llllllllllllll||||||||IllllllllllllllllllllllllIlllllllllllllllllllllllllll
`
`US00'7418504B2
`
`(12) United States Patent
`US 7,418,504 B2
`Larson et al.
`(45) Date of Patent:
`Aug. 26, 2008
`
`(10) Patent No.:
`
`(54)
`
`AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NANIES
`
`(58)
`
`(56)
`
`Field of Classification Search
`
`709/226,
`709/221; 713/201
`See application file for complete search history.
`References Cited
`
`(75)
`
`Inventors: Victor Larson, Fairfax, VA (US);
`Robert Dunham Short, III, Leesburg,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`
`U.S. PATENT DOCUIVIENTS
`
`4,933,846 A
`4,988,990 A
`5,164,988 A
`5,276,735 A
`5,311,593 A
`
`6/1990 Humphreyetal.
`1/1991 Warrior
`11/1992 Matyasetal.
`1/1994 Boebertetal.
`5/1994 Carrni
`
`(73)
`
`Assiguee: VirnetX, Inc., Scotts Valley, CA (US)
`
`(Continued)
`
`(*)
`
`Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 1540:) by 646 days.
`
`(21)
`
`App1.No.: 1on14,s49
`
`(22)
`
`Filed:
`
`Nov. 18, 2003
`
`(65)
`
`(53)
`
`(50)
`
`(51)
`
`(52)
`
`Prior Publication Data
`
`US 200410098485 A1
`
`May 20, 2004
`
`Related U.S. Application Date
`
`Continuation of application No. 09/558,210, filed on
`Apr. 26, 2000, now abandoned, which is a continua-
`tion-in-part of application No. 09/504,783, filed on
`Feb. 15, 2000, now Pat. No. 6,502,135, which is a
`continuation-in-part of application No. 09/429,643,
`filed on Oct. 29, 1999, now Pat. No. 7,010,604.
`
`Provisional application No. 60/137,704, filed on Jun.
`7, 1999, provisional application No. 60/106,261, filed
`on Oct. 30, 1998.
`
`Int. Cl.
`
`(2006.01)
`G06F 15/173
`U.S. Cl.
`.................................................... .. 709f226
`
`FOREIGN PA'I‘ENT DOCUMENTS
`
`DE
`
`199 24 575
`
`1211999
`
`(Continued)
`OTI-IE-ZR PUBLICATIONS
`
`Laurie Wells (Lancasterbibelmail MSN Com); “Subject: Security
`Icon" Usenet Newsgroup, Oct. 19, 1993, xmozzooaoa.
`
`(Continued)
`
`Primary Examiner—Krisna Lim
`(74) Attorney, Agent, or Fin-n—McDerrnott Will & Emery,
`LLP
`
`(57)
`
`ABSTRACT
`
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net-
`work, such as the Internet, and a domain name database
`connected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com-
`puter network addresses for the computer network. Each
`secure computer network address is based on a non-standard
`top-level domain name, such as .scom, .sorg,
`.snet,
`.snet,
`.sedu, .smil and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`
`
`EXHIBIT 1001
`
`Black Swamp IP, LLC V. VimetX, Inc.
`l'PR of U.S. Patent No. 7,418,504
`
`

