Data encryption cipher using rotating ports
First Claim
Patent Images
1. A machine for securely communicating data across a data network comprising:
- at least one sending computer connected to a network;
at least one receiving computer connected to the network;
the network providing at least one communication path for communicating information over the network from the sending computer to the receiving computer;
the at least one sending computer being configured to send at least one message across the network to the receiving computer, the message including port and/or connection negotiation information;
the at least one sending computer system being configured to generate a random, non-repeating One Time Pad (OTP) for use in encrypting the at least one message for sending across the network to the receiving computer;
the at least one sending computer being configured to create multiple logical and/or physical ports for the message and/or data stream to traverse the network to provide multiple connections on different communications channels across the network path(s) between the sending computer and the receiving computer;
the at least one sending computer and the receiving computer being configured to communicate over the network via a first communication channel on a first port, a second communication channel on a second port and a third communication channel on a third port;
the at least one sending computer being configured to conceal a message with a first calculation using a first One Time Pad to produce a first encrypted stream, the sending computer sending the first encrypted stream to the receiving computer over the first communication channel;
the at least one sending computer being configured to use a second calculation based on the first One Time Pad and a second One Time Pad to produce a second encrypted stream, the sending computer sending the second encrypted stream to the receiving computer over the second communication channel;
the at least one sending computer being configured to encrypt the second One Time Pad to produce cipher text and sending the cipher text to the receiving computer over the third communication channel;
the receiving computer being configured to (a) receive and decrypting the cipher text to recover the second One Time Pad, (b) receive the second encrypted stream, (c) use the recovered second One Time Pad and the received second encrypted stream to recover the first One Time Pad, (d) receive the first encrypted stream, and (e) use the recovered first One Time Pad on the received first encrypted stream to recover the message;
the receiving computer being configured to use the recovered message specifying port and/or connection negotiation information to establish at least one further secure connection between the sending and receiving computers to conceal a data port for further secret messaging,wherein the recovered message is configured to cause the receiving computer to participate in establishing the at least one further secure connection by structuring a data/port channel, N OTP channels, and a control channel between the sending and receiving computers, the sending and receiving computers remapping said further connection into at least one standard or well known socket port.
0 Assignments
0 Petitions
Accused Products
Abstract
A streaming one time pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) to establish multiple secure point-to-point connections. This can be used to implement a streaming OTP point-to-point firewall, virtual private network or other communications facility for communicating secure information across one or more insecure networks.
31 Citations
18 Claims
-
1. A machine for securely communicating data across a data network comprising:
-
at least one sending computer connected to a network; at least one receiving computer connected to the network; the network providing at least one communication path for communicating information over the network from the sending computer to the receiving computer; the at least one sending computer being configured to send at least one message across the network to the receiving computer, the message including port and/or connection negotiation information; the at least one sending computer system being configured to generate a random, non-repeating One Time Pad (OTP) for use in encrypting the at least one message for sending across the network to the receiving computer; the at least one sending computer being configured to create multiple logical and/or physical ports for the message and/or data stream to traverse the network to provide multiple connections on different communications channels across the network path(s) between the sending computer and the receiving computer; the at least one sending computer and the receiving computer being configured to communicate over the network via a first communication channel on a first port, a second communication channel on a second port and a third communication channel on a third port; the at least one sending computer being configured to conceal a message with a first calculation using a first One Time Pad to produce a first encrypted stream, the sending computer sending the first encrypted stream to the receiving computer over the first communication channel; the at least one sending computer being configured to use a second calculation based on the first One Time Pad and a second One Time Pad to produce a second encrypted stream, the sending computer sending the second encrypted stream to the receiving computer over the second communication channel; the at least one sending computer being configured to encrypt the second One Time Pad to produce cipher text and sending the cipher text to the receiving computer over the third communication channel; the receiving computer being configured to (a) receive and decrypting the cipher text to recover the second One Time Pad, (b) receive the second encrypted stream, (c) use the recovered second One Time Pad and the received second encrypted stream to recover the first One Time Pad, (d) receive the first encrypted stream, and (e) use the recovered first One Time Pad on the received first encrypted stream to recover the message; the receiving computer being configured to use the recovered message specifying port and/or connection negotiation information to establish at least one further secure connection between the sending and receiving computers to conceal a data port for further secret messaging, wherein the recovered message is configured to cause the receiving computer to participate in establishing the at least one further secure connection by structuring a data/port channel, N OTP channels, and a control channel between the sending and receiving computers, the sending and receiving computers remapping said further connection into at least one standard or well known socket port. - View Dependent Claims (2, 4, 7, 11, 12)
-
-
3. A machine for securely communicating data across a data network comprising:
-
at least one sending computer connected to a network; at least one receiving computer connected to the network; the network providing at least one communication path for communicating information over the network from the sending computer to the receiving computer; the at least one sending computer being configured to send at least one message across the network to the receiving computer, the message including port and/or connection negotiation information; the at least one sending computer system being configured to generate a random, non-repeating One Time Pad (OTP) for use in encrypting the at least one message for sending across the network to the receiving computer; the at least one sending computer being configured to create multiple logical and/or physical ports for the message and/or data stream to traverse the network to provide multiple connections on different communications channels across the network path(s) between the sending computer and the receiving computer; the at least one sending computer and the receiving computer being configured to communicate over the network via a first communication channel on a first port, a second communication channel on a second port and a third communication channel on a third port;
