KR20200002882A - Method and apparatus for secure last mile communication - Google Patents

Abstract

Various techniques are disclosed for concealing the content of communication between a client device, such as a cell phone or laptop, and a cloud of network or media nodes. Among such techniques, the packet is concealed by routing data packets in the communication to different gateway nodes in the cloud, transmitting the packets through different physical media, such as Ethernet cables or WiFi channels, and providing different source addresses. In addition, a high security method for storing technology and data files for muting specific participants in a conference call is disclosed.

Description

Method and apparatus for secure last mile communication

Cross Reference to Related Application

This application claims the priority of US Provisional Application No. 62 / 480,696, filed April 3, 2017, and again claims priority of US Provisional Application No. 62 / 107,650, filed January 26, 2015. US Patent Application No. 14 / 803,869, entitled "Secure Dynamic Communication Network And Protocol," filed date.

The entirety of each of the foregoing applications is incorporated herein by reference.

The present invention relates to a method and apparatus for facilitating hypersecure "last mile" communication between a device and a gateway to a network or cloud.

The means of improving communication fueled the progress of civilization from the earliest beginnings of mankind. From the use of couriers and messengers traveling by foot or horse, through postal delivery by train, truck, and airplane, telegraph and telegraph, telephone, radio, television, computers, mobile phones, the Internet, email and the World Wide Web. Until the advent, more recently through social media, Internet telephony, machine-to-machine (M2M) connectivity, the Internet of Things (IoT), and the Internet of Everything (IoE). There is a lot of information available. And the communication of the Internet of all times has always played a leading role in the development of the latest technology of the times. With each new communication technology used, the number of connected people and the rate at which information is transmitted increased.

The impact of this trend is that people are more connected than ever before, and people trust communication technology to securely and reliably deliver their private, personal, family, and financial information only to the people they intend to contact. Depends. Knowledge and information can now be distributed to millions of people in a matter of seconds, and friends and family can contact each other halfway around the world as routinely at the touch of a button. "The world has become a very small place," he often says.

This progress is very beneficial to everyone, but there are also negative consequences of our high dependence on technology. It is not surprising, for example, that when a communication system fails to perform during an earthquake or bad weather, people are confused or embarrassed by "unplugged" even if temporary. Thus, the quality of service (QoS) of a communication system or media is an important measure of the performance of a communication network. People's peace of mind, financial assets, identities and even their lives depend on reliable and secure communication.

Another major consideration in a communication network is the ability to ensure privacy, security, and security to clients using it. As communication technology evolved, so did the sophistication of criminals and "hackers" who intended to cause mischief, disrupt systems, steal money, or accidentally or maliciously harm others. Credit card fraud, stolen passwords, identity theft, and unauthorized disclosure of confidential information, personal photos, files, emails, text messages, and personal tweets (an embarrassment or intimidation of victims) are just a few examples of modern cyber-crime. Is nothing.

To address the prevalence of security issues in today's open communications networks, notable examples of privacy infringement and cybercrime at the time of filing this patent are listed in chronological order.

* "Target: at least 70 million stolen information". CNBC, January 10, 2014

* "A hacker created a smart ridge, and the TV sent a malicious email." BGR (www.bgr.com), January 20, 2014

* "Nest Google Privacy Row Resumes with Hacked Thermostat", Slash Gear (www.slashgear.com), January 24, 2014

* "Account hijacking requires Question Line's data security. Line, a free calling and messaging application, has recently been caught in a data security breach. The application is a non-account user. Saw hundreds of user accounts illegally accessed by "." Nikkei Asian Review, July 2, 2014

* "A common American captured on an NSA Data Sweep reported a claim." AP, July 6, 2014

* "Smart LED bulb leaks WiFi password". BBC News, July 2014

* "Six people imposed a prime ticket on the StubHub Scam. The stubhub was used by hackers who bought and sold thousands of tickets for pop music concerts and Yankees games with stolen passwords and credit card numbers. New York officials said, " Bloomberg, July 24, 2014

* "Research shows the Internet of Things very sensitive to hacking." International Business Times (www.ibtimes.com), 4 August 2014.

* "Russian hackers gathered 1 billion Internet passwords". New York Times August 5, 2014

* "New Leaker Representing U.S. Secrets, Government Concludes," CNN, August 2014.

* "15-second hacker root Google's Nest Thermostat", The Enquirer (www, theinquirer.net), 11 August 2014

* "Dairy Queen Hacked by the Same Malware That Hits the Target," Christian Science Monitor, August 29, 2014

* "Celebrity Victims of Nude Photo Disclosure-Security Vulnerabilities in iCloud Accounts", CBS News, September 1, 2014

* "Home Depot may be the latest target for credit card disputes. Home Depot disputes may be larger than targets (40M cards stolen over three weeks)", Fortune, 9 2014. Month 2

* "Mysterious fake cell phone towers intercept calls across the United States." Business Insider, September 3, 2014

* "Hacking attacks, from banks to retailers, signs of cyber warfare?". Yahoo Finance, September 3, 2014

* "Home Depot confirms hacked payment systems in US and Canadian stores". Fox News, 9 September 2014

* "Yahoo is arguing with the US government over surveillance." CBS / AP, September 11, 2014

* "Your medical record is more valuable to your hacker than your credit card." Reuters, September 24, 2014

* "Red Alert: HTTP S was hacked. Using browsers for SSL / TLS (BEAST) attacks would be one of the worst hacks because it breaks the connections hundreds of millions of people rely on every day." InfoWorld, September 26, 2014

* "Sony cyber attack, first trouble, quickly fell into the storm". New York Times, December 30, 2014

As cybercrime, security breaches, identity theft, and privacy breaches seem to be on the rise, the question arises: "How are all these cyber-attacks possible, and what can be done to prevent them?" While society seeks higher privacy and security, consumers also want better connectivity, cheaper high quality communications, and more convenience in conducting financial transactions.

To understand the performance limitations and vulnerabilities of modern telecommunications networks, data stores, and connected devices, how today's electronic, radio, and optical communications operate on and transmit data, including files, email, text, audio, and video footage It is most important to understand that they are stored and.

Circuit switched telephone network operation

Electronic communication includes various hardware components or devices connected within a network of wire, radio, microwave or fiber optic links. Information is transmitted from one device to another by transmitting electrical or electromagnetic energy over this network, and also by using various methods to embed or encode information "content" in the data stream. Theoretically, the laws of physics set the maximum data rate of these networks to the speed of light, but in most cases data encoding, routing and traffic control, signal-to-noise quality, and electrical, magnetic and optical noise, unnecessary parasitics Practical limitations of overcoming impede or inhibit the flow of information that limits the functionality of the communication network to some of its ideal performance.

Historically, electronic data communication was first achieved using dedicated "hardwired" electrical connections that form a communication "circuit" between or between two or more electrically connected devices. In the telegraph case, a mechanical switch was used to manually create and break an electrical circuit (DC) manually, magnetizing the solenoid and moving the metal lever again, so that the listening device or "relay" was in the same pattern as the caller pressed the switch. To be clicked at the same location. Then, to encode the information into a pulse stream, the sender used an agreed language, or Morse code. The listener needs to interpret the message by understanding the Morse code, which is a series of long and short pulses, similarly called dots and dashes.

Later, Alexander Graham Bell developed the first phone using the concept of "undulating current," now referred to as alternating current (AC), to deliver sound through electrical connections. The telephone network consists of two magnetic transducers connected by electrical circuits, each magnetic transducer composed of a movable diaphragm and a coil or "voice coil" surrounded by a fixed permanent magnet enclosure. When speaking in the transducer, the change in air pressure from sound causes the voice coil to move back and forth within the surrounding magnetic field that induces an AC current in the coil. On the listener's side, time-varying flowing through the voice coil induces the same waveform and time-varying magnetic field opposite the waveform and the surrounding magnetic field, moving the voice coil back and forth in the same way as a transducer that captures sound. The resulting movement reproduces the sound in a manner similar to the device that captures the sound. In modern indigenous words, when the transducer converts sound to current, it operates as a microphone, and when the transducer converts current to sound, it acts as a speaker. In addition, since the inverted electrical signal is analogous to the urea pressure wave, i.e., the audio waveform carried in sound, such electrical signals are referred to today as analog signals or analog waveforms.

As mentioned above, since the transducer is used for both speaking and listening, both parties in the conversation must know when to speak and when to listen. Similar to two annotation cans connected by strings in such a system, the sender cannot speak and hear at the same time. This one-way operation, called half-duplex mode, may sound old-fashioned, but in modern walkie-talkies and under the name "push-to-talk" or PTT. In modern telephone technology, it is still used for wireless communications.

Later, full-duplex (i.e. bi-directional or transmit / receive) telephones with separate microphones and speakers become routine, so that parties can speak and listen at the same time. However, even in modern times, feedback, the sound of the receiver, is received by the microphone and fed back to the caller and also to the caller, avoiding the condition of disturbing echoes and sometimes uncomfortable whistling-especially troublesome long distance communication. To do this, attention is also required to operate full duplex telephony.

Early telegraph and telephone systems suffered from other problems, one of privacy. In the incarnation of these early communication networks, everyone connected to the network listened to everything that was communicated on the line, even if they did not want to. In rural telephone networks, these shared lines were known as "party lines." Since then, telephone systems have evolved rapidly into multi-line networks in which leased lines connect telephone branch offices directly to the telephones of individual clients. Within the branch office, the system operator had the ability to manually connect callers to each other via switchboards using jumper cables, as well as to connect one branch to another to form the first "long-range" telephone call service. . Large banks of relays, forming telephone "switch" networks, have gradually replaced human operators, which have then been replaced by electronic switches, including vacuum tubes.

After Bell Laboratories developed the transistor in the late 1950s, telephone switches and branch exchanges replaced its vulnerable hot tubes with cold solid-state devices that included transistors and ultimately integrated circuits. As the network grows, telephone numbers have been expanded to include area codes and ultimately country codes from 7-unit prefixes and personal numbers to handle international calls. Soon, copper cables carrying voice calls covered the world and crossed the sea. Despite the size of the network, the principle of operation remained constant, and the call represented a direct electrical connection or "circuit" between the caller with voice carried by the analog signal and the routing of the call as determined by the telephone switch. It was. Such a telephone system eventually became known as a "line switched telephone network" or colloquially became a general old telephone system or POTS. Circuit-switched telephone technology reached its peak in the 1980s and has since been replaced relentlessly by the "packet switched telephone technology" described in the next section.

Evolving almost parallel to the telephone network, regular radio communications began radio broadcasting in the 1920s. The broadcast was unidirectional, transmitted from a radio station of a designated government-licensed frequency, and also received by any number of radio receivers tuned to a designated broadcast frequency or radio station. The broadcast signal carried an analog signal using amplitude modulation (AM) or by each frequency modulation (FM) method on a dedicated portion of the licensed radio spectrum later. In the United States, the Federal Communications Commission or the FCC has evolved to manage the allocation and regulation of these licensed bands. The broadcast concept was first extended to public television programs that used black and white content and later wireless transmissions involving color. Later, television signals could be carried to people's homes by microwave satellite dishes or via coaxial cable. The term " multicast " is now used for this unidirectional multi-listener communication because any listener tuned to the specified broadcast frequency can receive the broadcast.

With the advent of radio broadcasts, the first two-way communications began on commercial and military marine vessels, and during World War II, radios were devices that combine walkie-talkie hand held radio transceivers, transmitters and receivers into a single unit. Developed. Like telephony technology, early two-way radio transmissions operated in a "simplex" mode, allowing only one to listen and broadcast only one radio on a single radio channel. Combining transmitters and receivers at different frequencies allows simultaneous transmission and reception at each end of the radio link, allowing full-duplex mode communication between the two parties.

However, to prevent duplicate transmissions from multiple parties, protocols called half-duplex or push-to-talk (PTT) are commonly used for channel management, allowing anyone to transmit exclusively on a designated channel on a first-come, first-served basis. Industry standard radio types using analog modulation include amateur (Ham or CB) radios, marine VHF radios, UNICOM for air traffic control, and FRS for personal walkie-talkie communication. In these two-way radio networks, the radio transmits its data to a central radio tower for a specified frequency "channel", which tower amplifies and repeats the radio and transmits it to the entire radio network. . The number of available frequencies carrying information for the broadcast zone sets the total bandwidth of the system and the number of users that can communicate independently at one time on the radio network.

In order to expand the total capacity of a radio network to handle a large number of callers, the concept of a cellular network separated into a small area or a radio "cell" was demonstrated in the 1970s and became widespread within the next decade. The cellular concept was to limit the broadcast range of the radio tower to smaller areas, i.e. shorter distances, and thus to reuse the same frequency bands, allowing simultaneous handling of different callers present in different cells. To do so, software was created to manage the handoff of a caller passing from one cell into an adjacent cell without "dropping" and suddenly disconnecting the call. Like radio and television broadcasts, like POTS and two-way radio, early cellular networks were virtually analog. To control call routing, a telephone number system has been adopted to determine the appropriate wireless electrical connection. The choice also had the advantage of seamlessly connecting the new wireless cellular network to "wired" common older telephone systems, providing interconnection and interaction through both systems.

Beginning in the 1980s, telephone and radio communications, along with radio and television broadcasts, were designed to reduce power consumption and increase battery life, to improve quality with a better signal-to-noise ratio, and to carry data and text with voice. A relentless transfer from analog to digital communication method and format driven by the need to start addressing the need has begun. Radio formats such as EDACS and TETRA have emerged that can use one-to-one, one-to-many, and many-to-many communication modes simultaneously. . In addition, cellular communication has been rapidly shifted to digital formats such as GPRS, as did TV broadcasts.

By the 2010s, most countries stopped or were in the process of terminating all analog TV broadcasts. Unlike broadcast television, cable TV carriers are not required to switch to digital format and have maintained a hybrid composite of analog and digital signals until 2013. The ultimate move to digital is not by government standards, but by expanding the number of allowable channels in the network, delivering HD and UHD content, and providing more pay-view (PFV, “Uni "Also known as" unicast ", and for commercial reasons to enable high-speed digital connectivity services to its clients.

With the advent of the Internet, and more specifically with the widespread adoption of the Internet Protocol (IP), it is common to equate the transfer of global communication networks from analog to digital format, but the transition to digital format has led to the commercial acceptance of IP in telephony technology. Earlier, the universal transfer to IP and "packet-switched networks" (described in the next section), but not facilitated, was made possible.

The consequent evolution of switched-switched telephony technology exists schematically as a PSTN that includes the merger of radio, cellular, PBX, and POTS connections and sub-networks, each including "public switched telephone networks" or dissimilar technologies. The network is connected by a high band trunk line and includes, for example, a PSTN gateway connected to a POTS gateway, a cellular network, a base station PBX, and a two-way wireless network via a wired connection. Each sub-network operates independently, driving similar types of devices.

The PSTN is also connected to a circuit switched cellular network via a base station 17 that implements AMPS, CDMA, and GSM analog and digital protocols. Through cellular towers, circuit-switched cellular network base stations connect to mobile devices, such as cell phones, using standardized cellular radio frequencies of the cellular link. For GPRS networks, an improvement to GSM, circuit-switched cellular network base stations can also connect to tablets that deliver low-speed data and voice simultaneously. Two-way wireless networks such as TETRA and EDACS connect PSTNs to hand held radios and large in-dash and desktop radios through high-power wireless towers and cellular links. Commonly used by police cars, ambulances, ambulances, ambulance medics, fire departments, and even port authorities, these two-way radio networks, also referred to as professional telecommunications networks and services, serve government, municipal, and emergency responders rather than consumers. (Note: As used herein, the terms "desktop", "tablet" and "laptop" are used as short references to computers with these names).

Unlike POTS gateways, cellular network base stations, and PBXs, which use typical telephone numbers to complete call routing, two-way radio networks are dedicated (rather than telephone numbers) to establish a wireless link between the tower and the mobile device it operates on. Use the RF radio channel. Therefore, professional wireless communication services are clearly present and are also uniquely different from consumer cellular telephone networks.

Thus, the PSTN network flexibly interconnects sub-networks of various technologies. There is a wide variety of inter-network interoperability capabilities that are inherent in today's circuit-switched networks. Because the various sub-networks do not communicate with any conventional control protocol or language, and because each technology handles the transmission of data and voice differently, dialing over a PSTN backbone or trunk line Except for its limited ability to do so, the various systems are basically incompatible. For example, during the September 11 terrorist attacks on New York City's World Trade Center, the United States congregated in Manhattan just to help learn about its radio communications system and walkie-talkie. Many emergency personnel throughout the country were incompatible with volunteers in other states and cities, making it impossible to manage central orders and control of relief efforts. Because there was no standardization in the radio's communication protocols, the radios could not simply connect with each other.

Moreover, by direct electrical and RF connections, especially in circuit-switched telephone networks using analog or non-secure digital protocols, hackers with RF scanners can find active communication channels and sniff, sample, listen to conversations occurring at that time, Or blocking is simple. Because the PSTN forms a "continuously linked" link or circuit between the communicating parties, a cyber criminal conducts legal, illegal, prohibited, or unauthorized surveillance by a government operating under a wiretap ordered by a federal court. There is ample time for a hacker to identify and "tap" a connection criminally or criminally by the government. The definition of legal and illegal espionage and surveillance and compliance obligations by network operators vary greatly from country to country, and heated debates among global companies such as Google, Yahoo and Apple that operate across international boundaries. While telecommunications networks and the Internet are global and have no borders or boundaries, the laws governing this electronic information are limited to the jurisdiction of the government that controls telecommunications and commerce, both domestic and international at the time.

Regardless of legality or ethics, electronic eavesdropping ranges from the monitoring of ubiquitous security cameras on the street corners and upper streets of all roads or subways today to sophisticated hacking and code cracking performed by national security agencies and agencies in various countries And monitoring is routine. Although all networks are vulnerable, the old and vulnerable security regulations of the PSTN make them particularly easy to hack. Thus, even PSTNs connected to modern secure modem networks represent weaknesses in the overall system, creating weaknesses in security breaches and cybercrime. Nevertheless, if not decades, it will take years to retire a global PSTN network and completely replace it with IP-based packet-switched communication. Such packet-based networks (described below) are more modern than PSTN, but still insecure, and are subject to security breach, hacking, denial of service attacks, and privacy breaches.

Packet Switched Communication Network Operation

If two tin cans connected by strings represent a metaphor for the operation of a modern circuit switched telephone, the post office represents a similar metaphor for a packet switched communication network. In this approach, text, data, voice, and video are converted to streams of files and digital data, which data is then parsed into quantized "packets" of data and delivered over the network. The delivery mechanism is based on an electronic address that uniquely identifies where the data packet went and where it came from. In addition, the format and communication protocol are designed to include information according to the nature of the data contained in the packet, including the program or application in which it is to be used, and the content specified in the hardware that facilitates the physical link and the electrical or radio connection carrying the packet. .

The concept of packet-switched networks born in the 1960s was created during the editorial era of the Sputnik Cold War. At that time, the US Department of Defense (DoD) said that space-based nuclear missile launches could crush the entire US communications infrastructure, losing the ability to respond to USSR preemptive attacks, and that there is indeed one vulnerability to such attacks. Expressed concern that it could provoke DoD therefore sponsored the development of redundant communication systems or grid-like "networks" where the network's ability to communicate information between military installations could not be interrupted by destroying designated data links or even numerous links within the network. . Known as ARPANET, the system has become a popular parent of the Internet and modem digital communications.

Despite the creation of packet-switched networks, the explosive growth of the Internet has led to the emergence of the first easy-to-use web browser, Mosaic, the emergence of hypertext-defined web pages, the rapid adoption of the World Wide Web, and the widespread use of email. It didn't happen until the 1990s, when the global adoption of the Internet platform was widespread. Because no country can stop it (or even fully recognize its global linkage), and because its user base includes consumers using its newly acquired personal computers, its basic view, One lack of central control, or the need for a central mainframe, has driven the Internet in part ubiquity.

Another significant impact of Internet growth has been the standardization of the Internet Protocol (IP) used to route data packets through the network. By the mid-1990s, Internet users recognized that they could be used to carry data, and shortly thereafter, "Voice over Internet Protocol" or VoIP was born. The concept theoretically allowed anyone with the Internet to communicate freely over the Internet, but the propagation delays across the network, or latency, resulted in poor voice quality and often difficulty. Although latency has been improved with the adoption of Fast Ethernet links, high speed WiFi connectivity, and 4G data to improve connection quality at the "last mile," the Internet itself has been created to ensure the correct delivery of data packets. There is no guarantee of the time required for delivery, ie the Internet has not been created to operate as a real-time network.

So the dream of using the Internet to replace expensive long-distance carriers or "telco" is "over the top," such as Skype, Line, Kakao Talk, Viper, etc. Despite the availability of "over-the-top" (OTT) providers, they are largely lacking. OTT telephony techniques suffer from uncontrolled network latency, poor sound quality, dropped calls, echo, reverberation, feedback, uneven sounds, and sometimes low quality of service (QoS) resulting from inability to initiate a call. The poor performance of OTT communications is not inherently a weakness of VoIP-based protocols, but rather a weakness of the network itself, where the OTT carriers cannot control the path that data takes or the delay that the communications encounter. In essence, OTT carriers cannot guarantee performance or QoS because OTT communications operate as Internet hitchhikers. Paradoxically, the companies that can best utilize VoIP-based communications today are long-distance carriers with dedicated low-latency hardware-based networks, with very little incentive for Telco to do so.

Aside from its inherent network redundancy, one of the greatest strengths of packet-switched communication is that from any source, as long as the data is placed in packets that match the Internet protocol, and the communication device is connected and linked to the Internet, Its ability to carry information to any destination. The Internet protocol manages the network's ability to deliver payloads to their destinations, without any concern or concern about what information is carried or what applications will use it, so any need for custom software interfaces and expensive proprietary hardware Avoid all of them. In many cases, even application-specific payloads set a predefined format, for example for reading mail, opening a web page in a browser, viewing a photo or video, viewing a Flash file, or reading a PDF document.

Since the versatile file format avoids the reliance on proprietary or company-specific software, the Internet is an "open" that can communicate from the "computer" to the mobile phone and from the vehicle to the widest range of connected devices to date. Source "communication platform. The most recent statement describing this universal connection is the Internet of Things (IoE).

As shown, large computer arrays including high speed cloud servers and cloud data storage are interconnected by high bandwidth connections, typically optical fibers, between other countless servers (not shown) to form the Internet cloud. do. Cloud metaphors are appropriate because there are no well-defined boundaries that define which servers are considered part of the cloud and which are not. On a daily and even minute basis, the server is online while it can be taken offline for maintenance without affecting the functionality or performance of the Internet. This is an advantage of a true redundant distributed system, there is no single point of control, and therefore no single point of failure.

The cloud can be connected to a user or connected device via any of a variety of wired, WiFi or wireless links. Wireless packet-switchable telephony includes cellular protocol 3G, including HSUPA and HSDPA, as well as 4G / LTE (or long-term evolution), even if a cell operates on a different protocol. It refers to a network standard that ensures interoperability with various cellular protocols, including the ability to seamlessly handoff. Note: By definition, “last mile” as used herein refers to a link between any type of client device, such as a tablet, desktop or mobile phone, and a cloud server. In the direction, the term "first mile" is sometimes used to specify the connection between the device and the cloud server that initiates the data transfer. In this case, the "last mile" link is also a "first mile" link.

For local area communications, WiFi access points connect to smartphones, tablets, laptops, desktops or connected devices and can also be used for local wireless applications in homes, cafes, restaurants, and offices. WiFi includes communications operating in accordance with IEEE defined standards for the single carrier frequency specification 802.11a, 802.11b, 802.11g, 802.11n and most recently for the dual frequency band 802.11ac format. WiFi security based on a simple fixed login key is primarily used to prevent unauthorized access of the connection, but is not intended to protect data indefinitely from sniffing or hacking.

The wired distribution unit 27 ie routers can be used to connect hotels, factories, offices, service centers, banks, and homes to laptops, desktops, telephones, televisions, or twisted copper wire pair telephone lines by fiber optic, coaxial cable, or Ethernet. It may be connected to a point of sale terminal serving a floating or fixed wire, including. Wired connections distribute fiber optic or coaxial cables to homes, offices, factories, or businesses connected locally through a modem to convert high-speed data (HSD) connections into WiFi, Ethernet, or twisted copper wire pairs. It may include. In remote areas where fiber optics or cables cannot be used, digital subscriber line (DSL) connections are still used, but data rates and connection stability are greatly compromised. Counting access over wireless, WiFi, and wired connections, the number of Internet-connected individuals is expected to reach 20 billion worldwide by 2020.