`
`US 7,418,504 132
`Page 2
`
`6,557,037 B1
`6,571,296 B1
`6,571,338 B1
`6,581,166 B1
`6,606,708 B1
`6,618,761 B2
`6,671,702 B2
`6,687,551 B2
`6,714,970 B1
`6,717,949 B1
`6,751,738 B2
`6,760,766 B1
`6,826,616 B2
`6,839,759 132
`7,010,604 B1
`7,133,930 B2
`7,188,180 B2
`7,197,563 B2
`2002/0004898 A1
`2003/0196122 A1
`2005/0055306 A1
`2006/0059337 A1
`
`4/2003 Provino .................... .. 709/227
`S/2003 Dillon
`5/2003 Shaioetal.
`6/2003 Hirstetal.
`8/2003 Devine etal.
`9/2003 Munger et al.
`12/2003 Kmglikov eta].
`2/2004 Steindl
`3/2004 Fiveash et al.
`4/2004 Boden et al.
`6/2004 Wesinger, Jr. et al.
`7/2004 Salrlqviat
`11/2004 Larson et al.
`1/2005 Lavsonetal.
`3/2006 Mungcr etal.
`11/2006 Munger at al.
`3/2007 Larson et al.
`3/2007 Sheymovetal.
`1/2002 Droge
`10/2003 Wesinger,Jr.eta1.
`3/2005 Milleretal.
`3/2006 Polyhonen etal.
`
`FOREIGN PKFENT DOCUMENTS
`
`DE
`EP
`EP
`EP
`EP
`EP
`EP
`EP
`GB
`GB
`GB
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`
`199 24 575 A1
`0 814 589
`0 814 589 A
`0 838 930
`0 838 930 A
`0 838 930 A2
`836306 Al
`0 858 189
`2 317 792
`2 317 792 A
`2 334181 A
`9827783 A
`WO 98/27783
`W0 98 55930
`W0 98 59470
`W0 99 38081
`W0 99 48303
`W0 00/17775
`W0 00/70458
`W0 01 50688
`
`12/1999
`12/1997
`12/1997
`4/1998
`4/1998
`4/1998
`4/1998
`8/1998
`4/1998
`4/1998
`8/1999
`6/1998
`6/1998
`12/1998
`12/1998
`7/1999
`9/1999
`3/2000
`11/2000
`7/2001
`
`C/I‘HER PUBLICATIONS
`
`Davila J et al, “ltnpleinentatin of Virtual Private Networks at the
`Transport Layer”, Information Security, Second International Work-
`shop, ISW’99. Proceedings (Lecture Springer-Verlag Berlin, Ger-
`many, [online] 1999, pp. 85-102, XP002399276, ISBN 3-540-
`66695-B, retrieved from the Internet: URL: http://wwwspringerlink.
`corn/content/4uac0tbOhecc1na89/fi1l1text.pd.t‘>(Ab11tract).
`Donald E. Eastlake, 111, “Domain Name System Security Exten-
`sions", Internet Drafi, Apr. 1998.
`P. Srisuresh, et a1., “DNS Extensions to Network Address Transla-
`tors", Internet Drafi, Jul. 1998.
`D.B. Chapman, et al., “Building Internet Firewalls, chapters 8 and 10
`(parts)", pp. 278-296 and pp. 351-375.
`Search Report (dated Jun. 18, 2002), International Application No.
`PCT/USO]/13260.
`
`Search Report (dated Jun. 28, 2002), International Application No.
`PCT/US01/13261.
`Donald E. Eastlake, “Domain Name System Security Extensions",
`DNS Security Working Group. Apr. 1998, 51 pages.
`D. B. Chapman et 31., “Building Intemd Firewalls", Nov. 1995, pp.
`278-297 andpp. 351-375.
`1'. Srisuresh et 31., “DNS extensions to NetworkAddress Translators",
`Jul. 1998, 27 pages.
`Laurie Wells, “Security Icon", Oct. 19, 1998, 1 page.
`W. Slallinga, “Cryptography And Network Security". 2”‘ Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`U.S. PATENT DOCUMENTS
`
`7/ 1994
`8/1994
`11/1994
`9/1996
`10/ 1996
`12/1996
`4/1997
`8/1997
`10/1997
`1 1/1997
`4/1998
`6/1998
`7/1998
`8/1998
`8/ 1998
`9/ 1998
`11/1998
`12J 1998
`2/ 1999
`2/1999
`3/1999
`4/1999
`4/1999
`5/1999
`6/1999
`1 1/1999
`12/1999
`1Z1999
`1/2000
`1/2000
`3/2000
`4/2000
`4/2000
`5/2000
`6/2000
`7/2000
`8/2000
`9/2000
`9/2000
`11/2000
`12/2000
`12/2000
`1/2001
`1/2001
`1/2001
`1/2001
`1/2001
`4/2001
`5/2001
`5/2001
`6/2001
`6/2001
`6/2001
`7/2001
`7/2001
`9/2001
`10/2001
`10/2001
`10/2001
`11/2001
`12/2001
`12/2001
`3/2002
`7/2002
`8/2002
`8/2002
`11/2002
`1212002
`1/2003
`1/2003
`4/2003
`
`Walsh et al.
`Barney et al.
`Chang et 81.
`Williams
`Lenneyetal.
`Aziz
`Umekita
`Olnowich et al.
`Nalcagawa
`Nguyen
`Dunne et al.
`Brendel at al.
`Arnold
`Sistnnizadeh et al.
`Esbensen
`Holloway at al.
`Hughes et al.
`Dunne et al.
`Osterman
`Beyda et al.
`Baehr et al.
`Klaus
`Wesinger, Jr. et al.
`Holloway et al.
`Valcia
`Thalheimer et a1.
`Adelman et al.
`Aravarmldan et al.
`Tomoike
`Huitema
`Yannguchi
`Wesinger, .11: et al.
`Smorodinsky et al.
`Rochbergeretal.
`Liu
`Muniyappaetal.
`Sistanimxzleh et al.
`Alkhatib
`Aziz et al.
`Shand at al.
`Berthaud
`Chen et al.
`Fare
`Taghacloss
`Weber et al.
`Schneideret al.
`Weber et al.
`Sasyan et al.
`Arrow 6 11].
`Shannon
`Bnsilico
`Sitaraman et al.
`Guerin et al.
`Strentzsch et al.
`
`Swifi
`Mighdoll et al.
`Kirch
`Boden et a1.
`Risley et a1.
`Borella et a1.
`Herzog et al.
`Davie et 31.
`Carter
`Valencia
`Munger et al.
`Mighdoll er al.
`Mayes et 111.
`Albert et al.
`
`AA
`
`>>>>>.’>>>>>>>>>>>>D>I>>I>>l>>>i>>>I>>>>>>>>>>>>
`
`5,329,521
`5,341,426
`5,367,643
`5,559,383
`5,561,669
`5,588,060
`5,625,626
`5,654,695
`5,632,480
`5,689,566
`5,740,375
`5,774,660
`5,737,172
`5,790,548
`5,796,942
`5,305,801
`5,842,040
`5,345,091
`5,867,650
`5,370,610
`5,878,231
`5,392,903
`5,898,830
`5,905,859
`5,913,019
`5,996,016
`6,006,259
`6,006,272
`6,016,318
`6,016,512
`6,041,342
`6,052,733
`6,055,574
`6,061,736
`6,079,020
`6,092,200
`6,101,132
`6,119,171
`6,1 19,234
`6,147,976
`6,157,957
`6,158,011
`6,168,409
`6,175,367
`6,178,409
`6,178,505
`6,179,102
`6,222,842
`6,226,751
`6,233,618
`6,243,360
`6,243,749
`6,243,754
`6,256,671
`6,263,445
`6,236,047
`6,301,223
`6,308,274
`6,311,207
`6,324,161
`6,330,562
`6,332,158
`6,353,614
`6,425,003
`6,430,155
`6,430,610
`6,437,593
`6,502,135
`6,505,232
`6,510,154
`6,549,516
`
`

