(12) United States Patent
`(10) Patent N0.:
`US 6,502,135 B1
`
`Munger et al.
`(45) Date of Patent:
`Dec. 31, 2002
`
`U5006502135Bl
`
`_
`(73)
`
`(54) AGILE NETWORK PROTOCOL FOR
`SECURE COMMUNICATIONS WITH
`ASSURED SYSTEM AVAILABILITY
`-
`.
`Inventors. Edmund .Colby Munger, Crownsville,
`MD (US), Douglas Charles Schmidt,
`Severna Park, MD (US); Robert
`Dunham Short, III, LCCSbng, VA
`(US); Victor Larson, Fairfax, VA (US);
`Michael Williamson, South Riding, VA
`(US)
`
`DE
`HP
`EP
`GB
`W0
`W0
`W0
`W0
`WVO
`wo
`
`199 24 575
`2 3E7 792
`0 838 189
`0 814 589
`WO 98/27783
`W0 98 59470
`W0 99 38081
`W0 99 48303
`W0 [JO/70458
`wo 01 50688
`
`12/1999
`4/1998
`8/1998
`12/1997
`6/1998
`121/1998
`7,1999
`9',1999
`11:00“)
`7/2001
`
`OTHER PUBLICATIONS
`
`~
`,
`( * ) Notice:
`
`(73) Assignee: Science Applications International
`Corporation, San Diego, CA (US)
`.
`‘
`~
`~
`‘
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`Fasbender, Kesdogan, and Kubitz: “Variable and Scalable
`Security: Protection of Location Information in Mobile IP”,
`IEEE publication, 1996, pp. 963—967.
`
`(List continued on next page.)
`
`.
`7
`(“1) Appl. No" 09/504’783
`22
`'
`:
`.
`'
`(
`)
`Filed
`Feb 1:, 2000
`
`(60)
`
`Related U'S' Application Data
`.
`.
`.
`,
`.
`(63) Continuation-in-part of application No. 09/429,643, filed on
`Oct 29 1999
`Provisional application No. 60/106,261, filed on Oct. 30,
`1998, and provisional application No. (30/137,704, filed on
`Jun- 7, 1999~
`Int. Cl.7 ______________________________________________ G06F 15/173
`(51)
`..
`I - ,
`/
`-
`709/223 709,299 709,245
`(57)
`
`.
`’
`(~58) Fleld 0f Search """"""’7’09/225779 72(195/2gi’3/22251’
`’ “ ’
`’
`l
`.
`References Clted
`U.S. PATENT DOCUMENTS
`
`(56)
`
`4,933,846 A
`
`6/1990 Humphrey et al.
`
`(List continued on Iiext page.)
`FOREIGN PATENT DOCUMENTS
`
`Primary Examiner—Krisna Lim
`(74) Attorney, Agent, or Firm—Banner & Witcoff, Ltd.
`(57)
`ABSTRACT
`
`A plurality of computer nodes communicate using seem-
`ingly random Internet Protocol source and destination
`addresses. Data packets matching criteria defined by a
`movingwindow 0f valid addresses are accepted ff” further
`processmg, While those that do not meet the criteria are
`quickly rejected. Improvements to the basic design include
`(1) a load balancer that distributes packets across different
`.
`transmission paths according to transmission path quality;
`(2) a DNS proxy server that transparently creates a Virtual
`private network in response to a domain name inquiry; (3)
`a large-to-small link bandwidth management feature that
`prevents denial-of-service attacks at system chokepoints; (4)
`a traffic limiter that regulates incoming packets by limiting
`the rate at which a transmitter can be synchronized with a
`receiver; and (5) a signaling synchronizer that allows a large
`number of nodes to communicate with a central node by
`partitioning the communication function between two sepa—
`rate entities.
`
`DE
`
`0 838 930
`
`12/1999
`
`17 Claims, 35 Drawing Sheets
`
`
`
`
`
`
`
`107
`
`
`
`j m
`440 A
`
`(P
`TARPPACKE' V(T22
`
`
`LNK KEY
`TARP
`ROUTER
`
`
`
`
`123
`LNKKEV
`130
`124
`I
`ROUTER
`.
`
`F LtNKKEY
`“ F
`F
`TARP
`TARP
`TR
`
`
`ROUTER
`ROUTER
`ROJTER
`
`
`
`
`
`(
`W F129
`{-125 INTERNET
`(132
`7W
`1P
`
`
`
`
`
`ROUTER C/u-n
`ROUTER
`
`
`
`
`ROUTER
`LNKKEY
`(’26
`:7127
`
`TARP
`TARP
`,
`LINKKEV
`
`ROUTER m ROUTER
`LtNK KEY
`
`
`
`
`SESSTON KEY
`TARP PACKET
`
`140 J \
`TARP
`\ / TERM/NM
`/
`
`4128
`
`
`RCUTER
`
`‘F
`
`
`
`148
`
`,
`
`a
`
`1‘0
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`................ 709/243
`
`........... 709/225
`
`12/1996 Aziz
`5,588,060 A
`11/1997 Nguyen
`5,689,566 A
`8/1998 Esbensen
`5,796,942 A
`9/1998 Holloway et al.
`5,805,801 A
`11/1998 Hughes et al.
`5,842,040 A
`3/1999 Baehr et al.
`5,878,231 A *
`4/1999 Klaus
`5,892,903 A
`4/1999 Wesinger et al.
`5,898,830 A *
`5/1999 Holloway et 211.
`5,905,859 A
`12/1999 Adelman et 3.1.
