JP2020516198A - Method and apparatus for hyper secure last mile communication - Google Patents

Abstract

Various techniques for hiding communication content between a client device such as a mobile phone or a laptop and a network of a media node or a cloud have been disclosed. These technologies include a technology for routing data packets being communicated to various gateway nodes in the cloud, a technology for transmitting these packets through various physical media such as Ethernet (registered trademark) cables and WiFi channels, There is a technique of disguising a data packet by assigning various transmission source addresses to the data packet. In addition, techniques for muting only specific participants in a conference call and methods for storing data files in a very secure manner are also disclosed. [Selection diagram] Fig. 52C

Description

(Cross reference to related application)
This application claims the priority of US Provisional Application 62/480,696 filed April 3, 2017, and is of US Provisional Application No. 62/107,650 filed January 26, 2015. This is a continuation-in-part application of U.S. Application No. 14/803,869 entitled "Secure Dynamic Communication Networks and Protocols" filed July 20, 2015 as claiming priority. Each of the aforementioned applications is incorporated herein by reference in its entirety.

(Technical field)
The present invention relates to a method and apparatus for facilitating hypersecure “last mile” communication between devices and gateways and networks or clouds.

  By improving the means of communication, civilization has advanced from the earliest beginnings of mankind. From the use of courier and courier to travel on foot or on horseback, through postal delivery by train, truck, and airplane, to telegraph, telephone, radio, television, computer, mobile, and Internet, email, And the emergence of the World Wide Web (WWW) and more recently through social media, voice over Internet, machine-to-machine (M2M) connectivity, IoT (Internet of Thing), and ioE (Internet of Everything). , Communication has always been a pioneer in utilizing the latest technology of the present generation. As each new era of telecommunications technology has been adopted, the number of people connected and the speed at which information is carried between them has also increased.

  The impact of this trend is that humankind is more connected than at any time in history, and communication technology is intended to connect private, personal, family, and financial information. It means that people trust and depend on the safe and reliable delivery only to the target audience. Knowledge and information will be delivered to millions of people in seconds, allowing friends and family to reach people on the other side of the globe at the push of a button. It is often said that the world is a very small place.

  While such advances are of great benefit to everyone, there is a squeeze of our heavy reliance on technology. For example, if the communication system fails to perform during an earthquake or storm, even "temporarily", people may be confused or even panicked by being "disconnected." Communication systems, or media quality of service (QoS), is an important measure of the performance of a communication network. People's peace of mind, financial assets, identities, and even their very lives, depend on reliable and secure communication.

  Another consideration of communication networks is the ability to guarantee privacy, safety, and security to their clients. As communications technology evolves, so does the knowledge of criminals and "hackers" who are meant to mischief, disrupt systems, steal money, and accidentally or maliciously harm others. . Unauthorized disclosure of credit card fraud, password theft, spoofing, and confidential information, private photos, files, emails, text messages, and private tweets (those stolen for annoyance or the victim of blackmail) are modern It's just a few examples of cybercrime.

The notable examples of privacy infringement and cyber crimes at the time of this patent application are listed below, and the outbreak of security problems in modern open communication networks is shown in chronological order.
"Target: Theft information involving at least 70 million people," CNBC, January 10, 2014 ""Hackers send malicious emails on high-performance refrigerators and televisions", BGR, 2014 1 20th May-"Thermostat has been hacked and Nest and Google's secret controversy resumes," Flash Gear, June 24th, 2014 "Account hijacks question LINE's data security. LINE, a call and messaging application, has been shaken by recent data security breaches, where it was discovered that hundreds of user counts were tampered with by people other than the users on the account.” Nikkei Asian Review, July 2, 2014 "Reporting complaints that Americans are involved in NSA data sweeps," AP, July 6, 2014 "Smart LED bulbs leak WiFi passwords," BBC News , July 8, 2014 · “Six were in the scam of buying prime tickets on the StubHub. StubHub used stolen passwords and credit card numbers to find out what was happening at pop music concerts and the Yankees match. It has been targeted by hackers who buy and sell thousands of tickets, New York State officials said, "Bloomberg, July 24, 2014-"Research shows that IoT is extremely vulnerable," International Businesses. Times ( www.ibtimees.com )
"Russian hackers collect over 1 billion Internet passwords", New York Times, August 5, 2014. "New leakers revealing American secrets, government conclusions", CNN, August 2014. May 6 ・"Hacker routes the thermostat of Nest Inc. acquired by Google Inc. in 15 seconds", The Enquirer (www.theinquirer.net), August 11, 2014 "The same malware targeting the target" Hacked by Daily Queen," Christian Science Monitor, August 29, 2014-"Celebrity Victim of Nude Photo Leakage-Security Vulnerability in iCloud Accounts", CBS News, September 1, 2014. Home Depot could be the newest target for credit card infringement: Home Depot infringement could be much larger than the target (40 million cards stolen over three weeks) Fortune, September 2, 2014, "Towers of mysterious imitation mobile phones are intercepting calls across the United States," Businsess Insider, September 3, 2014, "Hacking attack: retail from banks "What are the signs of a cyber war?", Yahoo Finance, September 3, 2014 "Home Depot acknowledges that payment systems have been hacked at US and Canadian stores," Fox News, September 2014. 9th: “Yahoo made a legal battle with the U.S. Government on surveillance”, CBS/AP, September 11, 2014 • “For hackers, your medical record is more valuable than a credit card,” Reuters, 2014. September 24th, "Red Alert: HTTP was hacked. Browser crushers against SSL/TLS (Beast) attacks rank as the worst hacks, as hundreds of millions of people include browser connections that rely on them every day. , InfoWorld, September 26, 2014, "Sony's cyber attack, the first sabotage burned up quickly," New York Times, December 30, 2014.

  As cybercrime, security breaches, spoofing, and privacy breaches seem to be increasing in pace, “How can all these cyber attacks be possible and what can be done to stop them? Do you ask?" While society demands more privacy and security, consumers also demand higher connectivity, cheaper and higher quality communications, and greater convenience in financial transactions.

  To understand the capabilities and vulnerabilities of modern communication networks, data storage, and connected devices, modern electronic, wireless, and optical communications are used for files, email, text, audio, and video. It is first important to understand how to manipulate, transfer, and store data, including images.

Circuit switched telephone network operation

  Electronic communication includes various hardware components or devices connected to a network of wires, wireless, microwave, or fiber optic lines. Information is passed from one device to another by transmitting electrical or electromagnetic energy through this network using various methods for embedding or encoding the "content" of information in a data stream. Be done. Theoretically, the maximum data rate of these networks is set by the laws of physics at the speed of light, but in most cases data encoding, routing and traffic control, signal-to-noise quality, and electrical noise, electromagnetic noise, Optical noise, and practical limitations in overcoming unwanted electronic parasitics, disrupt or impede the flow of information, limiting the capabilities of communication networks to a small fraction of ideal performance.

  Historically, electronic data communication was first accomplished using dedicated "wired" electrical connections that form a "circuit" of communication between two or more electrically connected devices. . In the case of telegraphs, a mechanical switch is used to manually create a direct current (DC) electrical circuit, the current is cut off, a metal lever is rotated to magnetize a solenoid, and the switch of the switch pressed by the sender. Click the listening device or "Repeater" in the same pattern as the pattern. The sender then encodes the information into a pulse train using the established language, Morse Code. To understand the message, the recipient also needs to understand the Morse code, which is a series of long and short pulses called dots and dashes.

  Later, Alexander Graham Bell developed the first telephone to convey sound through an electrical connection, using the notion of "wave current", now called alternating current (AC). The telephone network included two electromagnetic transducers connected by electrical circuits, each electromagnetic transducer including a moving diaphragm surrounded by a fixed permanent magnet enclosure, and a coil, or "voice coil." Talking to the transducer, the change in air pressure from the sound causes the voice coil to move back and forth in the surrounding magnetic field that induces the AC current in the coil. On the listener's side, the time-varying current flowing in the voice coil induces the same waveform facing the surrounding magnetic field and the time-varying magnetic field to move the voice coil back and forth in the same way as a transducer that captures sound. move. The resulting motion plays the sound in the same way as a device that captures the sound. In modern language, when a transducer converts sound into current it operates as a microphone, and when the transducer converts current into sound it operates as a speaker. In addition, since the conducted electric signal resembles a natural atmospheric pressure wave in the air, that is, an audio waveform carried as a sound, such an electric signal is called an analog signal, or an analog waveform, in the present day.

  As explained, transducers are used for both speaking and listening, so a conversation needs to know when they are speaking and when they are listening. In such a system, the caller cannot speak and listen at the same time, as with two empty cans connected by a thread, a thread telephone. Such one-way operation, called the "half-duplex" scheme, may sound classical, but in modern wireless communication with transceivers and in modern telephony, termed "push-to-talk" or PTT. In fact, it is still in common use today.

  Subsequent full-duplex (ie, two-way or send/receive) telephones were equipped with separate microphones and speakers, and it became commonplace to be able to speak and listen at the same time. However, even in modern times, when operating full-duplex telephony, footback, or the voice of the recipient, is picked up by a microphone and fed back to the caller, causing confusing echoes and sometimes annoying noises. Care must be taken to prevent the problem that particularly plagues long distance telephone communications.

  Early telegraph and telephone systems suffered from another issue, privacy issues. In these early communication networks, everyone connected to the network hears all the information communicated on the circuit, if not desired. In non-urban telephone networks, these shared circuits were known as "party lines." After that, the telephone system rapidly developed into a multi-line network, and a direct line directly connected to the telephones of individual customers at each branch of the central office. Within the branch office, system operators manually connect callers to each other through a switch using jumper cables and also connect one branch to another to provide the first "long-distance" telephone service. It had the function of forming. The large array of repeaters forming the telephone "switch" network was gradually replaced by a human operator and subsequently replaced by an electronic switch containing vacuum tubes.

  After Bell Laboratories developed transistors in the late 1950s, in telephone and branch switches, the fragile, hot vacuum tubes were replaced with cold-acting solid-state devices containing transistors and ultimately integrated circuits. As the network grew, telephone numbers were expanded with more digits starting from the 7-digit prefix and private numbers, including the area code and ultimately the country code for international calls. Copper cables carrying voice calls quickly covered the world and crossed the ocean. Regardless of the size of the network, the principle of operation is constant, the call is direct and electrical between the caller with voice carried by an analog signal and the routing of the call determined by the telephone switch. A connection, or "circuit," is represented. Such telephone systems eventually became known as "circuit-switched telephone networks," or as basic telephone systems, or POTS. The adoption of circuit-switched telephones peaked in the 1980s and was later replaced by the "packet-switched telephones" described in the next section.

  It evolved almost in parallel with the telephone network, and in the 1920s, regular wireless communication by wireless broadcasting was started. Broadcasts are unidirectional, originated from a radio broadcast station at a particular government-licensed frequency, and received by that particular broadcast frequency, or any number of radio receivers tuned to the station. The broadcast signal carried an analog signal in a dedicated portion of the licensed radio spectrum, either using amplitude modulation (AM) or later frequency modulation (FM), respectively. In the United States, the Federal Communications Commission, or FCC, has developed to manage such licensed bandwidth allocations and regulations. The concept of broadcasting has been extended to the broadcasting of television programs using wireless transmission. The television show initially contained black and white content, but was later aired in color. The television signal could then also be carried to people's homes, either by a microwave satellite television receiving antenna or via a coaxial cable. The term "multicast" is now used for such one-way, multi-listener communication because any viewer tuned to a particular broadcast frequency can receive the broadcast.

  With the advent of wireless broadcasting, the first two-way communications began on commercial and military naval vessels. By the time of World War II, radios had evolved into portable radio transceivers that combined a transmitter and receiver into a single unit. Similar to telephones, early two-way radio transmissions operated in a "simplex" fashion, where only one radio could broadcast on one radio channel, while no other radio channel could broadcast. By combining transmitters and receivers of different frequencies, it is possible to transmit and receive at both ends of the wireless line at the same time, and full duplex communication between the two parties becomes possible.

  However, in order to prevent duplicate transmissions from multiple parties, half-duplex, or a protocol called push-to-talk, is commonly used for channel management, where any person can monopolize a particular channel on a first-come, first-served basis. Can be sent to you. Industry standard radio types that use analog modulation include amateur (ham or CB) radio, marine VHF radio, UNICOM for air traffic control, and FRS for personal transceiver communication. In these two-way wireless networks, the radios send data over a "channel" of a particular frequency to a central wireless tower, which amplifies and repeats the signal and sends it across the wireless network. The number of available frequencies that convey information to the broadcast area sets the total bandwidth of the system and the number of users that can communicate independently on the wireless network at one time.

  The concept of cellular networks, which divided large areas into smaller parts, or wireless "cells", in order to expand the total capacity of the wireless network and handle more callers, was demonstrated in the 1970s and then 10 years later. Popularized within. The concept of cellular is to limit the radio tower's coverage to a narrower range, i.e. to a shorter distance, thus reusing the same frequency band to handle different callers residing in different cells simultaneously. You can To that end, software was created to manage the handoff of a person making a call from one cell to an adjacent cell without "cutting off" and suddenly disconnecting. The original cellular networks were analog in nature, such as POTS, interactive wireless, radio and television broadcasting. To control call routing, a telephone number system was adopted and appropriate wireless electrical connections were determined. This option also had the advantage of seamlessly connecting the new wireless cellular network to a "wired" conventional telephone system, providing interconnection and interoperability between the two systems.

  In the 1980s, telephone and wireless communications, in addition to wireless and television broadcasts, carry text with data and voice to reduce power consumption, improve battery life, improve signal to noise quality. In order to start addressing the need issue, we have begun an unavoidable transition of communication methods and formats from analog to digital. With the advent of wireless formats such as EDACS and TETRA, one-to-one, one-to-many and many-to-many communication schemes became possible. Cellular communication has rapidly moved to digital formats such as GPRS as well as television broadcasting.

  By 2010, most countries had all analog TV broadcasts discontinued or were in the process of discontinuing. Unlike broadcast television, cable operators did not have to switch to digital formats and, by 2013, maintained a hybrid composite of analog and digital signals. The final migration of cable TV to digital is for commercial rather than government standards, increasing the number of available channels on the network, delivering HD and UHD content, and increasing pay-per-view. The purpose was to enable programming (PPV, also known as "unicast") and provide high speed digital connectivity services to customers.

  It is common to equate the transition of global communications networks from analog formats to digital formats with the advent of the Internet, and more specifically with the proliferation of Internet Protocol (IP), but if not promoted, digital formats The conversion to IP precedes commercial acceptance of IP over the telephone and enables a global migration of communications to IP and "packet switched networks" (discussed in the next section).

  The resulting evolution of circuit switched telephones is the "Public Switched Telephone Network" or PSTN, which includes a fusion and sub-networks of wireless, cellular, PBX, and POTS connections, each containing different technologies. For example, the network includes PSTN gateways connected by high bandwidth trunks, connected via POTS gateways, circuit switched cellular networks, PBXs, and wired connections to two-way wireless networks. Each sub-network can be operated independently and drives similar devices.

  The PSTN also connects to a circuit-switched cellular network 17 that implements the analog and digital protocols of AMPS, CDMA, and GSM®. Via the cellular radio tower, the circuit-switched cellular network uses standardized cellular radios to connect to mobile devices such as cell phones. In the case of the GPRS network, which is an extension of GSM®, the circuit-switched cellular network can also be connected to tablets, carrying low speed data and voice at the same time. Two-way wireless networks such as TETRA and EDACS connect the PSTN to handheld radios and desktop radios in larger dashboards via high power radio towers and RF connections. Such two-way wireless networks, commonly used by police officers, ambulances, paramedics, fire departments, and even Gulf authorities, are also referred to as professional communication networks and services, and rather than consumers, governments rather than consumers. , Local governments, and emergency responders (Note: As used herein, the terms "desktop," "tablet," and "notebook" are abbreviations for computers with those names. used.).

  Unlike POTS gateways, circuit switched cellular networks, and PBXs, which use traditional telephone numbers to complete call routing, two-way wireless networks use a dedicated RF radio channel (rather than a telephone number) to wirelessly Make a wireless connection between the tower and a convenient mobile device. Thus, professional wireless communication services are unique and distinct from the consumer's cellular network.

  That is, the PSTN network flexibly interconnects sub-networks of various technologies. Exactly this diversity defines the essential weakness of current circuit-switched networks: interoperability between subnetworks. Due to the fact that the various sub-networks do not communicate with any common control protocol and language, and because each technology handles the transmission of data and voice differently, various systems have the ability to make phone calls over the PSTN backbone or trunk. Inherently incompatible except limited. For example, during the September 11 terrorist attack on the World Trade Center in New York City, many emergency responders from all over the United States attempted to gather in Manhattan to assist in the fight against the catastrophe. Transceivers only learned that they were incompatible with volunteers from other states and cities, and it was impossible to manage their relief efforts to be centralized, commanded and controlled. Since wireless communication protocols have not been standardized, wireless communication could not simply be connected to each other.

  Moreover, when using direct and electrical and RF connections of circuit switched telephone networks, especially analog or insecure digital protocols, a hacker with an RF scanner finds an active communication channel and is occurring at that time. It is easy to notice, sample, listen to, and eavesdrop on a conversation. Because the PSTN forms a "continuous" connection, or line, between communicating parties, there is ample time for a hacker to identify and "eavesdrop" on a connection, and a government operating under federal court. Eavesdropping illegally by, or eavesdropping by law by cybercriminals or governments who carry out illegal, forbidden, or unauthorized surveillance. The definition of legitimate and illegal espionage and surveillance and the obligation of network operators to comply with cooperation vary greatly between countries, and among global companies such as Google, Yahoo and Apple, which operate across multiple borders. It is a hot issue. The telecommunications network and the Internet are global, and although they do not recognize borders or boundaries, the laws governing electronic information are unique to the land, and the national and international communications and commerce at that time are subject to It is the target.

  Regardless of its legality and ethics, today's electronic snooping and surveillance is commonplace, from surveillance of all roads and subways, all road turns, and ubiquitous security cameras installed overhead. It extends to skillful hacking and code cracking performed by the National Security Division and organizations. All networks are vulnerable, but they are especially easy to hack due to the age of PSTN and poor security measures. As described above, even the PSTN connected to the latest secure network becomes a weak point of the entire system and creates vulnerability to security breaches and cyber crimes. Nevertheless, it will take years, if not decades, to abolish the global PSTN network and completely replace it with IP-based packet-switched communications. Packet-based networks (discussed below) are more modern than PSTN networks, but are still less secure and are subject to security disruptions, hacks, denial of service attacks, and privacy breaches.

Packet-switched communication network operation

  If two empty cans connected by a thread, the thread telephone, symbolize the metaphor of the operation of a modern circuit-switched telephone, the post office symbolizes a similar metaphor of a packet-switched communication network. Text, data, voice, and video are converted into files and streams of digital data, which are then parsed into quantized "packets" of data delivered over a network. The delivery mechanism is based on an electronic address that uniquely identifies the destination and source of the data packet. The format and communication protocol are also designed to include information about the nature of the data contained in a packet, which is a content that is specific to the program or application in which it is used, the physical connection that carries the packet, and the electrical And hardware that facilitates a connection or a wireless connection.

  The concept of packet-switched networks, born in the 1960s, was created during the post-Cold War Paranoia era of Post-Sputnik. At that time, the U.S. Department of Defense (DoD) was concerned that a spaced nuclear missile attack could destroy the entire US communications infrastructure, destroying the Soviet Union's ability to respond to preemptive attacks, and He expressed concern that vulnerabilities such as attacks could actually cause attacks. Therefore, the Pentagon has created an excess of communication systems, or grids of "networks," in which the network's ability to distribute information between military installations is not hindered by the destruction of certain data links and many links within the network. Helped. Known as the ARPANET, the system became the parent of the Internet and the eve of modern digital communications.

  Despite the creation of packet-switched networks, Mosaic, the first easy-to-use web browser, the emergence of web pages defined by hypertext, the rapid spread of WWW, and the spread of e-mail have made it a global Internet platform. Until the 1990s, when the popular support gathered, the explosive growth of the Internet did not occur. One of its basic ideas, the lack of central control, the need for a central mainframe, has propelled the Internet to some extent universally, but this could not be stopped by national or governmental (or global). (I didn't even fully understand the implications of this), and because the user base contained consumers using a newly purchased personal computer.

  Another major impact of the growth of the Internet was the standardization of the Internet Protocol (IP) used to route data packets through networks. By the mid-1990s, Internet users realized that the same packet-switched networks that carried data could also be used to carry voice, and shortly thereafter the "Voice over Internet Protocol", or VoIP, was born. Although this concept theoretically allowed anyone with access to the Internet to communicate free of charge over VoIP, it is cumbersome to propagate throughout the network. That is, waiting time occurs, the voice quality deteriorates, and it is often difficult to understand. Although the delay time has been improved by adopting a high-speed Ethernet link, high-speed WiFi connection, and 4G data to improve the connection quality in the "last mile", the Internet itself provides accurate delivery of data packets. It was created to ensure that the time required to deliver a packet is not guaranteed, that is, it is not created to operate as a real-time network.

  So the dream of using the Internet instead of expensive long-distance carriers, or "telco companies," is related to the availability of "expected" (OTT) providers such as Skype, Line, KakaoTalk, and Viver. No, it was hardly fulfilled. OTT telephones suffer from poor quality of service (QoS) due to uncontrolled latency, poor sound quality, call origination stop, echo, reverberation, feedback, erratic sound, and often even inability to initiate a call. I'm troubled. The poor performance of OTT communications is not in essence a drawback of VoIP-based protocols, but of the network itself, in which the OTT carrier cannot manage the path data travels or the delays the communications face. In essence, OTT communications can act as an Internet hitchhiker, so OTT carriers cannot guarantee performance or QoS. The companies that can make the most of VoIP-based communications today are long-distance carriers with low-latency, hardware-based dedicated networks, and, ironically, the least incentive is to do so. That is the telephone company.

  Aside from the inherent network surplus, one of the greatest advantages of packet-switched communication is that any data transmission is provided as long as the data is placed in packets consistent with the Internet protocol, providing a communication device connected and linked to the Internet. The ability to transfer information from the source to any destination. The Internet Protocol manages the network's ability to deliver a payload to a destination without concern or attention to what information is being conveyed or which application uses that information, and it is a customized software interface and Completely avoids the need for expensive dedicated hardware. In many cases even the payload associated with the application establishes a predefined format. For example, to read an email, to open a web page on a browser, to see photos or videos, to see flash files, or to read PDF documents.

  Because its universal file format does not rely on proprietary or company-specific software, the Internet can be considered an "open source" communications platform, connected from computers to mobile phones, cars to home appliances, ever before. It is possible to communicate with the widest range of devices. The latest phrase that describes this universal connection is "Internet of Everything" or IoE.

  A high-speed cloud server, a large array of computers, including cloud data storage, interconnected by high bandwidth connections, typically fiber optics, between the myriad of other servers (not shown) that form the cloud of the Internet. To be done. The cloud metaphor is appropriate because there are no boundaries that clearly define which servers are considered part of the cloud and which are not. Every day, and even on a minute-by-minute basis, the server may come online and go offline for maintenance, but with no impact on Internet functionality or performance. This is a benefit of a properly duplicated distributed system. That is, there is no single control point and therefore no single point of failure.

  The cloud may be connected to users or devices via various wired, WiFi, or wireless links. Telephony capable of wireless packet switching includes cellular protocol 3G including HSUPA and HSDPA as well as 4G/LTE. LTE, or Long Term Evolution, is a network that guarantees interoperability of various cellular protocols, including the ability to seamlessly hand over calls from one cell to another, even when the cells are operating under different protocols. Refers to the standard. (Note: As a matter of definition, "last mile" as used herein refers to the link between any type of client device, such as a tablet, desktop, or mobile phone, and a cloud server.) Directionality As a result, the term "first mile" is sometimes used to identify the link between the device that sent the data and the cloud server. In such cases, the "last mile" link is also the "first mile".

  For shorter range communication, WiFi access points connect to smartphones, tablets, notebooks, desktops, or home appliances and can be used in localized wireless applications in homes, cafes, restaurants, and offices. WiFi includes communications that operate according to the IEEE-defined standards for single carrier frequency specifications 802.11a, 802.11b, 802.11g, 802.11n, and, more recently, the dual frequency band 802.11ac format. WiFi security based on a simple static login key is primarily used to prevent unauthorized access to a connection, but is not intended to protect data indefinitely from eavesdropping or hacking.

  Routers are connected to notebooks, desktops, phones, TVs by fiber, coaxial cable, or Ethernet, or by twisted-pair copper telephone lines at hotels, factories, offices, service centers, banks, and Connected to point-of-sale terminals that serve the stationary, fixed, wired market, including homes. Digital subscriber line (DSL) connections are still used in remote areas where fiber or cable is unavailable, but data rates and connection reliability are dramatically compromised. Overall, aggregated access over wireless, WiFi, and wired connections, the number of objects connected to the Internet is projected to reach 20 billion worldwide by 2020.

  In contrast to circuit-switched networks that establish and maintain direct connections between devices, palette-switched communications use addresses to "route" packets to their destinations over the Internet. Thus, in packet-switched communication networks, there is no single dedicated circuit that maintains the connection between communication devices, nor does data that travels over the Internet travel on a single, consistent path. Each packet must reach its destination through a maze of interconnected computers.

  When routing IP packets from the notebook to the desktop using packet switched network communication, the first data packet sent from the notebook to the WiFi router over the wireless connection is directed to the array of DNS servers. DNS is an acronym for Domain Name Server. The purpose of the array of DNS servers is to translate the text name or telephone number of the destination device, in this case the desktop, into an IP address. Once translated, the IP address is returned from the DNS server array to the source address, i.e. the notebook. This address, which uniquely identifies the communication terminal, is used to route the data packet through the network.

  After that, the notebook assembles IP data packets and starts sending the assembled IP data packets sequentially to the destination, first reaching the local WiFi router via the WiFi wireless wireless connection, and then acting as an intermediate router to the destination. It traverses the network of routers and servers. Routers and computer server networks function as nodes in the Internet or as points of presence (POPs). That is, they together form a router network that functions as a gateway with limited connectivity accessible to the Internet. Some routers or servers acting as POPs connect to the Internet through only a few neighboring devices, but servers are interconnected to many devices and are sometimes referred to as "super POPs." For the sake of clarity, care must be taken not to confuse the term POP in network terms with the application name POP used in e-mail applications, or the plain old post office.

  Each router, or server acting as a router, includes in its memory file a routing table that identifies the addressable IP addresses and, if possible, the addresses that higher level routers can address. These routing tables are automatically downloaded and installed on all routers when you first connect to the Internet. Usually not downloaded when routing packets over the network. When an IP packet enters a router, POP, or super POP, the router will read enough of the IP address, typically the most significant digit of the address, where the packet will go to in order to reach its destination. Recognize. For example, a packet traveling from New York to Tokyo can arrive in Tokyo first via Chicago and then via servers in San Francisco, Los Angeles, or Seattle. Since the number of data packets passing between routers and the data rate between routers depend on infrastructure equipment and network traffic and load, it is impossible to determine in advance which route should be the fastest.

  Unlike circuit-switched telephony, which uses packet-switched data to establish and maintain a direct connection between clients, there is no universal information overlooking the Internet, which route is best and optimal for routing packets. , Or the fastest route cannot be determined, and there is even no guarantee that two consecutive packets will take the same route. Thus, a packet "discovers" a route through the Internet based on the priority of the company operating the routers and servers through which the packet passes. In essence, each router contains a specific routing table and routing algorithm that defines preferred routes based on network conditions. For example, a router can be selected by sending packets to other routers owned by the same company, balancing traffic between connections to adjacent routers, looking for the shortest delay to the next router, and trading strategies. Prioritizing the creation of high speed paths for VIP clients by jumping to as many business partners as possible or jumping as many intermediate routers as possible. Once a packet enters the router, there is no way to know if the routing choice made by a particular POP was made in the best interest of the sender or network server operator.

  So, in a sense, the path that a packet takes is a matter of timing and luck. In the above New York to Tokyo routing example, the routing, and resulting QoS, varies substantially even with small perturbations in the path, or the so-called "butterfly effect," a nonlinear equation. be able to. Consider the case where packets from New York pass through "Router A" in Chicago and are forwarded to Mexico City instead of California due to the temporary high traffic in California. The Mexico City router then forwards the IP packet to Singapore and finally to Tokyo. The very next packet sent will be routed through "Router B" in Chicago, which has less traffic at that time, so it will only send the packet to San Francisco and then only twice. This is because it is sent directly to Tokyo. In such a case, the second packet may arrive in Tokyo before the first route goes through the longer detour route. This example highlights the problems of using the Internet for live video streaming or real-time communication such as VoIP. That is, the Internet is not designed to guarantee transmission times or control transmission delays in networks. Depending on whether the packet goes through only two servers, or fifteen servers, the latency can vary from 50 milliseconds to over a second.

  Poor Internet routing control is a problem for real-time applications, especially for OTT carriers, which is a poor QoS problem. That is, OTT operators are trying to provide Internet-based telephones by piggybacking on the infrastructure of the Internet. Since the OTT operator does not control the routing, it cannot control the delay or the latency of the network. Another problem with packet switched communication is that it is easy to hijack data without being detected. If a predator intercepts a packet and identifies its source or destination IP address, it uses a variety of methods to intercept the data from intervening routers, and then intercept the traffic through its illegal network. You can intercept or redirect to watch for conversations and even destroy encrypted files.

  The source and destination IP addresses used to route packets (and also used by predators to hijack packets), and other important information are IP packets, IP datagrams or TCP. /IP packet is specified as digital data. IP packets consist of physical connections between devices, how the data is organized to connect the devices together, network routing of packets, means to ensure that useful data (payload) is delivered correctly, and payload. The payload data itself is used by various application programs, including digital information that defines the type of data included.

  IP packets are sent and received in sequence as a series of serial digital bits and are organized in a particular way, called the Internet Protocol, established by various standards committees including the Internet Engineering Task Force, ie the IETF. This standard ensures that any IP packet that follows a predetermined protocol will communicate and be understood by any connected device that conforms to the same IP standard. Ensuring the communication and interoperability of devices and applications connected to the Internet is a certification of the Internet's quality and represents the guidelines of the open source initiative, or OSI, where any company, government, or individual controls the Internet. To prevent or limit accessibility or its functionality.

  The OSI model is an abstract concept that includes seven functional layers, and precisely defines the format of an IP packet and what purpose each segment of the packet is used for. Each part, or "segment," of an IP packet corresponds to data that applies to a particular OSI layer function. The roles of the seven OSIs are as follows.

Layer 1 : A physical layer, that is, a layer 1 which is a PHY layer, hardware-specific information that clarifies the physical properties of communication as an electrical signal, an RF signal, and an optical signal, and these signals are transmitted to a communication system. And a method of converting to bits for use. WiFi wireless, Ethernet, serial port, fiber optic, 3G or 4G cellular radio, DSL over twisted pair copper, USB, Bluetooth, cable or satellite TV, or audio, video, or multimedia content Converting a particular communication medium such as digital broadcasting into a bitstream is a task of the PHY layer. In the IP packet, the preamble represents layer 1 data and is used to synchronize the data packet, or the entire frame, with the hardware that transmits and receives the layer 1 data.

Layer 2 : Layer 2, which is the data link layer, defines the rules and means for converting the bitstream delivered from PHY Layer 1 into interpretable data, including the bits arranged as frames. For example, WiFi wireless-based bitstreams may comply with any number of IEEE-defined standards, including 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac. 3G wireless communication may be modulated using the high speed packet access method HSDPA or HSUPA. Modulated light in an optical fiber, or an electrical signal on a coaxial cable, can be decoded into data according to the DOCSIS 3 standard or the like. In the IP packet, the layer 2 data encapsulates the payload into a datagram including the "data link header" at the beginning and the "data link trailer" at the end, and defines the start time and end time of delivery of the payload. And ensure nothing is lost in the transmission process. A key element of Layer 2 data is the MAC, or media access address, used to direct data traffic to or from a particular Ethernet address, RF link, or hardware-specific transceiver link. ..

Layer 3 : The network or internet layer, Layer 3, contains packets called “datagrams” that contain IP information used to route IP packets, which packets relate to the nature of the payload contained within the packet. It includes IPv4 or IPv6 data, as well as corresponding information, and corresponding source and destination IP addresses. That is, the type of transport protocol used includes Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or something else. Layer 3 also includes the function of preventing loops. That is, the IP packet is never transmitted, but never disappears. A specific type of Layer 3 packet, ICMP, is used to diagnose network conditions and includes the well known "ping" function. In an IP packet, Layer 3 contains a "IP" header and encapsulates a transport segment header and a payload containing the upper layer segment.

Layer 4 : A transport layer, Layer 4, includes a segment of data that defines the nature of the connection between communication devices, and is the minimum description element of the payload for connectionless communication by UDP, that is, the payload size, The amount of lost bits and which application service (port) uses the delivered data are defined. UDP is considered connectionless because it does not check the delivery of the payload and instead checks the application for error or lost data. UDP is typically used for time sensitive communications such as broadcast, multicast, streaming, and packet retransmission is not an option. In contrast, TCP ensures a virtual connection by verifying the packet, ensuring that the payload is delivered before the next packet is sent and the discarded packet is retransmitted. TCP also uses checksums to check the data integrity of delivered packets and includes provisions for reconstructing out-of-order packets in their original order. Both TCP and UDP define source and destination ports, upper layer service or application descriptor elements, such as a web server or email server associated with the information contained in the layer 4 payload. In the IP packet, layer 4 contains the TCP/UDP header and encapsulates the data/payload containing the content used by the upper OSI layers 5, 6, and 7.

Layers 5, 6, 7 : Upper layers or application layers Layer 5, Layer 6, Layer 7 describe content delivered by the Internet as data/payload. Layer 7, the "application" layer, represents the highest level in the OSI model and relies on six underlying OSI layers to support both open source and proprietary application software. Commonly used level 7 applications include email using SMTP, POP, or IMAP, HTTP (Chrome, Safari, Explorer, Firefox), file transfer using FTP, and terminal emulation using Telnet. included. Proprietary applications include Microsoft Office products (Word, Excel, PowerPoint), Adobe Illustrator and Photoshop (registered trademark), Oracle and SAP database applications, Quicken, Microsoft SoftBank, financial software, Quoquio, and Quoquio. Also included are video players (iTunes, QuickTime, Real Media Player, Windows Media Player, Flash, etc.), and document readers such as Adobe Acrobat Reader, Apple Preview. Level 7 applications are generally syntactically defined by a Level 6 "presentation" layer that includes security features such as text, graphics & pictures, sound and video, document presentations such as XML or PDF, and encryption. It also uses embedded objects. The Level 5 "session" layer establishes connections between applications, such as importing one object into another program file, and controls the start and end of sessions.

  As mentioned above, the OSI seven-layer model defines the functionality of each layer, and the corresponding IP packet encapsulates the data associated with each layer. A wooden doll contains another doll, which in turn contains another doll, in a layer similar to the babuska, or Russian nesting doll. Contains other layers. The outer packet, the PHY layer, which is Layer 1, defines the entire IP frame, which contains information about all higher levels. In this PHY data, the layer 2 data frame describes the data link layer and includes the layer 3 data frame. Similarly, this data frame describes the Internet layer as the payload, and the data frame of layer 4 describes the transport layer. The transport layer transmits upper layer data including the contents of layers 5, 6, and 7 as a payload.

  The lower physical layer and the data link layer are hardware specific, but the intermediate OSI layer encapsulated within the IP packet that describes the network and forwarding information is the hardware used to communicate and deliver the IP packet. Is completely ignorant. Furthermore, the upper layers, encapsulated as a transport layer payload, are only specific to applications that apply and operate completely independent of the way packets are routed or delivered over the Internet. This division allows each layer to be managed essentially independently, allowing for myriad technologies and users without the need for administrative approval of the packet format and confirmation of the feasibility of the packet payload. Combinations are supported. Incomplete or improper IP packets are simply dropped. In this way, the packet-switched network can route, transfer, and deliver a variety of application-related information over different communication media in a consistent manner among any devices or objects connected to the Internet. .

  In conclusion, circuit-switched networks require a single direct connection between two or more parties that are communicating (similar to conventional telephone systems a century ago). Packet-switched network communication breaks down documents, voice, video, and text into multiple packets, but uses best efforts to deliver those packets over multiple network paths (accurate and timely). (Resemble to) and then rebuild the first content and make sure nothing is lost along the way. The table below summarizes a comparison of public switched telephone networks (PSTN) and packet switched VoIP.

  The PSTN operates using real-time electrical circuit connections, but the packet-switched network content uses various trucks and postal courier to eventually deliver the letter, even if it arrives late. Unlike, it uses a "best effort" method to deliver content and find a route to deliver packets and payloads. Packet switched networks and communications are described in detail in the background section of the patent called "Secure Dynamic Communications Networks and Protocols".

When considering network performance, there are several factors that can be considered:
Data rate, ie bandwidth,
・Quality of service,
・Network and data security,
-User privacy is considered.

  Of the above considerations, the data rate is easily quantified in millions of bytes/second, or Mbps. On the other hand, quality of service or QoS includes latency (quality of service), sound quality, network stability, intermittent operation or frequent service interruption, synchronization or connection failure, signal strength reduction, application stoppage, and emergency function. It includes several factors, including network redundancy. Cyber security and cyber privacy deals with cyber crime, cyber surveillance, IP packet sniffing, DoS attacks, profiling, scammers, packet hijacking, cyber infection, surveillance, control and intrusion by cyber criminals, and attacks on networks. And prevent unauthorized access to data traffic and content.

QoS (quality of service)

  QoS is performance on the network, and is indicated by using network capacity, bandwidth, latency, data rate, scalability, sound quality, data integrity, data bit error rate, and other performance-based parameters. Data accuracy is an important factor in verification of programs, files, and security. Which factors are important depends on the nature of the payload carried over the packet switched network. In contrast, for voice and video, including real-time applications, the factors affecting packet delivery time are important. The quality factors and how they affect different applications such as video, voice, data, text, etc. are application dependent. Good network conditions, represented by a consistent high data rate IP packet waveform, are those with minimal time delay, clearly strong signal strength, signal distortion, stable operation, and packet transmission loss.

  Intermittent networks with lower data rate packet waveforms with short interruptions have the greatest impact on video functionality, causing uncomfortably slow video downloads and unacceptable video streaming. Congested networks that cause lower effective data throughput rates with regular short duration interruptions, exemplified by IP packet waveforms, have video footage with intermittent motion, fuzzy images, and improper coloring and brightness. Not only does it severely degrade the echo, but it also causes echoes and even total removal from the conversation and soundtrack. However, in a congested network, data may be served using TCP by repeating the rebroadcast request. Unstable networks exhibit low data throughput rates with numerous data outages for unpredictable periods. The unstable network also contains corrupted IP packages represented by the darkly shaded packets in waveform 610D, which require retransmissions for TCP-based transports and simply corrupted data for UDP transports. Or discarded as inappropriate data. At some levels of the network, email is also intermittent and IMAP synchronization fails. Due to the lightweight data format, most SMS and text messages are forwarded with a delivery delay even under severe network congestion, but the attached information is not downloaded. In an unstable network, all applications may fail and even freeze the normal operation of a computer or cell phone waiting for files to be delivered. In such a case, the video will freeze, the audio will be choppy and inaudible, the VoIP connection will be dropped more than ten times within minutes, and in some cases the connection will not be complete. Similarly, email stalls or freezes, with computer icons spinning forever. The progress bar will stop completely. The text message also bounces and becomes "undeliverable".

  Many factors lead to network instability, such as power outages of important servers and super POPs, overloaded call volumes, transmission of huge data files and UHD movies, and serious denial of service attacks on some servers and networks. The key factors that can be and track the QoS of a network are its packet drop rate and packet latency (latency). Discarded packets occur when an IP packet is not delivered and is "timed out" as permanent, or when a router or server detects a checksum error in the header of an IP packet. For packets that use UDP, the packet is lost and the layer 7 application must be smart enough to know that something was lost. If TCP is used for Layer 4 transport, the packet is required for retransmission, further adding a load to the network that may potentially already be overloaded.

  Other factors that determine QoS, propagation delay, are delays of IP packets between nodes, or unidirectionally from source to destination, or as round trip delays from source to destination and destination to source. It can be measured quantitatively in several ways. Impact of propagation delay on packet delivery using UDP and TCP transport protocols. As the intermodal network propagation delay increases, the time required to perform a round trip communication such as a VoIP conversation increases. For UDP transport, the round trip delay increases linearly with the propagation delay. Since long propagation delays correlate with higher bit error rates, the number of lost UDP packets increases, but since UDP requires retransmission of dropped packets, the round trip time is linear with increasing delay. There is. The TCP transport exhibits substantially longer round trip times for each packet sent than UDP because of the handshake required to confirm packet delivery. If the bit error rate remains low and most packets do not require retransmissions, TCP propagation delay increases linearly with intermodal propagation delay, but at higher rates, ie TCP line slope. To do. However, as the communication network becomes unstable as the propagation delay increases, the round-trip time resulting from a TCP transfer increases exponentially due to the need for the protocol to retransmit dropped packets. Therefore, VoIP is contraindicated for time-sensitive applications such as VoIP and video streaming.

  Since all packet communications are statistical and there are no two packets with the same propagation time, the best way to estimate the unidirectional latency of a network is to estimate the round trip time of many IP packets of similar size. It is a method by measuring and dividing to estimate the unidirectional latency. Latency below 100 ms is very good, considered very good up to 200 ms and acceptable up to 300 ms. For a 500 ms propagation delay that is easily encountered by OTT applications running on the Internet, the delay is uncomfortable for the user and interferes with normal conversation. In voice communication, in particular, such long propagation delays can manifest as "bad" and can lead to reverberation, creating a "string-plucked" or metallic sound that the other party can hear. It may interrupt normal conversation while waiting to respond to the last comment, and output a broken, incomprehensible voice.

  For clarity, the one-way latency of communication is different from the ping test performed by Layer 3 ICMP utilities (such as the free network speed test at http://www.speedtest.net). The reason for these differences is that, in part, ICMP packets are generally lighter in weight than actual IP packets, so the ping test does not use the TCP "retransmission request" function, and is also a public network on the Internet. This is because there is no guarantee that the ping test route will match the actual packet route above. In short, if the ping experiences long delays, there is something wrong with the network or with any link between the device and the network (eg WiFi router or last mile), but even with good ping results , Itself cannot guarantee a small propagation delay of the actual packet.

  To improve network security, encryption and verification methods are often adopted to prevent hacking, sniffing, or espionage. However, heavy encryption and multi-key encryption protocols constantly reconfirm the identity of the conversation partner, creating additional delay, increasing effective network latency, and reducing QoS at the cost of increased security.

Cyber security and cyber privacy

  Two other major considerations in communication are cybersecurity and cyberprivacy. Although related, the two issues are somewhat different. "Cybersecurity", which includes network security, computer security, and secure communications, refers to unauthorized access, misuse, or alteration of data contained on a computer or communication network, network-accessible resources, or devices connected to the network. Or include methods to monitor, intercept, and prevent denial. Such data may include personal information, biometric data, financial records, health records, private correspondence and records, and private photographic images and video records. Devices connected to the network include desktops, file servers, email servers, web servers, databases, personal data storage, cloud storage, internet-connected appliances, connected cars, and publicly shared devices (POS) used by individuals. Terminals, gas pumps, ATMs, etc.) are included.

  Clearly, cybercriminals and computer hackers attempting to gain unauthorized access to sensitive information are committing crimes. If the illegally obtained data contains private personal information, the attack also compromises the victim's private information. However, on the contrary, privacy leakage may occur without the need for cybercrime, and it may not be possible to prevent it. In today's networked world, unauthorized use of personal information can occur without the need for a security breach. In many cases, a company that collects data for one purpose may choose to sell the database to other clients who are interested in using the data for another purpose. It was well known that even when Microsoft purchased Hotmail(R), it sold mail lists to advertisers interested in spamming potential customers. Whether such behavior should be considered a violation of cyber privacy remains a matter of opinion.

  "Cyber privacy", which includes Internet privacy, computer privacy, and private communication, refers to the private and personal information of each person and the individuals who control their use, including the collection, storage, display or sharing of information with others. Includes personal rights or obligations. Private personal information includes personal information such as height, weight, age, fingerprint, blood type, driver's license number, passport number, social security number, or personal information that helps identify an individual without knowing their name. ID information is included. In the future, even an individual's DNA map can become a matter of legal record. Apart from personal ID information, private non-public information other than so-called personal information includes the brands of clothes we purchase, websites we visit frequently, smoking and drinking habits, ownership of guns. Whether or not you are a person, the type of car you drive, your medical history, whether your family has a particular illness or medical history, and even what kind of person you are attracted to.

  This personal information, combined with personal records related to personal income, tax, real estate litigation, criminal records, traffic violations, and all information posted on social media sites, provides a powerful data set for stakeholders. To form. “Intentional collection of large data sets that capture information on demographic, personal, financial, biomedical and behavioral trends and collect data on today's patterns, trends and statistical correlations. Big data". The healthcare industry, including insurance companies, healthcare, pharmaceutical companies, and malpractice lawyers, all have a deep interest in personal information stored as big data. Automotive and consumer product companies likewise want access to such databases to direct marketing strategies and advertising budgets. In recent elections, even politicians have begun to refer to big data to better understand voter opinions and issues of political controversy to avoid.

  The issue of cyber-privacy is not whether big data today gets personal information, but whether the dataset holds your name, or you identify even if you don't know your name It does not depend on whether or not it has sufficient personal information. For example, initially, when the US government opened a private health care account, the health care. It said that personal information collected by the gov website will be destroyed. And it was recently discovered that a third-party corporation that facilitates data collection for the U.S. government had signed a contract with the government that had the right to retain and use the data collected. It turns out that private personal information entrusted to the US government is not actually private.

  Finally, it should be mentioned that surveillance is being carried out by governments and criminal organizations using similar technical methods. Clearly, criminals do not have the legal right to collect such data, but the case of unauthorized government oversight varies significantly from country to country. For example, the US NSA has repeatedly pressured Apple, Google, Microsoft and others to provide cloud and database access. Even government officials are eavesdropping and intercepting conversations and communiqués. When asked whether Skype (registered trademark), a division of Microsoft, will monitor the content of the caller, the Skype (registered trademark) CIO suddenly replied "no comment."

  Methods of cyber crime and cyber surveillance

  Focusing on the cybersecurity context, there are numerous ways to gain unauthorized access to device, network, and computer data. There are various malware and hacker technologies used to carry out cybercrime and gain unauthorized access to secure networks.

  For example, an individual using a tablet connected to the Internet may call a business office phone, send a message to a television, or call a friend in a country using a circuit-switched POTS network over the phone. You can download files from web storage, or send emails via email servers. While all applications represent regular applications that have global interconnectivity with the Internet, there are numerous opportunities for surveillance, cybercrime, fraud, and identity theft throughout the network.

  For example, in the case of a tablet connecting to the network via a cellular radio antenna and an LTE base station, or via a short range radio antenna and a public WiFi base station, an intruder can monitor the radio link. Similarly, LTE calls can be monitored or "eavesdropped" by eavesdropping radio receivers or sniffers. The same sniffer can be tuned to monitor WiFi communication and the receiving end on the cable between the cable CMTS and the cable modem.

  In some examples, LTE calls may also be intercepted by the Cyber Pirates fake tower, establishing a bypass communication path between the tablet and the cellular tower. Communication including transmission to routers, servers, and cloud storages via the packet-switched network is also vulnerable to attack by others in the middle attack. The eavesdropper can intercept calls on the POTS line from the PSTN gateway to the phone and on the corporate PBX line from the PBX server to the office phone.

  By performing a series of security breaches, spyware can be installed on a tablet, router, PSTN bridge, cloud storage, cable CMTS, or desktop. Trojan software may be installed on a tablet or desktop and may phish passwords. Worms can also be used to attack the desktop, especially if the computer is running a Microsoft operating system with the Active X feature enabled. Finally, to launch a denial of service attack, the virus can attack any number of devices connected to the network, such as servers, desktops and tablets.

  Various forms of malware are capable of operating on various parts of the communications network and infrastructure, and their cyber attacks may include viruses, man-in-the-middle attacks, government surveillance, and denial of service attacks. The last mile of a communications network provides a broader range of malware and cyber-attack opportunities and is divided into three sections: local telco/network, last link, and device. Local phones/networks include high speed fiber, routers, cable CMTS, cable/fiber, cable modem, WiFi antennas, and LTE wireless towers. Spyware, viruses, and man-in-the-middle attacks are all possible in this part of the network radio sniffer.

  For local connections to last link devices, network connections include spyware, wireless sniffers, wiretaps affected by eavesdropping, and false towers, WiFi links, and LTE/wireless links. For example, the device body, which may also include tablets, notebooks, desktops, smartphones, smart TVs, POS terminals, etc., is subject to a variety of attacks including spyware, Trojan horses, viruses, and worms. Such a monitoring method and device are commercially available, and a terminal for monitoring Ethernet (registered trademark) local area network, WiFi data and communication of a mobile phone can be easily obtained in the online market. Until recently, sniffing of fiber optic cloud connections has not been identified as a threat, but non-invasive data sniffers for optical communications, i.e., without the need to cut the fiber, can operate normally even temporarily. It became clear that there is now a sniffer that can be used unimpaired.

  Besides hacking and using surveillance methods, a wide variety of commercial spyware is readily available for monitoring cell phone conversations and internet communications. Commercially available spyware programs advertise the ability to spy to make effective use of employee, child, and spouse information. This feature set is amazingly comprehensive, including phone, photo, video, SMS/MMS text, third party instant messaging, email, GPS location tracking, internet usage, address book, calendar events, bugs, controls. It includes a surprising number of compelling ways to compromise cyber privacy, including apps and even remote control capabilities. In fact, cyber attacks are becoming more frequent and tracked daily.

Initiating a cyber attack generally requires several steps or a combination of technologies, including: Ie, IP packet sniffing,
・Port scan,
・Profiling,
·scam,
・Packet hijacking,
・Cyber infection,
・Monitoring,
・It is necessary to manage cyber pirates sites.

  IP packet sniffing

  Cybercriminals can use wireless monitoring devices to gain important information about users, their transactions, and their accounts. The contents of an IP packet can be obtained or "sniffed" anywhere on the path between two users. For example, when a user sends a file (eg, a photo or text) in an IP packet to a cell phone from his notebook, Cyber Pirates intercepts the sender's last link and intercepts the sender's local network. , The cloud can be monitored to discover IP packets at any number of locations, either by intercepting the recipient's local telephone company or by intercepting the receiver's last link. The observable data contained in the intercepted IP packet includes the layer 2 MAC address of the device used in communication, the layer 3 address of the sender on the receiving side, that is, the destination of the packet, and a transport protocol such as UDP or TCP. Is used. The IP packet also contains the layer 4 port number of the sending and receiving device that potentially defines the type of service requested, and the data file itself, or the file if it is not encrypted. It is also possible for Cyber Pirates to directly read the data contained in.

  If the payload is unencrypted, it can read textual information such as account numbers, login sequences, passwords, etc. If it is of value, it can be stolen and misused for criminal purposes. If the payload contains video or emoji information, some extra work is required to determine which layer 6 application format the content employs, but once identified, the content is It may be possible to use it to view, publish, or possibly threaten one or both of the correspondents. Such cyber attacks are called "man-in-the-middle attackers" because cyber pirates do not personally know the communication partner.

  As mentioned above, because IP packet routing in the cloud is unpredictable, it is more difficult to monitor the cloud, that is why it is so difficult that Cyber Pirates first encountered important information in IP packets. Sometimes it has to be supplemented and subsequent packets may not follow the same route and sniffed packets. Interception of last mile data increases the probability of observing a series of related packets that make up the same conversation because local routers typically reach at least the packets to the POP outside the customer's own carrier. This is because a predetermined routing table is followed until For example, a Comcast client could use a network entirely owned by Comcast to move the packet up the routing chain until the packet moves geographically beyond Comcast's control and customer service area. There is a high possibility that IP packets will be passed.

  If the consecutive packets between the same two IP addresses occur long enough, the whole conversation can be recreated in detail. For example, if an SMS text message traverses the same network in the last mile, Cyber Pirates will find that by IP address and port #, multiple IP packets carrying text will be sent between the same two devices, a mobile phone and a notebook. It can be specified that it represents a conversation. Therefore, even if the account number and password are textified in different messages or incompletely sent in many packets, the consistency of packet identifiers allows Cyber Pirates to reconstruct the conversation and steal account information. be able to. Stealing account information could allow you to send money to an offshore bank, or even change account password and security questions, or even temporarily use ID theft to deprive your account.

  Even if the payload is encrypted, the rest of the IP packet containing the IP address and port number is not encrypted. Having access to sufficient computing power, Cyber Pirates repeatedly sniffed a large number of IP packets and then systematically tried all combinations until the cryptographic password was broken. Once the key is broken, the packet and all subsequent packets can be decrypted and used by Cyber Pirates. The probability of login password cracking due to "password guessing" is greatly improved when packet sniffing is combined with the user and account "profiling" described below. Note that in "man-in-the-middle attackers", communication devices are usually not involved because cyber pirates do not have direct access to them.

  Port scan

  Another way to break into a device is to look at many Layer 4 ports using its IP address to see if every request receives a response. Once Cyber Pirates has identified a mobile phone with an IP address as a target device from packet sniffing or other means, Cyber Pirate will initiate a series of inquiries to the port on the mobile phone, which will result in an unsecured port. That is, look for open ports, service and maintenance ports, or application backdoors. Hacker query programs can systematically cycle through all port numbers, but attacks are usually port #7 for pings, port #21 for FTP, port #23 for telnet terminal emulation, It focuses on infamous and vulnerable ports, such as port #25 for simple email. Cyber Pirates learn more about the target device's operating system each time a packet is sent and a response is sent.

  In the port scan process, CyberPirate does not want to reveal its real ID, so it uses a fake pseudo-address that cannot be traced as an individual to receive the message. Also, because cybercriminals can use stolen computers and accounts, it appears that someone else is trying to hack the target device and, if tracked, the investigator is not an innocent person who is not them. Put it back in.

  Profiling

  User and account profiling is the process by which cyber pirates use publicly available information to look up targets, accounts, and personal histories, crack passwords, identify accounts, and determine assets. Once the hacker has obtained the target's IP address using some means such as sniffing, he or she can use the Traceroute utility to find the DNS server for the device's account. After that, the name of the account holder can be found by using the "Who is" function on the Internet. In profiling, cybercriminals search the Internet and gather all available information about account holders. Sources include public records such as real estate transactions, car registrations, marriages and divorces, tax liens, parking tickets, traffic violations, and criminal records. Often, university and professional websites include home addresses, email addresses, phone numbers, and personal dates of birth. By investigating social media sites such as Facebook, LinkedIn, and Twitter, cybercriminals can gather important details, such as family and friends, pet names, and previous home information. Includes photo and video files that include addresses, classmates, personal events, embarrassing events, family secrets, and personal enemies.

  The next step of Cyber Pirates is to use this profile to "guess" the user's password based on the profile and hack other accounts on the same individual as the target device. Once a cybercriminal cracks the password on one device, people tend to reuse the password to make it easier to remember, so cybercriminals are more likely to break into other accounts. Very expensive. At that point, it could be possible to steal a person's ID, move money, and make it the subject of police investigation, steal all assets, and essentially destroy the person's life. For example, as explained at the beginning of this specification, cybercriminals who collect long password lists from stolen accounts use the same password and login information to earn millions of premium tickets to concerts and sporting events. Buy dollars illegally.

  con man

  If cyber pirates impersonate anyone and use malicious cyber security credential information to access communications or files, cyber pirates are acting as "scammers." Scammer-type cyber attacks are cybercriminals who possess sufficient information or access to a personal account to seize the victim's account and unfairly send messages to the individual on behalf of the victim. However, it can occur in a way that they misunderstand that the owner of the hacked account did it. Recently, for example, one personal friend of the inventor was hacked into her "LINE" personal messenger account. The cybercriminal who took over the account sent a false message to his friend saying, "I have a car accident and I need funding for an emergency loan." Not knowing that the account was hacked, her friend made the request in real time and rushed to her. To avoid suspicion, the request sent to each friend was under $1,000. Fortunately, a fraud was revealed when one of my friends called her and reconfirmed the transfer information just before sending the money. Without this call, no one can tell that this was a request from a scammer and the owner of the line account didn't even know that he had sent money under that name or even requested it. Probably not.

  Another form of misrepresentation is that a device has been given security privileges and is able to exchange information with a server or other network-connected device, where a Cyber Pirate device has been authenticated by some means to a server. The victim's device will leave files and information to the cyber pirates server without knowing it as a fraudulent server. This method is said to have been used to let celebrities back up their private image files using iCloud® as usual, except that the backup cloud was that of a scammer.

  Another form of scammer is that someone who has physical access to a person's phone or an open browser can send an email, answer a phone call, and then from another person's account or device. It occurs when fraudulent acts such as sending a text message from. The recipient is connected to a known device or account and therefore assumes that the person operating the device or account is the owner. The content of the scam could be naughty, like posting embarrassing comments to Facebook as a friend, or someone's spouse could answer a private phone call or intercept a private text message of a nature that should be kept private. However, it may be of a nature more related to personal information. The consequences of this unauthorized access can lead to jealousy, divorce, and retributive lawsuits. Leaving the device unsupervised while going to the bathroom at the office or cafe can allow scammers to quickly access personal or corporate information, as explained in the section below entitled "Infection". There is a risk of sending malicious emails, transferring files and downloading malware to your device.

  Scam-based cyber attacks are also important when a device is stolen. In such cases, the thief has sufficient time to break the login code, even if the device is logged out. The "find my computer" feature, i.e. the first time CyberPirate logs on to a device, locates the stolen device on the network and erases the computer's files is no longer valid. Tech-savvy criminals now know that they only need to activate their device if they don't have a cell phone or WiFi connection. This risk is especially high for mobile phones where passline security is a simple 4-digit personal identification number (PIN) or PIN. Since there are only 9999 possible combinations, breaking a PIN is a matter of time.

  A key issue in protecting devices is preventing scammers from accessing. To prevent fraud, robust measures are needed to authenticate the user's identity at regular intervals and ensure that he has the authority to access the necessary information and privileges. Device security is often the weakest link in the chain. If device security is compromised, the need for robust network security becomes questionable.

  Packet hijacking

  Packet hijacking involves cyber attacks that divert the normal flow of packets through a network through a malicious device.

  For example, if the integrity of the router is compromised by a cyber attack from Cyber Pirate, the IP packet passing through the router is rewritten as a revised IP packet and the IP package is routed to the destination address and port number of the Cyber Pirate device. change. The cyber pirates device then obtains the necessary information from the IP packet payload and possibly modifies the contents of the IP packet payload. Malicious payloads are used to commit any number of types of fraudulent crimes, gather information, or download malware to mobile phones, as described later in the topic "Infection". there is a possibility.

  The hijacked packet is modified to have the source IP address and port # of the original IP packet, but the packet actually goes through the new child route. Alternatively, the hijacked IP packet is returned to the damaged router and then sent to the cloud. Since cyber pirates need to hide their IDs during packet hijacking to maximize the effects of packet hijacking crimes, even the layer 3 ICMP function "traceroute" makes it difficult to identify the true route of communication. Hide the true routing of IP packets, as However, if hijacking adds significant delay to packet routing, the extraordinary delay may prompt network operators for investigation.

  Cyber infection

  One of the most cunning categories of cyber attacks installs malware on the target device or network that gathers information, scams, redirects traffic, infects other devices, and worsens or closes them. "Cyber infection", that is, to cause a condition that does not cause denial of service. Cyber infections can spread through email, files, websites, system extensions, application programs, or networks. One common class of malware, "spyware", collects transaction information of all kinds and passes it to Cyber Pirates. In the case of "phishing," a web page or application shell that looks like a familiar login page prompts you to log in to your account and enter your personal information, and transfers the information you obtain to Cyber Pirates. In yet another malware infection, it is possible to control the hardware, for example controlling the router to perform the packet hijacking described above. In such cases, Cyber Pirates seeks useful information and control for their purposes.

  Another class of cyber infections, such as viruses, worms, and Trojan horses, is designed to overwrite important files or repeatedly perform nonsensical functions to prevent the device from performing normal work. ing. Basically, it denies service, slows performance, or shuts down the device altogether. These malicious infections are destructive in nature and are fun for hackers who want to see if they are harmful, have the potential to disrupt normal operations in the business of competitors, or simply are possible. Used as a motive.

  Surveillance

  There are threats and surveillance beyond cybercrime. In such cases, a private detective or acquaintance is hired or forced to install the device or program on the target personal device for monitoring voice conversations, data exchanges, and location. The detective is at greater risk of being caught because the subject must temporarily access the target device without the subject knowing it. For example, SIM cards are available on the market that can copy the network access privileges of a phone, but at the same time send the information to a cyber criminal who monitors the target call and data traffic.

  Other forms of surveillance include the use of covert video cameras to monitor human activity and telephones, similar to those found in casinos. With video surveillance, the device password or PIN can be learned simply by observing the user's keystrokes during the login process. With enough cameras, the login process will eventually be recorded. In order to access the camera network without suspicion, cyber pirates can hack existing camera surveillance systems in buildings, stores, or streets and have no doubt through access to other people's network monitors. The behavior of the victim can be monitored. The combination of video surveillance and packet sniffing provides a more comprehensive dataset for subsequent cyber attack launches.

  Management by cyber pirates (intrusion)

  Another means by which Cyber Pirates can obtain information is to hack and gain access to system administration rights on a device, server, or network. Therefore, by hacking the system administrator's login, rather than gaining unauthorized access to a user's account, important access and privileges can be made available to Cyber Pirates without the knowledge of the users of the system. become. Since the system administrator works as the police of the system, no one can grasp the criminal activity. In essence, corrupt management systems and networks leave no one under police control.

Conclusion

  The universality and interoperability of the Internet, packet-switched networks, and the universal adoption of the seven-layer open source initiative network model has helped the world's telecommunications expand unprecedentedly over the last 20 years, from smartphones to tablets, It has been widely used in computers, smart TVs, cars, even home appliances and light bulbs. The worldwide adoption of the Internet Protocol, or IP, as the basis for connecting Ethernet, cellular, WiFi, and cable TV has not only resulted in unified communications, but in as many devices and systems as possible. It has greatly simplified the challenges of hackers and cybercriminals trying to break into it. Given the large number of software and hardware methods available to attack today's communication networks, it is not sufficient to use a single security method as the only defense. Instead, a systematic approach is needed to protect all devices, last links, local phones/networks, and cloud networks to ensure protection from advanced cyber attacks. The method utilized must provide essential cyber security and cyber privacy without sacrificing QoS, network latency, video or sound quality. While encryption should be a key element in developing this next generation of secure communications and data storage, network security should not depend solely on encryption methodologies.

  According to the present invention, data (broadly, text, voice, video, graphics, and all other types of digital information or files) is sent over a secure dynamic communication network and protocol (SDNP) network or "cloud". Is transmitted. The SDNP cloud is a set of "nodes" ("media nodes") hosted on servers or other types of computers or digital devices (collectively referred to herein as "servers") located anywhere in the world. Sometimes referred to as "). It is possible to have more than one node on a single server. Generally, data is transmitted between media nodes by light transmitted through fiber optic cables, radio waves in the radio or microwave spectrum, electrical signals transmitted by copper wires or coaxial cables, or satellite communications. The invention broadly covers any means by which digital data can be transmitted from one point to another. The SDNP network according to the present invention comprises an SDNP cloud and a "last mile" link between the SDNP cloud and a client device. Examples of the client device include a cellphone (smartphone), tablet, notebook computer, desktop (desktop computer), mobile electronic device, IoT (Internet-of-Things) device or application, automobile or other vehicle. Be done. Last mile communication also includes cell phone towers, cables or fibers connected to homes, and public WiFi routers. At Last Mile, the link between the client's device and the closest cell phone tower or other retransmitter is called the "last link."