`
`US 7,418,504 B2
`Page 3
`
`W. Stallings, "New Cryptography and Network Security Book”, Jun.
`8, 1998, 3 pages.
`Fasbender,Kesdogan. and Kubitz: “Variable and Scalable Security:
`Protection ofLocation Information in Mobile IP", IEEE publication,
`1996, pp. 963-967.
`Linux FreeSfWAN Index File, primed fiom http://liberty.fi'eeswan.
`org/fi'eeswan_ flees/fieeswan-1.3/dcd on Feb. 21, 2002, 3 Pages.
`J. Gilmore, “Swan: Securing the Internet against Wudapping”,
`printed from littp://l.iberty.i'reeswan.org/freeswan_ I:re$/freeswan-
`1.31'docfrationale.l1i:m1 on Feb. 21, 2002, 4 pages.
`Glossary for the Linux Frees/WAN project, printed from http://
`liberty.fi'eeswa.n.org/fi'eeswan_
`treeslfreeswan-ljldoclglossary.
`him] on Feb. 21, 2002, 25 pages.
`Alan 0. Frier et al., “The SSL Protocol Version 3.0", Nov. 18, 1996,
`printed from litlp://www.netscape.oon1/g/ssl 3ldraft302.txt on Feb.
`4, 2002, 56 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PCTIUSOI/04340.
`
`Search Report (dated Aug. 23, 2002), International Application No.
`PCT/U801/13260.
`Shree Muithy et al., "Congestion-Oriented Shortest Multipath Rout-
`ing”, Proceedings of IEEE INFOCOM, 1996, pp. 1028-1036.
`Jim Jones et al., “Distributed Denial of Service Attacks: Defenses",
`Global Integrity Corporation, 2000, pp. 1-14.
`James E. Bellaire, “New Statement of Rnles—Nai:uing Internet
`Domains", Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, "US Calls for Private Domain-Name System", Computer,
`IEEE Computer Society, Aug. 1, 1998, pp. 22-25.
`August Bequai, “Balancing Legal Concerns OverCrirneandSecurity
`in Cyberspace”, Computer & Security, Vol. 17, No. 4, 1998, pp.
`293-298.
`
`Rich Winkel, “CAQ: Networkinig with Spooks: The NET & The
`Control Of Information", Internet Newsgroup, Jun. 21, 1997, 4
`P3895-
`
`Search Report (dated Oct. '7, 2002), International Application No.
`PCTIUSOI/13261.
`
`F. I-Ialsall, “Data Comrnunicatimls, Computer Networks And Open
`Systems", Chapter 4, Protocol Basics, 1996, pp. 198-203.
`Reitier, Michael K. and Rubin, Aviel D. (AZl'&T Labs—Resea.rcl1),
`“Crowds: Anonymity for Web Transmissoins“, pp. 1-23.
`Dolev, Shlorni and Ostrovsky, Rafi], “EflicitAnonyn:lous Multicast
`and Reception"(Extended Abstract), 16 pages.
`Rubin, Aviel D., Greer, Daniel, and Ranum, Marcus J. (Wiley Com-
`puter Publishing). "Web Security Sourcebook", pp. 82-94.
`Fasbender, Kesdogan, and Kubitz: “Variable and Scalable Security"
`Protection of Location Information in Mobile IP, IEEE publication,
`1996, pp. 963-967.
`Eastlake, D. E., “Domain Name System Security Extensions“,
`Internet Draft, Apr. 1998, XP002l99931, Sections 1, 2.3 and 2.4.
`RFC 2401 (dated Nov. 1993) Security Atchitectine for the Internet
`Protocol (KTP).
`RFC 2543-SIP (dated Mar. 1999): Session Initiation Protocol (SIP or
`SIPS).
`Search Report, IPER (darned Nov. 13, 2002), International Applica-
`tion No. PCT/USO 1/04340.
`
`Search Report, IPER (dated Feb. 6, 2002), International Application
`No. PCT/USOI/13261.
`
`Search Report, IPER (dated Jan. 14, 2003), International Application
`No. PCT/US01/l3260.
`
`Shanlrur, A.U. “Averified sliding Windowprotocol with variable flow
`control". Proceedings ofACM SIGCOMM conference on Commu-
`nications aiichitecinres & protocols. pp. 84-91, ACM Press, NY, NY
`1 986.
`
`W. Stallings, “Crytography and Network Security", 2nd, Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 1 of40
`
`Us 7,418,504 B2
`
`
`
`I ORIGINATING
`TERMINAL
`M
`
`IP ROUTER
`I fl
`
`
`
`
`
`
`
`IP ROUTER
`E
`
`IP ROUTER
`3_0
`
`INTERNET
`my
`
`“’ R°”TER
`-19-
`
`IR ROUTER
`25
`
`IR RouTER
`.21
`
`48 ENCRYPTION KEY
`
`FIG. 1
`
`
`
`IP ROUTER
`E
`
`IR ROUTER
`A
`
`IP ROUTER
`.31
`
`IP ROUTER
`15;
`
`
`
`
`
`DESTINATION
`. TERMINAL
`M
`
`
`
`

`
`U.S. Patent
`
`Aug. 26, zoos
`
`Sheet 2 of40
`
`US 7,418,504 B2
`
`
`
`
` TARP
`TERMINAL
`
`TARP
`ROUTER
`12_5
`
`IP ROUTER
`E
`
` fl
`
`
`
`
` TARP-
`TERMINAL
`M
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 3 or 40
`
`Us 7,418,504 B2
`
`"\33DSESSl0N-KEY-ENCRYPTED
`PAYLOAD DATA
`‘\34oTARP PACKETWITH
`ENCRYPTED PAYLOADS
`
`-’ "
`
`
`
`‘\ 350 LINK-KEY-ENCRYPTED
`TARP PACKETS
`
`\3eo IP PACKETS WI
`ENCRYPTED TARP
`PACKETS AS PAYLOAD
`
`
`
`TARP
`DESTINATION
`
`

