Secure dynamic communication network and protocol
09998434 ยท 2018-06-12
Assignee
Inventors
Cpc classification
H04L9/34
ELECTRICITY
H04L63/0464
ELECTRICITY
G06F21/606
PHYSICS
International classification
H04L9/34
ELECTRICITY
Abstract
In a secure cloud for transmitting packets of digital data, the packets may be repeatedly scrambled (i.e., their data segments reordered) and then unscrambled, split and then mixed, and/or encrypted and then decrypted as they pass through media nodes in the cloud. The methods used to scramble, split, mix and encrypt the packets may be varied in accordance with a state such as time, thereby making the task of a hacker virtually impossible inasmuch as he or she may be viewing only a fragment of a packet and the methods used to disguise the data are constantly changing.
Claims
1. A method of transmitting packets containing digital data through a cloud, the cloud comprising a network of media nodes, said media nodes being hosted on servers, each of the media nodes receiving packets from other media nodes in the cloud and transmitting packets to other media nodes in the cloud, each of the packets comprising a plurality of data segments, the method comprising: scrambling a packet by changing an order of the data segments in the packet in a first media node in accordance with a first scrambling algorithm; transmitting the packet to a second media node; unscrambling the packet in the second media node so as to recreate the order of the data segments in said packet prior to said scrambling in said first media node; after said unscrambling in said second media node, scrambling the packet in said second media node in accordance with a second scrambling algorithm; and transmitting said packet to a third media node, said second scrambling algorithm being different from said first scrambling algorithm such that the order of the data segments in the packet when the packet arrives at the third media node is different from the order of the data segments in the packet when the packet arrived at the second media node.
2. The method of claim 1 wherein said cloud comprises a plurality of gateway media nodes, each of said gateway media nodes being a media node connected to a client device via a last mile connection, and wherein at least one of said first and second media nodes is not a gateway media node.
3. The method of claim 2 wherein said first scrambling algorithm is determined by a value of a state.
4. The method of claim 3 wherein said value of said state is determined by a time at which said packet is scrambled in said first media node.
5. The method of claim 3 wherein said value of said state is determined by a zone in which said first media node is located.
6. The method of claim 3 wherein a first DMZ server is associated with said first media node and a second DMZ server is associated with said second media node, each of said first and second DMZ servers being isolated such that neither of said first and second media nodes is able to access files stored on either of said first and second DMZ servers, the method further comprising transmitting data representing a first value of said state from said first media node to said second DMZ server.
7. The method of claim 6 further comprising providing said second DMZ server with a selector, said selector containing a list of scrambling algorithms stored in a computer memory.
8. The method of claim 7 wherein said second DMZ server uses said data representing said first value of said state to select said first scrambling algorithm from said list of scrambling algorithms in said selector.
9. The method of claim 8 further comprising transmitting said first scrambling algorithm selected by said second DMZ server to said second media node, said second media node using said first scrambling algorithm to unscramble said packet.
10. The method of claim 7 wherein said data representing said value of said state comprises a seed, said seed containing a disguised representation of said value of said state.
11. The method of claim 7 wherein said second DMZ server comprises a hidden number generator, said hidden number generator using a hidden number algorithm to calculate a hidden number from said data representing said value of said state, said hidden number being used to select said first scrambling algorithm in said selector in said second DMZ server.
12. The method of claim 7 wherein said first DMZ server uses said first value of said state to select said first scrambling algorithm from a selector within said first DMZ server and transmits said first scrambling algorithm to first media node, thereby enabling said first media node to scramble said packet.
13. The method of claim 7 wherein said second DMZ server uses a second value of said state to select said second scrambling algorithm from said list of scrambling algorithms in said selector in said second DMZ server and transmits said second scrambling algorithm to said second media node, thereby enabling said second media node to scramble said packet.
14. A method of transmitting a packet containing digital data across a network, the network comprising: a plurality of media nodes, the media nodes being hosted on respective servers, each of the media nodes receiving packets from other media nodes in the network and transmitting packets to other media nodes in the network, each of the packets comprising a plurality of data segments, said packet passing through a first media node, a second media node, and one or more intermediate media nodes between said first media node and said second media node; the method comprising: scrambling said packet in said first media node; rescrambling said packet in at least some of said intermediate nodes, said rescrambling comprising unscrambling and then scrambling said packet; and unscrambling said packet in said second media node after said packet has been received by said second media node, wherein a scrambling algorithm used to scramble said packet in each of said media nodes in which said packet is scrambled is different from a scrambling algorithm used to scramble said packet in every other media node in which said packet is scrambled.
15. The method of claim 14 comprising rescrambling said packet in each of said intermediate media nodes.
16. The method of claim 14 wherein a scrambling algorithm used to scramble said packet in each of said media nodes in which said packet is scrambled is determined by a time at which said scrambling occurs.
17. A method of transmitting packets containing digital data through a cloud, the cloud comprising a network of media nodes, said media nodes comprising a plurality of gateway media nodes, each of said gateway media nodes being connected to a client device via a last mile connection, said media nodes being hosted on servers, each of the media nodes receiving packets from other media nodes in the cloud and transmitting packets to other media nodes in the cloud, each of the packets comprising a plurality of data segments, the method comprising: encrypting data in a packet in a first media node in accordance with a first encryption method, said first encryption method being determined by a value of a state; transmitting the packet to a second media node; and after the packet has been received by the second media node, decrypting the encrypted data in the packet in the second media node so as to recreate said packet prior to said encrypting in said first media node, wherein at least one of said first and second media nodes is not a gateway media node.
18. The method of claim 17 further comprising, after said decrypting in said second media node, encrypting data in the packet in said second media node.
19. The method of claim 17 wherein encrypting data in a packet in a first media node in accordance with a first encryption method comprises using an encryption algorithm and an encryption key.
20. The method of claim 18 wherein said encrypting in said first media node is performed in accordance with a first encryption method and said encrypting in said second media node is performed in accordance with a second encryption method, said second encryption method being different from said first encryption method.
21. The method of claim 20 wherein said value of said state is determined by a time at which said packet is encrypted in said first media node.
22. The method of claim 20 wherein said value of said state is determined by a zone in which said first media node is located.
23. The method of claim 20 wherein a first DMZ server is associated with said first media node and a second DMZ server is associated with said second media node, each of said first and second DMZ servers being isolated such that neither of said first and second media nodes is able to access files stored on either of said first and second DMZ servers, the method further comprising transmitting data representing a first value of said state from said first media node to said second DMZ server.
24. The method of claim 23 further comprising providing said second DMZ server with a selector, said selector containing a list of encryption methods stored in a computer memory.
25. The method of claim 24 wherein said second DMZ server uses said data representing said first value of said state to select said first encryption method from said list of encryption methods in said selector.
26. The method of claim 25 further comprising transmitting said first encryption method selected by said second DMZ server to said second media node, said second media node using said first encryption method to decrypt said encrypted data in said packet.
27. The method of claim 24 wherein said data representing said value of said state comprises a seed, said seed containing a disguised representation of said value of said state.
28. The method of claim 24 wherein said second DMZ server comprises a hidden number generator, said hidden number generator using a hidden number algorithm to calculate a hidden number from said data representing said value of said state, said hidden number being used to select said first encryption method in said selector in said second DMZ server.
29. The method of claim 24 wherein said first DMZ server uses said first value of said state to select said first encryption method from a selector within said first DMZ server and transmits said first encryption method to first media node, thereby enabling said first media node to encrypt data in said packet.
30. The method of claim 24 wherein said second DMZ server uses a second value of said state to select said second encryption method from said list of encryption methods in said selector in said second DMZ server and transmits said second encryption method to said second media node, thereby enabling said second media node to encrypt said packet using said second encryption method.
31. A method of transmitting a packet containing digital data across a network of media nodes, the media nodes being hosted on respective servers, each of the media nodes receiving packets from other media nodes in the network and transmitting packets to other media nodes in the network, each of the packets comprising a plurality of data segments, said packet passing through a first media node, a second media node, and one or more intermediate media nodes between said first media node and said second media node, the method comprising: encrypting data in said packet in said first media node; re-encrypting said packet in at least some of said intermediate media nodes, said re-encrypting comprising decrypting data in said packet and then encrypting data in said packet; and decrypting data in said packet in said second media node, wherein an encryption method used to encrypt data in said packet in each of said media nodes in which data in said packet is encrypted is different from an encryption method used in encrypting data in said packet in every other media node in which data in said packet is encrypted.
32. The method of claim 31 comprising re-encrypting said packet in each of said intermediate media nodes.
33. The method of claim 31 wherein an encryption method used to encrypt data in said packet in each of said media nodes in which data in said packet is encrypted is determined by a time at which said encryption occurs.
34. The method of claim 31 wherein an encryption method used to encrypt data in said packet in each of said media nodes in which data in said packet is encrypted comprises using an encryption algorithm and an encryption key.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) In the drawings listed below, components that are generally similar are given like reference numerals. It is noted, however, that not every component to which a given reference number is assigned is necessarily identical to another component having the same reference number. For example, an encryption operation having a particular reference number is not necessarily identical to another encryption operation with the same reference number. Furthermore, groups of components. e.g., servers in a network that are identified collectively by a single reference number are not necessarily identical to each other.
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)
(13)
(14)
(15)
(16)
(17)
(18)
(19)
(20)
(21)
(22)
(23)
(24)
(25)
(26)
(27)
(28)
(29)
(30)
(31)
(32)
(33)
(34)
(35)
(36)
(37)
(38)
(39)
(40)
(41)
(42)
(43)
(44)
(45)
(46)
(47)
(48)
(49)
(50)
(51)
(52)
(53)
(54)
(55)
(56)
(57)
(58)
(59)
(60)
(61)
(62)
(63)
(64)
(65)
(66)
(67)
(68)
(69)
(70)
(71)
(72)
(73)
(74)
(75)
(76)
(77)
(78)
(79)
(80)
(81)
(82)
(83)
(84)
(85)
(86)
(87)
(88)
(89)
(90)
(91)
(92)
(93)
(94)
(95)
(96)
(97)
(98)
(99)
(100)
(101)
(102)
(103)
(104)
(105)
(106)
(107)
(108)
(109)
(110)
(111)
(112)
(113)
(114)
(115)
(116)
(117)
(118)
(119)
(120)
(121)
(122)
(123)
(124)
(125)
(126)
(127)
(128)
(129)
(130)
(131)
(132)
(133)
(134)
(135)
(136)
(137)
(138)
(139)
(140)
(141)
(142)
(143)
(144)
(145)
(146)
(147)
(148)
(149)
(150)
(151)
(152)
(153)
(154)
(155)
(156)
(157)
(158)
(159)
(160)
(161)
(162)
(163)
(164)
(165)
(166)
(167)
(168)
(169)
(170)
(171)
(172)
(173)
(174)
(175)
(176)
(177)
(178)
(179)
(180)
(181)
(182)
(183)
(184)
(185)
(186)
(187)
(188)
(189)
(190)
(191)
(192)
(193)
(194)
(195)
(196)
(197)
(198)
(199)
(200)
(201)
(202)
(203)
(204)
(205)
(206)
(207)
(208)
(209)
(210)
(211)
(212)
(213)
(214)
(215)
(216)
(217)
(218)
(219)
(220)
(221)
(222)
(223)
(224)
(225)
(226)
(227)
(228)
(229)
(230)
(231)
(232)
(233)
(234)
(235)
(236)
(237)
(238)
(239)
(240)
(241)
(242)
(243)
(244)
(245)
(246)
(247)
(248)
(249)
(250)
(251)
(252)
(253)
(254)
(255)
(256)
(257)
(258)
(259)
(260)
(261)
(262)
(263)
(264)
(265)
(266)
(267)
(268)
(269)
(270)
(271)
(272)
DESCRIPTION OF THE INVENTION
(273) After nearly one-and-a-half centuries of circuit-switched telephony, today's communication systems and networks have within only a decade all migrated to packet-switched communication using the Internet Protocol carried by Ethernet, WiFi, 4G/LTE, and DOCSIS3 data over cable and optical fiber. The benefits of commingling voice, text, pictures, video, and data are many, including the use of redundant paths to insure reliable IP packet delivery, i.e. the reason the Internet was created in the first place, along with an unparalleled level of system interoperability and connectivity across the globe. With any innovation, however, the magnitude of challenges new technology creates often match the benefits derived.
(274) Disadvantages of Existing Communication Providers
(275) As detailed throughout the background section of this disclosure, present-day communication suffers from many disadvantages. The highest performance communication systems today, comprising custom digital hardware owned by the world's major long-distance carriers such as AT&T, Verizon, NTT, Vodaphone, etc., generally offer superior voice quality but at a high cost including expensive monthly subscription fees, connection fees, long-distance fees, complex data rate plans, long-distance roaming charges, and numerous service fees. Because these networks are private, the actual data security is not publically known, and security infractions, hacks, and break-ins are generally not reported to the public. Given the number of wire taps and privacy invasions reported in the press today, private carrier communication security remains suspect, if not in their private cloud, in the very least in their last-mile connections.
(276) Internet service providers or ISPs form another link in the global chain of communications. As described in the background of this invention, voice carried over the Internet using VoIP, or voice over Internet protocol suffers from numerous quality-of-service or QoS problems, including The Internet, a packet-switched network, is not designed to deliver IP packets in a timely manner or to support real-time applications with low latency and high QoS The routing of an IP packet takes an unpredictable path resulting in constantly changing delays, bursts of high data-error rates, and unexpected dropped calls IP packet routing is made at the discretion of the Internet service provider, which controls the network within which the packet is routed and may adjust routing for balancing its own network's loading or to better serve its VIP clients at the expense at degrading connection quality of general traffic traversing its network. Over-the-top or OTT providers such as Line, KakaoTalk, Viber, etc. catching a free ride on the Internet act as Internet hitchhikers and have no control over the network or factors affecting QoS. Using heavyweight audio CODECs that fail to provide comprehendible voice quality audio even at moderate data rates VoIP based on the TCP transport protocol suffers from high latency and degraded audio caused by delays induced during handshaking and IP packet rebroadcasting. Unaided UDP transport provides no guarantee of payload integrity.
(277) Aside from QoS issues, the security of today's devices and networks is abysmal, representing a level totally unacceptable to support the future needs of global communication. As detailed in the background and shown previously in
(278) Reiterating a key point, the fundamentally intrinsic weakness of packet-switched communication networks using Internet Protocol shown in
(279) Encryption
(280) To defend against the diverse range of cyber-assaults as described, present day network managers, IT professionals, and application programs primarily rely on a single defenseencryption. Encryption is a means by which to convert recognizable content also known as plaintext, whether readable text, executable programs, viewable videos and pictures, or intelligible audio, into an alternate file type known as ciphertext, that appears as a string of meaningless textual characters.
(281) The encryption process, converting an unprotected file into an encrypted file, involves using a logical or mathematical algorithm, called a cypher, to change the data into equivalent textual elements without revealing any apparent pattern of the encryption's conversion process. The encrypted file is then sent across the communication network or medium until received by the destination device. Upon receiving the file, the receiving device, using a process known as decryption, subsequently decodes the encoded message to reveal to original content. The study of encryption and decryption, known broadly as cryptography, blends elements of mathematics, including number theory, set theory and algorithm design, with computer science and electrical engineering.
(282) In simple single key or symmetric key encryption technologies, a single key word or phrase known a priori by both parties can be used to unlock the process for encrypting and decrypting a file. In World War II, for example, submarines and ocean ships communicated on open radio channels used encrypted messages. Initially, the encryptions were single-key-based. By analyzing the code pattern, Allied cryptologists were sometimes able to reveal the encryption key word or pattern and thereafter were able to read encrypted files without discovery. As encryption methods became more complex, breaking the code manually became more difficult.
(283) Code evolved into mechanical machine-based ciphers, an early form of computing. At the time, the only way to break the code was stealing a cypher machine and using the same tools to decipher a message as those encrypting the files. The challenge was how to steal a cypher machine without the theft being detected. If it were known that a code machine had been compromised, the enemy would simply change their code and update their cypher machines already in operation. This principle is practiced still todaythe most effective cyber-assault is one that goes undetected.
(284) With the advent of computing and the Cold War, encryption became more complex but the speed of computers used to crack encryption codes also improved. At each step in the development of secure communications, the technology and knowhow for encrypting information and the ability to crack the encryption code developed nearly at pace. The major next evolutionary step in encryption came in the 1970s with the innovation of dual-key encryption, a principle still in use today. One of the best-known dual key encryption methods is the RSA public key cryptosystem, named after its developers Rivest, Shamir, and Adleman. Despite published recognition for RSA, contemporaneous developers independently conceived of the same principle. RSA employs two cryptographic keys based on two large prime numbers kept secret from the public. One algorithm is used to convert these two prime numbers into an encryption key, herein referred to as an E-key, and a different mathematical algorithm is used to convert the same two secret prime numbers into a secret decryption key, herein referred to also as a D-key. The RSA-user who selected the secret prime numbers, herein referred to as the key publisher, distributes or publishes this algorithmically generated E-key comprising typically between 1024 b to 4096 b in size, to anyone wishing to encrypt a file. Because this key is possibly distributed to many parties in an unencrypted form, the E-key is known as a public key.
(285) Parties wishing to communicate with the key publisher then use this public E-key in conjunction with a publically available algorithm, typically offered in the form of commercial software, to encrypt any file to be sent to the particular key publisher. Upon receiving an encrypted file, the key publisher then uses their secret D-key to decrypt the file, returning it to plaintext. The unique feature of the dual-key method in general and RSA algorithm in particular is that the public E-key used to encrypt a file cannot be used for decryption. Only the secret D-key possessed by the key publisher has the capability of file decryption.
(286) The concept of a dual-key, split-key, or multi-key exchange in file encryption and decryption is not limited specifically to RSA or any one algorithmic method, but methodologically specifies a communication method as a sequence of steps.
(287) Using an agreed upon encryption algorithm or software package, cell phone 32 then processes plaintext file 697A using encryption algorithm 694A and encryption E-key 690 to produce an encrypted file, i.e. ciphertext 698, carried as the payload of IP packet 696 in secure communication 693 from cell phone 32 to notebook 35. Upon receiving IP packet 696, algorithm 694B decrypts the file using secret decryption key, i.e. D-key 691. Since D-key 691 is made consistent with E-key 690, in essence algorithm 694B employs knowledge of both keys to decrypt ciphertext 698 back into unencrypted plaintext 697B. While the payload of IP packet 696 is secured in the form of an encrypted file, i.e. ciphertext 698, the rest of the IP packet is still unencrypted, sniffable, and readable by any cyber pirate including the source IP address CP and port #20, and the destination IP address NB and associated port #9999. So even if the payload itself can't be opened, the communication can be monitored.
(288) Virtual Private Networks
(289) Another security method, also relying on encryption, is that of a virtual private network or VPN. In a VPN, a tunnel or secure pipe is formed in a network using encrypted IP packets. Rather than only encrypting the payload, in a VPN the entire IP packet is encrypted and then encapsulated into another unencrypted IP packet acting as a mule or carrier transmitting the encapsulated packet from one VPN gateway to another. Originally, VPNs were used to connect disparate local area networks together over a long distance, e.g. when companies operating private networks in New York. Los Angeles, and Tokyo wished to interconnect their various LANs with the same functionality as if they shared one global private network.
(290) The basic VPN concept is illustrated in
(291) To establish this transfer securely using a virtual private network, VPN tunnel 705 was created and the session initiated before the actual communication was sent. In corporate applications, the VPN tunnel 705 is not carried over the Internet on an ad hoc basis, but is generally carried by a dedicated ISP or carrier owning their own fiber and hardware network. This carrier oftentimes enters into an annual or long-term contractual agreement with the company requiring VPN services to guarantee a specific amount of bandwidth for a given cost. Ideally, the high-speed dedicated link connects directly to both server 700 and server 707 with no intermediate or last-mile connections to disturb the VPN's performance, QoS, or security.
(292) In operation, traditional VPNs require a two-step processone to create or login to the VPN, and a second step to transfer data within the secure pipe or tunnel. The concept of tunneling is illustrated hierarchically in
(293) In operation, outer IP packet from communication stack 720 once passed to server 707 is opened to reveal encapsulated data 726, the true message of the packet. In this way, the end-to-end communication occurs ignorant of the details used to create the VPN tunnel, except that the VPN tunnel must be formed in advance of any attempt to communicate and closed after the conversation is terminated. Failure to open the VPN tunnel first will result in the unencrypted transmission of IP packet 715 susceptible to IP packet sniffing, hijacking, infection and more. Failure to close the VPN after a conversation is complete, may provide a cybercriminal the opportunity to hide their illegal activity within someone else's VPN tunnel, and if intercepted, may result in possible criminal charges levied against an innocent person.
(294) While VPNs are common ways for multiple private local area networks to interconnect to one another using private connections with dedicated capacity and bandwidth, the use of VPNs over public Networks and the Internet is problematic for two party communications. One issue with VPNs is the VPN connection must be established a priori, before it can be used, not on a packet-by-packet basis. For example, as shown in exemplary
(295) Once the VPN connection is set up, then cell phone 730 in accordance with application related steps 745 places a call via any VoIP phone app. In this step, the application must establish a call out link over the last mile from VPN host 734 to cell phone 737. If the VoIP application is unable or unauthorized to do so, the call will fail and immediately terminate. Otherwise, the inner IP packet will establish an application Layer 5 session between calling cell phone 730 and destination cell phone 737 and confirm the IP test packets are properly decrypted and intelligible.
(296) To place a call in accordance with step 745, the call necessarily comes from a Layer 7 application running on the phone and not from the phone's normal dialup functions, because the telephonic carrier's SIM card in the phone is not compatible with the VPN tunnel. Once the call is initiated, cell phone 730 transmits a succession of IP packets representing small pieces or snippets of sound in accordance with its communication application. In the example shown, these packets are sent from the application in caller's cell phone 730 through WiFi link 746A to WiFi base station 731 then through wireline connection 746B to router 732, and finally through wireline connection 746C to VPN host 733. The data is then sent securely by connection 747 to VPN host 735 through VPN tunnel 742. Once leaving the VPN tunnel, VPN host sends the data onward on wireline connection 748A to router 735, then by wireline connection 748B to cell phone system and tower 736 which in turn calls 737 as a normal phone call. The process of calling from a cell phone app to a phone not running the same app is called a call out feature.
(297) The foregoing example highlights another problem with connecting to a VPN over a public networkthe last-mile links from both the caller on cell phone 730 to VPN host 733 and the call out from VPN host 734 to the person being called on cell phone 737 are not part of the VPN, and therefore do not guarantee security, performance or call QoS. Specifically the caller's last mile comprising connections 746A, 746B, and 746C as well as the call out connections 748A, 748B, and 748C are all open to sniffing and subject to cyber-assaults.
(298) Once the call is completed and the cell phone 737 hangs up, VPN 742 must be terminated according to step 749 where VPN Layer 5 coordinates closing the VPN session and cell phone 730 disconnects from VPN host 733.
(299) Even following the prescribed steps, however, there is no guarantee that placing a call or sending documents through a VPN may not fail for any number of reasons including: The VPN may not operate with sufficient low latency to support real-time applications, VoIP or video; The VPN last-mile connection from the caller to the VPN gateway or from the VPN gateway to the call recipient may not operate with sufficient low latency to support real-time applications, VoIP or video; The nearest VPN gateway to the caller or to the intended recipient, i.e. the last mile may be very far away, possibly even farther than the distance to the call recipient without the VPN, exposing the connection to excessive latency, network instability, uncontrolled routing through unknown networks, variable QoS, and numerous opportunities for man-in-middle attacks in the unprotected portion of the connection; The VPN last-mile connection from the VPN gateway to the call recipient may not support call out connections and packet forwarding or support links to local telcos; Local carriers or government censors may block calls or connections into or out of known VPN gateways for reasons of national security or regulatory compliance; Using corporate VPNs, VoIP calls may limited to and from only company employees and specified authorized users, financial transactions and video streaming may be blocked, private email to public email servers such Yahoo, Google, etc. may be blocked, and numerous web sites such YouTube, chat programs, or Twitter may be blocked as per company policy. In cases of unstable networks, a VPN may get stuck open and retain a permanent session connected to a caller's device until manually reset by the VPN operator. This can lead to lost bandwidth for subsequent connections or expensive connection fees.
(300) Comparing Networks
(301) Comparing communication offered by over-the top or OTT providers, shown in
(302) In both examples, the last-mile connections offer unpredictable call QoS, exposure to packet sniffing, and the risk of cyber-assaults. Because server/routers 752 and 774 are likely managed by different ISPs in different locales, one can interpret the servers as existing different clouds, i.e. clouds 751 and 753. For example the publically open networks owned and operated by Google, Yahoo, Amazon, and Microsoft may be considered as different clouds, e.g. the Amazon cloud even though they are all interlinked by the Internet.