  When communicating between media nodes in the SDNP cloud, data is transmitted in the form of "packets", which are fixed-length or variable-length digital bit strings, scrambled, encrypted, split, or vice versa. It is spoofed using some unscrambling, decoding, mixing, and other techniques. (Note: In this specification, "or" is used in its conjunctional meaning (and/or (and/or)), unless the context otherwise implies.)

  The scrambling changes the arrangement order of the data in the data packet. For example, the data segments A, B, and C arranged in that order in the data packet are rearranged in the order of the data segments C, A, and B. The reverse operation of the scrambling operation is called "unscramble". The unscramble operation returns the arrangement order of the data in the packet to the original arrangement order (the order of A, B, and C in the above example). The combination of an unscrambled operation of a data packet and a subsequent scrambled operation is called "rescrambled". When re-scrambling a scrambled packet, the packet is scrambled in the same or different manner as in the previous scrambling operation.

  The second operation, "encryption", is a ciphertext that allows the data in a packet to be understood only by the sender and other authorized parties, and those who perform the reverse operation, "decryption", of encryption. It is to encode into a form called. The combination of a ciphertext data packet decryption operation followed by a re-encryption operation is referred to herein as "re-encryption." The encryption operation in this re-encryption generally, but not necessarily, uses a different method than the previous encryption.

  The third operation, "splitting", as the name implies, involves splitting the packet into two or more smaller packets. The inverse operation of fragmentation, "mixing", is defined as the recombination of two or more fragmented packets back into a single original packet. The fragmentation of previously fragmented and mixed packets is done in the same or different way as in the previous fragmentation operation. The order of splitting and mixing operations is reversible, and splitting can be undone by mixing. On the contrary, an output obtained by mixing a plurality of inputs can be returned to the constituent element (a plurality of inputs) by dividing. (Note: scrambling and unscrambling, encryption and decryption, and splitting and mixing are inverse operations, so any information about the algorithm or method used to perform an operation should be inverted. Therefore, when referring to a particular scrambling, encryption, or splitting algorithm, it is to be understood that the information of that algorithm allows the opposite process to be performed. )

  According to the invention, the data packets passing through the SDNP cloud are scrambled or encrypted, or one or both of scrambled or encrypted and a combination of splitting is applied. In addition, "junk" data is added to the packet to make it more complex to the decrypter or to make the packet a predetermined length. Furthermore, the packet is parsed, i.e. divided into individual parts (fragments). In computer terms, parse means dividing a computer language statement, computer instructions, or data file into multiple pieces useful to a computer. Parsing is also used to obscure the purpose of an instruction or data packet, or to split the data into data packets with a particular data length.

  The format of the data packet follows the internet protocol, but in the cloud within SDNP the address of the media node is not a standard internet address. That is, the address of the media node cannot be identified by the Internet DSN server. Therefore, the media node is technically able to receive data packets over the Internet, but is unable to respond to address recognition or inquiries. In addition, even if the user of the Internet can contact the media node, the media node recognizes that the user is an impostor who does not have the identification/authentication information necessary for accessing the node. Data cannot be accessed and analyzed. Specifically, unless a media node is registered as a valid SDNP node running on a designated server in an SDNP name server or a device having an equivalent function, the node sends to another SDNP media node. The generated data packet will be ignored and discarded. Similarly, only clients registered with the SDNP name server can contact the SDNP media node. Similar to unregistered servers, data packets received from sources other than registered SDNP clients are ignored and immediately discarded.

  In a relatively simple embodiment, referred to as a "single route," data packets are transmitted through a single route through a series of media nodes in the SDNP cloud and scrambled at the media nodes through which they enter the cloud. It is unscrambled with the media nodes that pass through it as it leaves the cloud (these two nodes are called "gateway nodes" or "gateway media nodes"). In a slightly more complex embodiment, the packet is re-scrambled at each media node using a different scrambling method than that used in the previous media node. In another embodiment, the packet is encrypted at the gateway node through which it enters the cloud and decrypted at the gateway node through which it exits the cloud. In addition to this, the packet may be re-encrypted at each media node that passes in the cloud. This embodiment is referred to as "static" scrambling or encryption because a given node uses the same algorithm each time it scrambles or encrypts a packet.

  When a packet is subjected to two or more operations (for example, scrambling and encryption), it is preferable that the reverse operations are performed in the reverse order of the original operation. For example, if a packet is scrambled and then encrypted and sent from a media node, the packet arriving at the next media node is decrypted and then unscrambled. The packet is regenerated to its original form only when it is in the media node. Packets are scrambled, split/mixed, or encrypted when transmitted between media nodes.

  In another embodiment, referred to as "multi-route" data transmission, the packets are split at the gateway nodes such that the packets generated thereby form a series of "parallel" routes that share no media nodes other than the gateway nodes. Cross the cloud through. The packets are then mixed (typically at the egress gateway node), which recreates the original packet. Therefore, even if a hacker could understand the meaning of a single packet, he could only get a portion of the entire message. Also, the packet may be scrambled and encrypted at the gateway node before or after fragmentation. Also, multiple packets may be re-scrambled or re-encrypted at each media node through which they pass.

  In yet another embodiment, packets are transmitted not only through a single route or series of parallel routes within the SDNP cloud, but through multiple routes that include many intersections with each other. This embodiment is referred to as "mesh transmission" because the image of the possible paths resembles a mesh. Similar to the embodiments described above, packets are scrambled, encrypted, and fragmented/mixed as they pass through each media node in the SDNP cloud.

  The route that a packet takes through the SDNP network is determined by the signaling function implemented by the media node segment itself, or preferably a separate signaling node running on a dedicated signaling server in a "dual channel" or "tri-channel" embodiment. To be done. This signaling function determines the route of each packet as it is sent from the sending client device (eg cell phone) based on network conditions (eg propagation delay) and the priority and urgency of the communication. . Then, each media node on the route is notified that the node is going to receive the packet, and the destination of the packet received by the node is instructed. Each packet is identified by a tag, and the signaling function directs each media node which tag to attach to each packet sent from that node. In one embodiment, the data tag is included in the SDNP header or subheader, which is a data field attached to each data subpacket and used to identify the subpacket, where each subpacket includes a specific data "slot" in the packet. , Data segments from one or more sources. During data transmission between any two media nodes, multiple subpackets may be present in one larger data packet.

  The routing function is performed in cooperation with the dividing and mixing function. This is because when the packet is divided, it is necessary to determine the route of each subpacket and instruct the node where the subpacket is recombined (mixed) to mix the subpacket. In a multi-route embodiment, packets are fragmented and mixed one or more times before reaching the egress gateway node across the SDNP network. The determination of the node that divides the packet and the number of subpackets that are generated by dividing the packet, and the determination of the node that mixes the transmission route of the subpacket and the subpacket to regenerate the original packet are all It is controlled by the signaling function whether or not the signaling function is implemented by a separate signaling server. The division algorithm specifies the data segment to be included in each subpacket, and the order and position of each data segment in the subpacket for the data segment of the data packet to be divided. In the mixing algorithm, in a node that mixes subpackets, a process reverse to that at the time of division is performed to regenerate the original packet. Of course, when the signaling function receives a command for re-segmentation, the node re-segments the packet according to a segmentation algorithm that is different from the previous segmentation and corresponds to the time and state when performing the segmentation process. ..

  The signaling feature allows a media node to route multiple packets through a network to a specific destination on the "next hop", whether they are fragmented packets (subpackets) or related to different messages. When instructed to send to a media node, the media node combines the packets, especially if the subpackets share a common destination media node for the next hop. Generates a single large packet (similar to a post office putting multiple letters with the same destination in a box and sending the box to that destination).

  In a "dynamic" embodiment of the invention, each media node in the SDNP cloud does not use the same scrambling, encryption, or fragmentation algorithm or method for the series of packets passing through it. For example, for a given media node, one packet may be scrambled, encrypted, or split using a particular scrambling, encryption, or splitting algorithm, and the next packet , Scrambling, encrypting, or splitting using a scrambling, encryption, or splitting algorithm separate from the previous one. This "dynamic" operation allows hackers to spend very little time deciphering packets (eg, 100 ms), and even if they successfully decipher the packet, that information is immediately unavailable. It can significantly increase the difficulty faced by hackers.

  In the dynamic embodiment, each media node is connected to a so-called "DMZ server". The DMZ server can also be considered as a separate part of the node from the data transmission part, which is a list or table of scrambling, encryption, and segmentation algorithms that the media node may apply to the packets that it outputs. Has a database (“selector”) containing The selector is part of a large amount of information called a "shared secret" because it is unaware of even media nodes, and because all DMZ servers have the same selector at any given time.

  When a media node receives a scrambled packet, in a dynamic embodiment it also receives a "seed" which is used to inform the node of the algorithm used to unscramble the packet. The seed is a spoofed number that does not make sense in itself, but is based on frequently changing states (eg, the time when the packet was scrambled by the previous media node). When the previous node scrambles the packet, the DMZ server connected to that node generates a seed based on the state at that time. Of course, the state is also used to select the algorithm used by the DMZ server attached to the node to scramble the packet. The selected algorithm is communicated to the sending node in the form of instructions regarding how to scramble the packet. Therefore, the sending node receives both the instruction on how to scramble the packet and the seed to be transmitted to the next media node. The seed generator running in the DMZ server generates seeds using a state-based algorithm at the time the process is performed. The seed generator and its algorithm are part of the media node's shared secret, but the seed generated is not secret information. This is because the numeric seed has no meaning unless you access the algorithm.

  Thus, the next media node on the packet route receives the scrambled packet and the seed from the state associated with the packet (eg, the time the packet was scrambled). The seed may be included in the packet itself, or it may be sent via the same route as the packet or another route (eg, a signaling server) before the packet is sent to the receiving node.

  Regardless of the seed receiving method, the receiving node transmits the received seed to the DMZ server connected to it. Since the DMZ server has a selector or table of scrambling algorithms that is part of the shared secret, it is used to scramble packets using a seed, similar to the DMZ server selector of the sending node. It is possible to identify the algorithm and to instruct the receiving node how to unscramble the packet. Therefore, the receiving node can regenerate the unscrambled form of the packet and restore the original data. Generally, the packet will be re-scrambled according to another scrambling algorithm before being sent to the next node. In this case, the receiving node obtains the scrambling algorithm and seed from its DMZ server and repeats the above process.

  Therefore, as the packet is transmitted over the SDNP network, it is scrambled at each node according to a separate scrambling algorithm. Also with it, at each node, a new seed is generated that allows the next node to unscramble the packet.

  In another embodiment of the invention, the actual state (eg time) is transmitted between the nodes (ie the sending node does not have to send a seed to the receiving node). The DMZ server, which is connected to both the sending media node and the receiving media node, contains a hidden digit generator (also part of the shared secret) that contains the identification algorithm at any given time. The DMZ server connected to the sending node uses the state to generate a hidden digit for determining the scrambling algorithm from a selector or table of possible scrambling algorithms. The transmitting node transmits the state to the receiving node. Unlike the seed, the hidden digit is not sent over the network, but over private communication between the media node and its DMZ server. When the receiving media node receives a state for an incoming data packet, the hidden digit generator in the DMZ server connected to that node uses that state to generate the same hidden digit. The generated number is used by the selector or table to determine the algorithm used to unscramble the packet. The state may be included in the packet and transmitted, or may be transmitted from the transmitting side node to the receiving side node through the same or different route as the transmission route of the packet before transmitting the packet.

  The techniques used for dynamic encryption and splitting are similar to those used for dynamic scrambling, but in dynamic encryption a "key" is used in addition to the seed. The shared secret held by the DMZ server includes a selector or table of encryption and split algorithms and a key generator. For symmetric key encryption, the sending node tells the receiving node the key used to decrypt the file by identifying the algorithm used by the DMZ server of the node to encrypt the packet. Send. In the case of asymmetric key encryption, the media node requests information. That is, first, the receiving node transmits the encryption key to the transmitting node including the data packet to be transmitted. Then, the sending media node encrypts the data according to the received encryption key. Since only the receiving media node that generates the encryption key has the decryption key corresponding to the encryption key, the ciphertext generated using the encryption key can be decrypted. Importantly, with asymmetric encryption, accessing the encryption key used for encryption does not provide any information on how to decrypt the data packet.

  In the case of division, a seed is transmitted from a media node that divides a packet and generates a subpacket to a media node that mixes the subpacket. The DMZ server connected to this mixing node uses the received seed to determine the splitting algorithm, i.e. the algorithm used to mix the subpackets.

  As mentioned above, in dual or tri-channel embodiments, the signaling functionality is implemented by signaling nodes operating on separate groups of servers called signaling servers. In such an embodiment, the seed and key are sent via the signaling server rather than directly from the sending media node to the receiving media node. Therefore, the sending media node sends the seed or key to the signaling server. As mentioned above, the signaling server is responsible for determining the route of the packet, so that the signaling server knows the next media node to which each packet will be sent.

  To make it more difficult for hackers to hack, the list or table of possible scrambling, splitting, and encryption methods in the selector should be changed periodically so that the method corresponding to a particular seed or key is changed. Be shuffled (eg hourly or daily). Thus, in a given media node, the encryption algorithm used for packets generated at the time t1 of day 1 is the encryption algorithm used for packets generated at the same time t1 of day 2. Can be different from.

  Each DMZ server is typically physically connected to one or more media nodes within the same "server farm". As described above, the media node does so for packets it receives by providing the DMZ server connected to it with a seed or key (eg, based on the time or state the packet was generated). Although requesting instructions for operation, the media node cannot access the shared secret or any other data or code in the DMZ server. The DMZ server responds to the request from the media node and uses the seed or key to determine which method the media node should use to unscramble, decrypt, or mix packets. For example, if a packet is scrambled and the media node wants to know how to unscramble it, the DMZ server searches a list (or selector) of scrambling algorithms to find the particular algorithm corresponding to the seed. Find out. The DMZ server then commands the media node to unscramble the packet according to the algorithm it finds. In essence, the media node sends a query embodied in the seed or key to the DMZ server, and the DMZ server sends a command to the media node in response to the query.

  The media nodes (although they do not have an IP address recognized by DNS) are accessible via the Internet, the DMZ server is either wired or optical to the network connected to the media server. Completely separate from the Internet, which only has local network connections over fiber.

  In a "single channel" embodiment, the seed and key are transmitted as part of the data packet itself between the sending media node and the receiving media node, or prior to sending the data packet, sending the data packet. It is sent in a separate packet using the same route as the route. For example, when encrypting a packet, media node #1 includes in the packet an encryption key based on the time when the encryption was performed. Then, when the packet including the encryption key arrives at the media node #2, the media node #2 transmits the encryption key to the DMZ server connected to the node. Then, the DMZ server uses the received key to select a decryption method for decrypting the packet from the selector. Media node #2 then queries the DMZ server for a re-encryption method for the packet before sending the packet to media node #3. Again, the DMZ server informs the media node #2 of the encryption method selected by the selector, and sends the key reflecting the state corresponding to the selected encryption method to the media node #2. Media node #2 performs encryption and sends the encrypted packet and key (individually or as part of the packet) to media node #3. The key is then used by Media Node #3 in a similar manner to decrypt the packet. As a result, there is no single static decryption method that a hacker can use to decrypt the packet.

  In the above example, the use of time, or dynamic "state" state, as a determinant of the scrambling, encryption, or splitting method embodied in a seed or key is but one example. Any variable parameter, such as the number of nodes a packet has passed through, can also be used as a "state" for the seed or key to select the particular scrambling, encryption, or splitting method used.

  In the "dual channel" embodiment, the seed and key are not sent directly between the media nodes, but rather between the media nodes via a second "command and control" channel, which consists of a signaling server. Transmitted in. The signaling node also provides the media node with routing information and informs the media node on the route of the packet how to divide the packet and how to mix it with other packets. The signaling node should also give each media node an identifying "tag" to each packet sent from that node so that the media node next to that node can recognize the packet. Command. The signaling server preferably informs a given media node only which media node has sent the packet to it and which media node has received the packet sent from the node. As a result, no media node knows the entire packet transmission route within the SDNP cloud. In some embodiments, the routing function may be split between two or more signaling servers. For example, a first signaling server determines a route to a specific media node, a second signaling server determines a route from the specific media node to another media node, and exits such processing. Continue to the gateway node. Thereby, no signaling server is aware of the entire routing of data packets.

  In a “tri-channel” embodiment, a third group of servers, called “name servers”, is used to identify components within the SDNP cloud and to identify the device connected to the SDNP cloud and its corresponding IP or Save information about SDNP address. In addition, the name server frequently monitors the media nodes in the SDNP cloud, for example maintaining a current list of active media nodes and a table of propagation delays for all combinations of media nodes in the cloud. In the first step in which communication is initiated, the client device (eg tablet) sends an IP packet to the name server requesting the data destination or called party's address or other information. In addition, a separate dedicated name server is used to act as the first contact when the device first connects to the cloud, ie is registered.

  As an additional beneficial security, separate security "zones" with different selectors, seeds and key generators, and other shared secrets are provided within a single SDNP cloud. Adjacent zones are connected by a bridge media node that holds the shared secret of both zones and has the ability to convert the data format according to the rules of one zone to the data format according to the rules of the other zone.

  Similarly, for communication between different SDNP clouds hosted, for example, by different service providers, a full-duplex (ie, bidirectional) communication link is formed between the interface bridge servers of each cloud. Each interface bridge server has access to associated shared secrets and other security information for each cloud.

  An important advantage of the present invention is that there is no single control point in the SDNP network, and how any node or server in the network performs some communication and how it changes dynamically. Is not to have complete information on.

  For example, a signaling node running on a signaling server knows the route (or, in some cases, only part of the route) through which it communicates, but does not have access to the data content being communicated, or It does not know the calling party or the client. Moreover, the signaling node cannot access the shared secret in the DMZ server of the media node. As such, the signaling node has no way of knowing how the data packet being transmitted was encrypted, scrambled, fragmented, or mixed.

  The SDNP name server knows the true telephone number or IP address of the caller, but has no access to the data being communicated or the routing of various packets and subpackets. Like signaling nodes, name servers do not have access to shared secrets. Therefore, the name server has no way of knowing how the data packet being transmitted was encrypted, scrambled, fragmented, or mixed.

  The SDNP media node that actually carries the media content has no idea who the caller is, nor is it able to know the route through which the various fragmented subpackets are carried within the SDNP cloud. In fact, each media node only knows what data packet it will arrive at (identified by its tag or header) and where it will send that data packet next (ie, the "next hop"). .. That is, each media node has how the data was encrypted, scrambled, mixed, or split, or how the state, number seed, or key was used to restore the file. I do not know whether to choose. Only the DMZ server knows the information needed to correctly process the data segment of the incoming data packet. That is, only the DMZ server can do the right thing with its shared secret, an algorithm that is not accessible through the network or by the media node itself.

  Another inventive aspect of the present invention is to provide excellent quality of service (QoS) by reducing network delay and minimizing propagation delay, as well as controlling the size of data packets. By eliminating smaller echoes and dropped calls by sending smaller data packets in parallel through the cloud rather than relying on a single high bandwidth connection. Dynamic routing in SDNP networks uses information about the node's node-to-node propagation delays to dynamically select the current best route for a given communication. In another embodiment, for high priority clients, the network facilitates race routing and sends over the SDNP cloud in duplicate message fragmented form, selecting only the earliest data to select the original voice. Or it can be restored to data content.

  Among the various advantages of the SDNP system according to the present invention, in parallel and "mesh transmission" embodiments, packets are fragmented as they are transmitted within the SDNP cloud, so that even hackers can subpack individual packets or subpackets. Even if the packets can be decrypted, it prevents hackers from understanding the message. And, in "dynamic" embodiments, the scrambling, encryption, and fragmentation methods applied to a packet are frequently changed so that a hacker cannot continuously decrypt the packet at some point. .. Various other advantages of embodiments of the present invention will be readily apparent to those of skill in the art upon reading the following description.

  In general, similar security techniques can be applied to the "last mile" between the SDNP cloud and client devices (eg cell phones, tablets). The client device is usually located in a security zone away from the cloud, so it must first be an authenticated SDNP client. This step involves installing on the client device a software package specific to the device's security zone, typically by download from an SDNP management server. The client device is linked to the SDNP cloud via a gateway media node in the cloud (sometimes referred to as a gateway). This gateway media node has access to the shared secret for both the cloud and the security zone of the client device. However, the client device cannot access the shared secret for the SDNP cloud. To increase the security level, the seed and the key are directly transmitted between the client server and the signaling server. Therefore, the sending client device sends the seed and/or key directly to the receiving client device. In such an embodiment, the packet received by the receiving client device has the same scrambling or encryption format as the packet sent by the sending client device. As such, the receiving client device can use the seed and key received from the sending client device to unscramble or decrypt the packet. Direct transmission of seeds and keys between client devices is done in addition to dynamic scrambling and encryption of the SDNP network itself, which can provide a high level of security called nested security. .

  In addition, the client device or a gateway node that communicates with it may have packets of the same data type (eg, voice packets, text message files, documents, one piece of software) or packets of different data types (eg, voice packets and Text files, text packets and video or photographic images) are mixed before they arrive on the SDNP network, and the egress gateway node or destination client splits the mixed packets to recover the original packets. This is in addition to the scrambling, encryption, or splitting implemented in SDNP networks. In such cases, the sending client device instructs the receiving client device how to split the packets to split the mixed packets at the sending client device or the gateway media node to regenerate the original packet. Submit the seed. Sequential mixing and partitioning implementations include operations in a linear order, or use a nested structure in which the client implements its own security measures and SDNP also implements its own security measures.

  To further confuse the hacker, the client device continuously sends multiple packets (or subpackets) to different gateway nodes in one communication and also sends them to different physical media links (cellular, WiFi). , Ethernet (registered trademark) cable. This process is sometimes called "multi-PHY". To further confuse it, include different source addresses in subsequently sent packets to prevent hackers from discovering that the same client device is sending the packet.

  The invention has also made progress with regard to conference calls. In a normal conference call, packets are sent to all participants, but this invention allows some participants to be muted, from the client device or other node to the participants to be muted. The call is removed from the conference call by preventing packet transmission. In another embodiment of the invention, the data packet is broadcast to all participants, but it is implemented using different cryptographic methods. In a normal conference call, the data packet is encrypted and sent to all participants, which causes all participants to receive a copy of the decryption key. In private mode or mute mode, the data packet is sent to multiple users using different encryption methods, and the decryption key can be sent only to the selected user.

  The security mechanism used in communication using SDNP networks and protocols is also compatible with file and data security. Communication over an SDNP network typically involves the transmission of scrambled and encrypted data from one client device to another, as well as anonymous fragmented data, but with the transfer of files and data. As for storage, files and data can be stored in one or a plurality of buffers until communication is stopped midway and the client device desires to receive the data. This decentralized storage of data is sometimes referred to herein as non-aggregated data storage.

In the drawings listed below, similar components are generally labeled with similar reference numerals. However, it should be noted that each component with one reference sign is not necessarily exactly the same as another component with the same reference number. For example, an encryption operation with a particular reference sign does not necessarily have to be the same as another encryption operation with the same reference sign. Also, groups of components, such as servers in a network, collectively identified by a single reference number need not necessarily be the same as each other.
Schematic diagram showing packet transfer over a conventional network Schematic showing the packet scrambling process Schematic showing the packet unscrambling process Schematic diagram showing various packet scrambling algorithms Schematic showing static parametric packet scrambling Schematic showing dynamic scrambling with hidden numbers Schematic diagram of the packet rescramble process Schematic showing the packet encryption process Schematic showing the packet decoding process Schematic diagram of the cryptographic scrambling process and vice versa Schematic showing the process of DUSE repacketization including re-scramble and re-encrypt. Schematic of fixed-length packet splitting process Schematic showing fixed-length packet mixing process Schematic diagram showing various packet mixing methods Schematic diagram showing security and reverse functions of SDNP Block diagram showing SDNP security operations on incoming and outgoing data packets of a single route last mile communication Block diagram showing SDNP security operations on incoming and outgoing data packets of multi-route last mile communication Block diagram showing audio, video, text, and file content creation, data packet preparation, data packet recognition, and content playback on an SDNP client device. Explanatory drawing of SDNP data packet explaining encapsulation of hierarchical data using 7-layer OSI model SDNP payload explanation chart Block diagram showing inbound last mile data packet processing in SDNP gateway using tri-channel communication Block diagram showing inbound last mile data packet processing in SDNP gateway using single channel communication Block diagram showing outbound last mile data packet processing in an SDNP gateway using tri-channel communication Schematic diagram of SDNP cloud Example of insecure last mile communication without ID confirmation Insecure last mile communication via conventional telephone system (POTS) without caller ID verification Example of last mile communication with ID verification but not secure Insecure Last Mile Communication Over Analog Public Service Telephone Network (PSTN) With Operator Based Identity Verification Insecure Last Mile Communication over Wired Digital Networks with Login-based or Token-based Identity Verification Insecure Last Mile Communication over Wired Analog Networks with PIN or Credit Card Based Identity Verification Schematic diagram of an example of Hyper Secure Last Mile communication that can support ID verification Hyper-secure last mile communication capable of ID verification via WiFi wireless network Hyper Secure Last Mile Communication with ID Verification over Cellular Wireless Network Hyper secure last mile communication capable of ID verification via Ethernet (registered trademark) wired network Hyper Secure Last Mile Communication with ID Verification over Cable Network Hyper-secure last mile communication that can verify ID by combining cable wired and home WiFi wireless network A schematic diagram of an example of last mile communication including a hyper secure communication section capable of ID verification connected to the final link of a secure LAN paired with an ID Last mile communication including a secure secure wired communication section with ID verification connected to a secure device paired with a wire ID and an insecure device with an unknown ID Last-mile communication including ID-verifiable hyper-secure wired communication section connected to WPA-protected computing and communication devices paired with ID for home and work by WiFi LAN Last-mile communication including ID-verifiable hyper-secure wired communication section connected to a home IoT device protected by WPA and ID paired by WiFi LAN Last mile communication including ID-verifiable hyper-secure wired communication section that is connected to a device protected by WPA, which is ID paired for enterprise by Ethernet (registered trademark) or WiFi LAN. A schematic diagram of an example of last mile communication including an ID verifiable hyper-secure communication section connected to an ID paired secure wired or secure wireless LAN last link Schematic diagram of wired and wireless hyper-secure bridges including Ethernet and WiFi applicable to Storm communication Schematic diagram of wired and wireless hyper-secure bridges using satellite and vehicle networks applicable to last mile communication Schematic diagram of wired and wireless hyper-secure bridge using cable and cellular network applicable to last mile communication Last mile communications including hyper-secure wireless communications with identity verification via satellite uplink and downlink to various devices including satellite phones, planes, trains, ships, and home satellite receivers (set top boxes). An example of last-link hypersecure communication between devices in an in-flight aircraft communication network with satellite connectivity Examples of satellite communication and antenna modules for aircraft An example of last-link hypersecure communication between devices in a shipboard ocean cruise ship communication network with multiple satellite connection channels Example of last-mile hyper-secure communication between devices in an in-vehicle train communication network with wireless and satellite connectivity Hyper-Secure Last Mile Communication to Automotive Telematics Modules Including Cellular Last Link Connection Example of last link communication between telematics modules of a car communication network with a cellular connection and an in-vehicle WiFi connection device Hyper-secure inter-vehicle communication example using a cellular connection Hyper-secure trunk line communication via microwave, satellite and fiber networks Functional comparison of security, identity verification, and caller anonymity for hyper-secure, secure and non-secure communication networks Schematic diagram of single route last mile hyper secure communication using static IP address Schematic diagram of IP stack for single route last mile hyper-secure communication using static IP address Simplified diagram of single route last mile hyper secure communication using static IP address Schematic diagram of single route last mile hyper secure communication using dynamic client IP address IP stack for single route last mile hyper secure communication using dynamic client IP address Alternate IP Stack for Single Root Last Mile Hyper Secure Communication Using Dynamic Client IP Address Schematic of multi-route last mile hyper secure with static IP address IP stack diagram of multi-route last mile hyper secure communication with static IP address using single PHY last link IP stack diagram of multi-route last mile hyper secure communication with static IP address using multi-PHY last link Schematic diagram of multi-route last mile hyper secure communication using dynamic client IP address IP stack diagram of multi-route last mile hyper secure communication with dynamic client IP address using single PHY last link IP stack diagram of multi-route last mile hyper secure communication with dynamic client IP address using multi-PHY last link Schematic of alternative version of multi-route last mile hyper secure communication using dynamic client IP address IP stack diagram of alternative version of multi-route last mile hyper secure communication using dynamic client IP address Explanatory diagram of IPv4 and IPv6 datagrams for Ethernet communication that transmits SDNP payload Explanatory diagram of IPv4 and IPv6 Last Link Ethernet packets used for communication from client to SDNP cloud Explanatory drawing of IPv4 and IPv6 gateway link Ethernet packet used for communication from client to SDNP cloud Explanatory drawing of IPv4 and IPv6 gateway link Ethernet packet used for communication from SDNP cloud to client Explanatory drawing of IPv4 and IPv6 Last Link Ethernet (registered trademark) packets used for communication from SDNP cloud to client Continuous Ethernet data packets used for single-routed last mile communication with static client addressing (summary) Continuous Ethernet data packets used for single-routed last mile communication with dynamic client addressing (summary) Continuous Ethernet data packets used in multi-route last mile communication with static client addressing (summary) Continuous Ethernet data packets used in multi-route last mile communication with dynamic client addressing (summary) Summary table of SDNP last mile routing via Ethernet (registered trademark) Topology for single-route last mile communication via Ethernet Topology for multi-route last mile communication via Ethernet (registered trademark) Topology for multi-route last mile communication via Ethernet (registered trademark) Explanatory diagram of IPv4 and IPv6 for WiFi communication transmitting SDNP payload Explanatory diagram of IPv4 and IPv6 last link WiFi packets used for communication from client to SDNP cloud Explanatory diagram of IPv4 and IPv6 gateway link WiFi packets used for communication from client to SDNP cloud Explanatory drawing of IPv4 and IPv6 gateway link WiFi packet used for communication from SDNP cloud to client Explanatory diagram of IPv4 and IPv6 last link WiFi packets used for communication from SDNP cloud to client Explanatory diagram of IPv4 and IPv6 datagrams for 4G cellular communication transmitting SDNP payload Illustration of IPv4 and IPv6 last link 4G cellular data packets used in communication from client to SDNP cloud Illustration of IPv4 and IPv6 Last Link 4G Cellular Packets used for communication from SDNP cloud to client Illustration of multi-PHY last link communication of single media Illustration of multi-PHY last link communication of mixed media Explanatory diagram of alternative implementation of multi-PHY last link communication Explanatory diagram of continuous last link communication from client to SDNP cloud using IPv6 datagram distributed via Multi-PHY Ethernet (registered trademark) Explanatory diagram of continuous last link communication from client to SDNP cloud using IPv6 datagram distributed via Multi-PHY WiFi Explanatory diagram of continuous last link communication from client to SDNP cloud using IPv6 datagram distributed via multi-PHY 4G cellular network Illustration of continuous last link communication from client to SDNP cloud using IPv6 datagram using multi-PHY delivery over Ethernet and WiFi. Illustration of continuous last link communication from client to SDNP cloud using IPv6 datagram with multi-PHY delivery over WiFi and 4G cellular network. Schematic diagram of OSI layer stack configuration of DOCSIS cable modem communication network showing layer 1 to layer 7 functions Explanatory drawing of DOCSIS3 base communication packet created for cable system transmitting SDNP payload Illustration of spectrum allocation and carrier modulation method of various DOCSIS3 protocols Explanatory diagram of DOCSIS3.1 communication sequence between CTMS and CM Illustration of DOCSIS 3.1 upstream communication Illustration of DOCSIS 3.1 downstream communication Schematic of 3-route SDNP network for last mile communication Schematic diagram of "call request" operation in tri-channel SDNP last mile communication Schematic diagram of "address request" operation in tri-channel SDNP last mile communication Schematic diagram of "address distribution" operation in tri-channel SDNP last mile communication Flowchart showing SDNP command and control packet combining method Schematic diagram of "routing instructions" operation in single-route tri-channel SDNP last mile communication SDNP Client to SDNP Cloud Single Route Tri-Channel SDNP Last Mile Communication "SDNP Call" Operation Schematic Diagram Schematic of last mile 3 route communication to SDNP cloud and SDNP client over SDNP call Schematic of the SDNP cloud and last mile 3 route communication implemented as a "callout" to a non-SDNP client. Schematic diagram of "routing instruction" operation in multi-route tri-channel SDNP last mile communication Schematic diagram of "SDNP call" operation in multi-route 3-channel SDNP last mile communication from SDNP client to SDNP cloud Schematic diagram of "SDNP call" operation in multi-route tri-channel SDNP last mile communication from SDNP cloud to SDNP client Schematic diagram of "routing instruction" operation of group call in single route tri-channel SDNP last mile communication Schematic of "SDNP group call" using SDNP multi-route cloud transport and SDNP last mile communication in the direction from zone U1 clients to clients in other zones Schematic of "SDNP group call" using SDNP multi-route cloud transport and SDNP last mile communication in the direction from zone U7 clients to clients in other zones Schematic of "SDNP group call" using SDNP multi-route cloud transport and SDNP last mile communication in the direction from zone U9 clients to clients in the same zone and other zones Schematic of "SDNP group call" using SDNP multi-root cloud transport and last mile communication for both SDNP client and unsecured PSTN device List of operations for normal calls and private calls in SDNP group calls List of operations for normal and hyper private calls in SDNP group calls List of normal and private push-to-talk operations for SDNP PTT group calls List of normal and hyper-private push-to-talk operations for SDNP PTT group calls Schematic diagram of data transmission during write operation on hyper-secure file storage of fragmented data Schematic diagram of data flow during write operations on hyper-secure file storage of fragmented data Schematic diagram of the data flow for read operations in hyper-secure file storage of fragmented data Schematic diagram of data transmission during read operation on hyper-secure file storage of fragmented data SDNP cloud-connected file storage solution example Schematic diagram of a distributed hyper-secure file storage network including local and cloud connected storage servers. File mapping for non-redundant hyper-secure file storage (RRF=0) File mapping for hyper-secure file storage with read redundancy coefficient RRF=1 File mapping for hyper secure file storage with read redundancy factor RRF=2 Network map of distributed hyper-secure file storage system using tri-channel network communication File write request operation in distributed hyper-secure file storage system File server name request operation in distributed hyper secure file storage system Planning operation of signaling server in distributed hyper-secure file storage system Last mile of client side of signaling server in distributed hyper secure file storage system and write routing instruction of SDNP cloud Storage side last mile of signaling server and write routing instruction of SDNP cloud in distributed hyper secure file storage system File transfer with distributed hyper-secure file storage system Link response confirming file storage and write operations in a distributed hyper-secure file storage system Link transfer of file storage server in distributed hyper secure file storage system File storage server write confirmation data packet including FS link Synthesizing file storage read link in client SDNP messenger File map of non-redundant RRF=0 hypersecure file storage and LRF=0 non-redundant FS link File map of hyper-secure file storage with non-redundant RRF=0 and redundant FS link with LRF=1 Non-redundant RRF=1 Hyper Secure File Storage and LRF=1 Redundant FS Link File Map Graph showing storage resilience as a function of number of file storage servers and client FS links Schematic diagram of SDNP encoding and SDNP decoding functions Schematic diagram of SDNP distributed file storage with file security and hyper secure file transmission function on client side Schematic diagram of SDNP distributed file storage with nested file security and hyper-secure file transfer function Schematic diagram of hyper-secure encoding in SDNP distributed file storage write operation Schematic diagram of hyper-secure decoding in read operation of SDNP distributed file storage Flowchart of AAA operation in hyper secure file read operation Flowchart of file access and SDNP transmission in hyper secure file read operation File read request operation in distributed hyper secure file storage system File Storage Server Name Request Operation in Distributed Hyper-Secure File Storage System Storage server name distribution and signaling server planning operation in distributed hyper-secure file storage system Read instruction of storage server last mile and SDNP cloud routing of signaling server in distributed hyper secure file storage system Last-mile of client side of signaling server and read routing instruction of SDNP cloud in distributed hyper-secure file storage system Storage-side file decoding during read operation in distributed hyper-secure file storage system File data transfer during read operation in distributed hyper-secure file storage system File data transfer during link update in distributed hyper-secure file storage system File data transfer with distributed hyper-secure file storage system used for file redistribution SDNP text messaging timestamp SDNP registration communication flow chart End-to-end encryption in Internet OTT communication End-to-end encryption for hyper-secure communication Schematic diagram of an "SDNP call" operation by an SDNP security agent performing invisible monitoring of outgoing calls Schematic diagram of an "SDNP call" operation by an SDNP security agent performing invisible monitoring of incoming calls. Transferring file storage server links in a distributed hyper-secure file storage system with SDNP security agent that secretly monitors FS link routing Schematic diagram of "SDNP call" operation by SDNP security agent that secretly monitors outgoing calls using multi-route last mile communication Flowchart of SDNP security agent designation/approval procedure Communication from mobile phones to base stations affected by SS7 vulnerability SDNP communication to repel SS7 attacks by disguising phone numbers SDNP Softwitch-based cloud connectivity hosted on individual servers SDNP Softswitch-based cloud connectivity hosted on shared server SDNP Softswitch-based cloud connectivity hosted on overlapping networks SDNP Softswitch-based cloud connectivity to access global SDNP cloud carriers Example of nested SDNP subnets

  After about a century and a half of circuit-switched telephones, today's communication systems and networks all carry Ethernet, WiFi, 4G/LTE, and DOCSIS3 data over cable and optical fiber within the last decade. Moved to packet-switched communication using Internet Protocol. The benefits of lumping voice, text, images, video, and data together with the use of redundant paths to ensure reliable IP packet delivery (that is, why the Internet was first created) are at an unparalleled level. There are many such things as system interoperability and global connectivity. However, with any innovation, the challenges posed by new technologies are often about the same as the gains.

Cons of existing telecommunications providers

  As detailed throughout the background section of this disclosure, today's communications have many drawbacks. Today's highest performance consisting of custom digital hardware owned by the world's major long distance carriers such as AT&T®, Verizon®, NTT® and Vodaphone® Communication systems generally provide good voice quality but are costly, and such costs include expensive monthly fees, connection charges, long distance charges, complex data rate plans, long distance roaming charges, And many service charges are included. Because these networks are private, the actual data security is not generally known, and security breaches, hacks, and intrusions are usually not reported. Given the number of eavesdropping and privacy breaches reported in today's press, private carrier communications security remains suspicious, at least for last mile connections, if not private clouds.

"Internet service providers" or ISPs form another link in the global communication chain. As described in the background of the invention, voice carried over the Internet using VoIP or "Voice over Internet Protocol" suffers from quality of service or QoS issues. Such problems include the following.
The packet-switched network, the Internet, is not designed to deliver IP packets in a timely manner, and is not designed to support low latency, high QoS real-time applications.
• When an unexpected route occurs in the routing of IP packets, the delay is constantly changing, bursts with high data error rates occur, and unexpected call disconnects occur.
• IP packet routing is at the discretion of the Internet Service Provider (IPS), which controls the network to which the packet is routed, at the expense of its own loss of general traffic connection quality through the network. There are cases where routing is adjusted to distribute the load on the network and appropriate services are provided to VIP clients.
Over-the-top or OTT providers such as LINE(R), KakaoTalk(R), Viber(R), freeride to the Internet and act as an Internet hitchhiker, affecting networks and QoS You cannot control the factor.
• Heavyweight audio CODEC is used that cannot provide uncompromised voice quality voice at moderate data rates.
-For VoIP based on the TCP transport protocol, the delay time increases due to the delay caused during handshaking and rebroadcasting of IP packets, causing a problem of voice degradation. Unassisted UDP transport does not guarantee payload integrity.

Apart from the QoS issue, current device and network security is quite unacceptable to support future needs of global communications. Network security, as detailed in the Background section of the US patent application entitled Secure Dynamic Communication Networks and Protocols, refers to cyber attacks on communicating devices (spyware, Trojan horses, infections, phishing, etc.). , Cyber-attacks on the last link (including spyware, IP packet sniffing, eavesdropping, call interception of "fake" cell phone towers by cyber pirates), and cyber-attacks on the local network of the last mile connection and on the telco part (spyware, It is vulnerable to large-scale attacks such as IP packet sniffing, virus infection, and cyber pirates'"middleattack"). The cloud itself prevents unauthorized access by breaching security at any cloud gateway through attacks such as infections by viruses, attacks from cyber pirates that launch intermediate attacks, denial of service attacks, and attacks from unauthorized government surveillance. There is a possibility of receiving. In summary, today's communication security is easily exploited by cybercriminals and compromised by a number of vulnerabilities useful in cybercrime and cyber privacy breaches, including:
Disclosure of the destination of the IP packet including the destination IP address, the destination port number, and the destination MAC address.
Disclosure of the source of the IP packet, including the source IP address, source port number, and source MAC address.
Disclosure of the type of Layer 4 transport adopted, the type of service requested by the port number, the application data encapsulated in the payload of the IP packet.
• Payload of IP packets, including personal and confidential information, login information, application passwords, financial records, videos, photos, etc. in unencrypted files.
A communication dialog that allows cyber hackers to repeat the opportunity to destroy encrypted files.
Numerous opportunities to install malware, including spyware, phishing programs, and Trojans, on communication devices and routers using FTP, email, and webpage-based infections.

  To recapitulate the fundamental and essential weaknesses of packet-switched communication networks that use the Internet Protocol, from any IP packet intercepted by any adversary, namely Cyber Pirates, which device was used to create the data contained in the IP packet? Were involved, where the IP packet came from, where the IP packet was sent, how the data was transferred (ie either UDP or TCP), what kind of service was requested Can be confirmed (that is, what kind of application data is included in the payload). In this regard, cyber pirates can determine the "content context" of a conversation, increase the chances of breaking encryption, break password security, and gain unauthorized access to files, data, and payload content.

  encryption

  As mentioned above, in order to defend against various cyber attacks, current network administrators, IT professionals, and application programs rely mainly on encryption, the only defense. Cryptography refers to "ciphertext" in which recognizable content (also known as "plaintext") (readable text, executable programs, visible video and images, or clear audio) is displayed as a string of meaningless characters. Is a means of converting to an alternative file type known as.

  The encryption process that transforms an unprotected file into an encrypted file does not reveal the apparent pattern of the encryption conversion process, and it is a logical algorithm called a cryptographic algorithm that changes the data into equivalent textual elements. Is used. The encrypted file is transmitted over the communication network or medium until it is received by the destination device. Upon receiving the file, the receiving device then decodes the encoded message to reveal the original content using a process known as "decoding". The study of encryption and decryption is broadly called "cryptography" and fuses mathematical elements such as mathematical theory, set theory, and algorithm design with computer science and electrical engineering.

  Simple "single key" or "symmetric key" encryption techniques allow a single keyword or phrase that both parties know in advance for unlocking during the file encryption and decryption process. For example, in World War II, submarines and marine vessels communicating over publicly available radio channels used encrypted messages. Initially, encryption was single key based. Allied cryptographers could unknowingly read the encrypted file after revealing the encrypted keyword or pattern by analyzing the code pattern. As encryption methods became more complex, it became difficult to break code manually.

  The code has evolved into mechanical, machine-based cryptography. At that time, the only way to break the code was to steal an encryption machine and use the same tools that used to encrypt files to decrypt messages. The problem was how to steal an encryption machine without being detected as stolen. If the code machine turns out to be stolen, the adversary simply changes the code and updates the already working cryptographic machine. This principle is still valid today, and the most effective cyber attacks are undetected cyber attacks.

  With the advent of computerization and the Cold War, encryption has become more complex, but so has the speed of computers used to decipher encrypted codes. At each step in the development of secure communications, the technology and know-how for encrypting information and the ability to decipher the encryption code have been developed almost in line. The next big evolutionary step in cryptography is the innovation of the 1970s dual-key cryptography technology still in use today. One of the best known dual key cryptosystems is the RSA public key cryptosystem, named after the developers Rivest, Shamir, and Adleman. Despite the RSA's public recognition, some of the same-era developers invented the same principles independently. RSA uses two cryptographic keys based on two large non-public prime numbers. One algorithm is used to convert these two prime numbers into a cryptographic key (herein called E-key) and different to convert two different secret prime numbers into a secret decryption key (herein called D-key). A mathematical algorithm is used. An RSA user who chooses a secret prime (referred to herein as a "key issuer") distributes the E-key generated by the 1024b to 4096b algorithm to the person attempting to encrypt the file, i.e. " Publish. The E-key is known as the "public key" because this key may be distributed to many parties in unencrypted form.

  A party wishing to communicate with a key issuer uses this public E-key with a publicly available algorithm commonly provided in the form of commercial software to encrypt files sent to a particular key issuer. To do. Upon receiving the encrypted file, the key issuer decrypts the file using the secret D-key and returns it to plaintext. A unique feature of the general dual-key scheme and the RSA algorithm is that the public E-key used to encrypt the file cannot be used for decryption. Only the secret D-key owned by the key issuer has the ability to decrypt the file.

  The concept of dual-key, split-key, or multi-key exchange in file encryption and decryption is not particularly limited to RSA or any algorithmic method, but methodically identifies the communication method as a series of steps. Let's use dual key exchange to realize the communication through the switch packet communication network. For example, a notebook wishing to receive a secure file from a mobile phone will first generate two keys, an E key for encryption and a D key for decryption using some algorithm. The notebook then sends the E-key to the mobile phone using public network communication carrying IP packets. The IP packet is in unencrypted form, along with the MAC address, IP source address and port address of the notebook, the destination IP address of the mobile phone, port # and transport protocol TCP, and the E key as its payload. Contains an encrypted copy.

  The mobile phone then uses the agreed encryption algorithm or software package to process the plaintext file using the encryption algorithm and the encrypted E-key to provide the payload of the IP packet in the secure communication. Send an encrypted file, that is, a ciphertext, carried from the mobile phone to the notebook. When the algorithm receives an IP packet, it decrypts the file using a secret decryption key, the D key. Since the D key corresponds to the E key, the algorithm essentially recognizes both keys and uses both keys to decrypt the ciphertext and return it to plaintext 697B, which is not encrypted. The payload of the IP packet 696 is protected in the form of an encrypted file, i.e. ciphertext, while the rest of the IP packet is unencrypted, sniffable and readable by Cyber Pirates. Includes the source IP address “CP” and port #, the destination IP address “NB” and related port #. Therefore, the communication can be monitored even if the payload itself cannot be opened.

  Virtual Private Network (VPN)

  Another security method that relies on encryption is the "virtual private network" or VPN security method. In VPN, a tunnel or a secured pipe (secure pipe) is formed in a network using encrypted IP packets. Another unencrypted IP packet that acts as a mule or carrier that sends the encapsulated packet from one VPN gateway to another, with the entire IP packet encrypted rather than just the payload encrypted Encapsulated in. Originally, VPNs were used to connect remotely distributed local area networks, where, for example, companies operating private networks in New York, Los Angeles, and Tokyo interconnected LANs into one global network. It was used when we wanted to have the same functionality as if we were sharing a private network.

  The basic VPN concept can be considered as encrypted communication between two devices. For example, a first server includes a "virtual private network" containing content as part of a LAN that supports multiple devices via wireless RF and wired connections, or a second via a VPN tunnel. Second server has a wired connection to desktops, notebooks, and WiFi base stations. In addition to these relatively low bandwidth links, the first server also connects to the supercomputer via a high bandwidth connection. The resulting communication is a sequence of multiple data packets including the VPN packet in the external IP packet. During operation, an external IP packet from server A that specifies a source IP address and port # is sent to server B with a destination IP address and port #. This external IP packet sets up communication between the first server and the second server and forms an encrypted tunnel for the data to pass. The VPN payload of the external packet contains a last mile IP packet, with a desktop having a source IP address "DT" and a corresponding ad hoc port #, and a notebook having a source IP address "NB" and a corresponding ad hoc port #. It provides direct communication between and requests for file transfers.

  To securely establish this transfer using a virtual private network, a VPN tunnel is created and the session is started before the actual communication is sent. For corporate use, VPN tunnels are not carried ad-hoc over the Internet, but are typically operated by dedicated ISPs or carriers owning their fiber and hardware networks. The carrier often has annual or long-term contracts with companies that require VPN services to guarantee a certain bandwidth for a fixed cost. Ideally, server-to-server communication should be performed using high speed dedicated links, without intermediate or "last mile" connections that compromise VPN performance, QoS, or security.

  In operation, conventional VPNs require a two-step process: the first step of creating or "logging in" a VPN and the second step of transferring data within a secure pipe or tunnel. The concept of tunneling is shown hierarchically, with external IP packets carried by the communication stack forming a VPN connection from layer 1 to layer 4 and using layer 5 to create a virtual VP session 723. It uses 6 presentation layers to facilitate encryption and implements a VPN gateway to gateway pipe between servers. Although VPN connections use the Internet Protocol to send IP packets, the physical layer 1 and VPN data link layer 2 of VPNs are generally supported by dedicated carriers and do not use unpredictable routing over the Internet. For example, the application layer 7 data transferred as device-to-device communication between desktops is supplied as tunneling data including all 7 OSI layers required to establish communication as if the VPN does not exist. In other words, VPN can be considered as a communication protocol that operates within Layer 7 that carries its internal packets.

  In operation, when an external IP packet moves from one communication stack to another, the true message of the packet, the encapsulated data, is opened for disclosure. In this way, end-to-end communication takes place regardless of the details used to create the VPN tunnel, except that the VPN tunnel is formed prior to the communication attempt and must be closed after the conversation has ended. .. If the VPN tunnel is not opened first, transmission of unencrypted IP packets that is susceptible to eavesdropping, hijacking, infection, etc. of IP packets will occur. Failure to close the VPN after the conversation is complete will give cybercriminals the opportunity to hide illegal activities within others' VPN tunnels and, if intercepted, impose criminal penalties on innocent people. Could be.

  VPNs are a common method for multiple private local area networks to connect to each other using private connections with dedicated capacity and bandwidth, but using VPNs over public networks and the Internet is a way of communicating between them. I have a problem. One problem with VPNs is that VPN connections must be pre-established prior to use, rather than on a packet-by-packet basis. For example, in a VoIP call connected via a packet switched network, a VPN session must be established before one cell phone contacts the intended call recipient of a second cell phone. For that purpose, first, the VPN connection application must be installed in the mobile phone of the caller's mobile phone. The caller then sends an IP packet to the VPN host, which is typically a service provider. These packets are carried in the last mile that can be traversed via routing. For example, the wireless communication of a mobile phone is carried to a nearby WiFi base station, then sent to a local router by wired communication, and finally reaches a VPN host. When a session is established between the caller's cell phone and the VPN host, the caller's cell phone instructs the VPN host to establish a VPN tunnel. Portions of this VPN tunnel are promoted at layer 5 and encrypted by layer 6.

  Once the VPN connection is set up, the caller's cell phone makes a call via any VoIP phone app. If the destination phone is not connected to the same VPN, the application needs to establish a "call out" link last mile from the nearest VPN host to the destination mobile phone. If the VoIP application is unable or not allowed to do that, the call fails and ends immediately. Otherwise, the inside IP packet establishes an application layer 5 session between the calling mobile phone and the destination mobile phone to ensure that the IP test packet is properly decrypted and understandable.

  To make a call (make a call), the SIM card of the phone carrier inside the phone is not compatible with the VPN tunnel, so the call is not made from the phone's normal dial-up functionality, but rather at the layer the phone is running on. Must be from 7 applications. When a call is initiated, the mobile phone sends a series of IP packets representing a small piece of voice or "snippet" according to its communication application. These packets are sent from the application in the caller's mobile phone to the WiFi base station via the WiFi link, then to the router via the wired connection, and finally to the VPN host via the wired connection. Next, the data is transmitted to the destination device of the VPN network, that is, the VPN gateway, while securing the security by connecting to the VPN host through the VPN tunnel. In this example, the VPN tunnel is not connected to the destination cell phone and stops in front of the device being called. After the VPN gateway, the data is not encrypted because the VPN carrier does not mediate. Once out of the VPN tunnel, the VPN host forwards the data to the destination device's last mile connection. That is, data is sent to the router via a wired connection, to the local mobile phone system and the tower via a wired connection, and the tower makes a call as a normal 2G, 3G or 4G telephone call. The process of making a call from a mobile phone app to a phone that is not running the same app is called the callout function.

  The example below highlights another problem in connecting to a VPN over a public network. The last mile link from the VPN host to the caller does not guarantee security, performance or call QoS as it is not covered by the VPN. Specifically, caller last mile connections are all subject to eavesdropping and cyber attacks. When the call is complete and the caller hangs up, the VPN link must be terminated, VPN layer 5 terminates the VPN session, and the caller's cell phone disconnects from the VPN host.

The application of VPN networks created for data transfer between computers creates a number of problems.
-Last mile communication from the destination VPN network to the destination mobile phone is not secure and there is a risk of sniffing or monitoring.
-The communication between the caller's mobile phone and the VPN gateway can be secured only when the caller uses a data communication application. If the caller uses a telephone line to connect to the VPN gateway, that is, using the dial-in feature, the last mile connection between the caller's mobile phone and the nearest VPN gateway is not secure and sniffing and monitoring. There is a risk that
-The final call between terminals can be secured only when both terminals are using data communication, and cannot be secured when using a telephone line. In addition, both terminals are required to connect to the same VPN in advance before starting a call.

  This last point is a paradox of VPN communication. The person who receives the call must know that it will be called and connect to the network in advance. You must be notified in advance that you will receive a call and instructed you to connect to your VPN before making a call. That is, you must first receive an unsecured phone call before making a secure call. Insecure calls are easily hacked, sniffed and monitored. Also, the metadata reveals who called who and when the call was made. Call metadata can be very useful for hackers to learn about the activities and profiles of people being hacked.

However, even excluding security concerns, there is no guarantee that making a call or sending a document over a VPN will not fail for some reason, including the following:
-VPN may not operate with low enough latency to support real-time applications, VoIP, or video.
The VPN last mile connection from the caller to the VPN gateway or from the VPN gateway to the call recipient may not operate with low enough latency to support real-time applications, VoIP or video.
• The distance to the closest VPN gateway to the caller or intended recipient, or “last mile”, may be too far, possibly farther than the distance to the call recipient without a VPN This can provide numerous opportunities for network instability, uncontrolled routing by unknown networks, variable QoS, and man-in-the-middle attacks on the unprotected part of the connection.
The VPN last mile connection from the VPN gateway to the call recipient may not support "call out" connections and packet forwarding or support links to the local telephone company.
• Local carriers or government censors may block calls or connections to or from known VPN gateways for national security or regulatory reasons.
• With corporate VPN, VoIP calls are restricted to company employees and designated authorized users, financial transactions and video streaming are blocked, private mail to public mail servers such as Yahoo, Google, etc. May be blocked, or YouTube®, chat programs, Twitter, etc. may be blocked according to company policy.
• In an unstable network, the VPN may be opened and hold a persistent session connected to the caller's device until manually reset by the VPN operator. This can result in lost bandwidth for subsequent connections or high connection charges.

  Network comparison

  Comparing the communication provided by "over-top" or OTT providers to a communication system that uses public networks to connect to ad hoc VPNs, apart from the VPN link itself, most of both communication systems connect with approximately the same components. have. Specifically, the caller's last mile, including cell phone, WiFi wireless connection, WiFi base station, wired connection, and router, represents the same last mile connection in both implementations. Similarly, in the other party's last mile, the caller's cell phone, cell phone connection, cell phone base station and tower, wired connection, and router are identical in both the Internet and VPN versions. The main difference is that in a public network, the VPN tunnels that make up secure communication between VPN hosts are replaced by servers and routers that make up unsecured communication connections. Another difference is that in OTT communication, the call is immediately available and the VPN add step has to be used to set up the VPN and terminate the VPN session before and after the call.

  In both cases, the last mile connection introduces unexpected call QoS, packet sniffing, and risk of cyber attacks. Servers and routers are likely to be managed by different ISPs in different locations, so they can be interpreted as different existing clouds. For example, the public networks owned and operated by Google, Yahoo, Amazon, and Microsoft are linked to each other by the Internet, but, for example, “Amazon cloud” can be regarded as different clouds from each other.

  Peer-to-peer networks (PPNs), which is a relatively unpopular competing network topology, includes networks consisting of multiple peers with packet routing managed by the PPN rather than by routers or ISPs. Peer-to-peer networks have been in hardware for decades, but it was Napster that popularized the concept as a way to circumvent Internet service provider administration, cost, and regulation. When sued by US government regulators for music piracy, Napter's founder stopped it and entered the early OTT career Skype. At that time, Skype's network was converted from a conventional OTT to a Napster-like PPN.

  In PPN operation, all devices making login connections to the PPN become one node joining the PPN. For example, in a region, when a mobile phone with PPN software installed logs into a peer-to-peer network, it becomes part of the network like all other connected devices in the region. A call invoked by either device hops from one device to another device to reach another PPN connected device that is the destination. For example, if a mobile phone uses its PPN connection to call another PPN connected device (eg, a destination mobile phone), the call is diverted through any device physically located in the PPN between the two parties. Connect along the route. For example, a call originating from one mobile phone may be sent by WiFi to a nearby desktop via a WiFi base station, then to another person's notebook, then from one desktop to another desktop, and finally to a mobile phone base station and Connect to the destination mobile phone through the tower. In this way, all routing was controlled by the PPN and the Internet was not involved in managing the routing. Used by both parties, the PPN software used to connect to the network also functions as an application for VoIP-based voice communications.

  When a cell phone attempts to call a cell phone on a non-PPN device on the other side of the world, routing must include the Internet on some links, especially to send packets across the sea or mountains. There is. The first part of the routing in an area begins with the caller's cell phone and is routed through the WiFi base station, desktops, notebooks, and even multiple desktops, as in the previous example. At this point, if the nearest notebook is connected to the network, the call will be routed through it, otherwise the call will be routed through the cell phone base station and tower to the destination cell phone, then After being returned to the mobile phone base station and tower, it is sent to the destination.

  If the call is trans-Pacific, computers and cell phones cannot transport traffic at sea, so the call is routed to a third-party server/router in the cloud, and a third-party server in another cloud / Will inevitably be routed to the Internet through a connection to the router. For example, upon approaching the destination, the call exits the Internet and first enters the PPN in the destination area via the desktop and connects to WiFi, notebooks, and base stations. Since WiFi does not run the PPN app, the actual packet that goes into WiFi moves to either a tablet or a mobile phone that is in the WiFi subnet and returns to WiFi before being sent to the mobile phone base station and tower via a wired connection. It must be. Finally, the caller's cell phone call connects to a destination cell phone that is not a PPN enabled device. This leaves the PPN network so that the connection constitutes a "callout" of the PPN. When such a PPN method is used, the calling device is registered in the PPN network by first completing the PPN login like VPN. The PPN app can then be used to make a call. The advantage of the PPN method is that it requires little or no hardware to make long distance calls, and that all devices connected to the PPN update the PPN operator on a regular basis regarding its status, load and latency. As such, the PPN operator can make routing decisions on packets to minimize delays.

  The drawback of this scheme is that the packet traverses a network that contains many unknown nodes that pose a potential security threat and have unpredictable effects on call latency and call QoS. Therefore, in packet switched communication networks, except for Skype, peer-to-peer networks that operate in Layer 3 or higher are not generally adopted.

  An overview of a comparison of ad hoc VPN providers, Internet OTT providers, and PPN peer networks is shown in contrast in the table below.

  As mentioned above, the VPN and the Internet constitute a fixed infrastructure, but the nodes of the peer-to-peer network depend on the logged-in user and the device connected to the PPN. From the contents of this table, high speed long haul connections of networks (e.g., networks across oceans and mountains) are contractually warranted only for VPNs and otherwise unpredictable. The last mile bandwidth depends on the local provider, both Internet and VPN providers, but for PPN it depends entirely on who is logged in.

  Latency, the propagation delay of consecutively sent IP packets, cannot be managed by OTT and VPN because it depends on the local carrier or network provider rather than the provider controlling last mile routing. PPN, on the other hand, has limited capabilities, using best effort to transfer traffic between nodes that are online in that time zone of a particular region. Similarly, for network stability, the PPN has the ability to reroute traffic to maintain the network, but depends on who is logged in. On the other hand, the Internet is redundant by nature, and although it is almost certain to guarantee delivery, it is not always delivered in a timely manner. Ad hoc VPN network stability depends on the number of nodes allowed to connect to the VPN host. If these nodes go offline, the VPN will be disabled.

  From a call setup perspective, the Internet is always available, the PPN requires the extra step of logging into the PPN before making a call, and the VPN may involve a complex login procedure. Also, most users find the functionality used by the OTT phone number to be useful from a standpoint of ease of use, rather than another login ID used in VPN or PPN. All three networks listed are plagued by variable VoIP QoS, which is typically much slower than using commercial carriers.

  From a security perspective, all three options are bad and the last mile is completely exposed to packet sniffing with readable addresses and payloads. Although VPN provides encryption for cloud connections, it still exposes the IP address of the VPN host. As a result, none of the network options shown are considered secure. Therefore, encryption is used in various applications as a layer 6 protocol or as an embedded part of the layer 7 application itself to prevent hacking and cyber attacks.

  Excessive trust in encryption

  Whether encrypting IP packets or establishing VPNs, current network security relies only on encryption, which is one of the weaknesses of modern packet-switched communication networks. For example, much work has been done on how to attack RSA encryption. Limiting the prime number to a large size greatly reduces the risk of breaking the decrypted D-key code using brute force, but polynomial factorization solves the key based on a smaller prime-based key. It proved to be successful. With the evolution of "quantum computing," there is concern that cyber attacks will occur in a reasonable amount of time, leading to a practical way to destroy RSA-based encryption keys and other encryption keys.

  To counter the risk of existing code corruption, new algorithms and "bigger key" encryption schemes such as the "Advanced Encryption Standard" (AES encryption) adopted by US NIST in 2001 Has appeared. Based on the Rijndael cipher, a design principle known as substitution substitution network combines both substitution and substitution using different key and block sizes. In its current form, the algorithm adopts a fixed block length of 128 bits and a variable key length of 128 bits, 192 bits and 56 bits, and the corresponding round number used in the input file conversion is 10 bits. , 12 and 14 times. As a practical matter, AES encryption can be efficiently and quickly performed in software or hardware for keys of arbitrary length. In cryptography, AES-based encryption using a 256-bit key is called AES256 encryption. AES512 encryption using a 512 bit key is also available.

  While each new generation creates better encryption methods and raises the bar of cryptography to break them faster, profitable cybercriminals simply use computing to break encrypted files. Often focus on the goal rather than using. As mentioned above, cyber pirates can use packet sniffing and port scanning to gain valuable information about conversations, corporate servers, or VPN gateways. By cyber profiling, it may be easier to launch a cyber attack on corporate CFO or CEO personal computers, notebooks, and mobile phones instead of attacking the network itself. When you open an embedded link and send an email to an employee that automatically installs malware or spyware, the employee enters the network from the "inside" they need to connect and work with, ensuring complete firewall security. Will be diverted to.

  Even if the data does not change, that is, statically passes through the network, there is an increased risk of breaking the encryption. For example, in the network of FIG. 1, the underlying data in packets 790, 792, 794, and 799 remains unchanged as the packet travels through the network. Each illustrated data packet contains a sequence of temporally ordered data or voice that is unchanged from its original order at the time of creation. If the content of the data packet is in text format, reading an unencrypted plaintext file of sequence 1A-1B-1C-1D-1E-1F yields "readable" text with communiqué number "1". If the content of the data packet is voice, the unencrypted plaintext file in sequence 1A-1B-1C-1D-1E-1F is converted to the corresponding voice codec (essentially software-based D/A converter). When converted, that is, "reproduced", the audio becomes the audio file number "1".