`
`U.S. Patent
`
`Aug. 26, zoos
`
`Sheet 4 of 40
`
`US 7,418,504 B2
`
`207a
`
`207b
`
`20Tc
`
`207d
`
`- - o
`
`A/300 DATA STREAM
`
`l]ij|Jijl]i:j—Z ' ' '
`
`
`
`
`
`.1-13.: ‘\-520 BLOCK-ENCRYPTED
`§ESSl0N-KEY) PAYLOAD
`EQUENCE
`\522 ENCRYPTED BLOCK
`DIVIDED mo PAYLOADS
`
`"3
`
`7’
`
`-,
`
`2
`
`"I
`
`
`
`‘\523ENCRYPTEDBLOCK
`DIVIDED mm PAYLOADS
`INTERLEAVED
`
`
`
`INTERLEAVE WINDOW
`
`
`
`
`
` " "i'5"':':3" ‘\523 ENCRYP1ED BLOCK
`nmnsnnmo moans
`INTERLEAVED
`
` ‘\a4o TARP PACKETSWITH
`
`ENCRYPTED PAYLOADS
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 5 of 40
`
`US 7,418,504 B2
`
`
`TARP TRANSCEIVER
`fl
`
`
`
`NETWORK (IP) LAYER
`fl
`
`
`
`ONE ALTERNATIVE TO
`COMBINE
`TARP PROCESSING
`WITH OIS IP
`PROCESSOR
`
`
`
`OTHERALTERNATIVE
`To come
`TARP PROCESSING
`WITH D.L PROCESSOR
`(e.g.. BURN INTO BOARD
`PROM)
`
`TARP LAYER
`fl
`
`
`
`
` PROTOCOL WRAPPER
`
`DATA LINK LAYER
`fl
`
`FIG. 4
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 6 of 40
`
`US 7,418,504 B2
`
`
`
`BACKGROUND LOOP - DECOY
`GENERATION
`-
`
`AUTHENTICATE TARP
`PACKET
`
`OUTER LAYER DECRYPTION
`OF TARP PACKET USING
`LINK KEY
`
`
`
`
`
`
`DUMP DECOY
`
`
`CHECK FOR DECOY AND
`INCREMENT PERISHABLE
`
`
`DECOY COUNTERAS
`
`APPROPRIATE
`
`
`
`TRANSMIT DECOY?
`
`YES
`
`DECREMENT
`TTL TTL > 0?
`
`85
`
`S7
`
`GENERATE NEXT~HOP TARP
`ADDRESS AND STORE LINK
`KEYAND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESSAND STORE LINK
`KEY AND IF ADDRESS
`
`
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`S10
`
`
`
`FIG. 5
`
`
`
`
`
`
`
`DETERMINE DESTINATION
`TARPADDRESS AND STORE
`LINK KEY AND IP ADDRESS
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 7 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`S20
`
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`S21
`
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TTL. STORE
`IN TARP HEADER
`
`S22
`
`RECORD WINDOW SEO. NOS. AND
`INTERLEAVE SEQ. NOS. IN TARP
`HEADERS
`
`S23
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IP ADDRESS
`AND STORE IN CLEAR IP HEADER.
`OUTER LAYER ENCRYPT
`
`S24
`
`INSTALL CLEAR IP HEADER AND
`TRANSMIT
`
`825
`
`FIG. 6
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 8 of 40
`
`Us 7,418,504 B2
`
`DIVIDE BLOCK INTO PACKETS
`USING WINDOW SEQUENCE
`
`DATA, ADD CLEAR IP HEADERS
`GENERATED FROM TARP
`HEADERS '
`
`349
`
`HAND COMPLETED IP PACKETS
`T0 IP LAYER PROCESS
`
`550
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`S40
`
`AUTHENTICATE TARP PACKET
`RECEIVED
`
`S42
`
`DECRYPT OUTER LAYER
`ENCRYPTION WITH LINK KEY
`
`343
`
`INCREMENT PERISHABLE
`COUNTER IF DECOY
`
`S44
`
`THROWAWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`
`S45
`
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`S46
`
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`S47
`
`DECRYPT BLOCK
`
`S43
`
`FIG. 7
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 9 of 40
`
`Us 7,418,504 B2
`
`SSYN
`
`ACK PACKET
`PACKET
`PA3c2+§ET
`
`822 823
`
`SSYN ACK
`
`SSYN ACK
`
`
`
` TARP
`ROUTER
`El
`
`825
`SECURE SESSION
`INITIATIONACK
`
`
`824
`SECURE SESSION
`INHIATION
`
`FIG. 8
`
`301
`
`

`
`U.S. Patent
`
`Aug. 23, 2003
`
`Sheet 10 of 40
`
`US 7,418,504 B2
`
`fix map
`°”sEJ1" Li/Z R0g1§ER
`
`TRANSMITTABLE
`RECEIVE TABLE
`921
`924
`?_;___Z 2__A_j_
`
`131.213.204.93
`131.213.204.221
`131.213.204.139
`131.213.204.12
`
`-
`-
`-
`-
`
`131.213.204.35
`131.213.204.97
`131.213.204.133
`131.213.204.55
`
`131.213.204.93
`131.213.204.221
`131.213.204.139
`131.213.204.12
`
`-
`-
`-
`-
`
`131.213.204.35
`131.213.204.97
`131.213.204.133
`131.213.204.55
`
`RECEIVE TABLE
`TRANSMIT TABLE
`922
`923
`__jA_:___ _._:J___?_
`131.213.204.131
`-
`131.213.204.39
`131.213.204.131
`-
`131.213.204.39
`131.213.204.33
`-
`131213.204.212
`131.213.204.33
`-
`131.213.204.212
`131.213.204201
`-
`131.213.204.127
`131.213.204201
`-
`131.213.204.127
`131.213.204.119
`.
`131.213.204.49
`131.213.204.119
`-
`131.213.204.49
`
`FIG. 9
`
`

`
`U.S. Patent
`
`Aug. 25, 2008
`
`Sheet 11 0140
`
`US 7,418,504 B2
`
`FIG. 10
`
`

`
`U.S. Patent
`
`Aug. 26, 2003
`
`Sheet 12 of 40
`
`Us 7,418,504 B2
`
`8:
`
`as
`
`
`
`m_em=mastmzm__._m
`
`
`
`
`
`Ema:mas:m_,_E_E
`
`3:8“$523:.2.»
`
`E3:E9:n__8wanna3:.59
`
`
`
`Eumwmga1..53E“mags.__§_8.a.
`
`
`
`2H_._m_:s__§a
`
`2.20:5.
`
`<3:
`
`ms:
`
`<8:
`
`was
`
`Q3:
`
`.2:
`
`ms:_.
`
`<3:2332%.53%I8$52.5:gm
`
`,Em_Im._2._.__
`
`S:
`
`E=m_§_§_n
`
`<3:_$...m,_._2.__.E._2_mm§<.__mesa
`
`
`
`2:523?.
`
`
` E_
`
`<8:
`
`was
`
`us:
`
`NE.
`
`
`
`E..O_u_
`
`
`
`E5:E9:.__
`
`
`
`2.Hmméa._.mess
`
`
`2___._m.z
`
`s_6m_n_2wage.__.53
`
`g232..
`
`
`
`
`
`
`
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 13 M40
`
`Us 7,418,504 B2
`
`.
`
`Es
`
`
`
`mmiozfi§<.§_.__
`
`8.5.
`
`
`
`
`8..E$$o_,_a=$52.2:mszofi§§o__.__
` 8~_xmnfi
`
`<9.3
`
`