(303) A competing network topology, the peer-to-peer network or PPN shown in
(304) In PPN operation, every device that makes a login connection to the PPN becomes one more node in the PPN. For example if in geography 761, cell phone 730 with PPN software installed logs into the peer-to-peer network, it like all the other connected devices in the region becomes part of the network. Calls placed by any devices hops around from one device to another to reach is destination, another PPN connected device. For example, if cell phone 730 uses its PPN connection to call another PPN connected device, e.g. cell phone 768, the call follows a circuitous path through any device(s) physically located in the PPN between the two parties. As shown, the call emanating from cell phone 730 connects by WiFi 731 through WiFi base station 731 to desktop 765A, then to notebook 766A, to desktop 765B, then to desktop 765C and finally to cell phone 768 through cell phone base station and tower 767. In this manner all routing was controlled by the PPN and the Internet was not involved in managing the routing. Since both parties utilize, the PPN software used to connect to the network also acts as the application for VoIP based voice communication.
(305) In the case where cell phone 730 attempts to call a non-PPN device cell phone on the opposite side of the world, the routing may necessarily include the Internet on some links, especially to send packets across oceans or mountain ranges. The first part of the routing in geography 761, proceeds in a manner similar to the prior example, starting from cell phone 730 and routed through WiFi base station 731, desktop 765A, notebook 766A, desktops 765B and 765C. At this point, if notebook 766B is connected to the network, the call will be routed through it, otherwise the call must be routed through cell phone base station and tower 767 to cell phone 768, and then back to cell phone base station and tower 767 before sending it onwards.
(306) If the call is transpacific, then computers and cell phones cannot carry the traffic across the ocean so the call is then necessarily routed up to the Internet to 3.sup.rd party server/router 770 in cloud 763 and onward through connection 747 to 3.sup.rd a party server/router 771 in cloud 764. The call then leaves the Internet and enters the PPN in geography 762 first through desktop 772, which in turn connects to WiFi 773, to notebook 776, and to base station 736. Since WiFi 733 does not run the PPN app, the actual packet entering WiFi 773 must travel to either tablet 775 or cell phone 774 and back to WiFi 773 before being sent on to cell phone base station and tower 736 via a wireline connection. Finally, cell phone call 748C connects to cell phone 737, which is not a PPN enabled device. The connection thereby constitutes a call out for the PPN because it exits PPN geography 762. Using this PPN approach, like a VPN involves first registering a calling device to the PPN network according to step 760 by completing a PPN login. Thereafter, the call can be placed using the PPN app in accordance with step 769. The advantage of the PPN approach is little or no hardware is needed to carry a call over a long distance, and that since every device connected to the PPN regularly updates the PPN operator as to its status, loading and latency, the PPN operator can decide a packet's routing to best minimize delay.
(307) The disadvantages of such an approach is that packets traverse a network comprising many unknown nodes representing a potential security threat and having an unpredictable impact on call latency and call QoS. As such, except for Skype, peer-to-peer networks operating at Layer 3 and higher are not commonly employed in packet-switched communication networks.
(308) A comparative summary of ad hoc VPN providers, Internet OTT providers, and PPN peer networks is contrasted below.
(309) TABLE-US-00005 Network Virtual Private VPN Internet OTT Peer-to-Peer PPN Nodes Public/Hosted Servers Public PPN Users Routers/Servers Node Capability Known Infrastructure Known Mixed, Unknown Infrastructure Cloud Bandwidth Guaranteed Unpredictable Unpredictable Last-Mile Provider Dependent Provider PPN Dependent Bandwidth Dependent Latency Unmanageable Unmanageable Best Effort Network Stability Unmanageable Unmanageable, Best Effort Redundant Call Setup Complex Login None Required Login User Identity User Name Phone Number User Name VoIP QoS Variable to Good Variable Variable Cloud Security Encrypted Payload Only Unencrypted Unencrypted Last-Mile Security Unencrypted Unencrypted Unencrypted Sniffable Packet Header (Cloud) Entire Packet Entire Packet Entire Packet (Last Mile)
(310) As shown, while VPN and the Internet comprise fixed infrastructure, the nodes of a peer-to-peer network vary depending on who is logged in and what devices are connected to the PPN. The cloud bandwidth, defined in the context of this table as the networks' high-speed long-distance connections, e.g. networks crossing oceans and mountain ranges, is contractually guaranteed only in the case of VPNs, and is otherwise unpredictable. The last-mile bandwidth is local provider dependent for both Internet and VPN providers but for PPN is entirely dependent on who is logged in.
(311) Latency, the propagation delay of successively sent IP packets is unmanageable for OTTs and VPNs because the provider does not control routing in the last mile but instead depends on local telco or network providers, while PPNs have limited ability using best efforts to direct traffic among the nodes that happen to be online at the time in a particular geography. Likewise, for network stability, PPNs have the ability to reroute traffic to keep a network up but depend entirely on who is logged in. The Internet, on the other hand, is intrinsically redundant and almost certain to guarantee delivery but not necessarily in a timely manner. Network stability for an ad hoc VPN depends on the number of nodes authorized to connect to the VPN host. If these nodes go offline, the VPN is crippled.
(312) From a call setup point of view the Internet is always available, PPNs require the extra step of logging into the PPN prior to making a call, and VPNs can involve a complex login procedure. Moreover, most users consider OTT's use of phone numbers rather than separate login IDs used by VPNs and PPNs as a major beneficial feature in ease of use. All three networks listed suffer from variable VoIP QoS, generally lagging far behind commercial telephony carriers.
(313) From a security point of view, all three options are bad with the last mile completely exposed to packet sniffing with readable addresses and payloads. VPNs offer encryption of the cloud connection but still expose the IP addresses of the VPN hosts. As such no network option shown is considered secure. As such, encryption is used by various applications to try to prevent hacking and cyber-assaults, either as a Layer 6 protocol or as an embedded portion of the Layer 7 application itself.
(314) Overreliance on Encryption
(315) Regardless of whether used for encrypting IP packets or establishing VPNs, today's network security relies almost solely on encryption and represents one weakness in modern packet-switched based communication networks. For example, numerous studies have been performed on methods to attack RSA encryption. While limiting the prime numbers to large sizes greatly reduces the risk of breaking the decryption D-key code using brute force methods, polynomial factor methods have been successfully demonstrated to crack keys based on smaller prime number-based keys. Concerns exist that the evolution of quantum computing will ultimately lead to practical methods of breaking RSA-based and other encryption keys in reasonable cyber-assault times.
(316) To combat the ever-present risk of code breaking, new algorithms and bigger key encryption methods such as the advanced encryption standard or AES cipher adopted by US NIST in 2001 have emerged. Based on the Rijndael cipher, the design principle known as a substitution-permutation network combines both character substitution and permutation using different key and block sizes. In its present incarnation, the algorithm comprises fixed block sizes of 128 bits with keys comprising varying lengths of 128 bits, 192 bits, and 256 bits, with the corresponding number of repetitions used in the input file transformation varying in rounds of 10, 12, and 14 cycles respectively. As a practical matter, AES cipher may be efficiently and rapidly executed in either software or hardware for any size of key. In cryptography vernacular, an AES based encryption using a 256 b key is referred to as AES256 encryption. AES512 encryption employing a 512 b key is also available.
(317) While each new generation raises the bar in cryptography to make better encryption methods and to more quickly break them, profit-minded cybercriminals often concentrate on their targets rather than simply using computing to break an encrypted file. As described previously, using packet sniffing and port interrogation, a cyber pirate can gain valuable information about a conversation, a corporate server, or even a VPN gateway. By cyber-profiling, it may be easier to launch a cyber-assault on a company's CFO or CEO's personal computers, notebooks, and cell phones rather than attack the network itself. Sending emails to employees that automatically install malware and spyware upon opening an embedded link completely circumvent firewall security because they enter the network from inside where employees necessarily must connect and work.
(318) The chance of breaking encryption also improves if data moves through a network without changing, i.e. statically. In the network of
(319) In either case, throughout this disclosure, each data slot represented by fixed size boxes comprises a prescribed number of bits, e.g. two bytes (2 B) long. The exact number of bits per slot is flexible just so long as every communication node in a network knows what the size of each data slot is. Contained within each data slot is audio, video, or textual data, identified in the drawings as a number followed by a letter. For example, as shown, the first slot of data packet 790 contains the content 1A where the number 1 indicates the specific communication #1 and the letter A represents the first piece of the data in communication #1. Similarly, the second slot of data packet 790 contains the content 1B where the number 1 indicates it is part of the same communication #1 and the letter B represents the second piece of the data in communication #1, sequentially following 1A.
(320) If, for example, the same data packet hypothetically included content 2A the data represents the first packet A in a different communication, specifically for communication #2, unrelated to communication #1. Data packets containing homogeneous communications, e.g. where all the data is for communication #1 are easier to analyze and read than those mixing different communications. Data arranged sequentially in proper order makes it easy for a cyber-attacker to interpret the nature of the data, whether it is audio, text, graphics, photos, video, executable code, etc.
(321) Moreover, in the example shown, since the packet's source and destination IP addresses remain constant, i.e. where the packets remain unchanged during transport through the network in the same form as the data entering or exiting gateway servers 21A and 21F, because the underlying data doesn't change, a hacker has more chances to intercept the data packets and a better chance to analyze and open the files or listen to the conversation. The simple transport and one-dimensional security, i.e. relying only on encryption for protection, increases the risk of a cyber-attack because the likelihood of success is higher in such overly simplified use of the Internet as a packet-switched network.
(322) Securine Real-Time Networks and Connected Devices
(323) In order to improve the quality of service (QoS) of telephonic, video, and data communication while addressing the plethora of security vulnerabilities plaguing today's packet-switched networks, a new and innovative systemic approach to controlling IP packet routing is required, one that manages a global network comprising disparate technologies and concurrently facilitates end-to-end security. The goals of such an inventive packet-switched network include the following criteria: 1. Insure the security and QoS of a global network or long-distance carrier including dynamically managing real-time voice, video, and data traffic routing throughout a network; 2. Insure the security and QoS of the local network or telco in the last mile of the communication network; 3. Insure the security and QoS of the last link of the communication network, including providing secure communication over unsecured lines; 4. Insure the security of communicating devices and authenticate users to prevent unauthorized or fraudulent access or use; 5. Facilitate a secure means to store data in a device or online in network or cloud storage to prevent unauthorized access; 6. Provide security and privacy protection of all non-public personal information including all financial, personal, medical, and biometric data and records; 7. Provide security and privacy protection of all financial transactions involving online banking and shopping, credit cards, and e-pay; and 8. Provide security, privacy, and as-required, anonymity, in transactional and information exchange involving machine-to-machine (M2M), vehicle-to-vehicle (V2V), and vehicle-to-infrastructure (V2X) communication.
(324) Of the above stated goals, the inventive matter contained within this disclosure relates to the first topic described in item #1, i.e. to insure the security and QoS of a global network or long-distance carrier including dynamically managing real-time voice, video, and data traffic routing throughout a network. This topic can be considered as achieving network or cloud security without sacrificing real-time communication performance.
Glossary
(325) Unless the context requires otherwise, the terms used in the description of the Secure Dynamic Network And Protocol have the following meanings:
(326) Anonymous Data Packets: Data packets lacking information as to their original origin or final destination.
(327) Decryption: A mathematical operation used to convert data packets from ciphertext into plaintext.
(328) DMZ Server: A computer server not accessible directly from the SDNP network or the Internet used for storing selectors, seed generators, key generators and other shared secrets.
(329) Dynamic Encryption/Decryption: Encryption and decryption relying on keys that change dynamically as a data packet traverses the SDNP network.
(330) Dynamic Mixing: The process of mixing where the mixing algorithms (the inverse of splitting algorithms) change dynamically as a function of a seed based on a state, such as the time, state, and zone when a mixed data packet is created.
(331) Dynamic Scrambling/Unscrambling: Scrambling and unscrambling relying on algorithms that change dynamically as a function of a state, such as the time when a data packet is created or the zone in which it is created.
(332) Dynamic Splitting: The process of splitting where the splitting algorithms change dynamically as a function of a seed based on a state, such as the time, state, and zone when a data packet is split into multiple sub-packets.
(333) Encryption: A mathematical operation used to convert data packets from plaintext into ciphertext.
(334) Fragmented Data Transport: The routing of split and mixed data through the SDNP network.
(335) Junk Data Deletions (or De-junking): The removal of junk data from data packets in order to restore the original data or to recover the data packet's original length.
(336) Junk Data Insertions (or Junking): The intentional introduction of meaningless data into a data packet, either for purposes of obfuscating the real data content or for managing the length of a data packet.
(337) Key: A disguised digital value that is generated by inputting a state, such as time, into a key generator which uses a secret algorithm to generate the key. A key is used to select an algorithm for encrypting the data in a packet from a selector. A key can be used to safely pass information regarding a state over public or unsecure lines.
(338) Key Exchange Server: A computer server, often third party hosted and independent of the SDNP network operator, used to distribute public encryption keys to clients, and optionally to servers using symmetric key encryption, especially for client-administered key management, i.e. client based end-to-end encryption to prevent any possibility of network operator spying.
(339) Last Link: The network connection between a Client's device and the first device in the network with which it communicates, typically a radio tower, a WiFi router, a cable modem, a set top box, or an Ethernet connection.
(340) Last Mile: The network connection between a SDNP Gateway and the Client, including the Last Link.
(341) Mixing: The combining of data from different sources and data types to produce one long data packet (or a series of smaller sub-packets) having unrecognizable content. In some cases previously split data packets are mixed to recover the original data content. The mixing operation may also include junk data insertions and deletions and parsing.
(342) Parsing: A numerical operation whereby a data packet is broken into shorter sub-packets for storage or for transmission.
(343) Scrambling: An operation wherein the order or sequence of data segments in a data packet is changed from its natural order into an unrecognizable form.
(344) Splitting: An operation wherein a data packet (or a sequence of serial data packets) is split into multiple sub-packets which are routed to multiple destinations. A splitting operation may also include junk data insertions and deletions.
(345) SoftSwitch: Software comprising executable code performing the function of a telecommunication switch and router.
(346) SDNP: An acronym for secure dynamic network and protocol meaning a hyper-secure communications network made in accordance with this invention.
(347) SDNP Administration Server: A computer server used to distribute executable code and shared secrets to SDNP servers globally or in specific zones.
(348) SDNP Bridge Node: A SDNP node connecting one SDNP Cloud to another having dissimilar Zones and security credentials.
(349) SDNP Client or Client Device: A network connected device, typically a cell phone, tablet, notebook, desktop, or IoT device running a SDNP application in order to connect to the SDNP Cloud, generally connecting over the network's last mile.
(350) SDNP Cloud: A network of interconnected SDNP Servers running SoftSwitch executable code to perform SDNP Communications Node operations.
(351) SDNP Gateway Node: A SDNP node connecting the SDNP Cloud to the SDNP Last Mile and to the Client. SDNP Gateway nodes require access to at least two Zonesthat of the SDNP Cloud and of the Last Mile.
(352) SDNP Media Node: SoftSwitch executable code that processes incoming data packets with particular identifying tags in accordance with instructions from the signaling server or another computer performing the signaling function, including encryption/decryption, scrambling/unscrambling, mixing/splitting, tagging and SDNP header and sub-header generation. An SDNP Media Node is responsible for identifying incoming data packets having specific tags and for forwarding newly generated data packets to their next destination.
(353) SDNP Media Server: A computer server hosting a SoftSwitch performing the functions of a SDNP Media Node in dual-channel and tri-channel communications and also performing the tasks of a SDNP Signaling Node and a SDNP Name-Server Node in single-channel communications.
(354) SDNP Name Server: A computer server hosting a SoftSwitch performing the functions of a SDNP Name-Server Node in tri-channel communications.
(355) SDNP Name Server Node: SoftSwitch executable code that manages a dynamic list of every SDNP device connected to the SDNP cloud.
(356) SDNP Network: The entire hyper-secure communication network extending from client-to-client including last link and last mile communication, as well as the SDNP cloud.
(357) SDNP Node: A SDNP communication node comprising a software-based SoftSwitch running on a computer server or alternatively a hardware device connected to the SDNP network, functioning as an SDNP node, either as Media Node, a Signaling Node, or a Name Server Node.
(358) SDNP Server: A computer server comprising either a SDNP Media Server, a SDNP Signaling Server, or a SDNP Name Server and hosting the applicable SoftSwitch functions to operate as an SDNP node.
(359) SDNP Signaling Node: SoftSwitch executable code that initiates a call or communication between or among parties, determines all or portions of the multiple routes for fragmented data transport based on caller criteria and a dynamic table of node-to-node propagation delays, and instructing the SDNP media how to manage the incoming and outgoing data packets.
(360) SDNP Signaling Server: A computer server hosting a SoftSwitch performing the functions of a SDNP Signaling Node in dual-channel and tri-channel SDNP communications, and also performing the duties of the SDNP Name-Sever Node in dual-channel communications.
(361) Security Settings: Digital values, such as seeds and keys, that are generated by seed generators or key generators using secret algorithms in conjunction with a constantly changing input state, such as network time, and that can therefore be safety transmitted over public or insecure lines.
(362) Seed: A disguised digital value that is generated by inputting a state, such as time, into a seed generator which uses a secret algorithm to generate the seed. A seed is used to select an algorithm for scrambling or splitting the data in a packet from a selector. A seed can be used to safely pass information regarding a state over public or unsecure lines.
(363) Selector: A list or table of possible scrambling, encryption or splitting algorithms that are part of the shared secrets and that are used in conjunction with a seed or key to select a particular algorithm for scrambling, unscrambling, encrypting, decrypting, splitting or mixing a packet or packets.
(364) Shared Secrets: Confidential information regarding SDNP node operation, including tables or selectors of scrambling/unscrambling, encryption/decryption, and mixing/splitting algorithms, as well as the algorithms used by seed generators, key generators, zone information, and algorithm shuffling processes stored locally on DMZ servers not accessible over the SDNP network or the Internet.
(365) State: An input, such as location, zone, or network time that is used to dynamically generate security settings such as seeds or keys or to select algorithms for specific SDNP operations such as mixing, splitting, scrambling, and encryption.
(366) Time: The universal network time used to synchronize communication across the SDNP network
(367) Unscrambling: A process used to restore the data segments in a scrambled data packet to their original order or sequence. Unscrambling is the inverse function of scrambling.
(368) Zone: A network of specific interconnected servers sharing common security credentials and shared secrets. Last mile connections comprise separate zones from those in the SDNP Cloud.
(369) Secure Dynamic Communication Network and Protocol (SDNP) Design
(370) To prevent cyber-assaults and hacking of packet-switched communication while minimizing real-time packet latency, insuring stable call connectivity, and delivering the highest integrity of voice communication and video streaming, the disclosed secure dynamic network and protocol, or SDNP, is designed based upon a number of guiding principles including: Real-time communication should always occur using the lowest latency path. Unauthorized inspection or sniffing of a data packet should provide no context as to where the packet came from, where it is going, or what is in it. Data packet payloads should be dynamically re-encrypted, i.e., decrypted and then encrypted again using a different encryption algorithm, with no risk of being hacked in any reasonable time. Even after they have been decrypted, all data packet payloads still contain incomprehensible payloads comprising a dynamically scrambled mix of multiple conversations and unrelated data mixed with junk packet fillers.
Implementation of the above guidelines involves a variety of unique and inventive methods, functions, features and implementations including in various embodiments some or all of the following The SDNP employs one or more dedicated clouds comprising telco, i.e. telecommunication system, soft-switch functions realized using proprietary command and control software not accessible through the Internet. All intra-cloud communication occurs using dedicated SDNP packet-routing within proprietary clouds based on SDNP addresses and dynamic ports (i.e. proprietary NAT addresses), not on IP addresses. SDNP addresses are not usable or routable over the Internet or outside the SDNP cloud. The SDNP network constantly identifies and dynamically routes all real-time communication through the lowest latency paths available. No secure or real-time communication is routed outside the SDNP cloud or over the Internet except in cloud-to-cloud and last-mile communication, and then generally using single-hop routing with invisible addresses. Routing data contained within a data packet identifies the routing for a single hop between two adjacent devices, identifying only the last and next server's SDNP or IP addresses The phone number or IP addresses of the caller and the call recipient, i.e. the clients' respective source and destination addresses, are not present in the IP packet headers nor is it present in the encrypted payload Command and control related shared secrets exist in system software installed in secure DMZ servers not accessible through the Internet. SDNP packet communication may occur through three independent channelsa name server used to identify elements within the SDNP cloud, media servers used for routing content and data, and signaling servers used for packet and call command and control. Routing information, along with keys and numeric seeds (as needed) are supplied to all participating media servers through an independent signaling channel prior to the call or communiqu? and not with content. The signaling server supplies the media servers with only the last and next destination of a packet traversing the network. Media packets contain fragmented data representing only a portion of a call, document, text or file, dynamically mixed and remixed with other packets containing fragmented data from other sources and of different types. Special security methods are employed to protect the first- and last-mile communication, including separating signaling server-related communications from media and content-related packets. Packet transport is content-type dependent, with voice and real-time video or streaming based on an enhanced UDP, while signaling packets, command-and-control packets, data files, application files, systems files, and other files which are sensitive to packet loss or latency utilize TCP transport. Special security and authentication methods are used to confirm that a device is the real client and not a clone, and to authenticate that the person communicating is the true owner of the device and not an imposter.
(371) To ensure secure communication with low latency and high QoS in VoIP and real-time applications, the disclosed secure dynamic network and protocol or SDNP, utilizes an inventive dynamic mesh network comprising Dynamic adaptive multipath and meshed routing with minimal latency Dynamic packet scrambling Dynamic fragmentation using packet splitting, mixing, parsing, and junk bit packet fillers Dynamic intra-node payload encryption throughout a network or cloud Dynamic network protocol with address disguising and need-to-know routing information Multichannel communication separating media and content from signaling, command and control, and network addresses Dynamic adaptive real-time transport protocol with data type specific features and contextual routing Support of client-encrypted payloads with user-key management Lightweight audio CODEC for high QoS in congested networks
(372) As described, SDNP communication relies on multi-route and meshed communication to dynamically route data packets. Contrasting single-path packet communication used for Internet OTT and VoIP communications, in SDNP communication in accordance with this invention, the content of data packets is not carried serially by coherent packets containing information from a common source or caller, but in fragmented form, dynamically mixing and remixing content emanating from multiple sources and callers, where said data agglomerates incomplete snippets of data, content, voice, video and files of dissimilar data types with junk data fillers. The advantage of the disclosed realization of data fragmentation and transport is that even unencrypted and unscrambled data packets are nearly impossible to interpret because they represent the combination of unrelated data and data types.
(373) By combining fragmented packet mixing and splitting with packet scrambling and dynamic encryption, these hybridized packets of dynamically encrypted, scrambled, fragmented data comprise meaningless packets of gibberish, completely unintelligible to any party or observer lacking the shared secrets, keys, numeric seeds, and time and state variables used to create, packet, and dynamically re-packet the data.
(374) Moreover, each packet's fragmented content, and the secrets used to create it, remain valid for only a fraction of a second before the packet is reconstituted with new fragments and new security provisions such as revised seeds, keys, algorithms, and secrets. The limited duration in which a cyber-pirate has available to break and open the state-dependent SDNP data packet further enhances SDNP security, requiring tens of thousands of compute years to be processed in one tenth of a second, a challenge twelve orders of magnitudes greater than the time available to break it.
(375) The combination of the aforementioned methods facilitates multi-dimensional security far beyond the security obtainable from static encryption. As such, the disclosed secure dynamic network and protocol is referred to herein as a hyper-secure network.
(376) Data Packet Scrambling
(377) In accordance with the disclosed invention, secure communication over a packet-switched network relies on several elements to prevent hacking and ensure security, one of which involves SDNP packet scrambling. SDNP packet scrambling involves rearranging the data segments out of sequence, rendering the information incomprehensible and useless. As shown in
(378) The unscrambling operation, shown in
(379) Should the scrambling algorithm selected for implementing unscrambling operation 927 not match the original algorithm employed in packet scrambling, or should seed 929 or state or time 920 not match the time scrambling occurred, then the unscrambling operation will fail to recover the original unscrambled data packet 923, and the packet data will be lost. In data flow diagrams, it is convenient to illustrate this packet unscrambling process and sequence using a schematic or symbolic representation, as depicted herein by symbol 928.
(380) In accordance with the disclosed invention, numerous algorithms may be used to perform the scrambling operation so long that the process is reversible, meaning repeating the steps in the opposite order as the original process returns each data segment to its original and proper location in a given data packet. Mathematically, acceptable scrambling algorithms are those that are reversible, i.e. where a function F(A) has an anti-function F.sup.?1(A) or alternatively a transform has a corresponding anti-function such that
F.sup.?1[F(A)]=A
meaning that a data file, sequence, character string, file or vector A processed by a function F will upon subsequent processing using the anti-function F.sup.?1 return the original input A undamaged in value or sequence.