the at least one sending computer being configured to conceal a message with a first calculation using a first One Time Pad to produce a first encrypted stream, the sending computer sending the first encrypted stream to the receiving computer over the first communication channel;the at least one sending computer being configured to use a second calculation based on the first One Time Pad and a second One Time Pad to produce a second encrypted stream, the sending computer sending the second encrypted stream to the receiving computer over the second communication channel; the at least one sending computer being configured to encrypt the second One Time Pad to produce cipher text and sending the cipher text to the receiving computer over the third communication channel; the receiving computer being configured to (a) receive and decrypting the cipher text to recover the second One Time Pad, (b) receive the second encrypted stream, (c) use the recovered second One Time Pad and the received second encrypted stream to recover the first One Time Pad, (d) receive the first encrypted stream, and (e) use the recovered first One Time Pad on the received first encrypted stream to recover the message; the receiving computer being configured to use the recovered message specifying port and/or connection negotiation information to establish at least one further secure connection between the sending and receiving computers to conceal a data port for further secret messaging, wherein the recovered messages cause the receiving computer to participate in creating a further connection using a standard system assigned ephemeral port and the ephemeral port and/or communication channel is changed periodically. - View Dependent Claims (8, 13, 14)
-
-
5. A receiving computer for securely receiving data across a data network providing at least one communication path for communicating information from at least one sending computer to the receiving computer, the at least one sending computer being configured to (a) send at least one message across the network to the receiving computer, the message including port and/or connection negotiation information, (b) generate a random, non-repeating One Time Pad (OTP) for use in encrypting the at least one message for sending across the network to the receiving computer, (c) create multiple logical and/or physical ports to provide multiple connections on different communications channels across the network path(s) between the sending computer and the receiving computer, (d) conceal a message with a first calculation using a first One Time Pad to produce a first encrypted stream, (e) use a second calculation based on the first One Time Pad and a second One Time Pad to produce a second encrypted stream, and (f) encrypt the second One Time Pad to produce cipher text;
-
the receiving computer being connected to the network and configured to receive over the network via the different communication channels including at least a first communication channel on a first port and a second communication channel on a second port, the receiving computer being configured to; (1) receive the first encrypted stream from the sending computer via at least one of the different communication channels, (2) receive the second encrypted stream from the sending computer via at least one of the different communication channels, (3) receive the cipher text from the sending computer via at least one of the different communication channels; (4) decrypt the cipher text to recover the second One Time Pad, (5) use the recovered second One Time Pad and the received second encrypted stream to recover the first One Time Pad, (6) use the recovered first One Time Pad and the received first encrypted stream to recover the message; and (7) use the recovered message specifying port and/or connection negotiation information to establish at least one further secure connection between the sending and receiving computers to conceal a data port for further secret messaging, wherein the receiving computer is configured to use the recovered message to participate in establishing the at least one further secure connection by structuring a data/port channel, N OTP channels, and a control channel between the sending and receiving computers, the receiving computer remapping said further connection into at least one standard or well known socket port, where N is an integer. - View Dependent Claims (9, 15, 16)
-
-
6. A sending computer for securely sending data across a data network to at least one receiving computer connected to the network, the network providing at least one communication path for communicating information over the network to the receiving computer, the sending computer being connected to the network, the sending computer comprising at least one processor configured to:
-
send at least one message across the network to the receiving computer, the message including port and/or connection negotiation information; generate a random, non-repeating One Time Pad (OTP) for use in encrypting the at least one message for sending across the network to the receiving computer; create multiple logical and/or physical ports to provide multiple connections on different communications channels across the network path(s) between the sending computer and the receiving computer; communicate over the network with the receiving computer via the different communication channels including at least a first communication channel on a first port and a second communication channel on a second port; conceal a message with a first calculation using a first One Time Pad to produce a first encrypted stream; send the first encrypted stream to the receiving computer over at least one of the different communication channels to enable the receiving computer to receive the first encrypted stream; use a second calculation based on the first One Time Pad and a second One Time Pad to produce a second encrypted stream; send the second encrypted stream to the receiving computer over at least one of the different communication channels to enable the receiving computer to receive the second encrypted stream, use a recovered second One Time Pad and the received second encrypted stream to recover the first One Time Pad, use the recovered first One Time Pad on the received first encrypted stream to recover the message, and use the recovered message specifying port and/or connection negotiation information to establish at least one further secure connection between the sending and receiving computers to conceal a data port for further secret messaging; encrypt the second One Time Pad to produce cipher text; and send the cipher text to the receiving computer over at least one of the plural communication channels to enable the receiving computer to receive and decrypt the cipher text to recover the second One Time Pad; wherein the recovered message is configured to cause the receiving computer to participate in establishing the at least one further secure connection by structuring a data/port channel, N OTP channels, and a control channel between the sending and receiving computers, and the sending computer is further configured to remap said further connection into at least one standard or well known socket port, where N is an integer. - View Dependent Claims (10, 17, 18)
-
Specification