`
`U.S. Patent
`
`Aug. 25, 2008
`
`Sheet 14 of 40
`
`Us 7,418,504 B2
`
`II°”E
`EMBoF,’,I,‘MENT
`
`HARDWARE
`ADDRESSES
`
`IPADDRESSES
`
`5AIIE"°'”LL“°“E5
`
`CANBEVARIED
`
`
`
`DISCRIMINATOR FIELD
`muss
`
`CANBEVARIED
`
`2. PROMISCUOUS
`PER VPN
`
`
`
`FIXED FOR EACH VPN
`
`CAN BE VARIED
`IN SYNC
`
`
`
`CAN BE VARIED
`IN SYNC
`
`3. HARDWARE
`HOPPING
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`.
`
`
`
`
`
`
`
`
`
`FIG. 12B
`
`

`
`U
`
`mtaP
`
`wm,m_m.A
`
`u
`
`HI
`
`2B
`
`&Sfl8.28232
`
`
`
`tEzmaEzma
`
`moz5az_ms_8
`
`n32sasm¥._o<.E_.__
`
`§m.a$o§8.__
`
`
`
`0Egg.zo_%$%_.__m:2
`
`
`
`mm%,..__._3.,.3321
`
`32.@_.v__,_:82
`
`3,ms:M9.5%
`m2GE
`
`
`
`W02Dmfimnbmmm
`
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 16 of 40
`
`Us 7,418,504 B2
`
`CURRENT IP PAIR V--.-,_
`ckpt_o -as
`
`IP PAIR 1
`IP PAIR 2
`
`IP PAIR 1
`
`IP PAIR 2
`
`RECIPIENTS ISP
`
`KEPT IN SYNCFOR SENDERTO RECIPIENT SYNCHRONIZER «- --------------------- ---
`
`KEPT IN svuc FOR RECIPIENTTO SENDER svncnnoum -—:———j>
`
`FIG. 14
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 17 of 40
`
`Us 7,418,504 B2
`
`@
`
`@ WHEN SYNCHRONIZATION
`BEGINS TRANSMIHRETRANSMIT
`§'$:'3'c?°'°“3”.l,’”E‘IJ%v’}.°“°“’
`_RE um
`TRANSMITIER CHECKPOINTIP
`
`
`SYNC_REQ
`
`
`*
`
`:
`‘
`5
`;
`
`NEW RECENER RESPONSE
`CHECKPOINT 0k|3Ll'
`
`#
`
`# WHEN SYNC_ACK
`ARRIVES WITH INCOMING
`2EfiEE§fE°’,‘j’Etw"
`CHECKPOINTIPPNR
`
`ckpt_n IN TRANSMITTER
`
`FIG. 15
`
`IW
`
`.
`
`W
`
`.upDA1-E MNDOW
`,GENERM-E NEW
`CHECKPOINT [P PAIR
`ckpt__n IN RECEIVER
`E;‘i.E'%‘E{.‘=‘c‘..'ir".E“r'»A.R
`
`usme NEWCHECKPOINT
`‘P PH“ '*PL'
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 18 of40
`
`Us 7,418,504 B2
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 19 of 40
`
`Us 7,418,504 B2
`
`VIIIIIIIIIII.
`O
`
`000 —
`
`
`
`
`VIIIIIIIIIIIJ
`ZIIIIIIIIIIA
`WIIIITIIIIIA
`
`
`%IIIIIIIIIJ
`
`
`WIIIIIIIIIIJ.
`
`
`
`I INAC11VE
`Z ACTIVE
`E
`USED
`
`W|NDOW_SlZE
`
`
`
`
`O
`
`O
`
`
`
`WINDOW_S|ZE
`
`VIIIIIIIIIIJ
`VIIIIIIIIIIJ
`
`
`KIIIIIIIIIIIA
`
`
`VIIIIIIIIIIJ
`
`FIG. 17
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 20 of 40
`
`US 7,418,504 B2
`
`—V
`
`lllllllllfl
`O
`
`I
`
`WIIIIIIIIIIA
`TIIIIIIIIIIA
`WIIIIIIIIIIA
`WIIIIIIIIIIA
`TIIIIIIIIIIZ
`
`000
`
`W|NDOW_S|ZE
`
`W|NDOW_SlZE
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 21 of 40
`
`Us 7,418,504 B2
`
`WIIIIIIIIIIA
`
`C O
`
`
`
`
`
`
`
`000
`
`
`
`VIIIIIIIIIIA
`VIIIIIIIIIIA
`VIIIIIIIIIIZ
`O
`
`
`
`
`
`
`
`TIIIIIIIIIIA
`WIIIIIIIIIIA
`%f}£’r5555fi
`EIIIIIIIIJ,
`
`WINDOW_SlZE
`
`000
`
`
`
`""'“°°""‘S'ZE
`
`
`
`
`
`
`Vlllllllllll
`
`FIG. 19
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 22 of 40
`
`Us 7,418,504 B2
`
`2011 FIG.20
`
`
` COMPUTER #1
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 23 of 40
`
`US 7,418,504 B2
`
`AE TABLE
`
`
`
`
`an TABLE
`
`BE TABLE
`
`LINK nown
`
`2100/
`
`cu TABLE
`
`2102
`
`-2103
`
`2104
`
`m5
`
`2106
`
`2107
`
`
`
`% 2103
`
`2109
`
`cs TABLE
`
`FIG. 21
`
`

