Method for establishing secure communication link between computers of virtual private network Number:6,826,616 from the United States Patent and Trademark Office (PTO) owispatent A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet.<H communication, establishing, Method, for, esta, 6826616.html, Patent, pto, 6826616

Title: Method for establishing secure communication link between computers of virtual private network

Abstract: A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet.

Patent Number: 6,826,616 Issued on 11/30/2004 to Larson, et al.

Inventors: Larson; Victor (Fairfax, VA); Short, III; Robert Dunham (Leesburg, VA); Munger; Edmund Colby (Crownsville, MD); Williamson; Michael (South Riding, VA)
Assignee: Science Applications International Corp. (San Diego, CA)

Appl. No.: 702580

Filed: November 7, 2003

Related U.S. Patent Documents


Application Number	Filing Date	Patent Number	Issue Date
558209	Apr., 2000
504783	Feb., 2000	6502135	Dec., 2002
429643	Oct., 1999

Current U.S. Class: 709/228 ; 709/227

Field of Search: 709/227,228 370/351,389 713/201

References Cited [Referenced By]

U.S. Patent Documents


4933846	June 1990	Humphrey et al.
5341426	August 1994	Barney et al.
5588060	December 1996	Aziz
5689566	November 1997	Nguyen
5787172	July 1998	Arnold
5796942	August 1998	Esbensen
5805801	September 1998	Holloway et al.
5842040	November 1998	Hughes et al.
5878231	March 1999	Baehr et al.
5892903	April 1999	Klaus
5898830	April 1999	Wesinger, Jr. et al.
5905859	May 1999	Holloway et al.
5918019	June 1999	Valencia
6006259	December 1999	Adelman et al.
6016318	January 2000	Tomoike
6052788	April 2000	Wesinger, Jr. et al.
6079020	June 2000	Liu
6092200	July 2000	Muniyappa et al.
6119171	September 2000	Alkhatib
6158011	December 2000	Chen et al.
6168409	January 2001	Fare
6178505	January 2001	Schneider et al.
6226751	May 2001	Arrow et al.
6243749	June 2001	Sitaraman et al.
6286047	September 2001	Ramanathan et al.
6330562	December 2001	Boden et al.
6332158	December 2001	Risley et al.
6353614	March 2002	Borella et al.
6487598	November 2002	Valencia
6502135	December 2002	Munger et al.
2002/0004898	January 2002	Droge

Foreign Patent Documents


199 24 575	Dec., 1999	DE
0 814 589	Dec., 1997	EP
0 838 930	Apr., 1998	EP
0 858 189	Aug., 1998	EP
2 317 792	Apr., 1998	GB
WO 98/27783	Jun., 1998	WO
WO 98 55930	Dec., 1998	WO
WO 98 59470	Dec., 1998	WO
WO 99 38081	Jul., 1999	WO
WO 99 48303	Sep., 1999	WO
WO 00/70458	Nov., 2000	WO
WO 01 50688	Jul., 2001	WO