  In any case, throughout this disclosure, each data slot represented by a fixed size box has a predetermined number of bits, eg, 2 bytes (2B) in length. The exact number of bits per slot can be varied flexibly as long as each communication node in the network knows the size of each data slot. Included in each data slot is audio, video, or text data, which is identified in the drawing by a number followed by a letter. For example, as shown, the first slot of data packet 790 includes content 1A, where the number "1" indicates a particular communication #1 and the letter "A" is the first of the data for communication #1. Represents a part. Similarly, the second slot of data packet 790 contains content 1B, where the number "1" indicates a particular communication #1 and the letter "B" represents a second portion of the data for communication #1. It is after 1A in sequence.

  For example, if the same data packet contains the content “2A”, the data represents a different communication unrelated to the communication #1, specifically, the first packet “A” in the communication #2. In the case of a data packet group including the same type of communication, for example, when all the data is for communication #1, it is easier to analyze and read than a data packet in which different communication is mixed. By arranging the data in the proper order, cyber attackers can easily interpret the nature of the data such as voice, text, graphics, photos, videos, and executable code.

  Further, in the illustrated example, the source and destination IP addresses of the packet are constant, that is, the packet remains unchanged during transfer through the network in the same format as the data entering and leaving the gateway servers 21A and 21F. And because the underlying data doesn't change, hackers have more chances to intercept the data packet and parse and open the file, or listen to the conversation. Mere transmission and simple security, that is, security that only uses encryption to protect, increases the chances of a cyber attack. This is because the use of the extremely simplified Internet as a packet-switched network increases the possibility of successful cyber attacks.

Secure real-time network and connected devices

New and innovative for controlling IP packet routing to improve quality of service (QoS) for telephone, video, and data communications while addressing the excessive security vulnerabilities that plague today's packet-switched networks. There is a need for a systematic approach, one that manages a global network containing individual technologies while at the same time facilitating end-to-end security. The goals of such a packet switched network of the present invention include the following criteria.
1. Ensuring global network or long distance carrier security and QoS, including dynamically managing real-time voice, video, and data traffic routing throughout the network.
2. Guarantee the security and QoS of the "local network or telephone company" in the last mile of the communication network.
3. Guarantee the security and QoS of the "last link" of the communication network, including the provision of secure communication for unsecured lines.
4. Authenticate users to ensure the security of their communication devices and prevent unauthorized or unauthorized access or use.
5. To facilitate the implementation of secure means of storing data on a device or online network or cloud storage to prevent unauthorized access.
6. To provide security and privacy protection for non-public personal information, including all financial, personal, medical and biometric data and records.
7. To provide security and privacy protection for all financial transactions including online banking, shopping, credit cards and electronic payments.
8. Provides security, privacy, and optionally anonymity for transactions and information exchanges, including M2M (Machine to Machine), V2V (Vehicle to Vehicle), V2X (Vehicle to Infrastructure) communications thing.

  Of the above goals, the inventive subject matter included in the present disclosure is the second topic set forth in item #2, namely, "Guaranteing the security and QoS of the local network or telephone company in the last mile of the communication network." Regarding This topic can be thought of as providing last-mile connection security without sacrificing real-time communication performance.

  Explanation of terms

  Unless the context requires otherwise, the terms used in describing secure dynamic networks and protocols have the following meanings.

  Anonymous data packet: A data packet that lacks information about the original source or final destination.

  Client or Client Device: A terminal that connects to the SDNP cloud via Last Mile. Usually a mobile phone, tablet, notebook, desktop, or IoT device.

  Concealment: The process of encoding by using a combination of security operations such as scrambling, splitting, junk data insertion, encryption, etc., to make the contents of an SDNP packet or part thereof unrecognizable.

  Decryption: A mathematical operation used to transform a data packet from ciphertext to plaintext.

  Non-aggregated data storage: The process of fragmenting a data file and hiding its contents before storing multiple fragmented files on different data storage nodes.

  MZ Server: A computer server that is not directly accessible from the SDNP network or the Internet used to store selectors, seed generators, key generators and other shared secrets. The DMZ, also called an "air gap" server, refers to a computer that does not have a wired network connection or access.

  Dynamic encryption/decryption: encryption and decryption that relies on keys that change dynamically as data packets pass through the SDNP network.

  Dynamic Mixing: A mixing algorithm (the inverse of the split algorithm) that mixes dynamically as a function of seed based on the time, state, and state of the mixed data packet when it is created. Process.

  Dynamic scrambling/unscrambling: scrambling and unscrambling that depends on algorithms that change dynamically depending on the state, such as when the data packet was created and the zone in which it was created.

  Dynamic segmentation: A segmentation process in which the segmentation algorithm dynamically changes as a function of seed based on the time, state, zone, and other conditions when a data packet is divided into multiple subpackets.

  Encryption: A mathematical operation used to convert a data packet from plaintext to ciphertext.

  Fragmented data transfer: Routing split and mixed data over SDNP networks.

  Junk Data Deletion (or "Dejunking"): The removal of junk data from a data packet, either to restore the original data or to restore the original length of the data packet.

  Junk Data Insertion (or “Junking”): The intentional introduction of meaningless data into a data packet to obfuscate the actual data content or to control the length of the data packet.

  Key: A spoofed digital value generated by entering a state, such as time, into a key generator that uses a secret algorithm to generate a key. The key is used to select the algorithm that encrypts or decrypts the data in the packet from the selector. The key can be used to securely pass state information over public or unsecured lines.

  Key Exchange Server: The public encryption key is chosen by the client (especially for client-managed key management, ie client-based end-to-end encryption) to prevent possible network operator spying. A third-party hosted computer server independent of the SDNP network operator used to distribute to servers that use symmetric key encryption accordingly.

  Last Link: The network connection between the client's device and the first device in the network with which it communicates (usually a wireless tower, WiFi router, cable modem, set-top box, or Ethernet connection). In the case of Ethernet (registered trademark) communication, the last link indicates the one physically connected by a cable to a cable modem or a fiber optic modem. In the case of a WiFi connection (eg a coffee shop connection), the last link indicates that the WiFi router is connected to a DSL, cable or fiber optic network. In the case of wireless cellular networks, the last link refers to the wireless link (eg 3G or 4G/LTE connection) between the cellular tower and the mobile phone.

  Last Mile: A network connection between the SDNP gateway (or other type of network or cloud) and the client, including the last link. Last Mile typically refers to communication over networks owned and controlled by local telephone companies and cable television companies (eg, Comcast Cable, Verizon Mobile, Korea Telecom, British Telecom, etc.).

  Mixing: Combining data from different sources and data types to produce one long data packet (or series of shorter subpackets) with unrecognized content. In some cases, the previously divided data packets may be mixed to restore the original data content. Mixing operations may also include junk data insertions, deletions, and parsing.

  Multiple PHYs or multi-PHYs: Refers to communications that alternately transfer related sequential data packets over multiple physical media (optical fiber and 4G, different WiFi channels and wavenumbers, 4G and WiFi, Ethernet and WiFi, etc.). ..

  Parsing: A mathematical operation that divides a data packet into shorter subpackets for storage or transmission.

  Router: A device that routes datagrams to a destination address specified in an IP header. For data routing outside the SDNP network, the IP address used is either a valid Internet IP address (ie, an address recognized by the DNS server) or a local network provider (eg, cable/own owned by Comcast). It may be a NAT address assigned by an IP address inside the comcast for communication in the optical fiber network.

  Scramble: An operation in which the order or sequence of data segments within a data packet is changed from its natural order to an unrecognizable form.

  Fragmentation: An operation in which a data packet (or series of serial data packets) is divided into multiple subpackets and routed to multiple destinations. The split operation may also include the insertion or deletion of junk data.

  Softswitch: Software that contains executable code that performs the functions of a communications switch and router.

  SDNP: An acronym for "Secure Dynamic Network and Protocol" which refers to a highly secure communication network made in accordance with the present invention.

  SDNP Address: The address used to route SDNP packets through the SDNP cloud or last mile. This address is the ad hoc IP address of the next destination device, ie it contains the information needed only to perform a single hop.

  SDNP Management Server: A computer server used to distribute executable code and shared secrets globally or in specific zones.

  SDNP bridge node: An SDNP node that connects one SDNP cloud (or zone) to another SDNP cloud (or zone) with different security credential information.

  SDNP Client or Client Device: A network-attached device (typically a mobile phone, tablet, notebook, desktop, or IoT device) that runs SDNP applications to connect to the SDNP cloud, which typically connects through the last mile of the network. ).

  SDNP cloud: A network of interconnected SDNP servers running softswitch executable code to perform SDNP communication node operations.

  SDNP gateway node: An SDNP node that connects the SDNP cloud to client devices through the last mile. The SDNP gateway node needs access to at least two zones, the SDNP cloud and the last mile.

  SDNP media node: according to instructions from another computer that performs a signaling server or signaling function (including encryption/decryption, scrambling/unscrambled, mixing/splitting, tagging, and generation of SDNP headers and subheaders) Softswitch executable code that processes incoming data packets with a particular identification tag. The SDNP media node is responsible for identifying incoming data packets with a particular tag and forwarding the newly generated data packets to their next destination.

  SDNP Media Server: A computer server that hosts softswitches that perform the functions of SDNP media nodes in dual-channel and tri-channel communication and perform the tasks of SDNP signaling nodes and SDNP name server nodes in single-channel communication.

  SDNP name server: A computer server that hosts a softswitch that performs the functions of an SDNP name server node in tri-channel communication.

  SDNP Name Server Node: Softswitch executable code that maintains a dynamic list of all SDNP devices connected to the SDNP cloud.

  SDNP network: An entire high-security client-to-client communication network including not only SDNP cloud but also last link and last mile communication.

  SDNP node: SDNP communication node including a software-based "soft switch" running on a computer server, or hardware connected to an SDNP network and functioning as an SDNP node, either a media node, a signaling node, or a name server node. device.

  SDNP server: A computer server that comprises either an SDNP media server, an SDNP signaling server, or an SDNP name server and hosts the appropriate softswitch functions to act as an SDNP node.

  SDNP signaling node: Initiating a call or communication between parties and based on caller criteria and a dynamic table of internode propagation delays, all or part of multiple routes for fragmented data transfer. And how to manage incoming and outgoing data packets for SDNP media.

  SDNP Signaling or Signaling Server: A computer server that hosts a softswitch that performs the functions of an SDNP signaling node in dual channel and tri-channel SDNP communications and performs the duties of an SDNP name server node in dual channel communications.

  SDNP tag: Source address, SDNP zip code, or code used to identify an incoming data packet or its subpackets.

  Security operation: The process of modifying a data packet for hiding (or recovering the contents of a hidden packet) with security credential information that depends on the state associated with the zone or state in which the packet was created.

  Security settings or security credential information: Seed generators and key generators use secret algorithms with input conditions such as constantly changing network times to generate and therefore send securely over public or insecure lines. Possible digital values such as seeds and keys.

  Seed: An impersonated digital value generated by inputting a state such as time to a seed generator that generates a seed using a secret algorithm. The seed is used to select an algorithm for scrambling or splitting the data in the packet from the selector. Seeds can be used to securely pass state information over public or unsecured lines.

  Selector: Part of the shared secret and with a seed or key to select a particular algorithm for scrambling, unscrambling, encrypting, decrypting, splitting, or mixing one or more packets. A list or table of scrambling, encryption or splitting algorithms that may be used.

  Shared secret (information): scramble/unscramble as well as seed generator, key generator, zone information, and algorithms used in algorithm shuffle process, stored locally on DMZ server not accessible via SDNP network or internet. , Sensitive information about SDNP node operation, including tables or selectors for encryption/decryption, and mixing/splitting algorithms.

  Single PHY: A communication that transfers related data packets via the only physical media such as fiber optics, Ethernet, WiFi or cellular networks.

  State: A location used to dynamically generate security settings such as seeds and keys, and to select algorithms for specific SDNP operations such as mixing, splitting, scrambling, and encryption. Input such as zone or network time.

  Time: Universal network time used to synchronize communications over the SDNP network.

  Unscrambled: A process used to restore the data segments in a scrambled data packet to their original order or sequence. Unscrambling is the inverse function of scrambling.

  Zone: A network of specific interconnected servers that share common security credential information and shared secrets. The last mile connection includes a zone separate from the SDNP cloud.

Design of secure dynamic network and protocol (SDNP)

(EN) In order to minimize packet delay in real time, ensure a stable call connection, transmit highly reliable voice communication and video streaming, and prevent cyber attack and hacking against packet switched communication. The dynamic network and protocol, ie, SDNP, in which security (hereinafter, also referred to as “secure”) according to (1) is designed based on a plurality of processing principles described below.
-Real-time communication should always use the route with the shortest delay time.
• Unauthorized inspection or sniffing of data packets should hide the source, destination and contents of the packet.
The payload of the data packet should be dynamically re-encrypted (ie decrypted and then re-encrypted) using a separate encryption algorithm without risking being hacked for a reasonable period of time. is there.
Even after being decrypted, the payload of every data packet is still unreadable by dynamically scrambling the combination of multiple conversations, extraneous data, and junk packet fillers. is there.

  Implementations of the above guidelines include various unique methods, features, features and implementations that are included in some or all of the various embodiments described below.

SDNP uses one or more dedicated clouds, including the softswitch functionality of telecommunications companies (ie, communication systems) implemented using proprietary command and control software that is not accessible via the Internet.
All intra-cloud communication is done using dedicated SDNP packet routing within the proprietary cloud based on the SDNP address and dynamic port (ie, proprietary NAT address) rather than the IP address recognized by DNS. SDNP addresses cannot be used or routed through the Internet or outside the SDNP cloud.
The SDNP network frequently identifies all real-time communications and dynamically routes using the path with the shortest latency.
Secure or real-time communication is not routed outside the SDNP cloud or through the Internet, except for cloud-to-cloud and last mile communication, and generally uses single-hop routing with invisible addresses.
The routing data contained in the data packet identifies the routing for a single hop between two devices adjacent to each other and only identifies the SDNP or IP address of the previous and next servers.
• The calling or called party's telephone number or IP address, ie, each source and destination address of the client, is not present in the header of the IP packet or in the encrypted payload.
-Shared secrets related to commands and controls reside in system software installed in a secure DMZ server that is not accessible via the Internet.
SDNP packet communication is a packet and call to three different channels: a "name server" used to identify elements in the SDNP cloud, a "media server" used to route content and data, and Can be done through a "signaling server" used for the command and control of.
-Routing information, along with a key and a numeric seed (if required), is provided to all participating media servers via independent signaling channels prior to calling or communication and separately from the content. The signaling server only provides the media server with the previous and next destinations of packets traversing the network.
Media packets represent only a portion of a conversation, document, text, or file that has been dynamically mixed and remixed with other packets containing fragmented data of different types from other sources Contains fragmented data.
• Special security methods are used to protect First and Last Mile communications, including separating signaling server related communications from media and content related packets.
Packet transmission is content type dependent, audio and real-time video or streaming is based on improved UDP, but packet loss, delay and delay sensitive signaling packets, command and control packets, data files, application files, systems Files and other files use TCP transmission.
• Specific security and authentication methods are used to verify that the device is a real client and not a clone, and to authenticate that the communicating party is the true owner of the device and not an impostor. Be done.

To ensure secure communication with low latency and high QoS in VoIP and real-time applications, a "Secure Dynamic Network And Protocol" or SDNP according to the present disclosure comprises the following components: We use a "dynamic mesh" network according to the invention.
Dynamically adaptable multipaths and mesh routing with minimal delay Dynamic packet scrambling. Dynamic fragmentation using packet splitting, mixing, pursing, and junk bit packet fillers. Signaling, command and control of dynamic network protocol media and content with dynamic intra-node payload encrypted address disguise and need-to-know routing information across network or cloud Multi-channel communication separated from network address-Dynamic feature-specific features and dynamically adaptable real-time communication protocol with contextual routing-Client key management support for client encrypted payload-For high QoS in congested networks Lightweight voice CODEC

  As mentioned above, SDNP communication relies on multi-route or mesh transmission to dynamically route data packets. In SDNP communication according to the present invention, in contrast to single-path packet communication used for Internet OTT and VoIP, the content of a data packet is a coherent packet containing information from a common source or caller. Instead of being transported serially, they are transported in fragmented form. Dynamic mixing and remixing of content sent from multiple sources and callers allows for incomplete combination of junk data filler with data, content, audio, video and files of different data types. Fragments are generated. The advantage of the data fragmentation and communication according to the present disclosure is that even unencrypted and unscrambled data packets are a combination of irrelevant data of different data types, and thus are almost undecipherable. It is impossible.

  By combining the fragmented packet mixing and fragmentation with packet scrambling and dynamic encryption, a hybridized packet of dynamically encrypted, scrambled, fragmented data is generated by that data. Packets that do not have any meaning unreadable or undecipherable to anyone or observer who does not have the shared secret, key, numeric seed, time, and state variables used for packetization, and dynamic repacketization. Becomes

  Further, the fragmented content of each packet and the secret information used to generate it are reassembled into packets with new fragments and new security elements (eg, modified seeds, keys, algorithms, and secrets). It is effective only for less than one second. Thus, the security of SDNP is further enhanced by the limited time it takes for Cyber Pirates to decrypt state-dependent SDNP data packets. This is because cyber pirates have to perform tens of thousands of years' worth of computation (12 times the time required for decryption) in one second.

  The combination of the above methods allows for a much higher level of multidimensional security than that provided by static encryption. Therefore, the secure dynamic networks and protocols according to the present disclosure are also referred to herein as "hyper-secure" networks.

  Device packet scrambling

  In accordance with the present invention, secure communication over a packet switched network relies on several elements of hacking prevention and security assurance, one of which involves scrambling SDNP packets. . Scrambling SDNP packets involves rearranging the arrangement of data segments to make the information unreadable and futile. As shown in FIG. 2A, the non-scrambled data packet 923 is processed by a scrambling operation 924 (Scramble Processing) to generate a scrambled data packet 925. This scrambling operation 924 can use any algorithm, numerical method, or sequencing method. The algorithm may be a static equation, for example a dynamic variable or numerical seed based on a “State” such as the time 920 at which the scrambling was performed, or a Seed Generator 921. May include a numeric seed 929 generated using a state-based algorithm, such as time 920 at which scrambling was performed. For example, if each datum is converted to a monotonically increasing unique number, then all seeds 929 will be unique. Time 920 and seed 929 are used to select and identify a particular algorithm, and also select a particular scrambling operation 924 from the available scrambling methods, ie, scrambling methods list 922 (Scramble Algorithms). Also used for. In the data flow diagram, for convenience of illustration, this packet scrambling operation and sequence is represented schematically or symbolically as a packet scrambling operation 926 (Packet Scrambling).

  FIG. 2B illustrates an unscramble operation 927 (Unscramble Processing), which is the inverse operation of the scramble operation 924. The unscramble operation 927 is descrambled data by reusing the state (time) 920 and the corresponding seed 929 used to generate the scrambled data packet 925, and the descrambled data. , Generate an unscrambled data packet 923. Using the same state (time) 920 that was used for packet scrambling, the unscramble operation 927 selects the same scrambling that was used for scrambling selected from the scrambling method list 922. The method must be used again. Although the term "scramble" is used in the scramble algorithm list 922, this algorithm table identifies and selects the inverse scramble operation required to perform "unscramble". Used for. That is, the scrambling algorithm list 922 includes information necessary for both scrambling and unscrambling the data packet. The scrambled algorithm list 922 may also be referred to as a “scrambled/unscrambled” algorithm list 922, as the two operations include the same steps performed in reverse order. However, for the sake of clarity, this table (list) shall refer only to the function of scrambling and not to the opposite function (unscramble).

  If the scrambling algorithm selected for performing the unscramble operation 927 does not match the algorithm used for packet scrambling, or the seed 929 or state (time) 920 is the time at which the scrambling was performed. Otherwise, the unscramble operation fails to decode 923 the original unscrambled data packet, resulting in packet data loss. In the data flow diagram, for convenience of illustration, the packet unscramble operation and the sequence are indicated schematically or symbolically as a packet unscramble operation 928 (Packet Unscramble).

According to the invention, as long as the scrambling operation is reversible, that is, each step in the data packet is brought to its original proper position by repeating the steps in the reverse order of the original processing. As far as it can be returned, a numerical algorithm is used to perform the scrambling operation. Mathematically, an acceptable scrambling algorithm is reversible. That is, for example, the function F(A) has its inverse function F-1(A) or can be converted into its inverse function as follows.
F-1[F(A)]=A

  This is because the data file, array, string, file, or vector A processed by the function F is then processed using the inverse function F-1 to obtain the original input with the same numbers and arrays. It means that it can be decrypted into A.

  An example of such a reversible operation is the static scrambling algorithm shown in FIG. 2C, which includes a mirroring algorithm and a phase shift algorithm. In the mirroring algorithm, one data segment is swapped (positional swapped) with another data segment so that it is a mirror image around the line of symmetry defined by the mirroring factor or "Mod". In the illustrated Mod-2 Mirroring, two consecutive data segments of the original input data packet 930 are swapped. That is, the positions between the first and second data segments, between the third and fourth data segments, between the fifth and sixth data segments (hereinafter the same), that is, mathematically, the 1.5th and 3rd data segments. The positions of the data segments 1A and 1B are exchanged, and the positions of the data segments 1C and 1D are exchanged, centering on the symmetry line located at the positions of the 5th, 5.5th,..., (1.5+2n). , The positions of the data segments 1E and 1F are exchanged (and so on), which produces a scrambled output data packet 935.

  In Mod-3 Mirroring, the positions of the first and third data segments are exchanged for every three consecutive data segments, and the second packet in the middle of them is replaced with the original position. Not changed Therefore, the positions of the data segments 1A and 1C are exchanged, but the data segment 1B is unchanged from its original position (the middle position in three consecutive data segments). Similarly, the positions of the data segments 1D and 1F are exchanged, but the data segment 1E is unchanged from its original position (the middle position in three consecutive data segments). In this way, the scrambled data packet output 936 is generated. In the Mod-3 mirroring, the symmetry lines of the mirroring are located at the 2nd, 5th, 8th,..., (2+3n)th position.

  In Mod-4 Mirroring, the positions of the first and fourth data segments are exchanged and the positions of the second and third data segments are exchanged for every four consecutive data segments. As a result, a scrambled output data packet 937 is generated from the input data packet 931. Therefore, the position of the data segment 1A is exchanged with the position of the data segment 1D, and the position of the data segment 1B is exchanged with the position of the data segment 1C. In Mod-4 mirroring, the mirroring symmetry line is between the second data segment and the third data segment in four consecutive data segments (for example, between the second data segment and the third data segment). Position between the 6th data segment and the 7th data segment), that is, at the 2.5th, 6.5th,..., (2.5+4n)th position mathematically To do. In Mod-m Mirroring, the m-th data segment of the input data packet 932 is exchanged in position with the first or 0th data segment, and the n-th data segment is (m-n). The position is exchanged with the th data segment, which produces a scrambled output data packet 938.

  FIG. 2C further illustrates another scrambling method called frame shifting. In this frame shift, each data segment is shifted left or right by one frame, two frames, or more frames. For example, in single frame phase shift (1-Frame Phase Shift), each data segment is shifted in position by one frame. Specifically, the position of the first data segment is shifted to the position of the second data segment, the position of the second data segment is shifted to the position of the third data segment, and so on. This produces a scrambled output data packet 940. The position of the last frame of the input data packet 930 (frame 1F in the illustrated example) is shifted to the position of the first data segment 1A.

  In the 2-frame phase shift, the position of the first data segment 1A of the input data packet 930 is shifted by 2 frames to the position of the third data segment 1C, and the position of the fourth data segment 1D is changed. , The position is shifted to the position of the last (sixth) data segment of the scrambled output data packet 941. The second (fifth) last data segment 1E is shifted to the position of the first data segment, and the last (sixth) data segment 1F is shifted to the position of the second data segment. Be shifted. Similarly, in a 4-frame phase shift, each data segment of the input data packet 930 is position shifted by four frames, the first frame 1A is swapped with frame 1E and the frame 1B is The position of the frame 1F is exchanged with that of the frame 1C, and the position of the frame 1C is exchanged with that of the frame 1A (the same applies hereinafter), whereby a scrambled output data packet 942 is generated. In the case of Maximum Phase Shift, the first frame A is swapped in position with the last frame, and the second frame 1B is shifted in position with the first frame (ie the output data packet). 943 becomes the first frame) and the third frame is shifted in position to the position of the second frame (and so on). When a frame is phase shifted beyond the maximum phase, the output data remains unchanged from the input data. In the illustrated example, the shift direction of the phase shift is the right side. In this algorithm, the shift direction of the phase shift may be to the left, but in that case the result will be different.

  The above-described algorithms and similar methods according to this disclosure are referred to herein as static scrambling algorithms. This is because the scrambling operation is performed only once, which transforms the input dataset into a unique output. Furthermore, in the algorithm described above, the decision on how to perform the scrambling does not depend on the value of the data packet. According to the present invention, as shown in FIG. 2D, the parametric scrambling is a scrambling method in which the scrambling method may be based on a value derived from the data contained in the data packet itself. For example, it is selected from a table of Sort#A, Sort#B, etc.). For example, assume that each data segment can be converted to a number based on a calculation of the data contained in that data segment. One possible approach for determining the numerical value of a data segment is to use the decimal or hexadecimal equivalent of the bit data in the data segment. If the data segment contains multiple terms, the numerical equivalent is determined by summing the numbers in the data segment. The data of the data segments are then combined into a single number or "parameter" and then used to select the scrambling method to use.

  In the illustrated example, the unscrambled data packet 930 is parametrized in step 950 into a data table 951 containing a numerical value for each data segment. As shown in the figure, the data segment 1A, which is the 0th frame, has the numerical value “23”, and the data segment 1B, which is the first frame, has the numerical value “125” (the same applies hereinafter). Then, in step 952, a single data packet value for the entire data packet 930 is extracted. In the illustrated example, “1002” of the total value 953 (Sum) indicates a linear sum of all data segment values from the table 951, that is, a sum of parameter values. In step 954, this parameter value (ie, total value 953) is compared to a set of condition tables (ie, software-defined pre-defined conditional execution syntaxes (if-then-else statements)), ie, total value 953. To a number of non-overlapping numeric ranges in table 955 to determine which sort routine to use. In this example, the parameter value “1200” falls within the range of 1000 to 1499, so it is determined that the sort #C (Sort#C) should be used. Once the sort routine is selected, the parameter values are no longer needed. The unscrambled input data 930 is then scrambled in a selected manner in step 956 to produce a scrambled data packet output 959. In the illustrated example, the sort #C summarized in table 957 includes a set of relative movements for each data segment. In this set, the first data segment of the scrambled data packet 959, i.e., the 0th frame, is defined to be shifted (shifted by 3) to the left by 3 frames. The first frame contains a data segment 1B that is unchanged (ie, does not move) from its original position. The second frame includes the data segment 1E, which is shifted leftward by two from the original position. The same applies to the third frame, and the third frame includes the data segment 1F shifted leftward from the original position by two. The fourth frame of the scrambled data packet output 959 contains data segment 1C, which is shifted to the right by two from the original position (that is, moved by +2). The fifth frame includes data segment 1A that is shifted five positions to the right of the original position (ie, moved +5).

  In this way, Sort #C summarized in table 957 causes each data segment to uniquely move to a new position, thereby producing a parametrically determined scrambled data packet 959. When unscrambled scrambled data packets, the same sort method (sort #C) is used and the above process is performed in reverse order. The parameter value 953 of the data packet is not modified by the scrambling operation to ensure that the same algorithm is selected to perform the unscrambled operation. For example, a linear sum of the parameter values for each data segment is used to generate the same number regardless of the order of the numbers.

  The dynamic scrambling method uses the state of the system (eg, time) to identify the conditions under which a data packet was scrambled, thereby allowing the scrambling to be performed when performing an unscramble operation. It is possible to select the same method as when. In the system shown in FIG. 2E, the state is used to generate a fake numeric seed. The camouflage numeric seed is sent to the sending or receiving device of the package and is used to select the scrambling algorithm from the table. Alternatively, the state itself is sent to the sending or receiving device and a hidden digit generator located at the sending or receiving device generates the hidden digit used to select the scrambling/unscrambling algorithm. Used for. In such a configuration shown in FIG. 2E, the state (eg, time) 920 is generated by a hidden number generator 960 (Hidden Number Generator) to generate a hidden number 961 (Hidden Number: HN) and scrambled using the hidden number 861. Used to select a scrambling method from algorithm list 962. An algorithm selected from the scrambling algorithm table 962 using the hidden number 961 is used to transform the unscrambled data packet 930 into a scrambled data packet 964 by a scrambling operation 963 (Scramble). As shown in FIG. 2F, state 920 may be sent directly to hidden digit generator 960 or via seed generator 921.

  The advantage of using hidden numbers, rather than only numeric seeds, in choosing the scrambling algorithm is that the analysis of the data stream means that a repeating set of scrambled data is represented by the corresponding numeric seeds and statistics. It is possible to eliminate the possibility that the scrambling table is reconstructed in a cybercriminal manner by using the positive correlation. The seed is visible in the data stream and may therefore be spy on, but the hidden number generator can generate a hidden number "HN" based on the shared secret. As such, the hidden digit HN is not present in the data stream and is not spy or sniffed. That is, the hidden digit is not transmitted over the network, but is generated locally based on the numeric seed. Since the purpose of the numeric seed is impersonation, this mathematical operation on the hidden digit generator provides an additional layer of security to prevent hackers.

  Once the algorithm is selected, the numeric seed is also used as an input variable in the algorithm of the scrambling operation 963. Using the numeric seed twice in this way can further confuse the analysis by the hacker. This is because the seed does not directly select the algorithm, but works with it to determine the final sequence of scrambled data segments. Similarly, when unscrambling a dynamic scrambled data packet, the seed 929 (or state (time) 920) is used to unscramble the seed 929 (or state (time) 920) from the scrambled communication node, device, or software. Or have to send to the device.

  According to the present invention, the algorithm of the seed generator 921, the hidden number generator 960, and the scrambling algorithm list 962 mean the “shared secret” information stored in the DMZ server (described later), and the transmission of the data packet. Unknown to either the recipient or the recipient The shared secret is pre-configured and is not associated with the transmitted communication data packet, for example, it is set during installation of the code, which undergoes various authentication procedures to ensure leakage protection of the shared secret. . As will be described below, a set of stolen shared secrets limits the shared secrets to "zones" so that hackers cannot access the entire communication network or interfere with real-time communication.

  In addition to any shared secret, in dynamic scrambling, where the scrambling algorithm changes between passages of data packets, a "state"-based seed is needed to scramble or unscramble the data. This state based on the seed will be , Time, communication node number, network identifier, as well as any physical parameter such as GPS location. The algorithm used to generate the seed in the seed generator is part of the shared secret, so the hacker cannot know from which seed the state is based on. The seed is transmitted from one communication node to the next communication node, by embedding itself in the data packet, by transmitting over another channel or path, or by a combination thereof. For example, the state used to generate the seed is initially a random number and then includes a counter that increments by a fixed number each time a data packet passes through the communication node. Each count represents a particular scrambling algorithm.

  In one embodiment of dynamic scrambling, in the first step of scrambling, a random number is generated to select the scrambling method used. This random number is embedded in the header of the data packet, or in a portion of the data packet that is reserved for instruction and control and is not affected by scrambling. When the data packet arrives at the next node, the number embedded in the data packet is read by the communication node and used in software to select the appropriate algorithm to unscramble the input data packet. The number, or "count," is then incremented by 1 or a predetermined integer, and the packet is scrambled according to the algorithm associated with this new number. The new count is then stored in the output data packet, overwriting the previous count. This process is repeated in the next communication node.

  In another embodiment of the counter-based method according to the present disclosure for selecting a scrambling algorithm, a random number is generated to select an initial scrambling algorithm, the random number being identified as a "shared secret". Sent to all communication nodes used to send data packets. A count (e.g. starting from 0) is embedded in the header of the data packet or in the part of the data packet reserved for instruction and control which is not subject to scrambling. The data packet is then sent to the next communication node. When the packet arrives at the next correspondent node, the server reads the number in the count, adds an initial random number to the count, identifies the scrambling algorithm used to scramble the data packet the last time, and packet accordingly. Unscramble. The count is then incremented by 1 or by a predetermined integer, and the count is again in the header of the data packet, or in the portion of the data packet reserved for command and control that is not affected by scrambling. Embedded, overwriting the previous count. The random number that serves as a shared secret is embedded in the communication data packet and is not transmitted. When the data packet arrives at the next communication node, the server adds a random number (shared secret) to the updated count number extracted from the data packet. This new number uniquely identifies the scrambling algorithm used to scramble the incoming packet at the previous communication node. In this way, only meaningless counts can be intercepted by cyber pirates from the unscrambled part of the data packet, but cyber pirates have no idea what that data means.

  Alternatively, hidden numbers are used to inform the state of the packet and the algorithm used to scramble the packet. Hidden numbers combine a state or seed that changes over time with a shared secret, which typically involves a numerical algorithm, and is not transmitted between communicating nodes and is therefore a secret that cannot be sniffed or found by man-in-the-middle attacks or cyber pirates. Used to generate numbers, or "hidden numbers". This hidden number is then used to select the scrambling algorithm used for scrambling. The state or seed has no meaning without knowing the algorithm used to compute the hidden digit, and the shared secret algorithm is stored behind a firewall that is inaccessible over the network or the Internet, thus reducing network traffic. Monitoring does not reveal the pattern. To complicate matters, the position of the seed can represent a shared secret. In one embodiment, the data sniffable number, eg, 274825678225552213, carried by the unscrambled portion of the data packet includes a long number, only a portion of which indicates the seed. For example, if the 3rd to 8th numbers indicate a seed, the actual seed is a part of the number, that is, 48256, instead of the entire number of 274825678252252213. This seed is then combined with a shared secret algorithm to generate a hidden digit. The hidden number is then used to select a scrambling algorithm that changes dynamically through the network.

  Scrambled data packets in SDNP networks are described in Filing date July 20, 2015, "Secure Dynamic Network And Protocol", US Application No. 14/803,869. Further details regarding scrambling of data packets in last mile communication are described in this disclosure.

  As mentioned above, the data traversing the network, despite being scrambled, can be referred to as "plaintext" (Plaintext). This is because the actual data is present in the data packet, that is, the data packet is not ciphertext encrypted. In contrast, in ciphertext, the string containing the original data, with or without scrambling, is converted to a meaningless string using the encryption key, and unless the decryption key is used, It is not restored to its original plain text form. The role of encryption in SDNP-based communication according to this disclosure is further described in the "Packet Encryption" section below.

  As shown in FIG. 3, in order to change the data segment alignment of a data packet during transmission through the network, the packet needs to be “rescrambled”. This packet re-scramble process returns the scrambled data to its unscrambled state before re-scrambling the scrambled data with a new scrambling algorithm. Thus, the term "rescramble" as used herein means to unscramble a data packet and then re-scramble it, typically by another scrambling algorithm or method. This approach avoids the risk of data corruption that can occur due to re-scrambled packages that are already scrambled resulting in the loss of the data segment alignment needed to recover the original data. As shown, scrambled data packet 1008 is “rescrambled” after being first scrambled by packet scrambling operation 926. That is, the scrambled data packet 1008 is first unscrambled by an unscramble operation 928 using a process that is the reverse of the scramble algorithm used to scramble the data, and then by a scramble operation 926. Scrambling operation 926 is used to scramble again using a different scrambling algorithm. The resulting re-scrambled data packet 1009 differs from the previous scrambled data packet 1008. The re-scramble operation 1017 includes successive implementations of unscramble followed by scramble, which is referred to herein as "US Rescrambling" (US is unscrambled). -An abbreviation for unscrambling-scrambling). In order to recover the original data packet 930, the final packet unscramble operation 928 requires performing the inverse process of the algorithm used for the final rescrambling of the data packet.

  According to the present invention, static and dynamic scrambling of data changes unscrambled data into unreadable, meaningless (meaningless) data, and rearranges speech into unrecognizable noise, The text can be rearranged into meaningless ones, the images can be converted into white ones, and the code can be irreversibly scrambled. High security can be provided only by scrambling. And, in the SDNP method according to the present disclosure, scrambling is one element that can provide and secure secure communication (communication with security) that escapes from hacking, cyber attack, cyber piracy, and man-in-the-middle attack. Nothing more than.

  Packet encryption

  According to the invention, secure communication over a packet switched network relies on several factors for hacking prevention and segment reservation, one of which involves SDNP encryption. As mentioned above, encryption derived from the Greek word meaning "hidden", "keep secret", "makes invisible" means that the ordinary information or data commonly referred to as "plain text" is converted into secret information. Represents a means of converting to "cipher text" in an unreadable format that cannot be read unless In modern communications, this secret information typically involves sharing one or more "keys" used to encrypt and decrypt data. The key typically contains an algorithmically generated pseudo-random number. Various documents or texts that discuss the merits and demerits of various encryption technologies such as “Cryptomicon” are currently available, for example, in “Neal Stephenson (C) 1999”, “The Code Book: The Science of Secrecy from Ancient Egypt”. "Quantum Cryptography, by Simon Singh (C) 1999", "Practical Cryptography, by Niels Ferguson (C) 2013", and "Cryptanalysis: A Study of Ciphers and Their Solution, first published in 1939" are available.

  Although cryptography or the concept of cryptography is old and well known to those skilled in the art, the application of cryptography in secure dynamic networks and protocols according to the present disclosure is unique and independent of the cryptography of the client itself. It facilitates both end-to-end encryption and single-hop node-to-node dynamic encryption for the network architecture itself. SDNP communication is designed with the basic lesson that, no matter how complex the cryptography is, enough static encryption files or messages will eventually be destroyed and their information stolen. Has been done. Although this assumption is not accurate in practice, it is not necessary to prove or disprove this assumption. This is because waiting until a particular encryption method fails will result in unacceptable and irreversible damage.

  Instead, SDNP communication is based on the premise that all encrypted files have a limited "storable period". This is because encrypted data is only secured for a finite amount of time, and confidential data is at a given interval, ideally the most time needed to break a cipher on a modern computer. It metaphorically means that it must be dynamically re-encrypted much more often than an accurate estimate. For example, if a cryptographer speculates that a large server farm of cryptographic processing devices can break a given cipher in a year, SDNP communication requires data packets to be sent every 1 second or every 100 milliseconds, that is, a cipher. Re-encrypt at intervals that are orders of magnitude shorter than the best techniques for breaking. Therefore, SDNP encryption is necessarily dynamic or time-varying, and can vary spatially as well, depending on the location of the correspondent node on the packet switched network or map. Thus, the term "re-encryption" or "re-encryption method" refers to recovering a data packet and then re-encrypting it using another encryption algorithm or method.

  For this reason, SDNP encryption involves the repeated and frequent conversion of data from unencrypted plaintext to ciphertext, modifying the information to be unreadable and meaningless. Even if the data encryption of a given packet is miraculously broken, by using the SDNP dynamic encryption method, a completely different encryption key or cipher is used in the next data packet. It takes a whole new effort to break. By limiting the content contained in each individually encrypted data packet, the possibility of damage from unauthorized access can be reduced. This is because the size of the data file contained in the corrupted data packet can be made too small to be meaningful or useful to Cyber Pirates. Furthermore, by combining dynamic encryption with the SDNP scrambling method described above, communication security can be significantly increased. Even in its unencrypted form, the intercepted data file contains only small pieces of data, audio, or video that are scrambled such that the order of the data segments is meaningless and unreadable.

  To avoid security concerns associated with shelf life, SDNP encryption is dynamic and state dependent. As shown in FIG. 4A, an unencrypted data packet containing plaintext 930 (Plaintext) is processed by an encryption operation 1020 (Encryption Process), which results in a ciphertext containing ciphertexts 1024 and 1025 (Ciphertext). An encrypted data packet is generated. For Ciphertext 1024, the plaintext 930 data packet is encrypted as a whole, and data segments 1A-1F are treated as a single data file. On the other hand, for ciphertext 1025, data segments 1A-1F of plaintext 930 are individually encrypted and are not mixed with other data segments. The first plaintext first data segment 1A is the corresponding first ciphertext segment (a long character string beginning with "7$" shown for illustration purposes, including a long character string or number not shown). Encrypted. Similarly, the plaintext second data segment 1B is encrypted into a second ciphertext segment (a long string beginning with "*^" shown for illustration purposes). The characters "7$" and "*^" mean the beginning of meaningless character strings such as symbols, numbers, and alphabets, and indicate the length of specific data in the plain text source or the encrypted character string. It is not limited or implied.

  The encryption operation 1020 (Encryption Process) can use any available algorithm, encryption scheme, or encryption method. Although the encryption algorithm exhibits a static equation, in one embodiment the encryption operation uses a dynamic variable or "state", such as time 920, when performing the encryption. Also, the encryption key generator 1021 is used to generate an encryption key (E key) 1022 that depends on the state such as the time 920 when the encryption was performed. For example, the encryption date and time is used as a numerical seed to generate an E-key that cannot be regenerated if a hacker or the like finds an encryption algorithm. The time 920 or other “state” is also used to select a particular algorithm from the encryption algorithm list 1023 (Encryption Algorithms), which is a list of available encryption algorithms. In the data flow diagram, for convenience of illustration, this packet encryption operation and sequence is represented schematically or symbolically as encryption operation 1026 (Encryption). Throughout this disclosure, secure and encrypted data is also symbolically represented by padlocks. In particular, padlocks with the clock face on the top side are secure transmission mechanisms, eg encrypted files are self-destructed and permanently lost if not received within a certain time interval or by a certain time Indicates that.

  FIG. 4B shows a decryption operation 1031 that is the inverse of the encryption operation 1020. This decryption operation 1031 reuses the state (time or other state) 920 used to generate the ciphertext 1024 (Ciphertext) and cooperates with the decryption key (D key) 1030 generated by the decryption key generator 1021. Works to decrypt, i.e. decrypt the file, producing unencrypted data containing the original plaintext data packet 990 (Plaintext). The decryption operation 1031 (Decryption Process) uses the same state (time) 920 as was used when encrypting the packet and is identical to the one selected from the encryption algorithm list 1023 during encryption. Select and use the encryption algorithm of. Although the term "encryption" is used in the encryption algorithm list 1023, this algorithm table is used to identify and select the operation opposite to the encryption required for performing "decryption". To be done. That is, the encryption algorithm list 1023 includes information necessary for both encryption and decryption of data packets. This table 1023 can also be referred to as the "encryption/decryption" algorithm table 1023, since the two operations include the same steps being performed in the opposite order. However, for the sake of clarity, this table shall refer only to the function of encryption and not to the opposite function (decryption).

  If the encryption algorithm selected for performing the decryption operation 1031 does not match the inverse of the algorithm used for the packet encryption operation 1020, the state (time) 920 matches the time at the time of encryption. If not, or if the D-key 1030 does not have a predetermined numerical relationship with the E-key 1022 used at the time of encryption, the decryption operation 1031 determines that the original unencrypted data 990. Will fail and the packet data will be lost. In the dataflow diagram, for convenience of illustration, this packet decoding operation and sequence is represented schematically or symbolically as decoding operation 1032.

  As mentioned above, knowledge of the use of encryption and decryption keys in encryption and common encryption algorithms, especially symmetric public key encryption, RSA encryption, AES256 encryption, etc., is common to those skilled in the art. Yes, it is known. However, when such a known encryption method is applied to the SDNP communication system according to the present disclosure, hidden information, shared secret, and time-dependent dynamic variables specific to the SDNP communication according to the present disclosure, and States make hacking or cryptanalysis difficult.

  Therefore, even if it is unlikely that Cyber Pirates have the computing power to ultimately break robust encryption methods, Cyber Pirates will not It lacks some information embedded in the SDNP network as a shared secret and must break the cipher in less than a second before it can be modified. Moreover, all data packets traversing the SDNP network according to the present disclosure use different encryption methods that are determined based on unique keys and dynamic states. The combination of missing information, dynamic state, and limited information content contained in any packet makes data that is also stolen from any data packet difficult and unrewardable for Cyber Pirates. .

  The encryption and decryption of data packets in the SDNP network is described in the above-mentioned filing date July 20, 2015, "Secure Dynamic Network And Protocol", US Application No. 14/803,869. It has been described. Further details regarding data packet encryption in last mile communications are described in this disclosure.

  To intercept a whole sentence, video stream, or entire voice conversation and reconstruct a coherent data sequence, a cyber attacker can continuously break and decode thousands of SDNP packets instead of just one. Must. Combining dynamic encryption with the methods for data packet scrambling described above further complicates the difficult task of continuously hacking a series of SDNP packets. As shown in FIG. 5, an encrypted and scrambled data packet 1024 (Ciphertext of Scrambled Data Packet) is generated by a continuous combination of a scramble operation 926 and an encryption operation 1026. First, the plain text data packet 990 (Un-scrambled Plaintext) that has not been scrambled by the scramble operation 926 is converted into a scrambled plain text data packet 1008 (Scrambled Plaintext), and then the scrambled data is encrypted by the encryption operation 1026. Convert to packet cipher text 1024. In order to repeat the encryption of the scrambled package, the operations reverse to the above are performed in the reverse order. First, the decoding operation 1032 decodes the scrambled plain text data packet 1035 (Scrambled Plaintext), and then the unscramble operation 928 restores the unscrambled plain text data packet 990 (Unscrambled Plaintext).

  As shown, scrambling and encryption represent complementary techniques for achieving secure communication. The unencrypted scrambled data across the network is called "plaintext" because the actual data is present in the data packet, i.e. the packet is not ciphertext encrypted. Encrypted data packets, i.e. ciphertexts, are scrambled, which are converted into meaningless strings using encryption keys and cannot be restored to their original plaintext without the corresponding decryption key. Or it contains an unscrambled string. Depending on the algorithm used, the encryption and decryption keys can be the same key, or separate keys mathematically related in a predetermined mathematical relationship. Therefore, scrambling and encryption represent complementary techniques for implementing the secure communication according to the present invention for SDNP communication.

The two methods of scrambling and encryption are combined with each other, except that the order of restoring the original data packet from the encrypted scrambled data packet is the reverse of that of encryption. Even when used, they can be considered as separate. For example, if the data packet 990 is scrambled by the scrambling operation 926 and then encrypted by the encryption operation 1026, the encrypted and scrambled data packet 1024 may be decrypted to restore the original data packet. After decoding by 1032, it is unscrambled by an unscramble operation 928. Mathematically, scrambling operation F scrambles a string of bits or characters into its corresponding scrambled version and unscramble operation F-1 descrambles it as follows: expressed.
F-1[F(A)]=A

  Similarly, the encryption operation G encrypts a series of plain texts into the corresponding cipher texts, and the decryption operation G-1 decrypts the cipher texts.

G-1[G(A)]=A
Therefore,
F-1{G-1[G(F(A))]}=A
It can be expressed as. The operations are performed in the reverse order. Specifically, the encrypted and scrambled packet [G(F(A))] is decrypted [G-1] to obtain a scrambled plane. This is because the text data packet F(A) is restored, and then the original data packet A is restored by the unscramble operation F-1 of the scrambled plain text packet F(A).

Assuming the linear method is used, the order of each operation is reversible. For example, when the data packet is encrypted and then scrambled, the scrambled ciphertext is unscrambled and then combined to restore the original data packet. That is, it is expressed as follows.
G-1{F-1[F(G(A))]}=A

If the order of each operation is changed, the original data packet cannot be restored. That is, if a data packet that has been encrypted and then scrambled is decrypted before being unscrambled, the original data packet cannot be restored. That is, it is expressed as follows.
F-1{G-1[F(G(A))]}≠A

Similarly, if a packet that has been scrambled and then encrypted is unscrambled before being decrypted, the original data packet cannot be restored. That is, it is expressed as follows.
G-1{F-1[G(F(A))]}≠A

  In summary, if a plaintext packet was scrambled before encryption, it must be decrypted before unscrambled. Also, if the plaintext packet was encrypted before scrambling, it must be unscrambled before decryption.

  Although scrambling and encryption may occur in any order, in one embodiment of the SDNP method of the present invention, encryption and decryption occur more frequently than scrambling during network transfer. For this reason, as shown in FIG. 5, encryption should be performed after scrambling and decryption should be performed after unscrambled. For convenience, the combination of the packet scrambling operation 926 and the subsequent encryption operation 1026 is defined as a scrambling/encryption operation 1041 (Scramble & Encrypt). Further, the reverse combination of the decoding operation 1032 and the subsequent packet unscramble operation 928 is defined as the decoding/unscramble operation 1042 (Decrypt & Unscramble). These combined operations are used for static and dynamic SDNP communication according to the present invention.

  One method of increasing security in any implementation using static scrambling encryption is to scramble each data packet with a separate scrambling and/or encryption method (eg, when each data packet enters the communication network). Scrambling and/or encryption (using state, seed, and/or key changes at time t1).

  However, another more robust method involves dynamically changing the encryption and/or scrambling of data packets as they traverse the network. In order to facilitate the data processing required to realize a fully dynamic version of SDNP, each packet passing through each communication node of a packet switched communication network is "rescrambled (ie unscrambled and subsequent scrambled). Encryption) and “re-encryption (ie decryption and subsequent encryption)”, the above-defined processes need to be combined. As used herein, the term "repacket" or "repacketized" refers to whether the packet is decoded prior to unscrambled or unscrambled after decoded. Used to refer to the combination of "rescramble" and "re-encrypt". In either case, the unscramble and decryption operations at a node must be performed in the reverse order of the packet scrambling and encryption at the previous node. That is, if the previous node scrambles the packet and then encrypts it, the current node must decrypt the packet and then unscramble it. Generally, the packet is scrambled and then encrypted when it is output from the current node.

  The "repacketize" operation at the communication node is shown in FIG. Ciphertext data packet 1040 input to the communication node is first decoded by decoding operation 1032 and then unscrambled by unscramble operation 928. This restores the unscrambled plain text data packet 990 (Unscrambled Plaintext (content)) containing the content of the original packet. If any information in the packet needs to be inspected, parsed, split, or redirected, unscrambled plain text files are the perfect format for doing that. The plaintext data packet 990 is then scrambled again by the scramble operation 926 and then encrypted again by the encrypt operation 1026, which produces a new scrambled ciphertext data packet 1043. In the repacketizing operation of the ciphertext data packet 1040 input to the communication node, decryption, unscramble, scramble, and encryption are continuously performed. Therefore, the acronyms are arranged and the technique according to the present invention is used. This is referred to as repacketizing operation 1045 (DUSE Re-Packet). In a dynamic secure network, the state (time), decryption key, and seed used to perform decryption operation 1032 and unscramble operation 928 are used to perform scramble operation 926 and encrypt operation 1026. It is preferably different from the state (time), encryption key and seed used.

  Re-packetization of data packets in SDNP networks is described in the above-mentioned filing date July 20, 2015, "Secure Dynamic Network And Protocol", US Application No. 14/803,869. ing. Further details regarding repacketization of data packets in last mile communications are described in this disclosure.

Packet mixing and fragmentation

  Another key element of the dynamic secure communication network and protocol according to the present disclosure is that the data packet is divided into subpackets and sent to multiple routes, the subpackets are combined and reassembled to reconstruct the complete data packet. It is a function to configure. FIG. 7A shows a process of dividing the data packet 1054 by the division operation 1051 (Splitting (Un-mixing) Process). The division operation 1051 is an operation in which an algorithmic parsing operation 1052 (Parse) is combined with a junk operation 1053 (Junk), and has a function of inserting or removing a non-data “junk” data segment. Similar to junk DNA present in the human genome, junk data segments are inserted by junk operations 1053 to extend or regulate the length of data packets, and are optionally removed. Junk operation 1053 is especially important when the amount of data that fills the packet is insufficient. Also, the presence of junk data segments inserted in the data packet makes it difficult for Cyber Pirates to distinguish real data from noise. As used herein, a "junk" packet or data segment is a packet or data segment that consists solely of meaningless data (bits). By introducing such junk bits into the stream of data packets, the actual data can be buried in a number of meaningless bits.

  The purpose of the parse operation 1052 is to split the data packet 1054 into smaller data packets (eg, subpackets 1055 and 1056) to process each component. By dividing the data packet 1054 into smaller parts, eg supporting multi-path transmission, ie transmitting the data packet through a plurality of separate paths, and subpacket separation using separate encryption methods. It may provide inherent advantages such as facilitating encryption of the.

  Any algorithm, a numerical method, or a parsing method can be used for the division operation. The algorithm may be represented by static equations or dynamic variables or numerical seeds or “states”, eg, time 920 when input data packet 1054 was first formed by a number of subpackets, and seed generator 921. It may include a generated numeric seed 929, which also depends on the state, such as the time 920 when the data packet was generated. For example, if each datum is converted to a unique monotonically increasing number, then each seed 929 will be unique. The time 920 and seed 929 are used to identify the particular algorithm selected from the list of available methods, namely the mixed algorithms 1050 (Mixing Algorithms). The packet splitting operation involves the reverse of the mixing operation and uses an algorithm that is executed in the exact reverse order of the algorithm used to generate the particular packet in the mixing operation. That is, all performed operations can be undone, but not all need to be done in one step. For example, a scrambled and encrypted data packet may be decrypted or kept scrambled. By processing in the split operation 1051, the non-split data packet 1054 is converted into a plurality of data packets, for example, fixed length packets 1055 and 1056. The parsing operation 1052 is used to perform this operation algorithmically. In the data flow diagram, this packet fragmentation operation 1051 including the parsing operation 1052 and the junk operation 1053 is represented schematically or symbolically as a fragmentation operation 1057 for convenience of illustration.

  Thus, the term "fragmentation" as used herein includes parsing that divides a packet into two or more packets or subpackets. Also, the term "split" refers to inserting junk packets or subpackets into "parsed" packets or subpackets, or removing junk packets or subpackets from "parsed" packets or subpackets. including.

  FIG. 7B shows a packet mixing operation 1060 (Mixing Process) which is an operation reverse to the division operation and which mixes a plurality of packets 1055 and 1056 to generate a mixed packet 1054. Similar to the packet splitting operation, this packet mixing operation can use any algorithm, numerical method, or mixing method. The algorithm includes a time 920 that is expressed in a static equation or is used to identify a condition when a dynamic variable or numerical seed or “state”, eg, input data packets 1055 and 1056, was generated. You can The mixing operation used to generate the data packet can use the numeric seed 929 generated by the seed generator 921, which also depends on the state, such as time 920. Time 920 and seed 929 are used to identify the particular mixing algorithm selected from the list of available mixing methods, ie, mixing algorithm 1050. In the dataflow diagram, this packet mix operation 1060 is shown schematically or symbolically as mix operation 1061 for convenience of illustration.

  According to the present invention, packet mixing and packet segmentation can be performed using any of the various possible algorithms. FIG. 8 shows three possible mixing techniques: Concatenation, Interleaved, and Algorithmic. In the concatenation method, the data segment array of the data packet 1056 is added to the end of the data packet 1055 to generate the mixed packet 1054. In the interleaved method, the data segments of data packets 1055 and 1056 are interleaved, ie, interleaved in the order of 1A, 2A, 1B, 2B, to produce a mixed packet 1056. Another method used for packet mixing is the algorithmic method. In the illustrated example, the algorithm includes an alternating mirror symmetry (interleaved mirror symmetry) and arranges the data segments in the first half of the mixed packet 1066 in the order 1A, 2A, 1B, 2B, 1C, 2C. However, in the latter half of the mixed packet 1066, they are arranged in the reverse order of the first half, that is, in the order of 2D, 1D, 2E, 1E, 2F, 1F.

  The application of data packet mixing and fragmentation in SDNP networks is described in US Application No. 14/803,869, entitled "Secure Dynamic Communication Networks and Protocols," referenced above. FIG. 9A summarizes the functions and their corresponding inverse operations, ie, inverse functions, and the dynamic components of the corresponding functions, ie, SDNP functional elements, including the state or time of each function when executed in a data packet. Is. The SDNP function includes a scrambling operation including a packet scrambling operation 926 and its inverse function packet unscramble operation 928, a fragmentation operation including a split operation 1057 and its inverse function mixing operation 1061, junk insertion 1053A and junk removal. Impersonation operations including 1053B and encryption operations including encryption operation 1026 and decryption operation 1032 are included. All of these functions occur uniquely according to a time or state variable 920.

  The application of data packet mixing and fragmentation together with scrambling, unscrambling, encryption, decryption, and impersonation in last mile communications collectively constitute the SDNP last mile security operation. This SDNP last mile security operation is "directional". That is, the operation performed on all outgoing data packets is different than the operation performed on incoming data packets.

  The SDNP last mile security operation is also symmetrical and reversible with respect to the last mile. That is, local security credential information such as keys, seeds, shared secrets, etc., that are unique to a particular last mile are used, and the operations performed on the client device's outbound data packets can be undone at the SDNP gateway. This is generally done by performing inverse functions, ie mathematical inverse or all functional operations originally performed by the client device, in reverse order. As such, the SDNP gateway is enabled to recover the original content in preparation for routing through the SDNP cloud. Similarly, for data packets arriving at the client device through the last mile's zone-specific security credential information, the SDNP last mile security operation performed at the client device causes the SDNP gateway to perform the reverse functions in reverse order. You can undo each security operation performed in. In this way, it is possible for the client device to recover the original data of all incoming data packets.

  The SDNP last mile security operation is dynamic. It then uses state-dependent conditions such as location or time to determine the parameters used at the time the data packet was prepared and the region, geography, or locale specific to a particular last mile. It is localized, ie zone specific. Being localized ensures that the same coding or the same security credential information is not used in preparation for data packets performed on different last mile connections in different regions. Further, these last mile security credential information is always different from the authentication information used in the SDNP cloud. In addition, because it is dynamic, the state used to create the data packets is constantly changing, further obfuscating the actual security process performed on each data packet, and rendering two data packets as well. Disappears.

  Dynamic scrambling, dynamic fragmentation, dynamic impersonation, performed in accordance with the present invention, by applying a unique combination of directional, reversible, dynamic and localized security operations unique to each last mile communication. And the application of dynamic encryption algorithms ensures hyper-secure communication that cannot be achieved by using simple static encryption schemes. By spreading the application of dynamic methods that are valid for only tens of milliseconds, not only is interpretation almost impossible, but hackers can also decipher or interpret a data packet before another packet arrives. I have no time to do it. In fact, SDNP last mile security operations can be performed using software, firmware, hardware, dedicated security ICs, or any combination thereof.

  An example of an SDNP last mile security operation is shown in Figure 9B, especially for serial SDNP payloads used in single route last mile communications, although a myriad of sequence combinations are possible. That is, in this figure, the client device communicates to a single SDNP gateway. This process involves a two-way sequence of operations for outgoing and incoming data packets. As shown in the upper half of the figure, for outgoing data packets, the "data to be transmitted" is first scrambled by the packet scramble operation 926, and then spoofed by the insertion of junk data 1053A. In some cases, composing the entire packet entirely with junk data can further confuse data mining attempts by hackers.

  These packets are then fragmented into fragments by a fragment operation 1057 in which the parse operation 1052 is used and sent individually towards the encryption operation 1026. Each piece is then encrypted using a common or individual encryption key and the resulting ciphertext is placed in a serial SDNP payload shown as data packet 1199A. The packet is then formatted into an IP data packet, or "IP packet ready", in preparation for communication to the last link and last mile. All operations performed are dynamic and occur at a particular state 920A at a particular time or during the execution of a security process.

  As shown in the lower half of the figure, for incoming data packets, the incoming data from the last link containing the serial SDNP payload 1199B, ie the incoming data from "IP packet recognition" is first decrypted in pieces or as a whole. It is decrypted by operation 1032 and then recovered by the mix operation 1061 into the actual data stream. Then, junk is removed from the data packet, ie, junk removal operation 1053B removes junk data from the data packet, followed by packet unscramble operation 928 to recover the “received data”. All operations performed on the incoming data packet must use the state 920B that was used when the data packet was created at the SDNP gateway. That is, it contains information about a particular state or particular state 920B at the time of packet generation. This state information is sent via a separate communication by the signaling server or as a plaintext or static ciphertext in the incoming data packet, ie with a decryption key already known in the SDNP last mile security operation. .. However, the details of state 920B cannot be encrypted using a key that requires the state information contained in state 920B. This will prevent you from opening the code and using your own security credential information.

  FIG. 9C illustrates an example of SDNP last mile security operations for parallel SDNP payloads specifically used in multi-route last mile communications. That is, in this figure, the client device communicates with a plurality of SDNP gateways. Similar to the single route described above, this process involves a two-way sequence of operations for outgoing and incoming data packets. As shown in the upper part of the figure, in the case of an outgoing data packet, the "data to be transmitted" is first scrambled by the packet scramble operation 926 and then the spoofing is performed by the insertion of junk data 1053C. In some cases, composing the entire packet entirely with junk data can further confuse data mining attempts by hackers.

  These packets are then split into multiple subpackets by the split operation 1057 in which the parse operation 1052 is used and sent individually to the encryption operation 1026. Each piece is then encrypted using a common or individual encryption key and the resulting ciphertext is placed in multiple SDNP payloads, shown as data packets 1199C, 1199D, 1199E. The packets are then formatted into separate and distinct IP data packets, or "IP packet ready," in preparation for communication to the last link and last mile. All operations performed are dynamic and occur at a particular state 920C at a particular time or during the execution of a security process.

  As shown in the lower part of the figure, in the case of the incoming data packet, the incoming data from the last link including the parallel SDNP payloads 1199F, 1199G, 1199H, that is, the incoming data from "IP packet recognition" is first read by the decryption operation 1032. It is piecewise decrypted and then recovered by the mix operation 1061 into the actual data stream. Then, junk is removed from the data packet, that is, junk data is removed from the data packet using remove junk operation 1053D, after which the packet unscramble operation 928 recovers the "received data". All operations performed on incoming data packets must use the state 920D that was used when the data packet was created at the SDNP gateway. That is, it contains information about a particular state 920D at a particular time or packet generation. This state information is sent via a separate communication by the signaling server or as a plaintext or static ciphertext in the incoming data packet, ie with a decryption key already known in the SDNP last mile security operation. .

  SDNP last mile security operations need not use the same algorithm or method for both incoming and outgoing data packets. As shown in FIG. 9D, outgoing data packets use SDNP last mile security operation 1190A and incoming data packets use SDNP last mile security operation 1190B. As shown in the top half of the figure, the outgoing data packet contains data representing any combination of real-time data sources from the transducers or sensors, or a file created prior to communication. For example, the sound 1198A converted into an electric signal by the microphone 1180 and the video signal from the camera 1181 are converted into an equivalent digital format by the audio video CODEC 1182A. The formats created generally involve standard formats such as png, pic, mpeg, mov that are interpretable and interoperable with standard devices according to the OSI layer 6 which is the presentation layer. Using the standard audio-video format eliminates the need to send a unique code between the source and destination addresses to open the file.

  The digital output of the audio video CODEC 1182A is then mixed with the text data and data file 1179A from the virtual keyboard 1183 (touch screen implemented keypad) using the content mixer 1184. The mixer then sends the data file to the SDNP last mile security operation 1190A and provides the SDNP header information to the IP packet preparation operation 1191A to identify and label real-time data packets from the static file. The SDNP last mile security operation 1190A then passes the secure data packet to the IP packet preparation operation 1191A, which in turn embeds the SDNP payload in the IP data packet according to the routing instructions received by the SDNP signaling server 1603. .. The data packet is distributed to a plurality of IP packets for multi-route last mile communication, or concatenated into a serial data string and embedded in one or more serial data packets for single route last mile communication. .. These packets are then passed to the client PHY operation 1192A, completing the IP data packet with layer 1 and layer 2 data added.