Unlike the circuit-switched network, which establishes and maintains a direct connection between devices, packet-switched communication uses addresses to "route" packets to their destinations over the Internet. Thus, in the packet switched communication network, there is no single dedicated line that maintains the connection between communication devices, and data traveling through the Internet does not travel in a single consistent path. Each packet must find its way through the maze of interconnected computers to reach its target destination.

In IP packet routing from a laptop to a desktop using packet-switched network communication, for example, the first data packet sent from the laptop via a wireless connection to a local WiFi router is directed towards an array of DNS servers, where DNS is a domain name server. It stands for. The purpose of the array of DNS servers is to convert the text name or telephone number of the destination device, which in this case is the desktop, into an IP address. Once identified, the IP address is passed back from the array of DNS servers to the source address, ie back to the notebook. This address, which clearly identifies the communication device, is used in the routing of data packets through the network.

After that, the notebook assembles its IP data packets and starts sending them continuously to its destination, e.g. initially via a WiFi radio to a local WiFi router, after which a network of routers and servers acting as intermediate routers. Send to the destination through the walk. Routers and computer servers work together as nodes of the Internet or as points of presence, or as POPs, ie gateways of limited connectivity that can access the Internet. Some routers or servers that act as POPs connect to the Internet through a few adjacent devices, while other servers interconnect to multiple devices, also sometimes referred to as "super POPs." For clarity, it should be recognized that the term POP in network indigenous languages should not be confused with the application name POP, or the usual old post office used for email applications.

Each router or server acting as a router includes in its memory file a routing table that identifies an addressable IP address and possibly an address that the router above can address. These routing tables are automatically downloaded and installed on all routers the first time they are connected to the Internet, and are generally not loaded as part of routing packets through the network. When an IP packet enters a router, POP, or super POP, the router typically reads a sufficient IP address, which is the most significant digit of the address, to know where to direct the packet on its journey to that destination. For example, packets destined for Tokyo from New York are first routed to Chicago and then through servers in San Francisco, Los Angeles, or Seattle before connecting to Tokyo.

Since the number of routers a packet traverses and the available data rate of each connection between routers varies by infrastructure and by network traffic and loading, there is no a priori way to determine which path is the fastest or best.

Unlike circuit-switched telephony, which establishes and maintains a direct connection between clients with packet-switched data, it monitors the Internet to route packets by determining which path is optimal, appropriate, or faster. There is no general intelligence to determine the best route to route packets while there is no guarantee that two consecutive packets will even take the same route. The packet thus "discovers" its way over the Internet based on the priorities of the companies operating the routers and servers that the packet traverses. Each router essentially contains some routing table and routing algorithm that defines its preferred path according to the network conditions. For example, a router's preference can be a priority for sending packets to another router owned by the same company, balancing traffic between neighboring routers, finding the shortest delay to the next router, minimizing or Direct high-speed lanes for VIP clients by directing them to strategic business partners or by skipping intermediate routers as much as possible. When a packet enters the router, there is no way to know whether the routing choice made by the designated POP was most interested in the sender or network server operator.

So in a sense, the route the packet takes is a matter of timing and luck. In the previous New York to Tokyo routing example, the routing and the resulting QoS can vary substantially based on the small confusion of the path, the so-called "butterfly effect" in the nonlinear equations. Considering the case where a packet from New York passes through "Router A" in Chicago, because California is temporarily high in traffic, it is forwarded to Mexico City rather than California. The Mexico City router then forwards the IP packet back to Singapore, from which it is finally sent to Tokyo. The next packet sent is routed through Chicago "Router B", which at that point sends the packet to San Francisco, due to low traffic, and then directs it directly to Tokyo only two hops away. In such a case, the second packet may arrive in Tokyo before the first packet is routed through the longer and trailing path. This example highlights the problem of using the Internet for real-time communication, such as live video streaming or VoIP, that is not designed to ensure delivery time or to control network delays when performing delivery. The latency can vary from 50 ms to 1 second or more depending on whether the packet is routed through only two servers or only through 15.

The lack of routing control of the Internet is problematic for real-time applications, and is also a problem of QoS, which is particularly vulnerable for carriers trying to provide Internet-based telephony by capturing free rides on top of the OTT carrier-Internet infrastructure. Since OTT carriers do not control routing, they cannot control delay or network latency. Another problem with packet-switched communication is that it is not detected and it is easy to extract data. If a pirate intercepts a packet to identify the source or destination IP address, they can intercept the data from the mediation router and sniff or redirect traffic through their pirate network to spy on the conversation or even decrypt the encrypted file. You can use a variety of methods.

Source and destination IP addresses and other important information (and also used by pirates to obfuscate packets) used to route packets are strings of digital data referred to as IP packets, IP datagrams, or TCP / IP packets. Is specified. The IP packet contains digital information that defines the physical connection between the devices, how the data is organized to link the devices together, the network routing of the packet, whether useful data (payloads) are correctly delivered, and what kind of data is in the payload. And then thereafter means for ensuring that the payload data itself is used by various applications.

IP packets are transmitted and received sequentially as a string of digital bits, and are organized in a designated manner called the Internet Protocol, among others, established by various standards committees, including the Internet Engineering Task Force. This standard ensures that any IP packet following a prescribed protocol can be communicated and understood by any connected device that complies with the same IP standard. Ensuring the communication and interactivity of devices and applications connected to the Internet is a feature of the Internet, and also to prevent companies, governments, or individuals from controlling the Internet, or limiting or limiting its accessibility. Open Source Initiative) or OSI's Guiding Principles.

The OSI model, which is a summary that includes seven layers of functionality, precisely defines the format of the IP packet, and that each segment of the packet is used. Each part or "segment" of an IP packet corresponds to data that applies to the function of a particular OSI layer. The roles of the seven OSI layers are as follows:

Layer 1, physical layer or PHY layer includes hardware specific information representing the physical characteristics of the communication as electrical, RF, and optical signals, and how these signals can be converted into bits for use in a communication system. Converting a digital broadcast of WiFi radio, Ethernet, serial port, fiber, 3G or 4G cellular radio, DSL, USB, Bluetooth, cable or satellite TV over twisted pair copper, or audio, video, or multimedia content into a bit stream This is the behavior of the PHY layer. The preamble 80 in the IP packet represents layer 1 data and is used to synchronize the entire data packet or " frame " with hardware that sends and receives it.

Layer 2 , the data link layer, includes bits arranged as a frame and defines the rules and means by which the bit stream delivered from PHY Layer 1 is converted into interpretable data. For example, a WiFi radio based bit stream may conform to any number of IEEE defined standards including 802.11a, b, g, n and ac; 3G wireless communication can be modulated using HSDPA or HSUPA, which is a fast packet access method; Electrical signals on optical or coaxial cables modulated in optical fibers can be decoded into data according to the DOCSIS 3 standard. In an IP packet, Layer 2 data encapsulates its payload into a datagram with a leading "data link header" and a trailing "data link trailer", ensuring that the encapsulated transmitted payload is not lost in the transmission process. Start and stop as if. One key element of Layer 2 data is a MAC or media access address used to direct data traffic to or from a designated Ethernet address, RF link, or hardware-specified transceiver link.

Layer 3 , the network or Internet layer, whether the packet contains IPv4 or IPv6 data and corresponding source and destination IP addresses as well as information about the characteristics of the payload contained in the packet, i.e. the type of transport protocol used Internet Protocol (IP) used to route IP packets, including whether this includes Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or anything else. It contains packets called "datagrams" that contain information. Layer 3 also includes the ability to prevent immortals in which IP packets are not delivered but never die. ICMP, a specific type of layer 3 packet, is used to diagnose the condition of the network, including the well-known "ping" function. In the IP packet, layer 3 includes an "IP header" 82, and also encapsulates its payload, which includes the transport and upper layer segments 83, 84.

Layer 4 , the transport layer comprises a segment of data defining the connection characteristics between the communication devices, where UDP is the minimum description of the payload for connectionless communication, i.e., how large the payload is, what is lost, It defines which application service (port) uses the data passed in. The UDP is considered non-connected because it does not confirm delivery of the payload and relies on identifying error or missing data on the application. The UDP is typically used for time sensitive communications such as broadcasting, multicasting, and streaming, where retransmitting packets is not optional. In contrast, TCP ensures a virtual connection by acknowledging the packet, the payload is reliably delivered before the next packet is sent, and retransmitted the missing packet. In addition, TCP uses a checksum to check the data integrity of delivered packets and also includes the ability to reassemble packets out of order in their original order. Both TCP and UDP define a description of the web server or email server associated with the source and destination ports, higher layer services or applications, for example information contained within the layer 4 payload. In the IP packet, Layer 4 includes a TCP / UDP header and also encapsulates the data / payload containing the content used by higher OSI layers 5, 6, and 7.

Layer 5, 6, 7 , upper or application layer describes the content delivered by the Internet as data / payload. Layer 7, the "application" layer represents the highest level in the OSI model, and also relies on six underlying OSI layers to support both open source and proprietary application software. Commonly used Level 7 applications include email using SMTP, POP or IMAP, web browsing using HTTP (Chrome, Safari, Explorer, Firefox), file transfer using FTP, and terminal emulation using telnet. do. Exclusive applications include Microsoft Office suites (Word, Excel, PowerPoint), Adobe Illustrator, and Photoshop, Oracle, and SAP database applications; Quicken, Microsoft Money, and QuickBooks financial software; In addition to document readers such as Adobe Acrobat Reader and Apple Preview, you can also use iTunes, QuickTime, Real Media Player, and Windows Media Player. Windows Media), audio and video players (such as Flash). Level 7 applications are defined syntactically by a level 6, "presentation" layer, which typically includes document presentations such as text, graphics and pictures, sound and video, XML or PDF, along with security features such as encryption. Using embedded landfill objects. Level 5, the "session" layer establishes inter-application connectivity, such as importing one object into another program file, and also controls starting and ending sessions.

As described, the OSI 7 layer model defines the functionality of each layer, and the corresponding IP packets encapsulate data for each other (inside of one another in a manner similar to babushka or Russian nesting dolls). In one doll, the other doll, and this continues the wooden doll). The outer packet or Layer 1 PHY defines an entire IP frame that contains information related to all higher levels. Within this PHY data, the layer 2 data frame describes a data link layer and includes a layer 3 network datagram. This datagram again describes the Internet layer as its payload with layer 4 segment data describing the transport layer. The transport layer delivers higher layer data as payloads containing layer 5, 6, and 7 content. 7-layer encapsulation is sometimes referred to as "everyone needs data processing", which lists seven OSI layers from top to bottom as application, presentation, session, transport, network, data link, and physical layers. Referred to by the mnemonic.

While the lower physical layer and the link layer specify hardware, the intermediate OSI layer encapsulated within the IP packet describing the network and transport information is typically completely agnostic to the hardware used to communicate, forward and forward the IP packet. Moreover, the upper layer encapsulated as the payload of the transport layer only specifies applications that operate and operate completely independently of how packets are routed or delivered through the Internet. This partitioning allows each layer to be monitored essentially independently, supporting a large number of techniques and user combinations without the need for administrative approval of packet formatting or validation of packet payloads. Incomplete or inappropriate IP packets are simply discarded. In this manner, the packet-switched network can route, transmit, and convey various application related information for heterogeneous communication media in a consistent form among any Internet-connected device or entity.

In conclusion, switched circuit networks allow packet-switched network communications to split documents, sound, video, and text into multiple packets, using best efforts to provide multiple network paths (delivery in a timely manner). Forwarding these packets via a post office), then reassembling the original content, and verifying that nothing was lost in the process, requiring a single direct connection between two or more parties. The comparison between circuit switched PSTN and packet switched VoIP is summarized in the table below.

network PSTN Internet Technology Circuit switched Packet switched connect Dedicated electrical connection Each packet is routed through the internet Data passing Real time (line) Best Transfer (Packets) signal Analog or digital Digital, IP, VoIP contents voice Voice, text, data, video Data rate lowness height Error checking None, or minimum Wide range Impact of Broken Lines Broken or short call Call Rerouting Power Outage Network power delivery Battery backup required

While the PSTN is operating using real-time electric line connections, packet-switched networks deliver packets and payloads, unlike post offices, which use different trucks and text carriers to ultimately deliver mail, even if their arrival is late. Recognize that you deliver content using the "best effort" method to find a way. The operation and communication of a packet-switched network is described in more detail in the background section of the related patent application entitled "Secure Dynamic Communication Network and Protocol", the disclosure of which is part-continued.

When considering the performance of the network, several factors are considered.

* Data rate, i.e. bandwidth

* Quality of Service

Network and data security

* User privacy

Of the above considerations, the data rate is easily quantified at millions of bits per second or Mbps. Quality of service or QoS, on the other hand, includes many factors including latency, sound quality, network stability, intermittent operation or frequent service interruptions, synchronization or connection failures, low signal strength, delayed applications, and functional network redundancy during emergency conditions. do. Cyber security and cyber privacy prevents attacks on the network and prevents cyber crime, cyber surveillance, IP packet sniffing, port interrogation and denial of service attacks, profiling, fraud, packet hijacking, cyber-infection, surveillance, pirate management, and intrusion. To prevent unauthorized access to data traffic and content.

Quality of service

Quality of service describes the network's performance at capacity, bandwidth, latency, data rate, scalability, sound quality data integrity, and data data bit error rate. For program, file and security related verification, data accuracy is an important factor. What matters depends on the nature of the payload carried over the packet-switched network. In contrast, for voice and video making up a real-time application, factors that affect packet delivery time are important. The quality factors and how they affect various applications such as video, voice, data and text vary depending on the application. Good network conditions typical by constant high speed data packet waveforms are minimal time delay, clear strong signal strength, no signal distortion, stable operation, and no packet transmission loss.

Intermittent networks with intermittent low data rate packet waveforms have the greatest impact on video functionality, causing painfully slow video downloads and unacceptable video streaming. Congested networks operating at lower effective data throughputs with shorter periods of interruption, illustrated by IP packet waveforms, not only severely degrade video by rattle intermittent movement, fuzzy images, inappropriate color and brightness. Rather, distortions, echoes, and even whole sentences degrade voice or voice communications by conversations or omissions from sound tracks. However, in a crowded network, data can still be delivered using TCP by repeated requests for rebroadcast.

Extremely unstable networks show low data throughput with many data stops at unpredictable periods. Also, an unstable network includes a corrupted IP package, as represented by dark shaded packets in waveform 610D, which must be retransmitted in TCP based transmissions and also discarded as simply corrupt or inappropriate data in UDP transmissions. At the level of network degradation, even emails are intermittent, causing IMAP synchronization to fail. Because of its lightweight data format, most SMS and text messages are delivered with a slight delivery delay despite severe network congestion, but no attachment will be downloaded. In an unstable network, all applications may fail, causing the computer or mobile phone to stop working properly and appear as waiting for the expected file to be delivered. In this case, the video stops, the sound is choppy, making it difficult to understand, and the VoIP connection is repeatedly disconnected more than 12 times within a few minutes, in some cases not fully connected. Similarly, email stops or delays as the computer icon rotates indefinitely. All progress bars are stopped. Even text messages are bounced and "undeliverable".

Many factors can cause network instability, including severe denial of denial-of-service attacks on selected servers or networks, including power failures of major servers and super POPs, overloaded call capacity, transmission of large data files or UHD movies. However, the main factors used to track the QoS of a network are its packet loss rate and packet latency. Missing packets occur when an IP packet cannot be delivered and is " timed out " permanently, or when a router or server detects a checksum error in the IP packet header. For packets using UDP, packets are lost and layer 7 applications need to be smart enough to know what's broken. If TCP is used for layer 4 transmission, the packet will receive a retransmission request, further adding loading to a potentially already overloaded network.

QoS, another factor in determining propagation delay, can be measured quantitatively in several ways, such as delay of IP packets from node-to-node or one-way from source to destination, or alternatively round-trip delay from source to destination. Can be. The effect of propagation delay on packet delivery is different from using UDP and TCP transport protocols. As integrated network propagation delays increase, the time required to perform round-trip communications such as VoIP conversations increases. For UDP transmission, the round trip delay increases linearly with the propagation delay. Since long propagation delays are associated with higher bit error rates, the number of lost UDP packets increases, but since UDP requires retransmission of lost packets, round trip time remains linear with increased delay. TCP transmissions exhibit substantially longer round trip times for each packet transmitted than UDP because of the handshaking required to confirm packet delivery. If the bit error rate is low and most packets do not require retransmission, the TCP propagation delay increases linearly with the integrated propagation delay. However, as communication networks become unstable with increasing propagation delay, the round trip time due to TCP transmissions increases exponentially due to the need for a protocol for retransmission of missing packets. Therefore, TCP is contraindicated for time-sensitive applications such as VoIP and video streaming.

Because all packet communications are statistically devoid of two packets with the same propagation time, the best way to estimate the unidirectional latency of the network is by measuring the round trip time of a large number of similarly sized IP packets, and by unidirectional latency By dividing by 2 to estimate. Latency up to 100 ms is significant, up to 200 ms is considered fairly good and up to 300 ms is still considered acceptable. For a 500 ms propagation delay that is easily encountered by OTT applications running on the Internet, the delay is inconvenient for the user and also disrupts normal conversation. Especially in voice communication, this long propagation delay can produce a "bad" sound and also appear as an echo, producing a "twangy" or metallic sound, waiting for the other party to get your response until its last minute. While you wait for a response to your last opinion, you may interrupt your normal conversation and possibly appear distorted or incomprehensible speech.

For clarity, the unidirectional latency of the communication is, in part, that ICMP packets are generally lighter than actual IP packets.

Because the ping test does not use the "retransmission request" of TCP, and the report on the public network of the Internet

Because there is no difference, it differs from the ping test performed by the layer 3 ICMP utility (such as the free network test at HTTP://www.speedtest.net) in that the root of the ping test matches the actual packing route. . In essence, when the ping experiences a long delay, there is something wrong with the network or some link between the device and the network, for example a WiFi router or last mile, but a good ping result in itself results in a low propagation delay of the actual packet. Cannot be guaranteed.

To improve network security, encryption and verification methods are often used to prevent hacking, sniffing, or spying. However, excessive encryption and multiple key encryption protocols constantly reverify the identity of the contact, causing additional delays, thereby increasing effective network latency and lowering QoS at the cost of improving security.

Cyber security and cyber privacy

The other two major considerations in communication are cyber security cyber privacy. Although related, the two problems are somewhat different. "Cyber security, including network security, computer security, and secure communications, monitors, blocks, and prevents unauthorized access, misuse, modification, or denial of data contained within computer or communications networks, network accessible resources, or networked devices. The data may include personal photographic images and video recordings, as well as personal information, biometric data, financial records, health records, personal communications and records. point of sale (POS) mobile phones, tablets, laptops, desktops, file servers, email servers, web servers, databases, personal data, as well as publicly shared devices used by individuals such as terminals, gas pumps, ATMs, etc. Storage, cloud storage, Internet-connected devices, connected parties It includes the same car.

Clearly, cybercriminals and computer hackers who attempt to gain unauthorized access to security information are committing crimes. If the illegally obtained data contains personal information, the attack is an infringement of the victim's personal privacy. Conversely, privacy breaches can occur without the need for cybercrime, and indeed cannot be prevented. In today's networked world, unauthorized use of personal information can occur without the need for security breaches. In many cases, a company that collects data for one purpose can sell its database to other clients who want to use the data for another purpose. Even Microsoft's purchase hotmail is well known for selling mailing lists to advertisers interested in spamming potential clients. Whether such behavior should be considered a cyber privacy breach remains a matter of opinion.

“Cyber Privacy”, which includes Internet privacy, computer privacy, and private communications, controls the personal and personal information and its rights, including the collection, storage, display, or sharing of information with others. Include rights or obligations. Personal information may include personally identifiable information, including height, weight, age, fingerprint, blood type, driver's license number, passport number, social security number, or any personal information useful for identifying an individual without knowing its name. have. In the future, even individual DNA maps may remain legal records. In addition to personally identifiable information, non-personal and personal information may include the brand of clothing we buy, the websites we visit often, whether we smoke or own a gun, what kind of car we drive, and what we can contract in our lives. It may include what kind of disease we have, what kind of disease our medical history has, and even what kind of people are attracted to us.

This personal information is combined with public records related to personal income, taxes, deeds of property, criminal records, traffic violations and any information posted on social media sites to form a powerful data set for stakeholders. Intentionally collecting large data sets that capture demographic, personal, financial, biomedical, and behavioral information and collect data on patterns, trends, and statistical correlations is known as "big data." . The healthcare industry, including insurance companies, healthcare providers, pharmaceutical companies, and even medical attorneys, has a strong interest in personal information stored as big data. Automotive and consumable companies likewise want access to these databases to manage market strategy and advertising budgets. In recent elections, even politicians have begun looking at big data to better understand voters' opinions and political issues to avoid.

The issue of cyber privacy is not whether today's big data is capturing personal information (already a standard procedure), but having enough personal identity information to identify you even if the data set doesn't know your name or you know. Whether it is. For example, the US government originally said that once a personal medical account has been established, personal information collected by the healthcare.gov Web site used to join the Affordable Care Act will be destroyed. Later, in a recent publication, a third party that facilitates data collection for the US government had previously signed a government contract that gave it the right to retain and use the collected data, so that private personal information leaked to the US government. The information is not really private.

Finally, it should be mentioned that similar technical measures are used to monitor surveillance by both governments and criminal organizations. While criminals certainly do not have the legal right to collect this data, the case of unauthorized government surveillance is more ambiguous and varies dramatically from country to country. For example, the US NSA repeatedly pressured Apple, Google, Microsoft and others to provide access to the cloud and databases. Even government officials intercepted and intercepted their conversations and announcements. When asked whether Skype, Microsoft's department, monitors the sender's content, Skype's Chief Information Officer suddenly replied "no comments."

Cybercrime and Cyber Surveillance Methods -A number of means for unauthorized access to devices, networks, and computer data, including a variety of malware and hacker technologies used to commit cybercrime and achieve unauthorized intrusion into secure networks, focusing on the topic of cybersecurity. This exists.

For example, an individual using an Internet-connected tablet might call an office desk phone, send a message to a TV, call a friend in a country that still uses a POTS network switched to the phone, or the web. You can download files from storage or send email through an email server. While all applications represent global interconnections with normal applications on the Internet, there are many opportunities for surveillance, cybercrime, fraud, and identity theft throughout the entire network.

For example, for a tablet connecting to a network via a cellular radio antenna and an LTE cellular base station or via a short range wireless antenna and a public WiFi base station, an unauthorized intruder may monitor the wireless link. Similarly, LTE calls over the cellular link may be monitored or “sniffed” by a blocked radio receiver or sniffer. The same sniffer can monitor the WiFi link and adjust on the receiving end on the cable between the cable CMTS and the cable modem.

In some cases, LTE calls can be blocked by a pirate faux tower, establishing a switched communication path between the tablet and the cellular tower. Communications sent to routers, servers, servers, and cloud storage over a packet-switched network may be subject to man-in-the-middle attacks. The wired tap may intercept calls on the POTS line from the PSTN gateway to the phone and calls on the cooperative PBX line between the PBX server and the office phone.

Through a series of security breaches, spyware can install itself on a tablet or laptop, on a router, on a PSTN bridge, on cloud storage, on a cable CMTS, or on a desktop computer. Trojan software can install itself on a tablet or desktop to phish passwords. The worm can also attack the desktop, especially if the computer is running a Microsoft operating system that uses the ActiveX features available. Finally, to launch a denial of service attack, the virus can attack any number of network-connected devices, including servers, desktops, and tablets.

As such, malware can be operated in different parts of communication networks and infrastructure, and cyber attacks can include viruses, man-in-the-middle attacks, government surveillance, and denial of service attacks. The last mile of a communication network offers even wider opportunities for malware and cyber attacks divided into local telco / networks, last links, and devices divided into three zones. Local telco / networks as shown include high speed wired or fiber optic links, routers, cable CMTS, cable / fiber, cable modems, WiFi antennas, and LTE radio networks. In this part of the network, radio sniffer, spyware, virus, and man-in-the-middle attacks are all possible.

For the last link, in the local connection to the device, the network connection includes spyware, radio sniffer, wiretap, and wired connection exposed to the mock tower, WiFi link, and LTE / radio cellular link. For example, the devices themselves, including tablets, laptops, desktops, smartphones, smart TVs, POS terminals, and the like, are exposed to many attacks, including spyware, Trojans, viruses, and worms.