(381) Examples of such reversible functions are illustrated by the static scrambling algorithms shown in
(382) In mod-3 mirroring, the first and third data segments of every three data segments are swapped while the middle packet of each triplet remains in its original position. Accordingly, data segments 1A and 1C are swapped while 1 B remains in the center of the triplet, data segments 1D and 1F are swapped while 1E remains in the center of the triplet, and so on, to produce scrambled data packet output 936. In mod-3 mirroring, the line of symmetry is centered in the 2.sup.nd, 5.sup.th, 8.sup.th, . . . , (2+3n).sup.th position.
(383) In mod-4 mirroring, the first and fourth data segments and the second and third of every four data segments are swapped, and so on to produce scrambled output data packet 937 from input data packet 931. Accordingly, data segment 1A is swapped with 1D; data segment 1B is swapped with 1C; and so on. In mod-4 mirroring, the line of symmetry is centered between the second and third data segments of every quadruplet, e.g. between the 2.sup.nd and 3.sup.rd data segments, the 6.sup.th and 7.sup.th data segments, and so on, or mathematically as 2.5.sup.th, 6.5.sup.th, . . . , (2.5+4n).sup.th position. In mod-m mirroring, the m.sup.th data segment of input data packet 932 is swapped with the first, i.e. the 0.sup.th data segment; the 0.sup.th data segment is swapped with the m.sup.th element; and similarly the n.sup.th element is swapped with the (m?n).sup.th data segment to produce scrambled output data packet 938.
(384) Another scrambling method also shown in
(385) In a 2-frame phase shift, the first data segment 1A of input data packet 930 is shifted by two frames into the position previously occupied by data segment 1C, the 4.sup.th frame 1D is shifted into the last position of scrambled output data packet 941, the next to the last data segment 1E is shifted into the first position and the last position 1F is shifted into the second position. Similarly, in a 4-frame phase shift, the data segments of input data packet 930 are shifted by four places with first frame 1A replacing the frame previously held by 1E, 1B replacing 1F, 1C replacing 1A, and so on, to produce scrambled output data packet 942. In the case of the maximum phase shift, the first frame replaces the last, the second frame originally held by 1 B becomes the first frame of output data packet 943, the second element is shifted into the first position, the third position into the second place, and so on. Phase-shifting one frame beyond the maximum phase shift results in output data unchanged from the input. The examples shown comprise phase-shifts where the data was shifted to the right. The algorithm also works for phase shiftsto the left but with different results.
(386) The aforementioned algorithms and similar methods as disclosed are referred herein to as static scrambling algorithms because the scrambling operation occurs at a single time, converting an input data set to a unique output. Moreover, the algorithms shown previously do not rely of the value of a data packet to determine how the scrambling shall occur. As illustrated in
(387) In the example shown, unscrambled data packet 930 is converted parametrically in step 950 into a data table 951, containing a numeric value for each data segment. As shown data segment 1A, the 0.sup.th frame, has a numeric value of 23, data segment 1B, the 1.sup.st frame, has a numeric value of 125, and so on. A single data packet value is then extracted in step 952 for the entire data packet 930. In the example shown, sum 953 represents the linear summation of all the data segment values from table 951, parametrically totaling 1002. In step 954 this parametric value, i.e. sum 953, is compared against a condition table, i.e. in software a set of predefined if-then-else statements, to compare sum 953 against a number of non-overlapping numerical ranges in table 955 to determine which sort routine should be employed. In this example, the parametric value of 1002 falls in the range of 1000 to 1499, meaning that sort # C should be employed. Once the sort routine is selected, the parametric value is then no longer required. The unscrambled data input 930 is then scrambled by the selected method in step 956 to produce the scramble data packet output 959. In the example shown, Sort # C, summarized in table 957, comprises a set of relative moves for each data segment. The first data segment of scrambled data packet 959, the 0.sup.th frame is determined by moving the 1D data segment to the left by three moves, i.e. a 3 shift. The 1.sup.st frame comprises data segment 1B, unchanged from its original position, i.e. a move of 0 places. The 2.sup.nd frame comprises 1E, a data segment shifted left by two moves from its original position. The same is true for the 3.sup.rd frame comprising data segment 1F shifted left by two moves from its original position. The 4.sup.th frame of scrambled data packet output 959 comprises data segment 1C shifted right, i.e. +2 moves, from its original position. The 5.sup.1h frame comprises data segment 1A, shifted five moves to the right, i.e. +5, from its original position.
(388) In this manner, summarized in table 957 for sort # C, every data segment is moved uniquely to a new position to create a parametrically determined scrambled data packet 959. To unscramble the scrambled data packet, the process is reversed, using the same sort method, sort # C. In order to insure that the same algorithm is selected to perform the unscrambling operation, the parametric value 953 of the data packet cannot be changed as a consequence of the scrambling operation. For example, using a linear summation of the parametric value of every data segment produces the same numerical value regardless of the order of the numbers.
(389) Dynamic scrambling utilizes a system state, e.g. time, to be able to identify the conditions when a data packet was scrambled, enabling the same method to be selected to perform the unscrambling operation. In the system shown in
(390) The benefit of using a hidden number to select a scrambling algorithm instead of just a numeric seed, is it eliminates any possibility of a cybercriminal recreating the scrambling table by analyzing the data stream, i.e. statistically correlating repeated sets of scrambled data to corresponding numeric seeds. Although the seed may be visible in the data stream and therefore subject to spying, the hidden number generator and the hidden number HN it creates is based on a shared secret. The hidden number HN is therefore not present in the data stream or subject to spying or sniffing, meaning it is not transmitted across the network but generated locally from the numeric seed. This mathematical operation of a hidden number generator thereby confers an added layer of security in thwarting hackers because the purpose of the numeric seed is disguised.
(391) Once the algorithm is selected, the numeric seed may also be used as an input variable in the algorithm of scrambling process 963. Dual use of the numeric seed further confounds analysis because the seed does not directly choose the algorithm but works in conjunction with it to determine the final sequence of the scrambled data segments. In a similar manner, to unscramble a dynamically scrambled data packet, seed 929 (or alternatively the state or time 920) must be passed from the communication node, device or software initially performing the scrambling to any node or device wishing to unscramble it.
(392) In accordance with the disclosed invention, the algorithm of seed generation 921, hidden number generator 960, and the list of scrambling algorithms 962 represent shared secrets, information stored in a DMZ server (as described below) and not known to either the sender or the recipient of a data packet. The shared secret is established in advance and is unrelated to the communication data packets being sent, possibly during installation of the code where a variety of authentication procedures are employed to insure the secret does not leak. As described below, shared secrets may be limited to zones so that knowledge of one set of stolen secrets still does not enable a hacker to access the entire communication network or to intercept real-time communiqu?s.
(393) In addition to any shared secrets, in dynamic scrambling, where the scrambling algorithm varies during data packet transit, a seed based on a state is required to scramble or unscramble the data. This state on which the seed is based may comprise any physical parameter such as time, communication node number, network identity, or even GPS location, so long as there is no ambiguity as to the state used in generating the seed and so long as there is some means to inform the next node what state was used to last scramble the data packet. The algorithm used by the seed generator to produce a seed is part of the shared secrets, and hence knowledge of the seed does not allow one to determine the state on which the seed is based. The seed may be passed from one communication node to the next by embedding it within the data packet itself, by sending it through another channel or path, or some combination thereof. For example, the state used in generating a seed may comprise a counter initially comprising a random number subsequently incremented by a fixed number each time a data packet traverses a communication node, with each count representing a specific scrambling algorithm.
(394) In one embodiment of dynamic scrambling, during the first instance of scrambling a random number is generated to select the scrambling method used. This random number is embedded in the data packet in a header or portion of the data packet reserved for command and control and not subject to scrambling. When the data packet arrives at the next node, the embedded number is read by the communication node and used by the software to select the proper algorithm to unscramble the incoming data packet. The number, i.e. the count is next incremented by one count or some other predetermined integer, the packet is scrambled according to the algorithm associated with this new number, and the new count is stored in the data packet output overwriting the previous number. The next communication node repeats the process.
(395) In an alternative embodiment of the disclosed counter-based method for selecting a scrambling algorithm, a random number is generated to select the initial scrambling algorithm and this number is forwarded to every communication node used to transport the specific data packet as a shared secret. A count, e.g. starting with 0, is also embedded in the data packet in a header or portion of the data packet reserved for command and control and not subject to scrambling. The data packet is then forwarded to the next communication node. When the packet arrives at the next communication node, the server reads the value of the count, adds the count to the initial random number, identifies the scrambling algorithm used to last scramble the data packet and unscrambles the packet accordingly. The count is then incremented by one or any predetermined integer, and the count is again stored in the data packet's header or any portion of the data packet reserved for command and control and not subject to scrambling, overwriting the prior count. The random number serving as a shared secret is not communicated in the communication data packet. When the data packet arrives at the next communication node, the server then adds the random number shared secret added to the revised counter value extracted from the data packet. This new number uniquely identifies the scrambling algorithm employed by the last communication node to scramble the incoming packet. In this method, only a meaningless count number can be intercepted from the unscrambled portion of a data packet by a cyber-pirate has no idea what the data means.
(396) In another alternative method, a hidden number may be employed to communicate the state of the packet and what algorithm was employed to scramble it. A hidden number combines a time-varying state or a seed, with a shared secret generally comprising a numeric algorithm, together used to produce a confidential number, i.e. a hidden number that is never communicated between communication nodes and is therefore not sniffable or discoverable to any man-in-the middle attack or cyber-pirate. The hidden number is then used to select the scrambling algorithm employed. Since the state or seed is meaningless without knowing the algorithm used to calculate the hidden number and because the shared-secret algorithm can be stored behind a firewall inaccessible over the network or Internet, then no amount of monitoring of network traffic will reveal a pattern. To further complicate matters, the location of the seed can also represent a shared secret. In one embodiment, a number carried by an unscrambled portion of a data packet and observable to data sniffing, e.g. 27482567822552213, comprises a long number where only a portion of the number represents the seed. If for example, the third through eighth digits represent the seed, then the real seed is not the entire number but only the bolded numbers 27482567822552213, i.e. the seed is 48256. This seed is then combined with a shared secret algorithm to generate a hidden number, and the hidden number is used to select the scrambling algorithm, varying dynamically throughout a network.
(397) Also in accordance with the disclosed invention, yet another possible dynamic scrambling-algorithm is the process of dithering, intentionally introducing predictable noise into the data-stream in communication. One possible method of dithering involves the repeated transposition of two adjacent data segments occurring as a packet traverses the network. As illustrated in
(398) One example of static scrambling in accordance with the disclosed secure dynamic network and protocol and applied to a data packet 930 traversing a string of communication servers 1010 to 1015 is illustrated in
(399) The data shown traversing the network, albeit scrambled, can be referred to as plaintext because the actual data is present in the data packets, i.e. the packets have not been encrypted into ciphertext. By contrast, in ciphertext the character string comprising the original data, whether scrambled or not, is translated into a meaningless series of nonsense characters using an encryption key, and cannot be restored to its original plaintext form without a decryption key. The role of encryption in the disclosed SDNP based communication is discussed further in the following section on Encryption.
(400) In order to change the sequence of data packets during transport through the network, packet re-scrambling is required, as shown in
(401) The application of US re-scrambling in a SDNP-based packet-switched communication network in accordance with the invention is illustrated in
(402) Each re-scrambling operation 1017 first undoes the prior scrambling by relying on the prior state of the packet entering the communication node, e.g. where data packet 1008 was scrambled with a state corresponding to time t.sub.2, and then scrambles the packet anew with a new state corresponding to time t.sub.3 to create re-scrambled data packet 1009. As described previously, the state used in determining the scrambling performed may involve a seed, a time, or a number based on any physical parameter such as time, communication node number, network identity, or even GPS location, so long that there is no ambiguity as to how the scrambling was last performed. Accordingly, unscrambling the input data packet to communication node N.sub.0,1, hosted on server 1012, relies on the state of the prior server used to scramble the data packet, i.e. the state of communication node N.sub.0,0, hosted on server 1011; unscrambling the data packet entering communication node N.sub.0,2, hosted on server 1013, relies on the state of communication node N.sub.0,1, hosted on server 1012, at the time of scrambling, unscrambling the data packet entering communication node N.sub.0,3, hosted on server 1014, relies on the state of communication node N.sub.0,2, hosted on server 1013, at the time of scrambling, and so on. The last communication node in the communication network, in this case communication node N.sub.0,f; hosted on server 1016, does not perform US re-scrambling but instead only performs unscrambling operation 928 to restore data packet 93090 to its original unscrambled sequence.
(403) In accordance with the disclosed invention, the static and dynamic scrambling of data renders interpretation of the unscrambled data meaningless, reordering sound into unrecognizable noise, reordering text into gibberish, reordering video into video snow, and scrambling code beyond repair. By itself, scrambling provides a great degree of security. In the SDNP method disclosed herein, however, scrambling is only one element utilized to provide and insure secure communication free from hacking, cyber-assaults, cyber-piracy, and man-in-the-middle attacks.
(404) Packet Encryption
(405) In accordance with the disclosed invention, secure communication over a packet-switched network relies on several elements to prevent hacking and ensure security, one of which involves SDNP encryption. As described previously, encryption from the Greek meaning to hide, to conceal, to obscure represents a means to convert normal information or data, commonly called plaintext, into ciphertext comprising an incomprehensible format rendering the data unreadable without secret knowledge. In modern communication, this secret knowledge generally involves sharing one or more keys used for encrypting and decrypting the data. The keys generally comprise pseudo-random numbers generated algorithmically. Numerous articles and texts are available today discussing the merits and weaknesses of various encryption techniques such as Cryptonomicon by Neal Stephenson? 1999, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh? 1999, Practical Cryptography by Niels Ferguson? 2013, and Cryptanalysis: A Study of Ciphers and Their Solution first published in 1939.
(406) While the concept of encryption or ciphers is ancient and well known to those skilled in the art, the application of cryptography in the disclosed secure dynamic network and protocol is unique, facilitating both end-to-end encryption and single-hop node-to-node dynamic encryption to the network architecture itself, independent of any client's own encryption. SDNP communication is architected with the basic precept that given sufficient time, any static encrypted file or message can eventually be broken and its information stolen, no matter how sophisticated the cipher. While this supposition may in fact be incorrect, there is no need to prove or disprove the proposition because the converse, i.e. waiting till a specific encryption method fails, may result in unacceptable and irreversible consequential damage.
(407) Instead, SDNP communication is based on the premise that all encrypted files have a limited shelf life, metaphorically meaning that encrypted data is good (secure) for only a finite period of time and that the confidential data must be re-encrypted dynamically at regular intervals, ideally far more frequently than the best estimates of the time required to crack its encryption with state-of-the-art computers. For example, if it is estimated by cryptologists that a large server farm of crypto-engines can break a given cipher in one year, then in SDNP communication a data packet will be re-encrypted every second or even every 100 ms, intervals many orders of magnitude shorter than the best technology's capability to crack it. As such, SDNP encryption is necessarily dynamic, i.e. time variant, and may also be spatially variant, i.e. depending on a communication node's location in a packet-switched network or geography. Thus, as used herein, the terms re-encrypting or re-encryption refer to decrypting a data packet and then encrypting it again, typically with a different encryption algorithm or method.
(408) SDNP encryption therefore involves converting data from unencrypted plaintext into ciphertext repeatedly and frequently, rendering the information incomprehensible and useless. Even if a given packet's data encryption is miraculously broken, by employing SDNP's dynamic encryption methods, the next data packet utilizes a completely different encryption key or cipher and requires a completely new effort to crack its encryption. By limiting the total content of each uniquely encrypted data packet, the potential damage of unauthorized access is mitigated because an exposed data packet contains, by itself, a data file too small to be meaningful or useful by a cyber-pirate. Moreover, by combining dynamic encryption with the aforementioned SDNP scrambling methods, communication security is enhanced tremendously. Even in its unencrypted form, the intercepted data file contains only a small snippet of data, voice, or video scrambled into a meaningless and incomprehensible sequence of data segments.
(409) In accordance with this invention, SDNP encryption is dynamic and state-dependent. As shown in
(410) Encryption operation 1020 can use any algorithm, cryptographic, or cipher method available. While the algorithm may represent a static equation, in a one embodiment the encryption operation uses dynamic variables or states such as time 920 when encryption occurs, and an encryption generator 1021 to produce E-key 1022, which also may be dependent on a state such as time 920 at which the encryption was performed. For example, the date and time of encryption may be used as a numeric seed for generating an encryption key that cannot be recreated even if the encryption algorithm were discovered. Time 920 or other states may also be used to select a specific algorithm from an encryption algorithms list 1023, which is a list of available encryption algorithms. In data flow diagrams, it is convenient to illustrate this packet encryption operation and sequence using a schematic or symbolic representation, as depicted herein by the symbol shown for encryption operation 1026. Throughout this invention disclosure, a padlock may also symbolically represent secure and encrypted data. Padlocks with a clock face located atop the padlock specifically indicate a secure delivery mechanism, e.g., encrypted files that, if not received within a specific interval or by a specific time, self-destruct and are lost forever.
(411) The decryption operation shown in
(412) Should the encryption algorithm selected for implementing decryption operation 1031 not match the inverse of the original algorithm employed in packet encryption operation 1020, should state or time 920 not match the time encryption occurred, or should D-key 1030 not have a predefined numeric relationship to E-key 1022 used during encryption, then the decryption operation 1031 will fail to recover the original unencrypted data 990 and the packet data will be lost. In data flow diagrams, it is convenient to illustrate this packet decryption operation and sequence using a schematic or symbolic representation, as depicted herein by the symbol shown for decryption operation 1032.
(413) As described previously in this disclosure, knowledge regarding the use of encryption and decryption keys in cryptography and of common encryption algorithms, such as symmetric public key encryption, RSA encryption, and AES256 encryption among others, are commonplace and well known to those skilled in the art. The application of such well known cryptographic methods in the disclosed SDNP communication system is, however, not readily susceptible to hacking or decryption because of hidden information, shared secrets, and time-dependent dynamic variables and states unique to the disclosed SDNP communication.
(414) So even in the unlikely case where a cyber-pirate has sufficient computer power to eventually crack a robust encryption method, they lack certain information embedded into the SDNP network as non-public or shared secrets required to perform the decryption operation, and must also crack the encryption in a fraction of a second before the encryption changes. Moreover every data packet traversing the disclosed SDNP network utilizes a different encryption method with unique keys and dynamic states. The combination of missing information, dynamic states, and limited informational content contained within any given packet, renders obtaining meaningful data theft from any given data packet both challenging and unrewarding to a cyber-pirate.
(415) In order to intercept an entire document, video stream, or voice conversation to reconstruct a coherent data sequence, a cyber-assault must successively crack and decrypt not one but thousands of successive SDNP packets. The daunting challenge of continuously hacking a succession of SDNP packets is further exacerbated by combining dynamic encryption with the previously described methods regarding data packet scrambling. As illustrated in
(416) As shown, scrambling and encryption represent complementary techniques in achieving secure communication. Unencrypted scrambled data traversing the network, is referred to as plaintext because the actual data is present in the data packets, i.e. the packets have not been encrypted into ciphertext. Encrypted data packets, or ciphertext, comprise scrambled or unscrambled character strings translated into a meaningless series of nonsense characters using an encryption key, and cannot be restored to its original plaintext form without a corresponding decryption key. Depending on the algorithm employed, the encryption and decryption keys may comprise the same key or distinct keys mathematically related by a predefined mathematical relationship. As such, scrambling and encryption represent complementary techniques in achieving secure communication in accordance with the disclosed invention for SDNP communication.
(417) The two methods, scrambling and encryption, can be considered independently even when used in combination, except that the sequence used to restore the original data packet from an encrypted scrambled data packet must occur in the inverse sequence to that used to create it. For example, if the data packet 990 was first scrambled using scrambling operation 926 and then encrypted using encryption operation 1026, then to restore the original data packet, the encrypted scrambled data packet 1024 must first be decrypted using decryption operation 1032 and then unscrambled using unscrambling operation 928. Mathematically, if a scrambling operation F scrambles a string of bits or characters into an equivalent scrambled version and an unscrambling operation F.sup.?1 undoes the scrambling, whereby
F.sup.?1[F(A)]=A
and similarly if an encryption operation G encrypts a string of plaintext into equivalent ciphertext and a decryption operation G.sup.?1 undoes the encryption whereby
G.sup.?1[G(A)]=A
then in combination, the successive operation of scrambling and then encrypting followed by decrypting and then unscrambling returns the original argument A, the unscrambled plaintext data packet. Accordingly,
F.sup.?1{G.sup.?1[G(F(A))]}=A
because the sequence occurs in inverse order, specifically decrypting [G.sup.?1] encrypted scrambled packet [G(F(A))] restores scrambled plaintext data packet F(A). Subsequent unscrambling operation F.sup.?1 of scrambled plaintext packet F(A) restore the original data packet A.
(418) Provided linear methods are employed, the sequence is reversible. For example, if the data packet is first encrypted and then scrambled, then to restore the original data packet the scrambled ciphertext must first be unscrambled and then decrypted. Accordingly,
G.sup.?1{F.sup.?1[F(G(A))]}=A
Changing the sequence does not work. Decrypting a data packet that was previously encrypted and then scrambled without first unscrambling it will not recover the original data packet, i.e.
F.sup.?1{G.sup.?1[F(G(A))]})?A
Similarly unscrambling a packet that was scrambled and then encrypted will also fail to restore the original data packet, because
G.sup.?1{F.sup.?1[G(F(A))]}?A
(419) To summarize, if the plaintext packet is scrambled before it is encrypted, it must be decrypted before it is unscrambled; if the plaintext packet is encrypted before it is scrambled, it must be unscrambled before it is decrypted.
(420) While it is understood that scrambling and encrypting may be performed in either sequence, in one embodiment of the SDNP methods in accordance with this invention, encryption and decryption occur more frequently during network transport than scrambling and therefore encryption should occur after scrambling and decryption should occur before unscrambling, as illustrated in
(421) In
(422) One means to enhance to enhance security in any implementation using static scrambling encryption is to insure that each data packet sent is subjected to different scrambling and/or encryption methods, including changes in state, seeds, and/or keys at time t.sub.1 when each data packet enters the communication network.
(423) However, a more robust alternative involves dynamically changing a data packet's encryption or scrambling, or both, as the packet traverses the network in time. In order to facilitate the required data processing to realize a fully dynamic version of SDNP communication, it is necessary to combine the previously defined processes in order to re-scramble (i.e., unscramble and then scramble) and re-encrypt (i.e., unencrypt and then encrypt) each packet as it passes through each communication node in a packet-switched communication network. As used herein the term re-packet or re-packeting will sometimes be used to refer to the combination of re-scrambling and re-encryption, whether the packet is initially decrypted before it is unscrambled or unscrambled before it is decrypted. In either case, the unscrambling and decryption operations at a given node should be performed in an order that is the reverse of the scrambling and encryption operations as the packet left the prior node, i.e., if the packet was scrambled and then encrypted at the prior node, it should first be decrypted and then unscrambled at the current node. Typically, the packet will then be scrambled and then encrypted as it leaves the current node.
(424) The re-packet operation at a communication node is illustrated in
(425) The DUSE re-packet operation 1045 as described can be implemented as software, firmware or as hardware within any communication node. In general, it is preferred to utilize software to implement such operations, since the software code can be updated or improved over time. The application of DUSE re-packet operation 1045 in a dynamic network is illustrated in
(426) Packet Mixing and Splitting
(427) Another key element of the secure dynamic network and protocol disclosed herein is its ability to split data packets into sub-packets, to direct those sub-packets into multiple routes, and to mix and recombine the sub-packets to reconstruct a complete data packet. The process of packet splitting is illustrated in
(428) The purpose of parse operation 1052 is to break data packet 1054 into smaller data packets, e.g. data sub-packets 1055 and 1056, for processing of each of the constituent components. Breaking data packet 1054 into smaller pieces offers unique advantages such as supporting multipath transport, i.e. transmitting the data packets over multiple and different paths, and facilitating unique encryption of constituent sub-packets using different encryption methods.
(429) The splitting operation can use any algorithm, numerical method, or parsing method. The algorithm may represent a static equation or include dynamic variables or numerical seeds or states such as time 920 when the incoming data packet 1054 was first formed by a number of sub-packets, and a numerical seed 929 generated by seed generator 921, which also may be dependent on a state such as time 920 at the time of the data packet's creation. For example, if each date is converted into a unique number ascending monotonically, then every seed 929 is unique. Time 920 and seed 929 may be used to identify a specific algorithm chosen from a list of available methods, i.e. from algorithm 1050. Packet splitting, or un-mixing, comprises the inverse procedure of mixing, using the same algorithm executed in the precise reverse sequence used previously to create the specific packet. Ultimately everything that is done is undone but not necessarily all in one step. For example, a scrambled encrypted data packet might be decrypted but remain scrambled. Processed by splitting operation 1051, un-split incoming data packet 1054 is converted into multiple data packets, e.g. split fixed-length packets 1055 and 1056 using parse operation 1052 to algorithmically perform the operation. In data flow diagrams, it is convenient to illustrate this packet splitting operation 1051 including parsing 1052 and junk operation 1053 using a schematic or symbolic representation, as depicted herein by the symbol shown for splitting operation 1057.