`6,006,259 A
`1/2000 Tomoike ..................... 370/338
`6,016,318 A *
`4/2000 Wesinger, Jr. et all.
`6,052,788 A
`6/2000 Liu ............................ 713/201
`6,079,020 A *
`9/2000 Alkhatib
`6,119,171 A
`1/2001 Schneider et al.
`6,178,505 B1 *
`1+
`5/2001 Arrow et a].
`6,226,751 R]
`6/2001 Sitaraman et al.
`6,243,749 B1
`....... 345/733
`9/2001 Ramanathan et al.
`6,286,047 B1 *
`707/10
`6,330,562 B1 * 12/2001 Boden etal.
`
`.. 709/219
`6,332,158 B1 * 12/2001 Risley et a1.
`.............. 370/389
`6,353,614 B1 *
`3/2002 Borella et al.
`OTHER PUBLICATIONS
`
`.......... 713/168
`.. 370/351
`
`
`Linux FreeS/WAN Index File, printed from http://Iiberty—
`.freeswan.(trg/Ireeswanitrees/freeswan—l.3/doc/ on Feb.
`21, 2002, 3 pages.
`J. Gilmore, “Swan: Securing the Internet against Wiretap-
`ping”, printed from http://liberty.freeswan.org/freeswani
`trees/freesswan—l.3/doc/rati0na1e.html on Feb. 21, 2002, 4
`pages.
`Glossary for the Linux FreeS/WAN project, printed from
`http://liberty.freeswan/org/freeswan trees/freeswan—13/
`doc/glossaryhtml on Feb. 21, 2002, 25 pages.
`
`US 6,502,135 B1
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`Alan 0. Frier et al., “The SSL Protocol Version 3.0”, NOV.
`18, 1996, printed from http://www.netscape.com/eng/ss13/
`draft302.txt on Feb. 4, 2002, 56 pages.
`Reiter, Michael K. and Rubin, AViel D. (AT&T Labsi
`Research), “Crowds: Anonymity for Web Transactions", pp.
`1723.
`DoleV, Shlomi and Ostrovsky, Rafail, “Efficient Anonymous
`Multicast and Reception” (Extended Abstract), 16 pages.
`Rubin, Aviel D., Geer, Daniel, and Ranum, Marcus J. (Wiley
`Computer Publishing), “Web Security Sourcebook”, pp.
`82—94.
`Shree Murthy et al., “Congestion—Oriented Shortest Multi-
`path Routing”, Proceedings of IEEE INFOCOM, 1996, pp.
`1028—1036.
`Jim Jones et al., “Distributed Denial of Service Attacks:
`Defenses”, Global Integrity Corporation, 2000, pp. 1—14.
`Search Report (dated Jun. 18, 2002), International Applica—
`tion N0. PCT/USOl/13260.
`Search Report (dated Jun. 28, 2002), International Applica—
`tion No. PCT/USOl/13261.
`Donald E. Eastlake, “Domain Name System Security Exten-
`sions”, DNS Security Working Group, Apr. 1998, 51 pages.
`D. B. Chapman et al., “Building Internet Firewalls”, NOV.
`1995, pp. 278—297 and pp. 351—375.
`P. Srisuresh et al., “DNS extensions to Network Address
`Translators”, Jul. 1998, 27 pages.
`Laurie Wells, “Security Icon”, Oct. 19, 1998, 1 page.
`W. Stallings, “Cryptogaphy And Network Security”, 2"“
`Edition, Chapter 13, IP Security, Jun. 8, 1998, pp. 399—400.
`W. Stallings, “New Cryptography and Network Security
`Book”, Jun, 8, 1998, 3 pages.
`
`* cited by examiner
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 1 0f 35
`
`US 6,502,135 B1
`
`100
`
`ORIGINATING
`TERMINAL
`
`IP PACKET
`
`107
`
`31
`
`IP
`
`ROUTER
`‘
`
`30
`
`24
`
`22
`
`IP
`ROUTER
`
`40
`
`
`IP
`ROUTER
`
`29
`
`IP
`ROUTER
`
`
`
`IP
`ROUTER
`, 25
`INTERNET
`”2
`ROUTER
`
`/ 27
`
`P
`ROUTER
`
`
`\
`
`ENCRYPTION KEY
`
`28
`
`IP
`ROUTER
`
`IP
`ROUTER
`32
`
`,P
`ROUTER
`
`26
`
`IP
`ROUTER
`
`110
`
`DESTINATION
`
`TERMINAL
`
`FIG. 1
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 2 0f 35
`
`US 6,502,135 B1
`
`
`
`
`
`ETARP
`
`
`
`
`126
`
`TARP
`TARP
`ROUTER
`ROUTER
`
`
`LINK KEY
`
`SESSION KEY
`
`\
`
`TARP PACKET
`
`110
`
`TARP
`TERMINAL
`
`FIG. 2
`
`New Bay Capital, LLC-EX.1001
`
`
`
`124
`
`IP
`
`ROUTER
`
`h L
`
`INK KEY
`
`TARP
`ROUTER
`
`132
`
`IP
`ROUTER
`
`IP
`ROUTER
`
`128
`
`
`
`
`TARP
`ROUTER
`
`12
`
`129
`
`IPROUTER
`
`
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 3 0f 35
`
`US 6,502,135 B1
`
`207a
`
`207b
`
`2070
`
`207d
`
`' '
`
`'
`
`
`
`
`DATA STREAM §o_o
`
`INTERLEAVED
`PAYLOAD DATA
`
`
`
`@
`
`SESSION-KEY—ENCRYPTED
`PAYLOAD DATA§§Q
`
`TARP PACKET WITH
`ENCRYPTED PAYLOADS fl
`
`TARP PACKETS @
`
`LINK-KEY-ENCRYPTED
`
`. »
`
`
`
`lP PACKETS W/ ENCRYPTED
`TARP PACKETS AS
`PAYLOADfl
`
`TARP
`ROUTER 1
`
`TARP
`ROUTER 2
`
`TARP
`ROUTER 7
`
`TARP
`ROUTER 3
`
`TARP
`ROUTER 5
`
`
`
`
`
`
`
`
`
`
`
`TARP
`
`ROUTER 6
`
`
`
`
`TARP
`ROUTER 4
`
`TARP
`DESTINATION
`
`FIG. 3A
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 4 0f 35
`
`US 6,502,135 B1
`
`
`
`
`
`
`302mm22an.moszOmmo<8><m
`
`
`
`..H ...IIIIEIEIE ..SEmo953mEgan9mx.zo_mmmmvomE>mozm.v_oo._m
`
`am25%Ea1"“
`...28£8£32.8
`
`
`
`$05550.5omE>mozm
`
`
`
`awomimémpzmo<o._><n_9.;
`
`Egan50.5omEEozm"
`#13232;0.2
`
`Boss63m855%
`
`
`adamigfiz85:50::
` mm282%MEEEE
`
`
`
`fimaoia853%E;$onhas
`
`
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`

`

`US. Patent
`
`xmm2m
`
`2,“8&8”:an:maE2,w.