Such surveillance methods and spy devices, including devices used to monitor traffic on Ethernet local area networks, devices for monitoring WiFi data, and devices for monitoring cellular communications, can be readily used in commercial and online markets. Although sniffing of fiber-optic cloud connections was not initially identified as a threat, non-invasive data sniffers for optical communications have recently emerged, i.e. there is no need to break the fiber or even temporarily disrupt its normal operation. A data sniffer currently exists.

In addition to using hacking and surveillance methods, various commercial spyware can easily be used to monitor cell phone conversations and Internet communications. Today, commercially available spyware programs advertise many features, such as the ability to beneficially monitor your employees, your children, and your spouse. This set of features, together with a number of ways to violate cyber privacy surprisingly convincingly, include telephones, photos and videos, SMS / MMS text messages, third-party instant messaging, email, GPS location tracking, Internet use, address books, It is surprisingly comprehensive, including monitoring of calendar events, eavesdropping, control applications, and even remote control functions. In fact, cyber attacks are now too frequent and they are tracked every day. In order to launch a cyber attack, a combination of steps or techniques is usually required.

IP packet sniffing

* Port interrogation

* Profiling

* Trickster

* Packet theft

Cyber infection

* watch

* Pirate Management

IP Packet Sniffing Using a radio monitoring device, cyber criminals can obtain important information about the user, the transaction, and the account. In packet sniffing, the content of an IP packet can be obtained anywhere in the path between two users or "snipped". For example, when a user sends a file, e.g. a photo or text, from his laptop to his friend's phone in an IP packet, the cyber pirate intercepts the sender's last link, intercepting the sender's local network. By intercepting the cloud, intercepting the recipient's local telco, or intercepting the recipient's last link, the IP packet can be found in any number of places. The observable data contained in the intercepted IP packet indicates the destination of the packet including the layer 2 MAC address of the device used for communication, the layer 3 address of the sender on the receiving side, i.e. the transport protocol, e. Include. The IP packet also includes the layer 4 port number of the sending and receiving device and the data file itself, potentially defining the type of service requested. If the file is not encrypted, the data contained in the file may be read directly by the cyber pirates.

If the payload is not encrypted, textual information such as account number, login order, and password can be read and, if valuable, stolen or stolen for criminal purposes. If the payload contains video or pictographic information, some additional action is required to determine the layer 6 application format that the content uses, but once identified, the content can be made public or posted Or perhaps possibly to threaten one or both of the communicating parties. Such cyber attacks are referred to as "man-in-the-middle attacks" because cyber pirates do not know the parties to the communication personally.

As already described, the monitoring of the cloud is more difficult because the IP packet routing in the cloud is unpredictable, since subsequent packets are identical because the cyber pirates must capture the first information of the IP packet. This is because the root and sniffed packets cannot be followed. Intercepting data at the last mile has a greater likelihood of observing a series of related packets that contain the same conversation, so that the local router can route the local router to the designated route until the packet reaches a POP outside the client's own carrier. This is because you follow the table normally. For example, Comcast's client will use the Comcast proprietary network to pass IP packets all the way up the routing chain, until the packet moves geographically beyond the reach and client service area of Comcast.

If a continuation of packets between the same two IP addresses occurs for a sufficiently long time, the whole conversation can be fragmented. For example, if an SMS text message was passed on the same network at the last mile, cyber pirates could communicate via IP address and port number, allowing multiple IP packets carrying text to communicate between the same two devices: a mobile phone and a laptop. Can be identified. Thus, even if the text is written in a message with a different account number and password, or is incompletely disseminated for many packets, the consistency of the packet identifier still allows cyber pirates to reconstruct the conversation and steal account information. Once the account information has been stolen, they can deprive the account of money by transferring money to foreign banks or even changing account passwords and security questions, ie, temporarily identifying theft.

Even if the payload is encrypted, the remaining IP packets including the IP address and port # are not encrypted. After repeatedly sniffing a large number of IP packets, cyber pirates with access to sufficient computational power can systematically try every combination with brutal shearing forces until they break the encryption password. Once the key is broken, the packet and all subsequent packets can be decrypted and used by the cyber pirates. The probability of decrypting the login password by "password guessing" is greatly improved when the packet sniffing described below is combined with user and account "profiling." In "man-in-the-middle attacks" communication devices are generally not included because cyber pirates do not have direct access to them.

Port Interrogation -Another way to break into a device is to interrogate many Layer 4 ports and use their IP address to see if any request receives a response. Once the cyber pirate identifies the target device's IP address from packet sniffing or other means, the cyber pirate can initiate a series of interrogations on the ports on the device to look for insecure or open ports, service and maintenance ports, or application backdoors. have. While the hacker's interrogation program can systematically cycle through all port #s, attacks typically have port # 7 for ping, port # 21 for FTP, port # 23 for telnet terminal emulation, and port for simple email. Focus on infamous vulnerable ports such as # 25. Each time the pirate sends a packet that the device responds to, the pirate learns more about the operating system of the target device.

During the port interrogation process, cyber pirates do not want to expose their real identity, so they will use a fake pseudo-address to receive a message that cannot be personally tracked. Alternatively, cybercriminals can use stolen computers and accounts, so if someone else seems to be trying to hack a target device, and tracks them, return the investigator to an innocent person rather than them.

Profiling -User and account profiling uses cyber-publically available information to decrypt targets, their accounts, and their personal records to decrypt, identify accounts, and determine assets. The process of learning. Once a hacker has obtained the target's IP address using sniffing or other means, the trace route utility can be used to find the DNS server for the device's account. Then, by using the "Who is" function on the Internet, the name of the account holder can be found. In profiling, cyber criminals search the Internet and collect all available information of account holders. Sources of information include public records such as deeds of property, car registration, marriage and divorce, tax liens, parking tickets, traffic violations, criminal records, and the like. In many cases, websites from colleges and professional societies include home addresses, email addresses, telephone numbers, and personal birth dates. By investigating social media sites such as Facebook, LinkedIn, Twitter, and others, cybercriminals can use family and friends, pet names, as well as photographs and video files, including embarrassing incidents, family secrets, and personal enemies. You can collect important information such as your previous home address, classmates, other people's highlights, and photos.

The next step in cyber pirates is to use this profile to "guess" the user's password based on that profile, hacking the target device and another account of the same individual. Once cybercriminals have decrypted one device password, they are more likely to break into other accounts because people tend to reuse passwords that are easier to memorize. At that point, it is possible to steal a person's identity, transfer money, make them a target for police investigation, and steal all of that property, essentially destroying another's life. For example, as described in the opening paragraph of the present invention, which collects a long list of passwords from stolen accounts, cybercriminals use the same password and login information to illegally purchase millions of premium tickets for concerts and sporting events. I used a password.

Imposters-When a cyber pirate impersonates someone or uses an illegally acquired cyber security credential to access communications and files by pretending to be an authorized person or device, the cyber pirate acts as a "fraudster." The scammer type of cyberattack has a cyber criminal having enough information or access to an individual's account to take the victim's account, sending messages on their behalf, and falsely conveying them as the owner of the hacked account. Recently, for example, a personal friend of one of the inventors has been hacked into a "line" personal messenger account. After taking over the account, the cyber criminal sent a message to her friend, including a false statement that "she needed money for an emergency loan in a car accident" and sending an order to send the money to. Without knowing that the account was hacked, her friend's request was considered real and immediately provided financial help. To avoid doubt, the request to each friend was less than $ 1,000. Fortunately, just before sending the money, one of her friends called her to reconfirm the wired information and the scam turned out. Without the call, no one would ever know that the request came from a fraudster, and the line account owner would never know that a wire transfer was sent or requested.

Another form of misrepresentation occurs when a device is granted security rights and can exchange information with a server or other networked device, and somehow disguises the cyber pirate device as an authorized server, whereby the victim's device Does not recognize that the server is a fraudster, and is willing to hand over files and information to the pirate server. This method was used to encourage celebrities to back up their personal photo files to iCloud, except that the backup cloud was a fraudster.

Another form of fraud occurs when someone with physical access to a person's phone or open browser performs a fraudulent activity, such as sending an email, answering a phone call, or sending a text message from another person's account or device. The receiving party assumes that they are connected to a known device or account and that the person operating the device or account is the owner. The scam may be a joke like a friend who posts an embarrassing comment on Facebook, or may be more personal, where someone's spouse answers a personal call or intercepts a personal text message of personal nature. The consequences of unauthorized access can result in jealousy, divorce, and multiple legal proceedings. If a device becomes temporarily unmonitored in an office or a cafe, for example, when going to the bathroom, a fraudster may quickly access personal or corporate information, or may not be authorized, as described in the next section entitled "Infection." There is another risk of sending an email, sending a file, or downloading some form of malware to the device.

Fraud-based cyber attacks are important even if a device is stolen. In this case, even if the device is logged out, the thief spends enough time to break the login code. The "Find My Computer" feature, which finds stolen devices on your computer and erases computer files when cyber pirates first log on to the device, knows that technology-savvy criminals currently only activate devices without a cellular or WiFi connection. It doesn't work anymore. This risk is especially significant for mobile phones with a four-digit personal ID number or PIN that is simple to pass line security. Breaking a PIN is only a matter of time since there are only 9999 possible combinations.

The main problem for keeping a device secure is to prevent access to fraudsters. Preventing fraud requires a powerful means of verifying your identity at regular intervals and ensuring that you have access to only the information and permissions you need. Device security is often the weakest link in the chain. Once the security of a device is compromised, it is not worth considering strong network security.

Packet Hijacketing -Packet hijacking involves cyber attacks where normal packet flow through the network is bypassed by hostile devices.

For example, if the integrity of the router is compromised by a cyber attack from cyber pirates, the IP packets passing through the router may be rewritten into revised IP packets, and the IP packets may be rewritten to other destination addresses and ports of the cyber pirate device. You can switch to #. The cyber pirate device can then get all the information it needs from the payload of the IP packet and change the content of the payload of the IP packet. Fraudous payloads can be used to commit any number of fraudulent crimes, collect information, and download malware to mobile phones, as described in the later section “Infections”.

The hijacked packet is then remodified to look like the source IP address of the original IP packet, except that the packet goes through a new and different path. Alternatively, the hijacked IP packet can be returned to the compromised router and then sent to the cloud as before. In order to maximize the criminal benefit of packet hijacking, cyber pirates need to conceal their identity in packet hijacking, and for that reason disguise the actual routing of IP packets, and thus even the Layer 3 ICMP function "tracking route" to communicate. You will have difficulty in identifying the actual path. However, if hijacking adds significant delay in packet routing, abnormal latency can be immediately investigated by the network operator.

Cyber-infections- One of the most insidious categories of cyber attacks is collecting information, fraudulent, redirecting traffic, infecting other devices, damaging or blocking systems, or denying service failures. It is a "cyber infection" that thereby installs malware into a target device or device. Cyber infections can spread via email, files, websites, system extensions, applications, or networks. One common category of malware, "spyware," collects all sorts of processing information and delivers it to cyber pirates. In the case of "phishing", a wen page or application shell that looks like a familiar login page asks for information about account login or personal information and passes the information to the cyber pirate. Other malware infections can control the hardware, for example controlling the router to execute the packet hijacking described above. In these cases, cyber pirates try to obtain information or control interests for their own purposes.

Other classes of cyber-infections, including viruses, worms, and Trojan horses, are designed to prevent the device from performing normal operations by overwriting critical files or repeatedly executing nonsense functions. Basically, it denies service, degrades performance or kills the device completely. These malicious infections are inherently destructive and are used for malicious purposes, and thus are simply motivated for fun in order to prevent competitors' business from operating normally or to make hackers possible.

Surveillance -Intrusions and surveillance go beyond cyber crime. In such cases, a personal investigator or acquaintance is hired or forced to install a device or program on the target personal device to monitor voice conversations, data exchange, and location. This is greater risk of being caught because the detective must temporarily access the target device without the subject knowing. For example, a SIM card that can copy the cellular access rights of a mobile phone can be used commercially, but at the same time it can send information to cyber criminals monitoring the target's call and data traffic.

Another form of surveillance, as in casinos, involves the use of secret video cameras to monitor all human actions and phone calls. Video monitoring makes it simple to know the device's password or PIN by observing the user's keystrokes during the login process. If enough cameras are in place, the login process is eventually recorded. To undoubtedly access the camera network, cyber pirates can hack existing camera surveillance systems in buildings, shops or streets, and access someone else's network to monitor the behavior of unsuspecting victims. The combination of video surveillance and packet sniffing provides a more comprehensive data set for initiating subsequent cyber attacks.

Pirate Administration (Infiltration) Another means that cyber pirates can do to obtain information is to hack to gain access to system administration privileges on the device, server, or network. By hacking the login of the system administrator, rather than gaining unauthorized access to the account, the cyber pirates can take advantage of significant access and privileges without the knowledge of the system user. Nobody will catch criminal activity, and in a system or network with essentially corrupt managers, no one will oversee the police.

Conclusion -The ubiquity and interoperability of the nearly universal adoption of the Internet, packet-switched networks, and seven-layer open source initiative network models have expanded beyond comparable global communications over the last two decades, and from smartphones to tablets, computers, and smart TVs. The company offered a wide range of devices ranging from automotive, home appliances and light bulbs. The worldwide adoption of Internet protocols or IP as the basis for Ethernet, cellular, WiFi and cable TV connections has greatly simplified the challenge of hackers and cyber criminals invading as many devices and systems as possible, as well as unified communications. Given the many software and hardware methods that can attack current communication networks, a single security method as a single defense is not sufficient. Instead, a systematic approach is needed to protect all devices, end links, local telcos / networks and cloud networks to ensure that they are protected against sophisticated cyber attacks. The method employed must provide inherent cyber security and cyber privacy without sacrificing QOS, network latency, video or sound quality. Encryption should remain an important component of this next-generation development in secure communications and data storage, but network security should not rely solely on encryption methodology.

In accordance with the present invention, data (which is broadly defined to include text, audio, video, graphics and all other types of digital information or files) is transmitted over a secure dynamic communication network and protocol (SDNP) network or “cloud”. . The "SDNP" cloud refers to a number of "nodes", also referred to as "media nodes," individually hosted on servers or other types of computers or digital equipment (collectively referred to herein as "servers") located anywhere in the world. Include. It is possible for two or more nodes to be located on a single server. Typically, data is transferred between media nodes by light carried over fiber optic cables, by radiowaves in the radio or microwave spectrum, by electrical signals conducted on copper or coaxial cables, or by satellite communications. Although transmitted, the invention broadly means that digital data is transmitted from one point to another. The SDNP network is an Internet of Things device and electronics, automobiles, and other vehicles, as well as "last mile" links between the SDNP cloud and client devices such as mobile phones, tablets, laptops and desktop computers, mobile consumer electronic devices, and devices such as the Internet. As well as the SDNP cloud. Last mile communications also include cell phone towers, household cables or fiber optics, and public WiFi routers. In the last mile, the link between the client device and the closest cell phone tower or other re-transmitter is referred to as the "last link."

When transferring between media nodes in the SDNP cloud, the data is in the form of "packets", which are individual strings of digital bits that can be fixed or of variable length, and the data is also described in the following techniques: scrambling, encryption, or splitting. Or its inverse process, unscrambling, decryption and mixing (Note: As used herein, the word "or" is used in a combined (and / or) sense unless the context indicates otherwise). Is disguised by using.

Scrambling involves reordering data in data packets; For example, data segments A, B, and C appearing in that order in the packet are rearranged into sequences C, A, and B. The inverse of the scrambling operation is referred to as "unscrambling" and involves relocating data within the packet for the order in which A, B and C first appeared in the example above. The combined operation of unscrambled and then scrambled data packets is referred to as "re-scrambling". When rescrambling a packet that has already been scrambled, the packet may be scrambled in the same or different manner as the previous scrambling operation.

The second action, "encryption", encodes the data in the packet into a form called ciphertext, which is used by the sender and other authenticated persons, and by those who must perform a reverse action ("decryption") to do so. Can only be understood. The combined operation of decrypting a ciphertext data packet and re-encrypting it is typically referred to herein as " re-encryption, " but it is not necessary to use a different method than the method already used to encrypt it. It is referred to as.

The third action, "split," means, as the name suggests, split a packet into two or more small packets. The reverse action of "mixing" is defined as recombining two or more packets into a single packet. Splitting a previously separated and then mixed packet may be the same or different than the previous splitting operation. The sequence of operations is invertible, whereby splitting may not be performed by mixing, and conversely, mixing multiple inputs into one output may not be done by splitting to recover the components by splitting. Since scrambling and unscrambling, encryption and decryption, and partitioning and mixing are inverse processes, knowledge of the algorithm or method used to do this is necessary to do the opposite, so that here special scrambling, encryption, or Regarding the partitioning algorithm, it should be recognized that knowledge of the algorithm allows performing the reverse process.)

In accordance with the present invention, data packets passing through the SDNP cloud are scrambled or encrypted, or undergo one or both of these operations in combination with partitioning. In addition, "junk" (ie, meaningless) data may be added to the packet to make the packet more difficult to decipher or to fit the packet in the required length. Moreover, packets can be parsed, i.e. separated into separate fragments. In computing languages, parsing divides computer language syntax, computer instructions, or data files into parts that are useful for a computer. Parsing may be used to obscure the purpose of an instruction or data packet or to arrange data into data packets having a specified data length.

Although the format of the data packets conforms to the Internet protocol, within the SDNP cloud, the addresses of the media nodes are not standard Internet addresses, i.e. they cannot be identified by any Internet DNS server. Thus, although a media node can technically receive data packets over the Internet, the media node does not recognize the address or respond to queries. Moreover, even if Internet users contact the media node, they cannot access or inspect the data inside the media node because the data in the media node can recognize the media node as a fraudster without the necessary identification credentials as the SDNP media node. . In particular, unless a media node is registered as a valid SDNP node running on an SDNP name server or equivalent qualified server, data packets sent from that node to other SDNP media nodes will be ignored and discarded. In a similar manner, only clients registered with the SDNP Name Server can contact the SDNP Media Node. As with unregistered servers, data packets received from sources other than registered SDNP clients will be ignored and discarded immediately.

In a relatively simple embodiment, referred to as a "single root", a data packet traverses a single path through a series of media nodes in the SDNP cloud, which is scrambled at the media node that enters the cloud, and also the media where the packet exits the cloud. Unscrambled at the node (these two nodes are referred to as "gateway nodes" or "gateway media nodes"). In a slightly more complex embodiment, the packet is rescrambled at each media node using a different scrambling method than used at the previous media node. In another embodiment, the packet is encrypted at the gateway node where it enters the cloud and decrypted at the gateway node where it exits the cloud, and the packet can also be re-encrypted at each media node passing through the cloud. Since a given node uses the same algorithm each time to scramble or encrypt a packet, this embodiment is described as "fixed" scrambling and encryption.

When a packet receives two or more operations, for example scrambled and encrypted, the reverse operation is preferably performed in the reverse order of the operation itself, ie in the reverse order. For example, if a packet is scrambled and then encrypted before leaving the media node, it is first decrypted and then unscrambled when it arrives at the next media node. The packet is reproduced in its original form only while in the media node. While a packet is sent between media nodes, it is scrambled, split, mixed, or encrypted.

In another embodiment, referred to as "multi-root" data transmission, packets are separated at the gateway node, and the resulting multiple packets traverse the cloud in a series of "parallel" paths, with no route except the gateway node. Do not share media nodes with other paths. Multiple packets are typically mixed to recreate the original packet at the exit gateway node. So even if a hacker can understand the meaning of a single packet, they will only have a portion of the entire message. The packet may be scrambled and encrypted at the gateway node before or after it is split, and the multiple packets may be rescrambled or re-encrypted at each media node they pass through.

In another embodiment, packets do not travel in the SDNP cloud only via a single path or a series of parallel paths, but rather packets can travel through multiple paths, many of which intersect with each other. Since the picture of possible paths in this embodiment resembles a mesh, this is referred to as "meshed transport". As in the foregoing embodiments, packets may be scrambled, encrypted, and split or mixed as they pass through separate media nodes in the SDNP cloud.

The path of the packet through the SDNP network is determined by the signaling function, which is carried out in a segment or preferably "dual channel" or "triple channel" of the media node itself by a separate signaling node operating on a dedicated signaling server. This can be done by way of example. The signaling function determines the route of each packet when it leaves the sending client device (e.g. mobile phone) based on the conditions of the network (e.g. propagation delay) and the priority and urgency of the call. It notifies each media node along the route that it receives, and also instructs the node to send it to. Each packet is identified by a tag, and the signaling function instructs each media node which tag to apply to each media node it transmits. In one embodiment, the data tag includes in the SDNP header or sub header a data field appended to each data sub-packet used to identify the sub-packet. Each sub-packet may include data segments from one or multiple sources stored in data "slots" specified in the packet. There may be multiple sub-packets within one large data packet of a data transfer between any two media nodes.

The routing function is aligned with the partitioning and blending function, because once a packet is split, each path of each split sub-packet must be determined, and the node to which the sub-packet is recombined must be commanded to blend them. Because. Packets may be split once and then mixed in a multi-root embodiment, or may be split and mixed multiple times as the gateway node exits through the SDNP network. The decision of which node at which node will be split, how many sub-packets will be split, and which path of the sub-packet will be mixed at each node to reconstruct each path of the sub-packet and the original packet, is a separate signaling. It is all under the control of the signaling function, whether or not it is performed by the server. The partitioning algorithm may specify which data segments are to be included in each sub-packet in the communication, and the order and location of the data segments of the sub-packets. The mixing algorithm reverses this process at the node where the sub-packets are mixed to recreate the original packet. Of course, if so indicated by the signaling function, the node may also repartition the packets according to different partitioning algorithms corresponding to the time or state at which the partitioning process occurs.

When a media node is instructed by the signaling function to send a plurality of packets to a particular destination media node on a "next hop" over the network, whether these packets are split packets (sub-packets) or if they are different messages. Media nodes, especially when multiple sub-packets share a common destination media node for their next hop (similar to a post office that addresses the box leaving a group of letters intended for a single address). The packets can then be combined into a single large packet.

In the "dynamic" embodiment of the present invention, individual media nodes of the SDNP cloud cannot use the same scrambling, encryption, or partitioning algorithm or method on consecutive packets passing through them. For example, a given media node may scramble, encrypt, or split one packet using a special scrambling, encryption, or splitting algorithm, and then scramble, encrypt, or split the next packet using another scrambling, encryption, or splitting algorithm. Can be divided "Dynamic" behavior greatly increases the difficulty hackers face, because they only have a short time (eg 100 msec) to understand the meaning of the packet, and even if they succeed, The usefulness of knowledge will be short lived.

In a dynamic embodiment, each media node is associated with what is known as a "DMZ server", which can be observed as part of a node that is isolated from the data transmission port, which also applies to outgoing packets. It has a list or table ("selector") of possible scrambling, encryption, and partitioning algorithms. The selector is part of the information body referred to as the "shared secret" because the information is unknown to the media node and also all DMZ servers use the same selector at a given point in time.

When the media node receives a scrambled packet, in a dynamic embodiment it also receives a "seed" which is used to indicate to the receiving node which algorithm will be used to unscramble the packet. Seeds are meaningless by themselves, but are fake numbers based on a constantly changing state, such as the time the packet was scrambled by a conventional media node. When the conventional node scrambled the packet, the associated DMZ server generated a seed based on the state. Of course, the state was used by the associated DMZ server in the selection of the algorithm used to scramble the packet, which was sent to the transmitting media node in the form of instructions on how to scramble the packet. Thus, the transmitting node has received both a command on how to scramble the packet and a seed to be sent to the next media node. The seed generator operating within the DMZ server generated the seed using an algorithm based on the state at which the process ran. Although the seed generator and its algorithm are part of the shared secret of the media node, the generated seed is not secret because it does not access algorithms for which the numerical seed has no meaning.

Thus, the next media note on the root of the packet receives the scrambled packet and the seed derived from the state associated with the packet (eg, the time it was scrambled). The seed may be included in the packet itself or may be sent to the receiving node before the packet along the same route as the packet or via some other path, such as through a signaling server.

Regardless of how it receives the sheet, the receiving node sends a seed to the DMZ server. Since the DMZ server is part of the shared secret and therefore has the same selector or table of scrambling algorithms as the selector at the sending node's DMZ server, it can use the seed to identify the algorithm that was used to scramble the packet, You can also tell the receiving node how to unscramble the packet. Thus, the receiving node regenerates the packet in its scrambled form, thereby restoring the original data. Typically, the packet will be rescrambled according to another scrambling algorithm before being sent to another node. If so, the receiving node cooperates with the DMZ server to obtain a scrambling algorithm and seed, and the process is repeated.

