公开(公告)号：US20120117382A1

公开(公告)日：2012-05-10

申请号：US13343465

申请日：2012-01-04

申请人： Victor Larson ,  Robert Dunham Short, III ,  Edmond Colby Munger ,  Michael Williamson

发明人： Victor Larson ,  Robert Dunham Short, III ,  Edmond Colby Munger ,  Michael Williamson

IPC分类号： H04L29/06

CPC分类号： H04L63/0485 ,  G06F17/30864 ,  G06F21/606 ,  H04L12/4641 ,  H04L29/12066 ,  H04L29/12216 ,  H04L29/12301 ,  H04L29/1232 ,  H04L29/12594 ,  H04L29/12783 ,  H04L29/12801 ,  H04L41/00 ,  H04L45/00 ,  H04L45/24 ,  H04L45/28 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/3015 ,  H04L61/303 ,  H04L61/35 ,  H04L61/6004 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/04 ,  H04L63/0407 ,  H04L63/0421 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/0478 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/164 ,  H04L63/168 ,  H04L67/14 ,  H04L67/141

摘要： A method and system are used to transparently create an encrypted communications channel between a client device and a target device. Audio video communications between the client device and the target device are allowed over the encrypted communications channel once the encrypted communications channel is created. The method comprises: (1) receiving from the client device a request for a network address associated with the target device; (2) determining whether the request is requesting access to a device that accepts an encrypted channel connection with the client device; and (3) depending on the determination made in step (2) providing provisioning information required to initiate the creation of the encrypted communications channel between the client device and the target device such that the encrypted communications channel supports secure audio/video communications transmitted between the two devices.

摘要翻译： 一种方法和系统用于在客户端设备和目标设备之间透明地创建加密的通信信道。 一旦加密的通信信道被创建，客户端设备和目标设备之间的音频视频通信被允许通过加密的通信信道。 该方法包括：（1）从客户端设备接收与目标设备相关联的网络地址的请求; （2）确定请求是否请求访问接受与客户端设备的加密信道连接的设备; 和（3）取决于步骤（2）中作出的确定提供在客户端设备和目标设备之间启动加密的通信信道的创建所需的供应信息，使得加密的通信信道支持安全的音频/视频通信 两个设备。

公开(公告)号：US07996539B2

公开(公告)日：2011-08-09

申请号：US11301022

申请日：2005-12-13

申请人： Edmund Colby Munger ,  Vincent J. Sabio ,  Robert Dunham Short, III ,  Virgil D. Gligor ,  Douglas Charles Schmidt

发明人： Edmund Colby Munger ,  Vincent J. Sabio ,  Robert Dunham Short, III ,  Virgil D. Gligor ,  Douglas Charles Schmidt

IPC分类号： G06F15/16

CPC分类号： H04L61/2539 ,  H04L9/065 ,  H04L29/12216 ,  H04L29/12301 ,  H04L29/1232 ,  H04L29/12801 ,  H04L45/20 ,  H04L45/24 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/30 ,  H04L61/6004 ,  H04L63/0272 ,  H04L63/04 ,  H04L63/0407 ,  H04L63/0421 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/1441 ,  H04L63/1491 ,  H04M3/42008

摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

摘要翻译： 多个计算机节点使用看似随意的IP源和目的地址和（可选地）看似随机的鉴别符字段进行通信。 由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合标准的数据包将被拒绝。 除了IP地址和鉴别字段的“跳”之外，还可以跳过媒体访问控制地址等硬件地址。 跳跃地址由具有非重复序列长度的随机数生成器产生，其可以先前容易地确定，其可以通过任意数量的随机步骤快速地向前跳跃，并且具有将来随机数难以猜测的性质 不知道随机数生成器的参数。 同步技术可用于重新建立发送和接收节点之间的同步。

公开(公告)号：US20090063357A1

公开(公告)日：2009-03-05

申请号：US12201873

申请日：2008-08-29

申请人： Edmund C. Munger ,  Robert D. Short, III

发明人： Edmund C. Munger ,  Robert D. Short, III

IPC分类号： G06Q30/00

CPC分类号： H04M15/00 ,  G06Q50/188 ,  H04L12/1457 ,  H04L12/1464 ,  H04L12/1492 ,  H04L12/66 ,  H04L41/5006 ,  H04M15/46 ,  H04M15/51 ,  H04M15/8044 ,  H04M15/805 ,  H04M15/83 ,  H04M2215/0168 ,  H04M2215/2013 ,  H04M2215/2033 ,  H04M2215/54 ,  H04M2215/56 ,  H04M2215/745 ,  H04M2215/7457 ,  H04M2215/81

摘要： A method of and system for providing opportunistic internet connections is disclosed. The method and system receive a request from a first electronic device having network account with a first entity to negotiate a connection for a second electronic device; determine a network account associated with the second electronic device; and automatically connect the second electronic device in accordance with one or more rules including determination of a tariff for making the connection.