  In the reverse operation, shown in the lower half of the figure, the incoming data from the last link received by the client PHY 1192B is passed to the IP packet recognition operation 1191B, which causes the incoming data to be a valid message or unknown malicious. Identified as a data packet. Valid messages are identified using the SDNP tag, seed, key, and other identifiers previously communicated by the signaling server 1603 to the client device and IP packet recognition operation 1191B. Anthropomorphically, the IP packet recognition operation 1191B expects and even predicts valid incoming data packets. Without proper identification, unexpected data packets are dropped and cannot be opened or processed further. In this way, a hacker cannot impersonate himself and send valid data to any SDNP node without registering his ID in the SDNP cloud.

  IP packet recognition operation 1191B passes a valid data packet to SDNP last mile security operation 1190B. This will perform all the operations necessary to reconstruct the actual content of the data packet, ie the data containing the continuously coordinated combination of video, audio, text and data files. Content de-mux 1193, which is a demultiplexer undoing the mix operation used in creating the data packet (eg, splitting a serial data file created by mix operation 1184 performed on another caller's phone). Is used to separate various file types. The output of the content de-mux 1193 includes the text displayed in the messenger window 1196, the data file 1179A, and real-time data sent to the audio video CODEC 1182B. Audio video CODEC 1182B converts the digital presentation layer data into live video image 1195 or through speaker 1194 into sound 1198B.

  For the last mile data transfer, the data needs to be embedded or wrapped in a multi-layer structure in a manner similar to the Russian nesting doll of Babushka, as shown in Figure 9E. Therefore, SDNP payload 438 represents transport payload 437. This together with the transport header 436 constitutes the IP payload 435. The combination of IP payload 435 and IP header 434 represents an IP datagram corresponding to MAC payload 432. By wrapping the MAC payload 432 in the MAC header 431 and the MAC footer 433, a MAC “frame” that corresponds to the physical layer 490 and is also called PHY layer 1 content is generated. It is composed of physical media such as electric signals, light, radio waves and microwaves.

  In SDNP routing, the layer 2 MAC header 431 describes the last link MAC connection, ie the connection between the client device and the first device of the last mile link. Using the source and destination addresses of the client device and the SDNP gateway, the layer 3 header 434 specifies the endpoint for routing through the last mile. However, since the last mile is not part of the SDNP cloud, the exact route data packet that takes over the last mile cannot be explicitly specified or controlled. In SDNP last mile communication, the layer 4 transport header 436 specifies that UDP is used for SDNP real-time payload and the ad hoc assigned SDNP port address used in each packet. This address changes dynamically to thwart port scan cyber attack strategies.

  The SDNP payload 438, which is the payload of the last mile IP packet, includes an SDNP preamble 1198 including zone information, a key, and a seed, and an SDNP data field 1199A which is a serial character string of a plurality of independently encrypted ciphertext segments. Is included. The decrypted format of the ciphertext includes plain text files 1197A, 1997B, and 1197C, each containing its own unique SDNP header and corresponding data file data 91, data 92, and data 93. Each sub-header contains information, including tag, zip, address, urgency, and QoS data, as needed.

  The role of the SDNP preamble and header depends on the command and control method used. In three-way last mile communication, the signaling server instructs the client device and the SDNP gateway how to interact with each other to make a call, send a file, or open a session. As such, the instructions are communicated to both devices using command and control data packets in a TCP transfer before the media data packets are sent. Therefore, the minimum data required for last mile communication between the client and the SDNP gateway is the tag or address used to identify the incoming packet. In some cases, for example, if the signaling server is unreachable, in another embodiment, the SDNP data packet carries additional data in its preamble and packet header.

  The data packet shown in FIG. 9F and associated table 1177 show one exemplary format used to carry SDNP information within SDNP payload 438. The data packet includes 1-8 data field headers 1178X having an SDNP preamble 1198 and a corresponding data field "data X field". In each data field such as “Data 1 field” and “Data 2 field”, corresponding headers Hdr 1, Hdr 2 etc. precede, and communiqué content such as audio, text, video, photo, movie, file etc. is transmitted. .. The numerical value of the data field is different from 1 to 8 determined by the 4b long field #, that is, binary 0001 to binary 1111. The length of SDNP preamble 1198 and SDNP payload 438 are affected by the field# specification. If only one field is selected, ie field #=0001 binary, SDNP preamble 1198 contains only L Fld 1 (excluding L Fld 2 to L Fld 8) and SDNP payload 438 contains Only Hdr 1 and Data 1 fields are included. If a maximum of eight fields are selected, ie, field #=1111 binary, SDNP preamble 1198 contains eight length designation L fields 1 through L field 8 and SDNP payload 438 contains eight data fields. The headers are sequentially included as Hdr 1, data 1 field, Hdr 2, data 2 field... Hdr 8, data 8 field. As shown, the SDNP preamble 1198 includes field length specifications L Fld 1, L Fld 2 and L Fld 8. The small gap between L Fld 2 and L Fld 8 represents the continuation of the sequence, not the gap in the data.

  Each data field length specified by L Fld X varies from zero or 0B (null data field) to FFFF or a maximum hexadecimal number of 65,535B. For practical reasons in Ethernet compatibility, it is preferable to limit the maximum data packet length of any one field to 1500B or hex 05DC, and the total length of all data fields is 9000B or hex 2328. Jumbo packet size should not be exceeded. The length specified for each data field may vary individually. For example, in the case of a field length of zero, such as a hexadecimal number of L Fld 8 =0000, the corresponding data 8 field is deleted, but the corresponding header Hdr 8 is not deleted. The header is deleted only by specifying the field #.

  According to this SDNP protocol, the distribution of content across various data fields is very flexible. Data destined for a single destination may be contained in a single data field or may be split into multiple data fields for spoofing purposes and merged with junk data. The size of the data fields may vary. It is also possible to include a data field containing pure junk data, or to generate an entire data packet containing only junk data. However, for efficient packet routing, data targeting different destinations must be split into separate data fields, each with its own header.

  The SDNP packet format is applicable for end-to-end transfer between multiple clouds and zones, such as the SDNP cloud, or across the SDNP network, including last mile communication. The contents of the SDNP data packet change as it passes through the network, but the SDNP packet format does not change. The SDNP data packet format is equally applicable to large payload or time-critical real-time communications because this format contains minimal data overhead. The packet format originates from the cloud in the opposite for bidirectional data flow, ie data flow from last mile to SDNP gateway, and data flow to SDNP cloud, or transfer of last mile to destination client device. Applicable to the delivery of data packets leaving the SDNP gateway.

  In operation, the direction of SDNP data routing is determined by the network layer 3 source and destination addresses described in the IP header 434 of FIG. 9E. Each packet is loaded with the source and destination addresses as the packet is prepared by the media node for transmission to the next media node on the route. In tri-channel communication, the packet's destination SDNP or IP address is delivered from the signaling server to the media node as a command and control (C&C) packet prior to preparation of the outgoing packet. In general, the signaling server can send C&C indications to all nodes in the communication path, including both sending (sender) devices and destination (recipient) devices. If only single channel communication is available, eg a link with a long propagation delay, the signaling server cannot give advance warning to the media node about the incoming packet or its processing. In this case, the routing address is carried in the incoming data packet of SDNP payload 438. In such cases, the media server operates according to default instructions regarding how to process incoming packets using data fields included in the incoming SDNP packet, such as routing, state information, and security credential information.

  The payload 438 is composed of two parts: a readable part containing the preamble 1198 and an unreadable part 1199a containing the data in "hidden format". The content of this packet is concealed by any number of concealment techniques such as encryption, scrambling, and possibly junk data insertion. To extract the available content 1197a, 1997b, and 1197c, the concealment method needs to be undone. These packets contain the destination address of future outgoing packets. The address can exist in unhidden or decrypted format only for a short time before the next packet is prepared and encrypted.

  As described, SDNP preamble 1198 contains information related to the entire packet. Apart from the data field specifications, FIG. 9F shows an SDNP preamble 1198 which also includes the SDNP zone in which the SDNP packet is created (eg zone U1, two numerical seeds, two keys, etc.). These keys and seeds can be used as zone-specific security credential information in the scrambling/unscrambling, junk insertion/removal, mixing/splitting, encryption/decryption processes. The seed and key are command and control packets, or communiqué content, sent as an exclusive means to deliver the security credential information needed to open and read the data fields, or sent from the signaling server to the client device and SDNP gateway. Can be used in combination with a network of computers that are not involved in transmitting media packets.

  Since the seed and key consist only of some of the security credential information and the data lacks the information needed to use them, the seed and key are in a public, unencrypted format. Can be delivered safely. The other part of the missing security credential information is code that is not delivered in advance in a separate data packet or shared algorithm secret, lookup table, over the network, and is not part of the message May be included. A cryptographic key is a symmetric key when both the sender and the recipient hold the key, or only the recipient, the party that generated the cryptographic key, can access the cryptographic key by the public, including the sender. It may be a public key that holds the decryption key. Further, all security credential information is restricted to a particular security zone, such as U1, and is dynamic and restricted to a state that expires if not used within a particular period or specified time. If the seed and key data fields are not used as security credential information, such as when the signaling server issues individual instructions to the SDNP device for security operations, these fields will contain fake numbers that appear as encryption keys. Is entered. This would result in cyber attackers wasting time analyzing the decoy security key.

  In last mile communication, the forwarded data packet is not processed, interpreted or opened at the intermediate router between the client device and the SDNP gateway. This is because they are not part of the SDNP network and have no ability to query or interpret the SDNP packet data contained therein. Instead, all security operations are performed exclusively at the two endpoints, the SDNP client and the SDNP gateway. This is because only these devices operate as SDNP communication nodes. Since the SDNP protocol is dynamically executed at each endpoint, the last mile communication is hypersecure throughout the last mile. If the other caller is also running SDNP software, that caller's last mile is also protected by the SDNP method described above, and hyper-secure communication is guaranteed "end-to-end" between the callers.

  However, if the end device is not an SDNP client, then the router closest to the caller, the last link router, is enabled with SDNP firmware. In this case, SDNP is not enabled, but a special function performed by the SDNP enabled router can reasonably protect the last link. This alternative last link security method is described in more detail in a subsequent section of this disclosure and is not detailed in this section. The method described is applicable to the protection of last link communications, but is insufficient to protect the rest of the last mile.

  As shown in FIG. 9F, each SDNP data field is accompanied by an SDNP data field header 1178X. It contains information that is uniquely applicable to the data field with which it is associated, but is useless in other data fields. Specifically, in the disclosed embodiment, each header is used to identify a data type field that describes the type of data contained within the associated data field, the particular data field and its destination. Destination address fields, field zones used to transfer zone information from one zone to another, urgency, and delivery information. As shown, each SDNP data payload 438 includes one SDNP preamble 1198, and one or more SDNP data field headers 1178x and corresponding data x fields. x indicates the number of individual payloads. This will range from 5 to 50 depending on payload size and urgency.

  Although most of the information described is provided by the signaling server to the SDNP client and SDNP gateway, there is one basic component that is always transmitted in the last mile data packet. This is the "address field" or tag needed to identify the data packet. A field called the destination address of the SDNP payload (abbreviated as "Dest Addr" in the figure) can include a unique identifier that is sufficient to distinguish the ID of one data field from the ID of another data field. Its purpose is similar to the functioning of barcodes used to tag and track packages delivered by parcel or courier at airports. Address types include, for example, numeric tags, SDNP zips, IPv4 or IPv6 addresses, NAT addresses, and even POTS regular telephone numbers so that the identifiers are unique to prevent conflicts in identifying data packets. Good. The size of the destination address field depends on the type of address type selected.

  To maintain the anonymity of the packet during routing, it is recommended to use a confidential code such as SDNP Zip code as the SDNP destination address rather than using the actual phone number or IP address. In operation, each time a data packet arrives at the SDNP gateway from the SDNP client, the SDNP payload is decoded and then a check of each data field header is performed for identification of the destination address. The data header cannot be examined until the data packet has been decoded or processed to revert to the concealment method used when creating the packet. In the case of dual channel or tri-channel communication, as shown in FIG. 9G, the signaling server 1603 notifies the SDNP gateway of the arrival schedule of data packets and the corresponding identification marking and security credential information in advance. Therefore, when the SDNP gateway receives the data packet 438A including the last mile communication transmitted from the SDNP client, the SDNP last mile security operation 1190D is performed by the gateway in order to convert the SDNP payload from the ciphertext to the plain text data packet 438B. Executed. Security operations are the process of modifying outgoing data packets to conceal their content and the process of modifying incoming data packets to reveal their content. Specifically, security operations performed on incoming data packets include decryption to de-encrypt, unscramble to undo scramble, de-junk to remove inserted junk, undo decomposition and mix. , Used to recover content by undoing concealment operations performed prior to transfer. These processes are executed according to the state and zone when the data packet is created. For outgoing data packets, security operations include concealing the contents of the data packet by performing encryption, scrambling, junk insertion, and packet fragmentation according to the state and zone in which the data packet was created before transmission. included. The unencrypted seed and key data fields of data packet 438A can optionally be used with signaling server information to ignore or decrypt the ciphertext. The resulting operation displays a data field 1 and an associated data field header 117D labeled Hdr1 containing the data field's destination address, data type, urgency, and delivery information. In such a case, the destination address is not a routing address, just the SDNP Zip, a tag used to identify the packet, and is part of a particular conversation.

  When a particular data field is found that contains the identified destination field, such as an SDNP Zip code that matches the instructions from the signaling server 1603, the data field is extracted and optionally mixed with other relevant content by the mixer 1184Z to create an SDNP packet. The prepare operation 1191Z rewraps the new IP or SDNP datagram and delivers it to the next destination. A new data packet destined for the cloud includes an SDNP header 434Z containing the destination and data content of the new packet, the SDNP payload 435Z. The destination provided as an IP address or SDNP address from the signaling server 1603 to the gateway media node can include another SDNP server acting as an SDNP cloud node, or can include last mile communication to another SDNP client. . In such tri-channel communication, the destination address is not actually an address but a means to identify the packet and the next destination is already known at the SDNP gateway. If the destination of the packet is SDNP cloud routing, then the data packet is processed by the SDNP cloud security operation 1190Z according to the Z1 security credential information of the cloud rather than the U1 authentication information used in the last mile.

  In the case of single channel communication, as shown in FIG. 9H, (i) there is no signaling server operating in the local network, (ii) the signaling server is temporarily offline, or (iii) the signaling server is busy. Thus, the signaling server does not notify the SDNP gateway prior to the imminent arrival of the data packet and its data field, for any reason that the packet cannot be preemptively routed in time. In such a case, the required security credential information zone U1, seed 1, seed 2, key 1, key 2 are transmitted by the data packet 438A from the SDNP client, and the ciphertext data packet 438A is plain by the SDNP last mile security operation 1190D. It must be converted into a text data packet 438B. The standard SDNP data packet format reserves these data fields even if the contents of the fields are not needed at a particular media node. For example, if the Key 2 field is not used in the particular concealment process used to create the data packet, then the data in that field will be meaningless and will not be used at the destination node. Nevertheless, the format of all SDNP data packets is homogenous because the data packets reserve the same number of bytes in the used or unused fields. Once the ciphertext of data packet 438A is decrypted, the SDNP gateway extracts the content of the data packet data 1 field and the associated Hdr 1 field header 1178D from the plaintext data packet 438B. For this data packet, the IP packet recognition process 1191D causes the Hdr 1 to be sent to the data packet for two reasons, first to confirm that the incoming packet is expected in the tri-channel communication, and secondly to generate a new SDNP address. The A-type and destination address data fields from field header 1178D are combined. This new SDNP address is combined with the D type, urgency and delivery fields and processed by the SDNP packet preparation operation 1191Z to create an SDNP header 434Z in the outgoing data packet. The content of the Data 1 field is also extracted from the incoming plaintext data packet 438B and that content is optionally mixed with 1184Z and other outgoing content to create an outgoing SDNP payload 435Z. The packet is then processed by SDNP cloud security 1190Z in preparation for transfer. In this way, multiple functions are performed in the address field to identify incoming data packets and provide forwarding addresses as needed.

  If a media node receives a data packet without first receiving an instruction from the signaling server, the media node will revert to the default instructions on how to process incoming data packets and prepare outgoing data packets. . If the media node has no instructions on how to handle unannounced incoming packets, the data packet is discarded. If the media node does not enable instructions on how to handle unidentified packets, the media node first confirms that the packet is a valid SDNP packet according to the security credential information and takes action accordingly. To be done. However, if the sender cannot be identified, for example because the encryption code, seed, or source address is invalid, the packet is dropped as a fraud.

  In FIG. 9F, the packet field labeled "Field Zone" indicates the zone in which the particular field was created. That is, whether past encryption or scrambling has been performed, eg, in the U1 or U2 zone settings. For nested security protocols or other nested concealment methods, unscrambling, decrypting, or recovering concealment of data packets requires additional information such as key, seed, time, or state. Will be needed. In this case, the packet fields labeled "Fields Other" can be used to carry field-specific information. Generally, these fields are not used, except for nested security protocols where the encrypted data fields are then scrambled or re-encrypted. Care should be taken when using nested security methods to perform data recovery in exactly the reverse order of data packet preparation. Otherwise, the content will be lost forever.

  Using the packet field labeled "Data Type" facilitates context-specific routing and requires real-time communication from data packets that contain time-sensitive information such as video and live video. No, it can distinguish data, recordings, texts, and computer files, ie, real-time routing and non-real-time routing. Data types include voice, text, real-time video, data, software, and so on.

  The packet fields labeled "urgency" and "delivery" are both used to determine the best way to route the data for a particular data field. Urgency includes categories of snail, normal, priority, and urgent. Delivery typically includes QoS markers that indicate redundant, special, and VIP categories. In one embodiment of the invention, as shown in Table 1177, the binary sizes of the various data fields are selected to minimize the bandwidth required for communication. For example, as shown, a data packet can range from 0 to 200B, and the data field can contain 8 packets of 200B, so an SDNP packet can carry 1600B of data.

  Both FIG. 9G and FIG. 9H show a case where a client device sends a data packet of zone U1 to the gateway node via the last mile. The incoming data packet is then processed by the gateway node and the zone U1 security credential information is used to undo the last mile security and concealment method taken. The gateway node then mixes the contents of the packet with the contents of other packets in the mixing process 1184Z and uses the security credential information in zone Z1 to create a new packet that is bound for transfer through the SDNP cloud.

  The same applies when a data packet from the cloud (including another gateway) is received at the SDNP gateway and sent to the client device, for example when sent from the SDNP cloud to the client's phone (recipient). Process is used. As shown in FIG. 9I, in the case of dual-channel or tri-channel communication, the signaling server 2603 notifies the SDNP gateway in advance of the arrival schedule of data packets from the cloud and the corresponding identification marking and security credential information. Thus, when the data packet 2438A from the SDNP cloud is received at the SDNP gateway, the SDNP cloud security operation 2190D is performed at the gateway to convert the SDNP payload from ciphertext to plaintext data packet 2438B. The unencrypted seed and key data fields of data packet 2438A can optionally be used with signaling server information to ignore or decrypt the ciphertext. The use of the data field depends on the algorithm used in concealing the payload of the packet. For example, if encryption is not used, the field containing the encryption key is ignored.

  Manipulating the result extracts a number of data fields. In a subsequent operation, a content split operation 2184Z splits these data fields and a recognize operation 2191D extracts the specific content including data field 1 and the associated data field header 2117D labeled Hdr1. The header Hdr 1 includes the destination address of the data field, the data type, the urgency, and the delivery information. The extracted data fields are then rewrapped by the SDNP packet preparation operation 1191Z into a new IP or SDNP datagram for delivery to the next destination. The new data packet going to the cloud includes the destination of the new packet (the IP address corresponding to the personal telephone number) and the data content, the SDNP header 2434Z containing the SDNP payload 2435Z. Outgoing packets are processed by the SDNP last mile security operation 2190Z according to the last mile U1 security credential information rather than the Z1 credential used in the cloud.

  If the signaling server is not available, i.e. for single channel communication, the incoming data packet needs to be processed at the media node according to the previously delivered instructions as default instruction. In such cases, the incoming data packet will have the criteria needed to verify that the sender is a valid SDNP client, such as an SDNP Zip code or an authentication code previously delivered as a pre-determined shared secret. Is used. If the packet is determined to be valid, then the packet is processed according to the default instructions. Otherwise, the packet will be dropped.

  The above method is exemplary and not intended to limit the processing and routing of data packets to a particular data packet format.

Security and privacy in communications

  An important consideration in last mile communications is the ability of the network to support both secure and private communications. Although privacy and security are often associated, they are not the same thing. The term security used in communications is considered "a discipline to prevent unauthorized access to communications data in a recognizable format." However, security does not apply where individuals or institutions have the right to access or monitor communications. Privacy is defined as "a condition or condition that cannot be observed or disturbed by others and is not in the public's attention". In legal terms, privacy is defined as the right of an individual to control access to their personal information.

  In communications, individual privacy rights in voice calls, video, text, email, personal messaging, etc., vary widely from country to country. The role of complying with applicable government regulations in providing access to communications in a legally valid manner is described in subsequent sections. This aside, in an ideal network and communication system, it prevents communication hacking, that is, it is completely secure, and ensures that all communication is restricted to those who have the right to know, that is, it is private. There is a need.

The last mile of the network and the connected devices should be carefully considered when assessing the privacy and security features of the network. In many cases, the security credential information used to establish information access controls the security and privacy of the network at the last mile and the connected device. That is, the last mile is the most vulnerable part. It is necessary to consider the following four possible combinations in the communication network.
-Secure and private network. From an individual point of view, this represents ideal network performance, ensuring both information security and personal privacy. Extremely speaking, a truly secure private network is about the interception of meaningful communications by individuals, governments, institutions, or companies, as well as their actions, actions, contacts and peers, personal preferences, activities, etc. It means that private data cannot be obtained. Advocates of privacy see the ideal secure private network as a gold standard for confidential communications, but governments, security organizations, and businesses have problems with absolute autonomy of communications, which can lead to personal Will be able to engage in criminal acts and terrorism in a completely confidential and safe manner.
-A non-secure network that lacks privacy. Networks that are not secure and have no privacy provisions (such as today's Internet OTT operators) pose a significant risk to individuals, groups, clubs, businesses, or governments using communication channels. Cyberhackers have easy access to calls and data, so a malicious person could use this information for any purpose. Junkies and spammers can hijack unsecured communication channels to cause havoc, flood the network with spam, launch denial of service attacks, or deploy harmful mischief. Idelogues, political activists, and religious cults can use non-secure communication channels to leak sensitive information for the purpose of facilitating political change, declining government officials, inciting riots, and overthrowing governments (several hundred thousand cases). WikiLeaks has published government confidential documents that range from WikiLeaks to the international storm of fame, the famous fiction movie "Fifth Estate/The Man Targeted by the World" (DreamWorks(c ) 2013)). Financially motivated organized crime and Mafia cybercriminals focus attacks on monetary crimes, such as theft, diversion, fraud, identity theft, money laundering, robbery, extortion and other felony. Persons involved in extortion and intimidation, such as drug cartels, gangs, and terrorists, may monitor non-secure communications to plan and carry out violent crimes such as assault, kidnapping, murder, bombing, or acts of terrorism. As a goal, the location, movement and behavior of competitors, enemies and target victims can be tracked. Finally, in the case of personal cyberattacks, the use of non-secure communications can compromise databases containing personal information such as social security numbers, passports, banking information, credit card information, medical records and other personally sensitive information Can be hacked into.
-Secure network lacking privacy. As an example of a secure network that lacks privacy, an IT manager or security department monitors all corporate communications to ensure that no inappropriate or illegal communications occur on the corporate network. Companies accounts with rights and privileges. Although networks are protected from hackers and cybercriminals, communications on these networks are not private and involve unauthorized personal use of corporate communications infrastructure, corporate espionage, nondisclosure agreements, and unauthorized disclosure of intellectual property ( To detect fraudulent acts such as IP leaks, sexual harassment, regulation FD (reg. FD) violations, insider trading, FCPA (Federal Foreign Corrupt Practices Act) violations, corruption, bribery, fraud, financial reporting violations, securities violations, etc. In some cases, it may be monitored by an authorized entity. In the case of corporate communications, the company informs the individual joining the company that their communications are not private and that corporate telephones, emails, texts, personal messaging, SMS and other communiqués may be monitored. To do. Regardless of whether it is a civil or criminal case, such communiqué may be filed as evidence in a court of law, even if personal information is mixed in with corporate information, if legal proceedings occur. In essence, when a company employee uses the company's communications, devices, and networks for personal use, all information (except under the law of attorneys and clients) becomes the target of attack. It is no longer considered private. For this and other reasons, using a mix of business and personal messengers, such as Line and KakaoTalk, does not allow employees to exercise privacy rights to prevent text chats, photos, and file inspections. This is a particular problem.
-Semi-private non-secure network. A semi-private non-secure network means that even if the network that transmits data may be hacked due to eavesdropping, private transactions can be carried out regardless of lack of security if certain conditions are met. A network that can be run confidentially. In this case, privacy is established by verifying the originator's identity by various means using a shared secret that hackers cannot discover even if they intercept the call. A common example of private, non-secure communication is voice banking. For example, "The restaurant you ate at last night paid for by credit card. In what city did you eat?" or "I receive regular bills from the winery. Which winery?" The caller's ID is confirmed by constantly changing the question for which the fraudster has a low probability of knowing the answer and asking the caller. Another example of the question is, "What is the last name of your favorite teacher at elementary school?" In order for these ID verification methods to work well, either the bank has access to non-public information (such as a credit card statement), or the bank and its clients use electronic means when the client opens an account. It is necessary to establish a shared secret face-to-face rather than physically. Once the originator's identity is verified, the client can instruct the agency to perform a particular operation, which does not benefit the cyber criminal. For example, the caller may issue an instruction such as "move $10,000 from savings account to checking account". However, if the remittance is sent to another bank, more rigorous verification is needed to ensure the privacy of the client. In any case, ensuring privacy, whether electronic or auditory, depends on the condition that communications do not expose shared secrets. If this condition is not met, all privacy is lost and your account may be at risk. Therefore, the authenticated communication on the non-secure line refers to semi-private, which means conditional privacy. Another example or semi-private communication over a non-secure network is a security token, ie one issued by a bank and executed utilizing a device owned exclusively by the client. The pseudo-random number generated by the device is communicated to the bank representative, who verifies that the number matches the bank's authorized number. Since the number is more than eight digits, it is very unlikely that the correct code will be guessed in the first attempt. If the wrong token number is provided, the call will be terminated, the account will be frozen, and the fraud department will be alerted to investigate. In this case, the importance of ensuring privacy in a non-secure network depends on the ability to communicate sensitive information such as account numbers, PINs, credit card information without verbal disclosure. That is, the communication is semi-private.

  ID verification and AAA

The concept of security and privacy relies on accurate and reliable identity verification, ie the originator is who he claims to be. ID verification, which is also called “authentication”, is important in effectively using data and communication and preventing illegal or unauthorized access. Reliable ID verification is important in national security, law enforcement, intellectual property ownership, corporate and individual rights. Examples of the importance of ID verification include the following.
・In national security, it is important to verify the ID of the sender to track the IDs of criminals, espionage, terrorists, drug traffickers, and persons who attempt to leak state secrets or threaten national security. Becomes This is equally important in identifying individuals who are allowed to access, read, or send confidential, confidential, or top-secret communiqués, data, or files.
-For law enforcement agencies, the identity verification of the sender is required to identify individuals or organizations involved in criminal acts such as robbery, arson, drug trafficking, smuggling, prostitution and human trafficking, robbery, intimidation and other felony charges. It is important to do it. To identify individuals who have been certified by a law enforcement agency, such as police officers, firefighters, paramedics, park rangers, aviation police officers, TSA and airport guards, harbor officials, customs officers, and coast guard personnel. Is just as important.
-For intellectual property owners, such as movie studios, to identify individuals, organizations, and entities involved in copyright infringement or unauthorized distribution of copyrighted material such as music, movies, books, and videos. In addition, it is important to verify the sender's ID. This is equally important in confirming valid and lawful distribution of intellectual property and copyrighted material.
For businesses, individuals who track the intentional or accidental disclosure of material nonpublic information, engage in commercial espionage or illegal disclosure of intellectual property, and other crimes such as fraud or personal use of corporate communications. It is important to perform employee ID verification in order to identify individuals who commit This is just as important in identifying the ID of the person who can use the confidential information of the company and the type of specific data that can be accessed. For example, there should be no system that allows a company's engineering department to access the marketing department's personnel records in order to see the salaries of marketing department staff.
-For individuals, it is important to perform ID verification in order to guarantee the "privacy" of the sender by confirming that the communication partner is not a fraudster.

  Therefore, the role of ID verification is to confirm the ID of an individual, that is, to authenticate that the person is who he claims to be, identify and block the person who falsifies the ID, and finally suppress it. The first "A" in the "triple A security model" or "AAA" representing "Authentication, Authorization, Administration" indicates authentication. Numerous methods such as PIN codes, passwords, fingerprints, tokens, and query response methods can be used to verify the identity of an individual and verify that an account exists on the system.

  Once authenticated, the valid user's ID is used to determine access rights and privileges to communiqués, data, files, systems, etc. Such privileges and access rights are collectively referred to as "authorization" of the user granted by the system. That is, only authorized users can access authorized communications, data, files, and system functions. Therefore, authorization is synonymous with “privilege” or “access right”.

  The third “A” of AAA represents “Administration”. Management refers to recording authorized access to networks and files, and monitoring and reporting attempts for unauthorized access to networks, files and systems, such as for pay-per-use management. Management is also important in tracking changes in security credential information, PINs, passwords, etc. required for authentication operations.

  The ability of the network to perform AAA verification is paramount in ensuring privacy and preventing unauthorized use of the network by unauthorized users and network operators. All networks that cannot confirm the user's ID may be illegally used for illegal operations. Since there is no means for verifying the sender ID in OTT communication, unauthorized use of the network by unauthorized users poses an unavoidable problem. Unauthorized access by unidentified users and network communication, or anonymity, is a significant risk in modern communication.

  Anonymity

  The principle of anonymity in communication is to intentionally hide the sender's ID for the purpose of communicating without traceability. A public phone is a symbolic example of anonymous communication. Public phone payments are untraceable cash, public phone numbers are public, and anyone can use the phone. That is, the caller's ID is unknown in the public telephone, and there is no means for confirming that the caller is who he claims to be. There is no way to identify the caller's ID (unless using advanced voice recognition software) because the phone number is not in the phone book and the person does not own the number. For registered devices such as mobile phones, the device number's ID can be tracked from the phone number, but the calling party's ID can still be hidden. For example, using a stolen phone or a pay-as-you-go SIM card makes it possible to hide the caller's actual ID. Alternatively, connecting a notebook, tablet, or mobile phone to WiFi at a public cafe provides the same anonymity as a public phone or telephone booth.

  Some OTT operators operate the VoIP telephone service as a pay telephone without verifying the subscriber's ID. For example, CNN Money's recent online report (http://money.cnn.com/2015/11/17/technology/isis-telegram/) states, “An application called “Telegram” is new among jihadists. It is very popular with.” According to a survey, Islamic terrorists and others who secretly planned the Paris terrorist incident used the Telegram app as a means of contact. "Telegram founder knew Isis was using the app to communicate before Paris attacks (Telegram founder knew that ISIS was using an app before the Paris terrorist attack)" (http://www. independent.co.uk/life-style/gadgets-and-tech/news/telegram-knew-isis-communicate-paris-pavel-durov-a6742126.html) is the founder of Telegram, Pavel Durov. (Pavel Durov) said, "The right to privacy is more important than the fear of a bad situation like terrorism occurring."

  Another news case where privacy and anonymity were used in criminal activity is BitTorrent. It is a popular application and data network for illegally downloading or sharing copyrighted material. Article published in CNN Money "50,000 BitTorrent users sued for alleged illegal downloads" (http://money.cnn.com/2011/06/10/technology/bittorrent_lawsuits) According to /), under the new anti-piracy law, users of the app are being accused of illegally downloading copyrighted works such as "The Hurt Locker." The network operator BitTorrent takes the public telephone position that it is not responsible for actions taken by network users for personal activities. Freedom advocates support this stance, but law enforcement agencies, governments, national security agencies, and intellectual property advocates violently dislike it as reckless and irresponsible. There is. Regardless of the political side of the matter, the debate about stopping anonymous calls is purely academic, unless caller verification can be performed on the communication system.

  For companies and business entities, intellectual property, development technology, product evaluation, manufacturing know-how, confidential financial reports and financial forecasts, business conditions, sales forecasts, inventory and work in progress, quality audits, transactions and intellectual property contracts, customer lists, Caller verification and authentication are especially important in controlling access to sensitive business data such as employee records and other trade secrets. In accessing corporate communications, the access rights granted to employees, contractors, or executives depend on identification verification. In a conference call including a call with an investor, ID verification is important in order to confirm the IDs of participants in the call and to confirm that a person who does not need to know is not listening.

  Ironically, caller verification can be used to deter criminals and corporate espionage, but the same identity verification also helps ensure the privacy of the caller. If both parties of the call or text chat confirm their identities through some defined authentication procedure, the scammer will be unable to access the call or its data, thus protecting the call from attacks.

  Finally, in order to distinguish anonymous callers in anonymous calls, it is necessary to make a distinction. Anonymous callers are individuals who impersonate their true identity on the network with which they are communicating. However, in an anonymous call, the caller's ID is not anonymous on the network, but the caller's ID during communication is simply obfuscated in the call data packet. An SDNP network registered account holder can make calls or send data using anonymous data transfer, even if the ID and phone number are known in the network, in accordance with this disclosure. In this way, law-abiding citizens can communicate anonymously without hiding their identities from SDNP network operators. If the caller is engaged in a normal private call, entertainment, or business, the SDNP call is private and secure, even though the network knows the ID stored in the SDNP name server database.

  An example of the need for legitimate anonymous calls is global gaming, where it is important to protect gamer identities, especially children's identities. Another example where anonymity can bring benefits is vehicle-to-vehicle (V2V) communication. If you can identify the personal data of the driver who made the traffic worse, you could be the target of retaliation for other drivers who are furious, but maintaining anonymity eliminates these risks. In contrast, if the originator is involved in a crime or other malicious communication, law enforcement officials have access (according to applicable law) to call and data transmission. In this way, network operators can meet the requirements of court orders and subpoenas without disclosing the ID and call content of law-abiding citizens.

  In summary, using the disclosed SDNP communication method, only identifiable SDNP subscribers can make anonymous calls. Unidentified callers cannot access the SDNP network or make anonymous calls.

  National security and privacy

  The nature of secure and private communications is further confused by the role of government and the law. Every country claims sovereignty to control domestic communications. However, with the advent of the Internet and dynamically routed packet-switched data networks, technical and legal issues have been piled up for network monitoring. One of the concerns is the issue of monitoring traffic that "flows" through the network between servers. In other words, data packets pass between countries without stopping. Since the Internet traffic is dynamically routed, the network operator cannot know what kind of data packet is being transmitted by the server network. Of course, any country can try to intercept and decode this large amount of bulk data, but because it's encrypted, especially in real-time surveillance, access it if you don't know the encryption key. Is difficult. Also, because the originator may not be resident in the country, a particular country may not have jurisdiction to request a subpoena or request the cryptographic key used to make the call. The data flowing through the network in this way is similar to the radio traffic that travels through the Earth's atmosphere. Even if the radio waves pass overhead, there is no practical way to stop them. Similarly, there is no practical way to stop the data traffic flowing through the network other than completely isolating the country's infrastructure from the Internet.

  A more practical solution for managing communications is to focus monitoring on last mile communications. That is, it intercepts and monitors calls and call data whose sources and destinations are domestic. This approach involves (i) small-scale data, ie, easy to analyze, as compared to interception of large amounts of data traffic, (ii) the laws of the country in which the last mile operator or network operator is located. An electronic “registration” on the device of the caller as a condition to connect to the last mile network, which can summon the last mile carrier or network operator for the submission of the subject (iii) encryption key Can force information about the caller to be abandoned, and (v) network address, GPS data, or radio signal triangulation can be used to locate devices connected to the network. There are some advantages.

Unlike the legal and technical challenges of enforcing regulation of data flowing through the network, applying the law to last mile communications and call termination is entirely the right of the country in which the last mile network operator is located. Depending on national privacy legislation, national governments can claim the level of access required for last mile communications. This includes the following combinations:
• You have no right to monitor any data or calls unless a subpoena is issued by the court on good grounds. The right to covertly monitor calls or data communications by court order.
The right to monitor the metadata of any call without a court order.
The right to monitor all calls and data communications without a court order.
The right to intercept and monitor communications, and block any or all communications as needed.

  For example, various governments, such as the United States, have taken the position to reserve the right to monitor "metadata" of calls without a court order. The metadata includes data packet information about the caller and callee, the duration of the call, where the caller was at the time of the call, etc. without having to access the actual call data itself. Can be obtained. Essentially, the metadata consists of the data header of the IP packet, but not the payload. In contrast, monitoring call and data communication requires access to the payload itself, as well as header data. If the payload may be encrypted, the government may require the network operator to provide the master encryption key, if one exists. One issue raised by privacy defenders is the abuse of government power. In particular, if the network relies on a single set of master encryption keys, the provision of that key to the government in response to a court order allows the government to actually monitor certain individuals. The fact is that the government will be able to monitor everyone's calls, even if the court order is restricted to individuals or groups. In this issue, it is sometimes pointed out that "Who controls the police?"

  Another consideration concerns the privacy rights of individuals making international calls. In such cases, the caller should be aware that the laws relating to government access depend on the location of both callers, ie where the two last mile networks occur. Calls from the US to China are subject to US law for US callers and Chinese law for the other Chinese callers. In these circumstances, one government may have greater call access than the other. As a result, callers in countries that have full privacy rights may think that the government of the other country has violated their privacy, but because they are making calls to that country, the legal basis for complaining. Does not exist.

  In the case of communications using previously disclosed dynamic communication networks and protocols, it flows in hyper-secure cloud communication of fragmented and scrambled dynamically encrypted data packets that are transferred anonymously through the SDNP network. Data interception is virtually impossible. As such, the privacy and security of hypersecured calls is determined by the device and last mile communication. Adapting the SDNP method described above to last mile communication may allow the realization of last mile with hyper secure communication and high integrity privacy as disclosed herein.

  In addition, it discloses a mechanism for adjusting the security and privacy settings of the SDNP network to comply with local laws applicable to last mile communications in each country. These methods include safeguards that allow authorized security authorities to monitor communications in accordance with legal and court measures without exposing call data to hackers and cyber criminals. Therefore, the hyper secure last mile communication disclosed in the present specification does not adopt the use of a "back door" which is vulnerable to a cyber attack.

Method and apparatus for hyper secure last mile communication

  To ensure end-to-end hypersecurity, the application of the above method for routing fragmented, scrambled and encrypted anonymous data packets in the SDNP cloud is likewise adapted for communication in the last mile. There is a need. Since the data may be carried in a network that is not hosted by the SDNP operator, packet routing may include traditional IP packet routing, and the inherent security of the last mile network is Securing last-mile communications is particularly problematic because it may have been unknowingly compromised by a cybercriminal who may have colluded with.

In the present invention, last mile communication necessarily entails the transfer of IP datagrams outside the data cloud network that use a different packet format than the data packets in the SDNP cloud. As shown in FIG. 10, an SDNP cloud (schematically shown as SDNP nodes M _0,0 to M _0,f for soft switches) configured with servers 1201 allows exemplary data packets 1222B, 1222C, and 1222F. The SDNP datagram denoted as is used to transfer VoIP, video, text, and data. SDNP datagrams include SDNP Layer 3 source and destination addresses rather than Internet IP addresses. An SDNP address differs from an IP address in that it is recognized only by the SDNP name server or another server performing the function of the SDNP name server, not the DNS name server on the Internet.

As described in the above-referenced US application Ser. No. 14/803,869, SDNP packets dynamically change as they traverse the network, with updated routing addresses and shared secrets and dynamic "states" (time). Etc.) the payload is always changing according to. For example, the data packet 1222B sent by node M _0,0 consists of a Layer 3 SDNP datagram B containing a unique SDNP address and a uniquely encrypted payload. The data packet 1222C output from the downstream node M _0,1 consists of a Layer 3 SDNP datagram C containing a different SDNP address and re-encrypted payload. After tens of milliseconds, the same payload arrives at node M _0,f . This processes the data and forwards the data packet 1223G containing the IP datagram G to the last mile.

  Since the changes are performed according to the defined states, the original packet data can be restored by performing a series of inverse functional operations that are performed in the reverse order of the order in which they were performed. For example, an SDNP functional sequence consisting of scrambling, junk insertion (impersonation), and encryption procedures calls the same state used to perform the function to perform the corresponding inverse function: It can be undone in the reverse order by decoding, junk removal, and unscrambling. The state data of a packet is either embedded in the payload of the packet or transmitted before the packet and transmitted as time, seed or key. Data transfer and processing within the SDNP cloud is done using the SDNP cloud's unique shared secret and security credential information. Media nodes that share a common set of shared secrets and security credential information are sometimes referred to as security "zones." The zone used for the security credential information that operates in the SDNP cloud cannot be disclosed in the communication of the user outside the SDNP cloud. Therefore, all last mile communication needs to include an SDNP security zone different from the SDNP cloud.

In the example shown, the servers 1201A and 1201F hosting the corresponding nodes _0,0 and M0 _,f operate as SDNP gateways. That is, it communicates with devices outside the SDNP cloud and other SDNP nodes in the cloud. Communication from these gateways to communication devices outside the cloud represents "last mile" communication. Therefore, it is necessary for the gateway node to understand the zone security credential information of both the SDNP cloud and the connected last mile network, and to function as a translator during packet routing. Meaningfully, the term last mile is an abstraction that means communication outside the SDNP cloud and does not specifically refer to a mile distance. Instead, the term last mile includes the client device and the SDNP cloud regardless of whether the client device is acting as an SDNP client, that is, running SDNP application software or firmware, and regardless of its distance. Inter-communication is included.

  Also, the term last mile applies to both the client device where the call is initiated and the client device that is called. The literal distinction between "first mile" and "last mile" is arbitrary because the caller's data literally represents the "first mile" of the call rather than the "last mile" of the call. Specifically, in a double conversion or IP communication "session", the device receiving the call responds to the call or session request by necessarily sending a response to the caller. Therefore, in two-way communication, the first mile connection always acts as the last mile of the response data path. In essence, the originator's first mile is at the same time the response's last mile. As such, the term “last mile” as defined throughout this application shall mean both first mile and last mile, regardless of which device the call or call session was initiated from.

  Communication from outside the SDNP cloud to any device other than an SDNP client is necessarily performed using IP datagrams rather than SDNP datagrams. As an example, as shown in FIG. 10, the data packet 1223A is composed of “IP datagram A” constructed using the SDNP payload with the IP address rather than the SDNP address. Similarly, IP datagram G is composed of data packets 1223G containing SDNP payloads routed using IP addresses. The source IP address and the destination IP address represent IPv4 or IPv6 addresses that can be recognized by the routing destination network. The IP address may include an Internet address recognized by a DNS server on the Internet, or may include a NAT address used for routing the entire local network defined by a local network service provider.

  The hardware and firmware used in last mile communications can vary widely, which can include telephone lines, fiber communications, cable television networks, 3G and 4G wireless networks, microwave towers, and satellites. Therefore, the analysis of last mile communication needs to consider various layer 1 physical networks and the corresponding layer 2 data link formats adopted. For example, formats include analog (POTS), Ethernet, WiFi, 3G, 4G/LTE, and DOCSIS3. The security and privacy features corresponding to each last mile implementation are discussed on a case by case basis in the following section on SDNP "callout" communications.

  SDNP callout over non-secure line

  In jargon, all calls that leave a defined network and are transferred through another (and generally different) network are commonly referred to as "callouts." The term means that data or voice leaves one network and is transferred on another network. For example, communication between clients running a Skype application is commonly referred to as a Skype call, but a phone call from a Skype client to a regular phone number or a mobile phone number is called a Skype callout feature or a “Skypeout” call. be called. In general, callouts to ordinary phones incur additional costs, either as subscription fees or as pay-as-you-go.

  In the context of this document, communication from an SDNP client to any device other than an SDNP client over a non-secure Lastmile connection is referred to herein by the defined term "SDNP callout." FIG. 11 is a schematic representation of two examples of SDNP callout routing to the non-secure last mile. In the example at the top, communication is performed using analog signals to analog devices such as phones and payphones 6A. In such cases, the SDNP gateway must include a digital to analog converter. Otherwise, a modem or translation device may be added to the gateway. Information is transmitted by analog signals 1221 rather than data packets. Although analog telephone signals are efficient for voice transmission, they are not well suited for high speed data communications.

  In the example below, SDNP callouts are made over a digital network to digital devices that are not enabled as SDNP clients, ie, SDNP software or firmware (such as mobile phone 32). .. In such a case, the IP packet format is generally used according to the Internet Protocol, i.e., consistent with the 7-layer OSI model, and the data packet 1223 is used to carry the call or data. An IP datagram includes an IP address or NAT address in its source address field and destination address field, and IP data or VoIP data as a payload. The digital path may include digital data in various formats such as Ethernet (registered trademark), WiFi, and 4G/LTE that are different depending on the last mile connection.

  In both exemplary schematics, last-mile communication data is carried outside the SDNP network over non-secure communication channels or networks, making calls insecure and subject to hacking, spying, eavesdropping, and other cyber attacks. .. As explained in the background of this application, twisted pair copper wire, coaxial cable, fiber, Ethernet (registered trademark), WiFi, cellular, satellite, etc., regardless of their type, end up with a special security method such as encryption. Last mile insecure lines and connections are inherently insecure unless inserted into a two-end data path. Therefore, the security of the most secure data cloud or VPN is compromised due to the most vulnerable part (last mile in this example). Even with a single, well-defined electrical, microwave, or radio connection, encryption does not guarantee security. In addition to lack of security, the example schematic does not include any mechanism for identity verification. Last Mile has no guarantee of privacy as it cannot be authenticated. The exemplary schematic thus represents a non-secure last mile network where the privacy of the caller is not guaranteed.

  In FIG. 12, a SDNP call without guarantee of privacy is made from the SDNP gateway 1201A to the non-secure last mile by connecting to the public switched telephone network or the PSTN gateway 1A via the wired or fiber link 24 hosted by the digital network service provider NSP. Out is executed. The PSTN gateway 1A is then routed via the analog communication connection 4 to the conventional telephone system POTS switch 3. Then, a conventional telephone call is made from the POTS switch 3 to the home telephone 6, the cordless telephone system 5, or the public telephone 6A via the twisted pair line 7. The entire last mile is non-private and non-secure. The communication of data packet 1222A containing SDNP datagram A uses SDNP addressing and SDNP payload within the SDNP network, but loses the hypersecurity benefits when the data enters the last mile. For example, a data packet 1223B containing an IP datagram B transmitted by a wired or fiber link 24 hosted in an NSP network uses conventional IP addressing as recognized by Internet DNS servers, which may be Cyber Pirates. Includes conventional IP payloads that can be sniffed by. The analog lines 4 and 7 are similarly vulnerable because a simple analog voice signal is transmitted as the analog call data 1221. Although SDNP gateways can support non-secure non-private callouts, connecting SDNP protected calls to non-secure last mile networks with no privacy provisions is not recommended.

  The use of identity verification can slightly improve the non-secure last mile implementation described above. FIG. 13 schematically shows an example of SDNP call routing to the non-secure last mile, but using two different types of authentication. The example at the top shows an SDNP callout from the SDNP gateway 1220A to the office desktop phone 9 over an analog or POTS line. As shown therein, the operator 1225 manually performs the authentication to verify the account owner's ID and account ID. Although authenticated, calls made with analog voice 1221 are not secure and are private only if the conversation does not auditorily reveal secrets or account information. That is, if the secret is not revealed, the information is private, but once the information is revealed, the communication is no longer private. Therefore, as used herein, the term semi-private refers to authenticated communication over non-secured lines, or conditional private communication.

  The example at the bottom shows an SDNP callout from the SDNP gateway 1220A to the non-secure Digital Last Mile. The data transmitted by the IP datagram 1223 to an electronic device such as a desktop PC 36 is non-secure, but can be authenticated using an electronic ID verification method such as a token 1226 that is inaccessible to cyber attackers. The lines are non-secure and can be sniffed, so care must be taken not to divulge account numbers or sensitive data in digital interactions.

  Some examples of semi-private non-secure calls are shown below in some examples. FIG. 14 illustrates ID-verified, non-secure last mile communication between an SDNP network and an office desktop phone 9 (such as a private bunker phone). For example, if performed internationally, the account holder/account holder's call is routed around the world using hyper-secured communication in the SDNP network and finally as an SDNP call via SDNP gateway 1201A as the last SDNP call. Connected to Miles. The long-distance portion of the call is performed using a dynamically changing SDNP datagram, such as data packet 1222A that includes SDNP datagram A with SDNP payload. Next, at SDNP gateway 1201A, data packet 1222A is converted from SDNP datagram A to IP datagram B indicated by data packet 1223B. Unlike SDNP datagram A, IP datagram B contains a sniffable IP payload. The data packet 1223B is transferred to the public switched telephone network or PSTN gateway 1A by a wired or fiber link 24 operated by a network service provider (NSP). Then, this gateway is connected to the exchange 8A of the company via the POTS line 4 which transmits the analog call 1221. The corporate exchange 8A is connected to the desktop telephone 9 via the analog private branch exchange or PBX line 7A and also to the personal authentication operator 1225. During the call, the account holder will contact the private bunker on the desktop phone 9. At that time, the personal authentication operator 1225 participates in the call and confirms the caller's ID before ending the call before engaging in any transaction, so that the privacy of the caller is maintained thereafter. .. However, because calls are insecure, both private bankers and account holders must take care not to verbally reveal sensitive information such as account numbers, passwords, PINs, and so on. Therefore, the call is semi-private, or conditional private.

  FIG. 15 illustrates ID-verified, non-secure last mile communication between the SDNP network and the desktop computer 36. In the digital communication session, the IP datagram B transmitted by some digital media is used to communicate from the desktop computer 36 to the SDNP gateway 1201A. In the first section, the Ethernet 106A transmits the data packet 1223D including the IP datagram B from the desktop computer 36 to the Ethernet-based local router 27B. Then, the data packet 1223C including the IP datagram B is used, and communication is performed from the Ethernet (registered trademark) local router to the network router 27 via the wired or fiber link 24A of the Internet service provider (ISP). In the last section of the last mile between the network router 27 and the SDNP gateway 1201A, the data packet 1223B including the IP datagram B is transmitted by the network service provider line of the wired or fiber link 24 operated by the NSP. The last mile is non-secure because IP datagrams are used. Digital identity verification, such as login window 1227 and security token 1228, can be used for authentication to keep communications semi-private. These digital certificates should be limited to one-time use to prevent their use by fraudsters. For example, if a token is generated by a token and once used for access, the combination can no longer be used, so even if a hacker intercepts the token, it will expire and become invalid, which is useful. I can't stand.

  FIG. 16 shows another example of the non-secure last mile communication whose ID has been verified. In this example, as the SDNP callout, the SDNP gateway 1201A communicates with the POS terminal 38 and the gas pump POS terminal 38A. The last mile communication shown is an NSP wired or fiber link 24 that sends a data packet 1223B containing an IP datagram B to a network router 27, and then an IP datagram B in a data packet 1223C to a PSTN bridge 3A. A wired or fiber link 24A and a mixture of digital and analog connections followed by a POTS or analog line 30B for transmitting digital PCM (pulse code modulation) data as an analog call 1221A connected to the POS terminal 38 and the gas pump POS terminal 38A. is there. Authentication in financial transactions is based on bank card data 1229 including electronic card based smart card integrated circuits and dynamic PIN 1228. Authentication includes verification by a financial institution 1230 connected to the SDNP network via SDNP gateway 1201A or another last mile.

  Hyper Secure Last Mile Communication

  By adopting secure dynamic communication network and protocol technology, hyper-secure communication can be realized at the last mile. To facilitate hypersecurity, the SDNP code needs to run as an "SDNP client" on the connected device. The SDNP client is composed of operation instructions hosted by the connected communication device, a shared secret, and SDNP connection information. The SDNP client may include software running on an operating system, firmware running on a microcontroller or programmable IC, or dedicated hardware or integrated circuits. FIG. 17 schematically shows an example of the hyper secure communication in the last mile where the “SDNP connection” is used. As shown, the SDNP gateway 1201A is connected to a device executing an SDNP client, which in this example is a SDNP application 1335 running on a desktop computer 36. SDNP clients are hardware and operating system specific. For mobile devices, a separate app is required for each mobile device platform using Android(R), iOS, and Windows(R) Mobile. Similarly, notebooks, desktop PCs, and servers, including Windows® 10, MacOS, Unix®, Linux®, etc., require individual OS-specific applications. Hardware hosting of SDNP clients in devices that do not have a high level operating system, such as POS terminals, hotspots, IoT, etc., needs to be adapted to the programmable device executing the code. Programmable integrated circuits often require programming in a chip-specific development environment unique to the IC vendor, such as Qualcomm, Broadcom, Intel, AMD, NViadia, Microchip.

  Since the SDNP gateway 1201A and the SDNP application 1335 communicate using the SDNP payload 1222, it becomes impossible to understand the caller ID and the call payload in packet sniffing. Specifically, the SDNP payload 1222 contains source and destination SDNP pseudo-addresses that are not recognized by the DNS server, allowing the payload to be scrambled, fragmented, mixed with junk data insertion, and dynamically encrypted. SDNP data. The SDNP payload 1222 is embedded in the IP datagram 1223. This directs routing through the last mile using the IP address or NAT address of the cellular, cable, or ISP operator's network used for the last mile connection, rather than the SDNP address.

  Another aspect of SDNP-based hypersecure last communication is that all SDNP clients are essentially capable of authentication and identity verification. Therefore, privacy features are not based on the network's ability to provide privacy to support AAA, but on whether client software or firmware is designed to facilitate the verification process. It should be understood that all Hyper Secure Last Miles support ID verification, so the following Hyper Secure Last Mile example applies to both private and non-private secure communications. Therefore, unlike insecure last mile networks with semi-privacy features, private communication over hypersecure last mile is determined by the SDNP client, not the network, where any level of single factor authentication the client wants. Or it can support multi-factor authentication procedures.

  Specific examples of the hyper secure call are shown in some examples below. FIG. 18 illustrates hyper-secure last mile communication between various cellular mobile devices with SDNP network and WiFi last link. As shown, the data packet 1222A including the SDNP datagram A and the SDNP payload is converted by the SDNP gateway 1201A of the last mile communication into the data packet 1223B including the IP datagram B also including the SDNP payload. Since the Hyper Secure Last Mile utilizes a shared secret, a numeric seed, an encryption key, and other zone-specific security credential information that is different from that used in the SDNP cloud, the SDNP payload of IP datagram B is It is different from the SDNP payload of SDNP datagram A. In other words, by changing the payload from one security zone to another and embedding the SDNP routing information as the source SDNP address and the destination SDNP address that are not recognized by the DNS server, the SDNP gateway 1201A can detect the SDNP data. The gram is converted to an IP datagram.

  Next, in order to facilitate packet routing between the SDNP gateway 1201A and the communication device, that is, the tablet 33 and the mobile phone 32 that function as an SDNP client, this zone-specific SDNP payload has a last-mile network-specific IP address ( Wrapped in an IP datagram packet with an IP header containing the NAT or Internet address). Since the last mile routing intermediate device is not the SDNP client, the structure of the SDNP payload in IP datagram B remains fixed as it travels the last mile. In other words, the data packets 1223B, 1223C, and 1223D are identically configured datagrams, all SDNP data with the same SDNP payload (a payload that does not change as the packet hops from device to device along the last mile). Composed of gram B. In brief summary, only SDNP network nodes or SDNP clients, whether IP datagrams or SDNP datagrams, can reconstruct the SDNP payload embedded in the level 3 datagram.

  As shown, a data packet 1223B containing IP datagram B is transmitted by a NSP operated wired or fiber link 24 to a network router 27, followed by a data packet 1223C also containing IP datagram B, operated by the ISP. Is transmitted to the WiFi router 26 by a wired or fiber link 24A. After that, the data packet 1223D including the IP datagram B is used via the WiFi link 29 of the mobile device such as the mobile phone 32 and the tablet 33 which both execute the SDNP application 1335A, and the WiFi router 26 facilitates the last link communication. It Therefore, these devices function as an SDNP client that can interpret the data included in the data packet 1223D including the IP datagram B. This includes decoding, junk removal, unscrambling, and mixing the contents of the payload with data fragments from other data packets to recreate the original message or sound.

  FIG. 19 illustrates hypersecure last mile communication between various cellular mobile devices with SDNP network and cellular wireless last link. As shown, a data packet 1223B containing IP datagram B is transmitted by a NSP-operated wired or fiber link 24 to a network router 27, followed by a data packet 1223C also containing IP datagram B. The cellular network 25 is created by being transmitted to the mobile phone base station 17 by a person's wired or fiber link 24B. Then, via a 3G or 4G/LTE cellular link 28 of a mobile device, such as a mobile phone 32 and a tablet 33, both running SDNP app 1335A, a data packet 1223D containing IP datagram B is used by the mobile phone base station 17. Last link communication is facilitated.

  As in the example above, since the last mile routing intermediate device is not the SDNP client, the structure of the SDNP payload in IP datagram B remains fixed as it travels the last mile. In other words, the data packets 1223B, 1223C, and 1223D are identically configured datagrams, all SDNP data with the same SDNP payload (a payload that does not change as the packet hops from device to device along the last mile). Composed of gram B.

  FIG. 20 illustrates Ethernet Last Mile communication between various tether (non-mobile) devices with an SDNP network and an Ethernet last link. As shown, a data packet 1223B containing IP datagram B is transmitted by a NSP operated wired or fiber link 24 to a network router 27, followed by a data packet 1223C also containing IP datagram B. It is transmitted to the Ethernet (registered trademark) router 103A by a (ISP) wired or fiber link 24A. After that, the data packet 1223D including the IP datagram B is used via the Ethernet (registered trademark) 106A of the tether device such as the desktop computer 36 that executes the SDNP application 1335C and the desktop telephone 37 that executes the SDNP firmware 1335B, and the Ethernet (registered The trademark router 103A facilitates the last link communication. If there are no SDNP network nodes or SDNP clients in the last mile, the data packets 1223B, 1223C, and 1223D are identically configured datagrams, all the same SDNP payload (packets hop from device to device along the last mile). The SDNP datagram B has a payload (which does not change with time).

  FIG. 21 shows the hyper secure last mile communication between the SDNP network and the cable service client. As shown, a data packet 1223A containing IP datagram B is transmitted by the NSP wired or fiber link 24 to the cable CMTS 101, the cable operator's command, communication, and content distribution center. These cable operators offer a wide range of services such as cable television, pay-per-view, telephone services, internet connectivity and business services. Then, fiber or coax modulated according to DOCSIS3 and trellis format (discussed in the background of this disclosure) is used to optimize bandwidth and real-time services, and the CMTS 101 head unit is sent to the client via cable 106. Connected. The cable operator can maintain the datagram format transparently to the client or package the IP datagram in its own datagram format. These data packets, referred to herein as CMTS datagram C, use cable-specific NAT addressing and encapsulate the SDNP payload as a nested payload within data packet 1224C for delivery on cable 106. Be converted.

  As shown, cable CMTS 101 routes CMTS datagram C to cable modem 103. Thereafter, this extracts a payload data packet 1223B composed of an IP datagram B with an unchanged SDNP payload for last link delivery. The last link to the SDNP client compatible device is via Ethernet (registered trademark) 106A to the desktop computer 36 that executes the SDNP client application 1335C, or via twisted pair copper 7 to the cordless phone 5A that executes the SDNP client firmware 1335B. It can occur in several formats. The cable CMTS 101 also routes the CMTS datagram C to the cable modem 103, which then extracts the original IP datagram, such as IP datagram B, and other video content over cable 106. Sent to the cable TV set-top box. Then, the IP datagram B and the content are transferred from the cable set top box via the HDMI (registered trademark)-2 107 to the UHD interactive television 39 that executes the SDNP application 1335D. Alternatively, the cable television set top box 102 can host the SDNP firmware.

  FIG. 22 shows the hyper secure last mile communication between the SDNP network and the WiFi home network connected via the cable service provider. As shown, a data packet 1223B containing IP datagram B is transmitted by the NSP wired or fiber link 24A to the cable CMTS 101, cable operator command, communication, and content distribution center. The wired or fiber link 24A is then used to connect the CMTS 101 head unit via coaxial or fiber to a particular client's cable (WiFi) modem router 100B to create a WiFi access point 26. The routing of data packet 1224C may include an IP datagram with an internet address, or a proprietary CMTS datagram C with NAT addressing. The routing between the SDNP gateway 1201A and the cable (WiFi) modem router 26 represents the wired section of the hyper secure last mile.

  The last leg of the home network includes a WiFi link 29 that wirelessly connects the cable (WiFi) modem router 26 to various home devices by data packets 1223D containing IP datagram B. To facilitate end-to-end hypersecurity, such devices must act as SDNP clients using software or firmware loaded on the device. For example, the notebook 35 and the desktop computer 36 operate as an SDNP client using the computer application 1335C, and the mobile phone 32 and the tablet 33 operate as an SDNP client using the mobile application 1335A. The IoT device (refrigerator 34K in this example) can operate as an SDNP client if the control system has SDNP firmware 1335E loaded. However, if the SDNP client software is not, or cannot be, incorporated into such a device, then other methods must be used to achieve end-to-end security.

  Last link security of ID pair

  If the connected device cannot act as an SDNP client, end-to-end hypersecurity cannot be guaranteed. In this case, the SDNP remote gateway can be used to extend the hypersecurity communication and cover the last mile of communication except the last link. If the last link, which is the part of the last mile that is directly connected to the communication device, is not enabled as an SDNP host, the last link is via a local area network (LAN) used to facilitate the communication of the last link. You need to guarantee link security. FIG. 23 is a schematic representation of the use of SDNP remote gateway 1350 in last mile communication. SDNP remote gateway 1350 includes any communication device enabled by SDNP firmware 1335H to function as a remote gateway. Therefore, the SDNP connection between the SDNP gateway 1201A and the SDNP remote gateway 1350 consists of an IP datagram 1223A that includes an IP or NAT source and destination address and an SDNP payload 1222. The SDNP payload 1222 includes an SDNP payload that is nested using an SDNP address that is not recognized by the DNS server and security credential information specific to the last mile zone. This SDNP connection is hyper-secure which can support identity verification and caller privacy.

  Communication is performed between the SDNP remote gateway 1350 and any connected device (such as the desktop computer 36) other than the SDNP client by a LAN connection such as a local area network or Ethernet (registered trademark), WiFi, or another protocol. . Security is facilitated by LAN security protocols and device pairing between the communication device and the SDNP remote gateway. Device pairing is a process in which the IDs of two devices are established by an authentication sequence between two communication devices to prevent unauthorized access.

  FIG. 24 shows an example in which the function of the remote SDNP gateway is executed by using the SDNP compatible router 1351, that is, the router executing the SDNP firmware 1335H. The gateway converts the data packet 1223A including the IP datagram A into the data packet 1223B including the IP datagram B. SDNP firmware 1335H interprets the SDNP payload contained in IP datagram A, but the connected device is not an SDNP client. Instead, the SDNP router 1351 converts the SDNP payload into a conventional IP payload. This last link will not be secure unless additional security measures are implemented on the device. For home use, this insecure device connection is often not a problem because the last link occurs at home. Unless a hacker physically breaks into your house and eavesdrops, you can't sniff these wired connections. Examples of wired last links to non-SDNP devices in the home include a modem 103C or HDMI-2 connected to a desktop computer 36 as shown in the example and connected to a television 39. Ethernet (registered trademark) 106A is included.