Thus, as the packet progresses through the SDNP network, it is scrambled by each node according to a different scrambling algorithm, and a new seed is created at each node that allows the next node to unscramble the packet.

In an alternative embodiment of the present invention, the actual state (eg, time) may be transmitted between nodes (ie, the transmitting node does not need to send a seed to the receiving node). The DMZ server associated with both the transmitting and receiving media nodes includes a concealed number generator (that is, part of the shared secret) that includes the same algorithm at a given point in time. The DMZ server associated with the sending node uses the state to generate the concealed number and the concealed number to determine the scrambling algorithm from a selector or table of possible scrambling algorithms. The transmitting node sends the status to the receiving node. Unlike the seed, the concealed number is never passed through the network, but exclusive private communication is maintained between the media node and its DMZ server. When the receiving media node receives the status of an incoming data packet, the concealed number generator and its associated DMZ server use the state to generate the same concealed number, which is then used to identify the algorithm to be used for unscrambled packets. Or in tables. The state may be included in the packet or transmitted from the transmitting node to the receiving node before the packet or via some other path.

The technique used for dynamic encryption and partitioning is similar to the technique used for dynamic scrambling, but in dynamic encryption "keys" are used instead of seeds. The shared secret held by the DMZ server includes a selector or table of encryption and partitioning algorithms and key generators. In the case of symmetric key encryption, the transmitting node sends a key to the receiving media node used by the receiving node's DMZ server to identify the algorithm used to encrypt the packet and thus decrypt the file. In the case of asymmetric key encryption, the media node requesting the information, i.e. the receiving node, first sends the encryption key to the node containing the data packet to be transmitted. Thereafter, the transmitting media node encrypts the data according to the encryption key. Only the receiving media node generating the encryption key has a corresponding decryption key and the ability to decrypt the cipher text generated using the encryption key. Importantly, in asymmetric encryption, access to the encryption key used for encryption does not provide any information about how to decrypt the data packet.

In the case of fragmentation, the media node from which the packet was split sends a seed to the media node where the resulting sub-packet is to be mixed, and the DMZ server associated with the mixed node also identifies the segmentation algorithm and thus the algorithm to be used when mixing the sub-packets. To use the seed.

As mentioned above, in a dual or triple channel embodiment, the signaling function is performed by signaling nodes operating in separate server groups known as signaling servers. In such embodiments, the seed and key may be sent through the signaling server instead of transmitting directly from the transmitting media node to the receiving media node. Thus, the transmitting media node can transmit a seed or key to the signaling server, and the signaling server can forward the seed or key to the receiving media node. As mentioned above, the signaling server is responsible for designing the path of the packet, so the signaling server knows the next media node to which each packet is directed.

To make it harder to be a hacker, a list or table of possible scrambles, splits, or encryption methods in the selector may be "shuffled" in a way that corresponds to a particular seed or in a way that the seed is periodically (eg, hourly or daily). "It can be. Thus, the encryption algorithm applied by the media node given to the packet generated at time t1 on the first day may be different from the encryption algorithm that it applies to packets generated at the same time t1 on the second day.

Each DMZ server is typically physically associated with one or more media nodes in the same "server farm." As mentioned above, the media node can request instructions on what it should do to the received packet by providing a seed or key to its associated DMZ server (eg, based on the time or state the packet was created). However, however, the media node cannot access the shared secret or any other data or code within the DMZ server. The DMZ server may respond to this request by using the seed or key to determine how the media node should use when unscrambled, decrypted, or mixed packets. For example, if a packet is scrambled and the media node wants to know how to unscramble it, the DMZ server can examine the list of scramble algorithms (or selectors) to find a specific algorithm corresponding to the seed. The DMZ then instructs the media node to unscramble the packet according to the algorithm. In other words, the media node sends queries executed in the seed or key to the DMZ server, and the DMZ server responds to these queries with instructions.

Although media nodes can be accessed over the Internet (even if they do not have DNS-recognized IP addresses), the DMZ server is completely isolated from the Internet having only a local network connection to a networked media server via wire or fiber.

In a "single channel" embodiment, the seed and key may be transmitted between the transmitting media node and the receiving media node as part of the data packet itself, or they may be transmitted as data packets before data packets on the same route. For example, when encrypting a packet, media node # 1 may include an encryption key in the packet based on the time at which encryption was performed. When a packet arrives at media node # 2, media node # 2 sends the key to its associated DMZ server, which can use the key to select a decryption method and perform decryption at the selector. Media node # 2 may request the DMZ server how to re-encrypt the packet before sending to media node # 3. Again, the DMZ server consults the selector, asking Media Node # 2 which method to use before encrypting the packet and sending it to Media Node # 3. Again, the DMZ server, in consultation with the selector, tells Media Node # 2 which method to use for packet encryption, and delivers a key to Media Node # 2 reflecting the state corresponding to the encryption method. Media node # 2 performs encryption and sends the encrypted packet and key (separately or as part of the packet) to media node # 3. The key can then be used in a similar manner by media node # 3 to decrypt the packet. As a result, there is no single fixed decryption method that hackers can use to decrypt packets.

The use of a time or dynamic "state" condition in the above example as a determinant of the scrambling encryption or partitioning method to be implemented on the seed or key is merely illustrative. Any varying parameter, for example the number of nodes through which the packet has passed, may be used as the "state" of the seed or key to select the specified scrambling, encryption, or partitioning method to be used.

In a "dual channel" embodiment, the seed and key may be transmitted between the media nodes via a second "command and control" channel comprised of a signaling server, rather than directly between the media nodes. The signaling node may also provide routing information to the media node, and also inform the media node along the packet route how the packet is split or mixed into other packets, which in turn allows the next media node (s) to recognize the packet (s). So that it is sent by applying an identification "tag" to each media node. The signaling server preferably supplies only the last and next media node of the packet through the network to a given media node. Individual media nodes do not know the full route of the packet through the SDNP cloud. In some embodiments, the routing function may be split between two or more signaling servers, one signaling server determining a route for a particular media node, and a second signaling server from and to the other media node. Determine the route to the exit gateway node. In this way, a single signaling server does not know the complete routing of data packets.

In a "triple channel" embodiment, a third group of servers called "name servers" is used to identify elements within the SDNP cloud and also store information about devices connected to the SDNP cloud and their corresponding IP or SDNP addresses. do. The name server also continuously monitors the media nodes of the SDNP cloud to maintain a current list of active media nodes and a propagation delay table between all media node combinations in the cloud. In the first step of placing a call, a client device, such as a tablet, sends an IP packet to a name server, requesting an address and other information for the destination or person to be called. In addition, a separate dedicated name server is used to act as the first contact each time the device first connects, eg registers, on the cloud.

As an additional security benefit, separate security "zones" with different selectors, seed and key generators, and different shared secrets can be set up within one SDNP cloud. Adjacent zones are connected by bridge media nodes, which hold the shared secrets of the two zones and also convert data formatted according to the rules of one zone into data formatted according to the rules for another zone and vice versa. can do.

Similarly, for communication between different SDNP clouds hosted by different service providers, a full duplex (ie bidirectional) communication link is formed between the interface bridge servers of each cloud. Each interface bridge server can access relevant shared secrets and other security items for each cloud.

An important advantage of the disclosed invention is that there is no single point of control in the SDNP network and there is no complete picture at the nodes or servers of the network as to how a given communication occurs or how it can change dynamically.

For example, signaling nodes running on a signaling server know the route (or in some cases only some paths) where communication takes place, but they do not have access to the data content being communicated, and who the actual sender or client is. Do not know. Moreover, the signaling node cannot access the shared secret of the media node's DMZ server, so it does not know how the data packets in transit are encrypted, scrambled, split, or mixed.

The SDNP name server knows the sender's actual telephone number or IP address, but does not have access to the data in communication or the routing of the various packets and sub-packets. Like the signaling node, the name server does not have access to the shared secret of the media node's DMZ server, so it does not know how the data packets in transit are encrypted, scrambled, split, or mixed.

Indeed, the SDNP media node transmitting the media content does not know who the communicating sender is, nor does it know the route that the various fragmented packets are taking through the SDNP cloud. In practice, each media node only knows which data packets to arrive (identified by its tags or headers), and where to send them next, e.g., "next hop," but the media nodes are scrambling that the data is encrypted. It does not know how to mix, split, or know how to select algorithms or decrypt files using status, numerical seeds, or keys. The know-how required to correctly process the data segments of incoming data packets is known only to the DMZ server using its shared secret, an algorithm that is inaccessible via the network or by the media node itself.

Another inventive aspect of the disclosed subject matter is the ability to control the size of data packets by reducing network latency and minimizing propagation delays to provide better quality of service (QoS) and to eliminate echoes or missed calls, That is, sending smaller data packets in parallel over the cloud rather than relying on one high bandwidth connection. Dynamic routing in SDNP networks uses knowledge of node-to-node propagation delays in the network to dynamically select the best route for any communication at that moment. In another embodiment, for high priority clients, the network may facilitate race routing and send duplicate messages in fragmented form over the SDNP cloud, which selects only the fastest data to recover the original sound or data content. Can be.

Among the many advantages of the SDNP system according to the present invention, in parallel and "meshed transmission" embodiments, packets can be fragmented as they pass through the SDNP cloud, allowing potential hackers to decrypt individual sub-packets. The scrambling, encryption, and partitioning methods applied to packets in the "dynamic" embodiment, which also prevents the understanding of the message, are constantly changing, allowing any potential hacker to benefit from successful decryption of the packet at any given point in time. Refuse to take. Many additional advantages of embodiments of the invention will be readily apparent to those skilled in the art from a review of the following description.

Similar security techniques can generally be applied at the "last mile" between the SDNP cloud and client devices, such as mobile phones or tablets. The client device is typically deployed in a secure zone separate from the cloud, which may first be an authenticated SDNP client, and the step may be to download a software package specific to the secure zone of the device, typically via download from the SDNP management server. This includes installing on client devices. The client device is linked to the SDNP cloud via a gateway media node (often only referred to as a "gateway") in the cloud. The gateway media node has access to the shared secret associated with both the cloud and the secure zone of the client's device, but the client device does not have access to the shared secret associated with the SDNP cloud.

As an added level of security, client devices can exchange seeds and keys directly with each other via a signaling server. Thus, the sending client device can send the seed and / or key directly to the receiving client device. In such an embodiment, the packet received by the receiving client device will be in the same scrambled or encrypted form as the packet leaving the sending client device. As such, the receiving client device can use the seed or key that it receives from the transmitting client device to unscramble or decrypt the packet. Direct seed and key exchange between client devices is added to the SDNP network's own dynamic scrambling and encryption and thus represents an added level of security referred to as nested security.

In addition, the client device or gateway node that the client device uses for communication may have the same kind of data-for example, voice packets, text message files, documents, fragments of software, or different types of packets before the packets reach the SDNP network. Packets representing information, for example, one voice packet and one text file, one text packet, and one video or photo image, may be mixed, and the exit gateway node or destination client device may be mixed. You can split the packet to restore the original packet. This is in addition to any scrambling, encryption or splitting occurring in the SDNP network. In such a case, the transmitting client device may transmit a seed to the receiving client device describing how to split the packet to play the mixed original packet at the transmitting client device or gateway media node. Successful implementation of the blending and partitioning may involve a linear sequence of operations, or alternatively uses a nested architecture, where the client implements its own security measures and hence also the SDNP cloud.

To further confuse the hacker, there may be a client device sending consecutive packets (or sub-packets) to different gateway nodes in a single communication, and / or the client device may send them to different physical media links (cellular). , WiFi, Ethernet cable, etc.)-a process often referred to herein as a "multi-PHY" transmission. To add to that confusion, it can also include different source addresses within consecutive packets, thereby preventing hackers from identifying the packets as originating from the same client device.

The present invention also includes specific developments in the handling of telephone conference calls. In a typical conference call, a packet is sent to all call participants. In accordance with the present invention, by preventing a client device or other node from sending a packet to a silent participant or participants, a specific designated participant can be "mute", ie excluded from the call. In an alternative embodiment, the data packet is transmitted to all participants in the group call in broadcast mode, but using different cryptographic methods. In the case of a typical conference call, a data packet is sent to all users using a cipher, where every participant has a copy of the cipher key. In the private mode or silent mode, data packets broadcast to the user use different females, and only the user selected here shares the cryptographic key.

The security mechanisms inherent in communications using SDNP networks and protocols also make them perfectly suited for secure file and data storage. In practice, since the general communication over the SDNP network typically involves anonymous fragmented data transfer of scrambled, encrypted data from one client device to another client device, in practice the interruption of communication in the transfer and the original client File and data storage can be realized by storing it indefinitely in one or more buffers until the device desires to retrieve it. Such distributed file storage is sometimes referred to herein as distributed data storage.

In the drawings listed below, generally similar components are given the same reference numerals. However, it should be recognized that all components to which a given reference number is assigned are not necessarily the same as other components having the same reference number. For example, an encryption operation with a designated reference number does not necessarily need to be the same as another encryption operation with the same reference number. In addition, groups of components, for example servers collectively identified by a single reference number, need not necessarily be identical.

1 is a schematic diagram illustrating a typical packet transmission across a network.
2A is a schematic diagram illustrating a packet scrambling process.
2B is a schematic diagram illustrating a packet unscrambling process.
2C is a schematic diagram illustrating various packet scrambling algorithms.
2D is a schematic diagram illustrating fixed parameter packet scrambling.
2E is a schematic diagram illustrating dynamic scrambling with concealed numbers.
3 is a schematic diagram illustrating a packet re-scrambling process.
4A is a schematic diagram illustrating a packet encryption process.
4B is a schematic diagram illustrating a packet decryption process.
5 is a schematic diagram illustrating a process of encrypted scrambling and its reverse function.
6 is a schematic diagram illustrating a process of DUSE re-packeting including re-scramble and re-encryption.
7A is a schematic diagram illustrating a process of fixed-length packet division.
7B is a schematic diagram illustrating a process of fixed-length packet mixing.
8 is a schematic diagram illustrating various packet-mixing methods.
9A is a table summarizing SDNP security functions and adverse functions.
9B is a block diagram illustrating SDNP security operations performed on incoming and outgoing data packets for single root last mile communication.
9C is a block diagram illustrating SDNP security operations performed on incoming and outgoing data packets for multi-root last mile communication.
9D is a block diagram illustrating audio, video, text, and file content generation, data packet preparation, data packet recognition, and content reproduction at the SDNP client device.
9E is a graphical representation of an SDNP data packet using a 7-layer OSI model to illustrate hierarchical data encapsulation.
9F is a graph and bar diagram of the SDNP payload.
FIG. 9G is a block diagram illustrating inbound last mile data packet processing at an SDNP gateway using triple-channel communication. FIG.
9H is a block diagram illustrating inbound last mile data packet processing at an SDNP gateway using single-channel communication.
FIG. 9I is a block diagram illustrating outbound last mile data packet processing at an SDNP gateway using triple-channel communication. FIG.
10 is a schematic diagram of an SDNP cloud.
11 schematically illustrates an example of unsecured last mile communication without identity verification.
12 illustrates unsecured last mile communication over a typical older telephone system (POTS) without a caller's identification.
13 schematically illustrates an example of unsecured last mile communication with identity verification.
14 illustrates unsecured last mile communication across a similar public service telephone network (PSTN), with operator-based identification.
FIG. 15 illustrates unsecured last mile communication over a wired digital network with login- or token-based identification.
FIG. 16 illustrates unsecured last mile communication over a wired analog network with PEST- or credit card-based identification.
17 schematically illustrates an example of hyper secure last mile communication that may support identity verification.
18 illustrates identity-verifiable hypersecurity last mile communication over a WiFi wireless network.
19 illustrates identity-identifiable hypersecurity last mile communication over a cellular wireless network.
20 illustrates identity-identifiable hypersecurity last mile communication over an Ethernet wired network.
21 illustrates identity-identifiable hypersecurity last mile communication over a cable wired network.
FIG. 22 illustrates identity-identifiable hypersecurity last mile communication over a combined cable wired and home WiFi wireless network.
FIG. 23 schematically illustrates an example of a last mile communication including an identity-verifiable hypersecurity communication leg coupled to an identity-pairing secure LAN last link.
FIG. 24 illustrates a last mile communication comprising an identity-identifiable hypersecurity wireline communication leg connected to an identity-pairing secure device by wire and to an unidentified unsecured device.
FIG. 25 illustrates last mile communications including an identity-verifiable hyper-secure wired communication leg connected to home and work identity-pairing WPA-secure computing and communication devices by WiFi LAN.
FIG. 26 illustrates last mile communication including an identity-verifiable hypersecurity wired communication leg connected to an identity-pairing WPA-secure home IoT device by a WiFi LAN.
FIG. 27 illustrates last mile communications including an identity-verifiable hyper-secure wired communication leg connected to a business identity-pairing WPA-secure device by Ethernet or by a WiFi LAN.
28 schematically illustrates an example of last mile communication including an identity-identifiable hypersecurity communication leg coupled to an identity-pairing secure wired or secure wireless LAN last link.
29A schematically illustrates a wired and wireless hypersecurity bridge that includes Ethernet and WiFi applicable in last mile communication.
29B schematically illustrates wired and wireless hypersecurity bridges using satellite and automotive networks applicable in last mile communications.
29C schematically illustrates a wired and wireless hypersecurity bridge using cable and cellular networks applicable in last mile communications.
FIG. 30 includes identity-identifiable hypersecurity wireless communication via satellite uplink and downlink for various devices including satellite phones, aircraft, trains, ships, and home satellite receivers (set-top boxes). Shows last mile communication.
31A is an example of last link hypersecurity communication between devices in an onboard aircraft communication network having satellite connectivity.
31B is an example of an aircraft satellite communications and antenna module.
32 is an example of last link hypersecurity communication between devices in an onboard marine cruise ship communication network with multi-channel satellite connectivity.
33 is an example of last mile hypersecurity communication between devices in an onboard train communication network with radio and satellite connectivity.
FIG. 34 illustrates hyper secure last mile communication for an automotive telematic module that includes cellular last link connectivity. FIG.
35 is an example of last link communication between a telematic module and an in-cabinet WiFi connected device in an automotive communication network having cellular connectivity.
36 is an example of communication between hypersecurity carriers with cellular connectivity.
37 illustrates hypersecurity trunk line communication across microwave, satellite, and fiber networks.
FIG. 38 illustrates a comparison of security, identity verification, and caller anonymity features for hypersecurity, secure, and unsecured communication networks.
39 is a schematic diagram of a single-root last mile hypersecurity communication with a fixed IP address.
40A is a schematic IP stack diagram of a single-root last mile hypersecurity communication using a fixed IP address.
40B is a simplified diagram of single-root last mile hypersecurity communication using a static IP address.
41 is a schematic diagram of a single-root last mile hypersecurity communication with a dynamic client IP address.
42A is an IP stack diagram of single-root last mile hypersecurity communication using dynamic IP address.
42B is an alternative IP stack diagram of the single-root last mile.
Hyper-secure communication uses dynamic client IP addresses.
43 is a schematic diagram of a multi-root last mile hypersecurity communication with a fixed IP address.
44A is an IP stack diagram of multi-root last mile hypersecurity communication with a fixed IP address using a single PHY last link.
44B is an IP stack diagram of multi-root last mile hypersecurity communication with a fixed IP address using multiple PHY last links.
45 is a schematic diagram of a multi-root last mile hypersecurity communication with a dynamic client IP address.
46A is an IP stack diagram of multi-root last mile hypersecurity communication with dynamic client IP address using a single PHY last link.
46B is an IP stack diagram of multi-root last mile hypersecurity communication with dynamic client IP address using multiple PHY last links.
47 is a schematic diagram of an alternative version of multi-root last mile hypersecurity communication with dynamic client IP address.
48 is an IP stack diagram of an alternative version of multi-root last mile hypersecurity communication with dynamic client IP address.
FIG. 49 is a graph diagram of IPv4 and IPv6 datagrams for Ethernet communication implementing the SDNP payload. FIG.
50A is a graphical representation of IPv4 and IPv6 last link Ethernet packets used at a client for SDNP-cloud communication.
50B is a graphical representation of IPv4 and IPv6 Gateway Link Ethernet packets used at a client for SDNP-cloud communication.
50C is a graphical representation of IPv4 and IPv6 Gateway Link Ethernet packets used in the SDNP-cloud for client communication.
50D is a graphical representation of IPv4 and IPv6 last link Ethernet packets used in the SDNP-cloud for client communication.
FIG. 51A shows consecutive Ethernet data packets (abbreviated) used in single path last mile communication with fixed client addressing.
51B shows successive Ethernet data packets (abbreviated) used in single path last mile communication with dynamic client addressing.
FIG. 51C shows successive Ethernet data packets (abbreviated) used in multi-path last mile communication with fixed client addressing.
51D shows successive Ethernet data packets (abbreviated) used in multi-path last mile communication with dynamic client addressing.
52A is a table summarizing SDNP Last Mile Routing over Ethernet.
52B is a topological description of single path last mile communication over Ethernet.
52C is a topological description of multi-path last mile communication over Ethernet.
52D is an additional topological description of multi-path last mile communication over Ethernet.
FIG. 53 is a graph diagram of IPv4 and IPv6 datagrams for WiFi communication with SDNP payload. FIG.
54A is a graph diagram of IPv4 and IPv6 last link WiFi packets used at the client for SDNP-cloud communication.
54B is a graph diagram of IPv4 and IPv6 gateway link WiFi packets used at the client for SDNP-cloud communication.
54C is a graph diagram of IPv4 and IPv6 gateway link WiFi packets used in the SDNP-cloud for client communication.
54D is a graph diagram of IPv4 and IPv6 last link WiFi packets used in the SDNP-cloud for client communication.
FIG. 55 is a graphical representation of IPv4 and IPv6 datagrams for 4G cellular communication with SDNP payload. FIG.
56A is a graphical representation of IPv4 and IPv6 last link 4G cellular data packets used at a client for SDNP-cloud communication.
56B is a graphical representation of IPv4 and IPv6 last link 4G cellular packets used in the SDNP-cloud for client communication.
57A is a graphical diagram of single-media multi-PHY last link communication.
57B is a graphical representation of mixed-media multi-PHY last link communication.
57C is a graph diagram of an alternative implementation of multi-PHY last link communication.
FIG. 58 is a graphical representation of a sequential client for SDNP-cloud last link communication using IPv6 datagrams delivered via multi-PHY Ethernet.
FIG. 59 is a graph diagram of a continuous client for SDNP-cloud last link communication using IPv6 datagrams delivered via multi-PHY WiFi. FIG.
FIG. 60 is a graphical representation of a continuous client for SDNP-cloud last link communication using IPv6 datagrams delivered over a multi-PHY 4G cellular network. FIG.
FIG. 61 is a graph diagram of a continuous client for SDNP-cloud last link communication using IPv6 datagram using multi-PHY delivery over Ethernet and WiFi. FIG. 62 is a graph diagram of a continuous client for SDNP-cloud last link communication using IPv6 datagram using multi-PHY delivery over WiFi and 4G cellular network. FIG. 63 is a schematic diagram of an OSI layer stack configuration of a DOCSIS cable modem communication network showing Layer 1 through Layer 7 functions.
64 is a graphical representation of DOCSIS3-based communication packets for a cable system with SDNP payload.
65A is a graphical representation of a spectrum allocation and carrier modulation method for various DOCSIS3 protocols.
65B is a graphical representation of DOCSIS3.1 between CTMS and CM.
65C is a graph diagram of DOCSIS3.1 upstream communication. 65D is a graphical representation of DOCSIS3.1 downstream communication.
66 is a schematic diagram of a triple-path SDNP network for last mile communication.
67 is a schematic diagram of a "call request" operation in three-channel SDNP last mile communication.
68 is a schematic diagram of an "address request" operation in triple-channel SDNP last mile communication.
69 is a schematic diagram of “address delivery” operation in triple-channel SDNP last mile communication.
70 is a flowchart illustrating SDNP command and control packet synthesis.
71 is a schematic diagram of “routing indication” operation in single-path triple-channel SDNP last mile communication.
FIG. 72 is a schematic diagram of “SDNP Call” operation in single-path triple-channel SDNP Last Mile communication from SDNP Client to SDNP Cloud.
73A is a schematic diagram of SDNP cloud and last mile triple-path communication for an SDNP client in an SDNP call. 73B is a schematic diagram of SDNP cloud and last mile triple-path communication implemented as “call outs” for non-SDNP clients.
74 is a schematic diagram of “routing indication” operation in a multi-path triple-channel SDNP last mile communication.
75A is a schematic diagram of “SDNP Call” operation in multi-path triple-channel SDNP Last Mile communication in the direction from SDNP Client to SDNP Cloud.
75B is a schematic diagram of “SDNP call” operation in multi-path triple-channel SDNP last mile communication in the direction from SDNP cloud to SDNP client.
76 is a schematic diagram of a group-call “routing indication” operation in single-path triple-channel SDNP last mile communication.
FIG. 77A is a schematic diagram of an “SDNP group call” using SDNP multi-path cloud transfer and SDNP last mile communication from a zone U1 client to a client in another zone.
FIG. 77B is a schematic diagram of an “SDNP Group Call” using SDNP multi-path cloud transport and SDNP last mile communication from a zone U7 client to a client in another zone.
FIG. 77C is a schematic diagram of an “SDNP Group Call” using SDNP multi-path cloud transmission and SDNP last mile communication from a zone U9 client to another client on the same zone and in another zone.
78 is a schematic diagram of an “SDNP Group Call” using SDNP multi-path cloud transfer and last mile communication for both SDNP client and unsecured PSTN device.
79A is a bar diagram of regular and private call operation in the SDNP group call.
79B is a bar diagram of regular and hyper-private call operation in SDNP group calls.
80A is a bar diagram of regular and private push-to-talk operation in SDNP PTT group calls.
80B is a bar diagram of normal and hyper-private push-to-talk operation in SDNP PTT group calls.
81 is a schematic diagram of data transfer for write-operation in hypersecurity file storage of fragmented data.
82A is a schematic diagram of a data flow for write-operation in hypersecurity file storage of fragmented data.
82B is a schematic diagram of a data flow for read-operation in hypersecurity file storage of fragmented data.
83 is a schematic diagram of data transfer for read-operation in hypersecurity file storage of fragmented data.
84A illustrates various examples of SDNP clouds connected to a file storage solution.
84B is a schematic diagram of a distributed hypersecurity file storage network including local and cloud-connected storage servers.
85A is a file mapping for non-redundant (RRF = 0) hypersecurity file storage.
85B is a file mapping for RRF = 1 read redundant hypersecurity file storage.
85C is a file mapping for RRF = 2 read duplicate hypersecurity file storage.
86 is a network map for a distributed hypersecurity file storage system using triple-channel network communication.
87A illustrates a file write request operation in a distributed hypersecurity file storage system.
87B illustrates a file server name request operation in a distributed hyper secure file storage system.
87C illustrates signaling server planning operations in a distributed hypersecurity file storage system.
87D shows the signaling server client-side last mile and SDNP cloud record routing instructions in a distributed hyper secure file storage system.
87E illustrates the signaling server storage side last mile and SDNP cloud record routing instructions in a distributed hyper secure file storage system.
88 illustrates file delivery in a distributed hypersecurity file storage system.
89A illustrates link response confirmation file storage and writing operations in a distributed hypersecurity file storage system.
89B illustrates file storage server link forwarding in a distributed hypersecurity file storage system. 89C shows a file storage server write acknowledge data packet containing an FS link.
89D illustrates the synthesis of a file store read link in the client's SDNP messenger.
90A is a file map for non-redundant RRF = 0 hypersecurity file storage with LRF = 0 non-redundant FS links.
90B is a file map for non-redundant RRF = 0 hypersecurity file storage with LRF = 1 redundant FS link.
90C is a file map for non-redundant RRF = 1 hypersecurity file storage with LRF = 1 redundant FS link.
91 is a graph showing storage elasticity according to the number of file storage server and client FS links.
92 is a schematic of the SDNP-encoding and SDNP-decoding functions.
93A is a schematic diagram of SDNP distributed file storage with client-side file security and hypersecurity file transfer.
93B is a schematic diagram of SDNP distributed file storage with nested file security and hypersecurity file transfer.
94 is a simplified schematic diagram of hypersecurity encoding in the SDNP distributed file store write operation.
95 is a simplified schematic diagram of hypersecurity decoding in an SDNP distributed file store read operation.
96A is a flowchart for explaining an AAA operation in a hypersecurity file read operation.
96B is a flowchart illustrating file access and SDNP transfer in a hyper secure file read operation.
97A illustrates a file read request operation within a distributed hyper secure file storage system.
97B illustrates a file storage server name request operation in a distributed hyper secure file storage system.
97C illustrates file storage server name transfer and signaling server planning operations in a distributed hyper secure file storage system.
FIG. 97D shows the signaling server storage side last mile and SDNP cloud routing read instruction in the distributed hypersecurity file storage system.
97E illustrates the signaling server client-side last mile and SDNP cloud read routing instructions in a distributed hyper secure file storage system.
98 illustrates storage side file decoding during a read operation in a distributed hypersecurity file storage system.
99 illustrates file data transfer in a distributed hyper secure file storage system during a read operation.
100 illustrates file data transfer within a distributed hyper-secure file storage system during link refresh.
FIG. 101 illustrates file data delivery within a distributed hyper-secure file storage system used to redistribute files.
102 shows time stamps in SDNP text messaging.
103 is a flowchart of SDNP registered communication.
104A illustrates end-to-end encryption in Internet OTT communication.
104B illustrates end-to-end encryption in hypersecurity communication.
105A is a schematic diagram of an “SDNP call” operation in which the SDNP security agent performs invisible monitoring of an outgoing call.
105B is a schematic diagram of an “SDNP call” operation in which the SDNP security agent performs invisible monitoring of an incoming call.
106 illustrates file storage server link forwarding in a distributed hyper secure file storage system, in which the SDNP security agent performs invisible monitoring of FS link routing.
107 is a schematic diagram of an “SDNP call” operation in which the SDNP security agent performs invisible monitoring of an outgoing call using multi-path last mile communication.
108 is a flowchart of steps for specifying and authenticating an SDNP security agent.
109 illustrates a mobile phone for tower communication exposed to SS7 vulnerability.
110 illustrates SDNP communication using phone number concealment to repel an SS7 attack.
111 illustrates the connectivity of SDNP softswitch-based clouds hosted on separate servers.
112 illustrates the connectivity of an SDNP softswitch-based cloud hosted on shared servers.
113 illustrates the connectivity of an SDNP softswitch-based cloud hosted on overlapping networks. 114 illustrates the connectivity of an SDNP softswitch-based cloud to access global SDNP cloud telco.
115 is an example of a nested SDNP subnet.