`
`U.S. Patent
`
`Aug. 26, zoos
`
`Sheet 24 of 40
`
`US 7,418,504 B2
`
`
`
`QUALITY < THRESHOLD?
`
`T0 MIN. VALUE
`
`
`
`PATH X
`
`
`
`
`DECREASE WEIGHT
`FOR PATHX
`
`2203
`
`
`
`PATHX
`WEIGHT LESS THAN
`STE‘AE_YUgATE
`
`
`
`INCREASE
`WEIGHT FOR PATH X
`TOWARD STEADY
`
`
`
`STATE VALUE
` ADJUST WEIGHTS
`
`FOR REMAINING
`PATHS SO THAT
`2206
`
`WEIGHTS EQUAL ONE
`
`
`
`FIG. 22A
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 25 M40
`
`Us 7,418,504 B2
`
` (EVENT) TRANSMITTER
`
` 2210
`
`FOR PATH X
`TURNS OFF
`
`
`TURNS ON
`
`
`
`
`DROP ALL PACKETS
`UNTILATRANSMITTER
`
` SET WEIGHT
`TO ZERO
`
`
`
` ADJUST WEIGHTS
`
`
`FOR REMAINING PATHS
`
`SO THAT WEIGHTS
`EQUAL ONE
`
`FIG. 22B
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 26 of40
`
`US 7,418,504 B2
`
`2308
`\
`TRANSMIT TABLE
`
`PACKET
`TRANSMITFER
`
`PACKET
`RECEIVER
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 27 of 40
`
`US 7,418,504 B2
`
`
`
`2403
`
`100Mh!s MESST=32
`
`I
`
`99;
`9
`9
`
`
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 28 of40
`
`Us 7,418,504 B2
`
`DNS RESP
`
`PAGE REQ
`
`PAGE RESP
`
`FIG. 25
`(PRIOR AR'I')
`
`

`
`U.S. Patent
`
`Aug. 26, zoos
`
`Sheet 29 of 40
`
`Us 7,418,504 B2
`
`2602
`
` GATE KEEPER
`
`HOPPING
`
`RULES
`
`
`
`
`HOPPING
`
`FIG. 26
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 30 of40
`
`US 7,418,504 B2
`
`
`
` RECEIVE
`
`DNS REQUEST
`FOR TARGET SITE
`
`
`2701
`
`
`
` RETURN
`‘HOST UNKNOWN"
`
`ERROR
`
` ESTABLISH
`
`VPN WITH
`TARGET SITE
`
`
`
`
`
`2706
`
`FIG. 27
`
`
`
`
`
`ACCESS TO
`SECURE SITE
`REQUESTED?
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 31 of 40
`
`Us 7,418,504 B2
`
`2803
`
`2801
`
`HOST
`COMPUTER #1
`
`2805
`
`
`
`
`2804
`
`HOST
`COMPUTER #2
`
`FIG. 28
`
`

`
`U.S. Patent
`
`Aug. 26, zoos
`
`Sheet 32 of 40
`
`US 7,418,504 B2
`
`2901
`
`
`
`HOST COMPUTER #1
`
`
`
`HOST COMPUTER#2
`
`
`
`TX_
`
`RX
`
`
`FLOOD IP
`HACKER
`TX 100-200
`COMPUTER
`
`
`FIG. 29
`
`2902
`
`2903
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 33 of 40
`
`Us 7,418,504 B2
`
`m_:__§2E
`
`8dz
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 34 of 40
`
`Us 7,418,504 B2
`
`
`
`CLIENT #2
`
`
`
`3209
`
`3210
`
`3105
`
`HACKER
`
`FIG. 31
`
`

`
`U.S. Patent
`
`Aug. 25, zoos
`
`Sheet 35 of 40
`
`US 7,418,504 B2
`
`CLIENT
`
`SERVER
`
`SEND DATAPACKET
`USINGckpl_n
`CKPT_0=d(pI_n
`GENERATE NEW Ln
`
`gTFA:RTUMER.SHU TRANSMITTER
`
`IF CI(FT_0 IN SYNC_ACK
`MATCHES TRANSMITTERS
`d<nLo
`UPDATE RECEIVERS
`cIIpt_r
`KILL TIMER. TURN
`TRANSMITTER ON
`
`SEND DATA PACKET
`
`g$NGckpI_n
`I_o=cI:pt_n
`GENERATE NEW cIq1I_n
`‘SJTFARTTIMER SHUTTRANSMITTER
`
`WHEN TIMEREXPIRES
`TRANSMITSYNTLREO
`USINGTRANSMITTERS
`ckpI_n.STARTTTMER
`
`IF ckpt_o IN SYNC_M‘.K
`MATCHES TRANSMTITERS
`ckpt_o
`UPDATE RECEIIIERS
`ckpI_r
`KILL TIMER. TURN
`TRANSMITTER ON
`
`SYNC-RE“
`
`FIG. 32
`
`PASS DATAUP STACK
`oI¢I.o=d<p1.n
`GENERATENEWekpI_n
`GENERATE NEWckpI_rFOR
`TRANSMITTER SIDE
`mmsmnsvucjcx
`GONTAIN|NGckpt_o
`
`d<pLo=dtpLn
`GENERATE NEW ckpLn
`GENERATE NEW ckp1_rFOR
`TRANSMITTER SIDE
`TRANSMIT SYNC_ACK
`CONTAINING cI:pt_o
`
`