`ozamaomimsDmzasao2£255:mzo
`
`flamzmowzémm:
`
`%$5:a;éoémz
`
`1B5m,
`
`2Iw,825%;M585E225
`UI
`
`w.QE
`
`go”;
`
`@2358“.
`
`$5mzagoo9$252EEO
`
`memmwoog.3TE;
`
`92897:2mg69
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 6 0f 35
`
`US 6,502,135 B1
`
`BACKGROUND LOOP-DECOY
`GENERATION
`
`EJTHENTICATETARP PACKET
`
`OUTER LAYER DECRYPTION OF
`TARP PACKET USING LINK KEY
`
`86
`
`
`
`DUMP DECOY
`
`SO
`
`
`
`
`32
`
`33
`
`S4
`
`CHECK FOR DECOY AND
`INCREMENT PERISHABLE DECOY
`COUNTER AS APPROPRIATE
`
`TRANSMIT DECOY?
`
`85
`
`YES
`
`NO
`
`DECREMENT
`
`
`
`YES
`
`
`DETERMINE DESTINATION TARP
`ADDRESS AND STORE LINK KEY
`
`
`AND IPADDRESS
`
`
`
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK KEY
`AND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK KEY
`AND IF ADDRESS
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`FIG. 5
`
`88
`
`S10
`
`311
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 7 0f 35
`
`US 6,502,135 B1
`
`BACKGROUND LOOP-DECOY
`GENERATION
`
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`LJL/ICILI
`
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TTIL, STORE
`IN TARP HEADER
`
`RECORD WINDOW SEQ. NOS. AND
`INTERLEAVE SEQ. NOS IN TARP
`HEADERS
`
`320
`
`821
`
`822
`
`323
`
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IP ADDRESS
`
`AND STORE IN CLEAR IP HEADER,
`OUTER LAYER ENCRYPT
`
`
`
`324
`
`INSTALL CLEAR |P HEADER
`AND TRANSMIT
`
`825
`
`FIG. 6
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 8 0f 35
`
`US 6,502,135 B1
`
`S40
`
`BACKGROUND LOOP-DECOY
`
`GENERATION
`
`S42
`
`AUTHENTICATE TARP PACKET
`
`DIVIDE BLOCK INTO PACKETS
`USING WINDOW SEQUENCE DATA,
`ADD CLEAR IP HEADERS
`GENERATED FROM TARP
`HEADERS
`
`
`
`RECEIVED
`
`
`[
`
`HAND COMPLETED |P PACKETS
`TO IP LAYER PROCESS
`
`S43
`
`DECRYPT OUTER LAYER
`ENCRYPTION WITH LINK KEY
`
`S44
`
`INCREMENTPERISHABLE
`COUNTER IF DECOY
`
`S45
`
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`
`S46
`
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`S47
`
`S48
`
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`DECRYPT BLOCK
`
`FIG. 7
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`D
`
`Sheet 9 0f 35
`
`US 6,502,135 B1
`
`fl
`
`
`
`VIN”zo:<Ez_298mmmmsomw
`
`
`
`
`
`
`
`mmxo<zo:.<_.:z_205mewmsomm
`
`
`
`
`
`w.0_n_
`
`m,@5on525mEgg2%mm
`$58|mhasmE55x2x2zam
`
`
`
`._<z__>_mm_.Hzmjo
`
`E
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 10 0f 35
`
`US 6,502,135 B1
`
`$3.
`
`:m$52
`
`
`
`:zmjo
`
`8m
`
`via3%mam“?
`
`aimEmsEmzé
`
`
`
`
`
`$82.5.8%.35
`
`aggwé.ESENE
`
`EgENE“EgNSE
`
`SgENE.2§§§
`
`
`
`mmeomémefl23+8.meme
`
`
`
`“QENQNE.meeomémefl
`
`Egg—NE_mflgmégfl
`
`
`
`mmeomgwefl_Seam—NE
`
`
`8%.35_$383.5Qwas
`:32?