For nearly 1.5 centuries of circuit-switched telephony, today's communications systems and networks are packet-switched using Internet protocols that carry Ethernet, WiFi, 4G / LTE, and DOCSIS3 data over cable and fiber in just 10 years. All went to communication. Use of redundant paths to ensure reliable IP packet delivery, i.e. voice, text, picture, video, including why the Internet was first created, with a unique level of system interoperability and worldwide connectivity. And the advantages of providing data. But for any innovation, the strength of the challenges created by new technologies often coincides with the benefits derived.

Disadvantages of Existing Carriers

As described in detail throughout the background of the present invention, today's communications have many disadvantages. Today's best-performing communications systems, including custom digital hardware owned by major long-distance carriers such as AT & T, Verizon, Entities (NTT), Vodaphone, etc., typically provide superior sound quality. However, however, it includes expensive monthly fees, connection charges, long distance charges, complex data plans, long distance roaming charges, and various service charges. Since these networks are private, the actual data security is not publicly known, and security violations, hacks and intrusions are generally not disclosed. Given the number of wireline and privacy breaches reported in the media today, private carrier communication security is still in doubt, at least on last mile connections, if not in that private cloud.

An "Internet Service Provider" or ISP forms another link in a global communication chain. As described in the background of the present invention, voice delivered over the Internet using VoIP or "Voice over Internet Protocol" suffers from a number of quality of service or QoS issues, including:

* The Internet, a packet-switched network, is not designed to deliver IP packets in a timely manner or to support real-time applications with low latency and high QoS.

The routing of IP packets takes an unpredictable path, resulting in ever-changing delays, explosions in high data error rates, and unexpected call drops.

* IP packet routing is done at the discretion of the Internet service provider, which controls the network to which the packet is routed, and also balances the load on its own network, or at the expense of the connection quality of general traffic passing through that network. You can adjust the routing to make the client's service better.

Free-to-top or OTT providers such as free-running lines, KakaoTalk, and Viber on the Internet act as Internet hitchhikers, and do not control the networks or factors that affect QoS.

Use of heavy audio connectors that do not provide reasonable voice quality audio even at moderate data rates

VoIP based on the TCP transport protocol suffers from high latency and degraded audio quality caused by delays induced during handshaking and rebroadcasting of IP packets. Unassisted UDP transmissions do not provide payload integrity.

In addition to QoS issues, the security of today's devices and networks is at their worst, totally unacceptable to support the future needs of global communications. Background Art section, entitled Secure Dynamic Communication Networks and Protocols As described in detail, network security includes spyware, Trojans, infections, and phishing; In the last link, including spyware, IP packet sniffing, eavesdropping and call blocking of cyber pirate "fake" cell phone towers; And in the local network or telco portion of last mile connectivity, it is vulnerable to large arrays of cyber attacks on communication devices, including spyware, IP packet sniffing, infections such as viruses, and cyber pirate “man-in-the-middle attacks”. The cloud itself can be accessed by security breach at any cloud gateway, such as by viruses, from man-in-the-middle attacks, denial of service attacks, and unauthorized government surveillance. In summary, today's communications security is compromised by a variety of vulnerabilities, which are easily exploited by cyber pirates and are useful for cybercrime and cyber privacy breaches.

Exposure of the destination of an IP packet, including destination IP address, destination port # and destination MAC address

Source exposure of the IP packet, including the source IP address, source port # and the original MAC address.

* Layer 4 transport type and port used. # Exposed application data encapsulated in the payload of the requested service type and IP packet.

* In unencrypted files, all application and file data encapsulated in the payload of IP packets, including personal and confidential information, login information, application passwords, financial records, videos, and photos.

A dialog of communications that allows a cyber party to have repeated opportunities to destroy an encrypted file.

* Many opportunities to install malware, including spyware and phishing programs and Trojans, within communication devices and routers using FTP, email, and web page-based infections.

Repetition of key points, which is a fundamental inherent weakness of packet-switched communication networks using the Internet protocol, indicates which devices are involved in generating any data contained in an IP packet by any hostile party or cyber pirate intercept IP packet. Where the IP packet is coming from, where the IP packet is sent, how the data is sent, i.e. UDP or TCP, and what kind of service is requested, i.e. what kind of application data is in the payload Whether it is included. In this regard, cyber pirates can determine the “context” of a conversation, improving the chances of cracking passwords, breaking password security, and gaining unauthorized access to files, data, and payload content.

Encryption -In order to defend against various cyber attacks as described, today network administrators, IT professionals and applications rely primarily on a single defense-encryption. Encryption refers to recognizable content, also known as "plaintext," as meaningless strings of text, whether it is readable text, executable programs, viewable videos and pictures, or audio that is easy to understand. A means of converting to an alternative file type known as "password".

The encryption process of converting an unprotected file into an encrypted file uses a logical or mathematical algorithm, referred to as a cypher, to change the data into equivalent text elements without revealing any apparent pattern of the cryptographic conversion process. Steps. The encrypted file is then transmitted over the communication network or media until received by the destination device. Upon receiving the file, the receiving device using a process called "decryption" then decrypts the encoded message with its original content. The study of encryption and decryption, widely known as "encryption," combines mathematical elements, including number theory, set theory, and algorithm design, along with computer science and electrical engineering.

In a simple "single key" or "symmetric key" encryption technique, a single keyword or phrase known a priori by both parties can unlock the file encryption and decryption process. In World War II, submarines and maritime vessels, for example, communicated on open radio channels, used encrypted messages. Initially, encryption was based on a single key. By analyzing the cryptographic patterns, allied cryptographers could sometimes find cryptographic key words or patterns, and then read the encrypted file without finding it. As encryption methods become more complex, it is more difficult to break code manually.

Code evolved into machine-based cryptography, an early form of computing. The only way to destroy the code at that time was to steal the crypto machine and use the same tools to encrypt the file to decrypt the message. The problem was how to steal a crypto machine without stealing detected. If the code machine is known to be compromised, the enemy simply needs to change the code and update the already running crypto machine. This principle is still practiced to this day, and the most effective cyberattack is undetected.

With the advent of computing and the Cold War, encryption has become more complex, but the speed of computers used to decrypt encryption code has also improved. At each stage of secure communications development, the technology and know-how to encrypt information and the ability to decrypt cryptographic code have evolved at that rate. The next major evolutionary step in cryptography was the innovation of double key cryptography in the 1970s, which is still used today. One of the best-known methods of double key encryption is the RSA public key encryption system, named after its developers, Rivest, Shamir and Adleman. Despite knowing the published RSA, contemporary developers devised their own principles. RSA uses two cryptographic keys based on two large prime numbers that are kept secret to the public. One algorithm is used to convert these two prime numbers into a cryptographic key referred to herein as an E-key, and a different mathematical algorithm is used to convert the same two secret prime numbers into a secret cryptographic key, also referred to herein as a D-key. An RSA user who has chosen a prime number of secrets, referred to herein as a "key publisher," will typically distribute or "publicize" the algorithm-generated E-keys, including the size of 1024b to 4096b, to those who wish to encrypt files. do. Since this key can be distributed to many parties in unencrypted form, the -E key is known as a "public key."

A party wishing to communicate with a key publisher uses this public electronic key with a publicly available algorithm, typically provided in the form of commercial software, to encrypt any file to be sent to a particular key publisher. Upon receipt of the encrypted file, the key publisher then uses its secret D-key to encrypt the file, returning it to plain text. In general, the unique feature of the double key method and the RSA algorithm is that the public E-key used to encrypt the file cannot be used for decryption. Only secret D-keys owned by the key publisher have the ability to decrypt files.

The concept of dual key, split key, or multiple key exchange in file encryption and decryption is not specifically limited to RSA or any one algorithmic method, but methodically specifies the communication method as a sequence of steps. In a dual-key exchange over a switch packet communication network, a notebook that wants to receive a secure file from a device, for example a mobile phone, first uses a predetermined algorithm to use two keys, namely an E-key for encryption and a decryption for decryption. Generate a D-key. The notebook then sends the E-key to the mobile phone using public network communication involving the IP packet. The IP packet in unencrypted form, as its payload, along with the encrypted copy of the transport protocol (TCP) and the E-key, as well as the destination IP address "CP" and the corresponding port of the mobile phone, the notebook's MAC address, IP Source address " NB " and port address.

Using the agreed encryption algorithm or software package, the mobile phone then uses the encryption algorithm and encryption E-key to generate an encrypted file, i.e., a ciphertext, that is carried as a payload of an IP packet in a secure communication from the mobile phone to the notebook. To process plain text files. Upon receipt of the IP packet, the algorithm decrypts the file using the secret encryption key, ie the D key. Since the D-key is made to match its corresponding E-key, the algorithm essentially uses the knowledge of both keys to decrypt the ciphertext and return it back to the unencrypted plaintext. While the payload of an IP packet is secured in the form of an encrypted file, i.e. ciphertext, the rest of the IP packet is unencrypted, sniffable, and also the source IP address "CP" and the port and destination IP address "NB" and associated It can be read by any cyber pirate containing the port. Thus, even if the payload itself cannot be opened, communication can be monitored.

Virtual Private Network -Another security method that relies on encryption is the security method of a "virtual private network" or VPN. In a VPN, tunnels or security pipes are formed in the network using encrypted IP packets. Rather than encrypt only the payload, the entire IP packet is encrypted at the VPN and then encapsulated into a mule that sends the encapsulated packet from one VPN gateway to another, or another unencrypted IP packet acting as a carrier. do. Inherently, VPNs use the same functionality to connect heterogeneous local area networks together over long distances, such as a company running private networks in New York, Los Angeles, and Tokyo, sharing a single global private network. Used when you want to interconnect LANs.

The basic VPN concept is, for example, a "virtual" in which a first server contains encrypted content across a VPN tunnel, as part of one LAN supporting a large number of devices wirelessly via rf and over a wired connection. Private network "or VPN, which can be thought of as encrypted communication between two devices, connected to a second server having a wired connection to a desktop, notebook, and other WiFi based stations.

In addition to this relatively narrow bandwidth link, the first server can also be connected to the supercomputer via a wide bandwidth connection. The resulting data communication includes a sequence of data packets including an inner VPN packet embedded within an outer IP packet. In operation, an external IP packet from server A, which specifies the source IP address and source port #, is sent to server B at destination IP address and destination port #. These external IP packets establish communication between the first and second servers to form encrypted tunnels to each other for data transfer. The VPN payload carried by the outer packet includes the last mile IP packet, including a desktop having an end device, eg, source IP address “DT” and its corresponding ad hoc port #, and other end device, eg, source IP. Provides direct communication between the notebook with address "NB" and its corresponding ad hoc port #. Although any communication session may be initiated, in one example, the request for file delivery is made over a VPN tunnel.

To securely set up this transfer using a virtual private network, a VPN tunnel is created and a session is started before the actual communication begins. In enterprise applications, VPN tunnels are not carried over the Internet, but instead are often accompanied by a dedicated ISP or carrier that owns its own fiber and hardware network. These carriers often enter annual or long-term contracts with companies that require VPN services to ensure the specified bandwidth for a given cost. Ideally, a high-speed dedicated link is connected directly, without any intermediate or "last mile" connection that would hinder the performance, QoS, or security of the VPN.

In operation, a typical VPN requires a two-step process-a second step to create or "log in" to the VPN, and to pass data in a secure pipe or tunnel. The concept of tunneling includes layers 1 to 4, layer 5 is used to create a virtual VP session 723, and layer 6, the presentation layer, is used to form a VPN gateway-to-gateway pipe between servers. It can be considered hierarchical as an external IP packet executed by a seven-layer communication stack (used to involve a VPN connection), used to facilitate the required encryption. Although VPN connections use the Internet protocol to transmit IP packets, the PHY Layer 1 and VPN Ladle 30 link layers of a VPN are often supported by dedicated carriers to minimize unpredictable routing across the Internet. do. For example, application layer 7 data delivered as device-to-device communication between desktops is tunneled data including all seven OSI layers needed to establish communication as in the absence of a VPN. Is passed as. In this way, a VPN can be thought of as a communication protocol operating within Layer-7 that is used to transport VPN internal packets.

In operation, an external IP packet, once delivered from one communication stack to another, is opened to expose the encapsulated data, the actual message of the packet. In this way, end-to-end communication ignores the details used to create the VPN tunnel, except that the VPN tunnel must be established before any communication attempt and must be closed after the conversation ends. And it is done. Failure to open a VPN tunnel first will result in unencrypted transmission of IP packets that are vulnerable to IP packet sniffing, theft, and infection. If you do not close the VPN after the conversation is complete, you can give the cybercriminal an opportunity to hide illegal activity in another person's VPN tunnel, which can lead to possible criminal penalties imposed on innocent people who are intercepted. .

While VPNs are a common way for many private local area networks to interconnect with each other using private connections with dedicated capacity and bandwidth, the use of VPNs over public networks and the Internet is problematic in two party communications. One problem with VPNs is that VPN connections must be pre-established before use, rather than packet-by-packet based. For example, in a VoIP call connected across a packet-switched network, a VPN session must first be established before the cellular phone can contact the intended call recipient of the second cellular phone. To do this, a VPN connection application must first be loaded on the caller's phone. The caller then has to send an IP packet to the VPN host, typically to the service provider. These packets are passed from the cellular phone to a nearby WiFi based base station via any available last mile routing, for example wireless communication, then to the local router by wired communication and then to the VPN host by wired communication. Once a session is established between the caller's mobile phone and the VPN host, the caller's mobile phone must then instruct the VPN host to create a VPN tunnel from the caller's mobile phone to the VPN host. When a layer 5 session in the tunnel is encrypted by layer 6, this leg of the VPN tunnel is promoted.

Once the VPN connection is established, the caller's mobile phone can place the call on any other phone via any VoIP phone app. If the phone being called is not connected to the same VPN, the application must establish a "call out" link over the last mile from the destination calling phone, the VPN host closest to the person being called. If the VoIP application cannot be used or is not authorized for use, the call will fail and terminate immediately. Otherwise, the internal IP packet will establish an application layer 5 session between the calling mobile phone and the destination mobile phone, ensuring that the IP test packet can be properly decrypted and understood.

In order to place a call, the call must come from the phone's normal dialing function, but not from the caller's phone, a layer 7 application running on a mobile phone app using the carrier's data plan. This is because it is incompatible with the VPN tunnel. Once the call is initiated, the caller's cell phone transmits a continuous IP packet representing a small piece of sound or a "snippet" according to the communication application. These packets are sent from an application in the caller's cell phone through the network, for example via a WiFi link, to a nearby WiFi-based base station, then to a router via a wired connection and finally to a VPN host via a wired connection. . The data is then securely transmitted to the VPN host via a VPN tunnel to the end device of the VPN network, which is the destination VPN gateway. In this example, the VPN tunnel does not extend to the destination cell phone at all, but instead stops before reaching the device being called. Beyond the VPN's destination gateway, the data is no longer encrypted because the VPN carrier is no longer involved. In the data packet leaving the VPN tunnel, the VPN host continues to deliver data to the nearest router via the last mile connection of the destination device, e.g., a wired connection, followed by 2G, by a wired connection to the local cellular system and the tower. Transfer calls as normal cellular phone calls using 3G or 4G telephony. The process of making a call from a phone app to a phone that does not run the same app is referred to as a "call out" feature.

The above example highlights another problem with connections to VPNs over public networks-the last mile link from the VPN host to the person being called is not part of the VPN and therefore does not guarantee security, performance or call QoS. . Specifically, the last mile of the caller, including the connection, is all open to sniffing and exposed to cyber-attack. When the call is complete and the caller's cell phone is disconnected, the VPN link must be terminated, whereby VPN layer 5 coordinates the closure of the VPN session and the caller's cell phone is disconnected from the VPN host.

The adaptation of virtual private networks, originally created for computer-to-computer data transfer, has some major problems.

Last mile communication from the destination VPN gateway to the destination mobile phone is not secure and there is a risk of sniffing and surveillance.

* Last mile communication between the caller's mobile phone and the VPN gateway is secure only if the caller is using a data communication based app. When a caller connects to a VPN gateway using a telephony link, i.e. a dial feature, the last mile communication from the caller's cell phone to the nearest VPN gateway is not secure and there is a risk of sniffing and surveillance.

The call is secure end-to-only if both parties use data communication and do not use telephony over their associated last mile link, and only if both parties join the same VPN prior to initiating the call. Can be an end. The last important item emphasizes the paradox of secure VPN communication-the person who is being called needs to know that they are being called before they are called, in order to join the network. In order to inform them that they are on the phone, they must first connect and be instructed to log in to the VPN before the call begins. In essence, in order to connect to secure telephone calls, they must receive unsecured telephone calls. Unsecured phone calls are easily hacked, sniffed, and monitored. In addition, the metadata of the unsecured currency exposes who is calling, who is calling, and when the call is made. Currency metadata is very useful in tracking people's activities or profiling them as targets of crime.

Ignoring security concerns, there is no guarantee that placing a call over a VPN or sending a document will not fail for any of other reasons, including:

* VPNs may not work with latency short enough to support real-time applications, VoIP, or video.

VPN last mile connections from the caller to the VPN gateway or from the VPN gateway to the call receiver may not operate with a latency that is short enough to support real-time applications, VoIP or video.

* The VPN gateway, or "last mile," closest to the caller or intended receiver, can be very far away, possibly farther than the distance to the call receiver without the VPN, so that the connection may have excessive latency, network instability, It exposes numerous opportunities for uncontrolled routing through unknown networks, various QOS, and man-in-the-middle attacks in the unprotected portion of the connection.

* VPN last mile connections from the VPN gateway to the call receiver may not support "call out" connections and packet forwarding or support links to local telco.

* Local carriers or government censors may block calls or connections to and from known VPN gateways for national security or compliance reasons.

* When using a corporate VPN, VoIP calls may be restricted to and only from company employees and designated authorized users, financial transactions and video streaming may be blocked, and private email to public email servers such as Yahoo, Google, etc. It can be blocked, and many websites like YouTube, chat programs or Twitter can be blocked according to company policy.

For unstable networks, the VPN can be opened and maintain a persistent session connected to the caller's device until manually reset by the VPN operator. This can result in loss of bandwidth or subsequent connection costs for subsequent connections.