Other References

Search Report (dated Jun. 18, 2002), International Application No. PCT/US01/13260. .
Search Report dated (Jun. 28, 2002), International Application No. PCT/US01/13261. .
Donald E. Eastlake, "Domain Name System Security Extensions", DNS Security Working Group, Apr. 1998, 51 pages. .
D. B. Chapman et al., "Building Internet Firewalls", Nov. 1995, pp. 278-297 and pp. 351-375. .
P. Srisuresh et al., "DNS extensions to Network Address Translators", Jul. 1998, 27 pages. .
Laurie Wells, "Security Icon", Oct. 19, 1998, 1 page. .
W. Stallings, "Cryptography And Network Security", 2.sup.nd Edition, Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440. .
W. Stallings, "New cryptography And Network Security Book", Jun. 8, 1998, 3 pages. .
Fasbender, Kesdogan, and Kubitz: "Variable and Scalable Security: Protection of Location Information in Mobile IP", IEEE publication, 1996, pp. 963-967 .
Linux FreeS/WAN Index File, printed from http://liberty.freeswan.org/freeswan trees/freeswan-1.3/doc/ on Feb. 21, 2002, 3 pages. .
J. Gilmore, "Swan: Securing the Internet against Wiretapping", printed from http://liberty.freeswan.org/freeswan trees/freeswan-1.3/doc/rationale.html on Feb. 21, 2002, 4 pages. .
Glossary for the Linux FreeS/WAN project, printed from http://liberty.freeswan.org/freeswan trees/freeswan-1.3/doc/glossary.html on Feb. 11, 2002 25 pages. .
Alan O. Frier et al., "The SSL Protocol Version 3.0", Nov. 18, 1996, printed from http://www.netscape.com/eng/ss13/draft302.txt on Feb. 4, 2002, 56 pages. .
Search Report (dated Aug. 20, 2002), International Application No. PCT/US01/04340. .
Search Report (dated Aug. 23, 2002), International Application No. PCT/US01/13260. .
Shree Murthy et al., "Congestion-Oriented Shortest Multipath Routing", Proceedings of IEEE INFOCOM, 1996, pp. 1028-1036. .
Jim Jones et al., "Distributed Denial of Service Attacks: Defenses", Global Integrity Corporation, 2000, pp. 1-14. .
James E. Bellaire, "New Statement of Rules--Naming Internet Domains", Internet Newsgroup, Jul. 30, 1995, 1 page. .
D. Clark, "US Calls for Private Domain-Name System", Computer, IEEE Computer Society, Aug. 1, 1998, pp. 22-25. .
August Bequai, "Balancing Legal Concerns Over Crime and Security in Cyberspace", Computer & Security, vol. 17, No. 4, 1998, pp. 293-298. .
Rich Winkel, "CAQ: Networking With Spooks: The NET & The Control OF Information", Internet Newsgroup, Jun. 21, 1997, 4 pages. .
Search Report (dated Oct. 7, 2002), International Application No. PCT/US01/13261. .
F. Halsall, "Data Communications, Computer Networks And Open Systems", Chapter 4, Protocol Basics, 1996, pp. 198-203. .
Reiter, Michael K. and Rubin, Aviel D. (AT&T Labs--Research), "Crowds: Anonymity for Web Transmissions", pp. 1-23. .
Dolev, Shlomi and Ostrovsky, Rafil, "Efficient Anonymous Multicast and Reception" (Extended Abstract), 16 pages. .
Rubin, Aviel D., Greer, Daniel, and Ranum, Marcus J. (Wiley Computer Publishing), "Web Security Sourcebook", pp. 82-94. .
Fasbender, Kesdogan, and Kubitz: "Variable and Scalable Security" Protection of Location Information in Mobile IP, IEEE publication, 1996, pp. 963-967..

Primary Examiner: Lim; Krisna
Attorney, Agent or Firm: Banner & Witcoff, Ltd.

Parent Case Text

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority from and is a divisional patent application of U.S. application Ser. No. 09/558,209, filed Apr. 26, 2000, now abandond, which is a continuation-in-part patent application of previously-filed U.S. application Ser. No. 09/504,783, filed on Feb. 15, 2000, now U.S. Pat. No. 6,502,135, issued Dec. 31, 2002, which claims priority from and is a continuation-in-part patent application of previously-filed U.S. application Ser. No. 09/429,643, filed on Oct. 29, 1999. The subject matter of U.S. application Ser. No. 09/429,643, which is bodily incorporated herein, derives from provisional U.S. application Nos. 60/106,261 (filed Oct. 30, 1998) and 60/137,704 (filed Jun. 7, 1999). The present application is also related to U.S. application Ser. No. 09/558,210, filed Apr. 26, 2000, and which is incorporated by reference herein.

Claims

What is claimed is:

1. A method for communicating using a private communication link between a client computer and a server computer over a computer network, the method comprising steps of: sending an information packet from the client computer to the server computer over the computer network, the information packet containing data that is used for forming a virtual private connection between the client computer and the server computer, the data that is used for forming the virtual private connection being inserted into a payload portion of the information packet at the client computer by an application layer program; receiving the information packet at a kernel layer of an operating system on the server computer; and determining at the kernel layer of the operating system on the server computer whether the information packet contains the data that is used for forming the virtual private connection.

2. The method according to claim 1, further comprising a step of passing the information packet through a firewall before sending the information packet over the computer network.

3. The method according to claim 1, wherein the data used for forming the virtual private connection corresponds to a predetermined level of service provided to the client computer by the server computer.

4. The method according to claim 1, further comprising step of sending a second information packet from the server computer to the client computer over the computer network, the second information packet containing data that is used for forming the virtual private connection, the data that is used for forming the virtual private connection being inserted into a payload portion of the second information packet by the kernel layer of the operating system on the server computer.

5. The method according to claim 1, wherein the information packet is a UDP protocol information packet.

6. The method according to claim 1, wherein the information packet is one of a TCP/IP protocol information packet and an ICMP protocol information packet.

7. The method according to claim 1, wherein the data that is used for forming the virtual private connection includes one or more data values that vary according to a pseudo-random sequence.

8. The method according to claim 1, wherein the data that is used for forming the virtual private connection is based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses in packets transmitted between the client computer and the server computer.

9. The method according to claim 1, wherein the data that is used for forming the virtual private connection is based on comparing a value in each data packet transmitted between the client computer and the server computer to a moving window of valid values.