(430) Thus, as used herein, the term splitting may include parsing, which refers to the separation of a packet into two or more packets or sub-packets, and it may also include the insertion of junk packets or sub-packets into the resulting parsed packets or sub-packets or the deletion of junk packets or sub-packets from the resulting parsed packets or sub-packets.
(431) The inverse function, packet-mixing operation 1060 shown in
(432) In accordance with this invention, packet mixing and splitting may utilize any of a large number of possible algorithms.
(433) An example of the application of packet mixing using concatenation in accordance with this invention is illustrated in
(434) Similarly, an example of the application of interleaved mixing in accordance with this invention is illustrated in
(435) Scrambled Mixing
(436) The disclosed methods of packet communication using the splitting and mixing of data packets into various combinations of data segments can in accordance with the disclosed invention be combined with packet scrambling in numerous ways. In
(437) In an alternative implementation in accordance with this invention, individual data packets are first scrambled then mixed as shown in
(438) The combined use of mixing and scrambling as disclosed may be integrated into either static or dynamic SDNP communication networks. In
(439)
(440) Encrypted Scrambled Mixing
(441) The disclosed methods of packet communication using the splitting and mixing of data packets into various combinations of sub-packets combined with packet scrambling can, in accordance with the disclosed invention be combined with encryption.
(442) Intermediate nodes may involve only re-encryption operation 1077, comprising the combination of decryption operation 1032 and encryption operation 1026, or may involve DUSE operation 1045 sequentially comprising the functions of decryption operation 1032, unscrambling operation 928, Scrambling operation 926, and encryption operation 1026. In re-encryption operation 1077 and DUSE operation 1045 the functions of decryption operation 1032 and unscrambling operation 928 may require the seeds or key of the communication node sending the packet to them at a prior time or state. The functions of encryption operation 1026 and re-scrambling operation 926 may both employ information, seeds, and keys generated at the present time or state, i.e. at the time a communication node refreshes a data packet. Data packet refreshing makes it more difficult for cyber-assaults to access information in a data packet because the packet data in newly obfuscated and the time available to break the code is shortened.
(443) One example of the use of dynamic combinational mixing, scrambling, and encryption and their inverse functions is illustrated in
(444) The data is next passed to communication node N.sub.0,1, hosted on server 1012, which performs DUSE operation 1045, decrypting and unscrambling the incoming data based on state 991 information corresponding to time t.sub.1 then refreshing the security by scrambling and encrypting the data again based on state 992 information, corresponding to time t.sub.2. If state information 991 is being passed to final node N.sub.0,f by embedding it in the data packet or its header, then two copies of the state information are requiredone to be used by final node N.sub.0,f, comprising state 991 when mixing occurred, and a second state used by the DUSE operation changing each time the data packet hops from one node to the next, i.e. from state 991 to 992, 993, etc. Using the state of the last operation performed on an incoming data packet, DUSE operation 1045 performs re-scrambling on unencrypted data by decrypting it first, performing the re-scrambling, then encrypting the data again, i.e. the re-scrambling operation is nested within a re-encryption operation. The resulting outgoing data packet comprises ciphertext 1080B with underlying unencrypted content represented by plaintext 1080A. DUSE operation 1045 is repeated successively in servers 1013, 1014, and 1015, resulting in ciphertext 1081B with underlying unencrypted content represented by plaintext 1081A at time t.sub.5. Communication is completed by communication node N.sub.0,f, hosted on server 1016, which performs decryption unscrambling splitting (DUS) operation 1076, decrypting, unscrambling the incoming data packet based on state 995 information corresponding to time t.sub.5 used to last refresh it, then splitting the packet in accordance with state 991 when mixing first occurred. Since the intermediate nodes are unaware of the mixing condition, even a network operator with access to the intermediate nodes is unaware of the conditions used at mixing. The resulting plaintext outputs 1055 and 1056 at time t.sub.f recover the data sent across the network starting at time t.sub.0. Since the packet's content was re-scrambled and re-encrypted as the packet passes through each node N.sub.0,x where x=0, 1, 2, . . . f, the opportunity for intercepting and interpreting the data packets being communicated is extremely complex and provides little time for hacking.
(445) A simpler method for establishing secure communication involves mixing and scrambling of the packet at the beginning of the communication but utilizes repeated steps of re-encryption. Unlike the fully dynamic encrypted scrambling and mixing example of the prior illustration,
(446) Then at time t.sub.1, using state 991 information for generating keys, numeric seeds, or other secrets, communication node N.sub.0,0 performs mixing scrambling encryption (MSE) operation 1075. The resulting ciphertext 1082B is a scrambled data packet in ciphertext format, illegible and interpretable to any observer not in possession of the state information used to create it. The underlying data packet comprising plaintext 1082A is scrambled and even without encryption is also incomprehensible to cyber-pirates attempting to recover the source data, text, picture, or sound without the state information, keys, seeds, and secrets.
(447) The data is next passed to communication node N.sub.0,1, hosted on server 1012, which, rather than performing the DUSE operation as in the previous example, only re-encrypts the incoming data, i.e. decrypts the data based on state 991 information corresponding to time t.sub.1 then encrypts it again based on state 992 information corresponding to the current time t.sub.2. The process, shown as re-encryption operation 1077, results in outgoing data packet comprising ciphertext 1083B with underlying scrambled plaintext 1083A identical to previous plaintext 1082A. A re-encryption operation 1077 is repeated successively in servers 1013, 1014, and 1015 resulting in new ciphertext. For example ciphertext 1084B and underlying unchanged plaintext 1084A represent the data traveling between servers 1013 and 1014. The underlying plaintext 1084A is unchanged from before it was originally scrambled by MSE operation 1075 in communication node N.sub.0,0 at time t.sub.1. The re-encryptions in communication nodes N.sub.0,1 and N.sub.0, however, have changed the ciphertext two times since it left communication node N.sub.0,0.
(448) The shared secrets used to perform static mixing and scrambling and dynamic encryption and to reverse the process require two times or statestime t.sub.1 and corresponding state 991 used for the static mixing and scrambling in server 1011 and needed for unscrambling and splitting in the final DUS operation 1076 in server 1016, and the dynamic time and the corresponding state used by the last communication node to execute each of the re-encryption operations 1077 in servers 1012-1015, a state that varies dynamically and constantly as the data packet traverses the packet-switched communication network. In the final step, communication is completed by communication node N.sub.0,f, hosted on server 1016, which performs a DUS operation 1045, decrypting, unscrambling and splitting (un-mixing) the incoming data packet to reproduce plaintext outputs 1055 and 1056, the same data sent across the network starting at time t.sub.0.
(449) Since the packet is encrypted in node N.sub.0,0, re-encrypted as it passes through each of nodes N.sub.0,1 . . . N.sub.0,f-1, and decrypted in node N.sub.0,f, even though the data was mixed and scrambled only once, the opportunity for intercepting and interpreting the data packets being communicated is extremely complex and provides little time for hacking. Moreover, the mixing of multiple sources of data as described previously in this application, further confounds outsider attempts at hacking and cyber-piracy because the interloper has no idea what the various pieces of data are, where they came from, or where they are headedin essence lacking both detail and context in the nature of the data packet.
(450) Another method to manage data packet content during transport is to return to normal on every single hop. In this method illustrated in
(451) In preparation for the next network hop, the two original data packets are once again mixed and scrambled, this time using algorithms selected at the time t.sub.2 corresponding to state 992 resulting in plaintext 1080A which is subsequently encrypted to produce ciphertext 1080B ready to be sent to node N.sub.0,1. Using this method the incoming data packets are returned to the initial normal state each time they enter a node and depart in a completely new refreshed condition corresponding to present state. In this method each node only needs to know the state of the incoming packet and does not require knowledge of any prior states used during data transport.
(452) Mixing & Splitting Operations
(453) The process of mixing and splitting packets to combine and separate data of different types shown previously in
(454) In the opposite extreme, where a network may be heavily congested, a server may be unable to accept a long packet without imposing long propagation delays resulting in high latency. For this and other reasons, the dynamic mixing and splitting of data packets in accordance with the disclosed invention provides a means to manage, combine and separate data packets of varying length, controlling both the length and number of data packet inputs as well as the number and length of data packet outputs. The use of variable length packets containing content directed to different destinations further confounds hackers, conferring an added degree of security to the network. As shown in
(455)
(456) After mixing, long data packet 1091, or alternatively sub-packets resulting from parsing operation 1092, may either be stored locally, e.g. waiting for other data packets to arrive, or may be sent on to other nodes in the communication network. Before storage or routing each packet or sub-packet is tagged with a header or sub-header identifying the packet. The tag is critical to recognize an incoming packet so that it may be processed according to instructions received previously as to what to with its data, including how to mix, scramble, encrypt or split, unscramble, and decrypt the data packet's content. The use of data packet headers and sub-headers to identify and tag data packets is described in greater detail later in this application.
(457) So in addition to confounding cyber-attackers, another role of parsing, junk, and de-junk operations is to manage the length of data packet. For example, if the resulting long data packet 1091 is too long, then in accordance with a selected algorithm, the parse operation 1087 breaks the long data packet output 1091 into shorter pieces. The length of the shorter pieces may be prescribed by the selected algorithm, e.g. cut the merged long packet at regular intervals 1092 of n sub-packets. The desired packet length can be decided a priori or can be based on a network condition, e.g. the maximum acceptable length may be calculated based on network delays. For instance, if the propagation delay ?t.sub.prop between two nodes exceeds a certain value, then the data packet will be parsed to make it smaller, e.g. where long data packet 1091 is broken up at regular intervals by parsing operation 1092 into n sub-packets.
(458) Regardless as to how the long packet is parsed, the multiple-output mixing operation produces multiple data packet outputs, e.g. data packets 1093A, 1093B, and 1093C, as shown in
(459) For convenience sake, the multiple-input single-output (MISO) mixing operation is symbolically represented herein by symbol 1089 while the multiple-input multiple-output (MIMO) mixing operation is symbolically represented by symbol 1094, similar to the earlier, more idealized example shown in
(460) The inverse function to multiple-input single-output or MISO mixing is single-input multiple-output or SIMO splitting. In one embodiment, shown in
(461) In a second embodiment, shown in
(462)
(463) TABLE-US-00006 Long Packet Incoming Incoming Data Contained Slot # Sub-packet # Sub-packet Slot # In Slot Slot 1 Sub-packet A Slot 1 1A Slot 2 Junk Data Inserted Slot 3 Junk Data Inserted Slot 4 Sub-packet A Slot 2 1B Slot 5 Junk Data Inserted Slot 6 Junk Data Inserted Slot 7 Sub-packet A Slot 3 1C Slot 8 Sub-packet B Slot 1 2C Slot 9 Sub-packet C Slot 1 3C Slot 10 Junk Data Inserted Slot 11 Sub-packet B Slot 2 2D Slot 12 Sub-packet C Slot 2 3D Slot 13 Sub-packet A Slot 4 1E Slot 14 Junk Data Inserted Slot 15 Sub-packet C Slot 3 3E Slot 16 Junk Data Inserted Slot 17 Sub-packet B Slot 3 2F Slot 18 Sub-packet C Slot 4 Junk
(464) So in general the function of the mixing operation is to define which slot in the in the mixed packet or long packet the incoming data is inserted, and to define which slots of the mixed packet contain junk.
(465) The table representation of the algorithm is exemplary to illustrate that any remapping of incoming data sub-packets into a long data packet is possible. As part of mixing operation 1094, parsing operation 1087 is next performed, cutting 1092 long data packet 1091 into three equal length pieces to create outgoing sub-packets 1093D, 1093E and 1093F, labeled correspondingly as Sub-packet D, Sub-packet E, and Sub-packet F.
(466)
(467) TABLE-US-00007 Data Incoming Incoming Split Output Split Output Contained Sub-packet Slot # Sub-packet Slot # In Slot Sub-packet D Slot 1 Sub-packet G Slot 1 1A Slot 2 Junk data removed Slot 3 Junk data removed Slot 4 Sub-packet G Slot 2 1B Slot 5 Junk data removed Slot 6 Junk data removed Sub-packet E Slot 1 Sub-packet G Slot 3 1C Slot 2 Sub-packet H Slot 1 2C Slot 3 Sub-packet J Slot 1 3C Slot 4 Junk data removed Slot 5 Sub-packet H Slot 2 2D Slot 6 Sub-packet J Slot 2 3D Sub-packet F Slot 1 Sub-packet G Slot 4 1E Slot 2 Junk data removed Slot 3 Sub-packet J Slot 3 3E Slot 4 Junk data removed Slot 5 Sub-packet H Slot 3 2F Slot 6 Junk data removed
(468) As shown, sub-packet 1103A labeled as Sub-packet G comprises 4 slots, where slot 1 is filled with data segment 1A from slot 1 of sub-packet D corresponding to slot 1 of long packet 1091, slot 2 is filled with data segment 1B from slot 4 of sub-packet D corresponding to slot 4 of long packet 1091, slot 3 is filled with data segment 1C from slot 1 of sub-packet E corresponding to slot 7 of long packet 1091, and slot 4 is filled with data segment 1E from slot 1 of sub-packet E corresponding to slot 13 of long packet 1091. Similarly, sub-packet 1103B labeled Sub-packet H comprises three slots, the first containing data segment 2C from the 2.sup.nd slot of Sub-packet E, the second containing data segment 2D from the 5.sup.th slot of Sub-packet E, and the third containing data segment 2F from the 5.sup.th slot of Sub-packet F. Sub-packet 1103C also comprises three slots. In slot 1, data segment 3C comes from slot 6 of Sub-packet E. In slot 2, data segment 3D comes from slot 6 of Sub-packet E. In slot 3 of Sub-packet J, data segment 3E comes from slot 3 of Sub-packet F.
(469) As such a splitting algorithm defines (a) how many split sub-packets there will be, (b) how many slots there will be in each split sub-packet, (c) into which slot of the split sub-packets the data of the long packet will go (d) which slots will be removed because they contain junk data, and (e) if new slots containing junk data are introduced, possibly to facilitate generating a specific length sub-packet. In cases where a splitting operation that follows a mixing operation, the number of sub-packets in the split packets has to equal the number of sub-packets in the packets before they are mixed unless junk data is removed or inserted.
(470) The roles of the disclosed mixing and splitting operations made in accordance with this invention may be adapted to implement fragmented data transport through any network with the caveat that all the nodes in the network know what sequence of operations is to be performed. In single route transport such as shown previously in
(471) The original data packets are recovered by the inverse function, a single-in multiple-output or SIMO communication node, performing splitting. If the data packets in single-route communication have reached their final destination, they long packet data is split for the last time and the junk is removed to reconstitute the original data packet. The mixed data does not necessarily need to be the same data types. For example, one caller could be talking on the phone and sending text messages simultaneously, thereby generating or receiving two different data streams concurrently. If, however, the split data packets are intended continue routing onward in the network in an unmixed stated, junk data is included in the data packets to make data sniffing unusable.
(472) In the transport of homogeneous data, security is achieved primarily through scrambling shown in
(473) Parsing operation 1087 then cuts scrambled long data packet 1107 along cut lines 1092 after the 6.sup.th and the 12.sup.th slots to produce outputted sub-packets 1093G, 1093H, and 1093J. The consequence of the phase shift not only affects the position of data in the outputted sub-packets but it actually alters the packets' content. For example, when data segment 3D in slot position 12 in the unscrambled long data packet 1107 moves to position 13 after scrambling, parsing operation 1087 located in cut line 1092 after the 12.sup.th slot, naturally dislocates the data from data sub-packet 1093H to 1093J, as evidenced by a comparison of sub-packet 1093H with its new sequence of data segments J-1C-2C-3C-J-2D (where J indicates junk data) against sub-packet 1093E in
(474)
(475) In single route data transport, data packets cannot take parallel paths, but must instead travel in serial fashion across a single path between media servers or between a client's device and the cloud gateway, i.e. data transport over the last mile. Before the data sub-packets can be sent onto the network, they must be tagged with one or more headers to identify the packet so that the target communication node can be instructed what to do with the incoming packet. Although the formatting and information contained in these headers is described in greater detail later in the disclosure, for clarity's sake a simplified realization of packet tagging is shown in
(476) As the data packets arrive at the node, operation 1600 separates the header from the data for processing. As shown for the first incoming packet 1099A, header 1102A labeled Hdr A is separated from data packet 1099A, then fed into tag reader operation 1602 which determines whether the communication node has received any instructions bearing on packet 1099A. If it has not received any instructions relating to packet 1099A, the corresponding data is discarded. This is shown for example by sub-packet 1092, labeled sub-packet Z, which contains data from conversations 6, 7, 8, 9 unrelated to any of the instructions received by the communications node. If, however, the data packet is expected, i.e., its tag matches an instruction previously received by the communication node from another server, then the recognized data packets, in this case sub-packets 1090A, 1090B and 1090C, are sent to mixing operation 1089. The proper algorithm previously selected for the incoming data packets is then loaded from mixing algorithm table 1050 into mixing operation 1089. In other words, the communication node has previously been instructed that when it receives the three packets identified by Hdr A, Hdr B and Hdr C, respectively, it is to mix the three packets in accordance with a particular mixing algorithm in table 1050. As noted above, this mixing algorithm may include a scrambling operation.
(477) In accordance with this disclosure, mixing operation 1059 then outputs data sub-packet 1093D, 1093E and 1093F in sequence, each of which are tagged with a new identifying header, i.e. Hdr D, Hdr E, and Hdr F to product data packets 1099D, 1099E, and 1099F ready for transport to the next communication node in the network. In single route communications these data packets are sent serially along the same route to their target destination. While the flow chart represents how the tags are used to identify packets for mixing, the tag identification method is identical for executing specific scrambling and encryption operations, and their inverse functions decrypting, unscrambling, and splitting.
(478) The mixing and splitting operations can be applied to multi-route and meshed transport described next using multiple output mixing and splitting operations. The various outputs represented by outward facing arrows in SIMO splitting symbol 1101 in
(479) Packet Routing
(480) As illustrated throughout the application thus far, a single path carries the serial stream of data packets used in packet-switched based network communication such as the Internet. Although this path may vary over time, intercepting the data stream by packet sniffing would, at least for some time interval, provide a cyber-pirate with complete data packets of coherent serial information. Without scrambling and encryption used in the SDNP communication disclosed in accordance with this invention, any sequence of data packets once intercepted, could easily be interpreted in any man-in-middle attack enabling effective and repeated cyber-assaults.
(481) Such single-route communication is the basis of Internet, VoIP, and OTT communication, and one reason Internet-based communication today is very insecure. While the successive packets sent may take different routes, near the source and destination communication nodes the chance that successive packets will follow the same route and transit through the same servers becomes increasingly likely because packet routing in the Internet is decided by service providers monopolizing a geography. Simply by tracing a packet's routing back toward its source, then packet sniffing near the source the chance of intercepting multiple packets of the same conversation and data stream increases dramatically because the communication is carried by only a single geographically based Internet service provider or ISP.
(482) As illustrated graphically in
(483) In sharp contrast to single-path packet communication used for Internet OTT and VoIP communications, in one embodiment of SDNP communication in accordance with this invention, the content of data packets is not carried serially by coherent packets containing information from a common source or caller, but in fragmented form, dynamically mixing and remixing content emanating from multiple sources and callers, wherein said data agglomerates incomplete snippets of data, content, voice, video and files of dissimilar data types with junk data fillers. The advantage of the disclosed realization of data fragmentation and transport is that even unencrypted and unscrambled data packets are nearly impossible to interpret because they represent the combination of unrelated data and data types.
(484) As illustrated in
(485) Instead, in SDNP communication, the information is fragmented, for example, with some portion of the data being sent across routes 1113A, 1113B, and 1113D with no data sent initially across route 1113C and 1113E and then at a later time, fragmented data split and combined differently and sent across routes 1113A, 1113C, and 1113E with no data being sent across route 1113B and 1113D. An example of multiroute transport 1112 is illustrated in
(486) In meshed route transport 1114, illustrated also in
(487) Multiroute transport may be combined in various ways with scrambling and encryption. An example of multiroute transport with no scrambling is illustrated in
(488) A simple variant of the aforementioned multiroute transport with no scrambling is illustrated in
(489) An improvement to static scrambling is to employ dynamic scrambling shown in
(490) As shown, the first communication node N.sub.0,0 performs scramble and split operation 1071, the last communication node N.sub.f,f performs mix and unscramble operation 1070, and all the intervening communication nodes perform US re-scrambling operation 1017. In each case, the unscrambling operation relies on the time or the state of the incoming packet, and the scrambling operation utilizes the time or state of the outgoing data packet. In parallel multi-route transport, splitting occurs only once in communication node N.sub.0,0 and mixing occurs only once, at the end of transport in communication node N.sub.f,f. Methodologically, this sequence can be categorized as scramble then split. In the embodiment of dynamic scrambling as shown in
(491) A simplified description of the previously detailed linear scramble then split method shown in
(492) In the nested scramble & split example also shown in
(493) The same concept of nested operations can be used in performing nested splitting and mixing operations as shown in
(494) Once mixed, junked, scrambled and encrypted, the unreadable client ciphertext 1080W is next sent to the SDNP gateway server N.sub.0,0 where it is once again processed using different shared secrets with different algorithms, states, and network specific security credentials such as seed 929U and key 1030U in preparation for transport through the SDNP cloud. This inner loop facilitates cloud-server security and is completely independent from the client's security loop. As part of the gateway SSE operation 1140 for incoming data packets, the data packet may be scrambled a second time, split into different sub-packets and encrypted into ciphertext 1080U and 1080V for multiroute or meshed transport.
(495) Eventually the multiple sub-packets arrive at the destination gateway N.sub.f,f where they are processed by DMU operation 1141 to undo the effect of the initial gateway's splitting operation, i.e. DMU operation 1141 undoes the effects of SSE operation 1140 completing the inner security loop's function. As such, gateway N.sub.f,f undoes all network related security measures implemented by incoming gateway N.sub.0,0 and restores the original file, in this case client ciphertext 1080W to the same condition as when as it entered the SDNP cloud.
(496) But because this data packet was already mixed, scrambled and encrypted, the data packet comprising ciphertext 1080W exiting the SDNP gateway and being sent to the receiving client is still encrypted, un-interpretable by anyone but the receiving client's application 1335. The restored ciphertext once delivered to the client is then decrypted and unscrambled by DUS operation 1076 in accordance with the sending client's state when it was created at time t.sub.0 and finally split to recover various sources of data components including video, text, voice, and data files, completing the outer security loop.
(497) So to thwart network subversion, i.e. where a cybercriminal posing as a SDNP network operator attempts to defeat the SDNP security from inside the network, the outer loop security credentials, i.e. shared secrets, seeds, keys, security zones, etc. are intentionally made different than that of the inner security loop.
(498) In another embodiment of this invention also shown in
(499) Regardless of the sequence of mixing and scrambling employed, the processed data packets can also be subjected to static or dynamic encryption to facilitate an added degree of security. One example of this combination is shown in
In the example shown, the initial data packet processing comprises the sequential application of scrambling, splitting and encryption shown as operation 1140. The final operation comprises decryption, mixing and unscrambling shown by operation 1141. All intermediate steps comprise re-encryption, which itself comprises both decryption and encryption.
(500) One example of the use of this method in multiroute transport is illustrated in
(501) As an option to scramble, split and encrypt, in an alternate embodiment of this invention, data packets may be split then scrambled and encrypted using the split, scramble, encrypt operation 1140B shown in
(502) In contrast to meshed routing described below, in the multi-route transport as exemplified in
(503) Meshed Routing
(504) Returning again to
(505) Using the previously described method of splitting and mixing, groups of data segments may be separated or removed from one data packet, combined with or merged into another data packet, and sent on a trajectory to a destination different from the one from whence it came. Meshed routing in accordance with this invention may utilize variable-length or fixed-length data packets. In variable-length packets, the number of data segments comprising a data packet may vary based on the amount of traffic traversing a given communication node. In fixed-length meshed transport, the number of data segments used to constitute a full data packet is fixed at some constant number or alternatively at some number of data segments adjusted in quantized integer increments.
(506) The main difference between the use of variable- and fixed-length data packets is in the use of junk data as packet fillers. In variable length-data packets, the use of junk data is purely optional, mainly based on security considerations, or to exercise unused paths in order to monitor network propagation delays. The use of junk data in fixed-length data packets is mandatory because there is no way to insure that the proper number of data segments is available to fill the packets departing the communication node. As such, junk data is necessarily used constantly and continuously as packet filler to insure each data packet exiting the server is filled to the specified length before being sent onward across the network.