  Since the SDNP connection and the hyper secure communication are extended only to the SDNP router 1351, the last link depends on the authentication and the encryption to realize the security of the wired connection. In the case of Ethernet, such security can be any number of security such as virtual local area network operations or VLANs that utilize encryption between authentication devices, such as iSCSI operating at Layer 1 to Layer 3. Method (http://www.computerweekly.com/feature/iSCSI-security-Networking-and-security-options-available) is available. Alternatively, "IP security" or the IPSec framework can be used to achieve security using the Layer 4 to Layer 6 methods. Originally developed for data storage and promoted by Cisco as an industry standard, IPSec has two security modes. The "authentication header" mode allows the receiving device to authenticate the sender of the data. In this mode, the data fields are encrypted but the header uses a recognizable IP address. Encapsulating Security Payload (ESP), also known as tunnel mode, encrypts the entire IP packet, including the IP header, and nests it in a new, unencrypted IP packet, ensuring that routing works properly and the packet is at the correct network destination. Be transmitted to.

  In either case, security depends on the authenticating device allowing the device to connect to the network. For example, in home networks such as computers, shared storage drives, IoT, and personal networks connected to other devices, the hardware connected to the network does not change frequently. In such cases, authentication basically involves the registration process of the device accessing the network or router. Rather than identifying a particular user's identity, this type of authentication is done device-to-device, ie device-to-device, and the use of device tags, names, or ID numbers generally authorizes the connection. The identified device is identified and recognized. Establishing a network connection involves the setup phase after the devices are first introduced to each other and the user is authorized to connect. Then, every time the wired device is physically connected to another device, or in the case of WiFi, each time the two devices are within range of each other, an automatic authentication sequence is performed. This setup phase, referred to herein as ID pairing, may also be referred to as device registration, device bonding, device pairing, pairing, or pair bonding. A similar process is used for devices that connect Bluetooth® headphones to the mobile phone or devices that pair the Bluetooth® mobile phone to the car's hands-free audio system. Protocols include Challenge Handshake Authentication Protocol or CHAP, Kerberos V5, Simple Public Key Generic Security Service Application Programming Interface (GSSAPI), Secure Remote Password (SRP), and Remote Authentication Dial-In User Service (RADIUS). included. Methods such as RADIUS rely on broken encryption methods, but are still used in combination with other technologies.

  The Ethernet (registered trademark) communication protects the ID pair device such as the Ethernet (registered trademark) modem 103C, but is composed of analog telephone signals transmitted to the cordless telephone 5A and the desktop telephone 37 through the twisted pair copper wire conductor 7. The last link is not secure in the case of modem output. Furthermore, the communication format of the cordless telephone 5A is not secure and is subject to interception and monitoring. For this reason, using a home phone for secure communication is not recommended.

  The distribution of video content is also a concern for security. For example, SDNP router 1351 communication to HDTV 39 includes high-definition multimedia interfaces (HDMI®), DisplayPort (DP), digital visual interfaces (DVI), and less popular Gigabit video interfaces (GVIF). Video communication formats such as, or Integrated Digital Interface (UDI), usually consist of a physical connection to an HDTV or display monitor. Originally, the security of this connection and its data was of concern to movie studios and content providers, focusing on the prevention of illegal copying and distribution of copyrighted material. In order to maintain the security of the video link, Intel Corp. One of the security protocols developed by the company is High Bandwidth Digital Content Protection (HDCP) (https://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection). Originally, this system was intended to prevent HDCP encrypted content from being played on unauthorized devices. The system verifies the authentication of the television receiver or display before the content is transmitted. Thus, in DHCP, authentication prevents data from being received by unlicensed devices, data encryption prevents eavesdropping, and compromised device keys are revoked.

  In HDCP, authentication, ie using ID pairing, can protect the flow of content from the modem to the television. However, with the advent of smart TVs, data flow has become bidirectional. As of revision 1.4, a high-speed bidirectional data channel known as HEC or HDMI® Ethernet® channel has been proposed as a means of facilitating upstream data flow from a television to a modem or set-top box. Registered trademark). In this data channel, data can be transmitted and received from a device connected to HDMI (registered trademark) via 100 MC/sec Ethernet (registered trademark), so that it is possible to support an IP-based application such as an IP television. The HDMI® Ethernet channel allows Internet-enabled HDMI® devices to connect to the Internet via an HDMI® link without the need for a separate Ethernet® cable. Can share. Therefore, secure communication can be facilitated via HDMI (registered trademark) by using the same security protocol and ID pairing that can be used in Ethernet (registered trademark).

  FIG. 25 shows an example in which the function of the remote SDNP gateway is executed by using the SDNP compatible WiFi router 1352, that is, the WiFi router executing the SDNP firmware 1335J. The gateway converts the data packet 1223A including the IP datagram A into the data packet 1223B including the IP datagram B. SDNP firmware 1335J interprets the SDNP payload contained in IP datagram A, but the connected device is not an SDNP client. Instead, the SDNP WiFi router 1352 converts the SDNP payload into a conventional IP payload, and the WiFi access point 26 is used for wireless communication with the connected device, facilitating communication over the WiFi link 29. Be converted. This last link will not be secure unless additional security measures are implemented on the device. In the case of WiFi communication at home or office, data packets may be sniffed from a long distance, so security is a concern. Examples of WiFi connected home and office devices include desktop computer 36, notebook 35, tablet 33, mobile phone 32, speaker 34B, printer/scanner 34A, and shared data drive 34C.

  Security between the connected device and the SDNP gateway (ie, SDNP WiFi router 1352) is a WiFi Protected Access WPA-II or WPA2 (IEEE 802.11i-2004) alternative to the old WPA and its insecure predecessor WPE. Etc. are achieved using any number of industry standard protocols. WPA2 communications are protected using CCMP. CCMP is an acronym for "Counter Mode Cipher Block Chaining Message Authentication Code Protocol" based on AES processing with a 128-bit key and a 128-bit block size. CCMP provides data confidentiality, requires authentication, and sets access controls. Authentication includes ID pairing during setup. Repairing must be done manually. While CCMP security is good, it is not hypersecure and lacks the dynamic nature of SDNP communications and anonymous data packets obtained by SDNP clients.

  FIG. 26 is an example of a device connected to IoT in a home network. In this example, the SDNP-compatible WiFi router 1352, that is, the WiFi router executing the SDNP firmware 1335J is used to perform the function of the remote SDNP gateway. The gateway converts the data packet 1223A including the IP datagram A into the data packet 1223B including the IP datagram B. The SDNP firmware 1335J interprets the SDNP payload included in the IP datagram A, but the device connected to the IoT is not the SDNP client. Instead, the SDNP WiFi router 1352 converts the SDNP payload into a conventional IP payload, and the WiFi link 29 from the WiFi access point 26 is used to communicate wirelessly with the connected device. This last link is not secure, especially as WiFi data packets can be sniffed from afar unless additional security methods are implemented. Examples of IoT devices connected to WiFi at home include central heating and air conditioning 34D, lighting 34G, blinds 34F, large appliances 34K, portable and indoor HVAC 34E, garage door 34L, home monitoring 34J, and home central security system. 34H is included.

  Security between the connected device and the SDNP gateway (ie, SDNP WiFi router 1352) uses any number of industry standard protocols, such as the aforementioned WiFi Protected Access Protocol WPA2 with CCMP to secure data confidentiality. Accomplished by securing, requiring authentication, and setting access controls. In WPA2, security is achieved using ID pairing, device verification implemented as a Layer 2 protocol. This method is cumbersome because it includes a manual authentication method.

  For IoT communication, a proximity network called "AllJoin framework", an alternative protocol used in local area networks, has recently been introduced. The framework discovers devices, creates sessions, and facilitates secure communication. The framework is designed to support IoT device connectivity using a number of Layer 2 transport layers, such as WiFi, Ethernet, serial bus communication, powerline PLC, and so on. Applications include C, C++, Obj., running on multiple platforms including Linux(R), Windows(R), MacOS, Android(R), RTOS real-time operating system, and open source development environment Arduino. It is based on C and Java (registered trademark).

  Applications that comply with AllJoy are mutually authenticated and exchange encrypted data to achieve end-to-end application level security. Authentication and data encryption are performed at the application layer 7. At transport layer 2, also called router layer, security-related messages are sent between application endpoints, but the security logic itself is not implemented. The application layer 7 also has a callback function called an “authentication listener”, which facilitates authentication using a PIN, a password, or an authentication certificate. Security is achieved using AES128 peer-to-peer encryption. Similar to WPA, AllJoin uses ID pairing in the authentication process before execution of command and control sequences. Authentication methods supported include pre-shared key (PSK), secure remote password (SRP) key exchange, or logon using a username and password. In this protocol, (i) no authentication, (ii) authentication with pre-exchanged keys, and (iii) X. ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) key exchange for authentication using a 509 ECDSA certificate is also supported.

  The same technology can be applied to companies. FIG. 27 is an example of a device connected to IoT in a home network. In this example, the SDNP-enabled WiFi and Ethernet router 1352Z, ie, the Ethernet and WiFi router running SDNP firmware 1335J, is used to perform the functions of the remote SDNP gateway. The gateway converts the data packet 1223A including the IP datagram A into the data packet 1223B including the IP datagram B. The SDNP firmware 1335J interprets the SDNP payload included in the IP datagram A, but the device connected to the IoT is not the SDNP client. Instead, SDNP and Ethernet WiFi router 1352Z convert the SDNP payload into a conventional IP payload and both WiFi link 29 and Ethernet 106A are used to communicate with the connected device. Is done.

  This last link is not secure, especially as WiFi data packets can be sniffed from afar unless additional security methods are implemented. Examples of WiFi connected IoT business devices include devices connected to WiFi hotspots such as central heating and air conditioning 34D, lighting 34G, surveillance system 34J, security system 34H, POS terminal 38, tablet 33, and the like. . Wired devices in an enterprise depend on the nature of the business. In the banking industry, the device includes an ATM machine 38D with an Ethernet connection. At a gas station, the device includes a gas pump 38A with an Ethernet connection as an example.

  In summary, the last link can be protected by a non-SDNP client that communicates with the SDNP remote gateway. As such, most of the last miles are hyper-secure and the last link uses ID pair encryption security.

  SDNP bridge communication

  As mentioned above, last mile data transfers outside the SDNP cloud always use IP datagrams, i.e. Internet source and destination addresses, or data packets using the network operator's NAT address. For example, when operating in an office building, or when operating in cooperation with a local network service provider that hosts an SDNP soft switch on a server, in the case of a private network, SDNP datagram is used for the last. It is also possible to realize hyper-secure communication with part of the miles.

As mentioned above, in the hyper-secure communication, the SDNP soft switch software or firmware is hosted depending on the server and the communication is performed using the SDNP datagram and the anonymous address instead of the IP datagram in the SDNP cloud. These SDNP soft switch compatible servers are called SDNP nodes designated by SDNP node notation M _0,0 , M _0,1 , M _1,0 , M _{1,1 and the} like. The above-noted US Application No. 14/803,869 also discloses communication between multiple independent SDNP clouds connected by SDNP bridges, which are SDNP gateways in which IP datagrams are routed to other SDNP clouds.

  The SDNP bridge concept can be adapted to some of the last mile communications as well. Creating an SDNP subnetwork or minicloud within the last mile requires enabling more than one server with SDNP bridge software or firmware. Unlike the SDNP client software or firmware that runs on the end device, the originating device, SDNP bridge operations are used to route data rather than acting as a final connection. As such, two or more adjacent SDNP bridges can operate as a standalone SDNP bridge network, SDNP mini cloud, or SDNP ad hoc network. As disclosed, the SDNP bridging function represents a layer 3 description similar to the structure of the layer 2 description for bridge mode operation of WiFi routers. Within the SDNP bridge or SDNP bridge network, SDNP datagrams are used to communicate. Communication from outside the SDNP bridge or SDNP bridge network to the SDNP bridge uses IP datagrams with an SDNP payload.

  The operation of the SDNP bridge in last mile communication is shown in the exemplary schematic diagram of FIG. This is an SDNP network with an SDNP gateway 1201A, an SDNP bridge consisting of SDNP bridge routers 1350 and 1352Z running SDNP firmware 1335H and 1335J, respectively, and a connecting client device that is not an SDNP client (shown as notebook 35 in this example). Be configured). As shown, the communication between the SDNP gateway 1201A and the SDNP bridge 1350 consists of a secure connection in which an IP datagram 1223A containing an IP address and SDNP payload is used. The SDNP payload 1222A includes SDNP routing information and secure SDNP payload encoded using zone-specific security credential information. Therefore, even if the IP address routing is used, the SDNP payload is used to realize the hyper secure.

  Within the SDNP bridge connection, that is, between SDNP bridge router 1350 and WiFi enabled SDNP bridge router 1352Z, hypersecure communication is performed using SDNP datagram 1222B. SDNP routing information is extracted from the SDNP addressing included in SDNP payload 1222A. The SDNP bridge and the SDNP connection include a hyper secure wired section of last mile communication, which can support ID verification and account verification, and privacy is supported.

  The connection from the SDNP bridge router 1352Z to the non-SDNP client device, the notebook 35, utilizes an IP datagram 1223B with an IP address and IP payload over a local area network, either WiFi or Ethernet. .. Even if not hyper secure, the security of this last link can be protected by any of the aforementioned Ethernet and WiFi security protocols, such as iSCSI, IPSec, WPA, AllJoyn, etc.

  An SDNP bridge can be implemented between any two SDNP-capable devices carried by any number of physical media. That is, SDNP bridging is a layer 3 protocol that is operated unknowingly from the implementation of layer 1 PHY and layer 2 transport layers. For example, the top schematic diagram shown in FIG. 29A shows two SDNP bridge Ethernet (registered trademark) running SDNP datagrams 1222, each running SDNP firmware 1335H, via an Ethernet (wired) bridge. ) This shows communication performed from the router 1351A. The central schematic shows two SDNP bridge routers 1352Z, each capable of Ethernet and WiFi communication, and running SDNP firmware 1335J. SDNP datagram 1222 is used to communicate from this SDNP bridge router via a WiFi (wireless) bridge. In the schematic diagram at the bottom, an SDNP datagram 1222 is used via an Ethernet (wired) bridge to run an SDNP bridge Ethernet router 1351A running SDNP firmware 1335H from an Ethernet (registered trademark). ) And WiFi communication are possible, and the communication is to a SDNP bridge router 1352Z that executes SDNP firmware 1335J. Thus, even when operating outside the last mile SDNP cloud, SDNP bridges consisting of two or more SDNP-capable routers can route or deliver SDNP datagrams to an entire building or private network.

  The SDNP bridge can be extended to the system using proprietary hardware such as a cable television system. For example, in the top schematic shown in FIG. 29B, two cable CMTS “head” servers have been modified to run SDNP firmware or software 1335L to operate as a cable CMTS SDNP bridge 101. The SDNP datagram 1222 is used to communicate from this server via a cable or fiber bridge. The SDNP bridge can be extended from the CMTS head to the subscriber's home. A cable television set running SDNP firmware 1335M from a cable CMTS SDNP bridge 101 running SDNP datagram 1222 and running SDNP firmware or software 1335L via a cable (coax) bridge as shown in the central schematic. Communication is made to the top box or cable modem 102. In this way, the SDNP bridge extends hypersecure communication to the home or office.

  The disclosed SDNP bridge method can also be used for data transfer over wireless networks. The schematic at the bottom of FIG. 29B shows two mobile phone base stations and a radio tower running SDNP firmware or software 1335N and functioning as mobile phone base station SDNP bridges 17X and 17Y. SDNP datagram 1222 is used to communicate wirelessly with these mobile phone base stations and wireless towers via a cellular network including cellular bridges 25X and 25Y. The top schematic shown in FIG. 29C shows a terrestrial microwave base station running SDNP firmware or software 1335O and functioning as an inter-satellite link SDNP bridge 92C. The SDNP datagram 1222 is used to communicate from this terrestrial microwave base station as a microwave satellite bridge to an orbiting satellite running SDNP firmware or software 1335P, namely the satellite SDNP bridge 93. Communication then occurs from the satellite to the subscriber or another satellite.

  SDNP bridge communication can be adapted to automotive applications that use the vehicle as a peer-to-peer ad hoc communication network. In the lower schematic of FIG. 29C, SDNP datagram 1222 is used, via the vehicle's wireless bridge, from the telematics module of vehicle 1390A running SDNP firmware 1335F to the nearby vehicle 1390B running SDNP firmware 1335F. The communication that takes place is shown. For each vehicle with SDNP firmware enabled, another communication node of the dynamic telematics SDNP bridge network is formed. This communication forms a communication network that allows information to be passed along the highway even when the cellular tower is not locally present, rather than the information being sent to a particular car or driver.

  The SDNP bridge network concept is particularly useful in large area communications and transportation and transportation involving cars, trucks, emergency vehicles, trains, planes, boats, and marine vessels. In particular, a satellite network is required to realize a wide communication range. The system typically includes a network connection with a satellite operator called a satellite bridge or backhaul, which links the satellite to its clients and subscribers, also referred to as satellite distribution. FIG. 30 is a schematic representation of various satellite connections adapted for SDNP hypersecure communication. As shown, a wireline connection 94A is used to carry data packets 1222A containing SDNP datagram A and SDNP payload, and communication is made from SDNP gateway 1201A to terrestrial satellite dish 92C running SDNP firmware or software 1335O. . From here, the same SDNP datagram A is relayed as a data packet 1222B via satellite bridge 95A to satellite 93 executing SDNP firmware or software 1335P.

  Due to the delivery of hypersecure communication data packets from SDNP to various clients, data packet 1222C containing SDNP payload and SDNP data packet A are included on satellite 93. Satellite communication is bi-directional, allowing the downlink from satellite 93 to terrestrial clients to have higher signal strengths and faster data rates than uplink connections. In other words, the satellite can transmit to the terrestrial client at a higher data rate and stronger signal strength than the client's response. Examples of links from satellites 93 to subscribers are satellite links 95B to dish internet subscribers 92G executing SDNP firmware 1335T, satellite phones 92F executing SDNP firmware 1335S, high speed train 1360C executing SDNP firmware 1335G. Included are a satellite antenna array 92H deployed, a satellite antenna array 92E located on a marine vessel 1360B running SDNP firmware 1335R, and a satellite antenna array 92D located on an aircraft 1360A running SDNP firmware 1335Q.

  For large vehicles such as ships, aircraft, trains, each system connects this hypersecure satellite communication link to its own internal communication system or local area network. For example, FIG. 31A shows an example of a commercial aircraft located in the fuselage of aircraft 1360A and connected from a satellite antenna module 92D running SDNP firmware 1335X to a communications central server 1361 running SDNP software 1335Z. .. The communication central server 1361 links to various systems including a device 1367, a data recorder and black box 1368, a media storage module 1363, and a WiFi router module 1362 optionally running SDNP firmware 1335L. To support WiFi hotspot communications, a WiFi router module 1362 connects to an array of WiFi antennas 1361 located throughout the aircraft. As shown in the example of FIG. 31B, all communications except radio-based flight control are conducted over a common satellite communications link using antenna module 92D. The antenna module includes satellite transmitting antenna 1360A, satellite receiving antenna 1368A, antenna control unit 1369, and 40W voltage regulator 1370. Since the power and signal strength of satellite broadcasting are higher than the strength and uplink function of antenna broadcasting, the satellite receiving antenna 1368A is smaller than the satellite transmitting antenna 1360A.

  The satellite communications of marine vessels utilize multiple bands of satellite communications, including high altitude satellites and low altitude orbit satellites. For example, FIG. 32 shows a usage example of communication in a plurality of bands including a Ku band satellite antenna 1383A and low altitude orbit satellite antennas 1383B and 1383C. High altitude satellites do not provide or have limited capability for uplink functionality, including geostationary orbit, which allows them to cover a wide range from very high altitudes. Due to the high altitude, as shown in map 1384, the area covered by each satellite is quite large. As shown in Map 1385, low altitude orbit satellites require more satellites due to the smaller area they can cover. Therefore, the cost for covering the broadcast area becomes high. Depending on the course of the vessel, access to the low altitude orbit satellite may be intermittent depending on the position of the satellite in orbit.

  The Ku-band satellite antenna 1383A is typically used for distribution of television and movie content, so SDNP security is typically not required. Tracking and positioning is performed by antenna control 1383. The multi-channel data from the satellite antenna 1383A is supplied to the L-band multi-switch 1381 and the signal is separated into fixed video broadcasting data and digital video broadcasting DVB data which are routed to the television receiver and the tuner 1382. The video content is provided to the central communication server 1380. However, if secure communication is required, the Ku-band satellite antenna 1383A can be adapted to run SDNP software.

  For data from low altitude orbit satellite antennas 1383B and 1383C executing corresponding SDNP firmware 1335U and 1335V, information from the satellite antennas is relayed to a central communication server 1380 executing SDNP software 1335Z. The communication system also enables communication within the land using a 4G/LTE cellular network 25 hosted by a mobile phone base station 17 running SDNP firmware 1335N. The communication via the server 1380 is distributed to the entire ship by the SDNP WiFi router 1362 executing the SDNP firmware 1335L. The WiFi hotspot communication of the WiFi access point 26 is distributed to the entire ship by the WiFi antenna 1361. Communication with an SDNP client such as the mobile phone 32 executing the SDNP application 1335 facilitates end-to-end hypersecure communication. Devices that are not enabled as SDNP clients must rely on ID pairing using WAP, AllJoyn, or other security protocols.

  FIG. 33 shows an application of multiband communication applied to a high-speed train. As shown, from a train data center server 1380 running SDNP software 1335Z connected to an SDNP gateway 1201A, a high speed train via multiple PHY connections including satellite microwave 95B, 400 MHz radio 1372, and 60 Ghz microwave 1373. Communication is made to 1360C. During the SDNP communication, data is relayed from the SDNP data center 1380 to the satellite 93 executing the SDNP firmware 1335P via the satellite antenna 92C executing the SDNP firmware 1335D. Communication from the satellite to the train antenna array 1383V connected to the server 1361 executing the SDNP software 1335Y. Alternative communication is performed from the SDNP data center 1380 via 400 MHz antennas 1381 or 60 GHz antennas 1382, which are arranged at regular intervals along the train track. Further, communication is performed from these satellites to the antenna array 1383B connected to the train communication SDNP server 1361 that executes the SDNP software 1335Y. Next, the communication received by the SDNP server 1361 is distributed to the entire train by the WiFi bridge 1335Z, and is distributed to the client as a WiFi hotspot.

Communication functions for automobile and commercial truck transportation are multifaceted and include:
・Voice communication/Navigation, Map, Road information, Alert/Entertainment, Hotspot service, Infotainment/Wireless payment, Toll/Emergency service, Towing vehicle service/Collision avoidance/Scheduling of dispatcher (professional, ride sharing)

  Self-driving cars, or unmanned driving, require additional features. Based on older cellular networks, such as CDMA (2.5G) control central units, mainly called "telematics" modules, existing vehicle systems have been found to be vulnerable to hacking, cyber and privacy attacks. There is. To eliminate this vulnerability, it is necessary to protect the entire network at a low cost. That is, financially, there is no option to install a new network. Instead, security methods are deployed from layer 3 to layer 7, requiring the security infrastructure to be layered on the hardware network. This strategy is compatible with the implementation of the SDNP last mile disclosed herein.

  FIG. 34 shows a typical hyper-secure last mile connection between a vehicle and an SDNP cloud. As with previous last mile connections, the particular data carrier involved in forwarding packets across the last mile may vary significantly by location. As such, the figure shows an example that represents hypersecure communication, regardless of the data carrier involved. As shown, at SDNP gateway 1201A connected to network router 67A via a wired or fiber link 24 managed by a network service provider (NSP), data packet 1222A containing SDNP datagram A contains an SDNP payload. It is converted into a data packet 1223A composed of IP datagram B. Next, from the network router 67A, the IP networkgram B is routed as the data packet 1223B to the mobile phone base station 17 via the wired or fiber link 24A owned or operated by the mobile network operator (MNO). Then, via the cellular network 25, the cellular link 28 is used in any of 2.5G, 3G, 3.5G, 4G/LTE depending on the mobile network operator in the area, and is composed of the SDNP datagram B including the SDNP payload. Data packet 1223C is transmitted from IP data packet B to the telematics module of automobile 1390A. The SDNP firmware 1335F operating within the telematics module then interprets the SDNP payload embedded in the incoming data packet 1223C, completing the hypersecure communication link. Therefore, the cellular last link of the vehicle functions as a part of the hyper secure last mile communication.

  As shown in FIG. 35, the telematics module of automobile 1390A utilizes secure information for various functions controlled by infotainment interface 1377. Data packets 1223B and 1223C including IP datagram B and IP datagram C are also delivered from the built-in WiFi hotspot 1362D. IP datagram B includes an SDNP payload that facilitates end-to-end hypersecure communication to any SDNP client, such as mobile phone 32B running SDNP app 1335. The IP datagram C, which uses only the conventional IP payload, is less secure, but operates on devices that do not operate as SDNP clients, such as mobile phones 32A and tablets 33A. ID pairing can be used to improve last link security for non-SDNP devices via WPA, AllJoyn, or other protocols.

  Another important function in vehicle communication is a function of inter-vehicle communication, which is also called V2V communication. The purpose of V2V communication is mainly collision avoidance. However, according to the SDNP method disclosed herein, V2V communication can also function as a hyper-secure ad hoc peer-to-peer network. FIG. 36 shows the inter-vehicle SDNP communication. In this figure, cars 1390A, 1390B, and 1390C running SDNP firmware 1335F form a peer-to-peer network with each other and with mobile phone base station 17 connected to SDNP gateway 1201A. Inter-vehicle communication can be performed using either IP datagrams or SDNP datagrams.

  When communicating from a SNP client or gateway to a non-SDNP device, the communication is done using IP datagrams. For example, the SDNP gateway 1201A converts an SDNP datagram A containing an SDNP payload into a data packet 1223A composed of an IP datagram B containing an embedded SDNP payload. As shown, via the 2.5G or 3G cellular link 28A, a data packet 1223B composed of an IP datagram B containing an embedded SDNP payload is used to communicate from the cell phone base station 17 to the car 1390A. If a data packet 1223C consisting of an IP datagram B also containing an embedded SDNP payload is used to communicate to a car 1390C via a 3.5G or 4G/LTE cellular link 28B. There is also. In this way, the SDNP payload is delivered independent of the network used to carry the data packet.

  In vehicles with SDNP firmware 1335F enabled, ad hoc peer-to-peer SDNP bridges or bridge networks may be formed. For example, data packet 1222B containing SDNP datagram C rather than IP datagram is used to communicate from vehicle 1390A to vehicle 1390B via V2V wireless link 1391A. Similarly, data packet 1222C containing SDNP datagram D is used to communicate from vehicle 1390B to vehicle 1390C via V2V wireless link 1391B. It does not depend on IP datagrams. Regardless of the type of datagram used, the embedded content remains hypersecure using the SDNP payload.

  Another function of SDNP ad hoc V2V networks is the ability to perform tunneling functions. That is, the data can be passed such that the data passing between vehicles is not monitored or interpreted. When a failure occurs in the cellular link 28B because the automobile 1390C is out of range, the SDNP bridge network is used in the mobile phone base station 17 as an alternative path, and the cellular link 28A, the V2V wireless link 1391A, and finally the V2V wireless The same caller is connected via link 1391B. During data transfer, data packets 1223B, 1222B, and 1222C are changed from IP datagram B to SDNP datagram C and finally to SDNP datagram D. Because the SDNP payload intended for car 1390C is uniquely created for the destination car, car 1390B and its driver hack the contents of SDNP datagram C even though data packet 1222B is being relayed over the ad hoc network. Or cannot be monitored.

  Apart from conventional last mile communication, the same SDNP bridge technology can be used to send large amounts of data over long distances, or digital trunk communication with hypersecurity. FIG. 37 shows three such examples. That is, microwave trunk 98, fiber trunk 90, and satellite trunks 95A and 95B. This feature can be considered as part of the SDNP cloud, but since a single data route resembles the route of last mile communication, a similar method is adopted to ensure hypersecurity. For example, data packets 1222 containing SDNP datagrams are used to communicate from servers 21A and 21B running SDNP software 1335Z via microwave trunk 98 via microwave towers 96A and 96B running SDNP firmware 1335W. It can be carried out. Further, it is possible to directly communicate from the servers 21A and 21B using the data packet 1222 including the SDNP datagram via the fiber trunk 98. For global communications (eg, trans-Pacific data links), microwave antenna trunks 95A and 95B from servers 21A and 21B, both using earth base satellite antennas 92A and 92B running SDNP firmware 1335U. Communications can be made to satellites 93 running SDNP firmware 1335V. As in the fiber and microwave tower examples, satellite trunk communications utilize data packets 1222 containing SDNP datagrams.

  In conclusion, the security and privacy features provided by Last Mile Communications rely on two communications devices. FIG. 38 contrasts four different combinations. Improve security and privacy from bottom to top. For each, (i) security: the ability to prevent unauthorized access to the communiqué, (ii) ID verification: the ability to authenticate users and adjust access and privileges based on their ID, and (iii) anonymity: from monitoring. Three factors are considered: the ability to hide the caller's identity.

  In the bottom example, a data packet 1223C containing an IP datagram with a sniffable IP address and IP payload is used to openly communicate from a SDNP gateway 1395 to a non-SDNP client that lacks any security measures. As a result, Last Mile Connection is neither secure nor private. In the second example from the bottom, communication is performed from the SDNP gateway 1395 to a non-SDNP client that provides a device authentication and ID pairing function. In this communication, the data packet 1223B including the IP datagram having the sniffable IP address is used, but the encrypted payload including the ciphertext that can be decrypted only by the device of the ID pair is used. The communication is not private and has no anonymity, but security is enhanced, at least for a limited time.

  In the second example from the top, if the data packet 1223A includes the SDNP payload in the IP datagram, the communication is routed from the SDNP gateway 1395 via an arbitrary bridge or router 1397, thereby providing hyper security. realizable. The level of security achieved depends only on the end device, not the router. In the case of the topmost example, a data packet 1222 containing an SDNP datagram with SDNP addressing, a source and destination address that is not recognized by the Internet DNS name server, and an SDNP gateway 1395 made using the SDNP secure payload. The communication between SDNP clients 1396 is a hyper-secure communication with good security, complete privacy terms, and anonymous packet routing.

  Hyper Secure Last Mile packet routing

  Regardless of the Layer 1 physical hardware used and the Layer 2 data link algorithms and schemes, packet routing between an SDNP client or SDNP bridge and an SDNP gateway relies on IP datagrams to ensure that data packets are transmitted throughout the last mile. It is transmitted and routed. Unlike data routing in the SDNP cloud, which is directed by the SDNP signaling server, the SDNP cloud or its signaling server does not control IP datagrams passing through the last mile. Therefore, some variations in the propagation delay in the last mile are expected. Fortunately, this uncertainty is not very high compared to the total end-to-end propagation delay of global communications due to the limited distance of last mile communications and the number of possible routes. The total propagation delay variability due to last mile variability is estimated to be less than 10% of the total delay.

FIG. 39 shows a single route last mile communication between the SDNP client 1400 and the SDNP gateway 1401 in which a fixed IP address is used. The IP datagram 1405 includes the destination IP address of M _0,0 (SDNP gateway) and the source IP address of C _1,1 of the data packet, that is, the SDNP client. The last link communication is performed as a single route 1404 to the router 1402A. The data is routed through any number of routers R (eg, from router 1402B to SDNP gateway M _0,0 ).

As an alternative representation of the last mile network connection, each communication device can be shown as an PHY, a data link, and an IP stack that represents the network connection as OSI layers 1, 2, and 3. For example, FIG. 40A is an IP stack diagram for single route last mile hypersecure communication where a static IP address is used. Thus, a single device from the client device including the SDNP client C _1,1 to the SDNP gateway 1401 including the SDNP gateway M _0,0 via the router 1402A including the WiFi router and the Ethernet (registered trademark) router 1402B. The route last mile connection 1409 is established. The client device 1400 is connected to the router 1402A via the last link 1404. Here, the PHY layer 1 physical connection of the client IP stack 1411 and the corresponding data link layer 2 are connected to the corresponding layer 1 and layer 2 of the router IP stack 1412A.

  Next, the router 1402A is connected to the router 1402B via Ethernet (registered trademark). Here, the data link layer 2 corresponding to the PHY layer 1 physical connection of the IP stack 1412A of the WiFi router is connected to the corresponding layer 1 and layer 2 of the Ethernet (registered trademark) router IP stack 1412B. Finally, the router 1402B is connected to the SDNP gateway server 1401 via Ethernet (registered trademark). Here, the data link layer 2 corresponding to the PHY layer 1 physical connection of the IP stack 1412B of the Ethernet (registered trademark) router is connected to the corresponding layer 1 and layer 2 of the IP stack 1422 of the gateway. In operation, network layer 3 IP datagrams are transparently transmitted from one IP stack to another, specifically from layer 3 of IP stack 1411 so that data can be transmitted uninterrupted from the router. Flow to 1412A, then to 1412B, and finally to 1422. Thus, even if the data physically passes through multiple devices, the IP datagram is transmitted over the network as single root data by the virtual last mile connection 1409.

  In other words, Layer 3 network data flows over the last mile regardless of the physical connection used to carry the IP datagram. That is, the layer 3 last mile communication operates ignorantly in the implementation of the underlying layer 1 and layer 2 used for data transfer. This principle can be expressed in a simplified form with the elimination of intermediate nodes, as in the schematic diagram of FIG. 40B. This includes a client device 1400 that includes data transfer communication between the IP stack 1411 and the corresponding computing & data storage function 1410 and between the IP stack 1422 and the corresponding computing & data storage function 1421. An SDNP gateway server 1401 is included. Regardless of the number of media or routers used in the data packet delivery process, IP datagrams 1405 flow through last mile connection 1409. Therefore, the last mile can be viewed as a "data structure", an abstraction meaning any physical means by which IP datagrams are transferred between devices. However, the last link has a physical meaning because the caller's connecting device needs the ability to connect to the upstream router of a communication link that cannot be established. For example, if a caller who uses a tablet computer that has only a WiFi connection function is at a WiFi-enabled cafe and the caller does not have a WPA password to the WiFi network, the last link cannot be established, and the caller cannot use the last link. Unable to connect to SDNP cloud, which is miles. Or you cannot make a call.

  As another consideration in the last mile communication, the payload of the IP datagram 1405 includes information on all upper OSI layers such as transport layer 4 data, session layer 5 data, presentation layer 6 data, and application layer 7 data. It can be mentioned. The rest of the data contained in the payload of the IP datagram, except for the Layer 4 data required for UDP or TCP transport protocol selection, is specific to the disclosed SDNP communication and, unless itself runs SDNP software or firmware. Not interpreted by routers operating along the last mile. Therefore, even if the last mile network itself is composed of a combination of various devices, carriers and network operators, the last mile communication is interpreted only at the end devices, ie the caller or SDNP client and the SDNP gateway.

  The SDNP payload is protected by a number of secrets, including scrambling, fragmentation, junk data insertion and removal, state-dependent formats, and dynamic encryption, but the IP address of the IP datagram passing through the last mile network. Then, the source address and the destination address of the client device 1400 and the SDNP gateway server 1401 are inevitably revealed. Address spoofing is useful in providing some anonymity to the last mile. That is, by dynamically changing the source address and the destination address of the IP datagram, a cyber attacker can be guided in the wrong direction. IP impersonation is the dynamic change of the IP address of the caller's connected device (referred to herein as "dynamic client addressing"), or the communication with multiple SDNP gateways, ie, multi-route last mile. It can be realized by communication.

The first method of IP address spoofing described involves dynamically changing the source address of sequential data packets. As shown in FIG. 41, consecutively transmitted IP datagrams A, B, and C are composed of three different source addresses. Specifically, IP datagram A 1405A sent to the source IP address _C 1, 1, IP datagrams B 1405B source IP address _C 1, 2 in, IP datagram C 1405C sent to the source IP address _{C 1 , 3} are included. Therefore, all the packets entering the router 1402A are emitted from the SDNP client 1400, but the source address C _1,n of the client changes dynamically, so that the actual IP address is obfuscated and it becomes like a plurality of communication devices. appear. To complete this "phantom", it is also necessary to change the MAC address of the communication device to correspond to the dynamic source address.

This method is shown in Figure 42A using an IP stack. In this figure, WiFi and Ethernet (registered trademark) are used, and communication is performed from the devices 1400, 1402A, 1402B, and 1401 via the corresponding IP stacks 1411N, 1412A, 1412B, and 1422, but the network layer of the SDNP client is used. 3 The ID includes a plurality of IP addresses C _1,1 , C _1,2 , C _1,3 . As a result, as shown in the last link schematic of FIG. 42B, sequential data packets entering router 1402A appear to be sent from three different client devices rather than one device. The shared PHY layer is configured on the standard frequency of WiFi, and the data link layer connecting the devices complies with established standards such as 802.11ac or 802.11n.

The IP datagram 1405N sent to the router device 1402A along the network connection 1408 has a fixed destination IP address IP M _0,0 and a sequential source address IP C _1,1 , IP C _1,2 , IP C _1,3. Composed of etc. This is represented by the mathematical notation of IP C _1,n where n=1, 2, 3, which uniquely identifies each sequential packet. Each sequential IP packet also includes a corresponding payload SDNP 1, SDNP 2, SDNP 3, etc. In this description, the mathematical abbreviation "IP C _1,n " is used to refer to each IP address, but the IP address consists of an actual IP address created according to the IPv4 or IPv6 international standard. Note that reserved IP addresses are excluded.

Another option to enhance security is to use multi-route packet transfer in the last mile. In a manner similar to data transfer within an SDNP cloud, in multi-route last mile communication, audio and sequential data are parsed and fragmented before being split into individual packets and addressed to different SDNP gateways. FIG. 43 shows an example of multi-route data transfer in which a static IP address is used. In this figure, the SDNP client 1400 communicates with a plurality of gateways 1401A, 1401B, and 1401C. As shown, the first data packet 1405A is composed of a payload SDNP1 containing a source IP address C _1,1 and a destination address M _0,0 . The data packet 1405A is routed to the SDNP gateway 1401A via the last link 1404A via the routers 1402A and 1402B. Similarly, the second data packet 1405B is composed of the payload SDNP 2 including the source IP address C _1,1 and the destination address M _0,1 . The data packet 1405B is routed to the SDNP gateway 1401B via the router 1402C and the last link 1404B. The third data packet 1405C is composed of the payload SDNP3 including the source IP address C _1,1 and the destination address M _0,3 . The data packet 1405C is routed to the SDNP gateway 1401C via the last link 1404C via the routers 1402D and 1402E.

  In the path between the client device 1400 and any of the three gateways 1401A, 1401B, 1401C shown, IP datagrams are routed through multiple last links 1404A, 1404B, 1404C to multiple routers 1402A, 1402B, 1402C. To be done. These routers include (i) fully independent routers that use the same physical medium, such as WiFi or Ethernet, and (ii) common hardware devices such as multiple trellis channels of a DOCSIS3 cable modem. Multiple router channels, or (iii) different physical media used for communication, eg, one over WiFi and another over 3G.

For example, FIG. 44A is an IP stack diagram for multi-route last mile hyper-secure communication where a static IP address is used via a common PHY last link 1404. In operation, the common PHY, data link, and network layers are used to communicate as a single device connection from SDNP client C _1,1 to routers 1401A, 1402B, and 1402C. Address spoofing is performed using a contiguous IP datagram that includes a static client address IP C _1,1 , but SDNP gateway addresses IP M _0,0 , IP M _0,1 and IP M _0,3. Is changed. Packet misdirection can be algorithmic or random. For example, every 10th datagram transmitted from the client device 1400, it is transmitted to the SDNP server 1401C, and the destination address IP M _0,3 and the source IP address are included in the 10th transmission datagram from the client device 1400. IP C _1,1 can be included. The reply from the SDNP gateway server 1401C is returned to the client device 1400 on the reverse path, that is, with the source IP address IP M _0,3 and the destination address IP C _1,1 .

  As shown, the PHY and data links between client device 1400 and routers 1402A, 1402D, 1402C are comprised of a single medium, such as WiFi. Although the last link connection is represented as a single wire divided into three, it is understood that all physical connections are made point-to-point rather than the electrical Y-connectors used to create parallel wiring. There is a need to. Instead, the connections in the figure are meant to show the effects of the connections. That is, one PHY connection is expanded to three from the PHY layer of the client IP stack 1411. That is, it is connected to the PHY layer of the IP stacks 1412A, 1412C, and 1412D. Functionally, this last link operates as a single output to the three input expansion mechanisms. Here, one client is connected to three router functions regardless of whether the router function is included in one common electronic device or is divided into individual routers. Note that, as shown, the last link 1404 comprises a single type of communication medium, either cable, fiber, WiFi, Ethernet, or cellular.

However, the rest of the last mile is not necessarily the same as the last link, and is composed of any medium. The alternate last link includes multiple different PHY layers connected to independent routers. Such an implementation is shown in Figure 44B. The figure shows an IP stack that performs multi-route last mile hyper-secure communication using static IP addresses via multiple PHY last links. Specifically, client device 1400 operates using a common network layer 3 interface with static client address IP C _1,1 , but separate layer 1 and layer represented as IP stacks 1411A, 1411B, and 1411C. Two interfaces are used. In operation, IP stack 1411A is connected to router 1402A via last link 1404A and an IP datagram containing source address IP C _1,1 and destination address IP M _0,0 is transmitted to router 1402B. Similarly, the IP stack 1411B is connected to the router 1402C via the last link 1404B, and the IP datagram including the source address IP C _1,1 and the destination address IP M _0,1 is transmitted. The IP stack 1411C is connected to the router 1402D via the last link 1404C, and the IP datagram including the source address IP C _1,1 and the destination address IP M _0,3 is transmitted to the router 1402E.

The combination of dynamic source addressing and multi-route data transfer is shown in FIG. In this figure, a dynamic source address is used to communicate from SDNP client 1400 to multiple gateways 1401A, 1401B, and 1401C. Thus, the first data packet 1405A is composed of the payload SDNP1 including the dynamic source IP address C _1,1 and the destination address M _0,0 . The data packet 1405A is routed to the SDNP gateway 1401A via the last link 1404A via the routers 1402A and 1402B. Similarly, the second data packet 1405B is composed of a payload SDNP 2 including a dynamic source IP address C _1,2 and a destination address M _0,1 . The data packet 1405B is routed to the SDNP gateway 1401B via the router 1402C and the last link 1404B. The third data packet 1405C is composed of a payload SDNP3 including a dynamic source IP address C _1,3 and a destination address M _0,3 . The data packet 1405C is routed to the SDNP gateway 1401C via the last link 1404C via the routers 1402D and 1402E.

As such, each successive data packet contains a changing SDNP payload, and a dynamically changing destination address is used to route each data packet over a different last link to a unique SDNP gateway. To transfer data over multiple last links, namely last links 1404A, 1404B, and 1404C, a single router with multiple IP inputs, such as a DOCSIS3 cable modem with trellis encoding, or multiple band WiFi. , Or a combination of wireless and WiFi, or some other combination of wired and wireless communication. As an example, FIG. 46A illustrates an IP stack for multi-route last mile hyper-secure communication using a dynamic client IP address via a single PHY last link 1404. Client device 1400 illustrates a shared physical interface that includes Layer 1 and Layer 2 communications as shown in IP stack 1411A. Regarding the network layer 3, a client address C _1,1 addressed to the SDMP gateway M _0,0 in the IP stack 1411A, a client address C _1,2 addressed to the SDMP gateway M _0,1 in the IP stack 1411B, an IP stack In 1411C, the client address C _1,3 addressed to the SDMP gateway M _0,3 is generated.

The same multi-route approach can be combined with dynamic client addressing and multiple PHY final layers, as shown in the IP stack diagram of FIG. 46B. As shown, the client device 1400 is shown to the SDNP gateway having IP addresses IP M _0,0 , IP M _0,1 , IP M _0,3 via the corresponding last link 1404A, 1404B, 1404C, Included are three IP stacks 1411A, 1411B, 1411C carrying IP datagrams with corresponding IP addresses IP C _1,1 , IP C _1,2 , IP C _1,3 .

Often, the last link consists of a single route with multi-route data transfer used after the first router. In FIG. 47, the SDNP client 1400 communicates with a single router 1402A via the last link 1404. After the router 1402A, the dynamic source address is used, and the data packet is transmitted to the plurality of gateways 1401A, 1401B, and 1401C. In this implementation, the first data packet 1405A consists of a payload SDNP1 containing a dynamic source IP address C _1,1 and destination address M _0,0 . The data packet 1405A is routed to the SDNP gateway 1401A via the last link 1404 via the routers 1402A and 1402B.

Similarly, the second data packet 1405B is composed of a payload SDNP 2 including a dynamic source IP address C _1,2 and a destination address M _0,1 . The data packet 1405B is routed to the SDNP gateway 1401B via the last link 1404 via the routers 1402A and 1402C. The third data packet 1405C is composed of a payload SDNP3 including a dynamic source IP address C _1,3 and a destination address M _0,3 . The data packet 1405C is continuously routed to the SDNP gateway 1401C via the last link 1401 via the routers 1402A, 1402D, and 1402E. As such, each successive data packet contains a changing SDNP payload, and a dynamically changing destination address is used to route each data packet over a common last link to a unique SDNP gateway.

This last mile connection is shown in Figure 48 using the IP stack. In this figure, from the IP stack 1411 of the SDNP client device 1400 having the last link 1404 connected only to the router 1402A, the data packet of the network layer 3 has three different network addresses, specifically, IP C _1,1 and IP C ₁ . _1,2 , IP C _1,3 to the stack 1412A. Therefore, the client device 1400 is actually composed of a single client, but is recognized by the router 1402A as three individual clients. When the IP datagram reaches the router 1402A, the IP datagram is split and transmitted via different routes to different destination gateways. For example, a packet having the source address IP C _1,1 is destined to the destination IP M _0,0 via the router 1402B, and a packet having the source address IP C _1,2 is destined to the destination IP M _0,0 via the router 1402C _{. 1} , the packet having the source address IP C _1,3 is routed to the destination IP M _0,3 via the routers 1402D and 1402E. The routing table for transmitting a data packet having a specific dynamic client address C _1,n to a specific SDNP gateway can be dynamically changed without being fixed in advance. The ability to assign IP addresses on a packet-by-packet basis further obfuscates the fact that apparently unrelated data packets are actually all part of a single fragmented communication between two originators.

  Physical realization of last mile routing

Last mile physical implementations include communication over a variety of media such as Ethernet, WiFi, cellular, or DOCSIS3 compliant cables and fiber links. Regardless of the medium used, the routing of data packets in Last Mile is mainly controlled by the following three variables.
-Media access control (MAC) address of the communication device-IP datagram destination IP address-IP datagram destination IP address

  Thus, the physical medium used to perform each hop in last mile communications, layer 1 and layer 2 information, is controlled by the MAC address and the client device and SDNP gateway, the last mile, are identified by the IP address. The payload used in hyper-secure communication follows a protocol defined according to secure dynamic communication networks and protocols, but to the last mile's intermediate devices, routers and other devices on the route of packets between client devices and gateways. It is not possible to perform SDNP functions on such devices because they do not have SDNP executable code. Therefore, the SDNP payload does not affect the routing of last mile hyper secure data packets.

  An example is the use of Ethernet in last mile communication. FIG. 49 is a diagram showing the IPv4 and IPv6 datagrams of the Ethernet communication for adapting the Ethernet data packet of FIG. 9E described above for SDNP last mile communication and transmitting the SDNP payload. .. As shown, layer 1 Ethernet packet 188 includes a data frame header, preamble 180, start frame delimiter SFD 181, and layer 2 Ethernet packet 189. The Ethernet packet 189 has a destination MAC address 182 and a destination MAC address 183, an optional 802.1Q tag 184 for VLAN implementation, and an Ethernet type field used to specify the type of data link used. 185 (length designation according to Ethernet II or IEEE 802.3), and a frame check 186 containing a 32-bit CRC checksum of the entire data link packet. The Ethernet packet 189 also includes a variable length MAC payload 187 used to encapsulate the SDNP content 1430 of the IP datagram. Specifically, the MAC payload 187 includes an IP payload 435 including an IP header 434, a transport header 436, and an SDNP payload 1430.

  The IP header 434 is different depending on whether the IP datagram follows the IPv4 or IPv6 protocol, as determined by the protocol field 447 containing binary 4 or the protocol field 448 containing binary 6. Both preambles 440 and 444 include transport header flags 470, such as TCP, UDP, or maintenance functions ICMP and IGMP, which are used to determine the Layer 4 transport method used. Specifically, TCP transfers are used for software and data files and UDP is used for real-time data such as VoIP and video according to secure dynamic communication networks and protocols. The length and format of the transport header 436 depends on the transport header 470. The IP header 434 includes a source address 441 and a destination address 442 of IPv4, or a source address 445 and a destination address 446 of IPv6.

Last mile routing of Ethernet packets relies on both IP and MAC addresses. In the figure, it is represented by an exemplary name of the device indicated by the IP or MAC address, such as MAC C _1,1 or IP M _0,0 . Here, for the sake of clarity, a symbolic name representing a numeric address created according to the Internet protocol in the Ethernet format is used instead of the numeric address. Note that the IP address IP C _1,1 follows a different format and uses different numbers of bytes for IPv4 and IPv6 names. Furthermore, the format of the MAC address depends on the layer 2 data link protocol used. Therefore, the MAC address MAC C _1,1 of the cellular radio is different from the MAC address of the same device that communicates by WiFi or Ethernet (registered trademark). The MAC address has nothing to do with the IP address. That is, there is no relationship between the IP address and MAC address of the same client.

Sequential last mile routing of Ethernet packets is shown in FIGS. 50A-50D. Each figure includes two Ethernet packets. The upper packet is composed of IPv4 datagrams, and the lower packet is composed of IPv6 datagrams. Because IPv4 and IPv6 use different formats with different field lengths, the two Ethernet packets that are displayed usually do not have the same length, even when the same payload is transmitted. In the first step of the communication sequence, SDNP Payload A moves from SDNP Client 1400 to Router 1402A via Last Link 1404 and then to SDNP Gateway 1401 via Gateway Link 1414. In response to the client from the SDNP gateway, the SDNP payload G travels from the SDNP gateway 1401 to the router 1402A via the gateway link 1414 and then to the client 1400 via the last link 1404. The SDNP client 1400 has a numerical MAC address MAC C _1,1 and a numerical IP address IP C _1,1 , the router 1402A has a numerical MAC address MAC R, and the SDNP gateway has a numerical MAC address MAC M _0,0 and a numerical value. It has the IP address IP M _0,0 . The IP address of router 1402A is not used in the data packet.

Unlike in the SDNP cloud, where the packet routing of SDNP datagrams is completely controlled by the SDNP network, in last mile communication where IP datagrams are used, there is no interpretation of SDNP payloads or routing impact. . That is, each communication transferred by the last mile includes the fixed source IP address and the fixed destination IP address. The physical medium or channel used to transmit Ethernet packets is managed by the MAC address that connects each communication node in the last mile. For example, in FIG. 50A, a source MAC address MAC C _1,1 , a destination MAC address MAC R, a source IP address IP C _1,1 , a destination address IP M _0,0 , and a router 1402A including an SDNP payload are shown. IPv4 and IPv6 Last Link Ethernet packets used for single PHY routing are shown. FIG. 50B shows a diagram in which SDNP payload A is transferred via the packet gateway link 1414 by the corresponding Ethernet (registered trademark). As shown, the source and destination IP addresses are unchanged from IP C _1,1 and IP M _0,0, but the source and destination MAC addresses are MAC R and MAC M _0,0 from the original values _{. It} is changed to ₀ .

In response communication from the SDNP gateway 1401 to the client 1400, the SDNP payload G passes through the same network in the reverse order, that is, a place where the source address and the destination address are exchanged. As shown in FIG. 50C, the source IP address and the destination IP address are composed of IP M _0,0 and IP C _1,1 , respectively, and the MAC address includes the source address MAC M _0,0 and the destination address MAC R. Is included. In the last link communication shown in FIG. 50D, the MAC address is changed to the source address MAC R and the destination address MAC C _1,1 , but the source IP address and the destination IP address are IP M _0,0 and IP C _{1 , No} change from ₁ .

As one of the convenient means of expressing the last mile communication from the SDNP client, a "simplified" data field including a source MAC address, a destination MAC address, a source IP address, a destination IP address and an SDNP payload is used. There is a method of using a data packet. The simplified format is useful in showing the data flow in the construction and response of consecutive data packets sent to the SDNP gateway over any communication "session", i.e. last mile. For example, at the top of FIG. 51A, a continuous Ethernet packet sent from the SDNP client to the SDNP gateway is shown (displayed in shortened form). Each row represents a continuous data packet containing SDNP payload, A, B, C. The leftmost column shows the last link data packet and the right column shows the data packet carrying the same payload over the gateway link. As shown, all the packets have IP C _{1,1 as} the source IP address and IP M _0,0 as the destination IP address. This last mile is referred to herein as SDNP single route last mile communication because only one pair of IP addresses is used. In addition, "static client addressing" is used on the last link because the source IP address used by SDNP client 1400 to transmit consecutive data packets does not change.

The MAC addresses of different segments of the last mile are necessarily changed to facilitate Layer 2 interconnection between each correspondent node and its neighbors. As shown, the source MAC address MAC C _1,1 and the destination MAC address MAC R are used in all consecutive packets passing through the last link from the client to the router. Since a single MAC address is used for the client in consecutive data packets, the last link is composed of a single physical medium, that is, a single PHY last link. In the transfer via the gateway link, the source MAC address MAC R and the destination MAC address MAC M _0,0 are used.

  Therefore, although the data packet shown includes the SDNP payload, the last mile routing necessarily uses sniffable MAC addresses and IP addresses, that is, addresses that can be interpreted by monitoring unauthorized listeners. By tracking packets that have the same source IP address and destination IP address, an unauthorized listener can infer that the data packets are likely to be part of the same conversation or session, without opening the SDNP payload. You can collect metadata such as call times, file sizes, and data rates to create caller profiles. In addition, figuratively like a breadcrumb trail, a hacker could track the originator of a call to an end device, or client device, by tracking the MAC address and IP address, thus making the caller personal. Specific.

As disclosed herein, a good way to prevent tracking to client devices, obfuscate related call packets, and suppress metadata collection is MAC in last mile and last link communication. To change the address and IP address dynamically. These creative methods of impersonation include:
• Dynamically changing the last link MAC address to send data packets over changing communication media. This is referred to herein as "multi-PHY last link" communication.
Impersonate the caller by dynamically changing the ID of the IP address of the client device. This is called "dynamic client addressing".
Change the communication path of continuous data packets in the last mile by dynamically changing the IP address for communication with different SDNP gateway IP addresses. This is called "multi-route last mile" communication.

  The combination of multi-PHY, dynamic client addressing, and multi-route last mile communication allows only SDNP callers and SDNP gateways to understand which packets are part of the same call or session, so last Tracking and tracing miles and last link communications becomes very difficult. These methods can be used individually or in combination.

For example, the lower half of FIG. 51A illustrates the use of multi-PHY last link communication with single route last mile communication with static client addressing. As shown, each row consists of a pair of data packets used in communication from the SDNP client to the SDNP gateway. The left side represents the last link data packet and the right side represents the gateway link data package. The three rows represent three consecutive messages. The top row contains the first data set "SDNP Payload A", the middle row contains SDNP Payload B, and the bottom row represents the third of the consecutive data packets containing SDNP Payload C. . In the single route last mile communication with static client addressing, the static client address IP C _1,1 and the fixed destination IP address IP M _0,0 are used in all continuous data packets.

In order to perform multi-PHY last link communication, ie to route last link data to multiple physical media, it is necessary to dynamically change the SDNP client's MAC address in sequential data packets. Each MAC address corresponds to a particular PHY layer, such as Ethernet 100BASE-T and 1000BASE-T connections. For three physical media, the packet dynamically changes the client's MAC address from MAC C _1,1 to MAC C _1,2 and then to MAC C _1,3 . If there are only two media, in order to avoid pattern recognition, MAC C _1,1 , MAC C _1,2 , MAC C _1,2 , MAC C _1,1 , MAC C _1,2 , MAC C _{1, 1} , MAC C _1,2 , MAC C _1,1, etc. can change the MAC address in a random pattern. Although the source MAC address changes, the destination MAC address of the last link can be kept constant as MAC R. Since all multi-PHY paths on the last link terminate at the same router, the data path through the rest of the last mile remains fixed as single route communication. In other words, the last link uses multiple PHY connections, but the last mile enters the SDNP cloud through a single gateway, and the last mile is composed of single route communications.

Although some degree of impersonation is achieved with the multi-PHY approach, packet sniffing of data packets from a particular call is still possible because the common client IP address is shared. This detection method can be disturbed by using dynamic client addressing (the operation of changing the IP address in each packet sent by the client). As an example, FIG. 51B illustrates the use of client dynamic IP addressing in single route last mile communication. The upper set of data packets shows a single PHY last link connection and the lower set of data packets shows a multi-PHY implementation. In SDNP single root last mile communications, regardless of whether single PHY method or multi-PHY methods used, the destination IP address 442 of SDNP gateway fixed to numeric IP _{M 0,0} for all data packets Will remain.

As shown, in the case of dynamic client addressing, in a data packet transmitting SDNP payload A, a dynamically selected source IP address 441 (including IP C _1,1 ) and data transmitting SDNP payload B are transmitted. Source IP address (including IP C _1,2 ) dynamically selected in the packet, and source IP address (including IP C _1,3 ) dynamically selected in the data packet transmitting SDNP payload C Used as such. The number of dynamically selected addresses is almost unlimited, especially for IPv6. Furthermore, since the IP address is reused for a fixed time (for example, 1 second), it may occur before the address is recycled. In the case of a dynamic client address on the single PHY last link, the value of the source MAC address 183, MAC C _{1,1 in} this example, is kept constant even if the source IP address is changed. In the case of a dynamic client address on the multi-PHY last link, the value of the source MAC address 183 changes continuously from MAC C _1,1 to MAC C _1,2 and then MAC C _1,3 . There is no particular mathematical correspondence between a client's changing MAC address and its dynamic IP address.

Dynamic client addressing appears to consist of messages sent from different users, but data packets still traverse most of the last mile with a single route (except for the last link in multi-PHY implementations). A more sophisticated way to confuse last-mile packet sniffing is to employ "multi-route" communications. In multi-route communication, a plurality of SDNP gateway IP addresses are used to connect the client and the SDNP cloud. SDNP network routing is defined by the signaling server and uses the identification of the SDNP tag of each packet so that the data can enter the SDNP cloud through a single gateway or the SDNP cloud through multiple gateways. It will be able to route packets from the SDNP cloud to the destination regardless. FIG. 51C illustrates the use of multi-route last mile communication with static client addressing. For all data packets shown on the last link, the client's source IP address 441 remains static with the numerical value IP C _1,1 , but for continuous data packets containing SDNP payloads A, B, C IP M _{0. , 0} to IP M _0,1 and then IP M _0,3 , the destination IP address 442 dynamically changes. The IP address of the SDNP gateway is not "randomly selected" but "selected" by the SDNP signaling server to temporarily minimize the statistical propagation delay between the gateway close to the originator, ie the SDNP client and a particular SDNP gateway. Represents a gateway. In this example, the dynamic destination address changes regardless of the PHY connection. For example, the top set of data packets is a single PHY last link connection with a client source MAC address 183 having the last link number MAC C _1,1 , the bottom set of data packets is MAC C _1, between different media _{. 1} , MAC C _1,2 , MAC C _1,3, etc., showing a multi-PHY implementation where the source MAC address is changed. There is no corresponding pattern or mathematical relationship between the changing MAC address of the client and the destination IP address of the SDNP gateway.

To achieve the most effective level of impersonation, combine dynamic client addressing with multi-route last mile communication. FIG. 51D shows the new combination of this security feature in both the single PHY last link implementation (top of the figure) and the multi-PHY last link version (bottom of the figure). In the fully dynamic version shown at the bottom, the source IP address 441 changes dynamically and randomly from IP C _1,1 to IP C _1,2 and then IP C _1,3 to the destination of the SDNP gateway. The IP address 442 independently changes from IP M _0,0 to IP M _0,1 and then IP M _0,3 . The SDNP gateway address is chosen by the SDNP signaling server and the dynamic client address is modified in an irrelevant manner so that the propagation delay is minimized. As in the previous example, the top set of data packets is a single PHY last link connection with the client source MAC address 183 having the last link number MAC C _1,1 , the bottom set of data packets is MAC between different media. 9 illustrates a multi-PHY implementation where the source MAC address is changed, such as C _1,1 , MAC C _1,2 , MAC C _1,3 . There is no corresponding pattern or mathematical relationship between the changing MAC address of the client and the changing IP address of the client or SDNP gateway. However, in multi-route last mile communication, not all the data is collected in a single router R, but the multi-PHY last link can be advantageously connected to three different routers R ₁ , R ₂ , R ₃ .

The table in FIG. 52A shows the least secure implementation (displayed in the last 10 lines of the table) consisting of a single route last mile with a static client address and a single PHY last link to the dynamic destination address. The above 10 types of last mile impersonation are summarized, up to the excellent impersonation (displayed in the first row at the top of the table) realized by the multi-PHY last link with designation and multi-route last mile communication. The table is sorted by security strength. The notations C _1,n , M _0,n , R _n refer to dynamically changing addresses of SDNP clients, SDNP gateways, and last link routers. Dynamic addresses are uncorrelated. 7th to 10th lines are single route last mile communication, that is, communication using a single gateway M _0,0 , 1st to 6th lines are multi route last mile communication with multiple gateways. It is shown. The last link communication is connected to a single router having the MAC address R, except for the first and fourth lines shaded. In contrast, as a multi-route communication, the first row and the fourth row which is shaded represents a multi-PHY last link communication connected to a plurality of routers having a dynamic MAC address R _n.

FIG. 52B illustrates single PHY last link static client addressing, multi-PHY last link static client addressing, single PHY last link dynamic client addressing, and multi-PHY last link dynamic client addressing. The operation of the single route last mile communication is topologically shown by four combinations. Shown in each box are three consecutive data packet communications that indicate the data paths used. The solid line represents the data packet flow, and the dotted line represents the unused but possible paths. The shaded circles represent communication nodes used in last mile communication, and the empty circles represent unused communication nodes. As shown, in all examples the last mile data is routed through a single connection between the router R and the SDNP gateway M _0,0 to the end.

  In the case of static client addressing via the single PHY last link shown in the upper left, each successive packet follows the same path for the entire last mile with a constant IP address. In the case of static client addressing via multi-PHY last link shown in the bottom left, each successive packet follows a different path on the last link according to the dynamically changing MAC address specification. The rest of the last mile consists of a single route, specified by an immutable IP address. Although a single route transfer, changing the physical medium of the last link makes it more difficult to track the caller. In the case of dynamic client addressing via a single PHY last link, shown in the upper right, each successive packet follows the same path across the last mile, according to a constant destination IP address and constant client MAC address of the last link. Instead, the camouflage is realized by changing the client ID by changing the dynamic source IP address. In the case of single route communication where both lower right dynamic client addressing and multi-PHY last link are used, even though all packets are routed to a single SDNP gateway, the client's MAC address and destination IP address are It changes dynamically and randomly.