10. The method according to claim 1, wherein the data that is used for forming the virtual private connection is based on a comparison of a discriminator field in a header of each data packet to a table of valid discriminator fields maintained for the client computer.

11. The method according to claim 1, wherein the computer network includes the Internet.

12. A computer-readable storage medium, comprising: a storage area; and computer-readable instructions for a method for communicating using a private communication link between a client computer and a server computer over a computer network, the method comprising steps of: sending an information packet from the client computer to the server computer over the computer network, the information packet containing data that is used for forming a virtual private connection between the client computer and the server computer, the data that is used for forming the virtual private connection being inserted into a payload portion of the information packet at the client computer by an application layer program; receiving the information packet at a kernel layer of an operating system on the server computer; and determining at the kernel layer of the operating system on the server computer whether the information packet contains the data that is used for forming the virtual private connection.

13. The computer-readable medium according to claim 12, further comprising a step of passing the information packet through a firewall before sending the information packet over the computer network.

14. The computer-readable medium according to claim 12, wherein the data used for forming the virtual private connection corresponds to a predetermined level of service provided to the client computer by the server computer.

15. The computer-readable medium according to claim 12, further comprising step of sending a second information packet from the server computer to the client computer over the computer network, the second information packet containing data that is used for forming the virtual private connection, the data that is used for forming the virtual private connection being inserted into a payload portion of the second information packet by the kernel layer of the operating system on the server computer.

16. The computer-readable medium according to claim 12, wherein the information packet is a UDP protocol information packet.

17. The computer-readable medium according to claim 12, wherein the information packet is one of a TCP/IP protocol information packet and an ICMP protocol information packet.

18. The computer-readable medium according to claim 12, wherein the data that is used for forming the virtual private connection includes one or more data values that vary according to a pseudo-random sequence.

19. The computer-readable according to claim 12, wherein the data that is used for forming the virtual private connection is based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses in packets transmitted between the client computer and the server computer.

20. The computer-readable medium according to claim 12, wherein the data that is used for forming the virtual private connection is based on comparing a value in each data packet transmitted between the client computer and the server computer to a moving window of valid values.

21. The computer-readable medium according to claim 12, wherein the data that is used for forming the virtual private connection is based on a comparison of a discriminator field in a header of each data packet to a table of valid discriminator fields maintained for the client computer.

22. The computer-readable medium according to claim 12, wherein the computer network includes the Internet.

23. A method for communicating using a private communication link between a client computer and a server computer over a computer network, the method comprising steps of: generating an information packet at the client computer, modifying the information packet at an application layer within the client computer by inserting data into a payload portion of the information packet that is used for forming a virtual private connection between the client computer and the server computer; and sending the modified information packet from the client computer to the server computer over the computer network.

24. The method according to claim 23, further comprising a step of passing the modified information packet through a firewall before sending the modified information packet over the computer network.

25. The method according to claim 23, wherein the data used for forming the virtual private connection corresponds to a predetermined level of service provided to the client computer by the server computer.

26. The method according to claim 23, further comprising steps of: receiving an information packet at the application layer in the client computer that is sent from the server computer over the computer network; and determining at the application layer of the client computer whether the information packet contains data that is used for forming the virtual private connection.

27. The method according to claim 23, wherein the modified information packet is a UDP protocol information packet.

28. The method according to claim 23, wherein the modified information packet is one of a TCP/IP protocol information packet and an ICMP protocol information packet.

29. The method according to claim 23, wherein the data that is used for forming the virtual private connection includes one or more data values that vary according to a pseudo-random sequence.

30. The method according to claim 23, wherein the data that is used for forming the virtual private connection is based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses in information packets transmitted between the client computer and the server computer.

31. The method according to claim 23, wherein the data that is used for forming the virtual private connection is based on comparing a value in each information packet transmitted between the client computer and the server computer to a moving window of valid values.

32. The method according to claim 23, wherein the data that is used for forming the virtual private connection is based on a comparison of a discriminator field in a header of each information packet to a table of valid discriminator fields maintained for the client computer.

33. The method according to claim 23, wherein the computer network includes the Internet.

34. A computer-readable storage medium, comprising: a storage area; and computer-readable instructions for a method for communicating using a private communication link between a client computer and a server computer over a computer network, the method comprising steps of: generating an information packet at the client computer, modifying the information packet at an application layer within the client computer by inserting data into a payload portion of the information packet that is used for forming a virtual private connection between the client computer and the server computer; and sending the modified information packet from the client computer to the server computer over the computer network.

35. The computer-readable medium according to claim 34, further comprising a step of passing the modified information packet through a firewall before sending the modified information packet over the computer network.