Network Comparison — Comparing the communications provided by the “over the top” OTT provider with the communications systems that use the public network to connect to the ad hoc VPN, in addition to the VPN link itself, most of the two communications systems have nearly identical components and connections. It can be seen easily. Specifically, the last mile of the caller, including the cellular phone WiFi wireless connection, WiFi base station, wired connection, and router, represents the same last mile connectivity in both embodiments. Similarly, on the last mile of another party, the caller's cell phone, cell phone connection, cell base station and tower, wired connection and router are the same for both the Internet and VPN versions. The main difference is that VPN tunnels with secure communications between VPN hosts in public networks are replaced by servers / routers that involve unsecured communications throughout the cloud. Another difference is in OTT communication, where the call can be used immediately, and when using a VPN, extra steps are required to establish a VPN and to terminate the VPN session before and after the call.

In both examples, last mile connections provide unpredictable call QOS, exposure to packet sniffing, and cyber attack risk. Since the server / router is managed by different ISPs in different locales, the server can be interpreted as other existing clouds. For example, a public open network owned and operated by Google, Yahoo, Amazon, and Microsoft may be considered different clouds, for example as an "Amazon cloud", although they are all interconnected by the Internet. Can be.

Competitive or less popular topologies, peer-to-peer networks, or PPNs include networks composed of a large number of peers with packet routing managed by the PPN, not routers or ISPs. Although peer-to-peer networks have existed in hardware for decades, it was Napster that popularized the concept as a means of avoiding the control, cost, and regulation of Internet service providers. When the lawsuit was filed under US government regulations on music piracy, Napster's pioneers left and invaded early OTT carrier Skype. At that time, Skype's network was converted from traditional OTT to a Napster-like PPN.

In a PPN operation, every device that forms a login connection to a PPN becomes one or more nodes in the PPN. For example, in one geographic location, when a cell phone with PPN software installed logs in to a peer-to-peer network, all other connected devices in that area become part of the network. When you make a call from one device to another, the other device is connected to another device connected to the PPN. For example, if a mobile phone uses its PPN connection to make a call to another PPN connected device, such as a mobile phone, then the call follows a bypass path through any device (s) physically located in the PPN between the two parties. . For example, a call from a caller's cell phone can be routed by WiFi to a nearby desktop, then to another person's laptop, to another desktop, to another desktop, and finally to a local cellular base station and tower. Through the connection to the destination mobile phone. In this way all routing was controlled by the PPN, and the Internet was not included in the management of the routing. As used by both parties, the PPN software used to connect to the network acts as an application for VoIP based voice communication.

If one cell phone wants to talk to a non-PPN device cell phone on the other side of the earth, routing may necessarily include the Internet on some links, especially to send packets across the ocean or mountain range. At the local geographic location, the first portion of routing proceeds in a manner similar to the previous example, starting from the caller's cell phone and routed through the WiFi base station, desktop, notebook, other desktop, and the like. If the closest notebook is connected to the network at this point, the call will be routed through it, otherwise the call will be routed through the local cell tower and tower to the cell phone, after which, before continuing to transmit, the cell tower and tower Return to.

If the phone crosses the Pacific, computers and mobile phones cannot carry traffic across the ocean, so calls must be directed to Internet third party servers / routers in the hosted cloud and to third party servers / routers in other clouds. Routed forward through the connection. For example, when this approaches its destination, the call leaves the Internet and first enters the PPN in the destination geographic location via the desktop, which in turn is connected to WiFi, laptop, and base station. Since WiFi does not run the PPN app, the actual packet entering WiFi must be transported to a tablet or mobile phone in the WiFi subnet and returned to WiFi before being sent over the wired base station and tower over a wired connection. Finally, the caller cell phone call is connected to the destination cell phone and not to the PPN enabling device. Thereby, the connection constitutes a "call out" for the PPN, since it exits the PPN network. When using this PPN approach, locating a call, like a VPN, involves first registering the call device with the PPN network by completing the PPN login. Thereafter, the call can be placed using the PPN app. The advantage of the PPN approach is that PPN operators need little or no hardware to carry calls over long distances, and because every device connected to the PPN regularly updates the PPN operator with respect to its status, loading, and latency. It is possible to determine the routing of packets to minimize delays.

The disadvantage of this approach is that packets represent a potential security threat and also traverse a network containing many unknown nodes with unpredictable impact on call delay and call QoS. Thus, with the exception of Skype, peer-to-peer networks operating at or above Layer 3 are not commonly used in packet switched communication networks.

A comparative summary of ad hoc VPN providers, Internet OTT providers, and PPN peer networks are compared in the table below.

network Virtual private VPN Internet OTT Peer-to-Peer PPN Node Public / Hosted Server Public router / server PPN user Node capability Known Infrastructure Known Infrastructure Mixed, unknown Cloud bandwidth Guaranteed Unpredictable Unpredictable Last mile bandwidth Provider-dependent Provider-dependent PPN dependent waiting time Unmanageable Unmanageable Optimal action Network stability Unmanageable Unmanageable, Duplicate Optimal action Call settings Complex login Not required login User identity username Phone number username VoIP QoS Variable to good Variable Variable Cloud security Encrypted payload only Unencrypted Unencrypted Last Mile Security Unencrypted Unencrypted Unencrypted Sniffable Packet header (cloud)
Full packet (last mile) Full packet Full packet

As shown, VPNs and the Internet constitute a fixed infrastructure, but the nodes of a peer-to-peer network depend on the person logging in and the device connected to the PPN. The high-speed, long-distance connection of the network, for example the cloud bandwidth defined in the context of this table as a network crossing the oceans and mountains, is contractually guaranteed only in the case of VPNs, or otherwise unpredictable. The last mile bandwidth is a local provider that depends on both the Internet and VPN provider, but the PPN depends entirely on who is logged in.

Latency, which is the propagation delay of continuously transmitted IP packets, cannot be managed for OTT and VPN, which does not control routing at the last mile, but instead relies on local telco or network provider, while This is because the location has a limited ability to use the best effort to direct traffic between nodes that are online at that time. Likewise, for network stability, the PPN can reroute traffic to maintain the network, but depends entirely on the logged in person. On the other hand, the Internet is inherently redundant and it is certain to guarantee delivery, but it is not necessarily timely. Network stability for ad hoc VPNs depends on the number of nodes authorized to connect to the VPN host. When these nodes go offline, the VPN is disabled.

In terms of call setup, the Internet is always available, the PPN requires an additional step to log in to the PPN before making a call, and the VPN can involve a complex login procedure. Moreover, most users consider using OTT for phone numbers as a major advantage of ease of use rather than the separate login ID used by OTT for VPN and PPN. All three networks listed are struggling with variable VoIP QoS, and are generally far behind commercial telephony carriers.

From a security point of view, all three options are bad because of the last mile fully exposed to packet sniffing with a readable address and payload. The VPN provides encryption of the cloud connection, but exposes the IP address of the VPN host. Thus the network options shown are not considered to be secure. Thus, encryption is used as an embedded part of the layer 6 protocol or the layer 7 application itself to prevent hacking and cyber attacks by various applications.

Excessive Trust for Encryption-Regardless of whether it is used to encrypt IP packets or to set up a VPN, today's network security is almost entirely dependent on encryption and also presents a weakness in modern packet-switched based communication networks. . For example, much research has been done on how to attack RSA encryption. While limiting prime numbers to large sizes greatly reduces the risk of breaking decrypted D-key codes using indiscriminate force methods, the polynomial element method successfully demonstrates cracking keys based on smaller prime number based keys. It became. There is a concern that the evolution of "quantum computing" will ultimately lead to practical ways of destroying RSA-based and other encryption keys at reasonable cyber attack times.

To overcome the risk of code destruction that existed previously, new algorithms such as the "advanced encryption standard" or AES cipher adopted by US NIST in 2001 and the "larger key" encryption method have emerged. Based on the Rijndael cipher, a design principle known as a substitution-permutation network combines text substitution and permutation using different keys and block sizes. In its current form, the algorithm includes a fixed block size of 128 bits with a key comprising variable lengths of 128, 192 bits and 256 bits, and the corresponding number of iterations used in the input file conversion is 10, 12, and 14 cycles. As a practical matter, AES cryptography can be executed efficiently and quickly regardless of the size of the key in software or hardware. In cryptographic native language, AES based encryption using 256b keys is referred to as AES256 encryption. You can also use AES512 encryption using a 512b key.

While new generations improve encryption technology to create better encryption methods and break them quickly, profit-seeking cybercriminals often focus on their targets rather than simply using computing to destroy encrypted files. As already described, using packet sniffing and port interrogation, cyber pirates can gain valuable information about conversations, company servers, or even VPN gateways. By cyber profiling, it may be easier to launch a cyber attack on a company's CFO or CEO's personal computers, laptops and mobile phones rather than attacking the network itself. Sending e-mail to employers that automatically install malware and spyware when opening embedded links completely bypasses firewall security because they enter the network from the "inside" that they must connect and operate.

If data travels through the network without modification, that is, it is more likely to break encryption. For example, in the network of FIG. 1, the underlying data of packets 790, 792, 794, and 799 do not change as packets move through the network. Each illustrated data packet contains a series of data or sounds that are arranged sequentially at a time or page that was not changed in its original order when it was created. If the content of the data packet is text, reading an unencrypted plaintext file in sequence 1A-1B-1C-1D-1E-1F will appear as "readable" text for communicator number "1". If the content of the data packet is audio, converting, ie, "playing" the unencrypted plain text file in sequence 1A-1B-1C-1D-1E-1F is essentially through a corresponding audio codec, which is a software-based D / A converter. The audio file number "1" will appear as a sound.

In either case, throughout the present invention, each data slot represented by a fixed size box includes a prescribed number of bits, for example two bytes (2B) long. The exact number of bits per slot is flexible as long as all communication nodes in the network know the size of each data slot. Each data slot contains audio, video, or text data, with text following the number in the figures. For example, as shown, the first slot of the data packet 790 has content 1A in which the number "1" represents Designated Communication # 1 and the text "A" represents the first portion of data in Communication # 1. It includes. Similarly, the second slot of the data packet 790 contains the text "1B" where the number "1" indicates that this is part of the same communication # 1 and the text "B" also contains data in the successive communication # 1 of 1A. The content 1B representing the second part of.

For example, if the same data packet includes content "2A" that is included virtually, the data represents the first packet "A" for a different communication, especially for communication # 2 independent of communication # 1. Data packets that contain homogeneous communications, for example all data for communication # 1, are easier to analyze and read than to mix different communications. Data arranged sequentially in the proper order makes it easy for cyber attackers to interpret the characteristics of the data, whether it is audio, text, graphics, photos, video, executable code, or the like.

Moreover, in the illustrated example, since the source and destination IP addresses of the packet are kept constant, i.e., the packets remain unchanged during transmission over the network in the same form as the incoming or outgoing gateway servers 21A and 21F. In this case, since the underlying data does not change, the hacker has more opportunities to intercept the data packets and also have a better opportunity to analyze and open the file or listen to the conversation. Relying only on transport and one-dimensional security, or encryption for protection, increases the risk of cyber attacks, because there is a greater chance of success in the use of oversimplified Internet, such as packet-switched networks.

Real-time network and connected device security

In order to improve the quality of service (QoS) of telephony, video and data communications while addressing the excessive security vulnerabilities that plague today's packet-switched networks, new and innovative systematic approaches to IP packet routing control are required, including heterogeneous technologies. Managing a global network of networks simultaneously supports end-to-end security. The goals of this inventive packet switched network include the following criteria.

1. Ensure the security and QoS of a global network or telco, including dynamically managing the routing of real-time voice, video, and data traffic throughout the network.

2. Ensure the security and QoS of the "local network or telco" in the last mile of the communication network.

3. Ensure the security and QoS of the "last link" of the communication network, including providing secure communication over unsecured lines.

4. Check the security of the communication device and authenticate the user to prevent unauthorized or forged access or use.

5. Promote security measures to store data in devices or online networks or cloud storage to prevent unauthorized access.

6. Provide security and privacy protection for all non-public personal information, including financial, personal, medical and biometric data and records.

7. Provide security and privacy for all financial transactions, including online banking and shopping, credit cards and e-pay.

8. Provides security, privacy protection and anonymity as needed in processing and information exchange, including Machine-to-Machine (M2M), Vehicle-To-Vehicle (V2V), and Vehicle-to-Infrastructure (V2X) communications. .

Among the foregoing objectives, the inventive subject matter contained in this disclosure relates to the second topic described in item # 2, “Security and QoS of a local network or telco within the last mile of a communication network”. This topic can be considered as secure last mile connectivity without sacrificing real time communication performance.

Term Definition

Unless the context otherwise requires, the terms used in describing secure dynamic communication networks and protocols have the following meanings.

Anonymous data packet: A data packet that lacks information about its original, original or final destination.

Client or Client Device: A device, typically a mobile phone, tablet, notebook, desktop, or IoT device, connected to the SDNP cloud via Last Mile.

Concealment: An encoding process that makes the contents of an SDNP packet or portion thereof unrecognized using any sequential combination of security operations such as scrambling, splitting, junk data insertion, and encryption. Recovery of the concealed data requires the execution of reversed reverse functions or decoding processes such as decryption, junk data removal, mixing and unscrambling.

Decryption: A mathematical operation used to convert a data packet from ciphertext to plaintext.

Decomposition Data Storage: The process of fragmenting a data file and hiding its contents before storing the various fragmented files on different data storage nodes.

DMZ Server: A computer server that is not directly accessible from the SDNP network or the Internet, used to store selectors, seed generators, key generators, and other shared secrets. The DMZ may also be referred to as an "air gapped" server, a computer that does not have a wired network connection or access.

Dynamic Encryption / Decryption: Encryption and decryption that relies on dynamically changing keys as data packets traverse the SDNP network.

Dynamic mixing: A mixing process in which the mixing algorithm (the dysfunction of the splitting algorithm) dynamically changes as a function of seed based on conditions such as time, state, and region when a mixed data packet is generated.

Dynamic Scrambling / Unscrambling: Scrambling and unscrambling that rely on algorithms that change dynamically as a function of state, such as when data packets are generated or regions generated.

Dynamic segmentation: A segmentation process in which the segmentation algorithm dynamically changes as a function of seed based on states such as time, state, and region when a data packet is divided into multiple sub-packets.

Encryption: A mathematical operation used to convert a data packet from plaintext to ciphertext.

Fragmented Data Transfer: Routing of segmented and mixed data over an SDNP network.

Junk Data Deletion (or “De-junking”): Removal of junk data from a data packet to restore the original data or to restore the original length of the data packet.

Junk Data Insertion (or “juncking”): Intentionally introducing nonsense data into a data packet, in order to obfuscate the actual data content or to manage the length of the data packet.

Key: A spoofed digital value generated by entering a state, such as time, into a key generator that uses a secret algorithm to generate a key. The key is used to select an algorithm that encrypts the data of the packet from the selector. The key can be used to securely pass information about the state over a public or insecure line.

Key exchange server: To prevent any possibility of network operator spying, the public encryption key is applied to the client, and optionally to a server using symmetric key encryption, in particular client-managed key management, i.e. end-to-end encryption. Computer servers, often independent of third-party hosted and SDNP network operators, used to distribute to clients based on the network.

Last link: A network connection between a client's device and a first device in a network to which it communicates, typically a radio tower, WiFi router, cable modem, set-top box, or Ethernet connection. In the case of Ethernet communication, the last link includes a physical “tethered” (ie wired) connection to a cable modem or a fiber modem. For a WiFi connection (eg in a cafe), the last link includes a WiFi router connected to a DSL, cable, or fiber network. In cellular networks, the last link includes a radio link between the cellular tower and the mobile phone, which may include, for example, 3G or 4G / LTE.

Last mile: A network connection between a client and gateway media node within an SDNP or other type of network or cloud, including a last link. Last miles typically include communications across networks owned and operated by local telco and cable companies, such as Comcast cable, Verizon cellular, Korean Telecom, British Telecom, and the like.

Mixing: Combining data packets from different sources that may include different data types to produce one longer data packet (or a series of smaller sub-packets) with unrecognizable content. In some cases, previously split data packets are mixed to restore the original data content. Blending operations may also include inserting and deleting junk data and parsing.

Multiple PHY or Multi-PHY: A communication comprising alternating transmission of related sequential data packets across multiple physical media, such as fiber and 4G, different WiFi channels and frequencies, 4G and WiFi, Ethernet WiFi, and the like.

Parsing: A numerical operation that breaks a data packet into shorter sub-packets for storage or transmission.

Router: A device that directs the routing of datagrams to destination addresses specified in their IP headers. For packet routing outside the SDNP network, the IP address used may represent a valid Internet IP address (an address recognized by the DNS server), or it may represent a NAT address assigned by a network address translator operated by a local network provider. (E.g., Comcast assigns its own internal IP address for communication within the Comcast cable / fiber network).

Scrambling: The act of changing the order or sequence of data segments in a data packet from its natural order to an unrecognizable form.

Splitting: The operation of splitting a data packet (or series of serial data packets) into multiple sub-packets routed to multiple destinations. The partitioning operation may include inserting and deleting junk data.

SoftSwitch: Software containing executable code that performs the functions of a telecommunications switch and router.

SDNP: Abbreviation for "Secure Dynamic Communication Network and Protocol," meaning a hyper-secure communication network made according to the present invention.

SDNP Address: The address used to route the SDNP packet through the SDNP cloud or over the last mile containing only enough information to perform a single hop, namely the ad hoc IP address of the next destination device.

SDNP Management Server: A computer server used to distribute executable code and shared secrets to SDNP servers worldwide or in designated zones.

SDNP bridge node: An SDNP node that connects one SDNP zone or cloud to another zone or cloud with different security entitlements.

SDNP client or client device: A networked device, typically a mobile phone, tablet, notebook, desktop or IoT device, that runs an SDNP application to connect to the SDNP cloud, typically via last mile.

SDNP cloud: A network of interconnected SDNP servers running softswitch executable code to perform SDNP communication node operations.

SDNP Gateway Node: A media node that connects the SDNP Cloud to client devices via Last Mile. The SDNP Gateway Node requires access to at least two zones (of the SDNP cloud and of the last mile).

SDNP media nodes: special identification tags according to instructions from signaling servers or other computers that perform signaling functions, including encryption / decryption, scrambling / unscrambling, mixing / splitting, tagging, and SDNP header and subhead generation Softswitch executable code to process incoming data packets. The SDNP media node identifies the incoming data packet with the designated tag and then sends the newly created data packet to the destination.

SDNP media server: A computer server that hosts a softswitch that performs the functions of an SDNP media node in dual channel and triple channel communications and also performs the operations of the SDNP signaling node and the SDNP name server node in single channel communications.

SDNP name server: A computer server that hosts a softswitch that performs the functions of an SDNP name server node in three-channel communications.

SDNP Name Server Node: Softswitch executable code that manages a dynamic list of all SDNP devices connected to the SDNP cloud.

SDNP Network: An entire hyper-secure communication network that extends from client to client, including last link and last mile communications, as well as SDNP clouds.

SDNP node: An SDNP communication node that includes a software-based "softswitch" operating on a computer server or alternatively a hardware device connected to an SDNP network, and acts as an SDNP node as a media node, signaling node or name server.

SDNP Server: A computer server that includes a SDNP Media Server, an SDNP Signaling Server, or an SDNP Name Server and hosts a softswitch function that is applicable to act as an SDNP node.

SDNP signaling node: Initiates a call or communication between parties and determines all or part of multiple routes for transmitting fragmented data based on caller criteria, instructing SDNP media how to manage incoming and outgoing data packets. Softswitch executable code.

SDNP signaling or signal server: A computer server hosting a softswitch that performs the functions of an SDNP signaling node in dual channel and triple channel SDNP communication, and also performs the task of an SDNP name server node in dual channel communication.

SDNP Tag: A source address, SDNP Zip Code, or any other code used to identify an incoming data packet or its sub-packet.

Secure operation: The process of modifying a data packet to conceal (or recover the contents of the concealed packet) using state-dependent secure credit credentials associated with the area and state where the packet is generated.

Security settings or secure credentials: Seeds and keys generated by the seed generator or key generator using secret algorithms with constantly changing input states such as network time, and thus can be transmitted securely over public or non-secure lines. Same digital value.

Seed: A spoofed digital value generated by entering a state, such as time, into a seed generator that generates a seed using a secret algorithm. The seed is used to select an algorithm from the selector to scramble, encrypt or partition the data in the packet. Seeds can be used to securely pass information about status via public or non-secure lines.

Selector: A list or table of possible scrambling, encryption, or partitioning algorithms that are part of a shared secret and are also used with a seed or key to select a particular algorithm for scrambling, unscrambled, encrypting, decrypting, splitting, or mixing packets or packets.

Shared secrets: scrambling / unscrambling, encryption / decryption, and mixing, as well as algorithms used by seed generators, key generators, zone information, and algorithm shuffling processes stored locally on DMNP servers or inaccessible over SDNP networks or the Internet. Confidential information about the operation of the SDNP node, including a table or selector of a partitioning algorithm.

Single PHY: Communication of related data packets transmitted over a single physical media, eg only over fiber, or Ethernet, or WiFi, or a cellular network.

Status: An input such as location, zone, or network time used to dynamically generate security settings such as seeds or keys, or to select algorithms for specified SDNP actions such as blending, splitting, scrambling, and encryption.

Time: Universal network time used to synchronize communications across the SDNP network.

Unscrambling: The process of restoring a data segment of a scrambled data packet in its original order or sequentially. Unscrambling is a reverse function of scrambling.

Zone: A network of designated interconnected servers that share a common security credential and shared secret. Last mile connections include separate areas from them in the SDNP cloud.

Secure Dynamic Communication Network and Protocol (SDNP) Design

In order to minimize real-time packet latency, ensure reliable call connectivity, and deliver the highest integrity of voice communications and video streaming, and to prevent cyber attacks and hacks in packet-switched communications, open secure dynamic communications networks and protocols or SDNP It is designed according to a number of guiding principles, including:

Real-time communication should always occur using the shortest latency path.

* Unauthorized inspection or sniffing of data packets shall not provide information about the origin, location of the packet, or what is inside it.

The data packet payload must be dynamically re-encrypted. That is, they must be decrypted using different encryption algorithms and then re-encrypted without the risk of being hacked at any reasonable time.

* Even after they are decrypted, all data packet payloads still contain an incomprehensible payload that includes irrelevant data mixed with the dynamic scrambled mix of multiple conversations and the junk packet filler. Implementation of such instructions includes, in various embodiments, various inventive inventive methods, functions, features, and implementations, including some or all of the following.

SDNP uses one or more dedicated clouds containing telcos, ie telecommunications systems, which are soft-switch functions realized using proprietary command and control software not accessible via the Internet.

* All intra cloud communication takes place using dedicated SDNP packet routing within a proprietary cloud based on SDNP addresses and dynamic ports (ie, proprietary NAT addresses) rather than DNS aware IP addresses. SDNP addresses cannot be used or routed on the Internet or outside the SDNP cloud.

SDNP networks continuously identify and dynamically route all real-time communications through the lowest latency path available.

* Real-time communications are not routed outside the SDNP cloud or over the Internet, except when using single hop routing with inter-cloud and last mile communications and generally invisible addresses.

The routing data contained in the data packet identifies the routing for a single hop between two adjacent devices, identifying only the SDNP or IP address of the last and next server.

The telephone number or IP address of the caller and receiver, i.e. each source and destination address of the client, does not exist in the IP packet header nor in the encrypted payload.

* Command and control-related shared secrets exist in system software installed on secure DMZ servers that cannot be accessed over the Internet.

* SDNP packet communication consists of three independent channels: a "name server" used to identify elements within the SDNP cloud, a "media server" used for content and data routing, and "signaling" used for packet and call commands and controls. Server ".

The routing information, along with the key and numeric seeds (as required), is supplied to all participating media servers via an independent signaling channel prior to the call or communication and no content is supplied. The signaling server supplies the media server with only the last and next destinations of packets traversing the network.

Media packets contain fragmented data representing only a portion of a call, document, text or file, and are dynamically mixed and remixed with other packets containing different sources and different types of fragmented data.

Special security methods are used to protect the first and last mile communications, including separating signaling server related communications from media and content related packets.

* Packet transmission is based on enhanced UDP or voice and real-time video or Content type dependent with stream.

* Special security and authentication methods are used to verify that the device is a real client, not a duplicate, and to authenticate that the person communicating is not the fraudster, but the true owner of the device.

To ensure secure communication with low latency and high QoS, the described "Secure Dynamic Networks and Protocols" or SDNP utilizes a unique "Dynamic Mesh" network that includes:

* Dynamically adaptive multipathing and mesh routing with minimal latency

Dynamic Packet Scrambling

* Dynamic segmentation using packet segmentation, mixing, parsing and junk bit packet filler.