(507) An example of static meshed data transport across communication network 1112 is illustrated in
(508) During static transport the data packet's content, i.e. the data segments it contains, remains unchanged as it traverses the network. For example, data packet 1128A, comprising data segment 1F, traverses communication nodes in sequence from communication node N.sub.0,0 first to communication node N.sub.1,1 then on to communication nodes N.sub.2,1, N.sub.3,2, N.sub.3,3, N.sub.4,3, and N.sub.4,4, before finally being reassembled with packets 1128B, 1128C and 1128D in final communication node N.sub.f,f to recreate data packet 1055 at time t.sub.f. In similar fashion, data packet 1128C, comprising data segments 1A and 1D, traverses communication nodes in sequence from communication node N.sub.0,0 first to communication node N.sub.3,1 then on to communication node N.sub.2,3, and communication node N.sub.1,4, before finally being reassembled with packets 1128A, 1128B and 1128D in final communication node N.sub.f,f at time t.sub.f. During static meshed transport, multiple data packets pass through common servers without mixing or interacting. For example, data packets 1128A and 1128B both pass through communication node N.sub.2,1, data packets 1128B and 1128C both pass through communication node N.sub.2,3 and data packets 1128A and 1128D both pass through communication node N.sub.3,3 without disturbing one another, exchanging content, or swapping data segments.
(509) Since the data paths may be of different lengths and exhibit different propagation delays, some data packets may arrive at final communication node N.sub.f,f before others. In such instances, in accordance with this invention, the data packets must be held temporarily in communication node N.sub.f,f until the other related data packets arrive. And while the drawing shows that the final assembly and recovery of original data packet 1055 occurs in communication node N.sub.f,f, in practice the final packet reassembly, i.e. mixing, can occur in a device such as a desktop, notebook, cell phone, tablet, set top box, automobile, refrigerator, or other hardware device connected to the network. In other words, in regards to meshed transport, there is no distinction between a communication node and a device connected to a communication node, i.e. communication node N.sub.f,f could be considered a desktop computer instead of being a true high-capacity server. The connection of a device to the disclosed SDNP cloud, i.e. the last-mile connection, is discussed in further detail later in this application.
(510) The aforementioned static routing can be merged with any of the aforementioned SDNP methods as disclosed, including scrambling, encryption, or combinations thereof. For example, in
(511) To implement dynamic meshed transport in accordance with the invention disclosed herein, packets must be processed to change their content and direction within each communication node processing a packet. This process involves merging incoming data packets into a single long data packet, or alternatively utilizing a data buffer containing the same sub-packets as if the long data packet was created, then splitting these packets into different combinations and sending those packets to different destinations. The process may employ variable- or fixed-length packets as described previously.
(512) In order to process the incoming packets, i.e. mix them, then split them into new packets of different combinations, node N.sub.a,j must receive instructions before the data arrives telling the node how to identify the data packets to be processed and what to do with them. These instructions may comprise fixed algorithms stored locally as a shared secret, i.e. a predefined algorithm or instruction set, or the sequence can be defined explicitly in a command and control dynamic instruction sent to the node in advance, of the data, ideally from another server controlling routing but not on a server carrying data. If the instructions of what to do to the incoming data are embedded within the data stream itself, i.e. part of the media or content, the routing is referred to herein as single-channel communication. If the data packet routing is decided by another server and communicated to the media server, the data routing is referred to as dual-channel (or possibly tri-channel) communication. The operational details of single- and dual/tri-channel communication are described in greater detail later in the application.
(513) Regardless of how the instructions are delivered, the media node must recognize the incoming data packets to know the instruction that pertains to a specific data packet. This identifying information or tag operates like a zip code or a courier package routing bar code to identify the packets of interest. The incoming data packets 1128B, 1128D, 1128F, and 1128H shown in
(514) The fixed-length data packet equivalent of the same operation is shown in
(515) The interconnection of servers as described in network Layer-3 protocol comprises a myriad of connections, each communication node output connected to the input of another communication node. For example, as shown in
(516) Since the output-to-input connections are network descriptions and not simply PHY layer 1 connections or circuits, these network connections between devices can be established or dissolved on an ad hoc basis for any device having a Layer 1 PHY connection and a Layer 2 data link to the aforementioned network or cloud. Also, since the connections represent possible network communication paths and not fixed, permanent electrical circuits, the fact that the output of communication node N.sub.a,b is connected to input of communication node N.sub.a,q and the output of communication node N.sub.a,q is connected to input of communication node N.sub.a,b does not create feedback or a race condition as it would in electrical circuits.
(517) In fact, any computer electrically connected to the network can be added or removed as a communication node dynamically and on an ad hoc basis using software. Connecting a computer onto a network involves registering the communication node with the name server or any server performing the name server function. As described in the background section of this application, in the internet the name server is a network of computers identifying their electronic identity as an Internet address using IPv4 or IPv6 formats. The top-most Internet name server is the global DNS or domain name servers. Some computers do not use a real Internet address, but instead have an address assigned by a NAT or network address translator.
(518) In a similar manner, the disclosed secure dynamic network and protocol utilizes a name server function to keep track of every device in SDNP network. Whenever a SDNP communication node is launched, or in computer vernacular, whenever a SDNP node's software is booted up, the new device dynamically registers itself onto the network's name server so that other SDNP nodes know it is online and available for communication. In tri-channel communication, the SDNP name servers are separate from the servers used for command and control, i.e. the signaling servers, and from the media servers carrying the actual communication content. In single-channel communication, one set of servers must perform both the name server task as well as control routing and carry the content. Thus, the three types of SDNP systems described hereinsingle-channel, dual-channel and tri-channelare distinguished by the servers used to perform the transport, signaling and naming functions. In single-channel systems, the communication node servers perform all three functions; in dual-channel systems, the signaling and naming functions are separated from the transport function and are performed by signaling servers; and in tri-channel systems, the naming function is separated from the transport and signaling functions and is performed by the name servers. In practice, a given SDNP network need not be uniform but may be subdivided into portions that are single-channel, portions that are dual-channel, and portions that are tri-channel.
(519) Any new SDNP communication node coming online registers itself by informing the name server of its SDNP address. This address is not an Internet address, but an address known only by the SDNP network, and cannot be accessed through the Internet, because like a NAT address, the SDNP address is meaningless to the Internet, despite following the Internet protocol. As such, communication using the disclosed secure dynamic network and protocol represents anonymous communication because the IP addresses are unrecognizable on the Internet, and because only the last SDNP address and next SDNP address, i.e. the packet's next destination, are present within a given packet.
(520) An important embodiment of the SDNP network is its ability to modulate the total available bandwidth of the cloud automatically as traffic increases or declines within any given hour of the day. More SDNP communication nodes are automatically added into the network as traffic increases and dropped during slow minimizing network cost without compromising stability or performance.
(521) This feature means the bandwidth and expanse of the SDNP network disclosed herein can also be dynamically adjusted to minimize operating costs, i.e. not paying for unused compute cycles on an unutilized node, while being able to increase capability as demand requires it. The advantages of the software-implemented or soft-switch embodiment of the SDNP network sharply contrasts with the fixed hardware and high cost of hardware-implemented packet-switched communication networks still pervasive today. In the soft-switch realized network, any communication node loaded with the SDNP communication software and connected to the network or Internet can be added into the SDNP as needed, as shown in the network graph of
(522) So each link in the SDNP cloud can be viewed as an always-on physical connection of the Layer 1 PHY with corresponding a data link Layer 2, combined with a Layer 3 network connection that is established only when the SDNP launches, i.e. activates, a new communication node as needed. So the soft-switch based SDNP cloud itself is adaptive and dynamic, changing with demand. Unlike peer-to-peer networks where data is relayed through any device or computer, even of unknown bandwidth and reliability, each SDNP communication node is a prequalified device, loaded with the SDNP soft-switch software and fully authorized to join the SDNP cloud and carry data using its prescribed secure communication protocol, which comprises the informational content (such as a shared secret) plus the syntax, e.g. a specific format of header. Shared secrets describe algorithms, seed generators, scrambling methods, encryption methods, and mixing methods but do not stipulate the format of an entire SDNP data packet. Security settings, i.e. the settings being used at a particular time and for specific communications, are a type of shared secrets, but shared secrets also include the entire list of algorithms even ones not in use. Since the software is encrypted and the algorithm and shared secrets are processed dynamically, even in the event the SDNP code is hosted on a public cloud such as Amazon or Microsoft, the server operators have no means by which to monitor the content of data traffic on the SDNP communication node other than the total data volume being transported.
(523) As a natural extension of the dynamic network, new SDNP clients such as a cell phone, tablet, or notebook, also register automatically with the SDNP name server or gateway whenever they are turned on. So not only the SDNP cloud but the number of clients available for connection adjusts automatically, accurately reflecting the number of network connected and active users at any given time.
(524) Scrambled or Encrypted Meshed Routing
(525) To support dynamic autonomous capability, each SDNP communication node executes a prescribed combination of data mixing and splitting, scrambling and unscrambling, encryption and decryption concurrently to simultaneously support multiple conversations, communiqu?s and secure sessions. In the soft-switch embodiment of the SDNP network, all functions implemented and the sequence of these operations can be entirely configured through software-based instructions as defined through shared secrets, carried by the data packet, or defined by a parallel signal channel for command and control, separate and distinct from the SDNP communication nodes used for carrying media. While a large number of permutations and combinations are possible, the examples shown herein are intended to represent the flexibility of SDNP-based communication and not to limit the application of the various SDNP functions described to a specific sequence of data processing steps. For example scrambling can precede or follow mixing or splitting, encryption can occur first, last or in between, etc.
(526) One such operation, re-scrambled mixing and splitting operation 1155 shown in
(527) The inverse of the unscramble and mix operation, the split and scramble operation 1156B for meshed outputs, illustrated in
(528) The application of the aforementioned unscrambled mixing of meshed inputs operation 1161 followed by the split and scramble operation 1162 for meshed outputs is shown in
(529) The same scrambled mix and split operation for meshed transport of fixed-length packets is illustrated in
(530) An example of dynamic meshed data transport with static scrambling across communication network 1114 in accordance with this invention is illustrated in
(531) In operation, incoming data packet 1055 is first scrambled by communication node N.sub.0,0 at time t.sub.1 by scramble and split operation 1162, creating scrambled data packet 1130, which is then split into four packets of varying length, specifically data packet 1170A comprising data segment 1F and associated a junk data segment in the first slot, packet 1170B comprising data segment 1C, data packet 1170C comprising data segments 1A and 1D in reverse order, and data packet 1170D comprising data segments 1B and 1E in ascending order. The data segments shown may be combined with other data segments from other data packets and conversations, also of variable length, where data segments from other conversations have been intentionally left out of the illustration for clarity's sake. It will be understood that time passes as the data packets traverse the network and their contents are split and remixed. For the purpose of illustration clarity, however, the times have been intentionally left out of the drawing except for some exemplary times shown at the beginning and conclusion of the communication process.
(532) During dynamic meshed transport the data packet's content, its data segments change as it traverses the network. For example, data packet 1170A, comprising a junk data segment and a data segment 1F, traverses communication nodes in sequence from communication node N.sub.0,0 first to communication node N.sub.1,1 then on to communication node N.sub.2,1, where it is mixed with data packet 1170B comprising data segment 1C, to form data packet 1171A, containing the data segment sequence 1C, 1F, and the junk data segment, which is sent to communication node N.sub.1,2, and then on to communication node N.sub.2,3. During the same time period, data packet 1170C comprising the data segment sequence 1D, 1A is transported from communication node N.sub.0,0 to communication node N.sub.3,1 where it is forwarded unchanged as data packet 1171C to communication node N.sub.3,2. As part of the mixing and splitting operation performed by communication node N.sub.3,1, a second data packet 1171B, comprising entirely junk data with no content, is generated and sent to communication node N.sub.2,1. The reason for routing an entirely junk packet devoid of content is two-foldfirst to confuse cyber-pirates by outputting more than one data packet from communication node N.sub.3,1, and second to gain updated intra-network propagation delay data from otherwise unused links or routes.
(533) Upon entering communication node N.sub.3,2 data packet 1171C is split into two data packets, data packet 1172C comprising data segment 1D, which is sent to communication node N.sub.3,3, and data packet 1172B comprising data segment 1A and a leading data segment comprising junk data, which is sent to communication node N.sub.2,3. Upon reaching server N.sub.2,3, data packet 1172B is mixed with incoming packet 1171A and then split again into packet 1173A, comprising data segments 1F and 1A, and sent to communication node N.sub.1,4 where trailing junk data segments are added to form data packet 1174A, which is sent on to final communication node N.sub.f,f at time t.sub.14. In a concurrent sequence, as a result of the splitting operation performed in communication node N.sub.2,3, data packet 1173B is sent onward to communication node N.sub.3,4 where a trailing junk data segment is added to data segment 1C before sending it on to final communication node N.sub.f,f at time t.sub.16 (time not shown).
(534) Meanwhile, data packet 1170D comprising data segments 1E and 1D is transported from communication node N.sub.0,0 to communication node N.sub.4,1 and on to communication node N.sub.4,2 where it is re-scrambled, forming data packet 1172D, comprising data segments 1B and 1E in reverse order. Upon entering communication node N.sub.2,3, data packet 1172D is mixed with data packet 1172C and then split anew, forming data packets 1173C and 1173D. Data packet 1173C, comprising data segment 1B is sent to communication node N.sub.2,4, where it is forwarded on to final server N.sub.f,f at time t.sub.15 as data packet 1174B. Although data packets 1173C and 1174B are identical, each containing only data segment 1B, i.e. packet 1173C is in effect unchanged by communication node N.sub.2,4, this is consistent with time t.sub.15 and its corresponding state, including seeds, keys, shared secrets, algorithms, etc., in communication node N.sub.2,4. The other data packet, i.e. data packet 1173D, exiting communication node N.sub.3,3 is then routed to communication node N.sub.4,3 and on to communication node N.sub.4,4, where an intervening junk data segment is inserted between data segments 1E and 1D to create data packet 1174D at time t.sub.17 with corresponding state 1137. Data packets 1174A, 1174B, 1174C, and 1174D, each formed using different states and created at different times, specifically at times t.sub.14, t.sub.15, t.sub.16, and t.sub.17 are then unscrambled and mixed together in communication node N.sub.f,f, using unscramble and mix operation 1161, to recreate the original unscrambled data packet 1055 at time t.sub.f. All nodes know what to do to process an incoming packet of data either because the state of the packet or another identifier corresponds to a set of shared secrets known by the node or because a separate server called a signaling server to the node a priori what to do when a particular packet arrives
(535) As in static meshed transport, in dynamic meshed transport the data paths may be of different lengths and exhibit different propagation delays. As a result, some data packets may arrive at final communication node N.sub.f,f before others. In such instances, in accordance with this invention, the data packets must be held temporarily in communication node N.sub.f,f until the other related data packets arrive. And while the drawing shows that the final assembly and recovery of original data packet 1055 occurs in communication node N.sub.f,f in practice the final packet reassembly can occur in a device such as a desktop, notebook, cell phone, tablet, set top box, automobile, refrigerator, or other hardware device connected to the network. In other words, in regards to meshed transport, there is no distinction between a communication node and a device connected to a communication node, i.e. communication node N.sub.f,f could be considered a desktop computer instead of being a true high-capacity server. The connection of a device to the disclosed SDNP cloud, i.e. the last-mile connection, is discussed in further detail later in this application.
(536) As stated previously, the aforementioned dynamic routing can be combined with one or more of the aforementioned SDNP methods as disclosed, including scrambling, encryption, or combinations thereof. One such operation, encrypted mixing and splitting operation 1180 shown in
(537) Once decrypted, the data packets become plaintext packets 1182A, 1184A and others not shown, then are mixed by communication node N.sub.a,j into long packet 1185, also comprising plain text, and subsequently split into new plaintext packets 1182B, 1184B and others not shown. Using new different encryption keys based on that specific time or state, the data packets are then encrypted to form new ciphertext packets 1181B, 1183B and others not shown, sent to other communication nodes. As shown in
(538)
(539) The time and state information, shared secrets, numeric seeds, algorithms, and decryption keys needed to unscramble and decrypt the ciphertext inputs, specific to the time, state, and algorithms used to create each incoming packet must be passed to decryption operation 1032 prior to performing decryption and to unscrambling operation 928, either as a shared secret, keys or numeric seeds present in an unencrypted data packet sent with the specific data packet or communiqu?, or keys and numeric seeds supplied through other communication channels. The keys may be symmetric or asymmetric. The topic of key exchange and numeric seed delivery is discussed later in this disclosure. All nodes know what to do to process an incoming packet of data either because the state of the packet or another identifier such as the seed corresponds to a set of shared secrets known by the node or because a separate server called a signaling server to the node a priori what to do when a particular packet arrives
(540) Once decrypted, the plaintext packets 1195A, 1198A and others not shown, are then unscrambled using unscrambling operations 928 to create corresponding unscrambled plaintext packets 1196A, 1199A and others not shown. Using mixing operation 1089, the unscrambled plaintext packets are mixed by communication node N.sub.a,j into long packet 1220, which is subsequently split into new unscrambled plaintext packets 1196B, 1199B and others not shown in splitting operation 1106, and then scrambled anew by scrambling operations 926 using new numeric seeds corresponding to the present time or state to form scrambled plaintext packets 1195B, 1198B and others not shown. Using new, different encryption keys based on that specific time or state, the data packets are next encrypted again by encryption operations 1026 to form new ciphertext 1194B, 1197B and others not shown, and subsequently sent to other communication nodes.
(541) As disclosed in accordance with this invention, SDNP communication can comprise any sequence of encryption, scrambling, mixing, splitting, unscrambling, and decryption. At least in theory, if the executed sequence occurs in a known sequence, described mathematically as the functions y=H{G[F(x)]} where innermost function F is performed first and outermost function H is performed last, then in order to recover the original data x the anti-function should performed in the inverse sequence where H.sup.?1 is performed first F.sup.?1 and is performed last, i.e. x=F.sup.?1{G.sup.?1[H.sup.?1(y)]}. This first-in last-out operation sequence should undo the alterations and recover the original content, but only if no data is removed from or inserted into the packets in the course of the process. If data is removed from or inserted into the packets, the scrambled or encrypted file is contaminated and cannot be repaired. For example, mixing data encrypted using different encryption methods yields data that cannot be unencrypted without first recovering the original components. One key benefit of dynamically meshed communication using SDNP transportobscuring all content by dynamically mixing, splitting and rerouting multiple conversations, is lost if a given communication node is not free to mix or split packets as needed.
(542) It is therefore one embodiment of SDNP communication to independently perform scrambling and encryption on the data packets exiting a communication node's individual outputs rather than to mix the data packets prior to the scrambling and encryption operations. Correspondingly, if the data packets entering a communication node are encrypted, scrambled, or both, then they should be independently unscrambled and unencrypted prior to mixing, i.e. prior to forming the long, mixed packet. As such the preferred operating sequence for incoming packets is to sequentially decrypt, unscramble and mix the incoming data on each input of a communication node, or in an alternative sequence to unscramble, decrypt, and mix the incoming data.
(543) The former case is illustrated in
(544) If switch 1208A is closed and 1208B is open, then the data is diverted around decryption operation 1032 but passes through unscrambling operation 928 meaning the incoming data packet will be unscrambled but not decrypted. On the other hand, if switch 1208A is open and switch 1208B is closed, the data will pass through decryption operation 1032 but be diverted around unscrambling operation 928, meaning the incoming data packets will be decrypted but not unscrambled. Since the decryption operations 1032 and the unscrambling operations 928 are generally implemented in software, there are no physical switches diverting the signal. The switches 1208A and 1208B symbolically represent the operation of the software. Specifically, if a switch parallel to an operation is open, the applicable software performs the operation, and if the switch parallel to an operation is closed, the applicable software does not perform the operation but simply passes its input to its output unchanged. In the electronics metaphor, the function is shorted out by a closed switch so that the signal passes through unprocessed. The combinations are summarized in the following truth table where switch 1208A in parallel with decryption operation 1032 is referred to as switch A and switch 1208B in parallel with scrambling operation 928 is referred to as switch B.
(545) TABLE-US-00008 Effect of Switch A Switch B Decryption Unscrambling data Packet Open Open Yes Yes Decrypted then Unscrambled Closed Open No Yes Unscrambled Only Open Closed Yes No Decrypted Only Closed Closed No No Data Packet Unaltered
(546) The inverse function, the split, scramble and encryption operation is shown in
(547) If switch 1211B is closed and 1211A is open, then the data is diverted around scrambling operation 926 but processed by encryption operation 1026, meaning that the outgoing data packet will be encrypted but not scrambled. Alternatively, if switch 1211B is open and switch 1211A is closed, the data will be processed through scrambling operation 926 but be diverted around encryption operation 1026, meaning that the outgoing data packets will be scrambled but not encrypted.
(548) As stated previously, since the scrambling operations 926 and the encryption operations 1026 are generally implemented in software, there are no physical switches diverting the signal, and the switches 1211B and 1211A symbolically represent the operation of the software. Specifically, if a switch parallel to an operation is open, the applicable software performs the operation, and if the switch parallel to an operation is closed, the applicable software does not perform the operation but simply passes its input to its output unchanged. In the electronics metaphor, the function is shorted out by a closed switch so that the signal passes through unprocessed. The combinations are summarized in the following truth table where switch 1211B in parallel with scrambling operation 926 is referred to as switch B and switch 1211A in parallel with encryption operation 1026 is referred to as switch A.
(549) TABLE-US-00009 Effect of Switch B Switch A Scrambling Encryption data Packet Open Open Yes Yes Scrambled then Encrypted Closed Open No Yes Encrypted Only Open Closed Yes No Scrambled Only Closed Closed No No Data Packet Unaltered
(550) The combination of a multiple-input DUM 1209 and multiple-output SSE 1212 forms a highly versatile element for achieving secure communication in accordance with this invention, herein referred to as a SDNP media node 1201, shown in
(551) The name media node reflects the application of this communication node's communication software, or soft-switch in accordance with this invention, specifically to carry, route and process content representing real-time voice, text, music, video, files, code, etc., i.e. media content. The SDNP media node is also represented symbolically for convenience as SDNP media node M.sub.a,j, hosted on server 1215, as shown in
(552) The above preferences are not intended to limit the possible permutations and combinations by which the disclosed SDNP media node can be used. For example, the number of input and output channels, i.e. the number of SDNP media nodes connected to any specific SDNP media node may vary from one to dozens of connections per device. Four inputs and outputs are shown for convenience.
(553) In order to realize a communication network or SDNP cloud 1114 in accordance with this invention, as shown in
(554) The computer servers need not necessarily run the same operating system (OS) so long as the software running in SDNP media node 1215 comprises executable code consistent with the hardware's OS. Executable code is the computer software running on a given hardware platform performing specific application functions. Executable code is created by compiling source code. While source code is recognizable as logically organized sequential operations, algorithms, and commands, once the source code is converted into executable code, the actual functionality of the program is difficult or impossible to recognize. The process is unidirectionalsource code can generate executable code but executable code cannot be used to determine the source code from whence it came. This is important to prevent theft of the operating system so hackers can reverse engineer the actual code.
(555) Source code is not executable because it is a language and syntax used by programmers, not machine code intended to be executed on a specific operating system. During the compile operation, the executable code generated is specific to one operating system, iOS, Android, Windows 9, Windows 10, MacOS, etc. Executable code for one operating system will not run on another. Source code can, however, be used to generate executable code. The source code of the SDNP network is therefore available only to the developers of its source code and not to the network operators running SDNP executable code.
(556) Network connectivity, typically following standardized protocols such as Ethernet, WiFi, 4G, and DOCSIS described in the background section of this application provide a common framework to interconnect the devices in a manner completely unrelated to their manufacturer or OS. In operation, the network connection delivers and transmits data packets to and from the computer server's operating system which routes it to and from the SDNP software running atop the computer's OS. In this manner, the SDNP media node based soft-switch communication function can be realized in any device, regardless of its manufacturer, and can be made compatible with any major supported operation system including UNIX, LINUX, MacOS 10, Windows 7, Windows 8, etc.
(557) Another principle is that the SDNP-realized cloud has no central control point, no single device deciding the routing of packages, and no common point that has full knowledge of the data packets being sent, what they are, where they are going, and how they were mixed, split, scrambled, and encrypted. Even a network operator has no full picture of the data traffic in the network. As described,
(558) In regards to representing the functions performed by any given SDNP, the same principle of either including or bypassing a function with virtual switcheseither performing the function or passing the data through unaltered, is equally applicable to the above discussion or in an alternate embodiment where the scrambling and encryption functions are swapped in order, i.e. performing unscrambling before decryption, and performing encryption before scrambling. For brevity's sake, these alternate data flows are not illustrated separately with the understanding that the sequence may be altered so long that the inverse function is performed in the opposite operational sequence. Because the data packet processing occurs in software, this sequence can be altered simply by changing the algorithm's sequence on an ad hoc or periodic basis, e.g. monthly, daily, hourly, or on a call-by-call, time, or state basis.
