Truly anonymous communications using supernets, with the provision of topology hiding
First Claim
1. In a private network having a source node and a destination node which communicate using a public network infrastructure, a method comprising the steps of:
- establishing an address pair for each node of the private network, each address pair including a virtual address within the private network assigned by an authentication module and a real address indicating a physical location associated with each node; and
sending a message from the source node to the destination node, including an address pair for the source node, such that a real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner by providing for anonymous communications within the network through addressing. As a result, the users of a Supernet benefit from their network infrastructure being maintained for them as part of the public-network infrastructure, while the level of security they receive is similar to that of a private network. Additionally, the nodes of the Supernet are not geographically restricted in that they can be connected to the Supernet from virtually any portal to the Internet in the world.
130 Citations
24 Claims
-
1. In a private network having a source node and a destination node which communicate using a public network infrastructure, a method comprising the steps of:
-
establishing an address pair for each node of the private network, each address pair including a virtual address within the private network assigned by an authentication module and a real address indicating a physical location associated with each node; and
sending a message from the source node to the destination node, including an address pair for the source node, such that a real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
an establishing module for establishing an address pair for each of a source node and a destination node of a private network, said nodes of the private network being configured to communicate and share computing resources over a channel through a public network infrastructure, wherein only the source and destination nodes can communicate over said channel, and each address pair including a virtual address within the private network assigned by an authentication module and a real address associated with the public network infrastructure indicating a physical location associated with each node; and
a sending module for sending a message from the source node to the destination node, including an address pair for the source node, such that the real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product comprising:
-
a computer usable medium having computer readable code embodied therein providing for a private network having a source node and a destination node which communicate and share computing resources over a public network infrastructure, comprising;
an establishing module for establishing an address pair for each node of the private network, each address pair including a virtual address within the private network assigned by an authentication module and a real address associated with the public network infrastructure indicating a physical location associated with each node; and
a sending module for sending a message from the source node to the destination node, including an address pair for the source node, such that the real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A system comprising:
-
a private network, with an internal addressing scheme, including a source node and a destination node, wherein said nodes of the private network communicate using a public network infrastructure having a public addressing scheme;
means for establishing an address pair for each node of the private network, each address pair including an internal identifier associated with the internal address scheme and a real address associated with the public address scheme;
means, coupled to the source node, for;
receiving, from the source node, a message including an internal identifier associated with the source node and an internal identifier associated with the destination node, mapping the internal identifier associated with the source node to the real address of the source node and the internal identifier associated with the destination node to the real address of the destination node, and transmitting the message over the public network infrastructure for receipt by the destination node using the real address of the destination node; and
means, coupled to the destination node, for receiving the message from the public network infrastructure and delivering the message to the destination node via the internal identifier associated with the destination node.
-
-
23. A system comprising:
-
means for establishing an address pair for each of a source node and a destination node of a private network, said nodes of the private network being operable to communicate over a channel through a public network infrastructure, and each address pair including a virtual address within the private network and a real address associated with the public network infrastructure; and
means for sending a message from the source node to the destination node, including the source node address pair, such that a real address associated with the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by an authentication module.
-
-
24. A system comprising:
-
means for establishing an address pair for each of a source node and a destination node included in a private network having an internal addressing scheme, said nodes of the private network being operable to communicate using a public network infrastructure having a public addressing scheme, and each address pair including an internal identifier associated with the internal address scheme and a real address associated with the public address scheme;
means, coupled to the source node, for;
receiving, from the source node, a message including an internal identifier associated with the source node and an internal identifier associated with the destination node, mapping the internal identifier associated with the source node to the real address of the source node and the internal identifier associated with the destination node to the real address of the destination node, and transmitting the message over the public network infrastructure for receipt by the destination node using the real address of the destination node; and
means, coupled to the destination node, for receiving the message from the public network infrastructure and delivering the message to the destination node via the internal identifier associated with the destination node.
-
Specification