Establishment of a secure communication link based on a domain name service (DNS) request

DC CAFC

US 7,490,151 B2
Filed: 09/30/2002
Issued: 02/10/2009
Est. Priority Date: 10/30/1998
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A data processing device, comprising memory storing a domain name server (DNS) proxy module that intercepts DNS requests sent by a client and, for each intercepted DNS request, performs the steps of:

(i) determining whether the intercepted DNS request corresponds to a secure server;

(ii) when the intercepted DNS request does not correspond to a secure server, forwarding the DNS request to a DNS function that returns an IP address of a nonsecure computer, and(iii) when the intercepted DNS request corresponds to a secure server, automatically initiating an encrypted channel between the client and the secure server.

View all claims

4 Assignments

Timeline View

Assignment View

Litigations

8 Petitions

Reexaminations

Accused Products

Abstract

A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.

212 Citations

16 Claims

1. A data processing device, comprising memory storing a domain name server (DNS) proxy module that intercepts DNS requests sent by a client and, for each intercepted DNS request, performs the steps of:
- (i) determining whether the intercepted DNS request corresponds to a secure server;
  
  (ii) when the intercepted DNS request does not correspond to a secure server, forwarding the DNS request to a DNS function that returns an IP address of a nonsecure computer, and(iii) when the intercepted DNS request corresponds to a secure server, automatically initiating an encrypted channel between the client and the secure server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The data processing device of claim 1, wherein step (iii) comprises the steps of:
    - (a) determining whether the client is authorized to access the secure server; and
      
      (b) when the client is authorized to access the secure server, sending a request to the secure server to establish an encrypted channel between the secure server and the client.
  - 3. The data processing device of claim 2, wherein step (iii) further comprises the step of:
    - (c) when the client is not authorized to access the secure server, returning a host unknown error message to the client.
  - 4. The data processing device of claim 3, wherein the client comprises a web browser into which a user enters a URL resulting in the DNS request.
  - 5. The data processing device of claim 1, wherein automatically initiating the encrypted channel between the client and the secure sewer comprises establishing an IF address hopping scheme between the client and the secure server.
  - 6. The data processing device of claim 1, wherein automatically initiating the encrypted channel between the client and the secure server avoids sending a true IP address of the secure server to the client.

7. A computer readable medium storing a domain name server (DNS) proxy module comprised of computer readable instructions that, when executed, cause a data processing device to perform the steps of:
- (i) intercepting a DNS request sent by a client;
  
  (ii) determining whether the intercepted DNS request corresponds to a secure server;
  
  (iii) when the intercepted DNS request does not correspond to a secure server, forwarding the DNS request to a DNS function that returns an IP address of a nonsecure computer; and
  
  (iv) when the intercepted DNS request corresponds to a secure server, automatically initiating an encrypted channel between the client and the secure server.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer readable medium of claim 7, wherein step (iv) comprises the steps of(a) determining whether the client is authorized to access the secure server, and(b) when the client is authorized to access the secure server, sending a request to the secure sewer to establish an encrypted channel between the secure sewer and the client.
  - 9. The computer readable medium of claim 8, wherein step (iv) further comprises the step of:
    - (c) when the client is not authorized to access the secure server, returning a host unknown error message to the client.
  - 10. The computer readable medium of claim 9, wherein the client comprises a web browser into which a user enters a URL resulting in the DNS request.
  - 11. The computer readable medium of claim 7, wherein automatically initiating the encrypted channel between the client and the secure sewer comprises establishing an IP address hopping scheme between the client and the secure server.
  - 12. The computer readable medium of claim 7, wherein automatically initiating the encrypted channel between the client and the secure server avoids sending a true IP address of the secure server to the client.

13. A computer readable medium storing a domain name server (DNS) module comprised of computer readable instructions that, when executed, cause a data processing device to perform the steps of:
- (i) determining whether a DNS request sent by a client corresponds to a secure server;
  
  (ii) when the DNS request does not correspond to a secure server, forwarding the DNS request to a DNS function that returns an IP address of a nonsecure computer; and
  
  (iii) when the intercepted DNS request corresponds to a secure server, automatically creating a secure channel between the client and the secure server.
- View Dependent Claims (14, 15, 16)
- - 14. The computer readable medium of claim 13, wherein step (iii) comprises the steps of(a) determining whether the client is authorized to access the secure server;
    - and(b) when the client is authorized to access the secure server, sending a request to the secure server to establish a secure channel between the secure server and the client.
  - 15. The computer readable medium of claim 14, wherein step (iii) further comprises the step of:
    - (c) when the client is not authorized to access the secure server, returning a host unknown error message to the client.
  - 16. The computer readable medium of claim 15, wherein the client comprises a web browser into which a user enters a URL resulting in the DNS request.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Inventors
Munger, Edward Colby, Larson, Victor, Short, Robert Dunham III, Williamson, Michael
Primary Examiner(s)
Lim; Krisna

Application Number

US10/259,494
Publication Number

US 20030037142A1
Time in Patent Office

2,325 Days
Field of Search

709217-225, 709/229, 713/201
US Class Current

709/225
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 45/00   Routing or path finding of ...

H04L 45/24   Multipath

H04L 45/243   using M+N parallel active p...

H04L 45/28   using route fault recovery

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0272   Virtual private networks

H04L 63/0407   wherein the identity of one...

H04L 63/0414   during transmission, i.e. p...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 63/1491   using deception as counterm...

H04L 65/403   Arrangements for multi-part...

Establishment of a secure communication link based on a domain name service (DNS) request

First Claim

4 Assignments

Litigations

8 Petitions

Reexaminations

Accused Products

Abstract

212 Citations

16 Claims

Specification

115 Family Members

Thank you for your feedback