36. The computer-readable medium according to claim 34, wherein the data used for forming the virtual private connection corresponds to a predetermined level of service provided to the client computer by the server computer.

37. The computer-readable medium according to claim 34, further comprising steps of: receiving an information packet at the application layer in the client computer that is sent from the server computer over the computer network; and determining at the application layer of the client computer whether the information packet contains data that is used for forming the virtual private connection.

38. The computer-readable medium according to claim 34, wherein the modified information packet is a UDP protocol information packet.

39. The computer-readable medium according to claim 34, wherein the modified information packet is one of a TCP/IP protocol information packet and an ICMP protocol information packet.

40. The computer-readable medium according to claim 34, wherein the data that is used for forming the virtual private connection includes one or more data values that vary according to a pseudo-random sequence.

41. The computer-readable medium according to claim 34, wherein the data that is used for forming the virtual private connection is based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses in information packets transmitted between the client computer and the server computer.

42. The computer-readable medium according to claim 34, wherein the data that is used for forming the virtual private connection is based on comparing a value in each information packet transmitted between the client computer and the server computer to a moving window of valid values.

43. The computer-readable medium according to claim 34, wherein the data that is used for forming the virtual private connection is based on a comparison of a discriminator field in a header of each information packet to a table of valid discriminator fields maintained for the client computer.

44. The computer-readable medium according to claim 34, wherein the computer network includes the Internet.

45. A method for communicating using a private communication link between a server computer and a client computer over a computer network, the method comprising steps of: generating an information packet at the server computer, modifying the information packet at a kernel layer within an operating system of the server computer by inserting data into a payload portion of the information packet that is used for forming a virtual private connection between the server computer and the client computer; and sending the modified information packet from the server computer to an application layer in the client computer over the computer network.

46. The method according to claim 45, further comprising a step of passing the modified information packet through a firewall after the modified information packet is sent over the computer network before the modified information packet is received by the application layer at the client computer.

47. The method according to claim 45, wherein the data used for forming the virtual private connection corresponds to a predetermined level of service provided to the client computer by the server computer.

48. The method according to claim 45, wherein the modified information packet is a UDP protocol information packet.

49. The method according to claim 45, wherein the modified information packet is one of a TCP/IP protocol information packet and an ICMP protocol information packet.

50. The method according to claim 45, wherein the data that is used for forming the virtual private connection includes one or more data values that vary according to a pseudo-random sequence.

51. The method according to claim 45, wherein the data that is used for forming the virtual private connection is based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses in modified information packets transmitted between the server computer and the client computer.

52. The method according to claim 45, wherein the data that is used for forming the virtual private connection is based on comparing a value in each data modified information packet transmitted between the server computer and the client computer to a moving window of valid values.

53. The method according to claim 45, wherein the data that is used for forming the virtual private connection is based on a comparison of a discriminator field in a header of each modified information packet to a table of valid discriminator fields maintained for the server computer.

54. The method according to claim 45, wherein the computer network includes the Internet.

55. A computer-readable storage medium, comprising: a storage area; and computer-readable instructions for a method for communicating using a private communication link between a server computer and a client computer over a computer network, the method comprising steps of: generating an information packet at the server computer, modifying the information packet at a kernel layer within an operating system of the server computer by inserting data into a payload portion of the information packet that is used for forming a virtual private connection between the server computer and the client computer; and sending the modified information packet from the server computer to an application layer in the client computer over the computer network.

56. The computer-readable medium according to claim 55, further comprising a step of passing the modified information packet through a firewall after the modified information packet is sent over the computer network before the modified information packet is received by the application layer at the client computer.

57. The computer-readable medium according to claim 55, wherein the data used for forming the virtual private connection corresponds to a predetermined level of service provided to the client computer by the server computer.

58. The computer-readable medium according to claim 55, wherein the modified information packet is a UDP protocol information packet.

59. The computer-readable medium according to claim 55, wherein the modified information packet is one of a TCP/IP protocol information packet and an ICMP protocol information packet.

60. The computer-readable medium according to claim 55, wherein the data that is used for forming the virtual private connection includes one or more data values that vary according to a pseudo-random sequence.

61. The computer-readable medium according to claim 55, wherein the data that is used for forming the virtual private connection is based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses in modified information packets transmitted between the server computer and the client computer.

62. The computer-readable medium according to claim 55, wherein the data that is used for forming the virtual private connection is based on comparing a value in each data modified information packet transmitted between the server computer and the client computer to a moving window of valid values.

63. The computer-readable medium according to claim 55, wherein the data that is used for forming the virtual private connection is based on a comparison of a discriminator field in a header of each modified information packet to a table of valid discriminator fields maintained for the server computer.