(559) As discussed previously, any scrambling, encrypting and mixing sequence may be utilized so long that the original data is recovered in precisely the inverse order on precisely the same data set. Changing the content in between operations without undoing the change before unscrambling, decrypting, or remixing will result in irrevocable data loss and permanent data corruption. That said, a packet can even be scrambled more than once or encrypted more than once in a nested order so long the inverse sequence rule is followed to recover the original data. For example, the client application can encrypt a message using its own proprietary method to create ciphertext whereon upon entering the SDNP gateway, the gateway media node can encrypt the packet a second time for network transport. This method will work so long that the final gateway decrypts the network's encryption on a complete packet-by-packet basis, before the client application decryption occurs.
(560) Aside from the case of client-based encryption, to avoid the risk of data corruption and packet loss, in one embodiment in accordance with this invention, the following guidelines are beneficial in implementing SDNP based communication: SDNP packet scrambling should be performed in the client's SDNP-enabled application or alternatively upon entering a SDNP cloud in the SDNP media node gateway, Ideally, SDNP encryption should occur on every hop between two SDNP media nodes, i.e. a data packet is encrypted before routing and decrypted immediately upon entering the next SDNP media node. In the very least, re-scrambling should occur every time a data packet enters or leaves a SDNP cloud, either for last-mile communications or for cloud-to-cloud hops. If the data packet is SDNP encrypted, it should be decrypted before it is unscrambled, and then scrambled again before it is encrypted again. It is preferable to decrypt and unscramble incoming data packets before mixing. Decrypting and unscrambling mixed long packets can result in data corruption. Likewise it is preferable to scramble and encrypt data after splitting. Decrypting and scrambling mixed long packets can result in data corruption. Junk packets should be removed from incoming data packets after decryption and unscrambling but before mixing. Junk deletions on mixed long packets can result in data corruption. Likewise it is preferable to insert junk data after splitting but prior to scrambling and encryption. Junk insertions on mixed long packets can result in data corruption. User application encryption aside, re-scrambling (i.e. unscrambling and then scrambling) preferably should not be performed on encrypted data. Junk data insertions should be performed in a consistent manner for ease of insertion and removal. Incoming data packets should be decrypted and unscrambled in accordance with the time, state, and algorithms in which their encryption and scrambling occurred. Outgoing data packets should be encrypted and scrambled in accordance with the current time, associated state, and related algorithm. The plaintext packets are preferably recreated only within the media nodes. All packets are scrambled, encrypted, mixed, split and/or contain junk data segments while they are in transit between the media nodes.
(561) While the above methods represent possible methods in accordance with this invention, they are not intended to limit the possible combination or sequence of SDNP functions. For example, encrypted packages can be subsequently scrambled so long the same data packet is unscrambled before decryption.
(562) In one implementation, scrambling is only performed within a client's SDNP application and not by the media nodes in the SDNP cloud. In such cases, secure intra-node communication is purely a sequence of encryptions and decryptions like that shown in
(563) In operation, data coming into media node M.sub.a,j from another media node (not shown) is first directed to a decryption operation 1225B at one of the inputs of media node M.sub.a,h and into mixing operation 1089, where, if they arrive at the same time, the packets are combined with data packets coming from media node M.sub.a,f independently that have been processed by another decryption operation 1225B. Once mixed, the data packets are split into new and different combinations with different destinations based on a splitting algorithm executed by splitting operation 1106. The individual outputs are then independently encrypted by separate encryption operations 1225A, and then directed to media nodes M.sub.a,f and M.sub.a,j and on to other media nodes in the network.
(564) During this routing, the long packet momentarily existing between mixing operation 1089 and splitting operation 1106 may in fact contain data packets from the same conversation, one data packet traveling from media node M.sub.a,f to media node M.sub.a,j through media node M.sub.a,h, the other data packet traveling from media node M.sub.a,j through media node M.sub.a,h to media node M.sub.a,f at the same time but in the other direction. Because of precise routing control available in the SDNP network in accordance with this invention, described in greater detail later in this disclosure, a long data packet can, at any given time, contain any combination of related and unrelated content, even data or sound snippets from the same full duplex conversation going in opposite directions. If the data does not arrive at the same time, then the data packets pass serially through the media node in opposite directions without ever sharing the same long packet. In either case, there is no interaction or performance degradation in a SDNP media node carrying multiple conversations in full duplex mode.
(565) While at first this unique form of network communication may appear confusing, representing the data transport in a manner shown in
(566) Last-Mile Communication
(567) The data link between a client and the SDNP cloud is described herein as the last mile communication. The term last mile includes the first mile, the connection between a caller and the cloud, because all communication is invariably two-way involving a sent message and a reply, or possibly a full duplex conversation. As such, the term last mile, as used herein, shall mean any connection between a client and the SDNP cloud regardless as to whether the client initiated the call or was the person being called, i.e. the recipient. An example of a last-mile connection is illustrated in
(568) An example where a secure SDNP gateway node connects to an unsecure last mile is shown in
(569) In operation, open data packets sent from cell phone 32 to SDNP gateway media node M.sub.a,h, are neither decrypted nor unscrambled because these functions are disabled, i.e. shorted out and as such are not shown. Instead incoming data packets are passed directly into mixer operation 1089 mixing them with other packets then splitting them out into multiple outputs for meshed transport using splitting operation 1106. Each of these outputs is then secured using scrambling operation 926 and encryption operation 1026 before transport. One output shown as an example is routed to media node M.sub.a,f, in server 1220F. The message may in turn be processed media node M.sub.a,f for intra-cloud communication as described previously and sent onward to another media node, e.g. media node M.sub.a,j in computer server 1220J.
(570) Data flow from the cloud to cell phone 32 from media node M.sub.a,f, in server 1220F and from other media nodes are processed in inverse sequence, starting with decryption operations 1032, and unscrambled using unscrambling operations 928, and then mixed with other incoming packets into a temporary long packet by mixing operation 1089. The long packet is then split into pieces by splitting operation 1106 directing some packets onward in the network and separating the packets to be sent to cell phone 32. These packets may be sent together or parsed and sent successively in separate data packets back to LTE base station 17 and onward to cell phone 32.
(571) The data packets traversing the network may be repeatedly re-encrypted and re-scrambled, as described previously. Alternatively, in one embodiment, the data packets remain scrambled without re-scrambling throughout the cloud but can be repeatedly re-encrypted at each media node. In such a scramble-once unscramble-once system, the scrambling occurs in the gateway node where the packets enter the cloud and the unscrambling occurs in the gateway node where the packets leave the cloud, i.e. in the gateway media nodes connected to the first and last miles. While, as noted above, a media node connected to the first or last mile may be called a gateway node, in actuality it comprises the same SDNP media node software and functionality as any other media node in the cloud, but functions differently in order to contact a client.
(572) Another option to implement scramble-once unscramble-once SDNP communication is to implement the scrambling in the client's device using software. As shown in
(573) The incoming data packet is then is routed to pass-through operation 1216H and subsequently mixed with other incoming data packets using mixing operation 1089, then split by splitting operation 1106, with the data packets from cell phone 32 directed to media node Mat through encryption operation 1225A. In this manner the data traversing the cloud is encrypted by the gateway but scrambled by the client's SDNP application. Conversely, encrypted and scrambled data traffic from the SDNP cloud is routed through media node M.sub.a,f, passed through decryption operation 1225B, mixed by mixing operation 1089, and split into new packets by splitting operation 1106, extracting the data packets with cell phone 32 as their destination, and sending the data packets to cell phone 32 unmodified by pass-through operation 1216H. In this manner, the entire communication is scrambled from end-to-end but only encrypted within the SDNP cloud.
(574) A modification to the above method still provides scrambling both in the last mile and in the cloud, but the last-mile scrambling is different than the scrambling used in the cloud. As shown in
(575) The incoming data packet is then is routed to unscrambling operation 1226A and subsequently mixed with other incoming data packets using mixing operation 1089, then split by splitting operation 1106, with the data packets from cell phone 32 directed to media node M.sub.a,f through scrambling and encryption operation 1226C. In this manner, the data traversing the cloud is encrypted and scrambled by the gateway node but in a manner different than the scrambling used by the client's SDNP application for last-mile security. Conversely, encrypted and scrambled data traffic from the SDNP cloud is routed through media node M.sub.a,f, through decryption and unscrambling operation 1226D, then mixed by mixing operation 1089, and split into new packets by splitting operation 1106, extracting the data packets with cell phone 32 as their destination, and sending the data packets to cell phone 32 through scrambling operation 1226B. The data packets entering cell phone 32 are unscrambled by an SDNP-enabled application. In this manner, communication in the cloud is both encrypted and scrambled within the media nodes while the last mile is scrambled by the gateway node and the phone application in a manner distinct from the cloud scrambling. One important aspect of scrambling and un-scrambling data packets within the phone is the method used to pass state information, numeric keys, or shared secrets between the cloud and the client. This subject is discussed later in this disclosure.
(576) Fragmented Data Transport
(577) In accordance with this invention, a network of computer servers running software to perform SDNP media node functions facilitates secure global communication to a wide variety of devices based on data fragmentation in packet-switched communication. As illustrated in
(578) A simplified illustration of data packet transport is illustrated in
(579) In the example shown, data of every packet is scrambled so the sequence of data segments may be in random order or may by chance be in ascending order. Data segments of one communiqu? or conversation may also be interspersed with unrelated data segments. In fact it is highly unlikely that a data packet once entering the SDNP cloud would not be mixed with other unrelated data segments. In fact in any given data packet transiting between two SDNP media node, the mixing of unrelated data segments and scrambling of the order of these packets is a normal condition. With a large number or conversation and data packets traversing the cloud simultaneously, the chance of all of the data remaining in the same data packet is statistically remote. In the absence of sufficient data, the mixing operation within the media nodes introduces junk data. The inclusion of various data segments of unrelated data as shown illustrates the principle of mixing of communiqu?s and conversations in data packets during SDNP transport, but does not accurately represent the true quantity and frequency of unrelated data or junk data segments and filler present in the data packets.
(580)
(581) As shown in
(582) As shown in
(583) As shown in
(584) As shown in
(585) As shown in
(586) As shown, data packets transiting through the SDNP cloud carry multiple concurrent conversations to different destinations, dynamically changing in content from one SDNP media node to the next. There is no adverse impact, data loss, or bleeding from one conversation with another through the mixing or splitting of unrelated data segments. For example, as illustrated in
(587) Moreover, since no data packet contains a complete word, sound, or conversation, the data fragmentation and meshed routing employed by the SDNP media nodes in accordance with this invention renders the data packet's content incomprehensible and invulnerable to man-in the middle attacks. As shown in
(588)
(589) SDNP data transport can also be represented in tabular form. For example, table 1279, shown in
(590) As shown in
(591) To represent a data packet that is temporarily held in a media node,
(592) Similarly, between time t.sub.1 and time t.sub.4, data packet 1263F comprising data segments 2D and 2E, the same as its predecessor data packet 1262H, is shown to move from media node M.sub.a,d to media node M.sub.a,d, again meaning the packet is stationary and held temporarily in memory. At time t.sub.4 incoming data packet 1263D is mixed in media node M with data packet 1263E, which has been held in memory there since time t.sub.3 resulting in new merged data packet 1264A, comprising concatenated data segments 2B, 2C and 2F. This new data packet 1264A remains held in media node M M.sub.a,s awaiting more incoming data. Meanwhile at time t.sub.4 in media node M.sub.a,d, data packets 1263F and 1263G are mixed and routed to media node M.sub.a,s as data packet 1264B, comprising data segments 2A, 2D and 2E. At time t.sub.f, incoming data packet 1264B is mixed with stationary data packet 1264A waiting in media node M.sub.a,s since time t.sub.4, creating original data packet 1056 sent to automobile 1255.
(593) As described, in the methods shown in accordance with this invention, data may transit through the SDNP cloud or be held stationary in a specific media node awaiting the arrival of incoming data before proceeding.
(594) Transport Command & Control
(595) In order for a media node to know how to process incoming data packets, it must somehow obtain information regarding the algorithms, numeric seeds, and keys to be used in scrambling, unscrambling, encrypting, decrypting, mixing, splitting, inserting and deleting junk, and parsing data packets. This important information can be passed in variety of means or some combination thereof, including Passing shared secrets to the media node as part of SDNP software installation or revisions, Passing control data through the media nodes prior to sending content, Passing control data through the media nodes as part of the data packet, Passing control data through a data channel separate from the media nodes that are communicating the information, e.g. through a network signaling server operating in parallel to the media nodes, Storing information regarding the identity of devices connected to the SDNP network and their corresponding IP or SDNP addresses on SDNP name servers separate from signaling servers or servers operating as media nodes carrying content.
(596) For example, as shown in
(597) Although the data packets may be encrypted, for the sake of illustration, the data packets are shown in their unencrypted form. The same state information is also employed by numeric seed generator 1303 to produce corresponding numeric seeds 1304A and 1304B to determine the algorithms used at times t.sub.1 and t.sub.2 to create the data packets. The numeric seeds can be generated in two ways. In one case the seeds are generated using software located in the DMZ servers attached to media nodes where scrambling, mixing and encryption of the communicated data packets occurred. In such cases the seeds must be delivered to communication node M.sub.a,d prior to the data packet's arrival.
(598) In the other case, the time of the incoming packet's creation is delivered to communication node M.sub.a,d either as part of the incoming data packet's header or in a separate packet delivered in advance of the data. The time is then fed into numeric seed generator 1303 located within the DMZ server attached to communication node M.sub.a,d. Regardless of where they are generated locally or at the source and then delivered, the generated numeric seeds are fed into selector 1307, comprising tables of scrambling algorithms 1308A, mixing algorithms 1308B, and encryption algorithms 1308C. Aside from the seed or state information associated with the data packets, i.e. contained within the packet's header or delivered prior to the data packet, the algorithms used to create the incoming data packets are not carried by or contained within the packet itself but instead are present locally either within the media node M.sub.a,d or in a secure server to which the media node M.sub.a,d has access. These algorithms, stored locally as shared secrets for a specific region 1302A, in this case zone Z1, are shared with every media node in the same zone. By knowing the time and state when a data packet was created, the media node M.sub.a,d is able to determine how each of the packets 1262B, 1262C and 1262H was created and how to undo the process to recover the plaintext data of each of the packets 1262B, 1262C and 1262H, e.g. how to decrypt an encrypted packet, unscramble a scrambled packet, etc. The use of shared secrets, as well as how they are distributed, is described later in the application.
(599) The decryption keys 1306A and 306B work together with the selected encryption algorithm 1309C to decrypt ciphertext into plaintext. Specifically, the encryption algorithm 1309C represents a sequence of mathematical steps that may be used to convert a data packet from ciphertext into plaintext. The decryption keys 1306A and 1306B then select a specific combination of those steps that is to be used in decrypting the packet, each one corresponding to the state or time when the incoming data packets were last encrypted. If both incoming packets were encrypted at the same time, only a single decryption key is needed. While the reference above is to encryption algorithm 1309C, it will be understood that an encryption algorithm defines its inversea decryption algorithm. With the exception of certain types of encryption using asymmetric keys, most of the algorithms are symmetric, meaning that the inverse of the algorithm used to encrypt or scramble a data packet can be used to decrypt or unscramble the data packet and restore its original content. In the specific example shown in
(600) In contrast to the previous illustration showing control of incoming data packets, the control of outgoing data packets, shown in
(601) The same state information 1301C is fed into E.sub.3 key generator 1305C to produce E-key 1306C needed for encrypting outgoing data packets and into seed generator 1303 to produce the seed 1304C that is used to select the encryption algorithm 1309C from the table 1308C. The E.sub.3 key works together with the selected encryption algorithm 1308C to encrypt plaintext into ciphertext. Specifically, the encryption algorithm represents a sequence of mathematical steps that may be used to convert a data packet from plaintext into one of millions, billions, or trillions of possible ciphertext results. The encryption key then selects a specific combination of those steps that is to be used in encrypting the packet.
(602) In symmetric key cryptography, such as the Advanced Encryption Standard or AES, described in http://en.wikipedia.org/wiki/advanced_encryption_standard, the key used to encrypt the file is the same key used to decrypt it. In such an instance, it is beneficial to generate the key locally as a shared secret contained within each media node, e.g. using E.sub.3 key generator 1305C. If a symmetric key must be supplied to a media node over a network, it is beneficial to deliver the key over a different communication channel than the media, i.e. the data packets and content, uses. Multi-channel communication is discussed later in this application.
(603) Other means to improve secure delivery of a symmetric key is to supply it to the media nodes at a time unrelated to the communiqu? itself, e.g. one week earlier, to encrypt the key with another layer of encryption, or to split the key into two pieces delivered at two different times. Another method employs using a key splitting algorithm in the E.sub.3 key generator 1305C where part of the key remains locally in every media node as a shared secret, i.e. never present on the network, and the other portion is delivered openly. Security is enhanced because a cyber-pirate has no way to determine how many bits the real key is because they can only see a portion of the key. Not knowing the length of the key renders guessing the right key virtually impossible because the key length and each of the key's elements must be guessed.
(604) In the case of an asymmetric or public key algorithm, E.sub.3 key generator 1305C concurrently generates a pair of keysone for encryption, the other for decryption based on the state 1301C or upon time t.sub.3. The decryption key is retained in the media node as a shared secret while the encryption key is safely and openly forwarded to the media node preparing to send a data packet to it. One complication of using symmetric keys in real time networks is that the encryption key needs to be generated and forwarded to all the media nodes prior to launching the data packet containing content on the media channel, otherwise the data packet may arrive before the key to decrypt it and the data go stale, i.e. become too late to use. Descriptions of the use and management of asymmetric and public encryption keys is available in numerous texts and online publications such as http://en.wikipedia.org/wiki/public-key_cryptography. While public key encryption is known technology, the disclosed application comprises a unique integration of cryptography into a real time network and communication system.
(605) Algorithms, numeric seeds, and encryption keys are all generated for the current subnet zone 1307A, in this case zone Z1. Based on this zone and the current time t.sub.3, encryption key 1306C, along with selected splitting algorithm 1309B, selected scrambling algorithm 1309A and selected encryption algorithm 1309C, is supplied to media node M.sub.a, hosted on computer server 1220D to produce two outputsoutput data packet 1263C comprising unrelated data segments sent onward at time t.sub.3 and output data packet 1263B comprising data segments 1B, 1C and 1F to be held until time t.sub.4 before routing to the next media node may continue. Instructions on whether to hold a data packet or data segment temporarily or send it on to the next media node immediately can be delivered to the media node in several ways. In one case the incoming data packet can embed instructions to hold it and till what time or for what precondition. Alternatively a signaling server, i.e. another communications channel, can give instructions to the media node what to do. The use of signaling servers in multi-channel secure communication is described later in this disclosure.
(606) As shown in
(607) To prevent systematic tracking, the list of algorithms and their corresponding memory addresses is reshuffled regularly, e.g. daily or hourly, so that the same address does not invoke the same algorithm even if it accidentally repeats. As shown in
(608) Zones and Bridges
(609) In order to communicate globally while preventing a hacker or cyber-pirate from gaining access to the entirety of the SDNP cloud and network, in another embodiment of this invention, the SDNP communication network is subdivided into zones. Herein, a zone represents a sub-division of the network, i.e. a subnet where each zone has its own unique command, control, and security settings including distinct and separate algorithms and algorithm tables that define mixing and splitting, scrambling and unscrambling, and encryption and decryption used in the zone as well as separate encryption keys and distinct numeric seeds. Naturally, communication servers running the SDNP software within the same zone share the same zone settings, operating in a manner completely agnostic to what zone it is in.
(610) Each subnet can comprise different server clouds running the SDNP software hosted by different ISPs or hosting companies, e.g. Microsoft, Amazon, Yahoo, or may comprise private hosted clouds or network address translators (NATs), such as rented private clouds comprising dark fiber dedicated bandwidth. It is also beneficial to treat carriers providing last-mile service such as Comcast northern California, local PSTN, or local cell phone connections as separate zones. The key benefit of employing zones is, in the worst-case scenario where a genius cyber-pirate temporally defeats the SDNP security provisions, to limit the geographic scope of their assault to a smaller subnet, preventing access of end-to-end communications. In essence, zones contain the damage potential of a cyber assault.
(611) An example of the use of zones is illustrated in
(612) The translation function performed in a bridge media node such as bridge media node M.sub.b,d is illustrated in
(613) The fully integrated SDNP bridge media node M.sub.b,d illustrated in
(614) The solution to this problem is to employ the two full-duplex bridge interface media nodes, one in each cloud as shown in
(615) Conversely, in zone Z2 to zone Z1 communication, incoming data packets from zone Z2 and subnet 1318C to media node M.sub.b,u are converted into single-channel zone Z1 data including scrambling and encryption. This function requires media node M.sub.b,d to have access to both zone Z1 and zone Z2, numeric seeds, encryption keys, algorithm tables, and other security items. All packets are processed in computer server 1220U located within subnet 1318C, not in the zone Z1 destination cloud. The secure data is then transferred from bridge interface media node M.sub.b,u in subnet 1318C to bridge interface media node M.sub.b,d in subnet 1318A using secure bridge communication link 1316C. Upon arrival in bridge interface media node M.sub.b,d the data packet is processed in accordance with zone Z1 information and sent onwards into subnet 1318A. Although secure bridge communication links 1316A and 1316C are depicted as separate lines, the lines represent distinct communication channels at the network layer 3 and are not intended to correspond to separate wires, cables, or data link at a hardware or PHY layer 1 description. Alternatively, a receiving bridge node can translate the data from the Z1 sending zone to the Z2 receiving zone, so long as the receiving bridge node hold shared secrets for both Z1 and Z2 zones.
(616) SDNP Gateway Operation
(617) The previous section describes a bridge as any media node or pair of media nodes communicating between separate subnets, networks, or clouds. In a similar manner, a SDNP gateway media node disclosed herein provides a communication link between the SDNP cloud and a client's device, e.g. a cell phone, automobile, tablet, notebook, or IoT device. Gateway media node operation is illustrated in
(618) Alternatively, the last mile may comprise a wired link to LTE base station 17, with a radio link 28 from antenna 18 to tablet 33. Because of its uncertain routing and access, it is beneficial not to share security settings or secrets used in the SDNP cloud with devices used in last-mile routing to a client. As such, last-mile link 1318D does not have access to zone Z1 information, but instead uses a separate zone U2 to manage security settings. In order to link the cloud 1114 and the last-mile, gateway media node M.sub.b,f necessarily has access to both zone Z1 and zone U2 security settings, facilitating communication between cloud interface 1320 and client interface 1321. To provide secure last-mile communication, the client, in the example shown tablet 33, must also be running SDNP client software application 1322.
(619) SDNP gateway node M.sub.b,f comprises cloud interface 1320, facilitating communication among the media nodes within cloud 1114, and client interface 1321 facilitating communication across the last mile. As shown in
(620) The roles of mixing and splitting operations in single route communication such as the last mile are two-fold. Firstly, and importantly, the real time data stream is divided into numerous sequential sub-packets each with their own identifying tags and possibly of varying length to defy easy detection. The resulting serial data stream therefore requires some data sub-packets to be held temporarily while the first packets are sent. Since communication data rates occur in the SDNP cloud at hundreds of gigabits per second, serialization is nearly instantaneous, requiring only nanoseconds. Within last mile communication the data rate is slower (but in modern systems is still very fast), e.g. two gigabits per second. No added delay occurs because WiFi, 4G/LTE, DOCSIS 3 and Ethernet all transmit data serially anyway.
(621) The second need for single-channel mixing, the single-route mixing operation is also used to inject junk data into the sub-packets in varying ways to confound analysis in a manner previously described in regards to
(622) As shown in
(623) The communication related functions performed by client 1322 for outgoing data packets comprise inserting junk data in single-route splitting operation 1026, packet scrambling 926, and finally encryption operation 1106 to prepare the data packet for last mile communication to the gateway. Within client 1322 software, single-route mixing 1089 algorithmically removes junk data from the incoming data stream while the role single-route splitting 1026 is to insert junk data into the data packets.
(624) Operation of secure SDNP gateway node M.sub.b,f is further detailed in
(625) In the example shown, scrambling operation 926 utilizes an algorithm whereby the actual data segments are scrambled but every other data segment comprises a junk data segment. Next, encryption operation 1026 is also performed in client interface 1321, also using zone U2 security settings, to produce outgoing ciphertext 1328. The data fields may be individually encrypted separately from the junk data (as shown), or in an alternative embodiment, the entire data packet 1329 may be encrypted to form one long ciphertext. The encrypted data packet is finally forwarded, i.e. exported, through a single communication channel to the client.
(626) Concurrently, data received via the last-mile single-channel routing from the client comprising scrambled ciphertext 1327 is decrypted by decryption operation 1032, using zone U2 security settings including algorithms, decryption keys, etc., to produce scrambled plaintext data packet 1326, comprising a combination of scrambled data segments of data interspersed with junk data segments. In one embodiment of this invention, the junk packets of this incoming data packet 1326 are not positioned in the same slots as outgoing scrambled plaintext data packet 1329. For example, in the example of outbound data, every other packet comprises junk data, while in the incoming data packet every 3.sup.rd and 4.sup.th slot, and integer multiples thereof, contain junk data.