  Dynamic client addressing is the process in which one or more temporary ad hoc IP addresses are used on a client device. There are two stages to this process. In the first stage, when the device first logs on to the network, it connects to the nearest router and registers its presence in the local subnet. The router then redirects the connection to the closest DHCP server on the same subnet. DHCP, which is an acronym for Dynamic Host Configuration Protocol, is a network management protocol used to dynamically assign IP addresses. The registration process downloads one or more IP addresses to the client device and saves the addresses in the communication data register. These IP addresses are used to communicate from the client device until the assigned IP addresses are updated by the local DHCP server by initiating a new session or requesting a new address. The IP address of the client device is not an internet address because the address is dynamically issued within a particular subnet.

  In the second stage where the client device makes a call or logs on to the SDNP network, the device is automatically connected to the SDNP signaling server based on the static IP address of the SDNP server. When an incoming message is received at the SDNP server, the ad hoc IP address or address is uploaded to the SDNP name server. Next, the SDNP address is assigned from the SDNP name server as a pseudo code of each temporary IP address. In operation, just prior to routing, the SDNP source address of the packet is replaced with the local ad hoc IP address. In the case of SDNP dynamic addressing, the source address changes and the packet is repeatedly transmitted, so that the ID of the client device is forged. In this way, dynamic impersonation can hide the actual identity of the client device.

  Upon reaching the SDNP gateway, the client IP address is discarded from the source address of the outgoing packet and replaced with the SDNP address of the gateway server instead. Then, in each outgoing SDNP packet, the device's local IP address is exchanged with the local ad hoc IP address just prior to forwarding. Unlike Internet packet transfer, where a source IP address and destination IP address are constant and a response is required, SDNP transfer uses a new IP address at each hop. Therefore, when the SDNP message finally reaches the destination, the source address of the client device is not included in the data packet. Instead, the signaling server informs the destination device about the return path of the response.

  Figure 52C topologically illustrates the operation of "multi-route" last mile communication with four combinations of static and dynamic client addressing, and single PHY and multi-PHY last links. ing. In each multi-route communication, the destination IP address, that is, the SDNP gateway, constantly changes. That is, the last mile route is connected to the SDNP cloud with different inputs. In the left column, the client address remains static. That is, the sender ID is not changed. In the example on the upper left, a single PHY connection is used on the last link. That is, also in this case, the MAC address of the client remains static. The last mile is more susceptible to call tracing because the last link physical medium and client IP address do not change when communicating with different destination gateways. This weakness can be compensated for by changing the last link medium used to transfer the data packet or hiding the actual ID of the originator's IP address.

In the lower left example, a multi-PHY connection is used for the last link. That is, the MAC address of the client changes dynamically. Such an approach can make up for the fact that the client's identity is maintained at a static IP address. As part of the end-to-end multi-route last mile communication, each unique last link is connected to a separate router so that successive packets can reach a separate SDNP gateway. Therefore, the first packet is routed via the unique PHY medium from the client with static address IP C _1,1 to the router with MAC address MAC R ₁ , and then finally the SDNP with IP address IP M _0,0 . Routed to the gateway. The second packet with the same client address IP C _1,1 is routed via the unique PHY medium to another router with the media address MAC R ₂ and then finally the SDNP with IP address IP M _0,1 . Routed to the gateway. Similarly, the third packet with static client IP address C _1,1 is routed via the unique PHY medium to the router with media address MAC R ₃ and then to SDNP gateway M _0,3 . The use of multiple routers allows the use of multiple PHY last links to deliver last mile packets in completely separate trajectories, despite the use of clients with a single destination IP address. It

Another implementation, shown in the upper right, uses a single MAC address and PHY connection, but the client's ID changes dynamically. As shown, the IP address of the client dynamically changes from IP C _1,1 to IP C _1,2 and then IP C _1,3 , but the physical medium is the source media address MAC C _1,1 and It is kept constant at the destination address MAC R. The data is then forwarded to the gateways M _0,0 , M _0,1 , M _0,3 in a random order determined by the SDNP signaling server.

Excellent security is achieved by combining all three last mile impersonation schemes, namely multi-PHY last link and multi-route communication using dynamic client addressing. This is shown in the bottom right of Figure 52C. Here, a multi-PHY last link and a plurality of routers are used, and a transmitted data packet is transmitted from a client having a dynamic IP address to a plurality of SDNP gateways via a plurality of routes. As shown, the first packet from the client with the dynamic source network address IP C _1,1 is the multi-PHY last link defined by the source media address MAC C _1,1 and the destination media address MAC R _{1. Is} transmitted to the destination IP M _0,0 via a plurality of routes. The second data packet from the client with the dynamically selected source network address IP C _1,2 is the multi-PHY last defined by the source media address MAC C _1,2 and the destination media address MAC R _2. The link sends to destination IP M _0,1 via multiple routes. The third data packet from the client with the dynamically selected source network address IP C _1,3 is the multi-PHY last defined by the source media address MAC C _1,3 and the destination media address MAC R _3. The link sends to the destination IP M _0,3 via multiple routes. As described above, the combination of the client IP address, the SDNP gateway IP address, the client MAC address, and the router MAC address all change randomly and dynamically, so that it becomes almost impossible to collect call traces and metadata.

  Obfuscation of IP address spoofing of the client device and last mile routing by dynamic IP addressing to multiple gateways, multi-PHY transfers, and multi-route transfers can be determined by the client device or signaling server. The misdirection process can be implemented using random number generation or other pseudo-random algorithm. An important principle is to make routing and forwarding changes unpredictable.

  FIG. 52D shows two less intense versions of last mile data transfer of Ethernet packets via multiple routes. In the diagram on the left, static client addressing and multi-PHY last link connection are used. In the diagram on the right, dynamic client addressing and multi-PHY last link connection are used. This implementation differs from the multi-PHY version shown in FIG. 52C in that the version of FIG. 52C uses a single router R rather than distributing the data transfer among multiple routers. In short, in a multi-route transfer where a single router is used for the last link connection, the sequential data from the client is distributed over multiple physical media, namely the multi-PHY last link, and then re-collected by a single router R. It Data is then sent from this common router to the rest of the last mile, including multiple gateway links and other parallel sections (not shown) in the last mile to multiple SDNP gateways defined by different destination IP addresses. .

  For last mile communication between the SDNP client and the SDNP gateway, WiFi wireless communication can be used as an accessory of Ethernet (registered trademark). WiFi communication requires data packets with three or four MAC addresses (two for wireless links, one or two for wired network connections), especially when using Ethernet data packets. FIG. 53 shows the same WiFi packet format adapted for SDNP last mile and last link communication. All that is required as an access point applicable to the last link communication is three 6B-long MAC addresses. Specifically, it includes the MAC address 1 field 235 of the receiving radio base station or “receiver”, the MAC address 2 field 236 of the transmitting radio base station or “transmitter”, and the MAC address of the wired network connection to the WiFi router. The MAC address 3 field 237, that is, Ethernet (registered trademark) or "net". In operation, the numerical values of the MAC address loaded in the receiver and transmitter data fields are either (i) data packets received over the air and transferred to the Ethernet, or (ii) converted into wireless communication. Incoming data on the Ethernet (registered trademark) depends on the direction setting of "To DS"/"From DS". The MAC address 4 data field 239 is optional and is only used when the WiFi device is used as a wireless bridge in "wireless delivery mode". These modes can be used for last mile communications over long distances, such as in the desert, as an alternative to cellular or microwave networks, but the use of WiFi communications in the general SDNP last mile typically involves a last link connection to an SDNP client. Focus on. Therefore, with the understanding that SDNP technology herein is equally applicable to wireless delivery mode routing, the following description focuses on the access point mode of the WiFi router.

  Similar to Ethernet data packets, the preamble 230 and start frame delimiter SFD 232 contain layer 1 data for synchronizing the data with the device. In the physical layer convergence procedure PLCP 232, information of layer 1 and layer 2 (related packet length, data rate, error check of header, etc.) is mixed. In accordance with the IEEE 802.11 standard, the remaining data fields specify the frame version 233 (which allows the WiFi version packet type to be the type used to carry the SDNP payload: management, control, reservation, or “data”). Layer 2 data link information including

  Duration & ID 234 includes NAV duration. However, if the WiFi device is in power save mode, this field contains the station ID. NAV or network allocation vector is a virtual carrier sensing mechanism used for power saving modes of wireless communication systems. NAV duration can be viewed as a counter that counts down to zero at a constant rate. This detects the medium and determines whether the radio is idle or still communicating. In idle mode, the counter repeatedly counts the NAV duration to see if sensitive wireless communication activity has been detected. The sequence control or "sequence" field 238 contains the packet sequence and fragment number that define the Layer 2 packet frame. The frame check 240 contains a 32-bit CRC checksum of the entire data packet, i.e. an error checking data link trailer.

  The WiFi payload 241 is a long data field of 0B to 2,312B used for transmission of the WiFi payload. For SDNP last mile communication, this field contains an IP datagram used in the last mile communication such as an IP header 434, a transport header 436, and an SDNP payload 435.

  The IP header 434 is different depending on whether the IP datagram follows the IPv4 or IPv6 protocol, as determined by the protocol field 447 containing binary 4 or the protocol field 448 containing binary 6. Both preambles 440 and 444 include transport header flags 470, such as TCP, UDP, or maintenance functions ICMP and IGMP, which are used to determine the Layer 4 transport method used. Specifically, TCP transfers are used for software and data files and UDP is used for real-time data such as VoIP and video according to secure dynamic communication networks and protocols. The length and format of the transport header 436 depends on the transport header flag 470. The IP header 434 includes a source address 441 and a destination address 442 of IPv4, or a source address 445 and a destination address 446 of IPv6.

  Like Ethernet data packets, last mile routing in WiFi packets depends on both the IP address and the MAC address and is represented by the symbolic name of the device pointed to by the IP address or MAC address. 54A-54D, sequential last mile routing of WiFi packets is shown. Each figure includes two WiFi packets. The upper packet is composed of IPv4 datagrams, and the lower packet is composed of IPv4 datagrams. Because IPv4 and IPv6 use different formats with different field lengths, the two WiFi packets displayed are usually not the same length, even if the same payload is transmitted.

In the first step of the communication sequence, SDNP payload A moves as a WiFi wireless medium from SDNP client 1400 to WiFi base station/router 1402W via last link 1404 and then wired to router 1402X via BS link 1415. To do. The data packet is then transmitted from the router 1402X to the SDNP gateway 1401 via the gateway link 1414. In the response from the SDNP gateway to the client, the SDNP payload G is wired via the gateway link 1414 from the SDNP gateway 1401 to the router 1402X, then via the BL link 1415 to the WiFi router 1402W, and the WiFi radio is used as the communication medium. Then, it moves to the client 1400 via the last link 1404. The SDNP client has a numerical MAC address MAC C _1,1 and a numerical IP address IP C _1,1 , the WiFi router 1402W has a numerical MAC address MAC W, the router 1402A has a numerical MAC address MAC R, and SDNP The gateway has a numerical MAC address MAC M _0,0 and a numerical IP address IP M _0,0 . The IP addresses of the WiFi router 1402W and the wired router 1402X are not needed for last mile communication, as shown.

  Unlike in the SDNP cloud, where the packet routing of SDNP datagrams is completely controlled by the SDNP network, in last mile communication where IP datagrams are used, there is no interpretation of SDNP payloads or routing impact. . That is, each communication transferred by the last mile includes the fixed source IP address and the fixed destination IP address. The physical medium or channel used for transmitting a WiFi packet in wireless communication and the physical medium or channel used for transmitting an Ethernet (registered trademark) packet in wired communication depend on the MAC address connecting each communication node in the last mile. Managed.

For example, FIG. 54A shows an IPv4 and IPv6 last link WiFi packet used for single PHY wireless routing to WiFi router 1402W via last link 1404. This includes the transmitter MAC address MAC C _1,1 and the receiver MAC address MAC W. It is then routed from the WiFi router 1402W via the BS link wire 1415 to the Ethernet router 1402X with the "net" MAC destination address MAC R. Layer 3 network routing includes only the end devices, the SDNP client 1400 with source IP address IP C _1,1 and the SDNP gateway 1401 with destination address IP M _0,0 . Unlike Ethernet data packets, WiFi packets include transmitter or source wireless MAC address MAC C _1,1 , receiver or wireless destination MAC address MAC W, and Ethernet “net” address MAC. It contains the three addresses of R. In the direction of this data transmission, the wired router 1402X acts as a network destination for the WiFi router device. Therefore, the WiFi data packet specifies two media, the WiFi wireless last link 1404 and the Ethernet (registered trademark) wired BS link 1415. FIG. 54B shows a diagram in which the SDNP payload A is transferred via the packet gateway link 1414 by the corresponding Ethernet. As shown, the source and destination IP addresses are unchanged from IP C _1,1 and IP M _0,0, but the source and destination MAC addresses are MAC R and MAC M _0,0 from the original values _{. It} is changed to ₀ .

The response communication includes exchanging the destination IP address and the source IP address, and adjusting the MAC address accordingly. FIG. 54C illustrates IPv4 and IPv6 Ethernet packets used for data transfer from SDNP gateway 1401 to wired based router 1402X via gateway link 1414. Regarding the layer 3 datagram information, the IP source address 441 includes the network address of the SDNP gateway 1401, that is, IP M _0,0 , and the IP destination address includes the value IP C _1,1 that is the address of the client. .. The MAC address of the gateway link Ethernet (registered trademark) packet is MAC M _{0,0 at} the source address 183 and MAC R at the destination MAC address 182.

54D shows IPv4 and IPv6 WiFi packets for wired BS link 1415 and WiFi wireless based last link 1404. The network layer 3 routing includes the SDNP gateway 1401 address IP M _0,0 and the SDNP client address IP C _1,1 as the source address 445 and the destination address 446. The function of the MAC address field 237 labeled "net" varies according to the wireless mode. In the transmission mode shown here, this field contains the Ethernet (registered trademark) MAC address of the wired transmission source of the wireless incoming data, that is, the numerical MAC R of the router 1402X which transmits the data packet to the WiFi access point. In the receiver mode shown in FIG. 54A described above, this field defines the Ethernet destination of data received as a wireless packet and converted into an Ethernet packet. In the example shown, the "net" field 237 contains the same MAC address as router 1402X, namely MAC R, in both send and receive modes. That is, a WiFi access point uses a single Ethernet router for last mile connection.

As an option, in multi-route communication via last mile, the wired router used in the routing of the data packet received by the WiFi access point, that is, the reception mode is the routing of the data packet transmitted from the WiFi access point, that is, the transmission mode. It may be different from the wired router used in. For example, the network MAC address 237 of the wireless packet in the reception mode may include the numerical MAC address MAC R ₁ and the data may be changed to another router connection MAC R ₂ in the transmission mode. That is, as an option, the BS link can be configured with a direction-dependent multi-PHY implementation. In transmit mode, the last link WiFi packet used for single PHY radio 1404 last link routing from the WiFi router 1402W to the SDNP client 1400 includes a transmitter MAC address 236 of numerical MAC W and a receiver of numerical MAC C _1,1 . The MAC address 235 is included. In this data transmission direction, the wired router 1402A functions as a source of data transmitted from the WiFi router device. Therefore, the WiFi data packet specifies two media, the WiFi wireless last link 1404 and the Ethernet (registered trademark) wired BS link 1415.

  Cellular networks are another form of wireless communication that can accommodate SDNP last mile communication. In a cellular network, received Ethernet packets are repartitioned into wireless specific medium access control (MAC) packets. Data may be transmitted and received in multiples (TDMA), code division (CDMA), or the content is spread over multiple subchannel frequencies (OFDM). For 4G/LTE communication based on Orthogonal Frequency Division Multiplexing (OFDM), layer 2 data packets are all stacked in three different levels of embedded service data unit (SDU) in layer 2. Specifically, the lowest level is composed of a PHY PDU 299 including a single frame MAC SDU 304 together with a MAC header 303 and padding 305 spanning 20 time slots 300 including PHY layer 1 data. The MAC SDU 304 includes Radio Link Control or RLC SDU 308.

  Radio Link Control (RLC) is a Layer 2 protocol used in 3G (UMTS) and 4G/LTE (OFDM) based phones. The radio link control function responds to higher layer requests in one of three modes: confirmed mode, unconfirmed mode or transparent mode, depending on error detection, error correction, duplicate detection, and specified format. Provides packetization of data. Data packetization includes reordering and resegmentation of RLC data PDUs, as well as concatenation, segmentation, and reassembly of RLC SDUs. For example, the single frame RLC SDU 308 inevitably limits the duration of carrying the payload and the data file size after the time allocated to perform the radio overhead function. Therefore, the single frame RLC SDU 308 needs to be divided into segments and mapped to different RLC layer 2 formats (multi-frame RLC SDU 319).

  As shown in FIG. 55, the mapping of single frame RLC SDU 308 to various K, K+1, K+2 segments 313, 314, 315, etc. of multi-frame RLC SDU 319 is not done one-to-one. As shown in the example, the mapping of single frame RLC SDU 308 ends in the middle of K+2 segment 315. Instead, the untransmitted portion of the remaining K+1 segment is sent in a new single frame RLC SDU 312, which is allowed after the padding time 310 required for radio clock synchronization and after the RLC header 311 has processed. Occurs only in. In this way, the transmission of data encapsulated in K+2 slots is resumed exactly where it left off, as if the data flow was not interrupted. Operationally, 4G pauses the playback of a DVD-encoded movie in the middle of a DVD chapter, waits for some time to perform other functions, and then resumes playback exactly where it left off. Similar to operation. Therefore, the data content is not lost, the RF data delivery rate of the cellular system is maximized so that there is no unnecessary radio bandwidth other than the packet overhead (such as PDU header), and the decrease of the data rate due to the clock synchronization padding time 310 is minimized. It can be suppressed to the limit.

  The multi-frame RLC SDU 319 encapsulates the PDCP PDU 320 in a one-to-one correspondence with each K segment. For example, an IP payload including a PDCP header 321A and data 323 is transmitted in the K segment 313, an IP payload including a PDCP header 321B and data 324 is transmitted in the (K+1) segment 314, and a PDCP is transmitted in the (K+2) segment 315. An IP payload including header 321C and data 325 is transmitted (and so on). The term PDCP is an acronym for Packet Data Convergence Protocol specified in 3G and 4G/LTE communication protocols, which performs functions such as compression, encryption, integrity assurance, user and control data transfer. . The PDCP header differs depending on the type of data to be transferred such as user data and control data.

  Since the data transfer of 4G data packets carries a continuous concatenated data stream, the payload size is not quantized into blocks of defined length like Ethernet and WiFi data packets. .. Instead, the data fields 323, 324, 325... Carried by the corresponding layer 2 data segments 313, 314, 315... Are IP payloads 435 including IP header 434 and transport header 436 and SDNP payload 1430. Can incrementally accommodate payloads of any size, such as Furthermore, in OFDM-based communication, data is transmitted simultaneously on multiple frequency subcarriers in each time slot. That is, unlike TDMA, the total data throughput is not simply determined by the duration in a single channel. However, for convenience, it is often convenient to maintain the size of the IP datagram to match the size of the Ethernet or WiFi standard.

  As shown, the IP header 434 differs depending on whether the IP datagram follows the IPv4 or IPv6 protocol based on the determination by the protocol field 447 containing binary 4 or the protocol field 448 containing binary 6. Both preambles 440 and 444 include transport header flags 470, such as TCP, UDP, or maintenance functions ICMP and IGMP, which are used to determine the Layer 4 transport method used. Specifically, TCP transfers are used for software and data files and UDP is used for real-time data such as VoIP and video according to secure dynamic communication networks and protocols. The length and format of the transport header 436 depends on the transport header 470. The IP header 434 includes a source address 441 and a destination address 442 of IPv4, or a source address 445 and a destination address 446 of IPv6.

As an example of 4G communication where IPv6 datagrams are used, FIG. 56A illustrates cellular radio 1404 last link routing to the cellular tower and base station 1402Q. Specifically, in the source MAC field 300A, the cellular source media address is defined as the client device MAC C _1,1 by the RLC PDU. Similarly, the destination MAC field 300B specifies the cellular receiver media address as the MAC BS representing the cellular tower and base station. Layer 3 network routing consists only of the last mile end device, the SDNP client 1400 with the source IP address IP C _1,1 shown in the Source Data field and the SDNP gateway 1401 with the destination address M _0,0. It As mentioned above, the data fields 323, 324, 325 do not necessarily correspond to a particular section of the IPv6 datagram data payload. Here, the data field 323 is composed of a part of the SDNP payload A 435 including the source IP address 445, the destination IP address 446, and the transport header 436. In data fields 324 and 325, the remaining untransmitted portion of SDNP payload 435 is transmitted.

FIG. 56B shows a data packet of the response message SDNP payload G via the cellular last link 1404 from the cellular tower and base station 1402Q to the mobile client device 1400. Here, the source and destination addresses from the previous data packet are exchanged. That is, the cellular source media address 300A is loaded with the media address MAC BS, the cellular destination media address 300B is the client MAC address, MAC C _1,1 is the source IP field 445 of the IPV6 datagram, and IP M _0,0. , And the destination IP field 445 is set to IP C _1,1 . Routing between the network router 1402X and the cellular tower and base station 1402Q via the BS link 1415 uses Ethernet data packets consistent with the previous example.

  Multi-PHY communication over the last link can include any of the aforementioned media used in various combinations. Multiple PHY implementations transmit data at the same or different data rates and use common or different Layer 2 protocols such as USB, Ethernet 10BASE-T, 100BASE-T, 1000BASE-T, DOCSIS3, etc. Wired connection can be included. The wired physical medium can consist of Ethernet or USB compliant network cables, coaxial cables, fiber optics, or twisted pair copper wire connections for DSL, but with reduced performance.

  Wireless multi-PHY communications can include WiFi, cellular, satellite, or a combination of proprietary radio formats that operate in the radio frequency and microwave bands. Wireless last link communication can also include short range technologies such as Bluetooth® or microcellular networks such as PHS in Japan. Wireless protocols include analog TDMA, GSM, CDMA, UMTS, OFDM, or WiFi protocols such as 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, 2G, 2.5G, 3G. Includes 4G/LTE cellular formats and proprietary formats for satellite communications or custom wireless links. As the Layer 2 protocol depends on the physical medium of Layer 1, the term “multi-PHY communication” used in the context of the present disclosure refers to a combination of both OSI physical layer and data link layer, ie a combination of Layer 1 and Layer 2. It is meant to be meant and not to be construed as limited to claims that mean only Layer 1 physical media.

  FIG. 57A shows an example of multi-PHY communication using the common layer 2 protocol, including implementations of Ethernet (registered trademark), WiFi, and mobile phones. In the topmost Multi-PHY Ethernet example, two Ethernet cables consisting of wired or fiber links 24A and 24B performing 100BASE-T and 1000BASE-T, respectively, are used and the router 27 From the computer to the desktop computer 36. A desktop 36 running SDNP software 1335C is shown to facilitate hypersecure communication in Last Mile.

  In the central multi-PHY WiFi example, the WiFi router 100 has a notebook through two WiFi channels, shown as a WiFi link 29A running the 802.11n protocol at 2.4GHz and a WiFi link 29B communicating at 802.11ac at 5GHz. Communication is made to the book 35. In order to operate in the multi-PHY mode, it is necessary for the notebook 35 to be able to simultaneously transmit and receive signals at a plurality of frequencies by the built-in multi-band antenna 26B of the notebook. Similarly, the multi-band antenna 26 needs to enable the WiFi router to simultaneously transmit and receive signals at a plurality of frequencies. A notebook 35 running SDNP software 1335C is shown to facilitate hyper-secure communication in the last mile.

  In the bottommost example of multi-PHY cellular communication, two different radio channels are used, including cellular links 28A and 28B at corresponding frequencies 1.8 GHz and 900 MHz, and via the multi-band cellular tower 18A, the mobile phone base station 17 From the tablet to the tablet 39 at the same time. In the example shown, the cellular link consists of a 4G/LTE network. As shown, the built-in multiband antenna 18B needs to enable the tablet 39 to simultaneously transmit and receive signals at a plurality of frequencies. A tablet 39 executing the SDNP application 1335A is shown to facilitate hypersecure communication in the last mile.

  In such multi-PHY communications where a common layer 2 protocol is used, hackers need to physically access two different layer 2 data links, each with its own security, which can disrupt cyber attacks. You can Further, if the client is running SDNP software 1335C, SDNP app 1335A, or SDNP firmware 1335B (not shown), routing of the SDNP payload in a multi-PHY connection uses unique dynamic security credentials. Interception and interpretation of SDNP packets by real-time hacking becomes very difficult.

  FIG. 57B shows an example of multi-PHY communication in which mixed layer 1 media and layer 2 protocols are used. In this example, a combination of mobile phone, WiFi and satellite system is used to transmit the last link data. The top mixed media multi-PHY communication example uses a combination of 100BASE-T Ethernet wired or fiber link 24B and 802.11ac WiFi link 29B operating at 5 GHz, from WiFi router 100 to desktop computer 36. Communication takes place. A desktop 36 running SDNP software 1335C is shown to ensure hyper-secure communication in the last mile. An example of this is a combination of wired and wireless communication. In this case, wireless packet sniffing cannot intercept or monitor wired data. This multi-PHY last link decentralized mix of Ethernet and WiFi consists of a secure desktop computer in a building or campus that communicates with a private server that is securely housed in a server room with restricted access. Is particularly suitable for the deployment of corporate office networks.

  In the example of multi-PHY communication with mixed media in the center of FIG. 57B, two different wireless technologies are used, and communication is performed from the mobile phone 32 having the built-in multi-band antenna 18C. As an example, the 5 GHz 802.11n protocol is used, and communication is performed from the WiFi link 29C to the WiFi router 100 and the antenna 26 with one PHY connection. The second PHY connection, the cellular link 28C, uses a 1.8 GHz carrier operating in the 4G/LTE protocol to facilitate the last link connection to the cellular tower 25 and the base station 17. Since the cellular tower 25 and the WiFi antenna 26 operate in an unrelated system, this multi-PHY approach completely hides the relationship between the data packets carried by the multiple physical media of the last link. The mobile phone 32 executing the SDNP application 1335A is shown so that hypersecure communication in the last mile is guaranteed.

  The example at the bottom of FIG. 57B illustrates a similar method of implementing multi-PHY last link communication combining cellular and satellite. From the satellite/cell phone 32Z running the SDNP app 1335A via the two long-range wireless networks to the cellular tower 25 and base station 17 via the cellular link 28D at 1.8 GHz, and as an example at 1.9 GHz. Communication is performed to the communication satellite 92 via the satellite link 95W. Next, communication is performed from the satellite 92 to the terrestrial satellite antenna and the base station 92B via the broadband link 95X. This is not necessarily the same frequency as the client communication.

  Another various multi-PHY communication is shown in FIG. 57C. In this example, a common protocol is shared, but a plurality of physical media capable of a plurality of simultaneous communication channels by frequency division is mentioned. In such a system, a higher bandwidth medium is required because the performance load decreases as the operation load increases, that is, the more users use the bandwidth and throughput capacity of the medium. Only three such bandwidth-rich media are currently available. That is, (i) a DOCSIS 3 cable system using a coaxial cable, (ii) a DOCSIS 3 cable system using an optical fiber, and (iii) a multi-GHz low-orbit satellite communication system. Specifically, in the multi-PHY cable system diagram at the top, multiple bands are used and a cable from a set top box or cable modem 102B running SDNP firmware 1335M over a coaxial or fiber 105 running the DOCSIS3 protocol. Communication is made to the CMTS 101.

  The lower diagram shows a multi-PHY satellite network in which a plurality of carrier bands 95Z formatted by a unique communication protocol are used and communication is performed from the satellite-compatible mobile phone 32Z executing the SDNP application 1335A to the communication satellite 92. ing. Communication between the satellite 92 and the terrestrial satellite antenna and the base station 92B uses a trunk line protocol 95X in which thousands of calls are mixed, which makes it difficult for a hacker to identify and intercept a specific call, and thus the client The use of multi-PHY communication in multiple bands on link 95Z ensures client hyper-secure communication.

FIG. 58 shows another example of the data packet used in the multi-PHY last link routing. In this figure, the SDNP client 1400 communicates to the router 1402A via two separate PHY connections including, by way of example, Ethernet 100 wired or fiber links 24A and 24B implementing protocols 100BASE-T and 1000BASE-T, respectively. Is done. Next, the router 1402A is connected to the SDNP gateway 1401 via the gateway link 1414. Both Ethernet packets define the source IP address 445, ie, the client device as IP C _1,1 and the SDNP gateway destination IP address 446, as IP M _0,0 . The Ethernet (registered trademark) packet A routed via the PHY realized by the wired or fiber link 24A includes the destination MAC address 182 including the MAC R and the source MAC address 183 including the MAC C _1,1 . The Ethernet packet B routed via the PHY realized by the wired or fiber link 24B includes a destination MAC address 182 including MAC R and a different source MAC address 183 including MAC C _1,2 ( This defines an alternate PHY connection).

Changing the source media address from MAC C _1,1 to MAC C _1,2 redirects Ethernet communication from a 2.6 GHz 100BASE-T connection to a 1000BASE-T connection. In operation, data packets from SDNP client device 1400 are fragmented and then distributed into SDNP Payload A and SDNP Payload B according to the SDNP algorithm and shared secret. Fragmented by SDNP payload A transmitted by Ethernet (registered trademark) packet A via wired or fiber link 24A and SDNP payload B transmitted by Ethernet (registered trademark) packet B via wired or fiber link 24B Data is transferred over the multi-PHY last link.

FIG. 59 shows another example of the data packet used in the multi-PHY last link routing. In this figure, the 802.11n protocol at 2.4 GHz and the 802.11ac protocol at 5 GHz are used as examples, respectively, from the SDNP client 1400 to the WiFi router 1402W via two separate PHY connections that include WiFi links 29A and 29B. Is communicated to. Next, the router 1402W is connected to the router 1402X via the BS link 1415, and the router 1402X is connected to the SDNP gateway 1401 via the gateway link 1414. Both WiFi packets define the source IP address 445, ie the client device as IP C _1,1 and the SDNP gateway destination IP address 446 as IP M _0,0 . The WiFi packet A routed via the PHY realized by the WiFi link 29A includes a wireless transmitter transmission source MAC address 236 including MAC C _1,1 , a wireless receiver destination MAC address 235 including MAC W, and MAC R. A containing network destination MAC 237 is included. The WiFi packet B routed via the PHY realized by the WiFi link 29B includes a wireless transmitter source MAC address 236 including MAC C ₁ and ₂ , a wireless receiver destination MAC address 235 including MAC W, and MAC R. A containing network destination MAC 237 is included.

Changing the source media address from MAC C _1,1 to MAC C _1,2 redirects the transmission from the 2.6 GHz WiFi radio to the 5 GHz transceiver. In operation, data packets from SDNP client device 1400 are fragmented and then distributed into SDNP Payload A and SDNP Payload B according to the SDNP algorithm and shared secret. Fragmented data is transferred via the multi-PHY last link by the SDNP payload A transmitted in the WiFi packet A via the WiFi link 29A and the SDNP payload B transmitted in the WiFi packet B via the WiFi link 29B. .

FIG. 60 shows still another example of the data packet used in the multi-PHY last link routing. In this figure, the example uses the 4 GHz/LTE protocol of 1.8 GHz and the 4 G/LTE protocol of 900 MHz, respectively, from the SDNP client 1400 to the cellular tower 1402Q via two separate PHY connections including the cellular links 28A and 28B. Is communicated to. Next, the router 1402Q is connected to the router 1402X via the BS link 1415, and the router 1402X is connected to the SDNP gateway 1401 via the gateway link 1414. Both cellular radio packets define the source IP address 445, ie the client device as IP C _1,1 and the destination IP address 446 of the SDNP gateway as IP M _0,0 . The cellular packet A routed via the PHY realized by the cellular link 28A includes a wireless transmitter transmission source MAC address 300A including MAC C _1,1 and a cellular tower destination MAC address 300B including MAC BS. The cellular packet B routed via the PHY implemented by the cellular link 28B includes a wireless transmitter source MAC address 300A including MAC C _1,2 and a cellular tower destination MAC address 300B including MAC BS.

Changing the source media address from MAC C _1,1 to MAC C _1,2 redirects the transmission from the 1.8 GHz 4G/LTE cellular radio to 900 MHz. In operation, data packets from SDNP client device 1400 are fragmented and then distributed into SDNP Payload A and SDNP Payload B according to the SDNP algorithm and shared secret. Fragmented data is transferred via the multi-PHY last link by the SDNP payload A transmitted by the cellular packet A via the WiFi link 28A and the SDNP payload B transmitted by the cellular packet B via the WiFi link 28B. .

As mentioned above, multi-PHY communications can also include heterogeneous media. In that case, the data packet of each connection needs to be formatted according to the Layer 2 protocol of the corresponding physical medium. For example, FIG. 61 shows hybrid last link communication including Ethernet (registered trademark) and WiFi. In this figure, 5 GHz 100BASE-T and 802.11ac, respectively, are used as an example, from an SDNP client 1400 via two separate PHY connections including Ethernet wired or fiber link 24A and WiFi link 29B. Communication is performed with the WiFi router 1402W. Next, the router 1402W is connected to the router 1402X via the BS link 1415, and the router 1402X is connected to the SDNP gateway 1401 via the gateway link 1414. Both WiFi packets define the source IP address 445, ie the client device as IP C _1,1 and the SDNP gateway destination IP address 446 as IP M _0,0 . The Ethernet (registered trademark) A routed via the PHY realized by the wired or fiber link 24A includes the source MAC address 183 including the MAC C _1,1 and the destination MAC address 182 including the MAC W. The WiFi packet B routed via the PHY realized by the WiFi link 29B includes a wireless transmitter source MAC address 236 including MAC C ₁ and ₂ , a wireless receiver destination MAC address 235 including MAC W, and MAC R. A containing network destination MAC 237 is included.

By changing the source media address from MAC C _1,1 to MAC C _1,2 , the transmission is redirected from Ethernet (registered trademark) to WiFi. In operation, data packets from SDNP client device 1400 are fragmented and then distributed into SDNP Payload A and SDNP Payload B according to the SDNP algorithm and shared secret. Fragmented data is multi-PHY last link by SDNP payload A transmitted by Ethernet (registered trademark) packet A via wired or fiber link 24A and SDNP payload B transmitted by WiFi packet B via WiFi link 29B. Be transferred through.

FIG. 62 shows a mechanism of hybrid last link communication configured by WiFi communication and cellular communication. Here, the SDNP client 1400 is connected to two different radio base stations through two different physical connections. Specifically, the WiFi link 29A is connected to the 2.4 GHz, 802.11n WiFi router 1402W, and the cellular link 28B is connected to the station 1402Q in the carrier frequency band 900 MHz, 4G/LTE. Routers 1402W and 1402Q connect to router 1402X via BS links 1415A and 1415B, respectively, and router 1402X connects to SDNP gateway 1401 via gateway link 1414. Both WiFi and 4G cellular packets define the connection source IP address 445, that is, the client device as IP C ₁ , _1, and the connection destination IP address 446 of the SDNP gateway as IP M ₀ , ₀ . The WiFi packet A routed in the physical layer via the connection forming the WiFi link 29A includes a transmitter MAC wireless connection source address 236 forming MAC C ₁ , ₁ and a MAC wireless receiver connection destination address 235 forming MAC W. , And a MAC network connection destination 237 that configures MAC R. The cellular B that is routed as a physical layer connection realized by the WiFi link 29B includes a MAC connection source address 300B that configures the MAC C ₁ and ₂ and a MAC connection destination 300B that configures the MAC BS.

Changing the destination media address from MAC C _1,1 to MAC C _1,2 redirects the transmission from the WiFi LAN to the cellular network. In operation, data packets from SDNP client device 1400 are fragmented and then assigned to SDNP payload A and SDNP payload B according to the SDNP algorithm and shared secret. The transfer of fragmented data over the multi-PHY last link is performed by SDNP payload A carried by WiFi packet A over WiFi link 29A and SDNP payload B carried by cellular packet B over cellular link 28B. To be done.

  There is also a form of using physical media for multi-PHY communication, in which case multiple channels can be supported at different frequencies and different protocols can be used for each data packet. Such an implementation can be simplified by using a DOCSIS3-based cable distribution system running SDNP software. FIG. 63 shows an OSID communication stack of the SDNP-compatible DOCSIS3 cable distribution system. This figure shows a layer 3 network covering a cable modem terminating device CMTS 101 and a cable connecting device such as a cable modem CM 103 and a set top box STB 102, in addition to a layer 1 PHY connection and a layer 2 data link. Has been done. Specifically, the cable modem termination system unit CMTS 101 and its associated stack 378 include a layer 1 PHY connected to the cloud server 22 and the Internet 20, or a video head end, an IPTV system, or a VoIP system (not shown). A network interface 361 is included. The combination of network interface 361 and data link layer 366 is included in the device interface communication stack 378 of CMTS 101. At the data link layer 2, data is passed from the network interface communication stack to the cable network interface communication stack via the transfer function 370, specifically to the link level control LLC 369. Link Level Control 802.2 LLC 369 is comprised of a non-hardware dependent protocol defined in accordance with IEEE Specification 802.2. This packet data is then modified by link security 368 to provide basic packet security. This is mainly done to prevent unauthorized viewing of content such as pay-per-view unicast broadcasts.

  Then, the layer 1 PHY cable interface 362 is connected to the corresponding layer 1 PHY cable interface 363 in the cable modem CM 103 or the set top box STB 102 via the distribution network 102 configured by either the coaxial cable 104 or the optical fiber 91. Send a data frame. The cable interface 363 represents the PHY layer of the cable network interface shown as the OSIO communication stack 379 of the cable modem CM 103 or the set top box STB 102. Upon receiving the data packet, the cable MAC interface 371 interprets the cable's MAC address and passes its payload to the link security 372 for decryption and finally to the hardware independent link layer control 802.2 LLC 373. To make it interpretable. The input data to the CM or STB cable network communication stack is then passed through the transparent bridging 374 to the CM or STB device interface communication stack (specifically the device independent link layer control 802.2 LLC according to the IEEE 802.2 specification). 375). This packet is then passed to the HSD & IPTV MAC block 376 or WiFi 802.11 MAC block 377 and the packet's MAC address is updated. For WiFi communications, the data packet is then passed from the 802.11 MAC block 377 to the WiFi PHY Layer 1 wireless interface 365 for transmission on the WiFi antenna 26. In the case of a wired connection, the data packet is passed from the HSD and IPTV MAC block 376 to the Ethernet or HDMI interface block 364 for connection to the TV 39 or desktop 36.

  The PHY and data link layers establish connections from the CMTS to any number of cable modems (CMs), as previously described. Within the CMTS communication stack 378 and within the CM communication stack 379, data packets are of the OSI layer 3 as IP datagram IPv4, IPv6 or ICMPv6 using an IP address recognized by a DNS name server on the cable network or the Internet. Prepared in layers 360A and 360B respectively. In the last mile communication, an SDNP datagram using an IPv4 or IPv6 data packet having an IP address of a connection source or a connection destination of SDNP cannot be normally used. This is because connected devices that are not enabled by SDNP software or firmware cannot interpret the routing address of SDNP datagrams.

  The operation of transport layer 4 within a cable modem network varies from device to device. In the case of the CMTS 101, the layer 4 transport layer 1420 of the OSI communication stack 378 uses UDP exclusively because its operation requires real-time communication (eg streaming video data). From this, it can be said that the cable communication 102 is more like an SDNP real-time network than the Internet. Since the cable modem has interoperability as a client (that is, end communication device) with the Internet and the cable network, the layer 4 transport layer 1420B of the OSI communication stack 379 of the CM 103 or the STB 102 uses UDP for real-time operation. TCP is used for Internet data. Such usage is not preferred for OTT carriers using VoIP over Internet. This is because the cable network interprets an IP datagram as data and automatically uses TCP and a transport protocol, which causes problems in QoS, latency, and propagation delay of real-time communication. This problem does not occur with SDNP-capable cable modems. When the CM or STB is running SDNP firmware or software, the SDNP software can guarantee when to use TCP (for software or files) and when not (ie for real-time data). Has been decided according to.

  The application layer, or OSI layer 5-7, is located above transport layer operation 1420A in CMTS 101 and above transport layer 1430B in CM 103 or STB 102. In CMTS 101, these applications typically handle communication tasks such as SNMP 1431A, an Internet standard protocol for collecting and organizing information connected devices on IP networks. Other functions include DHCPv4 1432A and DHCPv6 1433A. DHCP (Acronym for Dynamic Host Configuration Protocol) is a client that automatically provides IP hosts with the necessary routing information such as dynamically generated (non-static) IP addresses, default gateways, and subnet masks. The server is both protocol. Although specific to Internet generation (ie, IPv4 or IPv6), dynamic IP address generation features such as NAT gateways and SNMP are generic, both CMTS 101 and CM 103, or DOCSIS3 cable on STB 102. It applies equally to the system.

The application layer implementation of the secure dynamic communication network and protocol disclosed herein, when implemented as SDNP firmware 1430A running on the CMTS 101 operating system, performs any number of unique tasks including: it can.
Operates as pass-through without interpreting SDNP payload 1430. In this case, it is necessary to enable the CM 103 and open and read the SDNP payload. That is, CM 103 must be an SDNP client.
-Operates as a last mile remote SDNP gateway. That is, the content of the SDNP payload is interpreted, and the content is converted into a DOCSIS3-specific message (including link security) for transfer to the CM 103. In such cases, CM 103 does not need to run SDNP client software or firmware.
-Operates as a last mile SDNP bridge. The IP datagram is converted into an SDNP datagram, and the SDNP datagram is sent to the CM 103. In this case, CM 103 needs to run SDNP client software or firmware to connect to the SDNP bridge. That is, it is necessary to form an ad hoc SDNP "floating" network.

  As shown in the figure, in the OSI communication stack 379 of the CM 103 and the STB 102, many applications classified as OSI layers 5 to 7 including the communication related applications SNMP 1431B, DHCPv4 1432B, and DHCPv6 1433B described above are included. include. Another function, utility TFTP 1434B (Simple File Transfer Protocol), is primarily used in DOCSIS3 as a means to download software and updated versions of software from CMTS to cable modems and set top boxes throughout the cable network. In cable networks, HTTP 1435B, the Hypertext Transfer Protocol, is used primarily for displaying dynamic menus useful in smart TVs. Other applications (abbreviated as “Otr” 1436B) include a game application, a diagnosis, an IPTV application, a video recording function, and the like. The SDNP firmware 1430B running on the CM 103 or STB 102 has been enhanced to establish hyper secure last mile communication and connectivity for all users and last links regardless of whether the CMTS 101 is running SDNP software. It

  FIG. 64 shows the structure of a DOCSIS3 data packet adapted to deliver SDNP payload 1430. As shown, the PHY layer 1 includes a physical media device frame 390 of variable length and variable duration, and a data link layer 2 MAC data including a preamble 391, a variable length payload or codeword 392, and a guard time 393. Is included. The preamble 391 includes either an upstream preamble or a downstream preamble depending on the direction of communication. For the upstream preamble, preamble 391 includes physical media device PMD header 398, MAC header 399A, and data PDU 400A. In the case of the downstream preamble, the preamble 391 includes the MPEG header 401, the MAC header 399B, and the data PDU 400B. The upstream preamble data PDU 400A and the downstream preamble data PDU 400B include a MAC destination address (DA) 403B and a MAC source address (SA) 403A. The content of the variable length payload 392 may include short codewords 394 or long codewords 397.

  Short codeword 394 includes payload 395A with data A and error correction 396A with FEC A. For long codeword 397, the payload is divided into a plurality of payload blocks 395A, 395B, and 395C carrying data A, data B, and data C. Each payload includes its own error check blocks 396A, 396B, and 396C with corresponding data FEC A, FEC B, and FEC C. After error checking, the data delivered from DOCSIS3 includes data blocks 395A, 395B and 395C for long codewords and only data block 395A for short codewords. The combination of data A, data B, and data C is combined into one continuous IP datagram, one IPv6 datagram in this example. It includes an IP source address 445, an IP destination address 446, a data field 435 containing an SDNP payload 1430, and a transport header 436 containing layer 4 data. In this way, DOCSIS3 uses packet-switched data protocols to flexibly deliver data over cable networks.

  As shown in FIG. 65A, data packets are transmitted on multiple channels, or different frequencies, on a hybrid cable fiber network. In DOCSIS 3.0, the frequency range of the data channel is 5 MHz to 1002 MHz, which includes analog TV signal 1440 (triangle), QAM data 1441, and "diplexer" control channel 1443. Phase 1 of DOCSIS 3.1 extends the frequency range to 1,218 MHz and adds DOCSIS 3.1 data channel 1442 to perform OFDM modulation in the frequency band above the current channel primarily assigned to QAM. Has become easier.

OFDM is preferred over the QAM modulation scheme because it allows the channels to be closer together. Comparing the modulation schemes, the QAM frequency distribution 1445A has a wider tail of the spectrum component than the OFDM frequency distribution 1445B. Specifically, the spectrum sideband width from f ₀ to f ₋₅₀ , that is, the bandwidth from the carrier edge to the frequency at which the signal decreases by −50 dB is a 4.3 normalized frequency unit in the QAM frequency distribution 1445A, The OFDM frequency distribution 1445B has only 0.4 normalized frequency units. The narrow spectrum allows more communication channels to fit in the same spectrum, increasing overall network bandwidth and maximum aggregate data rate. In the phase 2 deployment of DOCSIS 3.1, the frequency range has been extended to 1,794 MHz. Most of the band originally assigned to the QAM data 1441 is replaced by a new channel explicitly assigned to the OFDM data 1442.

  In a DOCSIS compatible cable network, one CMTS unit can support many CMs and manage available channels. The CMTS can dynamically allocate the downstream communication and channel selection as needed, but the upstream communication can easily handle the situation in which multiple CMs try to transmit data at the same time. Tension management is required. As such, each modem must request the uplink channel from the CMTS before transmitting data. This process is shown in Figure 65B. This process is composed of a series of communication operations performed between the CMTS 101 that executes the SDNP application 1335L and the CM 103 that executes the SDNP firmware 1335M. In IP datagram routing in multi-PHY communication, IP addresses “IP CMTS” and “IP CM1” and a plurality of MAC addresses are used. For example, "MAC CM1" is used for the CM 103, and "MAC CMTS1", "MAC CMTS2", "MAC CMTS3", and "MAC CMTS4" are used for the CMTS 101. In the top diagram showing a frequency vs. time graph, CM 103 issues a request to transmit RQST 1445A on a dedicated channel.

  If no response is received, a second RQST 1445B is sent to get a response from the CMTS 101 on another channel in the form of a MAP data packet 1446. The content of the MAP data packet 1446 indicates the timing of transmission to the CM 103 and the channel that can be used for upstream communication. After receiving the MAP data packet 1446, the CM 103 sends its own upstream data flowing in parallel on the two channels of the uplink data packets 1447A and 1447B. The division of data transmitted simultaneously on the two channels shown in the middle figure is called channel bonding. Channel bonding is a means of increasing the communication bandwidth and data rate between CMTS and CM. It is also a dynamic means of ensuring that the available bandwidth does not go unused. In the figure below, CMTS 101 responds by channel bonding four channels (1448A, 1448B, 1448C, 1448D) and transmitting data in parallel and for different periods of time.

In both upstream and downstream communications over hybrid fiber cable networks, bandwidth is dynamically allocated among multiple channels and divided into small time segments called "minislots". FIG. 65C shows upstream communication from the CM 103 to the CMTS 101. Such upstream communication typically includes one message or request to send. In the illustrated example, data is transmitted at frequencies f1 and f2, which are composed of a total of five time minislots. As shown, minislots 1, 2, and 3 are transmitted on frequency f1 at K, (K+1), and (K+2) time intervals, and minislots 4 and 5 at frequency f2 at K and (K+1) time intervals. Is transmitted, and (K+2) is not transmitted. The upstream data packet 1450A, shown in summary form, includes an IP source address "IP CM1" and an IP destination address for last mile communication, namely "IP M _0, " which is a gateway node of the SDNP network hosted by server 1201A _{. 0} " is specified.

In the case of the last link communication, the upstream data packet 1450A specifies "MAC CM1" as the source MAC address of the cable modem, and also specifies the channel of frequency f ₁ as the PHY medium, in this case the MAC destination "MAC CMTS1". To do. A data packet 1450A containing SDNP payload A occupies a total of three minislots, namely minislots 1, 2, and 3, even though they collectively carry one data packet and payload. However, one data packet and payload are transmitted in all of these three minislots. In contrast, minislot 4 and minislot 5 each contain only one data packet. That is, the data SDNP payload B and SDNP payload C corresponding to 1450B and 1450C are included. Similar to data packet 1450A, both packets 1450B and 1450C specify the destination IP address of the SDNP cloud, specifically the SDNP gateway node M _0,0 .

However, regarding the MAC destination address, instead of designating the same MAC address and physical medium as the first packet, both packets 1450B and 1450C designate the MAC destination address "MAC CMTS2". Using this address can be specified to transmit the data packet 1450B and 1450C with the data packet 1450A at different frequencies (the frequency _{f 2} without the frequency _{f 1} in this case). The actual values of these frequencies are dynamically mapped by CMTS 101 and are not specifically specified. Therefore, the DOCSIS3 compliant system is a multi-PHY solution that allows a single CMTS unit to simultaneously communicate with cable modems or set-top boxes using multiple protocols such as 256 QAM and OFDM.

  The disclosed secure dynamic communication of last mile communication rather than allowing the CM and CMTS to determine which data packets use a common carrier channel or frequency, as in the general case of DOCSIS3 systems. According to the network and protocol, the SDNP client CM 103 specifies different MAC destination addresses to force communication on multiple frequencies and channels (that is, multi-PHY operation). Since the CM 103 data packets 1450A and 1450B/C specify different destination MAC addresses, ie, MAC CMTS1 and MAC CMTS2, respectively, these data packets automatically trigger the multi-PHY operation over the last link. To do. As an alternative, if the CMTS takes another easy way of requesting unique channel assignments (eg, using commands and control requests), then instead of using the MAC address to invoke multi-PHY communication, this Alternatives can be used.

FIG. 65D shows a downstream data flow diagram from CMYS 101 to CM 103, and how to use bonding to achieve a high data rate in multi-PHY downstream communication. As shown in the figure, all data packets specify the source IP address of "IP CMTS", the destination IP address of "IP CM1", and the MAC destination address of "MAC CM1". The multi-PHY communication is controlled by specifying the MAC source address of the CMTS 101. As illustrated, the data packet 1450G including the SDNP payload G specifies the MAC source address “MAC CMTS6” corresponding to the communication at the frequency f ₆ for transmitting data in the minislots 15 and 16. Data packets 1450H includes SDNP payload H, designates "MAC CMTS7" MAC source address corresponding to the communication frequency _{f 7} for transmitting data minislots 17 and 20. The data packet 1450I including the SDNP payload I specifies the MAC source address “MAC CMTS8” corresponding to the communication at the frequency f ₈ for transmitting data in the minislots 21, 22, and 23. Finally, the data packet 1450J including SDNP payload J, specifies a MAC source address corresponding to the communication "MAC CMTS9" at the frequency _{f 9} for transmitting data minislots numbers 24 and 25. In this way, data packets that are not related to related data packets can be sent in parallel from CMTS 101 to CM 103 using the multi-PHY method without channel contention or data collision with simultaneous upstream data. Can be sent.

  Hyper secure call routing

Hypersecure call routing made in accordance with the secure dynamic communication networks and protocols disclosed herein can be performed using any of three methods for command and control.
-Tri-channel communication. Call or communication routing involves three sets of servers: SDNP media server for transmission of voice, video, or data files, SDNP signaling server for selecting call routing, and working with telephone numbers and corresponding SDNP addresses. Controlled by the SDNP name server for storing the dynamic mapping.
-Dual channel communication. Call or communication routing is done by two sets of servers, an SDNP media server for the transmission of voice, video, or data files, and an SDNP name server that routes calls and maps telephone numbers to corresponding SDNP addresses. Controlled by.
-Single channel communication. Data transport, route planning, and SDNP address map are all performed by a single set of servers.

  Generally, in tri-channel communication, one server set does not include all the information related to a call, and thus resistance to a cyber attack is improved. However, in any case, the SDNP network uses distributed processing to limit the information stored on a particular server. Moreover, during data transfer by single, dual or tri-channel communication, the SDNP media server connects to a fourth type of server, the DMZ server. The DMZ server is used for storing the SDNP shared secret necessary for processing the SDNP data payload such as scrambling, dividing, mixing, inserting/deleting junk data, and encryption. In operation, incoming data packets received by the media server are sent to the DMZ server, where the data packets are modified before being returned to the media server. The media server is unaware of how the data packet is modified and the logic and algorithms used to process the data. The executable code and tables stored on the DMZ server are encrypted so that the code cannot be analyzed. Also, the DMZ server operates offline without connecting to the network or the Internet.

  The following figure shows an example of an implementation of tri-channel SDNP communication and the sequence used to initiate a call or send a file over the network. The operation of dual-channel communication can be seen as a slight modification of tri-channel communication, with SDNP name server functionality built into the signaling server. Single-channel communication consists of integrating all three operations into a network of multifunctional servers that act as SDNP communication nodes.

  Fragmented data transfer in the SDNP cloud is typically performed using dynamic mesh routing, but there are few routing options available for last mile communication. Specifically, consecutive data packets are (i) routed to a single SDNP gateway (ie, single route last mile communication) or (ii) routed to multiple SDNP gateways (multi-route). Last mile communication), either. Other last mile routing options include dynamic source addressing and multi-PHY last link connections. These delivery options are specified in IP data packets generated at the signaling server. Despite the fact that these SDNP data packets specify the source and destination IP and MAC addresses, it is not possible to know the exact path that a particular data packet will take in last mile communication. . Instead, the intermediate path is determined by the operation of routers and devices owned by the local network operator, mobile network operator, and last mile service network service provider rather than the SDNP signaling server. Thus, last mile communication is similar to a skipping rope with fixed ends but a myriad of uniquely shaped paths between them.

  More specifically, the terms single route, multiple route, and mesh route communication refer to the path of media packets. In other words, it means the route in which the "content" of the path travels between the callers. On the other hand, tri-channel, dual-channel, and single-channel communication refer to the command and control system used to manage the transmission of SDNP nodes over the network. Given the foregoing, the following series of figures illustrates a series of steps or "processes" used in making a call or initiating a communication in accordance with the secure dynamic communication networks and protocols of the present disclosure. .

FIG. 66 is an abstract representation of a single-route last-mile network for tri-channel communication consisting of SDNP client 1600, IP routers 1602A, 1602B, and 1602C, signaling server 1603A, SDNP name server 1604A, and SDNP gateway 1601. is there. These computer servers are, as shown in the figure, network node names composed of SDNP client C _1,1 , router R, SDNP signaling server node S, SDNP name server node NS, and SDNP gateway node M _0,0. And an SDNP communication node used to facilitate network communication by IP address. Network connection 1610 facilitates the last link between client C _1,1 and its closest router 1602A, and network connection 1611 facilitates the gateway link between SDNP gateway M _0,0 and its closest router 1602B. , Network connection 1612 facilitates a gateway link between SDNP signaling server 1603A and its closest router 1602C, and network connection 1616 interconnects topologically adjacent routers 1602A and 1602C. Since the IP address of the router is not used as a source address or a destination address in the IP datagram, “R” is used as a notation indicating that the router is a router for all layer 3 routers. In the description of layer 1 and layer 2, each router is given a unique ID, but this is not closely related to the description of call routing in layer 3 of the IP network. The SDNP signaling server 1603A (node S) connects to the SDNP name server 1604A (node NS) via a network connection 1613 and also connects to the SDNP cloud node M _0,n via a plurality of network connections 1614. Signaling server 1603A also connects to other signaling servers (not shown) via network connection 1615.

Making a call using the SDNP network (i.e. establishing a "session") is performing the following sequence of steps beginning with the call made by the SDNP client.
1. SDNP call (or callout) request 2. SDNP address request 3. SDNP address distribution 4. SDNP routing instruction 5. Initiating SDNP call (or callout)

The first step "call request" is as shown in FIG. Here, the originator, ie, the client 1600 at address “IP C _1,1 ”, uses IP datagram 1620 to access signaling server 1603 A at address “IPS” via paths 1610, 1616, and 1612. The datagram command and control payload 621 includes a Layer 4 data transport that uses TCP to ensure data accuracy, delivery, urgency, security credential information, and the callee or "recipient". A number of call parameters are specified, including contact information for. When calling another SDNP client (ie, "SDNP call"), this contact information includes the confidential ID (CID) of the client being called and the data present in the client's SDNP phonebook. In the case of "callout" (call to a party who is not an SDNP client), the contact information includes a telephone number. The SDNP client's CID is essentially anonymous and is known only to the SDNP name server, but the phone number is not spoofed. To protect the called party's privacy, the phone number in the C&C payload is encrypted. As an alternative, the entire C&C payload 1621 can be encrypted. The C&C payload 1621 may be in a ciphertext format, but the IP address of the IP datagram 1620 cannot be encrypted. This is because the routers 1602A and 1602C cannot route the datagram when encrypted.

  The second step, "SDNP address request", is shown in FIG. Here, the SDNP signaling server with address “IPS” connects to the SDNP name server with address “IP NS” via path 1613 of IP datagram 1622. The command and control payload of the datagram defines the Layer 4 data transport as TCP and contains the CID or encrypted telephone number of the callee (recipient). In the case of an SDNP call, the name server 1604A translates the CID into the SDNP address of the called client. In the case of callout, the name server 1604A decrypts the telephone number of the recipient and then translates it into the SDNP address of the SDNP gateway closest to the recipient's location. As shown in FIG. 69, the name server 1604A thereafter passes the SDNP address of the client or gateway in the IP datagram 1623 from the source address “IP NS” to the signaling server 1603A having the address “IPS”.

  The signaling server 1603A utilizes the SDNP addresses of the originator and the recipient to route the call as a hypersecure connection if the recipient is an SDNP client, or to the nearest SDNP gateway if the recipient is not an SDNP client. FIG. 70 illustrates the process of preparing routing instructions and delivering them to all media nodes needed to establish the caller's connection. As shown, the delivery of the C&C payload 1621A and the caller's delivery request contained in the Urgency field is for selecting the datagram delivery method, as shown in operation 1650, after the verification of the account information is completed. Used for. Delivery methods typically include VIP, guaranteed, or special categories that affect the routing of packets or subpackets (when packets are fragmented or fragmented). For example, in VIP distribution, the fastest route is used for data transfer, but the reading of the same route by other clients is minimized. In guaranteed transmission, duplicate data packet fragments are sent across the network (that is, with redundancy) to ensure the timely delivery of the fastest packets and ignore late packets. In combination with SDNP address data obtained from C&C payload 1623A, operation 1651 maps the best route from the originator to the recipient's SDNP address, or to the gateway closest to the recipient if the recipient is not an SDNP client. To do. The urgency request data included in the C&C payload 1621A is a package urgency operation 1652 based on a slow delivery (no need to rush), a normal delivery, a priority delivery, an urgent delivery, or the like in order of decreasing propagation delay. Used to select.

The urgency request information is then used in operation 1653 for routing selection and sub-packet routing zone selection. These parameters combine routing commands and control packets through operation 1660, along with any applicable security credential information 1621B. These C&C data packets are delivered to the participating nodes in the last mile using TCP specified layer 4 transport, but when used for delivery of real-time data, UDP is used as the layer 4 transport protocol. Routing information to be included. For example, the last mile routing created according to Zone U1 security credential information is generated as an IP datagram 1625 containing a C&C payload 1626 used to route data from client node C _1,1 to SDNP gateway node M _0,0 . To be done. The IP datagram 1625 is delivered to the SDNP client using TCP data transport, but the C&C payload 1626 titled "Last mile routing U1" contains the data used to route the packet in real time. As such, it is necessary to use UDP as the layer 4 transport mechanism. The SDNP C&C packet composition operation 1660 also generates a number of other C&C messages that are delivered as TCP data packets to the nodes in the SDNP cloud. An example of a cloud command data packet is an IP datagram 1627A that includes a C&C payload 1628A used to route data from SDNP M _0,0 to SDNP M _0,1 . As shown in FIG. 71, these SDNP routing indication packets are sent via serial connections 1612, 1616, 1610 to the media nodes including client node C _{1,1 and} to SDNP gateway node M _0,0 and also Delivered to other nodes in the SDNP cloud via connection 1614.

The initiation of the call is shown in FIG. In this figure, a media SDNP datagram 1630 containing SDNP data (sound, video, text, etc.) is added to an IP header containing C&C data packets 1626, from IP C _1,1 to IP M _0,0 , and SDNP. The client 1600 is routed to the routers 1602A and 1602B via the last link network connection 1601 and finally reaches the SDNP gateway 1601 via the gateway link 1611. The identification tag, security zone, preamble, and SDNP data fields are combined to form the payload of the SDNP media packet contained in the media SDNP datagram 1630.

Aforementioned SDNP call, i.e. from SDNP gateway _{M 0,0,} routing hyper secure call to SDNP client _{C 7, 1} including mobile phones 32 to execute the SDNP app 1335a, illustrated in simplified network diagram of FIG. 73A . SDNP datagram 1631A, which includes media SDNP payload A and header 1628A, is routed between the media nodes at SDNP addresses M _0,0 and M _0,1 . However, the SDNP gateway 1601 has two addresses, that is, an IP address “IP M _0,0 ” for last mile communication and an SDNP address “SDNP M _0,0 ” for communication in the SDNP cloud. Since the content of each SDNP datagram changes as the packet passes through the SDNP cloud, it is clear that the content such as sound, video and text contained in SDNP media payloads A, B and C are not the same, It may include content from 20 different conversations or communiqués. The mechanism of data routing and packet security within the SDNP cloud is disclosed in the above-referenced US patent application Ser. No. 14/803,869 entitled “Secure Dynamic Communication Network and Protocol”. It describes a mechanism in which the content and encryption of data packets that move anonymously in the SDNP cloud change dynamically and continuously, and eventually converge to the device of the client.

Thereby, the SDNP datagram 1631B including the media SDNP payload B and the header 1628B is routed between the media nodes with IP addresses IP _0,4 and M _0,f . Data exiting the SDNP cloud via SDNP gateway 1601B is converted from SDNP datagrams to IP datagrams 1632. IP datagram 1632, which includes header 1628C and SDNP media payload C, uses the security credential information for zone U2, which constitutes the last mile. The IP datagram 1632 is then routed over the last mile through the wired or fiber link 24 to the network router 27, and then over the cellular network 25 and the cellular link 28 to the mobile phone 32. Since the mobile phone 32 is an SDNP client, the communication via the last mile is maintained in the hyper secure state. In this simplified example, all data packets arriving from the cloud to the last mile are routed from a single SDNP gateway 1601B. In practice, multiple SDNP gateways can be used for last mile data routing.

The last mile communication in "call out" is shown in FIG. 73B. Routing through the SDNP cloud uses the same SDNP datagrams 1631A and 1631B that are used to call SDNP clients, but the SDNP gateway 1601B is the last server running the SDNP software. Therefore, last mile communication at callout uses IP datagrams that include non-SDNP payloads. That is, the IP datagram 1635 is routed from the gateway IP M _0,0 to the PSTN having the IP address IP C _7,9 , and voice is transmitted in the VoIP format. The PSTN uses the phone number and the analog sound in the sound packet 1636 to convert the VoIP call format to the traditional phone call format. In such cases, Last Mile does not constitute hypersecure communication.

