Agile network protocol for secure communications with assured system availability

US 6,907,473 B2
Filed: 03/31/2003
Issued: 06/14/2005
Est. Priority Date: 10/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. In a system comprising a first computer that transmits data packets to a second computer over a network according to a scheme by which at least one field in a series of data packets is periodically changed according to a sequence known by the first and second computers, and wherein the second computer periodically receives a synchronization request from the first computer to maintain synchronization of the sequence between the first and second computers, a method comprising the steps of:

(1) receiving at the first computer the synchronization request from the second computer;

(2) determining whether the synchronization request was received in less than a predetermined interval;

(3) in response to determining that the synchronization request was received in less than the predetermined interval, ignoring the synchronization request; and

(4) in response to determining that the synchronization request was not received in less than the predetermined interval, providing a synchronization response to the first computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer, that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.

155 Citations

20 Claims

1. In a system comprising a first computer that transmits data packets to a second computer over a network according to a scheme by which at least one field in a series of data packets is periodically changed according to a sequence known by the first and second computers, and wherein the second computer periodically receives a synchronization request from the first computer to maintain synchronization of the sequence between the first and second computers, a method comprising the steps of:
- (1) receiving at the first computer the synchronization request from the second computer;
  
  (2) determining whether the synchronization request was received in less than a predetermined interval;
  
  (3) in response to determining that the synchronization request was received in less than the predetermined interval, ignoring the synchronization request; and
  
  (4) in response to determining that the synchronization request was not received in less than the predetermined interval, providing a synchronization response to the first computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein step (3) comprises the step of delaying the acceptance of a SYNC_REQ for W/R seconds, where W is the number of data packets between synchronization requests according to an agreed schedule, and R is the agreed rate at which synchronization requests should be received according to the agreed schedule.
  - 3. The method of claim 1, further comprising the step of determining whether the synchronization request is a duplicate of a previously received synchronization request and, if it is a duplicate, discarding it.
  - 4. The method of claim 1, wherein step (4) comprises the step of providing a response that includes a new checkpoint for synchronizing a window in a hopping table.
  - 5. The method of claim 1, further comprising the step of the second computer tracking a time period that a last C SYNC_REQs were received and accepted, where C is a predefined constant.
  - 6. The method of claim 1, further comprising the step of the first computer re-issuing a SYNC_REQ every T1 seconds until it receives the response to the synchronization request from the second computer, where T1 is a predetermined time interval.
  - 7. The method of claim 1, wherein the second computer maintains a receive table comprising a window W, where W comprises a list of valid IP address pairs.

8. A computer that receives data packets from a second computer over a network according to a scheme by which at least one field in a series of data packets is periodically changed according to a known sequence, wherein the second computer periodically transmits a synchronization request to maintain synchronization of the sequence, wherein the computer performs the steps of:
- (1) receiving the synchronization request from the second computer;
  
  (2) determining whether the synchronization request was received in less than a predetermined interval;
  
  (3) in response to determining that the synchronization request was received in less than a predetermined interval ignoring the synchronization request; and
  
  (4) in response to determining that the synchronization request was not received in less than a predetermined interval, providing response to the synchronization request to the first computer.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer of claim 8, wherein the computer delays the acceptance of a SYNC_REQ in step (3) for W/R seconds, where W is the number of data packets between synchronization requests according to an agreed schedule, and R is the agreed rate at which synchronization requests should be received according to the agreed schedule.
  - 10. The computer of claim 8, wherein the computer further performs the step of determining whether the synchronization request is a duplicate of a previously received synchronization request and, if it is a duplicate, discarding it.
  - 11. The computer of claim 8, wherein the response to the synchronization request is provided to the first computer in step (4) for use as a new checkpoint for synchronizing a window in a hopping table.
  - 12. The computer of claim 8, wherein the computer further performs the step of tracking a time period that a last C SYNC_REQs were received and accepted, wherein C is a predefined constant.
  - 13. The computer of claim 8, wherein the computer maintains a receive table comprising a window W, where W comprises a list of valid IP address pairs.

14. A computer that transmits data packets to a second computer over a network according to a scheme by which at least one field in a series of data packets is periodically changed according to a known sequence, wherein the computer periodically transmits a synchronization request to the second computer to maintain synchronization of the known sequence, wherein the computer stored computer executable instructions for performing steps comprising:
- (1) transmitting a first synchronization request to the second computer;
  
  (2) determining whether the synchronization request was sent at a rate greater than an allowed rate of the second computer; and
  
  (3) in response to determining that the synchronization request was transmitted at a rate greater than an allowed rate of the second computer, halting transmissions until transmitting a synchronization request will be compliant with the allowed rate of the second computer.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer of claim 14, wherein the computer executable instructions further comprise the first computer re-issues a synchronization request every T1 seconds until the computer receives a synchronization acknowledgment from the second computer, where T1 is a predetermined time interval.
  - 16. The computer of claim 14, wherein the computer executable instructions further comprise the first computer determines whether the synchronization request was transmitted at rate greater than an allowed rate of the second computer in step (2) by determining an amount of time it takes to receive a synchronization acknowledgement from the second computer in response to a first synchronization request.
  - 17. The computer of claims 14, wherein the computer further performs the step of sending duplicate synchronization requests until a response is received from the second computer.
  - 18. The computer of claim 14, wherein the computer maintains a transmit table comprising IP address pairs.
  - 19. The computer of claim 18, wherein the computer selects IP address pairs when transmitting a packet to the second computer.
  - 20. The computer of claim 14, wherein the computer receives a synchronization response from the second computer for use as a new checkpoint for synchronizing a window in a hopping table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
Science Applications International Corporation
Inventors
Schmidt, Douglas Charles, Short, III, Robert Dunham
Primary Examiner(s)
Lim, Krisna

Application Number

US10/401,888
Publication Number

US 20030167342A1
Time in Patent Office

806 Days
Field of Search

709/248, 713/600, 713/601, 713/400, 714/55, 714/707, 380/261
US Class Current

709/248
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 45/00   Routing or path finding of ...

H04L 45/24   Multipath

H04L 45/243   using M+N parallel active p...

H04L 45/28   using route fault recovery

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0272   Virtual private networks

H04L 63/0407   wherein the identity of one...

H04L 63/0414   during transmission, i.e. p...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 63/1491   using deception as counterm...

H04L 65/403   Arrangements for multi-part...

Agile network protocol for secure communications with assured system availability

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Agile network protocol for secure communications with assured system availability

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links