64. The computer-readable medium according to claim 55, wherein the computer network includes the Internet.

Description

BACKGROUND OF THE INVENTION

A tremendous variety of methods have been proposed and implemented to provide security and anonymity for communications over the Internet. The variety stems, in part, from the different needs of different Internet users. A basic heuristic framework to aid in discussing these different security techniques is illustrated in FIG. 1. Two terminals, an originating terminal 100 and a destination terminal 110 are in communication over the Internet. It is desired for the communications to be secure, that is, immune to eavesdropping. For example, terminal 100 may transmit secret information to terminal 110 over the Internet 107. Also, it may be desired to prevent an eavesdropper from discovering that terminal 100 is in communication with terminal 110. For example, if terminal 100 is a user and terminal 110 hosts a web site, terminal 100's user may not want anyone in the intervening networks to know what web sites he is "visiting." Anonymity would thus be an issue, for example, for companies that want to keep their market research interests private and thus would prefer to prevent outsiders from knowing which web-sites or other Internet resources they are "visiting." These two security issues may be called data security and anonymity, respectively.

Data security is usually tackled using some form of data encryption. An encryption key 48 is known at both the originating and terminating terminals 100 and 110. The keys may be private and public at the originating and destination terminals 100 and 110, respectively or they may be symmetrical keys (the same key is used by both parties to encrypt and decrypt). Many encryption methods are known and usable in this context.

To hide traffic from a local administrator or ISP, a user can employ a local proxy server in communicating over an encrypted channel with an outside proxy such that the local administrator or ISP only sees the encrypted traffic. Proxy servers prevent destination servers from determining the identities of the originating clients. This system employs an intermediate server interposed between client and destination server. The destination server sees only the Internet Protocol (IP) address of the proxy server and not the originating client. The target server only sees the address of the outside proxy. This scheme relies on a trusted outside proxy server. Also, proxy schemes are vulnerable to traffic analysis methods of determining identities of transmitters and receivers. Another important limitation of proxy servers is that the server knows the identities of both calling and called parties. In many instances, an originating terminal, such as terminal A, would prefer to keep its identity concealed from the proxy, for example, if the proxy server is provided by an Internet service provider (ISP).

To defeat traffic analysis, a scheme called Chaum's mixes employs a proxy server that transmits and receives fixed length messages, including dummy messages. Multiple originating terminals are connected through a mix (a server) to multiple target servers. It is difficult to tell which of the originating terminals are communicating to which of the connected target servers, and the dummy messages confuse eavesdroppers' efforts to detect communicating pairs by analyzing traffic. A drawback is that there is a risk that the mix server could be compromised. One way to deal with this risk is to spread the trust among multiple mixes. If one mix is compromised, the identities of the originating and target terminals may remain concealed. This strategy requires a number of alternative mixes so that the intermediate servers interposed between the originating and target terminals are not determinable except by compromising more than one mix. The strategy wraps the message with multiple layers of encrypted addresses. The first mix in a sequence can decrypt only the outer layer of the message to reveal the next destination mix in sequence. The second mix can decrypt the message to reveal the next mix and so on. The target server receives the message and, optionally, a multi-layer encrypted payload containing return information to send data back in the same fashion. The only way to defeat such a mix scheme is to collude among mixes. If the packets are all fixed-length and intermixed with dummy packets, there is no way to do any kind of traffic analysis.

Still another anonymity technique, called `crowds,` protects the identity of the originating terminal from the intermediate proxies by providing that originating terminals belong to groups of proxies called crowds. The crowd proxies are interposed between originating and target terminals. Each proxy through which the message is sent is randomly chosen by an upstream proxy. Each intermediate proxy can send the message either to another randomly chosen proxy in the "crowd" or to the destination. Thus, even crowd members cannot determine if a preceding proxy is the originator of the message or if it was simply passed from another proxy.

ZKS (Zero-Knowledge Systems) Anonymous IP Protocol allows users to select up to any of five different pseudonyms, while desktop software encrypts outgoing traffic and wraps it in User Datagram Protocol (UDP) packets. The first server in a 2+-hop system gets the UDP packets, strips off one layer of encryption to add another, then sends the traffic to the next server, which strips off yet another layer of encryption and adds a new one. The user is permitted to control the number of hops. At the final server, traffic is decrypted with an untraceable IP address. The technique is called onion-routing. This method can be defeated using traffic analysis. For a simple example, bursts of packets from a user during low-duty periods can reveal the identities of sender and receiver.