(627) The scrambled plaintext data packet 1326 is next processed using zone U2 security settings by packet unscrambling operation 928 and then by mixing operation 1089 to restore the original data order and to remove the junk packets, i.e. to de-junk 1053 the data, resulting in unencrypted unscrambled data packet 1325. This data packet is then passed from client interface 1321 to cloud interface 1320, to perform cloud specific splitting, scrambling and encryption using SSE operation 1213, before forwarding the resulting fragmented data in different data packets for meshed routing to media node M.sub.b,h and others.
(628) As further illustrated in
(629) The processing of data packets in the SDNP client interface is further detailed in
(630) Using the methods disclosed herein, secure communication between two or more clients, statically or dynamically routed across a meshed network may employ any combination of mixing, splitting, encryption and scrambling algorithms managed in separate zones with separate keys, distinct numeric seeds, and dissimilar security-related secrets. As illustrated in
(631) As shown, communication using encryption operation 1339, symbolized by a padlock, provides security throughout the network and over the last mile links. To secure the last mile, encryption is necessarily performed within the client devices. Optionally, packets may be re-encrypted or double encrypted by the gateway media nodes, or in another embodiment, decrypted and re-encrypted by every media node in the meshed transport network. One embodiment of the invention disclosed herein is to facilitate multi-level security. For example, in
(632) As shown in
(633) Another embodiment of this invention, shown in
(634) Another embodiment of the invention, shown in
(635) A possible weakness of this implementation is that the same scrambling methods and numeric seeds used by the client are also used to secure the SDNP cloud. As a result, the security settings for zones U2, Z1 and U1 are necessarily shared, risking the entire network and routing to discovery through last-mile cyber-assaults. One method available to counteract exposed cloud security settings is illustrated in
(636) A further improvement on multi-level security is illustrated in
(637) In communication from client node C.sub.2,1 to client node C.sub.1,1, i.e. from tablet 33 to cell phone 32, a SDNP application running on client node C.sub.2,1 scrambles the outgoing data packet using scrambling operation 926 with zone U2 security settings followed by encryption. The single-channel data packet traversing last-mile connection 1318D is first decrypted and then unscrambled by unscrambling operation 928 performed by gateway media node M.sub.b,f, using zone U2 security settings. Using zone Z1 security settings, gateway media node M.sub.b,f then splits, scrambles and encrypts the data for meshed transport over network 1318A, using zone Z1 security settings. In gateway media node M.sub.b,d, the data packet is decrypted, unscrambled with unscrambling operation 928, and then mixed into a data packet for single-channel communication, using zone Z1 security settings. Gateway media node M.sub.b,d then scrambles and encrypts the single-channel data packet again, using zone U1 security settings, and then forwards the data on to client C.sub.1,1. An SDNP-enabled application running on cell-phone 32 decrypts and then unscrambles using unscrambling operation 928 the final packet delivered to its destination using zone U1 security settings.
(638) Similarly in the opposite direction, i.e. in communication from client node C.sub.1,1 to client node C.sub.2,1, i.e. from cell phone 32 to tablet 33, a SDNP application running on client node C.sub.1,1 scrambles the outgoing data packet using scrambling operation 926 with zone U1 security settings, followed by encryption. The single-channel data packet traversing last-mile connection 1318E is first decrypted and then unscrambled by unscrambling operation 928, performed by gateway media node M.sub.b,d, using zone U1 security settings. Using zone Z1 security settings, gateway media node M.sub.b,d then splits, scrambles and encrypts the data for meshed transport over network 1318A, using zone Z1 security settings. In gateway media node M.sub.b,f the data packet is decrypted, unscrambled with unscrambling operation 928, and then mixed into a data packet for single-channel communication using zone Z1 security settings. Gateway media node M.sub.b,f then scrambles and encrypts the single-channel data packet, using zone U2 security settings, and forwards the data to client node C.sub.2,1. An SDNP-enabled application running in tablet 33 decrypts and then unscrambles the data using unscrambling operation 928 and zone U2 security settings. The data packet is then delivered to the client, in this case tablet 33.
(639) As stated previously, all communications links shown carry encrypted data regardless of scrambling and mixing, as depicted by pad lock icon 1339. The detailed encryption and decryption steps are not shown for the purpose of clarity. In one embodiment, the data packets are decrypted and encrypted (i.e., re-encrypted) each time data traverses a new media node. In the very least, in every media node performing re-scrambling, incoming data packets are decrypted before unscrambling then scrambled and encrypted. A summary of the available multilayer security achievable with meshed transport, encryption, and scramblingall employing zone-specific security settingsis shown in the following table.
(640) TABLE-US-00010 Cloud Last Mile Security Method Security Security Meshed Routing in Cloud, No Encryption, 1-D None No Scrambling Meshed Routing, End-to-End Encryption, 2-D 1-D No Scrambling Meshed Routing, End-to-End Scrambling + 3-D 2-D Encryption Dynamic Meshed Routing, End-to-End 4-D 3-D Scrambling + Encryption Dynamic Meshed Routing, End-to-End 4-D 3.5-D Scrambling + Encryption + Junk
(641) As shown in the above table, adding dynamic changes to the encryption and scrambling during transport over time confers an added level of security by limiting the time in which a cyber-criminal has to sniff the packet and break the code to read a data packet. Dynamic changes can occur on a daily, hourly, or scheduled period or on a packet-by-packet basis, changes roughly every 100 msec. From the above table, it is also clear that the last mile is less secure than transport through the cloud.
(642) One means of augmenting the last-mile security is to dynamically insert junk data segments into the data stream, and even to send packets consisting entirely of junk, as decoys, wasting the computing resources of cyber-criminals by decoding worthless data. This improvement is represented as by the change from 3-D to 3.5-D, signifying that inserting junk data is not as good a security enhancement as that achieved through encryption, scrambling, and multi-route transport, but it is still an improvement, especially if the junk insertions vary over time, and differ in incoming and outgoing packets. Another important aspect to improve SDNP security in accordance with this invention is to employ misdirection, i.e. to obscure the real source and destination during packet routing, a topic discussed later in this disclosure.
(643) Delivery of Secrets, Keys, and Seeds
(644) SDNP-based secure communication relies on exchanging information between communicating parties that outside parties are not privy to or aware of or whose meaning or purpose they are unable to comprehend. Aside from the actual content of the data being transmitted, this information may include shared secrets, algorithms, encryption and decryption keys, and numeric seeds. A shared secret, as used herein, is information that only certain communicating parties know or share, e.g., a list of mixing, scrambling, and/or encryption algorithms, an encryption and/or decryption key, and/or a seed generator, number generator, or another method to select specific ones over time. For example, the selector 1307, shown in
(645) Working in conjunction with shared secrets, numeric seeds, which may be based on a time and/or state, are then used to select specific algorithms, invoke various options, or execute programs. By itself, any specific numeric seed has no meaning, but when combined with a shared secret, a numeric seed can be used to communicate a dynamic message or condition across a network without revealing its meaning or function if intercepted.
(646) Similarly, to execute encrypted communication, encryption requires a specific algorithm agreed upon by the communicating parties, i.e. a shared secret, and the exchange of one or two keys used for encryption and decryption. In symmetric key methods, the encryption and decryption keys are identical. Symmetric key exchanges are resilient to attacks provided the key is long, e.g. 34 bits or 36 bits, and that the time available to break the cipher is short, e.g. one second or less. For any given encryption algorithm, the ratio of the number of bits used in a symmetric encryption key divided by the time in which the key is valid is a measure of the robustness of the encryption. As such, symmetric keys can be used in a dynamic network, provided that they are large and that the time available to break the encryption is short. As an alternative, encryption algorithms may be employed wherein the encryption and decryption keys are distinct, or asymmetric with one key for encryption and another for decryption. In open communication channels, asymmetric keys are advantageous because only the encryption key is communicated and the encryption key gives no information about the decryption key. Working in concert, the combination of symmetric and asymmetric encryption keys, numeric seeds, and shared secretsall varying over time dynamically, provides superior multi-dimensional security to SDNP communication. Numerous general references on cryptography are available, e.g. Computer Security and Cryptography by Alan G. Konheim (Wiley, 2007). Adapting encryption to real time communication is, however, is not straightforward and not anticipated in the available literature. In many cases, adding encryption to data communication increases latency and propagation delay, degrading the network's QoS.
(647) Shared secrets can be exchanged between client nodes and media nodes prior to an actual communiqu?, message, call, or data exchange.
(648) The term DMZ, normally an acronym for demilitarized zone, in this case means a computer server not directly accessible through the Internet. DMZ servers can control one or numerous network-connected servers functioning as media nodes, but no media server 1118 can access any DMZ serverDMZ servers 1353A, 1353B and any others (not shown). All software and shared secrets distribution occurs in secure communications valid for only a short duration as depicted by time clocked padlock 1354. If the software delivery is late, an SDNP administrator must reauthorize the download of the secure software package 1352A for zone Z1 after personally confirming the account holder's identity and credentials.
(649) To elaborate, the description of DMZ server as a computer server not connected directly to the Internet means that no direct electronic link exists between the Internet and the servers. While Z1 file 1352A may in fact be delivered to the server or server farm over the Internet, file installation into the DMZ requires the intervention of the account administrator of the server or server farm working in cooperation with the account holder. Before installing files into the DMZ, the account administrator confirms the identity of the account holder and the validity of the installation.
(650) After confirming the installation, the administrator then loads the file containing Z1 secrets into the DMZ server using a local area network (LAN) linking the administrator's computer directly to the DMZ server. The LAN is, therefore, not directly connected to the Internet, but requires authorized transfer through the administrator's computer after a rigorous authentication process. The installation of the shared secrets is unidirectional, the files being downloaded into the DMZ servers with no read access from the Internet. Uploading the DMZ content to the Internet is similarly prohibited, thereby preventing online access or hacking.
(651) The shared secret installation process is analogous to a bank account that is not enabled for online banking, but where only with the client's approval can a bank officer manually perform an electronic wire transfer. By denying Internet access, intercepting shared secrets would require a physical entry and on-location attack at the server farm, one where the LAN fiber must be identified, spliced, and intercepted precisely at the time of the transfer. Even then, the file being installed is encrypted and available for only a short duration.
(652) The same concept can be extended to multi-zone software deployment, shown in
(653) It is important to highlight that while SDNP administration server 1355 supplies shared secrets to DMZ servers 1353A, 1353B and 1353C, SDNP administration server 1355 has no knowledge as to what happens to the shared secrets after delivery, nor does it perform any command or control influence over the shared secrets once delivered. For example, if a list of algorithms is shuffled, i.e. reordered, so that the address for a specific algorithm changes, SDNP administration server 1355 has no knowledge as to how the shuffling occurs. Likewise, SDNP administration server 1355 is not a recipient of numeric seed or key exchanges between communicating parties and therefore does not represent a point of control. In fact, as disclosed, no server in the entire SDNP network has all the information regarding a package, its routing, its security settings, or its content. Thus, the SDNP network is uniquely a completely distributed system for secure global communication.
(654) Delivery of shared secrets to a DMZ server, as shown in
(655) The same DMZ server 1353A can manage more than one media server, e.g. media server array 1360, or alternatively multiple DMZ servers can carry the same security settings and shared secrets. The media nodes may all be operating to carry media, content, and data cooperatively using timesharing, and load balancing. If the communication loading on media server array 1360 drops, media node M.sub.3 can be taken offline, indicated symbolically by open switches 1365A and 1365B, leaving media node M.sub.2 still operating, as indicated by closed switches 1364A and 1364B. The switches do not indicate that the input and the outputs of the particular server are physically disconnected but just that the server is no longer running the media node application, thereby saving power and eliminating hosting use fees for unneeded servers. As illustrated, one DMZ server 1353A can control the operation of more than one media server by downloading instructions, commands, and secrets from DMZ server 1353A to any server in server array 1360, but the converse is not true. Any attempt to gain information, to write, query, or inspect the contents of DMZ server 1353A from a media server is blocked by firewall 1366, meaning that the content of the DMZ server 1353A cannot be inspected or discovered through the Internet via a media node.
(656) An example of secure communication in accordance with this invention based on shared secrets is illustrated in
(657) Upon receiving secure payload packet 1342, receiving media node M.sub.R decrypts packet 1342, using decryption key 1030 contained within shared secrets 1350A supplied by DMZ server 1353B, and then, using state information 920 specific to the data packet 1342, recovers data 1341. In an alternative embodiment, numeric seed 929 may also be sent a priori, i.e. before the communication of payload packet 1342, from sending media node M.sub.S to receiving media node M.sub.R as a numeric seed 929 with a temporary life. If it is not used within a certain period of time or if payload packet 1342 is delayed, the seed's life expires and it self-destructs, rendering media node M.sub.R unable to open payload packet 1342.
(658) Another example of secure communication in accordance with this invention, based on shared secrets combined with a seed and a key encapsulated within the packet being delivered, is illustrated in
(659) Upon receiving secure payload packet 1342, receiving media node M.sub.R decrypts packet 1342, using decryption key 1030, which has a temporary life and was supplied a priori, i.e. before the communication of payload 1342, in a separate communication between sending media node M.sub.s and receiving media node M.sub.R. This earlier data packet may be secured by shared secrets such as another decryption, a dynamic algorithm, a numeric seed, or a combination thereof. If decryption key 1030 is not used within a certain period of time, or if data packet 1342 is delayed, the decryption key 1030 expires and self-destructs, rendering media node M.sub.R unable to open payload packet 1342. While decryption key 1030 can alternatively be included in payload packet 1342, this technique is not preferred.
(660) One way to avoid delivering all of the security-related information with the content is to split and separate the channel used to deliver command and control signals from the media communication channel used to deliver content. In accordance with this invention, such a dual-channel communication system, shown in
(661) In operation, packets are delivered to signaling node S.sub.1 describing the routing and security settings for media packets expected as incoming packets to server array 1360. These special purpose packets are referred to herein as command and control packets. During communication, the command and control packets are sent to media servers 1361, 1362, and 1363 instructing media nodes M.sub.1, M.sub.2, and M.sub.3, respectively how to process incoming and outgoing data packets. These instructions are combined with information residing within DMZ server 1353A. As previously described, the same DMZ server 1353A can manage more than one media server, e.g. media server array 1360. The media nodes may all be operating to carry media, content, and data cooperatively, using timesharing, and load balancing. If the communication loading on media server array 1360 drops, media node M.sub.3 can be taken offline, indicated symbolically by open switches 1365A and 1365B, leaving media nodes M.sub.1 and M.sub.2 still operating, as indicated by closed switches 1364A and 1364B. The switches do not indicate that the input and the outputs of the particular server are physically disconnected, but rather that the server is no longer running the media node application, thereby saving power and eliminating hosting use fees for unneeded servers.
(662) As illustrated, one DMZ server 1353A, working in conjunction with signaling server 1365 can control the operation of more than one media server by downloading instructions, commands, and secrets from DMZ server 1353A to any server in server array 1360, but the converse is not true. Any attempt to gain information, to write, query, or inspect the contents of DMZ server 1353A from signaling server 1365 or from media servers 1361, 1362, and 1362 is blocked by firewall 1366, meaning that the content of the DMZ server 1353A cannot be inspected or discovered through the Internet via a media node.
(663) Thus, in a dual-channel communications system the command and control of a communications network uses a different communications channel, i.e. unique routing, separate from the content of the messages. A network of signaling servers carry all of the command and control information for the network while the media servers carry the actual content of the message. Command and control packets may include seeds, keys, routing instructions, priority settings, etc. while media includes voice, text, video, emails, etc.
(664) One benefit of dual-channel communication is the data packets contain no information as to their origins or ultimate destinations. The signaling server informs each media server what to do with each incoming data packet on a need to know basis, i.e. how to identify an incoming packet by the address of the node that sent it, or alternatively by a SDNP zip code, what to do with it, and where to send it. In this way a packet never contains more routing information than that pertaining to its last hop and its next hop in the cloud. Similarly, the signaling servers carry command and control information but have no access to the content of a data packet or any communication occurring on the media channel. This partitioning of control without content, and content without routing confers a superior level of security to dual-channel SDNP-based networks.
(665) An example of dual-channel secure communication in accordance with this invention is illustrated in
(666) In this manner, aside from the data 1341 being communicated, the only security-related data included within payload packet 1342 is state 920, describing the time that payload packet 1342 was created. Once payload packet 1342 arrives at receiving media node M.sub.R, it is decrypted by decryption key 1030. After being decrypted, seed 929, combined with state information 920 and shared secrets 1350A supplied by DMZ server 1353B, is used to unscramble, mix and split payload packet 1342 and other incoming data packets in accordance with the previously disclosed methods. Although the data packet may carry information of the time it was last modifiedstate information especially useful for generating decryption keys locally, the concurrent use of a seed transmitted over the command and control channel enables identifying splitting and unscrambling operations performed previously on the incoming data packet but at a time not necessarily performed in the immediately previous node.
(667) In an alternate embodiment shown in
(668) In order to facilitate the end-to-end security described previously, executable code, shared secrets, and keys also have to be installed in a client, typically downloaded as an application. To prevent revealing security settings used on the SDNP network, these downloads are defined in a separate zone known only by the client and the cloud gateway node with which it communicates. As shown in
(669) For any zone U1 external client node C.sub.1,1 to communicate with the zone Z1 SDNP cloud 1114, gateway nodes such as media node M.sub.a,d, must receive information regarding both the zone Z1 and the zone U1 security settings, as contained within the zone U1, Z1 download package 1352E. Using time-limited, secure download methods indicated by padlock 1354, both the zone Z1 and the zone U1 secrets are downloaded via link 1350C into DMZ server 1353C, and executable code 1351 is downloaded via link 1351 and installed into SDNP media node Mai as well as into any other zone Z1 media nodes required to perform gateway connections between cloud 1114 and external clients, i.e. connections supporting last-mile connectivity. Once both media node M.sub.a,d in zone Z1 and client node C.sub.1,1 in zone U1 are both loaded with the content of download packages 1352E and 1352D respectively, then secure communication 1306 can ensue, including encryption operation 1339.
(670) Since communication from a secure cloud in zone Z1 hosted on media servers 1118 to client node C.sub.1,1 hosted on an external device such as cell phone 32 in zone U1 may likely occur over a single communication channel, some means is needed to convert the dual-channel communication employed within the cloud 1114 to single-channel communication needed over the last mile. An example of the role of the SDNP gateway node in implementing dual-channel to single-channel conversion is illustrated in
(671) Payload packet 1342 is encrypted using encryption operation 1339. To decrypt payload packet 1342, decryption key 1030 must be used, where the decryption key 1030 comprises one of several shared zone U1 secrets 1350D, downloaded previously into secure app and data vault 1359 along with other zone U1 secrets such as seed generator 921, number generator 960 and algorithms 1340. Alternatively, as shown in
(672) In order to prevent pattern recognition of algorithms used repeatedly by a client, the address or code used to select an algorithm from a list of algorithms installed on a client is, in accordance with this invention, changed at a regular schedule, for example, weekly, daily, hourly, etc. This feature, referred to as shuffling occurs in a manner analogous to shuffling the order of cards in a deck and similar to the shuffling performed within the network. Shuffling reorders the numbers used to identify any given algorithm in a table of algorithms, regardless whether such algorithm table comprises a method for scrambling, mixing, or encryption. As shown in
(673) An improved method to pass security settings from the cloud to client node C.sub.1,1 is to employ dual-channel communication, as shown in
(674) In operation, numeric seed 929, passed via the media channel from media node M.sub.R to client node C.sub.1,1, is used to select a decryption algorithm from algorithm table 1340 and unlocking the security on decryption key 1030 shown by padlock 1339C. Once unlocked, decryption key 1030 is used to unlock the encryption performed on payload packet 1342 by encryption operation 1339B. Numeric seed 929, in conjunction with zone U1 secrets 1350D, is then used to recover data 1341 for use by client node C.sub.1,1.
(675) If an asymmetric key exchange is employed, as shown in
(676) After obtaining the encryption key 1370A, node C.sub.1,1 on client device 1335 encrypts the payload packet 1342 using the selected encryption algorithm and encryption key 1371B. Since media node M.sub.R has access to the decryption key 1030 from DMZ server 1353A, it is able to unlock payload packet 1342 and read the file. Conversely, zone U1 secrets 1350D contain a decryption key 1030 corresponding to an encryption key (not shown) passed from client node C.sub.1,1 to key exchange server 1369. When media node M.sub.R prepares a data packet for client node C.sub.1,1, it downloads the zone U1 encryption key 1370A and then encrypts the payload packet 1342 for delivery to client node C.sub.1,1. Since cell phone 32 has access to the zone U1 secrets, including zone U1 decryption key 1030, it is able to decrypt and read payload packet 1342.
(677) In the aforementioned specified methods and other combinations thereof, secure communication including the delivery of software, shared secrets, algorithms, number generators, numeric seeds, and asymmetric or symmetric encryption keys can be realized in accordance with this invention.
(678) SDNP Packet Transport
(679) Another inventive aspect of secure communication in accordance with this invention is the inability for a cyber attacker to determine where a data packet or a command and control packet came from and to where it is destined, i.e. the true source and the final destination are disguised, revealing only the source and destination of a single hop. Moreover, within a single SDNP cloud the SDNP addresses employed are not actual IP addresses valid on the Internet but only local addresses having meaning with the SDNP cloud, in a manner analogous to a NAT address. In contrast to data transport in a NAT network, during the routing of data across the SDNP network, the SDNP addresses in the data packet header are rewritten after each node-to-node hop. Moreover, the media node does not know the routing of a data packet other than the last media node where it came from and the next media node where it will go. The protocols differ based on the previously disclosed single-channel and dual-channel communication examples, but the routing concepts are common.
(680) Single-Channel Transport
(681) One example of single-channel communication is shown in
(682) These last-mile addresses represent real IP addresses. Once entering the zone Z1 cloud, the source IP address in SDNP packet 1374F changes to a pseudo-IP address SDNP Addr MF, an NAT type address that has no meaning in the Internet. Assuming for simplicity's sake that network routing involves a single hop, then the destination address is also a pseudo-IP address, in this case SDNP Addr MD. Over the last mile in zone U1, the addresses shown in SDNP packet 1374G revert to real IP addresses, with a source address of IP Addr MD and a destination IP Addr CP. In real-time packet transport, all of the SDNP media packets use UDP, not TCP. As described previously, the payload varies by zonein last-mile zone U2, the payload of SDNP media packet 1374B comprises a U2 SDNP packet, in meshed network and SDNP cloud zone Z1 the payload of SDNP media packet 1374F comprises a Z1 SDNP packet, and in last-mile zone U1 the payload of SDNP media packet 1374G comprises a U1 SDNP packet. So unlike in Internet communication, a SDNP media packet is an evolving payload, changing in address, format and content and it traverses the communication network.
(683)
(684) The client's SDNP-enabled application 1335 can be an SDNP-enabled secure application like a personal private messenger or secure email running on a cell phone, tablet or notebook. Alternatively, the client may comprise secure hardware devices running embedded SDNP software. SDNP-embedded devices may include an automotive telematics terminal; a POS terminal for credit card transactions; a dedicated SDNP-enabled IoT client, or a SDNP router. A SDNP router disclosed herein is a general purpose hardware peripheral used to connect any device not running the SDNP software to the secure SDNP cloud, e.g. any notebook, tablet, e-reader, cell phone, game, gadget with Ethernet, WiFi or Bluetooth connectivity.
(685) After client application 1335 contacts one of the default SDNP servers, it is next redirected to a SDNP gateway node. The gateway node may be selected by its physical proximity between the client's location and the server, by the lowest network traffic, or as the path with the shortest propagation delay and minimum latency. In step 1380B, the default SDNP server 1220S redirects the client's connection to the best choice SDNP gateway media server 1220F, hosting SDNP gateway media node M.sub.a,f. Gateway media node M.sub.a,f, then authenticates both parties' certificate 1357, confirms the user, establishes whether the call is free or a premium feature and, as applicable, confirms an account's payment status, and thereafter commences a SDNP session.
(686) In step 1380C, the client application 1335 sends an initial SDNP packet 1374A requesting address and routing information for the call destination, i.e. the person or device to be called, using route query 1371, directed to gateway media server 1220F. Since the SDNP packet 1374A, which includes route query 1371, represents a command and control packet rather than real-time communication (i.e., data packet), it is delivered using TCP rather than UDP. The route query 1371 may specify that the contact information be provided to client application 1335 in any number of formats, including the phone number, SDNP address, IP address, URL, or a SDNP specific code, e.g. a SDNP zip code of the destination device, in this case cell phone 32. Route query 1371 is therefore a request for information about the party being called, i.e. for any necessary information to place the call, comprising for example either the SDNP zip code, their IP address, or their SDNP address.