摘要翻译： 公开了提供机会性因特网连接的方法和系统。 所述方法和系统从具有与第一实体的网络帐户的第一电子设备接收到协商用于第二电子设备的连接的请求; 确定与所述第二电子设备相关联的网络帐户; 并且根据一个或多个规则自动地连接第二电子设备，包括确定用于进行连接的费率。

公开(公告)号：US07490151B2

公开(公告)日：2009-02-10

申请号：US10259494

申请日：2002-09-30

申请人： Edward Colby Munger ,  Robert Dunham Short, III ,  Victor Larson ,  Michael Williamson

发明人： Edward Colby Munger ,  Robert Dunham Short, III ,  Victor Larson ,  Michael Williamson

IPC分类号： G06F15/173

CPC分类号： H04L65/403 ,  H04L45/00 ,  H04L45/24 ,  H04L45/28 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/35 ,  H04L61/6004 ,  H04L63/0272 ,  H04L63/0407 ,  H04L63/0414 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/10 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/1491

摘要： A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.

摘要翻译： 多个计算机节点使用看似随机的因特网协议源和目的地址进行通信。 由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合标准的数据包将被快速拒绝。 对基本设计的改进包括（1）根据传输路径质量在不同传输路径上分发数据包的负载平衡器; （2）响应于域名查询透明地创建虚拟专用网络的DNS代理服务器; （3）一个大到小的链路带宽管理功能，可防止系统阻塞点的拒绝服务攻击; （4）流量限制器，其通过限制发射机与接收机同步的速率来调节输入分组; 和（5）信令同步器，其允许大量节点通过分割两个单独实体之间的通信功能而与中央节点进行通信。

公开(公告)号：US20080040791A1

公开(公告)日：2008-02-14

申请号：US11839969

申请日：2007-08-16

申请人： Edmund Munger ,  Douglas Schmidt ,  Robert Short ,  Victor Larson ,  Michael Williamson

发明人： Edmund Munger ,  Douglas Schmidt ,  Robert Short ,  Victor Larson ,  Michael Williamson

IPC分类号： H04L9/32

CPC分类号： H04L65/403 ,  H04L45/00 ,  H04L45/24 ,  H04L45/28 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/35 ,  H04L61/6004 ,  H04L63/0272 ,  H04L63/0407 ,  H04L63/0414 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/10 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/1491

摘要： A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.

公开(公告)号：US20080040783A1

公开(公告)日：2008-02-14

申请号：US11840508

申请日：2007-08-17

申请人： Victor Larson ,  Robert Short ,  Edmund Munger ,  Michael Williamson

发明人： Victor Larson ,  Robert Short ,  Edmund Munger ,  Michael Williamson

IPC分类号： G06F7/04

CPC分类号： H04L63/0485 ,  G06F17/30864 ,  G06F21/606 ,  H04L12/4641 ,  H04L29/12066 ,  H04L29/12216 ,  H04L29/12301 ,  H04L29/1232 ,  H04L29/12594 ,  H04L29/12783 ,  H04L29/12801 ,  H04L41/00 ,  H04L45/00 ,  H04L45/24 ,  H04L45/28 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/3015 ,  H04L61/303 ,  H04L61/35 ,  H04L61/6004 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/04 ,  H04L63/0407 ,  H04L63/0421 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/0478 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/164 ,  H04L63/168 ,  H04L67/14 ,  H04L67/141

摘要： A secure domain name service for a computer network is disclosed that includes a portal connected to a computer network, such as the Internet, and a domain name database connected to the computer network through the portal. The portal authenticates a query for a secure computer network address, and the domain name database stores secure computer network addresses for the computer network. Each secure computer network address is based on a non-standard top-level domain name, such as .scom, .sorg, .snet, .snet, .sedu, .smil and .sint.