Firewalls attempt to protect LANs from unauthorized access and hostile exploitation or damage to computers connected to the LAN. Firewalls provide a server through which all access to the LAN must pass. Firewalls are centralized systems that require administrative overhead to maintain. They can be compromised by virtual-machine applications ("applets"). They instill a false sense of security that leads to security breaches for example by users sending sensitive information to servers outside the firewall or encouraging use of modems to sidestep the firewall security. Firewalls are not useful for distributed systems such as business travelers, extranets, small teams, etc.

SUMMARY OF THE INVENTION

A secure mechanism for communicating over the internet, including a protocol referred to as the Tunneled Agile Routing Protocol (TARP), uses a unique two-layer encryption format and special TARP routers. TARP routers are similar in function to regular IP routers. Each TARP router has one or more IP addresses and uses normal IP protocol to send IP packet messages ("packets" or "datagrams"). The IP packets exchanged between TARP terminals via TARP routers are actually encrypted packets whose true destination address is concealed except to TARP routers and servers. The normal or "clear" or "outside" IP header attached to TARP IP packets contains only the address of a next hop router or destination server. That is, instead of indicating a final destination in the destination field of the IP header, the TARP packet's IP header always points to a next-hop in a series of TARP router hops, or to the final destination. This means there is no overt indication from an intercepted TARP packet of the true destination of the TARP packet since the destination could always be next-hop TARP router as well as the final destination.

Each TARP packet's true destination is concealed behind a layer of encryption generated using a link key. The link key is the encryption key used for encrypted communication between the hops intervening between an originating TARP terminal and a destination TARP terminal. Each TARP router can remove the outer layer of encryption to reveal the destination router for each TARP packet. To identify the link key needed to decrypt the outer layer of encryption of a TARP packet, a receiving TARP or routing terminal may identify the transmitting terminal by the sender/receiver IP numbers in the cleartext IP header.

Once the outer layer of encryption is removed, the TARP router determines the final destination. Each TARP packet 140 undergoes a minimum number of hops to help foil traffic analysis. The hops may be chosen at random or by a fixed value. As a result, each TARP packet may make random trips among a number of geographically disparate routers before reaching its destination. Each trip is highly likely to be different for each packet composing a given message because each trip is independently randomly determined. This feature is called agile routing. The fact that different packets take different routes provides distinct advantages by making it difficult for an interloper to obtain all the packets forming an entire multi-packet message. The associated advantages have to do with the inner layer of encryption discussed below. Agile routing is combined with another feature that furthers this purpose; a feature that ensures that any message is broken into multiple packets.

The IP address of a TARP router can be changed, a feature called IP agility. Each TARP router, independently or under direction from another TARP terminal or router, can change its IP address. A separate, unchangeable identifier or address is also defined. This address, called the TARP address, is known only to TARP routers and terminals and may be correlated at any time by a TARP router or a TARP terminal using a Lookup Table (LUT). When a TARP router or terminal changes its IP address, it updates the other TARP routers and terminals which in turn update their respective LUTs.

The message payload is hidden behind an inner layer of encryption in the TARP packet that can only be unlocked using a session key. The session key is not available to any of the intervening TARP routers. The session key is used to decrypt the payloads of the TARP packets permitting the data stream to be reconstructed.

Communication may be made private using link and session keys, which in turn may be shared and used according to any desired method. For example, public/private keys or symmetric keys may be used.

To transmit a data stream, a TARP originating terminal constructs a series of TARP packets from a series of IP packets generated by a network (IP) layer process. (Note that the terms "network layer," "data link layer," "application layer," etc. used in this specification correspond to the Open Systems Interconnection (OSI) network terminology.) The payloads of these packets are assembled into a block and chain-block encrypted using the session key. This assumes, of course, that all the IP packets are destined for the same TARP terminal. The block is then interleaved and the interleaved encrypted block is broken into a series of payloads, one for each TARP packet to be generated. Special TARP headers IP.sub.T are then added to each payload using the IP headers from the data stream packets. The TARP headers can be identical to normal IP headers or customized in some way. They should contain a formula or data for deinterleaving the data at the destination TARP terminal, a time-to-live (TTL) parameter to indicate the number of hops still to be executed, a data type identifier which indicates whether the payload contains, for example, TCP or UDP data, the sender's TARP address, the destination TARP address, and an indicator as to whether the packet contains real or decoy data or a formula for filtering out decoy data if decoy data is spread in some way through the TARP payload data.

Note that although chain-block encryption is discussed here with reference to the session key, any encryption method may be used. Preferably, as in chain block encryption, a method should be used that makes unauthorized decryption difficult without an entire result of the encryption process. Thus, by separating the encrypted block among multiple packets and making it difficult for an interloper to obtain access to all of such packets, the contents of the communications are provided an extra layer of security.