`
`EgENE_magma;
`
`
`
`EgENE.s~g~§§
`
`2.5%52.2335.5
`
`gamsmzmam
`
`
`
`g§2~§_Eggfie
`
`ESENE_mogwwaé
`
`E§é~§_BEENE
`
`EOENE_E§§E
`
`m.OE
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 11 0f 35
`
`US 6,502,135 B1
`
`:8
`
`SE
`
`32
`
`<mm_
`
`nag
`
`$501
`
`magmm9
`
`$.53
`
`$50me
`
`mmSOm
`
`NE
`
`3:
`
`88
`
`of.o_u_
`
`Hzmjo
`
`‘
`
`52
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 12 0f 35
`
`US 6,502,135 B1
`
`E
`
`we:
`
`
`
`m§<EEzmmxfi
`
`awe/E:
`
`
`
`mm”mmmmog>>IEmma8”$mequa:.o%
`
`.5onn:
`
`13$:
`
`>[8:
`
`
`
`
`
`E.Uwwmmogf:momDOm
`
`Emoma5”mmmmoof:meo
`mq“3m:
`
`3o<o._><n_
`
`<3:
`
`m3:
`
`<8:
`
`m8:
`
`08:
`
`<8:
`
`
`
`m2<EEzmmxm
`
`mum/E:
`
`mm“mmmmog3:0%
`
`
`
`mmmmmmag>>_._Hmma
`
`Ego/En:
`
`mmofiz
`
`R”3mm2:85:Hwmmmogn:HmeS“mm—mom?a.mom—Sm
`
`E30:5
`
`E05n:
`
`EOE:
`
`row:
`
`E_
`
`2.0E
`
`NE
`
`g29%
`
`8mb
`
`08:a9mm26%
`mg:2age:5%E2”mama:
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 13 0f 35
`
`US 6,502,135 B1
`
`228SNE22EN?28
`
`SE53
`
`Em:
`
`zo_.r<o_.Vn_n_<
`
`mum:
`
`zo_H<o_Vn_n_<
`
`V935355x22x8:x82
`
`
`
`
`
`
`
`08:01::@3onstSign:$301“:32%;;09551;:830;:52%;“:
`
`
`
`
`
`
`
`
`
`EE
`
`ENFmmfi$2Q553:
`
`
`
`<mr.o_u_
`
`meowmeowmeowmeow5VVxVV2V902VEV
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 14 0f 35
`
`US 6,502,135 B1
`
`
`
`3m:mo._.<z_2_mom_o
`
`$3.25
`
`om_m<>mm25
`
`025z_
`
`33%mm25
`
`oz>mz_
`
`omE<>um25
`
`02$2_
`
`mmwwmmogg
`
`SE<>mm25
`
`02$2_
`
`BE<>mm25
`
`02$2_
`
`omE<>mm25
`
`02$2_
`
`mmw.o_n_
`
`moo—2
`
`mm<>>om<r
`
`mmwmmmog
`
`
`
`mmooz._._<mo;m2<m
`
`>._E.m._n__>_oomo
`
`282%
`
`2%:05mo;8x:
`
`om_m<>mm25
`
`025z_
`
`mo
`
`HEEEOm—zm
`
`mzozomiomm._
`
`
`
`macaowSoE.N
`
`2%mm;
`
`
`
`mas/5%:.m
`
`mzamox
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 15 0f 35
`
`US 6,502,135 B1
`
`32
`
`Ezmjo
`
`mmmoommmm;
`
`535
`
`$520
`
`BEE
`
`:2
`
`3.0E
`
`>632:
`
`amEEozm
`
`o<o._><n_
`
`V
`
`.o._<ozm
`
`EEomo
`
`82
`
`was,02$
`
`29580:5:
`
`mag02;
`
`2058BEE
`
`82
`
`82
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 16 0f 35
`
`US 6,502,135 B1
`
`Ea:
`
`32:
`
`9304---}-
`
`
`Olaxotllihnll--
`
`III
`
`
`
` >>E<n_n:-Iu>>ooz_>>4-fI
`
`IIIII
`llll
`
`I!!!
`III!
`
`3%-Y5%,73%-{Y12;n:Emmmso
`
`mmE§m2<E
`
`3%
`
`”imamF”En:
`
`Eag
`
`5x0
`
`EEEMWESm2,822,
`3%">>m2;n:
`......IIIIIIgm
`
`
`-.....Y39.0
`
`
`
`mmEsfiz<Emm>_momm
`
`m2wpzmiamm
`
`m2mimozww
`
`
`
`A........................Ymmuzomzoz>m._.zm_E_ommo._.mmozmmmo;oz>mz_me
`
`
`
`
`
`
`
`
`
`AlllllllvmmN_zomIoz>m”mome9.._.zm=n=ommmo;0252_Em;
`
`3.0E
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 17 0f 35
`
`US 6,502,135 B1
`
`man.0:28x85
`
`Emmaz_:Eu
`
`52Eémzmw.
`
`32%:gm02$2%?