In the multi-route last mile communication shown in FIG. 74, the command and control data packet distributed by the SDNP signaling server 1603A includes a C&C data packet 1625X and a data link 1614X which are transmitted to the client 1600 via the data links 1612 and 1610. C&C data packet 1627X sent to SDNP gateway 1601X via SDNP gateway 1601Y and C&C data packet 1627Y sent to SDNP gateway 1601Y on data link 1614Y. Other C&C data packets (not shown) are sent via data link 1614X to other servers hosting the media nodes. The C&C data packet 1625X is transmitted from the address “IPS” to the address “IP C _1,1 ”, which contains the C&C payload making up the last mile routing U1. The last mile routing U1 contains two different routing instructions. One is an instruction from "IP C _1,1 " to "IP M _0,0 " including tag 1 and preamble 1, and the other is an instruction from tag 2 and preamble 2 "IP C _1,1 " to "IP M ₀ ". _{, 1} ” are included. As shown in the example, the C&C data packet transmitted to the communication node in the SDNP cloud includes a data packet transmitted from “IP S” to “IP M _{0, 0} ” including the instruction of the instruction SDNP cloud routing 1. And a data packet to be transmitted to “IP M _0,1 ” including the instruction of SDNP cloud routing 2.

  SDNP group call

For last mile media packet routing from the SDNP client 1600 to multiple SDNP gateways, shown in FIG. 1630Y is included. The data header 1626X including the tag 1 and the preamble 1 is routed from the address "IP C _1,1 " to the address "IP M _0,0 ", and the data header 1626Y including the tag 2 and the preamble 2 is the address "IP C _1,1 ". ] To the address “IP M _0,1 ”.

75B, the header 1626U, the tag 8, the preamble 8, the SDNP data U, the source address SDNP gateway address M ₀ , ₀ , and the data flowing in the reverse direction from the SDNP cloud to the client by the multi-route communication are A data packet 1630U including the destination address "IP C _0,0 " is included. At the same time, this data also includes a data packet 1630V including a header 1626V, a tag 9, a preamble 9, an SDNP data V, a destination address SDNP gateway address M ₀ , ₁ and a destination address “IP C _{0, 0} ”. The SDNP application program running on the SDNP client 1600 then combines the incoming data packets SDNP data U, SDNP data ∨, and so on to recreate the message text and voice.

  Routing-directed C&C data packet delivery can be extended to initiate three-way or group calls, group messaging, and other multi-client communications. In such group communiqués or "conference calls," client messages are sent to multiple recipients simultaneously. This group feature is called by a caller requesting a group call and first defines a group of clients to connect to, followed by a signaling server to route the data packets associated with each group call. Tells the required media node how to proceed. An example of a group call routing instruction is shown in FIG. Here, the signaling server 1603P sends a routing instruction to the SDNP client 1600A via the data link 1614A and to a number of media servers 1600Z in the SDNP cloud via the data link 1614Z.

Therefore, the TCP data packet 1627A including the last mile routing U1 is delivered from the signaling server 1603P having the address "IP S1" to the SDNP client having the address "IP C _1,1 " to "set up" the group call with the caller. . The C&C data packet represented by the exemplary TCP data packet 1627Z is simultaneously sent across the SDNP cloud in zone Z1 via a data link 1614Z from the signaling server address "IP S1" to various destination addresses "IP M _0,y ". Is distributed (where y represents an integer variable). Overall, the SDNP cloud routing instructions establish packet routing from the originator's gateway across the SDNP cloud to two or more other SDNP gateways closest to the SDNP client being called.

As shown in the example, other SDNP clients may be located in different geographical areas and may be in separate security zones, such as zones U7 and U9. In some cases, these clients may be sufficiently far away from the signaling server 1603P that another signaling server 1603Q can be used to plan packet routing for these SDNP clients. The signaling server 1603Q communicates the routing instruction of the zone U9 to the SDNP client 1600M via the data link 1614M and to the SDNP client 1600L via the data link 1614L. For example, C & C data packets 1625M transmits the last mile routing instructions U9 to SDNP client 1600M of the "IP S4" that address "IP _{C 9,1"} from the signaling server. Another C&C data packet (not shown) is similarly sent to the SDNP client at address "IP C _9,4 ". Data packets 1627H include instructions last mile route U7 via the data link 1614H, are transmitted from the signaling server 1603Q of "IP S4" to the client 1600H address "IP _{C 7, 1".}

  The signaling servers 1603P and 1603Q of the nodes S1 and S4 also exchange information as C&C data packets via the data link 1613Z. This information is used to establish which part of the routing is performed by signaling server 1603P and which part is performed by signaling server 1603Q, splitting the routing task into multiple signaling servers. In the example, signaling server node S1 manages last mile routing of zone U1 and SDNP cloud and signaling server node S4 manages last mile communication in zones U7 and U9.

Data routing during a call or communique is shown in Figure 77A. Here, the voice sent by SDNP data 1 of data packet 1630A is routed by header 1626A to the closest SDNP gateway media node M _0,0 from the originator of IP address “IP C _1,1 ”. This data packet is repacketized for SDNP cloud transport and sent to the gateway media nodes M _0,4 and M _0,8 . The path taken by the packet routing in the SDNP cloud is unknown to the participants of the conference call, cannot be controlled centrally, and changes dynamically according to the state of the network. In this example, all SDNP data packets in the SDNP cloud are fragmented using techniques such as anonymous addressing and dynamic encryption, as well as dynamic scrambling, mixing, splitting by inserting and deleting junk data. Utilizes mesh data transmission. As shown in the example, the cloud transport directs the incoming communication of the SDNP gateway node M _0,0 to other gateways (in this example, the SDNP gateway nodes M _0,4 and M _0,8 ).

The data packet 1630H carrying the caller's voice, ie SDNP data 1, exits the gateway node M _0,4 and uses the header 1626H, using the zone U7 security credential information, for the media of “IP M _0,4 ”. It is routed to the client 1600H of "IP _{C 7, 1} 'from the node. The header 1626H is added to the client 1600A in the C&C data packet 1627A before preparing the media data packet, as described in FIG. In this way, all media packets transmitting real-time data can be prepared without delay when the content is ready for data transmission. Timely routing of dynamic data is essential to achieve good QoS in real-time networks. Failure to do this can result in unacceptably long propagation delays.

When routed through the SDNP cloud, the SDNP data 1 payload is delivered to the conference call participants in zone U9 (ie SDNP clients 1600M and 1600L), ie from the gateway media node M _0,8 to the client IP address “IP C _9,1 ”. And “IP C _9,4 ”. These last mile data packets 1630M and 1630L carry identification packet tags, headers 1626M and 1626L designating tag8 and tag9, SDNP embedding instructions, keys, seeds, etc. used to recognize content associated with the same conversation. 9 includes preamble 9 information used for the H.264 and "L4" data fields used for requesting UDP for the layer 4 transport. The data routing instructions sent from the signaling server use the TCP transport protocol to guarantee its accuracy, but since the media packet content is real-time data, it uses the more suitable UDP layer 4 protocol instead of TCP.

FIG. 77B shows the same conversation. Here, the content is generated from the client 1600H in the zone U7. That is, the client C _7,1 starts a conversation. To compare this data with the audio content from client C _1,1 , the payload is identified as “SDNP data 5” in every data packet. Apart from the unique payload, the only change from the previous figure is that the source and destination IP addresses of the last mile of data packets 1630H and 1630A are reversed. Specifically, in the case of SDNP user zone U7, the source IP address of the data packet 1630H is changed to the IP _{C 7, 1,} the destination is in a SDNP gateway address IP _{M 0, 4.} For zone U1, the source IP address of data packet 1630A is changed to IP C _1,1 and its destination is changed to SDNP gateway address IP M _0,0 . Speaks at the same time a plurality of conference call participants, data packets from SDNP client node _{C 1, 1} to be sent to other call participants including the client node _{C 7, 1} is, the client node _{C 7, 1} It must be assumed that they may occur at the same time and may respond to the client nodes C _1,1 .

In network level 3 of last mile communication, data collision of traffic in the opposite direction does not occur. However, in the physical link layer and the data link layer 1 and 2, by using time multiplexing for the last mile communication, it is possible to avoid contention of the same communication link. However, this arbitration is so fast that the communication looks like full-duplex communication without delay of voice packets. 77A and 77B, the direction of the data flow of the client in zone U9 (data flow from cloud to client) is not changed. However, in FIG. 77C, the zone U9 client node C9, 1 starts a conversation. In this case, the client node _C 9, _{4, C 1, 1,} and _{C 7, 1} are all voice, that is the recipient of SDNP voice data 6.

In the alternative embodiment shown in FIG. 78, group calls can be a mixture of SDNP calls to SDNP clients and "callout" calls to regular phone numbers. Similar to the call or communiqué shown in FIG. 77A, the voice sent by the SDNP data 1 of the data packet 1630A is most likely to include the media node M _0,0 from the sender of the IP address “IP C _1,1 ”by the header 1626A. Routed to nearby SDNP gateway. This data packet is repacketized for SDNP cloud transport and sent to the gateway media nodes M _0,4 and M _0,8 .

As shown in the example, the cloud transport directs the incoming communication of the SDNP gateway node M _0,0 to other gateways (in this example, the SDNP gateway nodes M _0,4 and M _0,8 ). The data packet 1630H, or SDNP data 1, carrying the caller's voice exits the gateway node M _0,4 and uses the header 1626H, using the zone U7 security credential information, for the media of “IP M _0,4 ”. It is routed to the client 1600H of "IP _{C 7, 1} 'from the node. The SDNP data 1 payload is also delivered to the conference call participants via the gateway media node M _0,8 . The last mile communication from this SDNP gateway is composed of two types of connections. Specifically, a hyper-secure connection to the SDNP client 1600M and a non-secure "callout" connection to PSTN 1 including conventional telephone systems that do not use VoIP or packet protocols. Address "IP _{C 9,1"} The zone U9 SDNP last mile data packet 1630M and U9 are sent to the client, the header 1626M that specifies the packet identifier tag tag9 used for recognition of the content associated with the same conversation, SDNP It includes preamble 9 information used to convey embedding instructions, keys, seeds, etc., and an "L4" data field used to request UDP for layer 4 transport.

The gateway node M _0,8 also sends an IP packet 1635 to PSTN 1 at address IP C _7,9 . In this case, rather than sending a payload containing SDNP data 1, the IP payload has been converted to a VoIP sound package and can be intercepted by packet sniffing. The telephone switching system PSTN 1 then presents this unprotected IP packet to the telephone 37 indicated by the POTS data 1636 (including the called telephone number followed by the continuous analog line connection between the telephone 37 and PSTN 1). Convert to an analog POTS phone connection to. Since this connection and other callout connections are not hypersecure, the content sent by the callout last link is at risk of hacking, eavesdropping, and other surveillance techniques. Unless a hierarchical structure defining client access privileges is implemented, the security of the entire call can be compromised by the weakest link, for example, all participants in a group call can hear everything.

This point is illustrated in the table of FIG. 79A. Here, the group call consists of hyper-secure participants on the SDNP network client nodes C ₁ , ₁ , C ₇ , ₁ , C _9,1 , and C _9,4 with telephone numbers “Ph#1” and “Ph. #2” participants. As indicated by FIG, SDNP client _{C 1, 1} is a host group, SDNP client _C 7, _{1, C 9,1} is participant (i.e., those participants utterances other participants The SDNP client C _9,4 is a "listener" (he can hear and even speak by himself) (he can hear but he cannot speak, ie the voice is not heard by the participants). The participant with callout phone number "Ph#1" is also a participant who can hear and speak, while the sender with "Ph#2" is allowed only as a callout "listener" and speaks in a group call. I can't. The group host defines these listening and speaking privileges, or user authentication, at call setup.

  Double-check the table in the column titled "Normal Calls" and note that everyone in the group call, the caller authorized by the host, can hear the call. Callers attempting to hack into the call or who are not authorized by the host cannot connect to the call, force join the call, and confirm that the call is occurring. It cannot be determined. The same method applies to group chats. Participants in a group chat can read and write messages, while view-only members can only read comments and cannot insert their own text in the chat.

With the authentication and ID confirmation for controlling network access made according to the present disclosure, the SDNP system realizes a privacy function that cannot be used in the conventional group chat and group call. This function is invoked by selecting private mode. For example, click the lock or other privacy icon before texting or speaking. In such a case, the communication is sent only to authenticated SDNP clients, and not to SDNP clients whose identities have not yet been verified by authentication. In addition, it is not sent to callout listeners or participants on unsafe devices. This point is clearly shown in the above table. For private calls in the "Unauthenticated SDNP Clients" column, all group call clients have both microphones and speakers muted. On the other hand, in the "authentication SDNP client" column, all of the SDNP clients can listen to, participant _{C 1,1, C 7,1,} and _{C 9,1} can also speak in addition to listen. However, all callout devices have both the microphone and speaker muted, so only authorized SDNP clients can listen and comment in private mode. In this way, group calls with multiple SDNP clients whose identities are assured or group calls with a callout connection to an unknown party can be made to the public part of the call without exposing confidential information to the callout device. Can participate in each other. To exclude "callout" callers from private discussions, all you have to do is have SDNP participants click on the private icon before you speak or send text. When the private discussion is over, the callout caller is reconnected by returning the private button. While the callout caller is disconnected (that is, basically "on hold"), the SDNP system plays or mutes waiting music, white noise (such as sea or rain sounds). ) Can be played.

  Group chat text messages can be managed in the same way. In a normal group chat, all text messages are sent to the SDNP app on the SDNP client device and SMS text messages are sent to all call chat members. Text messages can only be sent by participants. Text messages sent from "listener" or "read only" chat members are ignored and are not forwarded to the chat group. If the participant clicks the lock or privacy icon before sending the message, the message is sent only to the SDNP client and not to the callout client. For SDNP clients receiving private messages, once their identities have been authenticated, the messages are displayed for reading. Unless the client's identity is authenticated, the message can be blurry, covered, hidden, or displayed with a lock icon. If the client goes through the authentication procedure and the identity is confirmed, it is displayed normally.

  Combined with identity authentication and privacy privileges regulated by SDNP network system authentication, you can no longer open private text or sniff private calls in group chats or group calls by simply hacking the device .. This feature cannot be guaranteed by relying solely on device security parameters, which are potentially hackable information locally. The barriers to hacking system parameters are very high because fake security and identity credentials do not match system logs and are rejected as invalid SDNP clients.

Privacy when executing group calls and group chats can be further enhanced. This unique embodiment of the Hyper Secure Last Mile in the table of Figure 79B is referred to herein as Hyper Private Call or Hyper Private Chat. To use hyperprivacy, the originator or message must comply with four criteria.
• All recipients of a group call communiqué must be SDNP clients, not callout devices.
-Calls or texts, regardless of whether they are calls, texts or images, must be pre-selected as hyper-private communiqués.
• Recipients of a group call or group chat communiqué must authenticate the connection and verify their identities.
• The recipient of the Hyper Private Communiqué must be pre-selected as a "private" participant or private listener.

The first three criteria are basically the same as the private party example in the group call above, but the fourth criteria, a hyperprivate call or a caller who is eligible to receive text, as a "private" SDNP client. The requirements for reading are great, further strengthening access to sensitive information. For example, as shown in Table, SDNP participant client _{C 1,1} and _{C 7,1,} and SDNP listener client _{C 9,4} all of which are designated as "private" party of the group call. On the other hand, SDNP client C _9,1 is designated only as a participant, not specified as a private participant. By definition, call participants or listeners cannot register as private parties.

As in the previous example, during normal call, all of the participants, in other words SDNP client _{C 1,1, C 7,1,} and _{C 9,1,} and call out participants Ph # 1 is, listen to all conversations You can read all text messages, and also speak and send text messages at any time. On the other hand, a "listener" including clients C _9,3 and Ph#2 can listen to all conversations and read texts, but cannot speak in group calls or chats or send messages. .. However, for hyper-private calls, selecting the switch or icon to specify the hyper-private communiqué automatically blocks all unauthenticated parties in a group call or chat, as well as all parties except the "private" party. Becomes invalid. Furthermore, all callout connections and unauthenticated users are also disabled. Thus, during operation, if a private participant selects the privacy icon, only private participants (including private group hosts) can view, view, talk to, and send text to the group. All other participants' microphones and speakers are muted, and similarly text or attachments cannot be sent to or received from the group. Specifically, in the hyper-private mode, if authenticated, only the clients C _{1, 1} and C _{7, 1} can both listen and _speak and read and write text, while the private client C _{9, 4} can only listen to conversations or read group text.

  The Last Mile Routing Control feature described above allows you to manage group calls and group chats in various ways. For example, a group call host can decide who can join a call or group, who can talk and send text, and who can only listen and read. For standard private calls, selecting private mode allows all SDNP clients (once authenticated) to join the communiqué with the same privileges as during standard non-private group communication. In hyper-private mode, only SNDP clients defined as private participants and private listeners can communicate during hyper-private mode operation.

  The choice of who is qualified as a part of the hyperprivate communique, ie as a private participant or listener, and who is not, can be set in several ways. In ad hoc hyper-private group communications, the group host determines the originator and non-originator of a private call. In SDNP "system-defined" hyper-private group communications, the SDNP network operator predetermines the originator and non-originator of a private call. In rule-based hyper-private group communication, the SDNP network defines rules that determine who is eligible to become a private caller and who is not. These rules may be based on a company's employment list. For example, more than the vice president can join a hyper private call. In governments and security organizations, standards may be set by US security clearances, passport numbers, police badge numbers, etc. The SDNP-enabled last mile communication method defined in this disclosure may support any of these illustrated scenarios, or may use other criteria to divide the population into two groups, thereby providing hyper-private. You can set which groups have access to the communiqué and which do not.

  Although this concept can be extended to multiple groups, hierarchical access criteria are generally more suitable for dispatcher-based professional communication systems than telephony. The application of the SDNP technique to professional communications is therefore not mentioned in this application.

One of the challenges of group calls is that everyone tries to talk at the same time. Overlapping conversations can be confusing, difficult to hear, and cause unnecessary stagnation. This problem can be solved by using a push-to-talk function (function that emulates a transceiver or CB radio). Push-to-talk or PTT operations allow only one participant to speak at a time. If a participant wants to speak, pressing the switch mutes everything else on the network microphone and puts all other participants in the group call in listen-only mode. As shown in the table in Figure 80A, in a normal PTT conversation, when the host presses the PTT button (see the "Host PTT" column), the caller gets priority over the group call and presses the talk button. Will be prioritized over all other callers, including. All other callers, including callout phone connections, automatically mute the microphone and go into listener-only mode. If the host does not press the PPT button, PTT functionality is handed over to other SDNP participants on a first-come, first-served basis, as shown in the column labeled "Other PTT." An SDNP node (C _9,4 , Ph#1, etc.) designated as a listener or a callout device can listen to the PTT conversation, but its microphone is muted during the entire group call.

  The PTT function can be extended to a private push-to-talk function by using the SDNP last mile function, which identifies the caller whose identity has been authenticated to the network. When the privacy feature or privacy icon is selected, all unauthenticated participants are excluded from the group call and their speakers and microphone are muted. The callout connection is inherently unauthenticateable and is therefore muted as well. Since the mute is bi-directional, the excluded participant will not be able to hear the conversation and the microphone will be disconnected. For authenticated participants, the operation has the same priority as a regular PTT. That is, the host can speak preferentially, or otherwise authenticated participants can call the PTT call feature on a first-come, first-served basis.

The table in FIG. 80B illustrates the concept of Hyper Private Group Call that can be extended to PTT functionality. In normal operation, the PTT function is the same as in the previous case. However, in hyper-private mode, only authenticated parties previously designated as private participants or private listeners can participate in hyper-private conversations. For example, in a hyper-private mode, SDNP client C _9,1 and C _9,5 is, because they have not been previously registered as a private participant or listener, also, can not even be heard to speak. Similarly, all callout connected devices are muted during hyperprivate mode operation. In this way, access to various parties of the PTT group call can be explicitly controlled. Mute is the process of excluding some participants (such as callout listeners) from receiving data packets that carry the voice of a conversation while continuing to supply data packets to unmuted participants. In the method of the present disclosure, data packets are sent individually to all participants in a normal conversation and only to a subset of the list when mute is enabled by the user of the client.

  In another embodiment of the invention, the data packet is sent in broadcast mode to all participants in the group call, but using different encryption methods. In a normal conference call, data packets are sent to all users using an encryption scheme in which every participant has a copy of the decryption key. In private or mute modes, data packets broadcast to users utilize different encryption, and only selected users share the decryption key. Participants with this decryption key can join the conference call, and participants without this key cannot join. The advantage of using broadcast packets is that less bandwidth is required for last mile communication compared to sending individual packet requests. In yet another embodiment, a packet is sent to the gateway, which is replicated by the signaling server to deliver to all participants in normal call mode and select caller in private or mute mode.

  Hyper secure file storage

  "Secure dynamic communication network and protocol" was invented and developed as a hyper-secure communication system for telephony and real-time data transfer, and the hyper-secure file is created by the security mechanism inherent in the SDNP network and protocol. It is also ideal for data storage. Simply put, in a hyper-secure call, when one sender sends scrambled and encrypted data to another as anonymous fragmented data, in other words, from one SDNP client to another. When the end-to-end communication to the SDNP client is performed, the hyper secure file and the data storage are such that the data transmission is stopped in the middle and the data is stored in the buffer indefinitely until it is recalled. Can be thought of as communication. Hyper-secure distributed file storage is also referred to as non-aggregated data storage.

  This simplified explanation that this storage is a communication that stops in the middle of packet delivery is a technically more accurate representation than when it first appeared. In the above-referenced U.S. patent application Ser. No. 14/803,869, explicit buffering of temporary data packets until the arrival of other packets was explicitly described and their operation described. Buffering within the nodes of the SDNP cloud is done on a millisecond basis rather than a monthly basis, and the SDNP system has the ability to wait or hold data without losing information and recover the original content. Of course, such a simplified implementation lacks some features needed for long-term file management, such as directories, menus, file recycling, security credential information updates, and other features. There is.

FIG. 81 shows an example of data transmission from the client to the fragmented data storage network. As shown in FIG, SDNP client 1700A of IP addresses IP _{C 1, 1} via the SDNP cloud of the corresponding IP address IP _F 7, 1, _{IP F 9,1,} and IP _{F 9,4} SDNP Transfer a series of data packets to the file storage servers 1700H, 1700M, and 1700L. During operation, the client node C _1,1 sends a header 1726X and a series of data packets 1730X from the address IP C _1,1 to the SDNP gateway M _0,0 . Data packet 1730X is illustrated with data packets 1730H, 1730L, and 1730M and corresponding headers 1726H, 1726L, and 1726M, respectively. To ensure accuracy, Layer 4 transport uses TCP instead of UDP. These packets include an SDNP Zip or other ID in the form of a tag X used to identify the packet for routing. In the case of data packets 1730H, 1730L, and 1730M, they are tag 1, tag 2, and tag 3, respectively. In the payload part of each packet, for example, unique data is included in each of the three fragmented files SDNP file 1, SDNP file 2, and SDNP file 3. This last mile security credential information uses the zone U1 information and the corresponding preamble 1.

Upon entering the SDNP cloud, the data packet is routed to another destination according to its identity and the command of the signaling server (not shown). The data packet 1730H, which carries the SDNP file 1 and includes the header 1626H and tag 1, is routed to the SDNP gateway node M _0,4 . SDNP gateway node _{M 0, 4} then uses the security credential information zone U7, route packets 1730H to file storage node _{F 7, 1.} On the other hand, the packet 1730L having the tag 2 carrying the SDNP file 2 as an ID is independently routed to the SDNP gateway node M _0,8 . The SDNP gateway node M _0,8 then routes the packet 1730L to the file storage node F _9,4 using the security credential information for zone U9.

At about the same time, the packet 1730M carrying the SDNP file 3 and having the tag 3 as the ID is independently routed to the SDNP gateway node M _0,8 , but it is not always the data packet 1730L having the tag 2 as the ID. Do not use the same mesh routing path. SDNP gateway node _{M 0, 8} Furthermore, like using the security credential information zone U9, routes the packets 1730M granted a tag 3 to the file storage node _{F 9,1.}

In this way, SDNP file 1 is delivered to the file storage node _{F 7, 1} using the security credential information zone U7, SDNP file 2 and SDNP file 3 uses the security credential information zone 9 files It delivered respectively to the storage node _{F 9, 4} and _{F 9,1.} Although these files are owned by client node C _1,1 , the client does not have access to the security credential information used to encode and protect the contents of these files. Hackers do not know the contents of files because none of the file storage nodes contain all the data, and the client that owns the data does not have access to the security credentials used to store the data. Is difficult to steal for the following reasons: (i) the contents of the file are inconsistent and divided into unusable pieces, (ii) all files use different security credential information. Scramble and encrypt the data by (iii) all files are stored in different locations and different last mile networks, (iv) these various stored data are from the same SDNP source file There is no way to know. The zone containing the file storage server is also referred to as the “storage side” zone and may be distinguished from the zone where the file's owner resides (ie, the zone on the opposite side of the SDNP cloud). By this definition, zone U1 is the SDNP client zone, also called the "file owner" zone, while zones U7 and U9 are the "storage side" zones.

  A method of applying the SDNP network communication protocol on the file storage will be described with reference to the flowchart of FIG. 82A by taking the "write operation" as an example. Here, the SDNP client and the file owner show a general procedure for saving or writing their own data to the hyper secure file storage server. As shown, SDNP client 1700A splits unparsed file 1705 using SDNP split operation 1057 and parse (parsing) function 1052 to generate a multipart file or document. In this example, it is a three-part file composed of parsed files 1706A, 1706B, 1706C. If desired, the contents of the file may be scrambled before being split. These three files are transferred over the SDNP network as extraneous data or communique. The procedure for routing to the final destination over the SDNP network uses the same methods disclosed herein for hypersecure last mile communication and already described for mesh routing in the SDNP cloud. Specifically, the last mile hyper secure transport 1707 uses the security credential information according to the zone U1. The SDNP cloud hyper-secure mesh transport 1708 employs zone Z1 security credential information. Although these hyper-secure data transfer operations are represented as large blocks, packet transfer is done over the network of routers, servers, and softswitches described in this disclosure to master keys, central controls, and packet contents. It is done using a distributed system with no access.

Last-mile routing in zone U1 allows data packets to be sent over an infrastructure that includes a limited number of routing options, but multi-PHY last link routing, sequential packet routing to multiple SDNP gateways, and The methods described for hypersecure last mile communication, including the use of dynamic source addressing (i.e. renaming a client's IP address), are equally applicable to hypersecure file storage operations. When a data packet arrives at the SDNP cloud, its transport uses anonymous mesh routing with scrambled and dynamically encrypted data to monitor the file content as well as the metadata associated with this communication. Prevent also. Eventually, all three data packets reach different SDNP file storage servers 1700H, 1700M, and 1700L and reach different SDNP nodes F ₇ , ₁ , F ₉ , ₁ , and F ₉ , 4 _respectively . Will be placed. After network transport, parsed file 1 is processed in accordance with the zone U7 file security operations 1709a, it is stored in SDNP file storage node _{F 7, 1.} File 2 and 3 parsed is processed in accordance with the zone U9 file security operations 1709B and 1709C, are stored in the SDNP file storage node _{F 9,1} and _{F 9, 4.} As described above, one file does not include all data, and it is not possible to unlock all component files and recreate the original file with one security credential information.

  In the "read operation" of the hyper secure save file shown in FIG. 82B, the order of data transfer between the file storage server and the SDNP client (that is, the owner of the file) is reversed. Reading a hyper-secure file is the process of undoing the process in which the file was initially stored in reverse order and is done as follows: (i) identify the parsed file in each storage server, ( ii) Delete local storage security measures from each parsed file, (iii) Return each parsed recovered file to SDNP client via SDNP cloud and Hyper Secure Last Mile, (iv) various associations Collect the parsed files from the communiqué, (v) use the client's local security credential information to merge the parsed files and properly descramble to recover the original files.

To illustrate further the "read operation" hyper secure file, related content file storage server 1700H that are stored in the file storage node F _{7, 1} is processed by using the zone U7 file security operations 1709a, Perth File 1 has been recovered. Regardless of the parsed file 2 or 3, parsed file 1 may be hyper-secured transport operation 1708 using zone Z1 security credential information and subsequently followed by last-mile hyper-secure transport operation of zone U1. 1707 returns to the SDNP client node C _1,1 using the SDNP cloud shown in abbreviated form. At the same time, related content file storage server 1700M stored in the file storage node F _9,1 is processed using the zone U9 file security operations 1709B, parsed file 2 is recovered. Regardless of the parsed file 1 or 3, parsed file 2 may be hyper-secured transport operation 1708 using zone Z1 security credential information and subsequently followed by last mile hyper-secure transport operation of zone U1. 1707 returns to the SDNP client node C _1,1 using the SDNP cloud shown in abbreviated form. On the other hand, the associated content of the file storage server 1700L stored in the file storage node F _9,4 is processed using the zone U9 file security operation 1709C to recover the parsed file 3. Regardless of parsed file 1 or 2, parsed file 3 may be hyper-secured transport operation 1708 using zone Z1 security credential information and subsequently followed by last mile hyper-secure transport operation of zone U1. 1707 returns to the SDNP client node C _1,1 using the SDNP cloud shown in abbreviated form.

Independent packet routing of three parsed files during a read operation is illustrated in FIG. Here, the server node 1700H is a data packet 1731H comprising SDNP file 1 and ID "tag 7", using the TCP transport, from the file storage address IP _{F 7, 1} address IP _{M 0,4} SDNP gateway Send to server. The packet 1731H includes a header 1727H containing the preamble 7 and other information provided in the command and control packet previously delivered by the signaling server in tri-channel communication.

On the other hand, the server node 1700L uses the TCP transport to transfer the SDNP file 2 and the data packet 1731L including the ID “tag 9” to the SDNP gateway server from the file storage address IP F _9,4 to the address IP M _0,8. Send to. The packet 1731L includes a header 1727L containing the preamble 9 and other information provided in the command and control packet previously delivered by the signaling server in tri-channel communication. Server node 1700M transmission, data packets 1731M containing SDNP file 1 and ID "tag 8", using the TCP transport, from the file storage address IP _{F 9,1} to SDNP gateway server address IP _{M 0, 8} To do.

The packet 1731M includes a header 1727M containing the preamble 9 and other information provided in the command and control packet previously delivered by the signaling server in tri-channel communication. The three data packets 1731H, 1731L, 1731M pass through the SDNP cloud using the zone Z1 security credential information and finally emerge from the SDNP gateway M _0,0 hosted by the SDNP cloud server 1701U. Here, these data packets are sequentially sent to client device 1700A at address IP C _{1,1 in} consecutive data packets 1731X using the corresponding zone header 1727X and zone U1 security credential information.

  Let's look again at FIG. 82B. After the three parsed files 1, 2, 3 have been routed to the SDNP client device 1700A using independent routing, 1706A, 1706B, 1706C, these files are not single parsed by the mixing operation 1061. It is merged into the file 1705 and then, if applicable, a descramble operation according to the zone U1 security credential information (not shown).

  Last mile between storage servers 1700H, 1700M, and 1700L where security operations 1709A, 1709B, and 1709C actually correspond to the SDNP cloud, rather than adding additional file server operations to protect stored data. Configures hyper-secure communication. As a layer 3 network connectivity tool using the SDNP communication protocol, SDNP file storage scrambles, fragmentes, and scatters multiple distributed non-volatile data drives, including junk data insertion and the use of data spoofing techniques such as junk files. It also stores encrypted data and is hyper-secure in nature. Apart from the data security methods described above, the hypersecure storage disclosed herein provides meaningful metadata, traceability to the file owner, the route the file was delivered to, or otherwise unknown from the original source file. An anonymous file name is used that does not include the identity information of any other file storage server that holds these components.

  Aside from layer 1 PHY implementation and layer 2 transport, such as SDNP network interoperability and physical realization of storage servers, protocols can vary significantly without affecting storage capabilities, access times, or global accessibility. There is. FIG. 84A shows a physical implementation example of the SDNP file storage server. In the uppermost configuration example, the SDNP gateway 1701B is connected to the SDNP file server via the router 27. In order to improve network performance and resilience against attacks, the central configuration example uses the optical fiber 91 to directly connect the SDNP gateway 1701B and the SDNP file storage server 1740A without a router. . In the bottom example, the file storage server is equipped with a server controller 1740B and storage drives 1740C and 1740D to allow for the addition of larger memory arrays. Any media such as a hard disk drive or a flash drive based non-volatile memory can be installed in these drives. In order to strengthen the access restrictions, the SDNP gateway and the SDNP file storage server are physically located at the same place, and only fiber links are used for connecting them. These facilities can share the same room, for example, they are physically fixed in a storage room, and strictly controlled access control and monitoring are performed for a person entering the facility.

FIG. 84B further illustrates that some of the fragmented data files can be stored locally at the file owner's site. As shown, the file owner's desktop 36 is (i) accessed by a local file storage server 1740A, (ii) via a WiFi router 1352 connected to the SDNP gateway node M _0,0 on server 1701A. ) How many distributed files, such as the file storage server 1740B connected to the SDNP gateway node M _0,4 and (iii) the file storage server 1740C connected to the SDNP gateway node M _0,8. It can be saved across devices. Since the data is stored and fragmented on the distributed drives 1740A, 1740B, 1740C, even if the local file server 1740A and the file owner desktop 36 share the same WiFi 1352, the notebook 35, tablet 33, Other devices, such as cell phones 29, cannot access the stored files.

A process for uniquely storing each parsed portion of a file in a separate file storage server, called non-redundant hypersecure file mapping, is shown in FIG. 85A. As shown in this figure, a client device 1700A including an SDNP client node C _1,1 has a parsed file 1706A on a file storage server 1700H, a parsed file 1706B on a file storage server 1700M, and a parsed file 1706A. stores a file 1706C file storage server respectively exclusively to 1700L, between the storage node _F 7, _1, and _{F 9,1} and _{F 9, 4} and parsed files 1, 2, and 3 It corresponds to the one-to-one file mapping of. We use Hyper Secure Last Mile Communications to deliver these files to secure the transfer of data and its storage. Non-redundant file mapping has the disadvantage that if one of the file storage servers is lost, either temporarily or permanently, it will be difficult to access and recover the file. From the perspective of this specification, the terms "resiliency" and "resiliency" refer to guaranteed and timely access to stored data, i.e. the stored data is not lost or accessed. Is used to represent that it is reliable for a considerable period of time. From this, the non-redundant hyper-secure file mapping shown here indicates that if a failure occurs at a certain point, there is a problem in file access, and the resilience is reduced. Weak resilience can be overcome by a redundant system where the same data is stored on multiple file storage servers.

  Another indicator that describes or assesses the resilience of a data storage system is the read redundancy factor RRF defined herein. This metric is used to define the number of backup systems that provide data access when primary data storage is unavailable. In this example, one place is provided for each unique data. This results in a read redundancy factor of zero, or mathematically RRF=0. In other words, a single point connection, or file server failure, can lead to temporary or permanent data loss because the file owner cannot read the file.

FIG. 85B shows a file mapping where the read redundancy factor is RRF=1. In this example, parsed file 1 is stored in the file storage server node _{F 9, 4} and _{F 7, 1,} parsed file 2 in file storage server node _{F 9,1} and _{F 7, 1,} and Perth file 3 which is being stored in the file storage server node _{F 9, 4} and _{F 9,1.} With such an implementation, even if the file storage server node F _9,1 fails or becomes unusable, the parsed file 3 is parsed by the file storage server node F _9,4. 2 can be accessed from the file storage server node F _7,1 respectively. Therefore, even if one of the storage nodes fails, read access to the hyper secure file will not be lost. FIG. 85C is a hypersecure file mapping with RRF=2. Although this file mapping includes file storage servers 1700L, 1700M, and 1700H, a second group of file storage servers 1700J, 1700E, and 1700F is added, and file storage server nodes corresponding to the respective groups are added. F _8,2 , F _4,4 and F _6,8 are prepared. Thus, the file storage server 1700J serves as a backup of the file storage server 1700L, the file storage server 1700E serves as a backup of the file storage server 1700M, and the file storage server 1700F serves as a backup of the file storage server 1700H. The example shown in the figure consists of files parsed into three sections, but the document can be split into more sections if desired. To guarantee hyper-secure storage, the number of divisions of the original file should not be less than two, and ideally it is recommended to be three or more.

To describe the process of storing and reading redundant files using hyper-secure file storage, we describe the transaction sequence of communiqué and file transfer functions overlaid on SDNP network used to facilitate the storage process. I will decide. In the network of FIG. 86, as an example, a client device 1700A that implements the client node C _1,1 , a router 1702G, a signaling server 1715 that implements the SDNP node S, a name server 1714 that implements the SDNP node NS, and an SDNP cloud node M. _{0,0, M 0,4,} and cloud server 1701U implementing the _{M 0, 8,} and SDNP file storage node _{F 7,1,} SDNP file storage server 1700H to realize respectively the _{F 9, 4} and _{F 9,1,} 1700L and 1700M are included.

In FIG. 87A, the client device 1700A at address "IP C _1,1 " includes a C&C payload 1711A and signals at address "IP S" by a data packet 1710A that includes a description of the file size and the required level of security and redundancy. A file write request is issued to the server 1715. In Figure 87B, the signaling server 1715 transmits the data packet 1710B the name server 1714, file storage server node _F 7, _{1, F 9, 4,} and requests an IP address or SDNP address _{F 9,1.} The choice of which file address server node to use is based on a random selection from the list of storage nodes and geographical conditions such as the nodes available near the client or in disaster-free areas. There is a way. The selection can also be based on performance parameters such as unused memory capacity of the node, propagation time to the file storage node, reliability evaluation of node uptime, and other considerations. In Figure 87C, the name server 1714, file storage server node _F 7, _{1, F 9, 4,} and transmits the data packet 1710C signaling server 1715 including the IP or SDNP address of _{F 9,1.} The signaling server 1715 then calculates the last mile and mesh cloud delivery of the parsed files to the file storage servers 1700H, 1700L, and 1700M.

In Figure 87D, the signaling server 1715 sends a data packet 1710D to the client device 1700A, which is routed from the address "IPS" through router 1702G to "IP C _1,1 ". The data packet 1711D includes a C&C payload 1711D. In this payload, last mile routing of file transfer which is about to occur in the zone U1 of the client zone is instructed. Specifically, each packet is designated by the tag 1, the tag 2, and the tag 3 (simply referred to as a tag X), and the SDNP gateway of the address "IP C _1,1 " to "IP M _0,0 " is specified. Contains routing information for multiple packets to. At the same time, the signaling server 1715 sends the data packet 1710E to the SDNP gateway 1701U. This packet is routed from the address "IPS" to "IP M _0,0 ". This packet contains a C&C payload 1711E that indicates SDNP cloud routing using the zone Z1 security credential information of the packet with ID tag X. In this case, the route is from the SDNP gateway address "SDNP M _0,0 " to the next node in the cloud, ie the address "SDNP M _0,5 " (not shown). According to "Secure Dynamic Communication Networks and Protocols", the routing of data packets across the SDNP cloud using meshed anonymous fragmentation transport is dynamically selected based on the current state of the real-time network. Specifically, the routing of real-time data packets sent to the SDNP gateway in the SDNP cloud depends on the propagation delay between the nodes in the SDNP cloud and the urgency of each real-time data packet assigned by the signaling server. ing.

The signaling server 1715 of FIG. 87E transmits the C&C data packet to the last mile node on the storage side, that is, the zones U7 and U9. As shown, the data packet 1710F is sent to the SDNP gateway M _0,4 . The packet is routed from the address " _IPS " to "IP M _0,4 ", and in the C&C payload 1711F, the data packet of the tag 1 is sent to the gateway node M _0,4 , and after receiving the last mile address "IP F ₇ ". _{, 1} ”. Second data packet 1710G is transferred from the signaling server 1715 in the file storage server 1700H address "IP _{F 7, 1".} The C&C payload of the storage in zone U7 defines an incoming packet containing the ID tag 1 from the source address "IP M _0,4 ", but the destination field is empty because the node's function is storage and not communication. As it is, that is, the null value is embedded. When the command and control data packets are delivered to the network, file transfer is performed.

FIG. 88 describes fragmented data transport during hypersecure storage of files. Here, the client 1700A is a TCP data transport from the address "IP C _1,1 " to the SDNP gateway with the address "IP M _0,0 " and is a series of data packets 1712X including SDNP data files 1, 2, and 3. To send. Each data packet contains a unique identifier ID, namely tag 1, tag 2, and tag 3. These files are then transferred via the SDNP cloud to other gateways, namely SDNP gateway nodes M _0,4 and M _0,8 . The packet containing the SDNP data 1 arriving at the gateway node M _0,4 is a data packet 1712A from the address “IP M _0,4 ” to “IP F _7,1 ” using the zone U7 security credential information and TCP. Transferred. On the other hand, the data 2 and data 3 packets arriving at the gateway node M _0,8 are data packets 1712B and 1712C using the zone U9 security credential information from the address “IP M _0,8 ” to the address “IP F _{9 , 4} ” and “IP F _9,1 ” respectively. The storage may also include local encryption capabilities within the file server to prevent drive data scans. This encryption process is performed locally and has nothing to do with SDNP's security measures. The contents of the data packet, SDNP data 1, SDNP data 2, and SDNP 3, include the actual fragmented files to be stored.

The preamble within each data packet, such as preamble 1 of data packet 1712A, may also include an encryption key provided by the client as part of the symmetric key encryption operation. Using symmetric key encryption, the SDNP client node C _1,1 generates split keys for encryption and decryption. Symmetric encryption key, in this example, is provided in the file storage server node F _{7, 1} delivered by the data packet 1712a. Each time the client requests to read or access the contents of a stored file in the future, the file storage server node F _7,1 uses this encryption key to encrypt the requested file before sending it back to the client. . This client cannot open this file read by other clients because only that client holds the associated decryption key. Although this method provides an additional protective layer, it does have its drawbacks. Since only one client can access the file as a read operation, multiple "owners" of client files are needed to facilitate redundant access should the original client device be stolen, damaged or lost. Cannot be used.

  In performing the data transfer or file save process, the signaling server 1715 sends an instruction regarding "link response" message routing to the file save servers 1700H, 1700L, and 1700M. A link response is a data packet and C&C payload that confirms to the client that the write operation was successful and that each parsed file was saved. These messages are sent to the client file owner, independent of each file storage server involved in transferring and storing the parsed files. The file server independently sends write acknowledgments to the client without knowledge of each other, and this write communication response uses independent security credential information, including a unique state that differs from the operational state during the write operation. Sent. The routing of these link response messages does not necessarily use the same reverse path of the routing path used to transfer the files. These responses could be used by cyber attackers as a traceback to find the file owner. Instead, the link response uses the packet ID to reveal to the client that the saved file is part of the same file and is part of the same fragmented write operation. To

In operation, the signaling server sends the routing of the link response message to the file storage server, the client file owner, and all intermediate SDNP nodes involved in the link response message routing. The signaling server 1715 uses data packets containing command and control payloads to coordinate link response message routing, as shown in the example of FIG. 89A. In this example, the file storage server 1700H receives data packets 1721G including C & C payload 1722G including the header data for the "link 1 response" routing from the address IP _{F 7, 1} to address IP _{M 0, 4.} The SDNP gateway node M _0,4 describes the routing of a Tag 1 data packet from the address “SDNP M _0,4 ” to another node in the SDNP cloud (in this case the address “SDNP M _0,14 ”). A data packet 1712F containing a C&C payload 1722F is received. Similarly, the signaling server 1715 uses the data packet 1721M of the file storage server 1700M including the packet last mile routing instruction of the tag 3 of the "link 3 response" from the address "IP F _9,1 " to the "IP M _0,8 ". To send. The storage-side last mile routing of file data packets and their corresponding link response messages may be the same or similar, but the routing of response messages through the SDNP cloud is due to the dynamic nature of the SDNP cloud. Not nearly the same.

The actual routing of the link response message from the participating file storage server node is shown in Figure 89B. As shown, the file storage server 1700H responds with a data packet 1720A identified by tag 1 and containing a payload "FS Link 1". This packet uses the security credential information zone U7, it is routed from the address "IP _{F 7, 1} 'to SDNP gateway address" IP _{M 0, 4} ". From the SDNP gateway, the data packet of tag 1 is routed via the SDNP cloud to the client-side gateway of address “SDNP M _0,0 ”. Here, after the address is converted into the last mile data packet 1720X, the TCP transport, zone U1 security authentication information, and data of tag 1, that is, preamble 1 and FS link 1, are used to generate the address "IP M _{0, 0} ” to “IP C _1,1 ”.

Similarly, the file storage server 1700L returns the data packet 1720B identified by the tag 2 and including the payload "FS link 2" as a response. This packet is _routed from the address "IP F _9,4 " to the SDNP gateway at the address "IP M _0,8 " using the security credential information of zone U9. The data packet identified by the tag 2 is routed from the SDNP gateway to the client side gateway of the address "SDNP M _0,0 " via the SDNP cloud (routing is not shown). Here, after the address is converted to the last mile data packet 1720X, the data packet uses the TCP transport, zone U1 security authentication information, and tag 2 data, ie, preamble 2 and FS link 2, From "M _0,0 " to "IP C _1,1 ".

The parsed third file, which is identified by tag 3 and carries the payload "FS Link 3", is transmitted from file storage server 1700M via data packet 1720C. The tag 3 packets use the security credential information zone U9, it is routed from the address "IP _{F 9,1"} to SDNP gateway address "IP _{M 0, 8".} From the SDNP gateway, the Tag 3 data packet is routed via the SDNP cloud to the client-side gateway at address "SDNP M _0,0 ". Now, after the address has been translated into the last mile data packet 1720X, using the security credentials of zone U1 and using the data of tag 3, the TCP transport carrying preamble 3 and FS link 3, the address " The route is routed from "IP M _0,0 " to "IP C _1,1 ".

FIG. 89C shows an example of the contents of the FS link data packet 1720A returned from the file storage server 1700H to the client and the file owner. As shown, the data packet, SDNP gateway address address "IP _{F 7, 1",} "IP _{M 0, 4"} using TCP packet including an ID tag 1 that was created in the security zone U7 Last mile routing to is described. In addition to the description of the data payload 1741A, the response preamble 1719A also includes optional security credential information used to enforce or enhance the security of the FS link data packet 1720A delivered to the client. However, in the tri-channel communication, the response security credential information included in the response preamble 1719A is usually unnecessary and is irrelevant to the credential information used by the client to access and open the hyper-secured storage file thereafter. Access credential information needed to create a link to a file stored in the file storage node F _{7, 1} from a client, instead are stored in the data field 1741A to include the following contents.
A unique network tag, SDNP address, or pseudo-address needed to identify the file storage server where the relevant part of the fragmented file is stored.
A description of the zone that defines the security credential information used to encode files in the "storage side" security zone (not the client's zone).
Seed 1, which may include a numeric seed or time or state 920 used during encoding of the file before saving.
Seed 2, which can include a numeric seed 929 used to perform file encoding as part of the save operation.
Key 1 including a decryption key 1030 for decrypting the "storage side" encryption of zone U7. This key can only be operated in combination with a shared secret held on the DMZ server that operates as part of the file storage server, or can be operated only in combination with other security credential information such as a numeric seed. Can represent a key.
Key 2, which includes an encryption key 1022 that is sent to the client and is used to send secure instructions from the client to the file storage server using symmetric key encryption.
A file name or other information used to help the client identify the save file without revealing how it was saved.

The above data packets are used for illustration purposes and should not be considered as limiting the contents of the data packets to the exact same elements or formats as illustrated. The FS link 1720X received at the SDNP client node C _1,1 is processed to create a file link for the client's device after receipt from the file storage server participating in the storage of fragmented files. .. As shown in FIG. 89D, this operation combines the FS links 1741A, 1741B, and 1741C using the compound operation 1753 to produce the FS link aggregate "File Storage Read Link" 1754. A file storage link 1754 is posted to the client's hypersecure text messenger or file management system to allow easy access to hypersecure files with a single button. Hyper-secure operation is invisible to the user. File owners do not need to consider the fact that files are in fact fragmented, encoded, and stored across distributed file storage systems. File recall is done as if the file exists locally. Therefore, the FS link is an important element for accessing all files stored in the entire distributed file storage system.

A simplified representation of FS link communication is shown in Figure 90A. Here, all three file storage servers send their FS links to the client node C _1,1 and the corresponding client device 1700A. Specifically, the file storage server 1700H transmits the FS link 1, the file storage server 1700M transmits the FS link 2, and the file storage server 1700L transmits the FS link 3. Within the client device 1700A, the SDNP application software on the client node C _1,1 brings together the three incoming FS links 1, 2, and 3 to form one link to the save file. This combined link is displayed in SDNP Messenger as a confirmation of file storage. With non-redundant file management, FS link information is only sent to client devices. For user file management, the file link can be named when the file is requested to be stored or when a confirmation message is received.

  The file storage link is sent directly from the file storage server to the client, not through the signaling server, so only the client with the link can access the file. This FS link is needed to call and read the fragmented file. Without the FS link, the saved file and its contents are permanently lost and become irreversibly irrecoverable. An alternative way to reduce the risk of losing the FS link is to send the FS link to two client devices, the client device and its auxiliary device. The auxiliary device could be a second device owned by the client, or in the business case a second device owned by the company. As another way of thinking, another server having its own login security and user ID verification function may be used as the second device.

Redundant link access to fragmented distributed storage files created in accordance with the present specification is applicable to both read-redundant file storage systems (ie, RRF≧1) and non-redundant file storage systems. FIG. 90B shows an example of using a redundant link in a hyper-secure distributed memory system without read redundancy (RRF=0). In such a system, the file mapping between parsed files 1706A, 1706B, and 1706C and their corresponding file storage servers 1700H, 1700M, and 1700L is not redundant. As shown, the FS links 1, 2, and 3 include two client devices, 1700A that hosts the SDNP client node C _1,1 and an auxiliary client device 1700B that hosts the backup client node C _2,1. Sent to. If one of these FS links is lost or becomes unavailable for some reason, the backup client's FS link can be used to recover the files. In this regard, the SDNP distributed storage system is a non-redundant read implementation with single link redundancy, RRF=0 and LRF=1.

  An example of a hyper-secure memory with both read redundancy and link redundancy is shown in Figure 90C. In this figure, parsed files 1, 2, and 3 are each mapped to two file storage servers. That is, the read redundancy coefficient RRF=1 is realized. Also, each FS link is sent to two clients, realizing a link redundancy factor LRF=1. The resistance of the storage system to both read and link related failures means that the system is considered as a true redundant hypersecure file management system with an overall storage redundancy factor SRF=1. In the present disclosure, the storage redundancy coefficient SRF is defined as the redundancy coefficient equal to the minimum value of RRF and LRF. For example, when RRF=0 and LRF=1, SRF=0. If RRF=3 and LRF=2, the overall storage redundancy factor is SRF=2. To achieve the overall system SRF=3, it is necessary to store each parsed file in four separate file storage servers (see FIG. 85C above) and send the FS link to four separate clients. ..

  Therefore, the overall storage redundancy factor SRF is a direct measure of the resilience of a distributed storage system from a failure. This principle is summarized in the graph of Figure 91. The horizontal axis of the graph shows the number of file storage servers used in the file storage system, and the vertical axis shows the number of FS links transmitted to individual clients. As shown, there is no redundancy in a single file storage server. That is, RRF=0. Increasing the number of file storage devices improves read redundancy but does not affect link redundancy. Conversely, sending the link to a single client does not provide link redundancy. That is, LRF=0 regardless of the number of available file storage servers. In either case, i.e. one storage server or one client link, the overall storage redundancy factor is SRF=0. This means that the file storage system has no resilience as shown in the L-shaped area.

  As shown in the figure, when the parsed file divided into three as described above is stored in three file storage servers, the read redundancy coefficient is RRF=1. Link redundancy of LRF≧1 is achieved when at least two clients receive the FS link. Any combination of LRF=1 or RRF=1 results in an L-shaped region 1724B with SRF=1. That is, a certain level of system resilience can be obtained. Even if six servers are used, if the FS link is sent to only two clients, the system will only have a limited degree of resilience, SRF=1.

  By sending the FS link to three clients and storing the data redundantly on six storage servers, region 1724C defines the conditions to achieve a fairly robust storage resilience, SRF=2. Area 1724D shows RF=3 with further enhanced resilience, using six file storage servers and four clients to receive the keys. The lower left corner (bottom row and leftmost column) storage has the lowest resilience and the upper right corner storage has the highest resilience.

The hyper-secure distributed file storage created in accordance with the present disclosure provides long-term sustainable security by adapting or reusing many creative elements from SDNP communications in context. These unique elements include the following.
· Parse files and distribute fragmented content to many file storage servers that are not connected to the network,
Transfer files between a client and a file storage server using end-to-end hyper-secure communication, where the DNP dynamically scrambles the anonymous fragmented data transfer without using the master key,
A method by which the storage server does not have access to the client's security credential information used when first fragmenting and encoding the stored data, that is, the "client" required by the file storage server to decode, access, or read the file. Storing fragmented files on a file storage server in a way that does not preserve the "side" last mile security credential information,
• Optionally, the client (file owner) does not have the security credential information needed to decode the stored data, apart from the way the security link is used, ie the "client side" last mile Encoding a fragmented file on the storage server using a method that does not retain the "storage side" last mile security credential information used to encode the file locally,
Limiting the number of file storage links required to locate and open a file, limiting user access to the file owner's client device and links to any redundant or backup devices,
· Require multi-factor authentication and identity verification of the client to perform a file link and call a read or erase operation,
· Anonymous data packet routing and use of anonymous filenames. The use of file links to recall data does not reveal any information about the location or encoding of the hypersecurity file storage, nor is the routing information stored on SDNP networks or hypersecure file storage systems, except for file links. ,
Disperse fragmented files across multiple storage servers using a private file server location and anonymous identities for which no information exists on the client, SDNP network, or other storage server,
SDNP signaling server used to plan file routing for distributed storage does not access fragmented file contents or security credential information used to encode files, and SDNP used to transfer file contents Employs tri-channel communication, where the media node uses single-hop SDNP data packets that do not include the client or file storage server ID or address.
・After regular access or repeated access to the file, dynamically change the file name and relocate the data, and recreate the security credential information when rewriting the file,
• Encrypts the file storage server directory locally to prevent file parsing.

  Due to the removal of identifiable file IDs, the use of fragmented files across the network (probably worldwide), and the use of zone-specific security credential information, hyperlinks that cannot be achieved without access to file storage links. Allows access to secure stored files and their reconstruction. Since these FS links are limited in number and distributed only through the SDNP communication system, identity verification further enhances their security.

  The outline of the execution of the function of the hyper secure file storage can be represented by the same method as the hyper secure communication using the function symbol shown in FIG. 9A. For ease of explanation, any combination of scrambling 926 using state or time 926C, junk data insertion 1053, parse 1052 and split 1057, and encryption 1026 may be used, as shown in the top illustration of FIG. , SDNP encoding function 1750. Similarly, the decode function 1751 is a collection of encryption 1032 using state or time 926B, mixing 1061, junk data removal 1053B, and unscramble 928.

Using the security features described above, the illustration at the top of FIG. 93A illustrates the process of distributed file storage with client-side encoding. As shown, the file 1705 is parsed 1052 and split 1057 to create a parsed file 1706 within the client device 1700A used to implement the SDNP client C _1,1. is there. The resulting fragmented file is then encoded using the security credential information for zone U1 by SDNP encoding operation 1750B of last mile communication performed according to the methods disclosed herein. Fragmented files sent in sequential or multi-route last mile communication will then reach the SDNP gateway M _0,0 and will be decoded and parsed using the SDNP decode operation 1751C according to the security credentials of zone U1. Recover 1706. The parsed file 1706 is re-encoded by the SDNP encode operation 1750C according to the zone Z1 security credentials of the SDNP cloud. After performing a series of decode and encode operations (not shown) in the SDNP cloud during mesh transport, the final data packet arrives at the respective SDNP gateway, eg gateway M _0,8 , where it is SDNP decoded. The parsed file 1706 is recovered by operation 1751D and subsequently re-encoded by SDNP encode operation 1750D according to the zone U9 security credential information. In this example, the parsed file 1706 is then fragmented (divided) into two files, these files 2 and 3 being recovered by the SDNP decoding function 1751E and stored in the file storage servers 1740B and 1740C, respectively. With this method, the data files stored on the file storage server are fragmented, but otherwise (except for local drive encryption), they become accessible by cyber attacks on those drive data. Therefore, security is realized by file fragmentation and distributed storage.

A higher level of file security is achieved by using the process shown in the bottom illustration of Figure 93A. The process for distributed file storage with full client-side encoding is shown here. As shown, the file 1705 is processed by the SDNP encode operation 1750A and is a scrambled, encrypted and parsed file in the client device 1700A used to implement the SDNP client C _1,1. Create 1706. Operation 1750A also includes the operation of splitting file 1706 into three fragmented files 1, 2, and 3. Fragmented files 1, 2, and 3 are then encoded using zone U1 security credential information by SDNP encode operation 1750B for last mile communication performed according to the methods disclosed in this application. . These fragmented files sent in sequential or multi-route last mile communication then reach the SDNP gateway M _0,0 where the security of zone U 1 recovers the scrambled, encrypted and parsed files 1706. Decoded using SDNP decode operation 1751C according to the credential information. The parsed file 1706 is then re-encoded by the SDNP encode operation 1750C according to the zone Z1 security credential information of the SDNP cloud.

During the mesh transmission, after performing a series of decoding and encoding operations (not shown) in the SDNP cloud in the SDNP cloud, the final data packet arrives at the respective SDNP gateway, eg the gateway M _0,8 , where the SDNP decoding operation is performed. Recover the file 1706 parsed by 1751D and then re-encode this file using SDNP encode operation 1750D according to the Zone U9 security credentials information. Fragmented files 2 and 3 of scrambled, encrypted, parsed file 1706 are then recovered using SDNP decode function 1751E and stored on file storage servers 1740B and 1740C, respectively. Therefore, this file is protected not only by fragmented distributed storage, but also by a combination of scrambling, junk data, and encryption known only to the security zone of the client. Similarly, the file 1 is transferred to the gateway M _0,4 via the SDNP cloud and stored in the file storage 1700H of the zone U7 as shown in the packet 1712A of FIG. 88.

  In these two examples described, a higher degree of security can be achieved by removing the last SDNP decode operation 1751E, as shown in the illustration in FIG. 93B. In this way, the file stored on the file storage server remains encoded by the SDNP encode operation 1750D using the zone U9 security credential information. In the upper illustration of the figure, the file is fragmented by the client, but the encoding is performed according to the security credential information on the storage side of the zone U9. In the lower illustration of the figure, the file is encoded according to the security credential information U1 on the client side, and is encoded a second time according to the security credential information on the storage side of the zone U9. In addition to being protected by fragmented distributed file storage, such double encoded files include files encoded with U1 security credential information within files encoded with zone U9 security credential information. Therefore, it is expressed as a nested hypersecurity storage. An advantage of the nested security disclosed herein is that neither the client nor the storage server has the information needed to open a saved file.

  An overview of an exemplary method of implementing hyper-security decentralized file storage is shown in FIG. The example shown in this figure removes the encoding and decoding used for hyper-secure communication and SDNP cloud routing and shows only the net effect of file encoding. The upper left corner shows the fragmented case of the client zone. Here, the document is fragmented according to the security credential information of zone U1, but there are no additional security measures imposed by the storage side of the network. The lower left corner shows the case of encoding in the client zone. Here, the document is encoded by operation 1750B. That is, it is scrambled, junk, fragmented, and encrypted according to the security credential information of the network U1. However, no security measures are taken on the storage side of the network.

  The upper right corner shows the case of fragmentation in the client zone U1, but the additional steps of SDNP encoding, namely scrambling, junk insertion, fragmentation and encryption are introduced on the storage side according to zone U9. There is. The lower right corner is an example of fully nested hypersecure file storage. The file is encoded and fragmented according to SDNP encode operation 1750B using the client-side security credential information for zone U1 and then the file is encoded twice according to the security credential information for the last mile zone 9 on the storage side.

  In order to call and read the file, recalling the data must use a security operation that includes the reverse function to perform the encoding in exactly reverse order, as shown in FIG. In the upper left case, the parsed file 1706 called from a different file storage server to recall the fragmented data in the client zone is recombined using the merge operation 1061 to recover the original file 1705. To do. The lower left is a case of recalling encoded data in a client zone, where a parsed file 1706 recalled from a different file storage server has a complete split operation 1750B including mixing, decoding and unscrambling. The original file 1705 is accessed and recovered using the inverse function SDNP decode operation 1751H. In the upper right case of a file encoded in the storage zone and fragmented in the client zone, the reverse operation is performed as follows. First, SDNP decode operation 1751F is performed to cancel the result of the zone U9 security operation to recover the parsed file 1706, and then file merge operation 1061 performs the file split operation 1057 according to the zone Z1 security credential information. Cancel the result of.

  In the bottom right example of reading a fully nested hyper-secure file, data stored on different file storage servers is decoded, scrambled and junk by SDNP decode operation 1751D using the security credential information of zone U9. Reconstruct the multipart file 1706 in the encrypted, parsed, and encrypted state. The zone Z1-specific SDNP decode operation 1751H then performs the sequential inverse functions of the encoder 1750B, namely the mixing (mixing), decoding, and unscrambling operations, and calls the original file 1705. Operations that sequentially perform the reverse function to recover a file must perform the sequence of operations that were used to create the file in reverse order. For example, if the encoding is done in the order of splitting, scrambling, and encryption, the inverse function, decoding, must perform operations in the order of decoding, unscrambling, and mixing. However, if the sequential encoding of data packets is performed in the order of scrambling, encryption, and packet division, the reverse function, decoding, requires mixing, decoding, and finally unscrambling. There is.

To perform a file call, or a "file read operation", the client clicks on the "File Storage Read Link" to call the centralized file link and calls the file stored on the system's hyper-secure file storage system. Start the steps required to read. In the reading process, the following procedure shown in FIG. 96A is executed.
The file owner and client 1700A or authorized user clicks on the "read file storage link" in an SDNP application such as SDNP-capable hypersecure messenger 1196, file manager, or other SDNP-capable interface.
Client 1700A specifies file request 1761, using dialog interface 1765 or, optionally, command line instructions. This includes reading the file, editing the file (creating a copy of the file with write permissions), erasing (deleting) the file, updating links (reissuing security credential information), or redistributing files (file fragments). Operations such as moving to a different file storage server and issuing a new file storage read link to the file owner client).
In a "verify client" operation 1762, the SDNP signaling server 1715 confirms the identities of one or more clients requesting files (authentication). Using dialog box 1767, the client needs to verify the identity using a PIN and optionally a second factor such as device or security token detection. Alternatively, the SMS text can be sent to another device owned by the same client. For files that require access approval by multiple clients, the identities of all users must be verified (multi-authentication).
In a “verify privilege” operation 1763, the signaling server 1715 confirms that the requesting client 1700A is authorized to access the requested file with read or read/erase privileges (permission). After the results are displayed in dialog box 1768, ask if the user wants to download or read the file. If the identity cannot be verified, the requester may be instructed to try again. When the specified number of attempts is reached, the file administrator 1700Z (if any) is notified of the failed attempts and the account is locked. A dialog box may notify the user to inform the file administrator of this issue. Or, if you suspect hacking, the dialog box may go blank or even completely evict the user from the SDNP application.
In the document request management operation 1764, the SDNP signaling server 1715 notifies the file access manager of the file access request and the nature of the request (management) to the file storage manager 1700Z. This management procedure will be one of the following: (I) skipped completely, (ii) record the file access request in the file access administrator's account, (iii) send a message to the file storage administrator to notify immediately of the attempted file access, or ( iv) Ask for file storage administrator approval via dialog box 1769 before granting access to the client requesting the file.

