includes at least one window sequence number representing the relationship of a plurality of blocks of packets with other blocks of packets so that the datastream can be reconstructed in its original order.
  - 5. A method according to claim 1, wherein a true destination of the interleaved encrypted packet is encrypted.
  - 6. A method according to claim 1, wherein the encrypting uses one or more encryption keys.
  - 7. A method according to claim 6, wherein the encryption keys are link keys.
  - 8. A method according to claim 6, wherein the encryption keys are session keys.
  - 9. A method according to claim 6, wherein the encryption keys are public and or private keys.
  - 10. A method according to claim 6, wherein the encryption keys are symmetric keys.
  - 11. A method according to claim 1, further comprising:
    - (a) assembling the pluralitypackets into a block destined for the same destination;
      
      (b) encrypting the packets in the block in accordance with an encryption technique;
      
      (c) interleaving the encrypted packets of the block; and
      
      (d) breaking the packets into a series of payloads.
  - 12. A method according to claim 11, wherein the header further includes a formula for deinterleaving the interleaved encrypted packet.
  - 13. A method according to claim 11, wherein the interleave sequence identifier includes data for deinterleaving the interleaved encrypted packet.
  - 14. A method according to claim 11, wherein assembling the includes mixing decoy data with the data of the IP packets in the block.
  - 15. A method according to claim 14, wherein the header includes an indicator whether the interleaved encrypted packet includes decoy data.

16. A system for securely transmitting a datastream comprising a plurality of IP packets from a first computer to a second computer over a communication channel, the system comprising:
- a memory storing instructions; and
  
  one or more processors configured to execute the stored instructions to;
  
  (1) interleave a block of of the plurality of IP packets;
  
  (2) encrypt the interleaved packet in the block; and
  
  (3) creating an IP header for each of the interleaved encrypted packets the header including;
  
  an interleave sequence identifier for deinterleaving the interleaved encrypted packet,an identification of the second computer as the destination of the interleaved encrypted packet, anda counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. A system according to claim 16, wherein the interleave sequence identifier represents the relationship of the interleaved encrypted packet with the IP packets of the block so that the datastream can be reconstructed at the second computer when decrypted and deinterleaved.
  - 18. A system according to claim 16, wherein a size of each block is within a predetermined maximum size of an interleave window.
  - 19. A system according to claim 16, wherein the IP header further includes at least one window sequence number representing the relationship of a plurality of blocks of packets with other blocks of packets so that the datastream can be reconstructed in its original order.
  - 20. A system according to claim 16, wherein the true destination of the interleaved encrypted packet is encrypted.
  - 21. A system according to claim 16, wherein the one or more processors are configured to encrypt using one or more encryption keys.
  - 22. A system according to claim 21, wherein the encryption keys are link keys.
  - 23. A system according to claim 21, wherein the encryption keys are session keys.
  - 24. A system according to claim 21, wherein the encryption keys are public and or private keys.
  - 25. A system according to claim 21, wherein the encryption keys are symmetric keys.
  - 26. A system according to claim 16, wherein the one or more processors are further configured and arranged so as to:
    - (a) assemble the plurality packets into a block destined for the same destination;
      
      (b) encrypt the packets in the block in accordance with an encryption technique;
      
      (c) interleave the encrypted packets of the block; and
      
      (d) break the packets into a series of payloads.
  - 27. A system according to claim 26, wherein the header further includes a formula for deinterleaving the interleaved encrypted packet.
  - 28. A system according to claim 26, wherein the interleave sequence identifier includes data for deinterleaving the interleaved encrypted packet.
  - 29. A system according to claim 26, wherein the one or more processors are further configured and arranged so as to assemble the payloads so as to further include decoy data mixed with the data of the IP packets in the block.
  - 30. A system according to claim 29, wherein the header further includes an indicator whether the interleaved encrypted packet includes decoy data.

31. A non-transitory machine readable medium comprising instructions to be executed by a first computer to implement a method of securely transmitting a datastream comprising a plurality of IP packets from the first computer to a second computer over a communication channel, the method comprising the steps of:
- (1) interleaving a one block of the plurality of packets;
  
  (2) encrypting the interleaved packets in the block; and
  
  (3) creating an IP header for each of the interleaved encrypted packets, the header including;
  
  an interleave sequence identifier for deinterleaving the interleaved encrypted packet,an identification of the second computer as the destination of the interleaved encrypted packet, anda counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 32. The non-transitory machine readable medium according to claim 31, wherein the interleave sequence identifier represents the relationship of the interleaved encrypted packet with the IP packets of the block so that the datastream can be reconstructed at the second computer when decrypted and deinterleaved.
  - 33. The non-transitory machine readable medium according to claim 31, wherein a size of each block is within a predetermined maximum size of an interleave window.
  - 34. The non-transitory machine readable medium according to claim 31, wherein the IP header further includes at least one window sequence number representing the relationship of a plurality of blocks of packets with other blocks of packets so that the datastream can be reconstructed in its original order.
  - 35. The non-transitory machine readable medium according to claim 31, wherein a true destination of the interleaved encrypted packet is encrypted.
  - 36. The non-transitory machine readable medium according to claim 31, wherein the encrypting uses one or more encryption keys.
  - 37. The non-transitory machine readable medium according to claim 36, wherein the encryption keys are link keys.
  - 38. The non-transitory machine readable medium according to claim 36, wherein the encryption keys are session keys.
  - 39. The non-transitory machine readable medium according to claim 36, wherein the encryption keys are public and or private keys.
  - 40. The non-transitory machine readable medium according to claim 36, wherein the encryption keys are symmetric keys.
  - 41. The non-transitory machine readable medium according to claim 31, wherein the interleaving and encrypting step includes:
    - (a) assembling the plurality of IP packets into a block;
      
      (b) encrypting the packets in the block in accordance with an encryption technique;
      
      (c) interleaving the encrypted packets of the block; and
      
      (d) breaking the packets into a series of payloads.
  - 42. The non-transitory machine readable medium according to claim 41, wherein the header further includes a formula for deinterleaving the interleaved encrypted packet.
  - 43. The non-transitory machine readable medium according to claim 41, wherein the interleave sequence identifier includes data for deinterleaving the interleaved encrypted packet.
  - 44. The non-transitory machine readable medium according to claim 41, wherein assembling the block includes mixing decoy data with the data of the IP packets.
  - 45. The non-transitory machine readable medium according to claim 41, wherein the header includes an indicator whether the interleaved encrypted packet includes decoy data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Inventors
Munger, Edmund Colby, Sabio, Vincent J., Short, Robert Dunham III, Gligor, Virgil D.
Primary Examiner(s)
STRANGE, AARON N

Application Number

US11/839,937
Publication Number

US 20080034201A1
Time in Patent Office

2,630 Days
Field of Search

709/230, 709/232, 709/236, 726/14
US Class Current

709/230
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 45/20   Hop count for routing purpo...

H04L 45/24   Multipath

H04L 61/2539   Hiding addresses; Keeping a...

H04L 61/30   Managing network names, e.g...

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/0407   wherein the identity of one...

H04L 63/0421   Anonymous communication, i....

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04L 69/14   Multichannel or multilink p...

H04L 9/065   Encryption by serially and ...

H04M 3/42008   Systems for anonymous commu...

Agile network protocol for secure communications with assured system availability

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Agile network protocol for secure communications with assured system availability

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links