`
`"$ng@228;IE
`
`382%WEE:.2n:.%E285
`
`_Eum2;&mmtswzéz_5%29:85522%man.&EEXBIO
`v?025EmzfitEzmimzmo
`EEEmzéz:E05%"$3:
`man.&Eamxomxoozsoozrég$2;
`
`52mimzmo.V?02%2%:
`;axlozg@225281032ng@
`
`
`
`Emzémg:zmzé28m
`
`
`
`n:55%?mmtsmzé
`
`E92E75265025
`
`522m:8m02%
`
`
`mmzommmm$5.8mEz
`mimzme92c30m2;
`
`_axeHzangazo
`
`mw.o_n_
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 18 0135
`
`US 6,502,135 B1
`
`FIG.16
`
`v—
`
`New Bay Capital, LLC-EX.1001
`
`4095
`
`0 4
`
`095
`
`0
`
`4095
`
`0 4
`
`095
`
`|
`
`(ETHERNETLAN-UNOAADDRESSBLOCKS)
`
`20
`
`20
`
`0
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 19 0135
`
`US 6,502,135 B1
`
`000
`
`v'; ACHVE
`
`I INACTIVE
`
`
`
`
`WINDOW_S|ZE WWII/Ill
`
`
`WI/I/l/I/I/I/I/I/II'II/A
`VII/lllll/Illllll/m
`
`
`WWII/Ill
`VII/ll/lllllllllllillll
`
`
`
`
`WINDOW_S|ZE
`
`
`Vl/I/Il/I/I/I/I/I/I/I/IA
`l/l/I/I/l/I/I/I/I/l/l/I/
`
`I/I/I/I/l/I/I/I/Il/I/I/A
`
`
`///////////////////////
`
`
`
`
`FIG. 17
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 20 0f 35
`
`US 6,502,135 B1
`
`Vl/I/I/Il/I/I/I/[l/I/I/
`
`—_ V
`
`/I/I/I/I/I/I/I/l/I/I/I
`
`INACTIVE
`
`USED
`
`Vl/I/I/I/l/I/I/Il/I/I/A
`WI/I/I/I/Ill/I/I/A
`'l/I/I/I/I/I/I/I/I/I/I/A
`mm
`mm
`
`000
`
`WINDOW_S|ZE
`
`WINDOW_SIZE
`
`FIG. 18
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 21 0135
`
`US 6,502,135 B1
`
`
`
`
`WI/I/I/I/I/I/I/I/I/I/A
`
` 000
`
`
`WI/I/I/I/I/I/I/I/I/
`IIIII/I/l/I/l/l/I/I/I/IA
`///////////////////////
`
`
`WINDOW_S|ZE
`
`WINDOW_S|ZE
`
`
`
`I/l/l/I/I/I/I/l/I/I/l/IA
`
`
`///////////////////////
`
`
`WI/I/I/I/I/I/l/l/l/I/I
`WI/I/I/I/I/I/I/I/I/I/I
`
`WW
`
`
`
`
`7//////////////////////i
`
`
`000
`
`FIG. 19
`
`
`I INACTIVE
`ACTIVE
`
`
`USED
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 22 0135
`
`US 6,502,135 B1
`
`COMPUTER #2
`
`
`
`2005
`
`
`
`COMPUTER #1
`
`
`2011
`
`FIG.20
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 23 0135
`
`US 6,502,135 B1
`
`AD TABLE
`
`{P1
`
`|P2
`
`
`
`
`AETABLE
`
`- 2102
`
`AFTABLE
`
`- 2103
`
`BDTABLE
`
`- 2104
`
`v 2105
`LINKDOWN >l<
`
`BETABLE
`
`BFTABLE
`
`
`
`
`
`- 2106
`C
`LE
`- 2107
`
`DTAB
`
`- 2108
`
`CETABLE
`
`CFTABLE
`
`- 2109
`
`2100/
`
`
`
`FIG. 21
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 24 0f 35
`
`US 6,502,135 B1
`
`
`
`QUALITY OF
`TRANSMISSION
`PATH X
`
`
` MEASURE
`
`
`
`
`
`
`
`
`MORE
`
`
`THAN ONE
`
`TRANSMITTER
`
`
`TURNED
`
`ON?
`
`
`TO MIN. VALUE
`
`
`
`
`PATH X
`QUALITY <
`
`
`THRESHOLD?
`
`
`2209
`
`SET WEIGHT
`
`
`PATH X
`
`
`WEIGHT LESS
`DECREASE
`
`THAN STEADY
`WEIGHT FOR
`
`
`STATE
`PATH X
`
`
`VALUE?
`
`
`
`
`
`
`
`INCREASE WEIGHT
`FOR PATH X
`
`STATE VALUE
`TOWARD STEADY
`
` ADJUST WEIGHTS
`
`FOR REMAINING
`
`PATHS SO THAT
`
`WEIGHTS EQUAL ONE
`
`
`
`FIG. 22A
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 25 0135
`
`US 6,502,135 B1
`
`TURNS OFF
`
` (EVENT) TRANSMITTER
`
`FOR PATH X
`
`2210
`
`2211
`
`
`
`
`AT LEAST
`DROP ALL PACKETS
`ONE TRANSMITTER
`UNTILA TRANSMITTER
`
`
`
`TURNED ON?
`TURNS ON
`
`
`
`
`
`
`2212
`
`SET WEIGHT
`
`TO ZERO
`
`
`ADJUST WEIGHTS
`
` 2213
`
`FOR REMAINING
`
`
`PATHS SO THAT
`
`WEIGHTS EQUAL ONE
`
` 2214
`
`FIG. 228
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 26 0f 35
`
`US 6,502,135 B1
`
`Fx:2;
`
`«x1.2;
`
`mxTEE
`
`
`
`
`Ego/E
`
`mmEsz<E
`
`SATEE
`
`
`
`
`
` ._omm._m<._m>_momm
`
`EOEmmm
`
`
`
`mm>momm."flll"
`
`5mm
`
`oomm.