公开(公告)号：US11240235B2

公开(公告)日：2022-02-01

申请号：US16299607

申请日：2019-03-12

申请人： VirnetX, Inc.

发明人： Robert Dunham Short, III ,  Nathaniel Jackson Short ,  Michael Williamson

IPC分类号： H04L29/06 ,  H04L29/12

摘要： Systems and methods are provided for establishing a secure communication link between a first client and a second client. One exemplary computer-implemented method for establishing a secure communication link between a first client and a second client includes accessing, from a storage, identification information of a user of the first client. The method further includes receiving a Domain Name Service (DNS) request from the first client requesting a secure network address corresponding to a secure domain name associated with the second client. The method further includes authenticating the user based on the user identification information. The method also includes transmitting the secure computer network address in response to the DNS request based on a determination that the user has been authenticated. A secure communication link between the first client and the second client is established based on the secure computer network address.

公开(公告)号：US10680830B2

公开(公告)日：2020-06-09

申请号：US15960182

申请日：2018-04-23

申请人： VirnetX, Inc.

发明人： Victor Larson

IPC分类号： H04L29/00 ,  H04L9/32 ,  H04L12/24 ,  H04L12/927 ,  H04L29/06 ,  H04L12/26

摘要： A virtual private network (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices.

公开(公告)号：US09819649B2

公开(公告)日：2017-11-14

申请号：US14702630

申请日：2015-05-01

申请人： VirnetX, Inc.

发明人： Victor Larson ,  Robert Dunham Short, III ,  Edmund Colby Munger ,  Michael Williamson

IPC分类号： H04L9/12 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC分类号： H04L63/0485 ,  G06F17/30864 ,  G06F21/606 ,  H04L12/4641 ,  H04L29/12066 ,  H04L29/12216 ,  H04L29/12301 ,  H04L29/1232 ,  H04L29/12594 ,  H04L29/12783 ,  H04L29/12801 ,  H04L41/00 ,  H04L45/00 ,  H04L45/24 ,  H04L45/28 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/3015 ,  H04L61/303 ,  H04L61/35 ,  H04L61/6004 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/04 ,  H04L63/0407 ,  H04L63/0421 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/0478 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/164 ,  H04L63/168 ,  H04L67/14 ,  H04L67/141

摘要： A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link.

公开(公告)号：US09413766B2

公开(公告)日：2016-08-09

申请号：US14526669

申请日：2014-10-29

申请人： VIRNETX, INC.

发明人： Victor Larson ,  Robert Dunham Short, III ,  Edmund Colby Munger ,  Michael Williamson

IPC分类号： H04L29/06 ,  H04L12/701 ,  H04L12/707 ,  H04L12/703 ,  H04L29/12

CPC分类号： H04L63/0876 ,  H04L29/12047 ,  H04L29/12216 ,  H04L29/12301 ,  H04L29/1232 ,  H04L29/12783 ,  H04L29/12801 ,  H04L45/00 ,  H04L45/24 ,  H04L45/28 ,  H04L61/15 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/35 ,  H04L61/6004 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/029 ,  H04L63/0414 ,  H04L63/0421 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/10 ,  H04L63/1458 ,  H04L63/1491 ,  H04L63/18

摘要： A device and method for establishing a connection between devices is disclosed. A first device receives a request to connect to a second network device and, based on the request, a determination is made as to whether the first device is set to a first communication mode or a second communication mode. If the first device is set to the first communication mode then a first name associated with the second device is sent to a first name service, the first name service supporting establishing an encrypted connection to the second device, a resource for the encrypted connection to the second device is received at the first device, and communication with the second device is established over the network via the encrypted connection using the received resource. If the first device is set to the second communication mode then communication with the second device is established via a second connection.

摘要翻译： 公开了一种用于建立设备之间的连接的设备和方法。 第一设备接收连接到第二网络设备的请求，并且基于该请求，确定第一设备是否被设置为第一通信模式或第二通信模式。 如果第一设备被设置为第一通信模式，则将与第二设备相关联的名字发送到名字服务，支持建立到第二设备的加密连接的名字服务，用于加密连接到第二设备的资源 在第一设备处接收第二设备，并且通过使用接收的资源的加密连接在网络上建立与第二设备的通信。 如果第一设备被设置为第二通信模式，则经由第二连接建立与第二设备的通信。