After these authentication, authorization, and administration (AAA) steps, when authorization is obtained, the client requests access to the file using the steps shown in the flowchart of Figure 96B (read request for illustration purposes in this figure). Used as). These procedures include:
In read request operation 1770, requesting client 1700A sends a file read request to SDNP signaling server 1715.
In a storage server name request operation 1771, the SDNP signaling server 1715 sends a file storage server name request to the SDNP name server 1714 to request the current SDNP address of the associated file storage server (eg, file storage server 1700M). According to the SDNP method, the SDNP address of the SDNP client (including the file server) is changed at least once a day to protect it from the long-term traceability of the long-term client.
• In the Storage Name Delivery operation 1772, the SDNP name server 1714 delivers the requested file name “FS address” to the SDNP signaling server 1715, and the SDNP signaling server sets up the file call routing accordingly.
• In a Routing Instruction operation 1773, the SDNP signaling server sends a file routing instruction to the client 1700A, a node in the SDNP cloud such as server 1700U, and the file storage server. At this time, the zone U9 security credential information including the state or time 920, the numerical seed 923, the decryption key 1030, and the optional encryption key 1022 (used in symmetric key encrypted communication) is used.
In the local file recovery operation 1774, all storage-side last-mile DMZ servers decode the parsed file using applicable security credentials, including status or time information specific to file creation, It assembles this data into one or more data packets in preparation for recovery and transmission.
In the file delivery operation 1775, each parsed file is delivered to the requesting client using independent delivery over the SDNP network according to the routing instructions of the SDNP signaling server. For example, the file storage server 1700M sends the file to the client 1700A.
The received parsed data file is further decoded according to the security credentials of the client zone, the parsed file is merged and the original parsed file that can be viewed or transferred is recreated.

These procedures are illustrated in the series of figures below. In FIG. 97A, the client device with the address “IP C _1,1 ” issues a file read request to the signaling server 1715 with the address “IP S” using the data packet 1810A. The request includes TCP transmission, header information related to the file, and a C&C payload 1811A that specifies more than one FS link. The location of the saved file fragment is anonymously described in the FS link using a tag or pseudo address that needs to be converted into an SDNP address or an IP address for routing. However, since the signaling server 1715 does not know the current SDNP address of these named user IDs, it needs to request the current information from the SDNP name server 1714. In Figure 97B, the signaling server 1715 transmits the data packet 1810B the name server 1714, file storage server node _F 7, _{1, F 9, 4,} and requests an IP address or SDNP address _{F 9,1.} In Figure 97C, the signaling server 1714 transmits the data packets 1810C the name server 1714, file storage server node _F 7, _{1, F 9, 4,} and requests an IP address or SDNP address _{F 9,1.} The signaling server 1715 then computes the last mile and mesh cloud delivery of the parsed file to the file storage server.

The signaling server 1715 of FIG. 97D transmits the C&C data packet to the last mile node on the storage side, that is, the zones U7 and U9. As shown, the data packet 1810G from the signaling server 1715 address S, is transferred to the file storage server 1700H address "IP _{F 7, 1} ', carry C & C payload containing the" file 1 read instruction "1811G . This packet, U7 use security credential information, instructs the file storage server to send SDNP gateway of the ID tag 1 file address "IP _{M 0, 4"} from the address "IP _{F 7, 1".} At the same time, the data packet 1810F is transmitted to the SDNP gateway M _0,4 . This packet is routed from the address "IPS" to "IP M _0,4 " and contains a C&C payload 1811F, that a data packet containing tag 1 is expected by the gateway node M _0,4 , after reception at SDNP cloud with Z1 security credential information, for example the address _{SDNPM 0,31} to be transferred to be transmitted.

Second data packet 1810I includes a C & C payload 1811I including "file 3 read command" transmitted from SDNP signaling server 1715 in the address "IP S" to the file storage server 1700M address "IP _{F 9,1"} To be done. This command instructs the file storage server 1700M to send the file with ID tag 3 to the SDNP gateway at address IP M _0,8 using the zone U9 security credential information. Other C&C packets (not shown) are similarly sent to other file storage servers and gateways (nodes F _9,4 , M _0,8, etc.) and nodes in the SDNP cloud.

In FIG. 97E, signaling server 1715 sends data packet 1810D to client device 1700A. This packet is routed from the address "IPS" to "IP C _1,1 " via router 1702G. The data packet 1810D uses the zone U1 security credential information to indicate that multiple incoming data packets with IDs such as tag 1, tag 2 etc. are expected from the SDNP gateway 1701U at address “IP M _0,0 ”. It includes a C&C payload 1811D to notify. At the same time, the signaling server 1715 sends the data packet 1810E to the SDNP gateway 1701U. This packet is routed from the address "IPS" to "IP M _0,0 ". This packet contains a C&C payload 1811E for last mile routing of zone U1 applicable to incoming data packets identified as Tag 1, Tag 2 and Tag 3 packets transferred from within the SDNP cloud.

  When the command and control data packets are delivered to the network, file transfer is performed. The first step in this transfer is shown in FIG. Here, the data packet 1741R including the FS link 3 provides the SDNP decode operation 1751R with information such as the illustrated state 920, numeric seed 929, decryption key 1030, and encryption key 1022. For SDNP decode operation 1751R, this information is processed by DMZ server 1752 to perform functions including shared secrets such as packet decryption 1032R, mixing 1061R, junk removal 1053R, and unscramble 928R. All of these runs are done in state 920, the state when the parsed file was last encoded. Cryptographic key 1022 is not specifically required to decode the file, but can be used for symmetric key encryption to return the parsed file to the client and file owner.

FIG. 99 shows file routing and data transmission. Here, the file 1 is transmitted from the address "IP F _7,1 " to "IP M _0,4 " using the U7 security credential information in the TCP data packet 1720A, and the U9 security credential information is used in the TCP data packet 1720B. to "IP _{M 0,8"} file 2 is sent from the address "IP _{F 9,4"} Te, TCP data packet 1720C in the U9 security credential information "IP _M from address" IP _{F 9,1} "using the _{0 , 8} ” is transmitted to file 3. After transmission through the SDNP cloud (not shown), a series of data packets 1720X is delivered from the SDNP gateway at address "IP M _0,0 " to client address "IP C _1,1 ".

  On a read operation, the data is loaded into the SDNP app in "read only" format. As long as the file is sandboxed within the SDNP application, the file is protected by the SDNP application and network features and does not rely on the device operating system login procedure or weak security measures. The need for read-only access to private documents is widespread among businesses. Many of the files created by corporate finance, legal, manufacturing, engineering, quality control, and other departments are examples of material that represents read-only content. In many cases, the company's internal files need to be transferred, or electronically distributed, to the company's executives for review prior to publication.

  Accidental or premature disclosure of the distributed information has immeasurable implications, with serious economic or legal implications for the enterprise, as well as personal liability to executives. For example, unpublished financial reports of listed companies are strictly confidential until published. In the United States, regulatory FD, or "fair disclosure", means that information must be made available to everyone at the same time without priority. If outside parties access such information prior to publication, it is a violation of the Regulatory FD. If the court finds that a regulatory FD breach has occurred because the company has failed to maintain and guarantee the confidentiality of the document, the company could be punished for the breach and the officers could be attributed to the selective disclosure. Even if it is not insider trading, you may be personally held responsible.

  Within the SDNP application, the acquired file is segmented (sandboxed) and protected so that data cannot be transferred from one account ID to another account ID. For example, files cannot be exchanged between business and personal accounts. Depending on the reader's authorization privileges, the user may or may not be allowed to download the retrieved file from the SDNP application to the unencoded storage of device memory. Downloading a file outside an SDNP-enabled application compromises the security of the file and the data it contains. For data residing in SDNP applications, access is controlled, user actions are restricted, and both the device and the SDNP network must verify the user's identity. Breaking down such multi-layered multi-factor authentication is much more difficult than disabling the simple 4-digit pin required to open the cell phone. In contrast, once a file is downloaded to your computer, tablet, or mobile phone, it's almost impossible to prevent unauthorized access, identify who accessed it, or who made a copy of the file. It becomes impossible.

  Thus, using SDNP communications, file owners can lock or compartmentalize sensitive documents and files. Now the document or file can be read by others, but not downloaded to your mobile phone. Additional procedures can be used to prevent LCD display screenshots or photography. In other cases where security and privacy are not required, the acquired file can be transferred from the SDNP application to the memory of the mobile phone and can be used without restriction.

  In the edit operation, the editable file is downloaded to the device and passed to the application program required to edit the file. Regarding the execution of file request and data exchange, there is no basic difference between the file read request and the file edit request in SDNP network operation, except that it is the operation of the SDNP application of the client. That is, these operations are functionally the same from the viewpoint of data transfer in the SDNP network. Therefore, it can be considered that the difference between the read operation and the edit operation lies in the execution of layers 5 to 7 mainly composed of files unique to the application.

  The application that edits the acquired file includes (i) a device embedded application (Simpletext, etc.) that is native to the operating system of the device, but operates outside the SDNP application, and (ii) is on the operating system of the device. These include third-party applications that run outside of the SDNP application (eg, Microsoft Word, Adobe Acrobat, etc.), or (iii) secure applications that run within the SDNP application and are not directly accessible by the device or its operating system. .. For example, corporate press releases can be edited in the SDNP application sandbox, but not downloaded to the mobile phone's memory. As an additional measure to maintain the security of your business, all files owned by your company, that is files that are sandboxed in the SDNP business account compartment, are run even within the same SDNP application. , Cannot be transferred to the user's personal SDNP account.

  After editing, saving the edited file on the SDNP file storage server does not overwrite the existing file unless the owner of the file specifically requests to do so. Instead, a second version is saved in addition to the first version of the file, and the user must perform an erase operation on the file to remove the previous version. Since hyper-secure file storage requires ID verification, the process of saving edited files may include unique system functions not available in file storage that does not have a dedicated hyper-secure network communication function. . One such unique feature is the signature verification feature used to sign and date files (or stamp seals in Asia). The signature function may include a registered receipt sent to the document owner and the original document creator.

  For hyper-secure data storage created in accordance with this specification, the erase operation overwrites all existing parsed files with random numbers, and optionally performs random number overwrites again after one hour to save Further elaborately obscure the small but potentially detectable analog variations of the bit charge or magnetic field. The file record is also overwritten, and the file record on the data drive is complicatedly disturbed. After erasing the data and file records, the client's data link is destroyed in the client device using the SDNP system's self-destruct message feature and all residual data on the FS link is discarded from the SDNP system. However, if the file system administrator used third-party software to track per-user activity, the administrator may not be able to access the deleted files themselves, even if they do not own the file's owner and creation date. , Can keep metadata about the history of a file, such as who accessed the file, when it was deleted, and so on.

  The SDNP network and the hyper secure last mile function can also support the function and operation procedure of the corporate account different from the profile of the personal account. As mentioned above, the erase personal account operation involves rewriting junk data to a file, erasing index records on the drive that represent the file's existence, and using a self-destroying message to erase the previous fragmented storage location of the file. All FS links pointed to are destroyed and so on. However, for corporate accounts, the file storage administrator may require prior approval to completely destroy the file. For example, use an approval process similar to dialog box 1769 of Figure 96A (although it is sent to the administrator rather than the owner of the file).

  If the company file administrator chooses not to allow the deletion of files, the following scenarios can occur: (I) The file owner is notified that the file is not deleted, the file read link is kept in the SDNP application or SDNP Communicator message history, (ii) The file owner is notified that the file is not deleted, For example, stored for "archiving purposes", but using the SDNP system's self-message destruction provisioning feature, the personal file read link is removed from the SDNP application, that is, the file owner tries to delete the file. Then only the file storage administrator can call this file, or (iii) the file owner's personal file read link is removed from the SDNP application using the SDNP system's self-message destroy provisioning feature, but The owner is not notified that the file is held by the company.

  With the last mile hypersecurity inherent in the operation of anonymous fragmented distributed file storage systems disclosed herein, even a file storage administrator can retrieve stored files without a "file storage read link" It is not possible. In order for an administrator to access a file, the corresponding file storage read link is always required every time the file is saved or edited. While corporate accounts can provide this level of monitoring, any file management system can't handle the sheer volume of data that results from tracking every change to every file. As disclosed herein, the intelligent filtering possible with the present SDNP system only tracks attempted file erasures. With this approach, the administrator does not monitor file creation, but only attempts to delete files. Only when the file owner attempts to delete the file, the corresponding file storage read link is transferred to the administrator's database or console for approval or archival purposes.

  The size of the database can be further minimized by specifying the particular employees and contractors that need to be monitored. For example, if a company becomes involved in a financial audit or patent litigation, all parties are generally notified not to erase the relevant data or files. Using the file management features enabled by the SDNP file storage system disclosed herein, all attempts to erase files by staff associated with the investigation are logged and the file storage is "on the fly". It can be tracked by sending a copy of the link to the file storage administrator, or in some cases to an independent investigator. Such a method is useful because it limits the amount of data monitored and provides a natural warning to the administrator of suspicious activity suggesting attempts to conceal fraud. The use of redundant file storage links as described above is essential to prevent accidental or malicious loss of file storage name links due to destruction of the client and file owner's device itself. In the case of a company, the backup copy may be kept on a computer in a secure office, or on a central server in the company.

  When extremely strong security is required, for example, in relation to national security, the following multi-procedure method will be used to delete files. (I) overwrite files with random data, (ii) copy all other files from the storage drive to another storage device, (iii) erase the drives all at once, (iv) reformat the drive, ( v) Overwrite the storage field of the drive with a random number, and optionally (vi) copy the saved file as needed. Unlike the conventional overwrite of file data, the batch erase process affects the read/write storage medium itself and naturally randomizes its electrical, magnetic, or optical properties at the molecular level. A large electromagnet can be used for batch erasing the magnetic drive, but for batch erasing the flash, it is necessary to raise the temperature of the IC and, in some cases, to irradiate ionizing radiation with a high operating voltage. Magneto-optical drives can be erased in bulk using a high magnetic field. Rewritable optical drives can be erased in bulk by using a bright scan laser that is scanned transverse to the disc format track. In any case, batch erasing is an extreme example in which there is a risk that the storage medium after erasing will not have any data and the storage medium will be damaged and cannot be used again.

Another important element of hyper-secure distributed file storage systems is maintaining the integrity of file data and link access. To prevent accidental loss of the link, it may be useful to reestablish, or revalidate, the read link in the file storage from time to time and reissue the security credentials. This process, referred to herein as the "update link" command, can be initiated manually or automatically from the client, or it can be initiated from the file storage server at a predefined time interval. For client-initiated requests, the SDNP signaling server sends command and control packets to the corresponding server. When the update of the link as shown in FIG. 100 is started, the file is, SDNP decoding operation in the state 320X they are before the "old" of time t _1, which is created by using the zone U9 security credential information to the state It is read and decoded by the 1751F. The file is then re-encoded by the SDNP encode operation 1750D using the new state 920Y at time t ₂ and stored on the storage drive. The updated storage link (eg FS link 3) is then sent back over the SDNP network to the file owner, client device 1700A. The resulting file stores the encoded data updated at time t ₂ using the security credential information for zone U9. However, the security credential information of the client of the zone U1 used for creating and parsing the original file is not updated. To read this file, the read operation first decodes the file using zone U9 security credential information in a state corresponding to time t ₂ and then transfers the file to client node C _1,1 where It is necessary to decode the file using the security credential information of zone Z1 associated with the time created in.

Another measure to increase security is to use a file redistribution operation to move all parsed files on the selected file storage link to a new or different file storage server. This operation can either send the parsed file to an entirely new server or redistribute the file among existing storage nodes. In either case, the security credential information is updated and a new file FS link is issued and sent to the client who has access to the file. This operation is shown using an example in FIG. Here, the content of the file storage SDNP node _{F 7, 1} zone U7, the file time is created _{t 1,} it is decoded by SDNP decoding operation 1751H using state 920x. The file is then transferred over the SDNP network (not shown) to the file storage SDNP node F _9,4 , where it is performed by the SDNP encode operation 1750L using the zone U9 security credential information as state 920Y corresponding to time t2. Encoded. After this, the file is saved and the updated FS link 2 is sent to the file owner and other clients with file access rights.

In parallel with the above file transfer, the contents of the file storage SDNP node F _9,4 in zone U9 is decoded by SDNP decode operation 1751L using state 920X at time t ₁ when this file was created. File is then transferred to the file storage SDNP node _{F 9,1} via the SDNP network (not shown), where the corresponding state 920Y at time _{t 2} using the zone U9 security credential information SDNP encoding operation 1750M Encoded by. After this, the file is saved and the updated FS link 3 is sent to the file owner and other clients with file access rights. Similarly, the contents of the file storage SDNP node _{F 9,1} zone U9, the time _{t 1} at which the file was created, is decoded by SDNP decoding operation 1751M using state 920x. File is then transferred to the file storage SDNP node _{F 7, 1} through SDNP network (not shown), where SDNP encoding operation using the security credential information zone U7 as the corresponding state 920Y at time _{t 2} It is encoded by 1750H. After this, the file is saved and the updated FS link 1 is sent to the file owner and other clients with file access rights. In this way, all three files have been relocated, new security credential information has been issued, and a new file storage read link based on the updated FS links 1, 2, and 3 to the clients authorized to access. Is issued.

  Another required maintenance function performed by the hyper-secure file storage system is the operation used to check for files without live links, or "zombie files". This operation is similar to the update link operation except that it is initiated by the file storage server, not the client or file owner. During this operation, each file storage server keeps track of the time since the file was last accessed. If the last operation on the file exceeds the specified time interval (eg, no activity for a month), the file storage server connects to the client to see if the link is still active. The file storage server can connect to the client in the same manner that was used to send the FS link to the client. When the file is saved, the file storage server holds the SDNP zip or pseudo address of the client.

  If no activity occurs within the specified time, the file storage server connects to the SDNP signaling server and sends a request to reconfirm that the link is still active. Next, the SDNP signaling server plans the distribution route of the FS link verification request to each participating file storage server. Each file storage server sends this request to the client via the SDNP network. All participating SDNP client nodes acknowledge and respond that the file link still exists on the device. If a file link is confirmed, then the client has the option to perform a link update. However, if the device is not responding, that is, if there is no active file read link, the file storage server notifies the administrator that the file link is out of date or is missing, and it may take 1-3 months. Zombie files with unknown ownership will be permanently and irrevocably deleted after such period of time.

  Registration communication

  Another feature of SDNP communication performed according to the present specification is a network function for distributing or storing "registration communication". In the registration communication, hyper-secure delivery of communiqué and hyper-secure storage of a file as a message with a time stamp with a signature are performed, and an electronic signature (e-sign) and an electronic stamp (e-sign) are added to the communication for the purpose of establishing legal validity. There is a function to perform e-chop). The registration communication also includes the function of sending a "certified message". This is done in a handshake fashion, using a signed or stamped time stamped reply to confirm receipt of the document or file. All registration communications are initiated by the SDNP application on the client device, but are authenticated through last-mile communications, that is, communications that occur over the last miles of the SDNP network. If the client attempts to tamper with the stamp confirmation, there will be a conflict between the stamp confirmation message and the network record.

  Because SDNP communication uses "states", that is, time and other unique variables are used to establish message-specific security credentials at the communiqué and file storage, so the time stamp is SDNP communication. It is an essential function for This is illustrated in SDNP Communicator application window 1800 of FIG. Here, each text message transmitted/received has time stamps 1801A and 1801B corresponding to the timings at which the message is transmitted, received, and read. The time information, including the global time reference established by the SDNP signaling server, is delivered to the client via the last mile network. The SDNP client app then integrates this timestamp into the information display.

  In registration communications, the communiqué generates a formal timestamp as part of the process. An example of the registration communication process is shown in FIG. In this figure, a hypersecure message is executed and an optional attachment step 1802 is initiated. A dialog box 1803 is used for this operation, and the client sending the message or file, ie, the sender, selects whether to attach the file to the message and, if so, uses the directory browser. And find the file. Next, the registration message is transmitted using the command dialog 1804, and at this time, whether to use normal distribution or registration distribution is selected according to the dialog box 1805. The message is then sent using hypersecure communication implemented in accordance with the present invention.

  In the "accept message" step 1806, the recipient performs the sequence of steps required to verify the identity to access the message and send an authenticated receipt confirming acceptance of the message and file received. To do. The process begins with a receipt authentication operation 1807, which asks the receiving client for identification. If the identity of the recipient is not authenticated, the recipient cannot access the message, the message is discarded, and the sender is notified of the failed authentication step. In this way, the sender can be alerted that the receiving device may have been stolen. Once the recipient's identity has been verified, the recipient is asked by accept receipt operation 1808 to decide whether to accept or reject the message and attachments it receives. If the message is rejected, the sender is notified.

  If the recipient chooses an acknowledgment and accepts the message, message receipt is performed by performing a receipt management step 1809 and selecting an electronic signature (e-sig) or an electronic stamp/e-chop. Must be signed. The sender can specify the required options. In some countries, legal binding is not possible without both electronic stamps and electronic signatures. A subsequent dialog box (not shown) prompts the user to specify his digital signature or digital stamp in the device's file directory. Alternatively, audio or video recordings may be used for confirmation. The receiving side is instructed to record or read the contents at the time of recording. Once the message is signed, the message can be read by the recipient and the attachment can be viewed or downloaded on the fly, depending on the sender's requirements.

  Upon receipt of the document, a signature + message stamp receipt 1811 specifying the message recipient, the embedded text and attachment file name received, the date and time the message was received, e-sig, e-chop, audio recording, audio + video recording , Or any combination thereof is sent in the send acknowledgment operation 1810. The archive receipt option 1812 allows the sender to save a copy of the signed timestamped message receipt 1811 in the system's hypersecure file storage system. This allows the sender to receive the read file link 1813 needed to invoke the message. Alternatively, the message receipt 1811 may be downloaded to the sender's device.

  Cryptographic-based security issues

  Government security agencies have made anonymous callers untraceable in today's world of corporate fraud, IP theft, cybercrime, hacking, criminal organizations, drug cartels, mafia, yakuza, jihadists, and terrorists. Communication systems that provide communication, that is, any communication system that uses encryption to protect data and hide the identity of the caller (metaphorically a payphone), are for network operators, application developers, and device manufacturers. It claims to be a reckless and irresponsible business practice.

  Unfortunately, there is the fact that communications that rely on cryptography for security as well protect both criminals and law-abiding citizens. As mentioned above, the subject has also been highlighted in a myriad of news articles about the criminal activity of ISIS terrorists, their terrorist acts in Paris and Belgium using a telephone application program called Telegram. End-to-end encryption, also referred to as end-user based encryption, is used herein to facilitate secure communications. End-to-end encryption is particularly troublesome for security agencies because the decryption key is only maintained between the sending and receiving parties and not the intervening network or its operator. Security authorities repelling Telegram claim end-to-end encryption with large keys is a national and even global security risk that allows terrorists to stealthily using open communications. is doing. The arguments in support of Telegram support personal privacy, no matter what.

  The Federal Court of Justice ruled in favor of the FBI and believed to have been owned by the criminal in a case of 14 dead and 22 injured in a shooting in San Bernardino, California on December 2, 2015. The privacy debate reignited as Apple ordered Apple to "unlock" mobile phones. The February 17, 2016, Washington Post magazine article entitled "Apple Inc. Surely Resists FBI's Request for Decryption of iPhone® Associated with San Bernardino Raid." Apple and its CEO cited several reasons for refusing to comply with court orders. This article is (https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/ 69b903ee-d4d9-11e5-9823-02b905009f99_story.html).

  Most notably, the security is designed so that Apple itself does not hold the decryption key even if the police get a warrant (this is essentially another end-to-end encryption. It's a nightmare), and argued that law enforcement couldn't unlock the newer iPhones. Apple claimed that only the user of the cell phone, or anyone who knew the password of the cell phone, could unlock the cell phone. On the other hand, the government argued that it does not need to unlock the encryption function, it just wants to disable the ability to erase the cell phone's memory after 10 failed login attempts. In an online statement, Apple CEO Tim Cook argued that such an action would jeopardize the security of the iPhone®. "Once you write it, you can use the technology over and over, and you can use it on any device," he said in a statement. In the physical world, it's like having a master key that can open hundreds of millions of locks, from restaurants and banks to stores and homes. A sensible man would not accept such a thing. He went on to say: "Opposing this order is not something we can do casually. We face what seems to be an overkill by the US government and feel that we must speak out."

  The last point that Apple claimed was that the U.S. Department of Justice was beyond its power, it was a legal claim, not a technical position, which the state had no reason for, It accurately represents the feelings of constitutionalists and privacy defenders that they have no right to monitor the content of communications or infringe on the privacy of individuals. While this San Bernardino case meets the conditions for obvious reasons, the idea of creating a general-purpose backdoor that can open the communication devices under discussion invites abuse by authorities. The The Atlantic magazine defended Apple's allegation in an article on February 23, 2016, "Apple is right: FBI wants to break into many iPhones." On the same day, the British Guardian magazine also reported, "Apple claims that the FBI wants access to many iPhones."

  It was strange that the same position of privacy protection was taken by the US Congress at this time. On March 1, a Guardian magazine follow-up article titled "The US Congress Informed the FBI that Enforcing Apple to Unlock iPhone" was a Fool's Messenger" was issued in the United States. Lawmakers have accused the US Department of Justice of over-involvement and invasion of privacy. "The road to hell starts at the back door," said Brad Smith, a legal advisor to Microsoft at the RSA conference in San Francisco. Mr Smith provoked the people in the computer security industry who were attending the meeting to "stand up with Apple in this important case."

  During this turmoil, many security experts, including NSA whistleblower Edward Snowden, stated that unlocking mobile phones was not as difficult as the FBI claimed. Through a video link from Moscow, Snowden told the Common Cause Blueprint at the Great Democracy conference (March 8-9): "The FBI says that Apple has "exclusive technical means" to unlock mobile phones. Let's say it in honor, it's bullshit." Before the case was brought to court, the FBI reported that it had found a way to break into a locked iPhone®. On March 29, 2016, Fortune magazine said: "The FBI may not tell Apple how it cracked the iPhone®," he said.

  The legal and geopolitical consequences of the Apple vs. FBI case are widespread. With the FBI as a precedent, it is expected that other countries will require backdoors for all communication devices connected to the network, including mobile phones carried by US citizens traveling abroad. Moreover, with the successful hacking of iPhone(R), criminals will always discover or reinvent these methods to tackle new forms of cybercrime and identity theft. Let's In order to stay out of criminals, governments may try to use the same methods as criminals to expand surveillance and espionage, and different departments within the same government may use similar methods to engage each other's activities. Even spying can happen. In a related story, various governments are considering limiting the level of encryption used in end-to-end communications.

  Overall, the recognition that these events do not support any combination of existing security techniques currently available in public property, nor at least support criminals and terrorists, without assuring both security and privacy. Is clearly strengthening. The problem stems from the reliance on encryption alone to provide both network security and end-to-end security and associated caller privacy. Increasing the security of text, voice, or files by increasing the bit size of the encryption key increases the security of the communiqué, making it more difficult to break. Enhanced security maintains security and privacy, combats identity theft and protects corporate and law-abiding citizens. Unfortunately, however, the enhanced security protects even criminals and terrorists from the eyes of oversight, allowing them to operate unseen and invisible.

  This is shown in FIG. 104A. Here, the sender 1825A is communicating with the recipient 1825Q via an insecure network, such as the Internet 1821, which suffers from cyber attacks from various routes. In other words, this network has a huge "attack surface" called vulnerability. To reduce the attack surface, encryption 1026 and decryption 1032 are used to form an encrypted pipe or tunnel 1820 with a smaller attack surface than network 1821. The problem is to determine the size of the encryption key to use. As shown in Table 1824, the larger the encryption key, the more combinations can be obtained, which makes the decryption of the encryption difficult. Cryptography is used for two purposes: (i) to provide network security to prevent man-in-the-middle attacks, and (ii) to ensure the privacy of callers through end-to-end security. . Improving network security, as shown by line 1823, provides an equivalent improvement in end-to-end security. While advanced network security helps prevent malicious outsiders, excessive end-to-end encryption is a double-edged sword. If the key size is large, for example, AES 256 or AES 512 is employed, the system provides "secret" network performance, and naturally provides the same level of security to the caller. However, even if the caller is suspected to be a criminal or a terrorist, neither the network operator nor the government can detect and monitor the activity of the caller.

  Evaluation of key size is complicated. If the encryption key is too small, a criminal can attack the network and its users, and if the encryption key is too large, the criminal can use the network to hide illegal activities or investigate fraud or fraudulent activity. It can interfere with the detection activities by the government. In a corporate environment, end-to-end encryption prevents employees from monitoring their business activities and complying with corporate investigations and intellectual property litigation, so corporate security policies ensure that such encryption is fully protected. There are cases of refusal.

It is difficult to even determine which size keys are readable and which size keys are secure, and that situation changes as technology evolves. Referring again to Table 1824, the number of possible combinations that need to be analyzed in a brute force attack is calculated as a function of cryptographic key size. A 16-bit key has only 65k combinations, a 56-bit key has 10 ¹⁶ combinations, and a 128-bit key has more than 10 ³⁸ combinations. In addition, there are combinations of numbers in the 256-bit key that are 39 orders of magnitude greater than in the 128-bit key. Ignoring the use of pattern recognition, the brute force attack attempts every combination to crack the code. In an EETimes article titled "AES Security Against Brute Force Attacks" (http://www.eetimes.com/document.asp/doc_id=1279619), the author was a supermarket around 2012 with 10.5 petaflops available. It estimates the time required for a computer to perform a brute force attack. Petaflops are 1,000 trillion or 10 ¹⁵ floating point operations per second, or 1,000 teraflops. Therefore, the calculation time for a 56-bit key is only 399 seconds, the calculation time for a 128-bit key is 1.02×10 ¹⁸ years, and the calculation time for a 192-bit key is 1.872×10 ³⁷ years, for a 256-bit key. a 3.31 × ^{10 56} years.

  The time required to launch a brute force attack is also changing. Since the writing of this document, the speed of the world's fastest computers has already tripled. According to a BBC News article, "Supercomputer: President Obama Commandes Realization of World's Fastest Computer," dated July 30, 2015, investigators said that the target speed of the next-generation supercomputer would hold records at that time. It is reported to be a machine with 20 times the speed of a machine, that is, a machine with a computing power of 1 exaflop (1 Floating point arithmetic operation per second). This means that the time required to crack the code will continue to decrease over the years. Another new approach to decrypting ciphers is to employ massively parallel processing, the method used for mining bitcoins. By using thousands to millions of computers at the same time instead of using a single supercomputer, attacks can proceed simultaneously and the decryption time can be dramatically reduced. The capabilities of today's fastest microprocessors have already exceeded 1.1 teraflops, so 30,000 best-in-class microprocessors work together to provide speeds comparable to the world's fastest computers today. It's Only one million microprocessors are needed to implement a computer with exaflop computing power. Dedicated ASICs can erode security further, but quantum computing is sure to transform it far beyond that, by orders of magnitude.

  In conclusion, large key end-to-end encryption is not a good solution for communication privacy and security. An alternative approach enabled by SDNP networks and hyper-secure last mile communication separates end-to-end encryption from network security, as disclosed herein. As shown in FIG. 104B, the communication between SDNP clients 1700A and 1700Q, which represent the respective senders and receivers, is performed by SDNP network 1831. A small attack surface of the network is routed using three-channel communication for dynamic scrambling, fragmentation, junk insertion, and control Anonymous multi-route and mesh data transfer using hop-by-hop encryption Is realized by Although security credential information changes dynamically for all hops in the last mile communication and SDNP cloud, this process is represented in a simplified form using SDNP encode operation 1832 and SDNP decode operation 1833.

  As described in Table 1834 and shown by line 1830, these methods, in various combinations, achieve security comparable to secret or top secret encryption standards without relying solely on encryption. The line 1830 is flat, indicating that there is no interdependence between the end-to-end encryption displayed on the y-axis and the network security displayed on the x-axis. Instead, the network security level can be adjusted from Case A to Case D by applying various SDNP security schemes. Although these security operations are performed by the SDNP software, both the originator and the recipient use security credential information when transferring data packets through the SDNP network 1831 and its various security zones. I don't notice that. In particular, the client in the conversation is unaware that he is participating in the exchange of the encryption key of the last mile network. As a distributed network, the use of encryption within the SDNP cloud has nothing to do with last mile security and there is no system master key. As such, the security of SDNP network 1831 creates an encrypted pipe or tunnel 1820, independent of the end-to-end encryption performed by encryption 1026 and decryption 1032.

  The encryption used in SDNP network 1831 need not use the same size key as the end-to-end encryption tunnel 1820. As shown in the graph, commercial and enterprise security applications for end-to-end encryption show 128b key encryption (dotted line 1835) even when AES256 is used for single-hop dynamic encryption in the SDNP cloud. AES128) can be used. In fact, end-to-end encryption can utilize RSA or other ciphers without compromising network security. The SDNP network 1831 is protected by AES encryption according to FIPS 140-2 military grade security, even in the absence of an end-to-end encrypted tunnel 1820. As mentioned above, SDNP network 1831 prevents all external cyber and man-in-the-middle attacks. The end-to-end encrypted tunnel 1820 protects the caller from hacking interventions from network operators and other "insides." In this regard, the end-to-end encryption of the present disclosure is used primarily to ensure the privacy of the caller, rather than to achieve transfer security of data packets.

  This approach can be adapted to a wide range of applications, as the strength of end-to-end encryption can be increased or decreased without compromising the security of the network. For example, if the 128b key encryption indicated by dotted line 1835 is too strict for small businesses and individuals, the number of bits can be reduced without sacrificing individual privacy. For military or government applications, the encryption key length can be increased to 192b, 256b, or 512b as needed. In this regard, the SDNP system of the present disclosure overcomes the deficiencies of current encryption-based communications and provides functionality not available in alternative applications, devices, or networks.

  Security management

Another important feature of SDNP communication is its unique approach to security management. Security controls are needed in many situations, including:
Monitoring of employee communication conducted in accordance with HR policies or employee surveys;
Monitoring and recording of employee communication, supporting financial audits, legal accounting, financial reporting, etc.
Documentation of intercompany communication as part of a merger and acquisition;
· Documentation of intercompany communications as part of IP or corporate litigation,
・Responding to requests for communiques and documents based on subpoenas and criminal investigations,
• Account information, call and message monitoring, and compliance with national security file access legal orders.

  With proper authorization, SDNP network administrators can facilitate access of SDNP network traffic to designated "SDNP security agents" for the purposes of communication monitoring and data monitoring. The process by which SDNP security agents are established and enabled includes a multi-tiered authorization and authentication process that is always performed before any monitoring activity. To prevent abuse, no individual can initiate surveillance, and even the SDNP network administrator does not have that authority. Dynamic control of SDNP communication as a distributed network using dynamic SDNP encoding and decoding, with no central control, no master network key, DMZ server running offline using zone specific security credential information By nature, there is no mechanism to recover data or retroactively recall a conversation. Data exists in the SDNP network only for short periods, typically less than 100 ms. As a distributed system, the SDNP network, by design, has essentially no central control functions, and therefore no pre-call metadata. Therefore, SDNP networks only support speculative security surveillance. That is, it is necessary to establish monitoring by the designated SDNP security agent before intercepting the communiqué.

  Further, since fragmented mesh communication in the SDNP cloud is performed dynamically, SDNP nodes in the cloud, that is, beyond the SDNP gateway, do not transmit a data packet containing one complete conversation. Most nodes transmit less than 5% of the data before routing changes, typically only 10 ms at a time. According to SDNP communication, dynamic routing always redirects the communication via different media servers. Therefore, cloud access is not suitable for communiqué recovery and monitoring. SDNP cloud data packets consist of useless jumbled data, such as extraneous sounds, data, speech, and junk data that can be captured. Instead, monitoring by a designated SDNP security agent can be productive only in the last mile communication, where the complete set of relevant data packets must pass, either within the client device or, preferably, within the SDNP gateway. it can.

An example of data packet routing during security monitoring is shown in FIG. 105A. Here, SDNP security agent 1840 is monitoring a conversation between SDNP client device 1600A and SDNP client device 1600H. This conversation occurs using a data packet sent from the SDNP client device 1600A through the last mile router 1602G to the SDNP gateway 1701U via the SDNP cloud, but the data packet sent from the client device 1600A is closed by the SDNP gateway 1700U, It is securely routed to the designated SDNP Security Agent 1840. Specifically, during transmission in UDP, last mile data packets 1630A, the address "IP _{C 1, 1} 'to come address" IP _{M 0} to out SDNP gateway address "IP _{M 0, 4'} from SDNP client _transmits the SDNP data 1 to SDNP gateway ₀ ", is delivered via the zone U7 last mile to SDNP client address" IP _{C 7, 1} ". During the allowed monitoring period, the cloned SDNP data 1 is securely delivered to the security agent 1840 SDNP at the SDNP address "IP SA". The duplicated monitor data packet 1841 operates in the same manner as an SDNP group call, except that the duplicated data clone is not visible to the caller. The caller is thus unaware that he is being monitored.

Security monitoring is also valid for incoming calls. In Figure 105B, SDNP data 7 is transmitted from the client device 1600H in the address "IP _{C 7, 1} 'to SDNP gateway address" IP _{M 0, 4} ". After transmission from the SDNP cloud, the data is delivered from the SDNP gateway with address "IP M _0,0 " to two destinations. The client 1600A having the address “IP C _1,1 ”, which is the first destination, receives the response data packet 1640A including the SDNP data 7. The second destination, SDNP security agent 1840, receives the same payload containing clone data “SDNP data 7” via data packet 1842. The delivery of the data packet 1842 is invisible to the caller, so the caller is unaware that it is being monitored.

The same method can be applied to monitor fragmented distributed file storage. However, the security agent does not capture the fragmented data file, but only receives a copy of the associated FS link. Such an example is shown in FIG. Here, the SDNP file storage device 1700H transmits a data packet 1740H including the FS link 1 from the address “IP F _1,1 ”to the gateway address “IP M _0,4 ”. The cloned payload "FS link 1" is also delivered to the SDNP security agent 1840 at address "IP SA" by means of a data packet 1843 sent from the gateway address "IP M _0,0 ". As with real-time communication, the file owner, client 1600A, is unaware that it is being monitored by the SDNP security agent.

The same monitoring mechanism is also valid for multi-route last mile communication where data packets enter and leave the SDNP cloud via multiple SDNP gateways. This case is shown in FIG. Here, the last mile communication from client device 1600A includes a fragmented data packet 1630A containing payload SDNP data 1 and a data packet 1630B carrying payload SDNP data 2 entering the cloud via SDNP gateways 1701U and 1701V, respectively. After routing in the SDNP cloud, the data packets are recombined and emerge from the cloud as a single data packet 1630L with a payload containing the combined data SDNP data3. During operation, the SDNP gateway address "IP _{M 0,0"} and "IP _{M 0, 11"} according to an instruction from the signaling server, create the incoming SDNP data 1 and SDNP data 2 clones from the client node C1,1 , Forward them to the SDNP security agent 1840 at address “IP SA”. The cloned data is used for all SDNP data transfers, except that the security agent operates in its own security zone, zone SA which uses credential information not available to any other device. Data packets 1841A and 1841B are transmitted using the same hyper-secure method as the method. Therefore, there is no record or evidence that the designated security agent has monitored a particular conversation.

  Since SDNP's surveillance activities are conducted in secret and are essentially equivalent to invisible conference calls that are essentially undetectable, the SDNP system employs an independent verification method to approve and confirm the use of network surveillance. However, it is important to specify and confirm the SDNP security agents that are allowed to perform monitoring. The SDNP security agent can be any SDNP client except the network administrator. As a protection against system corruption, SDNP network operators and SDNP administrators are not allowed to act as SDNP security agents. In other words, the user who manages the network, even if it is threatened or extorted, cannot destroy its function for its own use.

  An SDNP security agent may be appointed as an individual, a government agent, a government-designated agent, or a legal counsel. The qualifications specifically required for a given security agent vary by company or country, subject to applicable local law. The monitoring hardware of the SDNP security agent may be a communication device or a computer server with recording, data storage and advanced decryption capabilities. All communications sent from the SDNP network to the designated SDNP security agent are transferred in the same hypersecured communications as the client's own communiqué, so security monitoring is sensitive to call confidentiality except oversight by authorized security agents. Does not violate the sex or the privacy of the caller.

  Furthermore, the monitoring of authorized SDNP agents and the implementation of authorized functions does not compromise the integrity and security of the network in any way. Operational details and DMZ shared secrets are not disclosed to network operators or security agents. The operation of the SDNP system is performed automatically and autonomously without human operator intervention or intervention, and the DMZ server is secured using zone-specific credentials that are not available through online access. There is. Therefore, the security monitoring does not reduce the security of the system or make the SDNP network vulnerable to a cyber attack.

  The data payload is delivered to the SDNP Security Agent in the same format that the caller created. All network SDNP encoding is decoded as part of the delivery to the SDNP security agent, so the delivered data packet does not contain any network security countermeasure information. However, if the client employs end-to-end encryption, the SDNP security agent will either allow the client to share the end-to-end decryption key with the network or use a separate key server utility accessible from the SDNP network. Unless you agree in advance, you need to decrypt the client end-to-end. Again, such end-to-end encryption and decryption keys are included in the SDNP approach primarily for privacy protection and are independent of the encryption used in SDNP's dynamic encoding function. ..

  In order to minimize the risk of monitoring abuse, SDNP management, which is used to establish and authorize designated SDNP security agents to monitor clients or client groups, has become a multi-step process. Although the SDNP system includes provisions for performing monitoring, the legal application of this function is the responsibility of the network operator, network administrator, and the authorizing agency or agent. These parties are personally responsible for ensuring that surveillance is done legally and in accordance with the laws of the country concerned.

  The need for monitoring can arise from a variety of situations. In companies, complaints from whistleblowers and allegations of sexual harassment may initiate HR department investigations or expedite court accounting. Court subpoenas related to the lawsuit (which may include a curfew order) may also require oversight. In corporate matters, communications using the corporate SDNP network are generally limited to corporate communiqués, excluding private and personal communications. In most countries, private communications are protected unless you suspect a criminal intent. In the case of national security or law enforcement activities, both the public and private SDNP accounts of the sender may be subject to oversight. In such a case, the corporate SDNP network operator for the company implements the corporate communication monitoring process, while the independent telecommunications SDNP network operator is the only provider capable of performing the monitoring of the private communication of the caller side. In some countries, governments must submit a subpoena for judge approval in order for governments to begin monitoring communications for civilians, while arguing that governments have the authority to monitor virtually all private communications. Some countries do. In the case of international communications, it is more difficult to determine which legislation applies and what the position of the network should be in enabling call monitoring.

  An example of the AAA process used to enable monitoring is shown in FIG. The process of approving the monitoring of the client includes a network administrator 1850 used for setting the monitoring operation, a security agent 1840 in charge of monitoring the client, and three approval agents 1851A and 1851B used for approving the monitoring process. 1851C is included and preferably operates autonomously and independently of the network operator or network administrator. The process begins with the network administrator 1850 soliciting a monitoring request 1862 in response to an investigation or court order. The administrator uses command dialog box 1862 to specify the telephone number of the individual for whom monitoring is requested. If the request is to monitor a group of individuals, then all parties can be entered into the file one by one with their phone numbers and uploaded to the system.

  In the authorization step 1863, the network administrator 1850 uses the example dialog box 1864 to identify a candidate security agent 1840 recommended to perform the monitoring function. In the case of a company, an individual may be a HR manager, legal counsel, member of the audit committee, representative of an independent accounting firm, or independent investigator. In the case of a lawsuit, the security agent could be a legal officer, a district lawyer, an FBI agent, or other formally appointed investigative committee member (eg, a special prosecution commission investigative panel in case of government misconduct). .. The system then checks the SDNP name server 1714 to ensure that the security agent has an SDNP account and complies with the rules specified by the company or network operator. Where relevant to national security, additional investigation of the proposed security agent's credentials and criminal record may be conducted before approval.

  If the security agent is authorized, the monitoring request is forwarded to the authorization agents 1851A, 1851B, and 1851C at authorization step 1865, where the authorization agent is the name or description of the person being monitored, or the security agent designated to perform the monitoring. Review the information listed in dialog box 1866, which includes the name and status of the surveillance surveillance period, and the reason for the surveillance. Each Authorized Agent can accept or reject the request. Network operator or company rules determine whether a monitoring operation is approved based on unanimous approval of the approval agent or by a simple majority resolution. The identity of the approval agency can be revealed in the case of a company, but in the case of a criminal case, it may not be kept anonymous by the anonymous communication function of the SDNP network.

  If the monitoring is approved, then in a management step 1867, the client's database 1868 is updated at the name server 1714 to tag the monitored SDNP client and validate the SDNP client, in this example, the data. The shaded rows are identified. The SDNP addresses in this database are updated together daily at the time the SDNP addresses are shuffled in order to maintain the same relationship between the monitored client and the designated security agent. When the survey schedule expires, the surveillance link is automatically disconnected. In admin step 1869, a link is sent to SDNP security agent 1840 to receive all ongoing communications of the identified monitored client. How the agent uses this information is not a matter of SDNP network operation. Unauthorized disclosure of personal information by security agents can be a crime for which security agents bear full responsibility.

  The surveillance method of the present invention allows SDNP networks to support criminal investigations of fraud and potential terrorist activity while maintaining a secure communication medium for law-abiding citizens. The SDNP network can securely deliver private client communications to authorities in compliance with court orders without compromising the privacy of innocent civilians or the security of the SDNP global communications network. Future communications via the SDNP network will remain anonymous and hypersecure because no backdoor or master key is used to honor court orders. In this way, the secure dynamic communication network and protocol and its hyper-secure last mile communication can provide security features not possible by any other means and are adopted in OTT and almost all messenger and communicator apps. It completely avoids the risk of supporting crime and terrorism resulting from overreliance on end-to-end encryption.

  Overcoming SS7 vulnerability

  Even if the dispute between Apple and FBI wasn't a big deal for the communications and security industry, the episode of the US television show "60 Minutes" (http://www.cbsnews.com/news/60-minutes-hacking-your- phone/) has revealed a serious security vulnerability in SS7 (Signaling System 7), which is a conventional wireless telephone signal control channel. As clearly shown in this show, a vulnerability in SS7 could expose all smartphones and connected devices to packet sniffing and cyber attacks. You can eavesdrop on conversations, browse SMS texts, attachments, and images.

  Signaling System 7 (SS7) is a telephony signaling protocol developed in 1975 and used in all forms of digital telephony around the world. SS7 is composed of a message transport part, or "MTP", which operates in PHY layer 1, data link layer 2 and network layer 3 and handles call routing. The end-to-end routing is managed by the signaling connection control unit that operates in the transport layer 4, that is, "SCCP". The protocol also includes a number of application layer 7 functions related to billing, roaming, and call authentication. The SS7 protocol, although absolutely necessary, is very vulnerable to attack and poses a serious risk in securing conventional telephony.

  In April 2016 (https://en.wikipedia.org/wiki/Signalling_System_No._7), the US Parliamentary Oversight Board reported: "The application of this vulnerability could endlessly extend from criminals watching individual targets to foreign companies doing industrial espionage to US companies, as well as nations watching US government officials. This vulnerability has serious consequences not only for personal privacy, but also for innovation, competitiveness, and national security in the US Many innovative digital security innovations, including multi-factor authentication using text messages. Technology can be useless."

  SS7 cyber attacks basically fall into the category of packet sniffing and use the unique format of SS7 information as a guide to intercept both content and metadata. The SS7 protocol basically provides the information templates used to interpret the packet information. As shown in FIG. 109, the problem begins with the SIM card, or "subscriber identity module". SIM cards contain various types of personal information about a subscriber and their account. As shown, a carrier SIM card 1880, typically issued by a network provider, is portable to the cellular network represented by antennas 25A, 25B, and 25C and their corresponding wireless links 28A, 28B, and 28C. Used to identify the phone 32. Each SIM card contains a unique identifier, an ICCID or "Integrated Circuit Card ID", which is an 18 or 19 digit number used to identify it internationally. The International Mobile Subscriber ID or IMSI identifies the individual operator network, ie the home network in which the SIM card works. The local network provider uses the IMSI number to communicate with the SIM card and establish the call.

  The SIM card also includes a three-digit number such as an "operating area identification code" or MCC for identifying the country where the SIM card is issued. When making an international call from a mobile phone, the MCC is required as part of the dial sequence. Examples of MCCs include 310-316 in the United States, 234-235 in the United Kingdom, 460 in China, 460 in France, 208 in France, 250 in Russia, 262 in Germany, 302 in Canada, 724 in Brazil and the like. The MCC is used in combination with a "Mobile Network Code", or MNC, to identify the network provider that issued the SIM card. A complete list of these codes can be found at https://en.wikipedia.org/wiki/Mobile_country_code. The SIM card also contains a 15-digit "mobile station international subscriber telephone number", or MSISDN, that uniquely defines the subscriber and the type of network on which the SIM operates. In addition to the user's telephone number, the SIM card also holds an SMS text directory that records incoming and outgoing calls and texts and their times and dates. In recent years, carriers have begun to store credit card credentials using a dedicated SIM card with so-called secure elements to facilitate mobile payments.

  Since MCC, MNC, and MSISDN codes are sent as part of the connection process, SS7 intrusion and packet sniffing can easily identify the SIM card's home country and carrier, and the associated telephone number of the subscriber. .. The transmission data 1881 can be easily used to track the identity of the caller via the phone book, online information, or social media, i.e. through profiling. Once identified and associated, the phone number and SIM can be used to monitor subscriber activity no matter where in the world the subscriber moves. Cryptography does not obscure the underlying call information or metadata. Even with end-to-end encryption, data packets are easily identified as coming from the same conversation and are captured and stored for subsequent decryption attempts.

  Aside from metadata and content, the location of the caller is also compromised by the SS7 vulnerability. In a cellular network, a phone sends a message to a local base station to identify that it is available at a particular base station. These registration packets are sent regularly. By monitoring these packets, the location of the phone using a particular SIM card, even when not on the phone or when GPS is turned off It can be specified even if the setting is not turned on. In this way, the subscriber's location and movement can be tracked without the subscriber's knowledge.

Despite this inherent vulnerability of SS7, hyper-secure last mile communication, performed according to secure dynamic communication networks and protocols, is obfuscated by obfuscating meaningful call data on the last link. Fight off SS7 attacks. In particular, the hyper secure last mile communication has a great security advantage as compared with the following conventional telephone communication or OTT internet communication.
In the hyper secure last mile communication, the telephone number or IP address of the person who receives the call or message is not disclosed even if the other party is not the SDNP client.
-Hyper-secure last mile communication does not identify whether sequential data packets are part of the same call or also represent data packets that are not associated with different destinations.
• By hiding the peculiarities of calls in data packets, Hyper Secure Last Mile communication obscures metadata about call times.
HyperSecure Last Mile Communication dynamically encodes the payload to prevent unauthorized access to packet content and protect the privacy of voice, video, text communications, photos, files and other content.

  Therefore, as described above, the communication using the disclosed secure dynamic communication network and protocol and the hyper secure last mile communication is not affected by the SS7 vulnerability. SDNP communication is performed using a proprietary protocol and is carried by an encoded payload, so even packets carried on open, unencrypted channels such as 2G, 3G, 4G/LTE telephony , Call data and contents cannot be extracted from SDNP data packets. Therefore, even if an attempt is made to start a cyber attack on SDNP coding or fragmented data transfer using packet sniffing, no effect is obtained.

  Impersonation function of SDNP

  Given the above, the only impact of SS7 vulnerabilities on SDNP communications is to reveal the location of the caller. Since the SIM phone number of the mobile communication company is linked to the ID of each user, when the mobile phone is turned on, communication with the nearest mobile phone base station always occurs even when no call is received. This base station information can be used to triangulate the user's position and track subscriber movement even with GPS turned off. Since such unauthorized tracking relies on SS7, devices using traditional mobile phone SIM cards are vulnerable to location tracking, even those devices acting as SDNP clients. is there.

  As shown in the simplified network schematic of FIG. 110, the tracking of subscribers is completely blocked by the enhanced hyper-secure last mile communication referred to as the “SDNP impersonation feature” as shown in this disclosure. To implement this function, the normal mobile phone company's SIM card 1880 is replaced with an SDNP SIM card 1882. Since the SDNP SIM card is registered with the SDNP network operator rather than the subscriber, no personal subscriber information is recorded on the SDNP SIM card 1882. The SDNP SIM card 1882 is similar to a prepaid SIM card in that it can access the network, but it does not contain any personal information. Instead, all of the account owner's personal information is stored securely within the name server of the SDNP network, and cannot be accessed or hacked by hackers.

  In operation, the SDNP impersonation feature hides the true identity of the owner by using a SIM card 1882 that is known only to the SDNP network operator. Thus, the telephone number contained in the SIM card is used to establish the PHY layer 1 and data link layer 2 connection 28B between the cell phone 32 and the base station 25B, but does not route. . Instead, the source address and the destination address of the last mile routing data packet are managed by the SDNP application 1335A and the SDNP gateway 1601A according to the instruction from the SDNP signaling server 1603A.

  Calls from the SDNP application routed through the SDNP gateway 1601A are displayed with a number different from the SIM card number. This conversion of physical SIM card number to SDNP phone number is performed by SDNP name server 1604A. Impersonate the physical SIM card number for all users by translating SDNP phone numbers to SIM phone numbers during call routing according to translation table 1885. Using the impersonation feature of SDNP completely hides the true identity of the phone owner. To call an SDNP client, an outside caller calls the SDNP number, even if he is not the SDNP client. The SDNP network automatically routes this call to the SDNP client without exposing the phone number of the SIM card. Similarly, the SDNP client makes a call to a party other than SDNP and the recipient of this call sees the incoming call from the SDNP number rather than the SIM card number. In this way, SDNP performs telephone functions similar to a NAT gateway for internet communication. The only difference is that the SDNP system is a real-time network and the Internet is not.

  Since the true user ID of the cell phone 32 is not revealed by the call 28B, triangulating the location of the cell phone is useless because all communication with the user remains anonymous. Therefore, tracking the location of an unidentified mobile phone has no benefit to hackers and avoids SS7 vulnerabilities. If the SDNP client is traveling abroad, the traveler can purchase a local prepaid SIM card and link to the SDNP number. SDNP subscribers continue to receive calls placed to SDNP phone numbers, but roaming charges are avoided because the last link communication occurs using the local SIM card. In this way, one SDNP telephone number can be used as a global number without long distance charges.

  SDNP subnet

The SDNP communication cloud can be remotely deployed across a network of any interconnected computers, privately or publicly hosted, using its own softswitch, a software-based communication node. Examples of server networks include privately owned privately owned networks, such as those hosted by Microsoft, Google, and Amazon. FIG. 111 shows two SDNP clouds deployed in two separate server networks. As shown in this figure, an SDNP cloud composed of servers 1901A, 1901B, 1901C, and 1901D includes SDNP communication nodes M _0,0 , M _0,4 , M _0,7 , and M _0,8 , respectively. Hosting. Second SDNP cloud is composed of the server 1902A, 1902B, and 1902C, respectively SDNP node _M 10, _0, hosting _{M 10, 1,} and _{M 10, 2.} Since these clouds each utilize separate security credential information for zone Z0 and zone Z10, the two SDNP clouds are completely distinct and cannot share information directly. However, a single SDNP client, shown as mobile phone 32 running SDNP app 1335, properly authenticates to both clouds, even if it is hosted by different computer server leasing providers. Being accessible. As shown in the example, SDNP client C _1,1 uses hyper secure last mile communication via router 1910 to access SDNP gateway node M _0,7 in zone Z0 cloud and also through the same router 1910. By using the hyper secure last mile communication, it is possible to access the SDNP gateway node M _10,0 of the zone Z10 cloud, and there is no risk that the conversations and data packets of both parties are mixed.

  Access to the two independent clouds is done via a common communicator application UI/UX 1920. Access to each cloud is compartmentalized in separate dialog sandboxes 1921A and 1921B. Information can be downloaded from the personal account sandbox 1921A to the mobile phone, but the method of exporting data from the business account sandbox 1921B depends on the company and its security controls.

  To connect a device to the SDNP cloud, the SDNP app needs to be installed on the device as software or firmware. The installation is done as follows: (i) application download, (ii) confirmation of device ID by SDNP network generated authentication code, (iii) establishment of personal identification credential information, and (iv) specific SDNP. Get approval to join the cloud. Once activated, the SDNP application establishes a hypersecure last mile connection to an independent SDNP cloud. In many cases, business account ID verification and user authentication is more complex than that required to access a personal account, and may require a multi-factor authentication method.

Since SDNP communication is software-based and uses security credential information for each communication cloud, there is no interaction between installed SDNP communication networks even when hosted on the same server. Since each SDNP cloud customized by the zone-specific security credential information is uniquely defined, the two SDNP clouds are different, and thus data cannot be directly shared. Conveniently, multiple SDNP clouds can co-exist in the same server or server network without the risk of data leakage. Access to the business network is controlled as defined according to the requirements of the cloud owner. Therefore, when sharing a common host server, mixing of two accounts and communication clouds is prohibited, and the same security is used as when two different phones are required to connect to two different networks. Zone-specific SDNP cloud or "subnet" autonomy is illustrated in more detail in FIG. In this figure, servers 1121A, 1901B, 1901C, 1901D simultaneously host two clouds. One cloud is SDNP communication nodes M _0,0 , M _0,4 , M _0,7 , and M _0,8 in zone Z ₀ , and the other cloud is zone Z 7 SDNP communication nodes M _7,0 , M _7,4. , M _7,7 , and M _7,8 . Despite operating in the same server, hyper-secure communication using SDNP established protocols can prevent direct data exchange. Therefore, access is managed by last mile communication rather than direct cloud-to-cloud data exchange.

  SDNP communications are not limited to personally leased publicly available servers, but can also be customized for various types of businesses or government agencies. In fact, private companies often prefer to host their own networks, especially for business-critical applications. Examples of private networks include FedEx, Walmart, IBM, and the like. To maintain confidentiality, organizations often also host their own networks used by research institutions, universities, and medical centers. In addition to this, private server networks are often adopted for hosting for the following purposes. That is, SalesForce. com, Box. com, Dropbox, eTrade, SAP, and other global business cloud applications, eBay, Amazon.com. com, Priceline. com, e-Insurance and other e-commerce platforms and comparison shopping networks, YouTube (registered trademark), Amazon Prime, Netflix, Hulu, Comcast Xfinity and other media streaming services, and Facebook, Twitter, Snapchat and other social media.

In larger companies, IT departments may choose to operate separate networks for parent organizations and subsidiaries. However, the cost of infrastructure is seen by many private companies as an important factor in network design. The SDNP system does not support two completely different hardware-based systems, but rather provides the organization with the ability to deploy a network using a combination of separate shared server resources. As shown in FIG. 113, two corporations, for example a parent company and its subsidiary, jointly host a single server network consisting of both separate servers and shared servers. Specifically, the server 1903,1904B, 1904C, and 1904D are communication nodes _M 7, 0 zone Z7 for the parent business _entity, M 7, _{4, M 7, 7,} and _M7,8 a host, respectively On the other hand, the servers 1901A, 1901B, 1901C, and 1903 respectively host the communication nodes M _0,0 , M _0,4 , M _0,7 , M _0,8 in the zone Z0 for the local subsidiaries of the company. As shown, the server 1903 hosts, for example, two SDNP communication nodes for the parent entity, node M _7,0 and node M _0,8 for the subsidiary. Even when the server 1903 and another server (not shown) are shared by both entities, the security credential information is different, and therefore data is not directly shared between the SDNP cloud of the parent company and the subsidiary. Employees are typically restricted to access only the employer's cloud, but executives may need access to both clouds. Appropriately authorized users, as shown in the SDNP Communicator App UI/UX 1920, include separate dialog sandboxes 1921C and 1921D for various corporations. In this way, one mobile phone or tablet can access multiple SDNP clouds of different corporations without the risk of data mixing, as if the user had multiple mobile phones. .

The SDNP app's multi-profile feature, which uses last mile hyper-secure security credential information to enable or prohibit access to multiple SDNP clouds, supports an unlimited number of account profiles from a single SDNP app. For example, in Figure 114, SDNP client _{C 1, 1,} via a global SDNP telco zones Z99 containing 1909E from server 1909A to each host _{M 99,5} from SDNP node _{M 99,1,} without long-distance rates not only outgoing international calls, for example, SDNP node _{M 9,0, M 9,4,} and servers 1905A hosting the _{M 9, 8,} 1905B, and other such corporate cloud composed zone Z9 at 1905C Access to the cloud is also possible, and also calling the subscribers of the zone Z0 cloud via the servers 1901A, 1901B, 1901C hosting the SDNP nodes M _9,0 , M _0,4 and M _0,8 respectively. Can also Access rights to a particular cloud are applied through last mile communication to the SDNP gateway and are managed by the SDNP signaling server of the system and the SDNP name server used to manage authorized users.

  SDNP communication can be similarly applied to networks with high security and restricted access required in the fields of government and security. For example, in the United States, various organizations such as local and state law enforcement agencies, the FBI, the United States Defense Forces, the United States National Security Agency, the United States Armed Forces (individually and jointly), the US Department of State, etc. Needed with parliament and legislative server networks. Other countries likewise host separate networks for various government agencies.

Nested subnet architectures can be implemented by leveraging SDNP communication methods and techniques to support access to a particular cloud with a "know only to others" policy. FIG. 115 is an example of a nested SDNP cloud structure, which consists of one leased computer server 1907A to 1907D hosting SDNP communication nodes M0,0,M0,4,M0,5,M0,9 respectively. Shown as a secure cloud of. Communication on this outer network "shell", including security credential information for zone Z0, is displayed in a "secret" level dialog sandbox 1912E displayed in SDNP Communicator 1920. The nested cloud, the government has been strengthened by the server 1906A, 1906B, 1906C, and the corresponding SDNP server node _{M 8,0, M 8,2,} security credential information of the zone Z8, including _{M 8,4} to host A security internal core is also included. In order for clients C _1,1 to access the Zone Z8 core, “top secret” security permission is required and they need to communicate via the enhanced communications sandbox 1921F. One example of a government application of this technology is in the US Department of State, where top secret communications in Zone Z8 are restricted to access by ambassadors and the Secretary of State, while other US Embassy staff around the world use Zone Z0 security credentials. Only hyper-secure "top secret" communication using information can be used.

Claims (9)

A method of sending a data packet from a client device to the cloud, the method comprising:
The data packet is included in the communication,
The cloud is composed of multiple media nodes and multiple gateway nodes,
The media node and the gateway node are hosted on a server,
The method is
Transmitting a first data packet included in the communication from the client device to a first gateway node;
Sending a second data packet included in the communication from the client device to a second gateway node. The first data packet is transmitted from the client device to the first gateway node via a first physical medium,
The method of claim 1, wherein the second data packet is transmitted from the client device to the second gateway node via a second physical medium. The first physical medium includes a mobile phone link,
The method of claim 2, wherein the second physical medium comprises a WiFi channel. Providing a first source address in the first data packet,
Providing the second data packet with a second source address. Providing a first source address in the first data packet,
Providing the second data packet with a second source address. A method of sending a data packet from a client device to the cloud, the method comprising:
The data packet is included in the communication,
The cloud is composed of multiple media nodes and multiple gateway nodes,
The media node and the gateway node are hosted on a server,
The method is
Transmitting a first data packet from the client device to a first gateway node via a first physical medium;
Transmitting a second data packet from the client device to a second gateway node via a second physical medium. The first physical medium comprises a mobile phone link,
The method of claim 6, wherein the second physical medium comprises a WiFi channel. Providing a first source address in the first data packet,
Providing the second source address in the second data packet. A method of sending a data packet from a client device to the cloud, the method comprising:
The data packet is included in the communication,
The cloud is composed of multiple media nodes and multiple gateway nodes,
The media node and the gateway node are hosted on a server,
The method is
Providing a first source address for the first data packet,
Providing the second data packet with a second source address.