`
`3u€25\
`
`8mm
`
`mm.o_n_
`
`
`
`EmstmpsgEm—zmmzmfié
`
`Ema;E220x2:
`
`
`
`20:02:;20:02:;
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 27 0f 35
`
`US 6,502,135 B1
`
`mmhzmgoo
`
`mmhsmgoo
`
`vm.o_u_
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`mmama;m593
`
`mmmmmoi
`
`US 6,502,135 B1
`
`mmo._n_
`
`Ch?mOEn:
`
`U
`
`SNam
`
`mwaP
`
`m
`
`m
`
`m23
`
`mza
`
`mmmmmzo
`
`0mmmoi
`
`\/
`
`8mm
`
`xofim&
`
`mm?
`
`mmmgomm
`
`meow
`
`3%
`
`8%
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 29 0f 35
`
`US 6,502,135 B1
`
`3mm
`
`:8
`
`83025%:&
`
`
`
`mEmEomfimmzomw
`
`mmzommzo
`
`mcmmoms.
`
`cm.0_u_
`
`8gEmmyE5
`
`0
`
`25%:
`
`88 mmwgomm
`mm;
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`

`

`2701
`
`2702
`
`2704
`
`2706
`
`
`
`
`
`
`
`AUTHORIZED TO
`
`
`
`
`
`USER
`
`RETURN
`
`"HOST UNKNOWN"
`
`US. Patent
`
`Dec. 31, 2002
`
`Sheet 30 0135
`
`US 6,502,135 B1
`
`
`
`
`
`RECEIVE DNS
`REQUEST FOR
`TARGET SITE
`
`
`
`
`
`
`ACCESS TO
`PASS THRU
`SECURE SITE
`REQUEST TO
`
`
`
`REQUESTED?
`DNS SERVER
`
`
`CONNECT?
`
`ERROR
`
`ESTABLISH
`
`VPN WITH
`
`
`
`
`TARGET SITE
`
`FIG. 27
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 31 0f 35
`
`US 6,502,135 B1
`
`mowm
`
`
`
`momm
`
`Noam
`
`mwmm
`
` mm.OE NfimmpsmzooEma: EmIoE
`
` awhsom
`
`HmoI
`
`VfimmHDQEOo
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`

`

`US. Patent
`
`m,
`
`xanm
`
`6,SU
`
`m
`
`1
`
`m22,9
`
`ST
`8225E“$52285%
`
`mE19:8%5a
`
`8a2a8a
`
`8%88
`
`"$52
`
`Vomm
`
`FfimmhamgoomeI
`
`Bu5mm0E
`
`m822E.80:$5128$6,;
`
`Noam
`
`momm
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`
`

`

`xMa
`
`205,6SU
`
`1B5m,
`
`US. Patent
`
`D
`
`a.
`
`ain
`
`220523Iw2:58m02;
`
`
`2,mmaoEEmmzmm
`
`mmhzgmz<mH
`
`m4m<pXF
`
`
`
`III-n...>>
`
`moom
`
`58cm.OE
`
`coon
`
`><4mo
`
`wozoomm
`
`>>
`
`WW
`
`wp<mmzmo
`
`zlpmxo
`
`mm>momm
`
`m>momm
`
`0mm102>w
`
`m4m<me
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`
`
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 34 0135
`
`US 6,502,135 B1
`
`(‘0
`O‘—
`0')
`
`3104
`
`3105
`
` CLIENT#2
`
` FIG.31
`
` TX/RX
`
`TX/RXTX/RX
`
`(\l
`o‘—
`0')
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US. Patent
`
`Dec. 31, 2002
`
`Sheet 35 0f 35
`
`US 6,502,135 B1
`
`CLIENT
`
`SERVER
`
`SEND DATA PACKET
`USING CKPT_N
`CKPT_O=CKPT_N
`GENERATE NEW CKPT_N
`START TIMER, SHUT
`TRANSMITTER OFF
`
`IF CKPT_O IN SYNC_ACK
`MATCHES TRANSMITTER'S
`CKPT_O
`UPDATE RECEIVER'S
`CKPT_R
`KILL TIMER, TURN
`TRANSMITTER ON
`
`SEND DATA PACKET
`USING CKPT_N
`CKPT_O=CKPT_N
`GENERATE NEW CKPT_N
`START TIMER, SHUT
`TRANSMITTER OFF
`
`WHEN TIMER EXPIRES
`TRANSMIT SYNC_REQ
`USING TRANSMITTERS
`CKPT_O, START TIMER
`
`IF CKPT_O IN SYNC_ACK
`MATCHES TRANSMITTER'S
`CKPT_O
`UPDATE RECEIVER'S
`CKPT_R
`KILL TIMER, TURN
`TRANSMITTER ON
`
`SYNC_REQ
`
`FIG. 32
`
`PASS DATA UP STACK
`CKPT_O=CKPT_N
`GENERATE NEW CKPT_N
`GENERATE NEW CKPT_R
`FOR TRANSMITTER SIDE
`TRANSMIT SYN C_ACK
`CONTAINING CKPT_O
`
`CKPT_O=CKPT_N
`GENERATE NEW CKPT_N
`GENERATE NEW CKPT_R
`FOR TRANSMITTER SIDE
`TRANSMIT SYNC_ACK
`CONTAINING CKPT_O
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US 6,502,135 B1
`
`1
`AGILE NETWORK PROTOCOL FOR
`SECURE COMMUNICATIONS WITH
`ASSURED SYSTEM AVAILABILITY
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`a
`This application claims priority from and is
`continuation-in-part of previously filed US. application Ser.