`
`U.S. Patent
`
`M...A
`
`mm_,
`
`«M
`
`4M63W...
`
`7
`
`2
`
`
`
`
`
`
`
`
`
`&,2.25285%I_§_.ma§_._m___@_EoM,IIIIIE
`
`B2.W.3:2as.E...as22mm0_n_
`
`
`
`sasfi_§_U=2§.E,__
`
`0m_.,._=om_m
`
`.23._<Eon_
`
`as
`
`Mas
`
`88
`
`
`
`/IEssa
`
`233".as ‘comm
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 37 of40
`
`Us 7,418,504 B2
`
`DISPLAY WEB PAGE
`CONTAINING GO
`SECURE HYPERLINK
`
`3431‘
`3401
`
`
`
` E
`
`DOWNLOAD AND
`INSTALL PLUG-IN
`
`CLOSE CONNECTION
`
`LAUNCH LINK TO
`.COM SITE
`
`3404
`
`3405
`
`3406
`
`
`
`DISPLAY ‘SECURE’ ICON
`
`
`
`TERMINATE
`SECURE
`CONNECTION
`
`
`V55
`REPLACE SECURE TOP-LEVEL
`DOMAIN NAME WITH NON-SECURE
`TOP-LEVEL nawun NAME
`
`3413
`
`L
`
`D|SPLAY'GOSECURE' HYPERLINK
`
`AUTOMATIC REPLACEMENT or TOP-LEVEL
`DOMAIN NAME wnm SECURE TOP-LEVEL
`DOMAIN NM
`
`3407
`
`3412
`
`ACCESS SECURE PORTALAND
`SECURE NETWORK AND SECURE DNS
`
`3403
`
`.
`
`0BTA|BIR9EEs%UfI_36E Cé)|IéPUTERNETWORK
`‘D
`R E UREWEBSIIE
`
`ACCESS GATE KEEPER AND RECEIVE
`PARAMETERS FOR ESTABLISHING VPN
`
`WITH SECUREWEBSIIE
`
`3409
`
`3410
`
`3414
`
`3415
`
`CONNECTTO SECURE wE3srrE
`usmc VPN BASEDONPARAMEIERS E
`ESTABLISHED av GATE KEEPER
`3411
`
`FIG. 34
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 38 of 40
`
`US 7,418,504 B2
`
`
` REQUESTOR ACCESSES WEBSITE
`
`AND LOGS INTO SECURE
`DOMAIN NAME REGISTRY SERVICE
`
`
`
`
`
`3501
`
`
`
` QUERY STANDARD DOMAIN NAME
`
`SERVICE REGARDING OWNERSHIP
`OF EQUIVALENT NON-SECURE
`DOMAIN NAME
`
`DOMAIN NAME REGISTRY
`
`RECEIVE REPLY FROM STANDARD
`
`
`
`INFORM REQUESTOR
`OF CONFLICT
`
`
`
`3505
`
`NO
`
`
`
`
`
`VERIFY INFORMATION AND
`ENTER PAYMENT INFORMATION
`
`REGISTER SECURE DOMAIN NAME
`
`FIG. 35
`
`3506
`
`3507
`
`
`
` 3508
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 39 of 40
`
`Us 7,418,504 B2
`
`
`
`
`3611
`
`WEB SERVER
`
`SERVER PROXY
`
`3610
`
`3609
`
`VPN GUARD
`
`COMPUTER NEIWORK
`
`FIREWALL
`
`3603
`
`3501
`
`
`
`3602
`
`
`I BROWSER H PROXYAPPLICATION I
`
`3595
`
`3605
`
`3607
`
`3504
`
`FIG. 36
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 40 of 40
`
`US 7,418,504 B2
`
`3700
`
`GENERATE MESSAGE PACKETS
`
`am
`
`MODIFY MESSAGE PACKETS WITH PRIVATE
`CONNECTION DATA AT AN APPLICATION LAYER
`
`3702
`
`SEND TO HOST COMPUTER
`THROUGH FIREWALL
`
`RECEIVE PACKETS AND AUTHENTICATE
`AT KERNEL LAYER OF HOST COMPUTER
`
`RESPDND To RECEIVED MESSAGE
`PACKETS AND GENERATE REPLY
`MESSAGE PACKETS
`
`MODIFY REPLY MESSAGE PACKETS WITH
`PRIVATE CONNECTION DATA AT A
`KERNEL LAYER
`
`SEND PACKETS TO CLIENT COMPUTER
`THROUGH FIREWIRE
`
`RECEIVE PACKETS AT CLIENT
`COMPUTER AND AUTHENTICATE AT
`APPLICATION LAYER
`
`FIG. 37
`
`3703
`
`3704
`
`3705
`
`3705
`
`3707
`
`3708
`
`