Decoy or dummy data can be added to a stream to help foil traffic analysis by reducing the peak-to-average network load. It may be desirable to provide the TARP process with an ability to respond to the time of day or other criteria to generate more decoy data during low traffic periods so that communication bursts at one point in the Internet cannot be tied to communication bursts at another point to reveal the communicating endpoints.

Dummy data also helps to break the data into a larger number of inconspicuously-sized packets permitting the interleave window size to be increased while maintaining a reasonable size for each packet. (The packet size can be a single standard size or selected from a fixed range of sizes.) One primary reason for desiring for each message to be broken into multiple packets is apparent if a chain block encryption scheme is used to form the first encryption layer prior to interleaving. A single block encryption may be applied to portion, or entirety, of a message, and that portion or entirety then interleaved into a number of separate packets. Considering the agile IP routing of the packets, and the attendant difficulty of reconstructing an entire sequence of packets to form a single block-encrypted message element, decoy packets can significantly increase the difficulty of reconstructing an entire data stream.

The above scheme may be implemented entirely by processes operating between the data link layer and the network layer of each server or terminal participating in the TARP system. Because the encryption system described above is insertable between the data link and network layers, the processes involved in supporting the encrypted communication may be completely transparent to processes at the IP (network) layer and above. The TARP processes may also be completely transparent to the data link layer processes as well. Thus, no operations at or above the Network layer, or at or below the data link layer, are affected by the insertion of the TARP stack. This provides additional security to all processes at or above the network layer, since the difficulty of unauthorized penetration of the network layer (by, for example, a hacker) is increased substantially. Even newly developed servers running at the session layer leave all processes below the session layer vulnerable to attack. Note that in this architecture, security is distributed. That is, notebook computers used by executives on the road, for example, can communicate over the Internet without any compromise in security.

IP address changes made by TARP terminals and routers can be done at regular intervals, at random intervals, or upon detection of "attacks." The variation of IP addresses hinders traffic analysis that might reveal which computers are communicating, and also provides a degree of immunity from attack. The level of immunity from attack is roughly proportional to the rate at which the IP address of the host is changing.

As mentioned, IP addresses may be changed in response to attacks. An attack may be revealed, for example, by a regular series of messages indicating that a router is being probed in some way. Upon detection of an attack, the TARP layer process may respond to this event by changing its IP address. In addition, it may create a subprocess that maintains the original IP address and continues interacting with the attacker in some manner.

Decoy packets may be generated by each TARP terminal on some basis determined by an algorithm. For example, the algorithm may be a random one which calls for the generation of a packet on a random basis when the terminal is idle. Alternatively, the algorithm may be responsive to time of day or detection of low traffic to generate more decoy packets during low traffic times. Note that packets are preferably generated in groups, rather than one by one, the groups being sized to simulate real messages. In addition, so that decoy packets may be inserted in normal TARP message streams, the background loop may have a latch that makes it more likely to insert decoy packets when a message stream is being received. Alternatively, if a large number of decoy packets is received along with regular TARP packets, the algorithm may increase the rate of dropping of decoy packets rather than forwarding them. The result of dropping and generating decoy packets in this way is to make the apparent incoming message size different from the apparent outgoing message size to help foil traffic analysis.

In various other embodiments of the invention, a scalable version of the system may be constructed in which a plurality of IP addresses are preassigned to each pair of communicating nodes in the network. Each pair of nodes agrees upon an algorithm for "hopping" between IP addresses (both sending and receiving), such that an eavesdropper sees apparently continuously random IP address pairs (source and destination) for packets transmitted between the pair. Overlapping or "reusable" IP addresses may be allocated to different users on the same subnet, since each node merely verifies that a particular packet includes a valid source/destination pair from the agreed-upon algorithm. Source/destination pairs are preferably not reused between any two nodes during any given end-to-end session, though limited IP block sizes or lengthy sessions might require it.

Further improvements described in this continuation-in-part application include: (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities

The present invention provides key technologies for implementing a secure virtual Internet by using a new agile network protocol that is built on top of the existing Internet protocol (IP). The secure virtual Internet works over the existing Internet infrastructure, and interfaces with client applications the same way as the existing Internet. The key technologies provided by the present invention that support the secure virtual Internet include a "one-click" and "no-click" technique to become part of the secure virtual Internet, a secure domain name service (SDNS) for the secure virtual Internet, and a new approach for interfacing specific client applications onto the secure virtual Internet. According to the invention, the secure domain name service interfaces with existing applications, in addition to providing a way to register and serve domain names and addresses.