* Dynamic intra-node payload encryption across the network or cloud.

Dynamic network protocol with address masquerading and routing information to know.

Multichannel communication to separate media and content from signaling, command and control, and network addresses

Data type Dynamic adaptive real-time transmission protocol with specified characteristics and contextual routing.

* Support for client encrypted payloads by user key management.

* Lightweight audio codec for high QoS in crowded networks.

As mentioned above, SDNP communication relies on multipath and mesh communication to dynamically route data packets. In the SDNP communication according to the present invention, unlike the contrasting single root packet communication used for Internet OTT and VoIP communication, the content of the data packet is delivered serially by a consistent packet containing information from a common source or caller. But in a fragmented form that dynamically mixes and remixes content that appears from multiple sources and callers, where the data aggregates incomplete portions of data, content, voice, video, and files of similar data types into a junk data filler. do. An advantage of the described realization of data fragmentation and transmission is that it is almost impossible to interpret because unencrypted and unscrambled data packets represent a combination of irrelevant data and data types.

By combining fragmented packet mixing and packet scrambling with packet scrambling and dynamic encryption, these dynamically encrypted, scrambled, hybridized packets of fragmented data produce a shared secret, key, numeric seed, data generation, packet, and Contains a meaningless packet that is completely incomprehensible to any party or observer without the time and state variables used to dynamically repacket

In addition, the fragmented content of each packet, and the secret used to generate it, are only valid for a few seconds before the packet is reconstructed with the new fragment and new security rules such as modified seeds, keys, algorithms, and ciphers. Limited cycles for cyber pirates to destroy and open state-dependent SDNP data packets further enhance SDNP security, requiring 100,000 processing cycles per second, and 12 times greater challenge than time to destroy .

The combination of the above methods promotes multidimensional security far beyond the security that can be obtained from static encryption. Thus, the described secure dynamic communication network and protocol are referred to herein as a "hypersecurity" network.

Data Packet Scrambling —According to the described invention, secure communication over a packet-switched network relies on several factors to prevent hacking and ensure security, one of which includes SDNP packet scrambling. SDNP packet scrambling rearranges data segments out of order, making the information incomprehensible and useless. As shown in FIG. 2A, unscrambled data packets processed through scrambling operation 924, that is, data packets 923, appear as scrambled data packets 925. The scrambling operation may use any algorithm, numerical method, or sequencing method. The algorithm may represent a static equation or may include dynamic variables or numerical seeds based on "states" such as the time 920 at which scrambling occurred and the numeric seed 929 generated by the seed generator 921, This may generate seed 929 using an algorithm that depends on a state such as time 920 at scrambling. For example, if each date is monotonically converted to a unique number in ascending order, all seeds 929 are unique. The time 920 and seed 929 may be used to select the specified algorithm, or may be used to select or calculate the specified scrambling operation 924 selected from the scrambling algorithm 922 from the list of available scrambling methods. have. In the data flow diagram, it is convenient to illustrate this packet-scrambling operation and sequence using a schematic or symbolic representation, as shown here by the symbol 926.

The unscrambled operation shown in FIG. 2B illustrates the adverse function of the scrambling operation 924, in particular the unscrambled operation 927, where the state or time 920 and corresponding state used to generate the scrambled data packet 925 is corresponding. Seed 929 is reused to return unscrambled data, particularly unscrambled data packet 923. Using the same state or time 920 as was used when packet scrambling first occurred, the same scrambling method must be used again in scrambling operation 927, as selected from the scrambling algorithm list 922. The scrambling algorithm list 922 refers to the term "scrambling" and the same algorithm table is used to identify and select the dysfunctions needed to perform "unscrambling", ie the scrambling algorithm list 922 scrambles the data packet and It also contains the information needed to unscramble the data packet. Since both functions include the same steps performed in reverse order, the list 922 may be renamed as the "scrambling / unscrambling" algorithm list 922. However, for the sake of clarity, the table is only displayed by function, not by half function.

If the scrambling algorithm selected to execute the unscrambling operation 927 does not match the original algorithm used for scrambling the packet, or if the seed 929 or state or time 920 does not match the time scrambling that occurred, unscramble The operation will fail to recover the original unscrambled data packet, and the packet data will be lost. In the data flow diagram, it is convenient to describe this packet unscramble process and sequence using a schematic or symbolic representation, as shown here by the symbol 928.

In accordance with the disclosed invention, many algorithms perform scrambling operations as long as the reversible process, which means repeating the steps in the reverse order of the original process, returns each data segment to its original and proper location in a given data packet. It can be used to Mathematically, an acceptable scrambling algorithm is a reversible algorithm, that is, function F (A) has an anti-function F- ¹ (A) or alternatively has a corresponding inverse of which the transformation has a corresponding F ^-1 [F (A)] = A, which means that the data file, sequence, text string, file or vector (A) processed by function (F) is subject to subsequent processing using inverse function (F ^-1 ). This means restoring the original input (A) undamaged in the value or sequence.

An example of such a reversible function is illustrated by the static scrambling algorithm shown in FIG. 2C which includes a mirroring and phase shift algorithm. In a mirroring algorithm, data segments are swapped as mirror images with other data segments around a line of symmetry defined by a module or "mod" of the mirroring process. In mode-2 mirroring as shown, every two data segments of the original input data packet 930 are exchanged, i.e., 1A and 1B are centered between the first and second data segments. To generate a scrambled output data packet 935 having a center of symmetry between the fourth data segments, or mathematically as 1.5 ^th , 3.5 ^th , 5.5 ^th , ..., (1.5 + 2n) ^th positions The positions are exchanged, such as 1C and 1D, 1E and 1F.

In mode-3 mirroring, the first and third data segments of every three data segments are swapped, while each of the three pairs of intermediate packets remain in their original positions. Thus, to generate scrambled data packet output 936, data segments 1A and 1C are swapped, while 1B is held in the center of three pairs, data segments 1D and 1F are swapped, and 1E is It is kept in the center of three pairs. For mode-3 mirroring, the lines of symmetry are centered at 2 ^th , 5 ^th , 8 ^th , ..., (2 + 3n) ^th positions.

In mode-4 mirroring, in order to generate the scrambled output data packet 937 from the input data packet 931, the first and fourth data segments and the fourth and third data segments of every four data segments are generated. Swapped. Thus, data segment 1B is swapped with 1D and data segment 1B is swapped with 1C. In mode-4 mirroring, the line of symmetry is centered between all four pairs of second and third data segments, for example between the second and third data segments, the sixth and seventh data segments, or the like, or Mathematically, it is at position 2.5 ^th , 6.5 ^th , ..., (2.5 + 4n) ^th . For mode-m mirroring, the m ^th data segment of the input data packet 932 is swapped with the first, i.e., 0 ^th data segment; The 0 ^th data segment is swapped with the m ^th element, and likewise the n ^th element is swapped with the ^th data segment to generate (mn) a scrambled output data packet 938.

Another scrambling method also shown in FIG. 2C is a frame shift in which all data segments are shifted left or right by one frame, two frames, or more frames. For example, in a single frame phase shift, all data segments are shifted by one frame to produce scrambled output data packet 940, where the first data segment is shifted to a second position; The second data segment is shifted to the third frame. In the example shown, frame 1F, which is the last frame of the input data packet 930, is shifted to the first frame previously occupied by the data segment 1A.

In a two-frame phase shift, the first data segment 1A of the input data packet 930 is shifted by two frames to a position already occupied by the data segment 1C, and the fourth frame 1D is scrambled. Shifted to the last position of the output data packet 941, next to the data segment 1E is shifted to the first position, and the final position 1F is shifted to the second position. Similarly, in a four frame phase shift, the data segment of the input data packet 930 is already held by 1E, 1B where the first frame 1A replaces 1A, to produce a scrambled output data packet 942. It is shifted to the fourth position by the first frame 1A replacing the frame. In the case of maximum phase shift, the first frame replaces the last, the second frame originally maintained by 1B becomes the first frame of the output data packet 943, the second element is shifted to the first position, The third position is shifted to the second position. Phase shifting one frame beyond the maximum phase shift results in unchanged output data from the input. The example shown includes a phase shift in which data is shifted to the right. This algorithm moves to the left but the result is also applied to other phase shifts.

The foregoing algorithm and similar methods as disclosed are referred to herein as static scrambling algorithms because the scrambling operation occurs in a single time to convert the input data set into its own output. Moreover, the algorithm already shown does not depend on the value of the data packet to determine how scrambling occurs. As shown in FIG. 2D, in accordance with the disclosed invention, parametric scrambling is based on values derived from data contained within the data packet itself, for example, a table of scrambling algorithms capable of a scrambling method, eg, classification #A, Means selected from category #B. For example, assume that each data segment can be converted to a numerical value based on the calculation of the data contained within the data segment. One way to determine the numerical value of a data segment is to use the same decimal or hexadecimal number as the bit data in the data segment. If a data segment contains multiple terms, you can sum the numbers in the data segment to find the number. The data segment data is combined with a single number or "parameter" and then used to select which scrambling method is used.

In the example shown, the scrambled data packet 930 is converted to a data table 951 that includes a numerical value for each data segment as a parameter at step 950. As shown, the data segment 1A, which is the 0th frame, has a numerical value of 23, and the data segment 1B, which is the first frame, has a numerical value of 125. The single data packet value is extracted at step 952 for the entire data packet 930. In the example shown, the sum 953 represents a linear sum of all data segment values from the table 951 that is all 1002 parametrically, and the sum is 1002 parametrically. In step 954, this parametric value, ie, the sum 953, is compared to the sum 953 over a number of non-overlapping numeric ranges in the table 955 to determine what kind of sorting routine should be used. It is compared against a state table, which is a set of predefined states in software. In this example, the parameter value 1002 is in the range of 1000 to 1499, which means that classification #C should be used. Once the sort routine has been selected, the parameter value is no longer required. Unscrambled data input 930 is then scrambled by the method selected in step 956 to generate scrambled data packet output 959. In the example shown, classification #C summarized in table 957 includes a set of relative movements for each data segment. The zeroth frame, which is the first data segment of the scrambled data packet 959, is determined by moving the 1D data segment three times, i.e., by three shifts to the left. The first frame includes a data segment 1B that has not changed from its original position, that is, zero movement. The second frame contains 1E, which is a data segment moved twice from its original position. The same applies to the third frame including the data segment 1F shifted left by two from its original position. The fourth frame of scrambled data packet output 959 includes a data segment 1C, ie +2 shift, shifted from its original position to the right. The fifth frame includes the data segment 1A shifted five times, ie +5, to the right from its original position.

In this manner, summarized in Table 957 for Class #C, all data segments are uniquely moved to a new location to produce parametrically determined scrambled data packets 959. To unscramble the scrambled data packet, to ensure that the same algorithm is selected to perform the scrambling operation, the parameter value 953 of the data packet cannot be changed as a result of the scrambling operation. For example, using a linear sum of the parameter values of all data segments produces the same number regardless of the order of the numbers.

Dynamic scrambling uses a system state, for example time, to identify the condition when the data packet was scrambled, such that the same method can be selected to perform the unscrambling operation. In the system shown in FIG. 2E, the state is used to generate a faked numerical seed sent to the sender or receiver of the package, which then uses the seed to select a scrambling algorithm from the table. Alternatively, the state itself may be sent to the sender or receiver, which may be used by a concealed number generator located at the sender or receiver to generate the concealed number used to select the scrambling / unscrambling algorithm. Thus, in FIG. 2E, the state, for example time 920, is used to generate the concealed number 961 using the concealed number generator 960 and to select the scrambling method from the scrambling algorithm list 962. The concealed number generator 960 can also directly input the concealed number HN 961b into the scrambling operation 963, where HN can serve as a variable in the scrambling operation execution. Thereafter, scrambling operation 963 converts unscrambled data packet 930 into scrambled data packet 964. As shown in FIG. 2F, state 920 may be passed directly to the concealed number generator 960, or state 920 may be passed through the seed generator 921 to the concealed number generator.

The advantage of using a concealed number to select a scrambling algorithm instead of a numerical seed is that the likelihood that a cyber criminal will regenerate a scrambling table by analyzing the data stream, ie, statistically associating a repeated set of scrambled data with the corresponding numerical seed. Is to remove it. Although the seed may be visible in the data stream and thus exposed to spy activity, the concealed number generator and concealed number (HN) are based on a shared secret. Thus, a hidden number (HN) means that it is not present in the data stream or is exposed to spy activity or sniffing, and is not generated over the network but generated locally from the numeric seed. This mathematical operation of the concealed number generator imposes an additional layer of security that frustrates hackers because the purpose of the numerical seed is disguised.

Once the algorithm is selected, the numerical seed may be used as an input variable in the algorithm of the scrambling process 963. The dual use of numeric seeds is that the seed does not directly select the algorithm, but works with it. Determine the final sequence of scrambled data segments. In a similar manner, in order to scramble dynamically scrambled data packets, the seed 929 (or alternatively the state or time 920) may be a node that desires scrambling from a communication node, device or software that initially performs scrambling or It must pass through the device.

In accordance with the disclosed invention, the seed generation algorithm 921, the concealed number generator 960, and the list of scrambling algorithms 962 are “shared secrets”, stored at the DMZ server (as described below) or as senders of data packets. Represents information unknown to the recipient. The shared secret is pre-established and possibly not related to the communication data packet to be sent during code installation where various authentication procedures are used to ensure that the secret is not leaked. As described below, shared secrets are restricted to "zones" so that hackers cannot access the entire communications network or intercept real-time statements if they know one set of stolen secrets.

In addition to any shared secrets in dynamic scrambling where the scrambling algorithm changes during data packet transmission, a seed based on "state" is required to scramble or unscramble the data. This state, upon which the seed is based, is time, It may include any physical parameter such as a communication node number, network ID or GPS location. The algorithm used by the seed generator to generate the seed is part of the shared secret, so the knowledge of the seed does not allow to determine the state upon which the seed is based. The seed can be passed from one communication node to the next by embedding it in the data packet itself, and by transmitting it over another channel or path, or some combination thereof. For example, the state used to generate the seed may include a random number generated by the counter and subsequently incremented by a certain number each time the data packet traverses the communication node, each count being a specific scrambling algorithm. Indicates.

In one embodiment of dynamic scrambling, of the first instance of scrambling, a random number is generated to select the scrambling method used. This random number is embedded in the data packet in the header or portion of the data packet that is reserved for command and control and is not exposed to scrambling. When the data packet arrives at the next node, the embedded number is read by the communication node and also used by software to select the appropriate algorithm to unscramble the incoming data packet. The number, or "count," is incremented next by one count or some other predetermined integer, the packet is scrambled according to the algorithm associated with this new number, and the new count is also stored in the data packet output overwriting the previous number. do. The next communication node repeats the process.

In another embodiment of the counter based method described for selecting a scrambling algorithm, a random number is generated to select an initial scrambling algorithm, which number is all communication nodes used to transmit a designated data packet as a "shared secret". Is passed to. For example, counts beginning with zero are also embedded in the data packet in the data packet of the header or portion of the data packet reserved for command and control and not exposed to scrambling. The data packet is then forwarded to the next communication node. When the packet arrives at the next communication node, the server reads the value of the count, adds the count to the initial random number, identifies the scrambling algorithm used to scramble the data packet, and accordingly unscrambles the packet. The count is then incremented by one or any predetermined integer, where the count is again stored in the header of the data packet or any portion of the data packet reserved for command and control and not exposed to scrambling to overwrite the previous count. Random numbers that function as shared secrets are not communicated in communication data packets. When the data packet reaches the next communication node, the server adds a random number shared secret added to the modified counter value extracted from the data packet. This new number uniquely identifies the scrambling algorithm used by the last communication node to scramble incoming packets. In this way, a cyber pirate who doesn't know what the data means can only intercept a meaningless count number.

In another alternative method, the concealed number can be used to communicate the state of the packet and which algorithm was used to scramble it. A concealed number is never communicated between secret nodes, ie communication nodes, and therefore with a shared secret, which generally includes a numerical algorithm together to generate a "hidden number" that cannot be sniffed or found by any intermediate attacker or cyber pirate. Combine time varying states or seeds together. The concealed number is used to select the scramble algorithm used. Without knowing the algorithm used to calculate the hidden number, the state or seed is meaningless, because the amount of monitoring of network traffic can vary because shared secret algorithms can be stored behind a firewall that is not accessible through the network or the Internet. It doesn't expose the pattern. To further complicate the problem, the location of the seed may represent a shared secret. In one embodiment, the number carried by the unscrambled portion of the data packet and observable by data sniffing, e.g., 27482567822552213, includes a long number where only a portion of the number represents a seed. For example, if the third to eighth digits represent the seed, the actual seed is the bolded number 27482567822552213 rather than the entire number, ie the seed is 48256. This seed is combined with a shared secret algorithm to generate a concealed number, which is used to select a scramble algorithm that changes dynamically throughout the network.

Application of scrambling of data packets in the SDNP network is described in US application Ser. No. 14 / 803,869, filed Jul. 20, 2015, entitled "Secure Dynamic Communication Network and Protocol." Applying data packet scrambling in last mile communication will be described in more detail in this disclosure.

As described, although scrambled, data traversing the network may be referred to as "plain text" because the actual data is present in the data packet, i.e., the packet was not encrypted with cipher text. In contrast, in cipher text, whether or not scrambled, a text string containing original data is translated into a series of meaningless text using an encryption key, and cannot be restored to its original plain text form without a decryption key. The role of encryption in the described SDNP based communication is discussed in more detail in the section "Encryption" below.

In order to change the order of data packets during transmission over the network, packet "rescrambling" is required as shown in FIG. The process of packet rescrambling returns the scrambled data packet to its unscrambled state before rescramble it. Thus, as used herein, the term “rescrambling” typically refers to unscrambled data packets and then rescrambled them with different scrambling algorithms or methods. This approach avoids the risk of data corruption that may occur by scrambling previously scrambled packages and also losing the sequence tracks needed to restore the original data. As shown, once initially scrambled by the packet scrambling operation 926, the scrambled data packet 1008 is first unscrambled operation 928 using the inverse operation of the scrambling algorithm used to scramble the data. Unscrambled, and then "re-scrambled" by scrambled data packets with a new scrambling operation 926 using a different scrambling algorithm than that used in the previous scrambling operation 926. The resulting rescrambled data packet 1009 is different from the previous scrambled data packet 1008. Rescrambling operation 1017 includes a continuous application of unscrambling followed by scrambling referred to herein as “US rescrambling”. To recover the original data packet 930, the final packet unscramble operation 928 requires using the inverse functionality of the same algorithm used to last rescramble the data packet.

According to the disclosed invention, static and dynamic scramble of the data makes the interpretation of the unscrambled data meaningless, realigns the sound with unrecognizable noise, reorders the video with video snow, and scrambles the unrecoverable code. do. On its own, scrambling provides a great level of security. However, in the SDNP method described herein, scrambling is only one element used to provide and guarantee free communication from hacking, cyber attacks, cyber pirates, and intermediate attacker attacks.

Packet Encryption —According to the disclosed invention, secure communication over a packet-switched network relies on several factors to prevent hacking and ensure security, one of which includes SDNP encryption. As already described, encryption in Greek, meaning "hidden, concealed, obscure," converts general information or data, commonly referred to as "plain text," into "cryptographies" that contain difficult-to-understand formats that cannot be read without secret knowledge. Indicates a means. In modern communications, such secret knowledge generally involves sharing one or more "keys" used to encrypt and decrypt data. The key generally includes a pseudo random number generated by an algorithm. Many articles and texts today are "Encryption" by Neal Stephenson © 1999, "Codebook: Simon Scythe" by 1999, "The Book of Secrets from Ancient Egypt to Quantum Cryptography," Neels Ferguson Ferguson) can be used to discuss the advantages and disadvantages of various cryptographic techniques, such as "Real Encryption" by 2013 and "Decryption: A Study on Ciphers and Their Solutions," first published in 1939.

Although the concept of encryption or cryptography is old and well known to those skilled in the art, the application of encryption in the disclosed secure dynamic communication networks and protocols is unique and end-to-end encryption in the network architecture itself, regardless of any client's own encryption. And single hop node-to-node dynamic encryption. SDNP communication consists of a basic rule given sufficient time, and also irrespective of the encrypted ciphertext, any static encrypted file or message can eventually be destroyed and its information stolen. While this assumption may be inaccurate in practice, there is no need to prove or disprove the proposition because the opposite is true: waiting for a specified encryption method to fail may result in unacceptable and irreversible consequent damage.

Instead, SDNP communication is based on the premise that all encrypted files have a limited "validity period", that is, encrypted data is only secure for a limited period of time and secret data must be re-encrypted dynamically, and also at regular intervals. Metaphorically, it ideally occurs much more often than the best time estimate required to crack the encryption with a state-of-the-art computer. For example, if a cryptographer estimates that an opposing server farm of a crypto engine can break a given cipher within a year, the data packet will be re-encrypted every second or even every 100 ms in SDNP communication. However, the best technology is shorter than it can crack. Thus, SDNP encryption is necessarily dynamic, ie time-varying, and also varies spatially, ie depending on the location of the communication node in a packet-switched network or geographic location. Thus, as used herein, the term "re-encryption" or "re-encryption" refers to decrypting a data packet and then encrypting it again, typically with a different encryption algorithm or method.

Thus, SDNP encryption repeatedly converts data from unencrypted plain text into encrypted text repeatedly, making the information incomprehensible and useless. Although the data encryption of a given packet is miraculously destroyed by using the SDNP's dynamic encryption method, the next data packet uses a completely different encryption key or cipher, and also requires a completely new effort to crack that encryption. By limiting the total content of each data packet, each uniquely encrypted, the potential damage of unauthorized access is mitigated, because the exposed data packet itself is so small that it contains data files that are not meaningful and useful by the cyber pirates. Because. Moreover, by combining dynamic encryption with the SDNP scrambling method described above, communication security is greatly improved. Even in its unencrypted form, an intercepted data file contains only small snippets of sequentially scrambled data, voice or video of a meaningless and incomprehensible data segment.

To avoid shelf life security concerns, SDNP encryption is dynamic and state-dependent. As shown in FIG. 4A, an unencrypted data packet including plain text 930 processed through encryption operation 1020 appears as an encrypted data packet including cipher text 1024 or 1025. In the case of ciphertext 1024, the entire data packet of plaintext 930 treats data segments 1A-1F as a single data file. In the case of ciphertext 1025, each data segment 1A-1F is individually and clearly encrypted and not merged with other data segments. The first data segment 1A is encrypted with a corresponding first cryptographic text data segment shown by a text string comprising a long text string or number not shown and starting with 7 $ for illustrative purposes. Similarly, second plaintext data segment 1B is encrypted with a second cipher ciphertext data segment comprising a long text string shown for illustrative purposes beginning with * ^. The texts 7 $ and * ^ signify the beginning of meaningless symbolic, numeric and alphanumeric text strings, and do not limit or impose anything on the data specified by the plaintext source or the length of the text string to be encrypted.

Encryption operation 1020 may use any algorithm, encryption, or encryption method available. While the algorithm may represent a static equation, in one embodiment the cryptographic operation is a cryptographic generator 1021 to generate dynamic variables such as time 920 or "state" and "E key" 1022 when encryption occurs. ) May be dependent on conditions such as the time 920 at which encryption was performed. For example, the date and time of encryption can be used as a numerical seed for generating an encryption key that cannot be regenerated even if an encryption algorithm is found. Time 920 or other “state” may be used to select a specified algorithm from a list of encryption algorithms 1023, which is a list of available encryption algorithms. In the data flow diagram, it is convenient to describe this packet encryption operation and sequence using a graphical or symbolic representation, as shown by the symbol shown for encryption operation 1026. Throughout the invention, padlock may also symbolically represent secure and encrypted data. A padlock with a clock face located on top of the padlock represents a secure delivery mechanism, for example an encrypted file, which, if not received within a specified interval or time, self-destructs and is lost forever.

The decryption operation shown in FIG. 4B illustrates the inverse function of encryption operation 1020, specifically decryption operation 1031, where a decryption key or “D-key” generated by D-key generator 1029 is used. Together, the state or time 920 and other states used to generate the ciphertext 1024 may be used to unencrypt the file, i.e., to create unencrypted data, including the original plaintext data packet 990. It is reused for decryption. Using the same state or time 920 that was used when the packet encryption first occurred, the same encryption operation selected from the encryption algorithm list 1023 can be used again in decryption operation 1031. Although cryptographic algorithm list 1023 refers to the term "encryption", the same algorithm table is used to identify and select the dysfunction necessary to perform "decryption", that is, cryptographic algorithm list 1023 is used to encrypt and decrypt data packets. Include the necessary information. Since both functions include the same steps performed in reverse order, table 1023 may be renamed to "encrypt / decrypt" algorithm table 1023. However, for the sake of clarity, the table is indicated only by the function and not labeled by the half function.