(687) In step 1380D of
(688) To summarize, each node identifies each packet it receives by its tag. Once the node has identified the packet, it performs whatever decryption, unscrambling, mixing, scrambling, encryption and splitting operations on the packet that the signaling server has instructed it to perform, in the order specified. The algorithms or other methods used in these operations may be based on a state, e.g., the time when the packet was created, or a seed generated in accordance with an algorithm that is determined by a state. In performing each operation, the node may use the state or seed to select a particular algorithm or method from a table in its memory. Again as instructed by signaling server, the node gives each packet a tag and then routes the packet on to the next node in its journey across the SDNP network. It is understood, of course, that where the incoming packets have been mixed and/or split, the packets transmitted by a node will not normally be the same as the packets it receives, as some data segments may have been transferred to other packets, and data segments from other packets may have been added. Thus, once a packet has been split, each resulting packet gets its own tag and travels on its own route completely ignorant of how its siblings will make it to the same ultimate destination. The node is ignorant of the route of each packet except for the next hop.
(689) In single-channel SDNP systems, the gateway and other media nodes have to perform triple duty, emulating the jobs of the name server and the signaling server. In fact, single-channel, dual-channel and tri-channel systems differ in that the three functionspacket transmission, signaling and nameare performed in the same servers in a single-channel system, in two types of servers in a dual-channel system, and the three types of servers in a tri-channel system. The functions themselves are identical in all three types of systems.
(690) In a distributed system, the servers that perform the signaling function know the ultimate destination of the packets, but no single server knows the entire route of the packets. For example, the initial signaling server may know a portion of the route, but when the packets reach a certain media node the signaling function is handed off to another signaling server, which takes over the determination of the route from that point on.
(691) To take a rough analogy, if a packet is to be sent from a cell phone in New York City to a laptop in San Francisco, the first signaling server (or the first server performing the signaling function) might route the packet from the cell phone to a local server in New York (the entry gateway node) and from there to servers in Philadelphia, Cleveland, Indianapolis and Chicago, a second signaling server might route the packet from the Chicago server to servers in Kansas City and Denver, and a third signaling server might route the packet from the Denver server to servers in Salt Lake City, Reno and San Francisco (the exit gateway node) and finally to the laptop, with each signaling server determining the portion of the route that it is responsible for based on the propagation delays and other current traffic conditions in the SDNP network. The first signaling server would instruct the second signaling server to expect the packet in the Chicago server, and the second signaling server would instruct the third signaling server to expect the packet in the Denver server, but no single signaling server (or no server performing the signaling function) would know the full route of the packet.
(692) Of course, as indicated above, the packet may be mixed and split along its route. For example, instead of simply routing the packet from the Philadelphia server to the Cleveland server, the signaling server could instruct the Philadelphia server to split the packet into three packets and route them to servers in Cincinnati, Detroit and Cleveland, respectively. The signaling server would then also instruct the Philadelphia server to give each of the three packets a designated tag and it would inform the servers in Cincinnati, Detroit and Cleveland of the tags so that they could recognize the packets
(693) Step 1380G of
(694) Payload 1373A of SDNP data packet 1374C is scrambled and encrypted, using SDNP zone Z1 security settings, and the SDNP header contained in the SDNP data packet 1374C encapsulating the data within payload 1373A is also formatted specifically in accordance with the secure dynamic network protocol for zone Z1. The secure dynamic network protocol for any zone is the set of shared secrets specifically applicable for communication traversing that specific zone, in this case a zone Z1 seed calculated using a zone Z1 seed algorithm, a zone Z1 encryption algorithm and so on. For security purposes, zone Z1 security settings are not communicated to zone U2, and vice versa.
(695) Step 1380H illustrates SDNP data packet 1374D being routed from media node M.sub.a,d hosted by media server 1220J, to SDNP media node M.sub.a,d hosted by media server 1220S The cloud hop of SDNP packet 1374D also occurs using SDNP addresses SDNP Addr MJ and SDNP Addr MS, not recognizable on the Internet. Payload 1373B of SDNP data packet 1374D is scrambled and encrypted, using SDNP zone Z1 security settings, and the SDNP header contained in the SDNP data packet 1374D encapsulating the data within payload 1373B is also formatted specifically in accordance with the secure dynamic network protocol for zone Z1.
(696) This process of sending a packet between nodes in the SDNP cloud may occur once or may be repeated multiple times, each repetition involving re-packeting and re-routing operation 1373.
(697) The final cloud-hop of SDNP packet 1374E, shown in step 1380J of
(698) In step 1380K, data packet 1374G is routed out of the secure cloud from gateway media node M.sub.a,d, hosted by media server 1220D, to client node C.sub.1,1, hosted by application 1335 on cell phone 32. This last-mile routing of IP packet 1374G occurs using IP addresses IP Addr MD and IP Addr CP, recognizable on the Internet, except that payload 1374 within IP packet 1374G is scrambled and encrypted using SDNP zone U1 security settings, and the SDNP header contained in the SDNP data packet 1374G encapsulating the data within payload 1374 is also formatted specifically in accordance with the secure dynamic network protocol for zone U1. Upon delivering the data contents of payload 1374 to application 1335 in cell phone 32, speaker 1388B converts the digital code into sound 1384A using an audio CODEC (not shown).
(699) In step 1380L, shown in
(700) As shown in step 1380M, upon receiving the IP packet 1374H, gateway media node M.sub.a,d, hosted by server 1220D, converts the addressing to SDNP routing and sends SDNP data packet 1374J and its payload 1376A to media node M.sub.a,j, hosted by computer server 1220U, using zone Z1 security settings. This SDNP node-to-node communication may comprise a single node-to-node hop or involve transport through a number of media nodes, with each hop involving re-packeting and re-routing operation 1373.
(701) In step 1380N of
(702) The entire ad hoc communication sequence to initiate the call and to route voice from the caller, i.e. tablet 33, to the person called, i.e. cell phone 32, is summarized in
(703) The gateway media node M.sub.a,f then converts the routing to SDNP-specific routing addresses and uses SDNP packets 1374C, 1374D, and 1374E to move the communication through the SDNP cloud 1114 from SDNP Addr MF to SDNP Addr MJ to SDNP Addr MS to SDNP Addr MD respectively, all using zone Z1 security settings. This sequence is functionally equivalent to SDNP data packet 1374F directing the communication packet from SDNP Addr MF directly to SDNP Addr MD. Because there is no routing supervisor in ad hoc communication to oversee packet delivery, the command and control of packet routing within the SDNP cloud 1114 can be accomplished in one of two ways. In one embodiment, the source and destination addresses of each of SDNP data packets 1374C, 1374D, and 1374E explicitly and rigorously define the hop-by-hop path of the packet through the SDNP network, the path being chosen in single-channel communication by the gateway media node in advance for the best overall propagation delay during transport. In an alternative embodiment, a single gateway-to-gateway packet, e.g. SDNP data packet 1374F, is used to define the SDNP nodal gateways into and out of the SDNP cloud, but not to specify the precise routing. In this embodiment, each time a packet arrives in a SDNP media node, the media node prescribes its next hop much in the same way as routing over the Internet occurs, except that the SDNP media node will automatically select the shortest propagation delay path, whereas the Internet does not.
(704) Finally, when packet 1374E reaches the gateway media node Md at SDNP Addr MD, the gateway media node M.sub.a,d creates IP data packet 1374G, converting the incoming data packet into IP addresses IP Addr MD and IP Addr CP and changes the security settings to those of zone U1.
(705) Another summary of this routing is shown in
(706) In a similar manner,
(707)
(708) In a similar manner, the data segments 9G et seq. in data string 1387 are formed into additional SDNP packets.
(709)
(710) SDNP packet 1395, containing multiple data fields separated by multiple headers, may then be encrypted in one of several ways. In full-packet encryption, all of the data in SDNP packet 1395 is encrypted, except for the data in SDNP preamble 1399A, i.e. all the content of first header 1399B, first data field 1399C, second data header 1399D and second data field 1399E are all encrypted to form SDNP packet 1396 comprising unencrypted SDNP preamble 1399A and ciphertext 1393A. Alternatively, in message encryption, SDNP packet 1397 comprises two separately encrypted ciphertext stringsciphertext string 1393B, comprising the encryption of data header 1399B and data field 1399C, and ciphertext string 1393C, comprising the encryption of data header 1399D and data field 1399E. In another embodiment of this invention, referred to as data-only encryption, only data-fields 1399C and 1399E are encrypted into ciphertext strings 1393D and 1393E, but data headers 1399B and 1399D are left undisturbed. The resulting SDNP packet 1398 comprises plaintext for SDNP preamble 1399A, first data header 1399B, and second data header 1399D and ciphertext strings 1393D and 1393E, representing independently encrypted versions of data fields 1399C and 1399E respectively
(711) In single-channel communication, to relay required routing and priority information to the next media node, SDNP payload 1400, shown in
(712) Data field header 1402 follows a fixed format for each one of the X data fields. Data field header 1402 includes an address type for the destination and the destination address of the specific data field, i.e. the destination of this specific hop in the cloud. The destination address of every data field in a given packet is always the same because the packet remains intact until it arrives at the next media node. When a packet is split into multiple packets, however, the field destination addresses in each of the split packets is different from the field destination addresses in each of the other split packets if the packets are going to different media nodes.
(713) In multi-route and meshed transport, the field destination address is used for splitting and mixing the various fields used in dynamic routing.
(714) The address type of the next hop can change as the packet traverses the network. For example it may comprise an IP address between the client and the gateway, and an SDNP address or a SDNP zip once it enters the SDNP cloud. The destination may comprise an SDNP specific routing code, i.e. SDNP address, SDNP Zip, or an IPv4 or IPv6 address, a NAT address, a POTS phone number, etc.).
(715) The packet field labeled Field Zone describes the zone where a specific field was created, i.e. whether a past encryption or scrambling was performed with U1, Z1, U2, etc. zone settings. In some instances, unscrambling or decrypting a data packet requires additional information, e.g. a key, seed, time or state, in which case the packet field labeled Field Other may be used to carry the field-specific information. The packet field labeled Data Type, if used, facilitates context-specific routing, distinguishing data, pre-recorded video, text and computer files not requiring real time communication from data packets containing time sensitive information such as voice and live video, i.e. to distinguish real-time routing from non-real-time data. Data types include voice, text, real-time video, data, software, etc.
(716) The packet fields labeled Urgency and Delivery are used together to determine best how to route the data in a specific data field. Urgency includes snail, normal, priority, and urgent categories. Delivery includes various QoS markers for normal, redundant, special, and VIP categories. In one embodiment of this invention, the binary size of the various data fields as shown in table 1403 is chosen to minimize the required communication bandwidth. For example, data packets as shown may range from 0 to 200 B whereby eight packets of 200 B per data field means that a SDNP packet can carry 1,600 B of data.
(717) Dual-Channel Communication
(718) In one embodiment of dual-channel SDNP data transport, shown in
(719) In parallel, to the media and content transport, client C.sub.2,1, communicating with signaling node S.sub.s, hosted by signaling server 1365, sends numeric seed 929 and decryption key 1030 to client C.sub.1,1 through signaling server S.sub.d, seed 929 and decryption key 1030 being based on the time or state when client C.sub.2,1 sent them. By exchanging security settings such as keys and seeds (also known as security credentials) directly between the clients over signaling route 1405, and not through zone Z1, end-to-end security is realized beneficially eliminating any risk of a network operator in zone Z1 gaining access to security settings and compromising the security of Zone U1 or Zone U2. This embodiment represents yet another dimension of security in SDNP network communication. Seed 929, for example, may be used to scramble and unscramble the data packets in the client's applications. Similarly, as shown, decryption key 1030 allows only client C.sub.1,1 to open the encrypted message. Since key 1030 and numeric seed 929 never pass through zone Z1, a network operator cannot compromise the network's security. When the data packets enter the gateway node M.sub.a,f from client C.sub.2,1, the incoming data packets are already encrypted and scrambled. The packets received by client C.sub.1,1 from gateway node M.sub.a,d are in the same scrambled and/or encrypted form as those leaving client C.sub.2,1 and destined for gateway node M.sub.a,f. The network's dynamic scrambling and encryption present in every node (but not explicitly shown in
(720) Thus, as shown in
(721) In another embodiment of dual-channel SDNP data transport, shown in
(722) Tri-Channel Communication
(723) Greater security and enhanced network performance can be achieved by separating the responsibility of tracking the nodes in the network from the actual data transport. In this approach, a redundant network of servers, referred to as name servers, constantly monitors the network and its media nodes, freeing the signaling servers to do the job of routing and security data exchange, and enabling the media servers to concentrate on executing routing instructions received from the signaling nodes. This yields what is referred to herein as a tri-channel system and is illustrated in
(724) To maintain an updated network description, each time a device logs on to the network, the data regarding its status and its IP address, its SDNP address, or in some cases both, is transferred to name server 1408, as shown in
(725) While name server node NS maintains an exhaustive description of the network, signaling node S, hosted by signaling server 1365, shown in
(726) Given that the aforementioned information regarding the network, its node addresses, and its propagation delays is readily available in the name servers and the signaling servers, high QoS communication can best be achieved using tri-channel communication as depicted in
(727) Because of the importance of the name server in maintaining an up-to-date network node list 1410, shown in
(728) Communication using tri-channel SDNP packet routing in accordance with this invention is illustrated in
(729) In the first step 1430B in actually placing the call, the tablet 33 sends IP packet 1450A to the name server node NS, requesting routing and contact information for the destination or person to be called. The contact information request, i.e. route query 1431, may come in the form of an IP address, SDNP address, phone number, URL, or other communication identifier. In step 1480C, name server node NS, hosted by name server 1408, supplies the client's SDNP application 1335 with the intended recipient's address. The reply is delivered by IP packet 1450B, using the TCP transport layer. In an alternate embodiment, the client requests the routing information from a signaling server and the signaling server requests the information from the name server.
(730) In step 1430D, shown in
(731) Then, in step 1430F, the signaling node S sends to application 1335 in tablet 33 the gateway media node address, the zone U2 decryption keys 1030, the seeds 929 and other security settings needed for securing the first packet to be sent across the first mile.
(732) Once tablet 33 obtains the zone U2 security settings in step 1430F, it initiates a call with SDNP packet 1450D, as shown in
(733) Step 1430H, also shown in
(734) In step 1430J, shown in
(735) When the incoming SDNP packet 1450F is received by application 1335 in cell phone 32, it can only see from the address the last media node M.sub.a,d where the data packet left the SDNP cloud. Unless the SDNP payload carries information regarding the caller, or unless the signaling node S supplies this information, there is no way for the person called or receiving the data to trace its origins or its source. This feature, anonymous communication and untraceable data delivery is a unique aspect of SDNP communication and an intrinsic artifact of the single-hop dynamic routing in accordance with this invention. The SDNP network delivers information about the caller or source only if the caller so desires it, otherwise there is no information availableanonymity is the default condition for SDNP packet delivery. In fact, the sending client's SDNP application has to intentionally send a message informing a person being called or messaged that the information came from the specific caller. Since the signaling server knows the caller and the packet's routing it can determine a route for a reply data packet without ever revealing the caller's identity.
(736) Alternatively the signaling server could reveal an alias identity or avatar, or limit access of the caller's identity to only a few close friends or authorized contacts. Anonymity is especially valuable in applications like gaming, where there is no reason for a player to share their true identityespecially with an unknown opponent. Another condition requiring anonymous communication is in machine-to-machine or M2M, IoT or Internet-of-Things, vehicle-to-vehicle or V2V, or vehicle-to-infrastructure or V2X communication where a client doesn't want machines, gadgets and devices to be giving out contact and personal information to potentially hostile devices, agents, or cyber-pirate devices. For the extremely paranoid user, voice can also be disguised electronically so that even vocal communication can be achieved anonymously.
(737) As shown in step 1430K of
(738) Regardless of the reply method employed, in step 1430L of
(739) In step 1430M the reply packet exits the secure SDNP cloud without ever executing any node-to-node hop within the SDNP cloud. In this case, gateway media node M.sub.a,f hosted by media server 1220F, converts the contents of the SDNP packet 1450H from a zone Z1 specific payload 1435 into a zone U2 payload 1436 and, using IP addresses IP Addr MF and IP Addr TB, directs IP packet 1450J to client node C.sub.2,1, hosted by tablet 33. This last-mile routing of IP packet 1450J occurs using IP addresses IP Addr MF and IP Addr TB recognizable on the Internet, but payload 1436 is scrambled and encrypted using SDNP zone U2 security settings, and the SDNP header contained in the payload 1436 is formatted specifically in accordance with the secure dynamic network protocol for zone U2. Once received by cell phone 33, SDNP enabled application 1335 then extracts the payload data and after decryption and unscrambling converts the digital code using an audio CODEC (not shown) into sound 1384B produced by speaker 1388A. In the sequence shown in steps 1430K-1430M, only one gateway media node is involved in the communication, and thus the first mile is immediately followed by the last mile.
(740) A summary of the call sequence using tri-channel communication in accordance with this invention is illustrated in
(741) The reply sequence is shown in
(742) In such a case it is advantageous to insert a dummy node in the data transport path to facilitate misdirection, as shown in
(743) Payload Fields
(744) Payload processing of an incoming data packet entering the SDNP client through a gateway media node is illustrated in
(745) In alternative embodiment, also shown in
(746) Using the nested fields data structure, packing several fields of data with their own headers into one packet's payload, is much like placing multiple boxes inside a bigger box. The process of SDNP re-packing the data, i.e. opening a box, taking out the smaller boxes and putting them into new big boxes, involves many choices in routing of data segments. To avoid packet loss, it is preferable that data segments of the same origin are not commingled into the same fields as with data segments from other data, conversations and communiqu?s, but remain uniquely separate as identified by header and arranged by sender. For example, in
(747) Splitting operation 1057 also creates a second payload 1471, containing data segments for three fields, i.e. field 9 containing data segments 9B, 9A, 9F and 9E, field 8 containing only data segment 8F, and field 6 containing data segment 6F.
(748) As shown, all of the fields in payloads 1471 and 1472 also contain one or more junk data segments. Unless re-scrambling is executed, the scrambled payload 1471 is then encrypted using encryption operation 1026 at the present state and for the current zone to produce payload 1473, ready to be assembled into a SDNP packet or an IP packet. Similarly, payload 1472 is encrypted using encryption operation 1026 at the present state and for the current zone to produce payload 1474, ready to be assembled into a SDNP packet or an IP packet. Payload 1473 is routed to a different media node than payload 1474. In this illustration, the IP or SDNP addresses and the rest of the data packet are excluded from the illustration for the sake of clarity.
(749) The dynamic nature of re-packeting is illustrated in
(750) In some instances, shown previously herein, it may be necessary to temporarily store some data segments or fields while awaiting others to arrive. This storage operation can occur within any given node in SDNP network, including interior media nodes or gateway media nodes. Alternatively, the storage can occur within a client's application hosted on a cell phone, tablet, notebook, etc. Such an example is shown in
(751) In another embodiment of this invention, final reassembly and caching of fields occurs within application 1335 on cell phone 32, i.e. within the client's applicationnot in the SDNP cloud. As illustrated in
(752) A summary flow chart summarizing client reconstruction of a SDNP packet is illustrated on
(753) Command & Control
(754) As a final element of SDNP communication in accordance with this invention, the command and control of media nodes by the signaling nodes is a key component in insuring high QoS and low-latency delivery of real-time packets without sacrificing security or audio fidelity. One example of a basic decision tree used to determine routing and priority treatment of clients, conversations, and data packets is shown in
(755) If the most important factor is the file is guaranteed delivery, then guaranteed packet delivery may be employed, i.e. sending multiple redundant copies of the packets and minimizing the number of node-to-node hops to minimize the risk of packet loss even if real-time performance is sacrificed. Special delivery may include customer-specific authentication procedures. Otherwise, normal SDNP routing will be employed. In
(756) Combining the routing options (step 1501) and the urgency selection (step 1502) allows the signaling node S to best select the routing for each packet, frame or data segment (step 1503). If the selected route passes through multiple zones, it will involve various security settings (step 1504) for each zone. This data comprising seeds, decryption keys 1030 and other security-related information is then combined with the node-by-node routing, splitting and mixing for meshed transport, used to generate preambles for every data packet including IP packets for the first and last mile, comprising SDNP zone U2 preamble 505A, SDNP zone U1 preamble 1505C, and multiple SDNP zone Z1 preambles for meshed transport in the SDNP, collectively represented by preamble 1505B. Preambles 1505A, 1505B, 1505C and others are then combined with IP addresses and SDNP addresses to create the various IP (Internet Protocol) and SDNP packets. These routing instructions include IP packet 1506A sent to tablet 33 detailing the routing for a call or communiqu? from client node C.sub.2,1 to the SDNP gateway media node, multiple SDNP packets 1506B sent to media servers 1118 and used for routing the call or communiqu? among the media nodes M.sub.i,j in the SDNP cloud, and IP packet 1506C, sent to cell phone 32, detailing the routing for a call or communiqu? from the SDNP gateway node to client node C.sub.1,1, representing cell phone 32. In this manner, the media nodes only need to direct the incoming payloads according to the instructions they receive from the signaling servers, a mechanism completely opposite to that of the routing procedure used in Internet-based OTT communication.
(757) For example, as stated previously, Internet routers are hosted by many different ISPs and telephone companies who do not necessarily have the best interests of a client in mind in routing their packets with the lowest propagation delay or shortest latency. In fact, unlike SDNP communications in accordance with this invention, Internet routers cannot even distinguish data packets carrying real-time audio or video from junk mail. In real-time communication, latency is critical. Delays of a few hundred milliseconds noticeably affect QoS, and delays over 500 milliseconds become unbearable for holding a coherent voice conversation. For this and numerous other reasons, the real-time performance of the SDNP network described herein constantly monitors propagation delays and chooses the best route for each real-time data packet at the time its transport ensues.
(758) As illustrated in
(759) Another important function of command and control is in directing packet reconstruction. This function is key to mixing, splitting and rerouting SDNP packets in the cloud.
(760) This data is then fed into SDNP zip sorter 1310 to sort the frames into groups of frames, each group having a common destination on its next hop in the SDNP cloud, all in accordance with routing information in the SDNP packet 1506B supplied previously by the signaling node S for each frame or SDNP packet in response to the call information specified in command and control packet 1495A. SSE operation 1213 then splits the frames into the groups having common destinations, using current state 920 information, updated seeds 929, and new decryption keys 1030. One such payload, payload 1511, containing data for frames 1,9, and 23, is destined for media node M.sub.a,j, whereas the previous payload 1511A comprised data for frames 1, 6 and 9. So, as instructed by signaling node S, media node M.sub.a,q removed the frame 6 data and replaced it with the frame 23 data to make payload 1511B, which it assembled into outgoing SDNP packet 1487B and sent onward to media node M.sub.a,j.
(761) Using the 7-layer OSI model, the SDNP connection shown in
(762) In SDNP communication Presentation Layer 6 executes network hop-by-hop encryption and scrambling, unrelated to the client's own encryption.
(763) In Application Layer 7, SDNP communication is again unique because any SDNP-enabled application must be able to mix and restore fragmented data, and to know what to do if part of a fragmented payload does not arrive, again contextual transport.
(764) All of the above security and performance of the disclosed SDNP network are achieved without the use of client encryption and private key management. If a client's application is also encrypted, e.g. a private company's security, then the VPN-like tunneling is combined with the data fragmentation to make a new type of secure communicationfragmented tunneled data, a hybrid of Presentation Layer 6 and Application Layer 7, shown in
(765) One unique aspect of SDNP communication in accordance with this invention is the example of race routing shown in
SUMMARY
(766) The foregoing disclosure illustrates the numerous advantages in performance, latency, quality, security, and privacy achieved by SDNP communication in accordance with this invention. Table
(767) In the disclosed SDNP network, even in the event that a cyber attacker breaks the encryption, the data in any one packet is garbled, incomplete, mixed with other messages, and scrambled out of orderbasically the content of any SDNP packet is useless except to the person for which it was intended. Moreover, even if the network's encryption were broken, a challenge that can take years to complete, even with quantum computing, one-tenth of a second later the dynamic encryption of every packet traversing the entire SDNP cloud changes. This means that a would-be hacker must start all over every 100 ms. With such dynamic methods, a five-minute conversation, even if it were completely available in a single data string, would take hundreds of years to decode. Beyond this, with the addition of data fragmentation, dynamic scrambling, and dynamic mixing and rerouting, any benefits to be gained by breaking the encryption would be totally illusory.
(768) The combination of the multiple levels of security realized by the secure dynamic network and protocol described herein, including dynamic scrambling, fragmented data transport, anonymous data packets, and dynamic encryption far exceeds the security offered by simple static encryption. In SDNP communication as disclosed herein, data packets from a single conversation, dialog, or other communication do not travel across a single route but are split into incomprehensible snippets of meaningless data fragments, scrambled out of sequence and sent over multiple paths that change continuously in content, by mix, and by the data's underlying security credentials. The resulting communication method represents the first hyper-secure communication system.