According to one aspect of the present invention, a user can conveniently establish a VPN using a "one-click" or a "no-click" technique without being required to enter user identification information, a password and/or an encryption key for establishing a VPN. The advantages of the present invention are provided by a method for establishing a secure communication link between a first computer and a second computer over a computer network, such as the Internet. In one embodiment, a secure communication mode is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication, preferably by merely selecting an icon displayed on the first computer. Alternatively, the secure communication mode of communication can be enabled by entering a command into the first computer. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. According to the invention, it is determined whether a secure communication software module is stored on the first computer in response to the step of enabling the secure communication mode of communication. A predetermined computer network address is then accessed for loading the secure communication software module when the software module is not stored on the first computer. Subsequently, the proxy software module is stored in the first computer. The secure communication link is a virtual private network communication link over the computer network. Preferably, the virtual private network can be based on inserting into each data packet one or more data values that vary according to a pseudo-random sequence. Alternatively, the virtual private network can be based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses or other data values in packets transmitted between the first computer and the second computer, such that the second computer compares the data values in each data packet transmitted between the first computer and the second computer to a moving window of valid values. Yet another alternative provides that the virtual private network can be based on a comparison between a discriminator field in each data packet to a table of valid discriminator fields maintained for the first computer.

According to another aspect of the invention, a command is entered to define a setup parameter associated with the secure communication link mode of communication. Consequently, the secure communication mode is automatically established when a communication link is established over the computer network.

The present invention also provides a computer system having a communication link to a computer network, and a display showing a hyperlink for establishing a virtual private network through the computer network. When the hyperlink for establishing the virtual private network is selected, a virtual private network is established over the computer network. A non-standard top-level domain name is then sent over the virtual private network communication to a predetermined computer network address, such as a computer network address for a secure domain name service (SDNS).

The present invention provides a domain name service that provides secure computer network addresses for secure, non-standard top-level domain names. The advantages of the present invention are provided by a secure domain name service for a computer network that includes a portal connected to a computer network, such as the Internet, and a domain name database connected to the computer network through the portal. According to the invention, the portal authenticates a query for a secure computer network address, and the domain name database stores secure computer network addresses for the computer network. Each secure computer network address is based on a non-standard top-level domain name, such as .scom, .sorg, .snet, .snet, .sedu, .smil and .sint.

The present invention provides a way to encapsulate existing application network traffic at the application layer of a client computer so that the client application can securely communicate with a server protected by an agile network protocol. The advantages of the present invention are provided by a method for communicating using a private communication link between a client computer and a server computer over a computer network, such as the Internet. According to the invention, an information packet is sent from the client computer to the server computer over the computer network. The information packet contains data that is inserted into the payload portion of the packet at the application layer of the client computer and is used for forming a virtual private connection between the client computer and the server computer. The modified information packet can be sent through a firewall before being sent over the computer network to the server computer and by working on top of existing protocols (i.e., UDP, ICMP and TCP), the present invention more easily penetrates the firewall. The information packet is received at a kernel layer of an operating system on the server side. It is then determined at the kernel layer of the operating system on the host computer whether the information packet contains the data that is used for forming the virtual private connection. The server side replies by sending an information packet to the client computer that has been modified at the kernel layer to containing virtual private connection information in the payload portion of the reply information packet. Preferably, the information packet from the client computer and the reply information packet from the server side are each a UDP protocol information packet. Alternative, both information packets could be a TCP/IP protocol information packet, or an ICMP protocol information packet.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an illustration of secure communications over the Internet according to a prior art embodiment.

FIG. 2 is an illustration of secure communications over the Internet according to a an embodiment of the invention.

FIG. 3a is an illustration of a process of forming a tunneled IP packet according to an embodiment of the invention.

FIG. 3b is an illustration of a process of forming a tunneled IP packet according to another embodiment of the invention.

FIG. 4 is an illustration of an OSI layer location of processes that may be used to implement the invention.

FIG. 5 is a flow chart illustrating a process for routing a tunneled packet according to an embodiment of the invention.

FIG. 6 is a flow chart illustrating a process for forming a tunneled packet according to an embodiment of the invention.

FIG. 7 is a flow chart illustrating a process for receiving a tunneled packet according to an embodiment of the invention.

FIG. 8 shows how a secure session is established and synchronized between a client and a TARP router.

FIG. 9 shows an IP address hopping scheme between a client computer and TARP router using transmit and receive tables in each computer.

FIG. 10 shows physical link redundancy among three Internet Service Providers (ISPs) and a client computer.

FIG. 11 shows how multiple IP packets can be embedded into a single "frame" such as an Ethernet frame, and further shows the use of a discriminator field to camouflage true packet recipients.

FIG. 12A shows a system that employs hopped hardware addresses, hopped IP addresses, and hopped discriminator fields.

FIG. 12B shows several different approaches for hopping hardware addresses, IP addresses, and discriminator fields in combination.

FIG. 13 shows a technique for automatic