`No. 09/429,643, filed on Oct. 29, 1999. The subject matter
`of that application, which is bodily incorporated herein,
`derives from provisional US. application No. 60/106,261
`(filed Oct. 30, 1998) and No. 60/137,704 (filed Jun. 7, 1999).
`BACKGROUND OF THE INVENTION
`
`Atremendous variety of methods have been proposed and
`implemented to provide security and anonymity for com—
`munications over the Internet, The variety stems, in part,
`from the diiferent needs of diiferent Internet users. A basic
`heuristic framework to aid in discussing these different
`security techniques is illustrated in FIG. 1. Two terminals, an
`originating terminal 100 and a destination terminal 110 are
`in communication over the Internet. It is desired for the
`communications to be secure, that is, immune to eavesdrop-
`ping. For example, terminal 100 may transmit secret infor-
`mation to terminal 110 over the Internet 107. Also, it may be
`desired to prevent an eavesdropper from discovering that
`terminal 100 is in communication with terminal 110. For
`example, if terminal 100 is a user and terminal 110 hosts a
`web site, terminal 100’s user may not want anyone in the
`intervening networks to know what web sites he is “visit-
`ing.” Anonymity would thus be an issue, for example, for
`companies that want to keep their market research interests
`private and thus would prefer to prevent outsiders from
`knowing which web-sites or other Internet resources they
`are “visiting.” These two security issues may be called data
`security and anonymity, respectively.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the
`originating and terminating terminals 100 and 110. The keys
`may be private and public at the originating and destination
`terminals 100 and 110, respectively or they may be sym-
`metrical keys (the same key is used by both parties to
`encrypt and decrypt). Many encryption methods are known
`and usable in this context.
`To hide traffic from a local administrator or ISP, a user can
`employ a local proxy server in communicating over an
`encrypted channel with an outside proxy such that the local
`administrator or lSP only sees the encrypted traffic. Proxy
`servers prevent destination servers from determining the
`identities of the originating clients. This system employs an
`intermediate server interposed between client and destina-
`tion server. The destination server sees only the Internet
`Protocol
`(IP) address of the proxy server and not
`the
`originating client. The target server only sees the address of
`the outside proxy. This scheme relies on a trusted outside
`proxy server. Also, proxy schemes are vulnerable to traffic
`analysis methods of determining identities of transmitters
`and receivers. Another important limitation of proxy servers
`is that the server knows the identities of both calling and
`called parties. In many instances, an originating terminal,
`such as terminal A, would prefer to keep its identity con—
`cealed from the proxy, for example, if the proxy server is
`provided by an Internet service provider (ISP).
`To defeat traffic analysis, a scheme called Chaum’s mixes
`employs a proxy server that transmits and receives fixed
`length messages,
`including dummy messages. Multiple
`
`10
`
`15
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`’J\’J\
`
`60
`
`65
`
`2
`originating terminals are connected through a mix (a server)
`to multiple target servers. It is diflicult to tell which of the
`originating terminals are communicating to which of the
`connected target servers, and the dummy messages confuse
`eavesdroppers’ efforts to detect communicating pairs by
`analyzing traffic. A drawback is that there is a risk that the
`mix server could be compromised. One way to deal with this
`risk is to spread the trust among multiple mixes. If one mix
`is compromised, the identities of the originating and target
`terminals may remain concealed. This strategy requires a
`number of alternative mixes so that the intermediate servers
`interposed between the originating and target terminals are
`not determinable except by compromising more than one
`mix. The strategy wraps the message with multiple layers of
`encrypted addresses. The first mix in a sequence can decrypt
`only the outer layer of the message to reveal
`the next
`destination mix in sequence. The second mix can decrypt the
`message to reveal the next mix and so on. The target server
`receives the message and, optionally,
`a multi-layer
`encrypted payload containing return information to send
`data back in the same fashion. The only way to defeat such
`a mix scheme is to collude among mixes. If the packets are
`all fixed-length and intermixed with dummy packets, there
`is no way to do any kind of traffic analysis.
`Still another anonymity technique, called ‘crowds,’ pro—
`tects the identity of the originating terminal from the inter-
`mediate proxies by providing that originating terminals
`belong to groups of proxies called crowds. The crowd
`proxies are interposed between originating and target termi—
`nals. Each proxy through which the message is sent
`is
`randomly chosen by an upstream proxy. Each intermediate
`proxy can send the message either to another randomly
`chosen proxy in the “crowd” or to the destination. Thus,
`even crowd members cannot determine if a preceding proxy
`is the originator of the message or if it was simply passed
`from another proxy.
`ZKS (Zero-Knowledge Systems) Anonymous IP Protocol
`allows users to select up to any of five different pseudonyms,
`while desktop software encrypts outgoing traffic and wraps
`it in User Datagram Protocol (UDP) packets. The first server
`in a 2+—hop system gets the UDP packets, strips off one layer
`of encryption to add another, then sends the traffic to the next
`server, which strips off yet another layer of encryption and
`adds a new one. The user is permitted to control the number
`of hops. At the final server,
`traffic is decrypted with an
`untraceable IP address. The technique is called onion-
`routing. This method can be defeated using traffic analysis.
`For a simple example, bursts of packets from a user during
`low-duty periods can reveal the identities of sender and
`receiver.
