Truly anonymous communications using supernets, with the provision of topology hiding

US 6,798,782 B1
Filed: 12/10/1999
Issued: 09/28/2004
Est. Priority Date: 12/10/1999
Status: Expired due to Term

First Claim

Patent Images

1. In a private network having a source node and a destination node which communicate using a public network infrastructure, a method comprising the steps of:

establishing an address pair for each node of the private network, each address pair including a virtual address within the private network assigned by an authentication module and a real address indicating a physical location associated with each node; and

sending a message from the source node to the destination node, including an address pair for the source node, such that a real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner by providing for anonymous communications within the network through addressing. As a result, the users of a Supernet benefit from their network infrastructure being maintained for them as part of the public-network infrastructure, while the level of security they receive is similar to that of a private network. Additionally, the nodes of the Supernet are not geographically restricted in that they can be connected to the Supernet from virtually any portal to the Internet in the world.

130 Citations

View as Search Results

24 Claims

1. In a private network having a source node and a destination node which communicate using a public network infrastructure, a method comprising the steps of:
- establishing an address pair for each node of the private network, each address pair including a virtual address within the private network assigned by an authentication module and a real address indicating a physical location associated with each node; and
  
  sending a message from the source node to the destination node, including an address pair for the source node, such that a real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the establishing step includes maintaining within the address resolution module information identifying the virtual address and the real address with respect to each node.
  - 3. The method of claim 1, wherein the sending step includes creating a message at the source node including a body and a header wherein the body contains at least a virtual address for the source node.
  - 4. The method of claim 3, wherein the creating step includes providing for the header to contain at least the real address for the source node.
  - 5. The method of claim 1, wherein the sending step includes encrypting at least a portion of the message such that the source node and destination node can be deduced by the address resolution module.
  - 6. The method of claim 1, wherein the sending step includes preserving anonymity of the source node.
  - 7. The method of claim 1, wherein the establishing step includes dynamically assigning the virtual address by the authentication module within the private network.

8. A system comprising:
- an establishing module for establishing an address pair for each of a source node and a destination node of a private network, said nodes of the private network being configured to communicate and share computing resources over a channel through a public network infrastructure, wherein only the source and destination nodes can communicate over said channel, and each address pair including a virtual address within the private network assigned by an authentication module and a real address associated with the public network infrastructure indicating a physical location associated with each node; and
  
  a sending module for sending a message from the source node to the destination node, including an address pair for the source node, such that the real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the establishing module includes a module to maintain information within the address resolution module identifying the virtual address and the real address with respect to each node.
  - 10. The system of claim 8, wherein the sending module includes a module to create a message at the source node including a body and a header wherein the body contains at least a virtual address for the source node.
  - 11. The system of claim 10, wherein the creating module includes a module to provide for the header to contain at least the real address for the source node.
  - 12. The system of claim 8, wherein the sending module includes a module to encrypt at least a portion of the message such that the source node and destination node can be deduced by the address resolution module.
  - 13. The system of claim 8, wherein the sending module includes a module to preserve anonymity of the source node.
  - 14. The system of claim 8, wherein the establishing module includes a module to dynamically assign a virtual address by the independent address resolution module within the private network.

15. A computer program product comprising:
- a computer usable medium having computer readable code embodied therein providing for a private network having a source node and a destination node which communicate and share computing resources over a public network infrastructure, comprising;
  
  an establishing module for establishing an address pair for each node of the private network, each address pair including a virtual address within the private network assigned by an authentication module and a real address associated with the public network infrastructure indicating a physical location associated with each node; and
  
  a sending module for sending a message from the source node to the destination node, including an address pair for the source node, such that the real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer-useable medium of claim 15, wherein the establishing module includes a module to maintain information within the address resolution module identifying the virtual address and the real address with respect to each node.
  - 17. The computer-useable medium of claim 15, wherein the sending module includes a module to create a message at the source node including a body and a header wherein the body contains at least a virtual address for the source node.
  - 18. The computer-useable medium of claim 17, wherein the creating module includes a module to provide for the header to contain at least the real address for the source node.
  - 19. The computer-useable medium of claim 15, wherein the sending module includes a module to encrypt at least a portion of the message such that the source node and destination node can be deduced by the address resolution module.
  - 20. The computer-useable medium of claim 15, wherein the sending module includes a module to preserve anonymity of the source node.
  - 21. The computer-useable medium of claim 15, wherein the establishing module includes a module to dynamically assign the virtual address by the authentication module within the private network.

22. A system comprising:
- a private network, with an internal addressing scheme, including a source node and a destination node, wherein said nodes of the private network communicate using a public network infrastructure having a public addressing scheme;
  
  means for establishing an address pair for each node of the private network, each address pair including an internal identifier associated with the internal address scheme and a real address associated with the public address scheme;
  
  means, coupled to the source node, for;
  
  receiving, from the source node, a message including an internal identifier associated with the source node and an internal identifier associated with the destination node, mapping the internal identifier associated with the source node to the real address of the source node and the internal identifier associated with the destination node to the real address of the destination node, and transmitting the message over the public network infrastructure for receipt by the destination node using the real address of the destination node; and
  
  means, coupled to the destination node, for receiving the message from the public network infrastructure and delivering the message to the destination node via the internal identifier associated with the destination node.

23. A system comprising:
- means for establishing an address pair for each of a source node and a destination node of a private network, said nodes of the private network being operable to communicate over a channel through a public network infrastructure, and each address pair including a virtual address within the private network and a real address associated with the public network infrastructure; and
  
  means for sending a message from the source node to the destination node, including the source node address pair, such that a real address associated with the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by an authentication module.

24. A system comprising:
- means for establishing an address pair for each of a source node and a destination node included in a private network having an internal addressing scheme, said nodes of the private network being operable to communicate using a public network infrastructure having a public addressing scheme, and each address pair including an internal identifier associated with the internal address scheme and a real address associated with the public address scheme;
  
  means, coupled to the source node, for;
  
  receiving, from the source node, a message including an internal identifier associated with the source node and an internal identifier associated with the destination node, mapping the internal identifier associated with the source node to the real address of the source node and the internal identifier associated with the destination node to the real address of the destination node, and transmitting the message over the public network infrastructure for receipt by the destination node using the real address of the destination node; and
  
  means, coupled to the destination node, for receiving the message from the public network infrastructure and delivering the message to the destination node via the internal identifier associated with the destination node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Schuba, Christoph L., Caronni, Germano, Gupta, Amit, Kumar, Sandeep, Scott, Glenn C., Markson, Tom R.
Primary Examiner(s)
Patel, Ajit
Assistant Examiner(s)
SHAH, CHIRAG G

Application Number

US09/457,917
Time in Patent Office

1,754 Days
Field of Search

370/475, 370/235, 370/312, 370/389, 370/390, 370/432, 370/401, 370/409, 370/397, 370/399, 370/395.54, 709/225-228, 709/201, 709/202, 709/245, 713/200, 713/201, 713/202
US Class Current

370/409
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2539   Hiding addresses; Keeping a...

H04L 63/0272   Virtual private networks

H04L 63/0407   wherein the identity of one...

H04L 63/0414   during transmission, i.e. p...

H04L 63/0421   Anonymous communication, i....

H04L 63/08   for authentication of entit...

Truly anonymous communications using supernets, with the provision of topology hiding

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

130 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Truly anonymous communications using supernets, with the provision of topology hiding

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links