`
`US 7,418,S04 B2
`
`1
`AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application claims priority from and is a continuation
`patent application of U.S. application Ser. No. 09/558,210,
`filedApr. 26, 2000 now ahandoneed, which is a continuation-
`in-part patent application ofpreviously-filed U.S. application
`Ser. No. 09/504,783, filedon Feb. 15, 2000, now U.S. Pat. No.
`6,502,135, issued Dec. 31, 2002, which claims priority fi'om
`and is a continuation-in-part patent application ofpreviously-
`filed U.S. application Ser. No. 09l429,643, filed on Oct. 29,
`1999 now U.S. Pat. No. 7,010,604. The subjectmatter ofU.S.
`application Ser. No. 09/429,643, whichis bodily incorporated
`herein, derives from provisional U.S. application Nos.
`60/106,261 (filed Oct. 30, 1998) and 60/1 37,704 (filed Jun. 7,
`1999). The present application is also related to U.S. appli-
`cation Ser. No. 09/558,209, filed Apr. 26, 2000, and which is
`incorporated by reference herein.
`
`GOVERNMENT CONTRACT RIGHTS
`
`This invention was made with Government support under
`Contract No. 360000-1999-000000-QC-000-000 awarded by
`the Central Intelligence Agency. The Government has certain
`fights in the invention.
`
`BACKGROUND OF THE INVENTION
`
`A trendous variety ofmethods have been proposed and
`implemented to provide security and anonymity for commu-
`nications overthe Internet. The variety stems, inpart, fiom the
`different needs of dilferent Internet users. A basic heuristic
`framework to aid in discussing these diiferent security tech-
`niques is illustrated in FIG. 1. Two terminals, an originating
`terminal 100 and a destination terminal 110 are in communi-
`cation over the Internet. It is desired for the communications
`to be secure, that is, immune to eavesdropping. For example,
`terminal 100 may transmit secret information to terminal 110
`over the lntemet 107. Also, it may be desired to prevent an
`eavesdropper from discovering that terminal 100 is in com-
`municationwithtenninal 110. For example, ifterminal 100 is
`a user and terminal 110 hosts a web site, terminal 100’s user
`may not want anyone in the intervening networks to know
`what web sites he is “visiting." Anonymity would thus be an
`issue, for example, for companies that want to keep their
`market research interests private and thus would prefer to
`prevent outsiders from knowing which web-sites or other
`Internet resources they are “visiting.” These two security
`issues may be called data security and anonymity, respec-
`tively.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the origi-
`nating and terminating terminals 100 and 110. The keys may
`be private and public at the originating and destination termi-
`nals 100 and 110, respectively or they may be symmetrical
`keys (the same key is used by both parties to encrypt and
`decrypt). Many encryption methods are known and usable in
`this context.
`
`To hide traffic from a local administrator or ISP, a user can
`employ a local proxy server in communicating over an
`encrypted channel with an outside proxy such that the local
`administrator or ISP only sees the encrypted trafiic. Proxy
`servers prevent destination servers from determining the
`
`2
`
`identities of the originating clients. This system employs an
`intermediate server interposed between client and destination
`server. The destination server sees only the Internet Protocol
`(IP) address ofthe proxy server and not the originating client.
`The target server only sees the address ofthe outside proxy.
`This scheme relies on a trusted outside proxy server. Also,
`proxy schemes are vulnerable to trafiic analysis methods of
`determining identities of transmitters and receivers. Another
`important limitation ofproxy servers is that the server knows
`the identities of both calling and called parties. In many
`instances, an originating tenninal, such as terminal A, would
`prefer to keep its identity concealed fiom the proxy, for
`example, ifthe proxy server is provided by an Internet service
`provider (ISP).
`To defeat traffic analysis, a scheme called Chaum’s mixes
`employs a proxy server that transmits and receives fixed
`lengthmessages, including dummy messages. Multiple origi-
`nating terminals are connected through a mix (a server) to
`multiple target servers. It is ditficult to tell which of the
`originating terminals are communicating to which ofthe con-
`nected target servers, and the dummy messages confuse
`eavesdroppers‘ efforts to detect communicating pairs by ana-
`lyz.ingtraflic.Adrawbackis thatthereisariskthatthemix
`server could be compromised. One way to deal with this risk
`is to spread the trust among multiple mixes. If one mix is
`compromised, the identities of the originating and target ter-
`minals may remain concealed. This strategy requires a num-
`bra‘ ofalternative mixes so that the intermediate servers inter-
`posed between the originating and target terminals are not
`determinable except by compromising more than one mix.
`The strategy wraps the message with multiple laya-s of
`encrypted addresses. The first mix in a sequence can decrypt
`only the outcrilayer of the message to reveal the next desti-
`nation mix in sequence. The second mix can decrypt the
`message to reveal the next mix and so on. The target server
`receives the message and, optionally, a multi-layer encrypted
`payload containing rennn infonnation to send data back in
`the same fiashion. The only way to defeat such a mix scheme
`is to collude among mixes. Ifthe packets are all fixed-length
`and intermixed with dummy packets, there is no way to do
`any kind of traflic analysis.
`Still another anonymity technique, called ‘crowds,’ pro-
`tects the identity of the originating terminal from the inter-
`mediate proxies by providing that originating terminals
`belong to groups ofproxies called crowds. The crowd proxies
`are interposed between originating and target terminals. Each
`proxy through which the message is sent is randomly chosen
`by an upstream proxy. Each intermediate proxy can send the
`message either to mother randomly chosen proxy in the
`“crowd" or to the destination. Thus, even crowd members
`cannot determine ifa preceding proxy is the originator ofthe
`message or if it was simply passed from another proxy.
`ZKS (Zero-Knowledge Systs) Anonymous IP Protocol
`allows users to select up to any of five difierent pseudonyms,
`while desktop software crypts outgoing traflic and wraps it
`in User Datagram Protocol (UDP) packets. The first server in
`a 2+-hop system gets the UDP packets, strips ofi‘one layer of
`encryption to add anothu, then sds the trafiic to the next
`server, which strips off yet another layer of encryption and
`adds anew one. Theuser is permittedto control thennmber of
`hops. At the final server, traflic is decrypted with an untrace-
`able IP address. The technique is called onion-routing. This
`method can be defeated using traflic analysis. For a simple
`example, bursts ofpackets from a user during low-duty peri-
`ods can reveal the identities of sender and receiver.
`Firewalls attempt to protect LANs from unauthorized
`access and hostile exploitation or damage to computers con-
`
`10
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`S5
`
`60
`
`65
`
`

`
`3
`
`US 7,418,504 B2
`
`4
`
`nected to the LAN. Firewalls provide a server through which
`all access to the LAN must pass. Firewalls are centralized
`systems that require administrative overhead to
`They can be compromised by virtual-machine applications
`(“applets"). They instill a false sense of security that leads to
`security breaches for example by users sending sensitive
`information to servers outside the firewall or encouraging use
`ofmodems to sidestep the firewall security. Firewalls are not
`useful for distributed systems such as business travelers,
`extranets, small teams, etc.
`
`related atanytimebya'I'ARProuteroraTARPterminal using
`a Looktrp Table (LUT). When a TARP router or terminal
`changes its IP address, it updates the other TARP routers and
`terminals which in turn update their respective LUTs.
`The message payload is hidden behind an inner layer of
`encryption in the TARP packet that can only be unlocked
`using a session key. The session key is not available to any of
`the intervening TARP routers. The session lcey is used to
`decrypt the payloads ofthe TARP packets permitting the data
`stream to be reconstructed.
`
`SUMMARY OF THE JNVENTION
`
`A secure mechanism for communicating over the internet,
`including a protocol referred to as the TunneledAgile Routing
`Protocol (TARP), uses a unique two-layer encryption format
`and special TARP routers. TARP routers are similar in func-
`tion to regular IP routers. Each TARP router has one or more
`IP addresses and uses normal IP protocol to send IP packet
`messages (“packets” or “datagrams”). The IP packets
`exchanged between TARP terminals via TARP routers are
`actually encrypted packets whose true destination address is
`concealed except to TARP routers and servers. The normal or
`“clear” or “outsi ” IP header attached to TARP IP packets
`contains only the address of a next hop router or destination
`server. That is, instead of indicating a final destination in the
`destination field of the JP header, the ‘TARP packet’s IP
`header always points to a next-hop in a series ofTARP router
`hops, or to the final destination. This means there is no overt
`indication from an intercepted TARP packet of the true des-
`tination of the TARP packet since the