`
`to protect LANs from unauthorized
`Firewalls attempt
`access and hostile exploitation or damage to computers
`connected to the LAN. Firewalls provide a server through
`which all access to the LAN must pass. Firewalls are
`centralized systems that require administrative overhead to
`maintain. They can be compromised by virtual-machine
`applications (“applets”). They instill a false sense of security
`that leads to security breaches for example by users sending
`sensitive information to servers outside the firewall or
`encouraging use of modems to sidestep the firewall security.
`Firewalls are not useful for distributed systems such as
`business travelers, extranets, small teams, etc.
`
`SUMMARY OF THE INVENTION
`
`A secure mechanism for communicating over the internet,
`including a protocol referred to as the Tunneled Agile
`
`New Bay Capital, LLC-EX.1001
`
`New Bay Capital, LLC-EX.1001
`
`

`

`US 6,502,135 B1
`
`3
`Routing Protocol (TARP), uses a unique two-layer encryp-
`tion format and special TARP routers. TARP routers are
`similar in function to regular IP routers. Each TARP router
`has one or more IP addresses and uses normal IP protocol to
`send IP packet messages (“packets” or “datagrams”). The IP
`packets exchanged between TARP terminals via TARP rout-
`ers are actually encrypted packets whose true destination
`address is concealed except to TARP routers and servers.
`The normal or “clear” or “outside” IP header attached to
`TARP IP packets contains only the address of a next hop
`router or destination server. That is, instead of indicating a
`inal destination in the destination field of the IP header, the
`TARP packet’s IP header always points to a next-hop in a
`series of TARP router hops, or to the final destination. This
`means there is no overt indication from an intercepted TARP
`Jacket of the true destination of the TARP packet since the
`destination could always be next-hop TARP router as well as
`he final destination.
`
`Each TARP packet’s true destination is concealed behind
`a layer of encryption generated using a link key. The link key
`is the encryption key used for encrypted communication
`Jetween the hops intervening between an originating TARP
`erminal and a destination TARP terminal. Each TARP
`router can remove the outer layer of encryption to reveal the
`destination router for each TARP packet. To identify the link
`{ey needed to decrypt the outer layer of encryption of a
`TARP packet, a receiving TARP or routing terminal may
`identify the transmitting terminal by the sender/receiver IP
`numbers in the cleartext IP header.
`
`
`
`Once the outer layer of encryption is removed, the TARP
`router determines the final destination. Each TARP packet
`140 undergoes a minimum number of hops to help foil traffic
`analysis. The hops may be chosen at random or by a fixed
`value. As a result, each TARP packet may make random trips
`among a number of geographically disparate routers before
`reaching its destination. Each trip is highly likely to be
`different for each packet composing a given message
`because each trip is independently randomly determined.
`This feature is called agile routing. The fact that different
`packets take different routes provides distinct advantages by
`making it difficult for an interloper to obtain all the packets
`forming an entire multi-packet message. The associated
`advantages have to do with the inner layer of encryption
`discussed below. Agile routing is combined with another
`feature that furthers this purpose; a feature that ensures that
`any message is broken into multiple packets.
`The IP address of a TARP router can be changed, a feature
`called IP agility. Each TARP router, independently or under
`direction from another TARP terminal or router, can change
`its IP address. A separate, unchangeable identifier or address
`is also defined. This address, called the TARP address, is
`known only to TARP routers and terminals and may be
`correlated at any time by a TARP router or a TARP terminal
`using a Lookup Table (LUT) When a TARP router or
`terminal changes its IP address, it updates the other TARP
`routers and terminals which in turn update their respective
`LUTs.
`
`The message payload is hidden behind an inner layer of
`encryption in the TARP packet that can only be unlocked
`using a session key. The session key is not available to any
`of the intervening TARP routers. The session key is used to
`decrypt the payloads of the TARP packets permitting the
`data stream to be reconstructed.
`
`Communication may be made private using link and
`session keys, which in turn may be shared and used accord—
`ing to any desired method. For example, public/private keys
`or symmetric keys may be used.
`
`4
`To transmit a data stream, a TARP originating terminal
`constructs a series of TARP packets from a series of IP
`packets generated by a network (IP) layer process. (Note that
`the terms “network layer,” “data link layer,” “application
`layer,” ete. used in this specification correspond to the Open
`Systems Intercomection (08]) network terminology.) The
`payloads of these packets are assembled into a block and
`chain-block encrypted using the session key. This assumes,
`of course, that all the IP packets are destined for the same
`TARP terminal. The block is then interleaved and the
`interleaved encrypted block is broken into a series of
`payloads, one for each TARP packet to be generated. Special
`TARP headers lPT are then added to each payload using the
`IP headers from the data stream packets. The TARP headers
`can be identical to normal IP headers or customized in some
`way. They should contain a formula or data for deinterleav-
`ing the data at the destination TARP terminal, a time-to-live
`(TTL) parameter to indicate the number of hops still to be
`executed, a data type identifier which indicates Whether the
`payload contains,
`for example, TCP or UDP data,
`the
`sender’s TARP address, the destination TARP address, and
`an indicator as to whether the packet contains real or decoy
`data or a formula for filtering out decoy data if decoy data
`is spread in some way through the TARP payload data.
`Note that although chain-block encryption is discussed
`here with reference to the session key, any encryption
`method may be used. Preferably, as in chain block
`encryption, a method should be used that makes unautho-
`rized decryption difficult without an entire result of the
`encryption process. Thus, by separating the encrypted block
`among multiple packets and making it difficult for an
`interloper to obtain access to all of such packets, the contents
`of the communications are provided an extra layer of
`security.
`Decoy