If the encryption algorithm selected to execute decryption operation 1031 does not match the inverse of the original algorithm used for packet encryption operation 1020, or if time or state 920 does not match the time at which encryption occurred, or D If the key 1030 does not have a predefined numeric relationship for the E-key 1022 used during encryption, the decryption operation 1031 does not recover the original unencrypted data 990, and also packet data. Will be lost. In the data flow diagram, it is convenient to depict this packet decryption operation and sequence using a schematic or symbolic representation, as shown by the symbol depicted for decryption operation 1032.

As already described herein, knowledge of the use of encryption and decryption keys in cryptography, and encryption of common cryptographic algorithms such as symmetric public key cryptography, RSA cryptography, and AES256 cryptography is common and in the art. It is well known to the skilled person. However, the application of this known encryption method in the described SDNP communication system is not easily affected by hacking or decryption because of hidden information, shared secrets, and time-dependent dynamic variables and states inherent in the described SDNP communication. .

Thus, even if cyber pirates have enough computer power to break strong encryption methods, they lack any information embedded in the SDNP network as private or shared secrets needed to perform decryption operations, and in a few seconds before encryption changes, You must crack the encryption. In addition, all data packets traversing the described SDNP network utilize different encryption methods with unique keys and dynamic states. The combination of missing information, dynamic state, and limited information content contained within a given packet results in meaningful data theft from any given data packet, both in the challenge and exclusion of cyber pirates.

The application of dynamic encryption and decryption of data packets in the SDNP network is described in US application Ser. No. 14 / 803,869 entitled "Secure Dynamic Communication Network and Protocol", above. The application of data packet cipher text in last mile communication will be described in more detail in this disclosure.

To reconstruct a coherent data sequence by intercepting an entire document, video stream or voice conversation, a cyber attack must continuously crack and decrypt thousands of consecutive SDNP packets instead of one. The daunting challenge of successive hacking of a series of SDNP packets is exacerbated by combining encryption and the already described method of scrambling the data packet. As shown in FIG. 5, generation of encrypted scrambled data packet 1024 converts the unscrambled plaintext data packet 990 into a scrambled plaintext data packet 1008 and then the ciphertext of the scrambled data packet. To convert to 1024, it comprises a successive combination of scrambling operation 926 and encryption operation 1026. To revert the encrypted scrambled package, unscramble operation 928 by first decrypting operation 1032 to recover the scrambled plain text data packet 1035 and then restoring the next unscrambled plain text data packet 990. The reverse function must be applied in reverse order.

As shown, scrambling and encryption represent complementary techniques in achieving secure communication. Unencrypted scrambled data that traverses the network is referred to as "plain text" because the actual data is present in the data packet, that is, the packet is not encrypted with cipher text. An encrypted data packet or ciphertext comprises a scrambled or unscrambled text string that has been converted into a meaningless series of absurd text using an encryption key, and cannot be restored to its original plain text form without a corresponding decryption key. Depending on the algorithm used, the encryption and decryption keys may comprise the same key or distinguishing key mathematically related by a predefined mathematical relationship. Scrambling and encryption thus represent complementary techniques in achieving secure communication in accordance with the invention described for SDNP communication.

The two methods, scrambling and encryption, independently, even when used in combination, except that the sequence used to recover the original data packet from the encrypted scrambled data packet must occur in the reverse order used to generate it. Can be considered For example, if data packet 990 is first scrambled using scrambling operation 926 and then encrypted using encryption operation 1026, encrypted scrambled data packet 1024 to restore the original data packet. ) Must first be decrypted using decryption operation 1032 and then unscrambled using scrambling operation 928. Mathematically, if scrambling operation F scrambles a series of bit strings or text strings into equivalent scrambled versions and unscramble operation F ^-1 cancels scrambling, then F ^-1 [F (A)] = A Similarly, if the encryption operation G encrypts the string of plain text with the equivalent ciphertext, and the decryption operation G ^-1 cancels the encryption, then G ^-1 [G (A)] = A, and then In combination, the successive operations of scrambling and then encryption and decryption and unscrambling restore to the unscrambled plaintext data packet, which is the original argument (A). Thus, F ⁻¹ {G ⁻¹ [G (F (A))]} = A, since the sequence occurs in reverse order, in particular [G ⁻¹ ] encrypted scrambled packet [G (F (A )] Decrypts the scrambled plaintext data packet F (A) Subsequent unscrambling operation [F (A)] of the scrambled plaintext packet F (A) restores the original data packet A. .

If the provided linear method is used, the sequence is reversible. For example, data packets are first encrypted and then scrambled.

If so, then to recover the original data packet, the scrambled ciphertext must first be unscrambled and decrypted. Thus G ^-1 {F ^-1 [F (G (A))]} = A.

Sequence changes do not work. If you decrypt a scrambled data packet that has been previously encrypted, decryption of the original data packet will not recover the original data packet, i.e. with F ^-1 {G ^-1 [F (G (A))]} ≠ A do.

Likewise, decryption of scrambled and then encrypted packets will also not recover the original data packet, since G ⁻¹ {F ⁻¹ [G (F (A))]} ≠ A.

In summary, if a plaintext packet is scrambled before being encrypted, it must be decrypted before being unscrambled, and if the plaintext packet is encrypted before being scrambled, it must be scrambled before being decrypted.

In one embodiment of the SDNP method according to the present invention, scrambling and encryption may be performed in any order, but encryption and decryption occurs more frequently than scrambling during network transmission, and thus is reversed as shown in FIG. Rather, encryption should occur only after scrambling and decryption occurs. For convenience, we defined the combination of packet scrambling operation 926 following encryption operation 1026 as scrambled packet encryption operation 1041 and vice versa, decryption operation 1032 following packet scrambling operation 928. ) Is defined as decrypted packet scrambling operation 1042. These fluidized operations can be used for static and dynamic SDNP communication in accordance with the present invention.

One means for improving security in any implementation using static scrambling encryption is to transmit each data transmitted, including the state, seed and / or key, at the time t ₁ each data packet enters the communication network. To ensure that packets are exposed to different scrambling and / or encryption methods.

However, when packets traverse the network on time, a more powerful alternative is to dynamically change the encryption or scrambling of the data packets, or both. To facilitate the required data processing to implement a fully dynamic version of SDNP communication, as it passes through each communication node in a packet-switched communication network, each packet is "rescrambled" (ie, decrypted and scrambled) and encrypted. (I.e. decryption and then encryption) it is necessary to combine the previously defined processes. As used herein, the term "repacketing" or "repacketing" sometimes refers to a combination of "rescrambling" and "re-encryption" depending on whether it is decrypted first before being unscrambled or unscrambled before being decrypted. Will be used. In either case, unscrambling and decryption operations at a given node must be performed in the reverse order of scrambling and encryption operations when the packet leaves the previous node, i.e. if the packet is scrambled at the previous node and then encrypted, at the current node It must be decrypted first and then unscrambled. Typically, packets will be scrambled when they leave the current node and then encrypted.

The " repacket " operation at the communication node is shown in FIG. 6, where the incoming ciphertext data packet 1040 is first decrypted by decryption operation 1032 and then unscrambled by unscrambled operation 928. Unscrambled by unscramble operation 928 to recover the scrambled plaintext data packet 990 that contains the contents of the original packet. If any information in the packet must be inspected, parsed, split, or redirected, the unscrambled plaintext file is the most suitable format for performing this operation. The plaintext data packet 990 is then scrambled again using the scrambling operation 926 followed by the new encryption performed by the encryption operation 1026 to generate a new scrambled ciphertext data packet 1043. . Since the repacket operation of the incoming scrambled ciphertext data packet 1040 occurs continuously by decryption, unscrambled, scrambling, and encryption, the abbreviation DUSE repacket operation 1045 represents the techniques described herein in accordance with the present invention. Is used here. In a dynamic secure network, the state or time used to perform the decryption operation 1032 and the unscramble operation 928, the decryption key and any seeds are preferably used to execute the scrambling operation 926 and the encryption operation. It is different from time, seed or encryption key.

Packet Mixing and Splitting —Another key element of the secure dynamic communication networks and protocols described herein is the splitting of data packets into sub-packets, deriving these sub-packets into multiple paths, and sub-packets. Its ability to mix and recombine to form a complete data packet. The process of packet segmentation is shown in FIG. 7A, where data packet 1054 is combined with an algorithm parsing operation 1052 and a junk operation 1053 having the ability to insert or remove non-data “junk” data segments. Partitioning is performed using the partitioning operation 1051. Similar to the junk DNA present in the human genome, junk data segments are inserted by junk operation 1053 to extend or control the length of the data packets, or remove them as needed. Junk operation 1053 is particularly important when there is an inappropriate amount of data to fill a packet. The presence of junk data segments embedded in data packets makes it difficult for cyber pirates to distinguish real data from noise. As used herein, a "junk" packet or data segment is a packet or data segment consisting of completely meaningless data (bits). These junk bits can be introduced in a stream of data packets that embarrass real data in a sea of meaningless bits.

The purpose of parsing operation 1052 is to destroy the data packet 1054 into smaller data packets, eg, data sub-packets 1055 and 1056, to process each component. Dividing the data packet 1054 into smaller fragments is unique to the configuration sub-packet, such as supporting multipath transmission, i.e., transmitting the data packet over multiple and different paths, and using different encryption methods. It offers unique advantages, such as promoting encryption.

The partitioning operation can use any algorithm, numeric method or parsing method. The algorithm may represent a static equation or may be dynamic, such as the time 920 when the incoming input data packet 1054 was first formed by many sub-packets and the numeric seed 929 generated by the seed generator 921. Variable or numeric seed or " state ", which may also depend on a state such as time 920 in the generation of a data packet. For example, if each date is monotonically converted to a unique number in ascending order, then all seeds 929 are unique. Time 920 and seed 929 may be used to identify a list of available methods, a designated algorithm selected from algorithm 1050. Packet segmentation or non-mixing involves the procedure of mixing, using the same algorithm executed in precise inverse sequential use correctly to generate the specified packets. Ultimately all the actions used are canceled, but not necessarily in one step. For example, scrambled encrypted data packets may be decrypted but remain scrambled. When processed by the segmentation operation 1051, the undivided incoming data packet 1054 is converted into multiple data packets, for example, of fixed length using the parsing operation 1052 to perform the operation algorithmically. Split packets 1055 and 1056. In the data flow diagram, such packet segmentation operations include parsing 1052 and junk operations 1053 using a graphical or symbolic representation, as shown here by the symbol depicted for segmentation operation 1057. It is convenient to describe 1051.

Thus, as used herein, the term "split" includes parsing, which refers to the separation of a packet into two or more packets or sub-packets, which also junk the resulting "parsed" packet. Insertion of a packet or sub-packet or deletion of a junk packet or sub-packet may be included in the resulting "parsed" packet.

The dysfunctional, packet-mixing operation 1060 shown in FIG. 7B combines multiple packets 1055, 1056 together to form a mixed packet 1054. Like packet segmentation, packet blending operations may use any algorithm, numerical method, or blending method. The algorithm may represent a static equation or may include a dynamic variable or numerical seed or "state" such as time 920 used to specify conditions when incoming data packets 1055 and 1056 are mixed. . The blending operation used to generate the data packet may utilize the numerical seed 929 generated by the seed generator 921, which may depend on a state such as time 920. Time 920 and seed 929 may be generated from a list of available mixing methods, namely mixing algorithm 1050. In the data flow diagram, it is convenient to describe this packet blending operation using a coarse or symbolic representation, as shown here by the symbol depicted for the blending operation 1061.

In accordance with the present invention, packet mixing and partitioning may use any of a number of possible algorithms. 8 illustrates three of a number of possible mixing methods, including concatenation, interleaving, or algorithmic methods. Upon connection, the data segment sequence of data packet 1056 is added at the end of data packet 1055 to produce mixed packet 1054. In interleaving, the data segments of data packets 1055 and 1056 are alternatingly shaped, i.e., coupled to 1A, 2A, 1B, 2B, and the like, forming mixed data packet 1065. Another method used for packet mixing includes algorithms. In the example shown, the algorithm comprising interleaved reflection symmetry intersects the data segments in the order of 1A, 2A, 1B, 2B, 1C, 2C in the first half of the mixed packet 1066, and in the reverse order in the second half, That is, they cross in the order of 2D, 1D, 2E, 1E, 2F, and 1F.

The application of data packet mixing and splitting in the SDNP network is described in the above-mentioned US application Ser. No. 14 / 803,869 entitled "Secure Dynamic Communication Network and Protocol." FIG. 9A schematically illustrates the SDNP functional element, including the function and its corresponding reverse action, ie the reverse function as well as the dynamic components of the corresponding function, ie the state or time of each function when executed on a data packet. The SDNP function may include a scrambling operation including scrambling 926 and its counterfeit packet unscrambling 928; Encryption operations, including encryption 1026 and decryption 1032, with fragmentation operations including partitioning 1057 and its dysfunctional mixture 1061, and deception operations including junk insertion 1053 and junk removal 1053B. It includes. All these actions occur specifically in terms of time or state variable 920.

Applying data packets and fragmentation, together with scrambling, unscramble, encrypt, decrypt, and deception in last mile communications collectively includes SDNP last mile security operations. This SDNP last mile security operation is "oriented", meaning that the operation performed for and for all outgoing data packets is different than the operation performed on incoming data packets.

SDNP last mile security operations are also symmetrical and reversible over the last mile, which is performed on outbound data packets within the client's device when using local secret billing credentials such as keys, seeds, and shared secrets specific to a particular last mile. It is meant that the operation is returned to its original state at the SDNP gateway, generally by performing a reverse function, i.e. performing a mathematical inverse, or by any functional operation originally performed by the client's device but in the opposite sequence. Thus, the SDNP gateway can restore the original content in preparation for routing through the SDNP cloud. Similarly, SDNP last mile security operations performed at the client device are performed by the SDNP gateway by performing the reverse function of the reverse sequence to introduce data packets into the client's device using zone-specific security credentials for the last mile. Undo each security action that is taken. In this way, the client device can recover the original data in all incoming data packets.

SDNP last mile security operations are dynamic and local, i.e. zone-specific, to determine which parameters were used when a data packet was prepared and what areas, geographic locations, or locales are specific to a particular last mile, Use state-dependent conditions: location, time, etc. By being localized, data packet preparation carried out in different regions and on different last mile connections never has the same coding or uses the same security credentials. In addition, these last mile secure credit credentials are always different from those used in the SDNP cloud. In addition, dynamically, the state used to generate the data packet is constantly changing, further confusing the actual security process implemented in each data packet and not making the two data packets similar.

By the unique combinatorial application of directional symmetrically reversible dynamic localized security operations specified for each last mile communication, the algorithmic application of dynamic scrambling, dynamic fragmentation, dynamic deception, and dynamic encryption made in the present invention, Ensures secure communication that cannot be achieved with the use of simple static encryption methods. Comprehensive application of a dynamic method that is valid for a duration of just a few tens of milliseconds makes the interpretation almost impossible, and does not give the hacker the time to decrypt or interpret the data packet before another arrival. Indeed, SDNP last mile security operations may be performed using software, firmware, hardware, dedicated security ICs, or any combination thereof.

Although a maze of combinatorial sequences is possible, one example of SDNP last mile security operations, particularly for serial SDNP payloads used in single-path last mile communication, is shown in FIG. 9B, where the client's device is Communicate with a single SDNP gateway. Such a process includes two directional operating sequences, one for the outgoing data packet and the other for the incoming data packet. In the case of an outgoing data packet, shown in the upper half of the figure, the "transmitted data" is first scrambled using the packet-scramble operation 926, followed by deception by insertion of junk data 1053A. In some cases, the entire packet may contain junk data as a whole, which may further confuse data mining attempts by hackers.

These packets are then split into multiple fragments by splitting operation 1057 using parsing operation 1052 and sent separately to encryption operation 1026. Each fragment is then encrypted using a common or distinct encryption key, and the resulting cipher text is arranged into a serial SDNP payload, shown as data packet 1199A. Then, in preparation for communication on the last link and last mile, the packet is formatted as an IP data packet, ie, "IP packet ready". All actions performed are dynamic and occur at a specific time and in a specific state 920A during execution of the secure process.

In the case of the incoming data packet shown in the lower half of the figure, the incoming data from the last link, which includes the serial SDNP payload 1199B, ie from "IP packet recognition", is first decoded to restore the actual data stream. By operation 1032 and subsequent blending operation 1061, it is decoded in whole or in pieces. Then, in order to recover the "receive data", the data packet is back-joined, that is, the junk data is removed from the data packet, using the reverse junk operation 1053B and the subsequent packet unscramble operation 928. All operations performed on incoming data packets utilize state 920B, which the SDNP gateway uses when generating the data packet, i.e., includes information about a specific time at the birth of the packet or having a particular state 920B. shall. Such state information may be sent by the signaling server via different communications, or may be carried in the incoming data packet as plain text or alternatively as a static ciphertext, ie as a ciphertext with a decryption key already known by the SDNP last mile security operation. Can be. However, details regarding state 920B may not be decrypted using a key that requires state information contained within state 920B, or the code may not be able to open and use its own security credentials.

Another example of SDNP last mile security operation, especially for serial SDNP payloads used in multi-path last mile communication, is shown in FIG. 9C, where the client's device communicates with multiple SDNP gateways. Like its single path counterpart described above, such a process includes two directional operating sequences, one for the outgoing data packet and the other for the ingress data packet. In the case of an outgoing data packet, shown in the upper half of the figure, the "transmitted data" is first scrambled using the packet-scramble operation 926, followed by deception by insertion of junk data 1053C. In some cases, the entire packet may contain junk data as a whole, which may further confuse data attempts by hackers.

These packets are then split into multiple sub-packets by splitting operation 1057 using parsing operation 1052 and transmitted separately to encryption operation 1026. Each fragment is then encrypted using a common or distinct encryption key, and the resulting cipher text is arranged into multiple SDNP payloads shown as data packets 1199C, 1199D, and 1199E. Then, in preparation for communication on the last link and last mile, the packet is formatted as separate and separated IP data packets, i. E. "IP packet ready". All actions performed are dynamic and occur at a specific time and in a specific state 920C during execution of the secure process.

In the case of the incoming data packet shown in the lower half of the figure, the incoming data from the last link comprising parallel SDNP payloads 1199F, 1199G, and 1199H, i. Decryption operation 1032 and subsequent blending operation 1061 are decrypted in a fragmented manner in order to recover. Then, in order to recover the "receive data", the data packet is back-joined, i.e., the junk data is removed from the data packet, using the reverse junk operation 1053D and the subsequent packet unscramble operation 928. All operations performed on incoming data packets utilize state 920D, which the SDNP gateway uses when generating the data packet, i.e., includes information about a specific time at the birth of the packet or having a particular state 920D. shall. Such state information may be sent by the signaling server via different communications, or may be carried in the incoming data packet as plain text or alternatively as a static ciphertext, ie as a ciphertext with a decryption key already known by the SDNP last mile security operation. Can be.

SDNP last mile security operations do not need to use the same algorithm or method on both entry and exit data packets. As illustrated in FIG. 9D, the departure data data packet uses SDNP last mile security operation 1190A, while the entry data packet uses SDNP last mile security operation 1190B. Referring to the upper half of the figure, the outgoing data packet may involve data representing any combination of real-time data sources from the transducer or sensor, or may comprise a file created prior to communication. For example, the sound 1198A converted by the microphone 1180 into an electrical signal and the video signal from the camera 1181 are converted into an equivalent digital format by the audio video codec 1182A. The generated format generally includes standards such as png, pic, mpeg, mov, etc. that can be interpreted and interoperable with standard devices according to OSI layer 6, which is the presentation layer. Using a standard audio video format avoids the need to pass proprietary code to open the file between the source and destination addresses.

The digital output of the audio video codec 1182A is then mixed with the text data from the virtual keyboard 1183 (the keypad realized on the touch screen) and the data file 1179A, using the content mixer 1184. . This mixer, in turn, sends the data file to SDNP Last Mile Security Operation 1190A and provides SDNP header information to IP Packet Preparation Operation 1191A to identify and label real-time data packets from the static file. The SDNP last mile security operation 1190A then forwards the secure data packet to the IP packet preparation operation 1191A, which then, according to the routing instructions received by the SDNP signaling server 1603, IP the SDNP payload. Embed it into a data packet. The data packet may be distributed into multiple IP packets for multi-path last mile communication, or may be concatenated into a serial data string and embedded and fitted into one or more serial data packets for single path last mile communication. This packet is then forwarded to client PHY operation 1192A to add layer 1 and layer 2 data to complete the IP data packet.

In the reverse operation shown in the lower half of the figure, the entry data from the last link received by the client PHY 1192B is passed to the IP packet recognition operation 1191B, which sends the entry data as a valid message or unknown and possible. Identifies as a malicious data packet. The valid message is identified using the SDNP tag, seed, key, and other identifier, previously communicated by the signaling server 1603 to the client device and to the IP packet recognition operation 1191B.

In accordance with the personification, IP packet recognition operation 1191B expects and even expects valid incoming data packets. Unforeseen data packets that do not have the proper identification are discarded and are never opened or processed further. In this way, a hacker cannot disguise itself and cannot send valid data to any SDNP node without first registering its identity with the SDNP cloud.

IP packet recognition operation 1191B passes valid data packets to SDNP last mile security operation 1190B, which in turn includes the serial content of the data packet-a serially arranged mix of video, audio, text, and data files. Perform all necessary actions to reconstruct the data. Content demultiplexing 1193 is followed by a demultiplexer that undoes the blending operation used in data packet generation, for example sorting serial data files generated by a mixer operation 1184 performed on another caller's phone. Used to separate different file types. The output of the content demultiplexing 1193 includes the text displayed in the messenger window 1196, the data file 1179A, and the real-time data sent to the audio video codec 1182B. The audio video codec 1182B converts the digital presentation layer data into a live video image 1195, or through a speaker 1194 to sound 1198B.

For last mile data transmission, the data must be embedded or wrapped in the multi-overlapping arrangement shown in FIG. 9E, similar to the nested doll model of the Russian tradition described above. Thus, the SDNP payload 438 represents the transport payload 437, which includes the IP payload 435 along with the transport header 436. The combination of IP payload 435 and IP header 434 represents an IP datagram, which is equivalent to MAC payload 432. Wrapping the MAC payload 432 within the MAC header 431 and the Mac footer 433 results in a MAC "frame," such frame as an electrical signal, light, radio wave, or microwave. Equivalent to physical layer 490, also known as PHY Layer 1 content, including physical media.

In SDNP routing, MAC header 431 within Layer 2 describes the MAC connection for the last link, ie, the connection between the client device and the first device in the last mile link. By using the source and destination addresses of the client device and the SDNP gateway, the header 434 in Layer 3 specifies the end point of routing over the last mile. However, since the last mile is not part of the SDNP cloud, the exact path taken by the data packet over the last mile cannot be explicitly described or controlled. In SDNP last mile communication, the transport header 436 in Layer 4 is used for the SDNP real-time payload, and also dynamically changes to prevent the ad hoc assigned SDNP port address-port query cyber-attack strategy used in each packet. Specifies the address to be addressed.

The SDNP payload 438, which is the payload of the last mile IP packet, is the SDNP, which is the serial string of the SDNP preamble 1 198, which includes the zone information, key, and seed, and the multiple segments of the independently encrypted cipher text. Data field 1199A. Decrypted forms of ciphertext include plain text files 1197A, 1997B, and 1197C, each of which has its own specific SDNP header, and corresponding data file data 91, data 92, and data 93. Each). Individual sub-headers include information with tags, home, address, urgency, and QoS data as applicable.

The role of the SDNP preamble and header depends on the command and control method used. In three-party last mile communication, the signaling server instructs the client device and the SDNP gateway or gateways how to communicate with each other for a call, to send a file, or to open a session. Thus, the indication is communicated to both devices using command and control data packets with TCP transmissions before transmitting any media data packets. Thus, the minimum data required for last mile communication between the client and the SDNP gateway is a tag or address used to identify the incoming packet. In some cases, for example, where the signaling server cannot be reached, in an alternative embodiment, the SDNP data packet may carry additional data within its preamble and packet header.

The data packet and the attached table 1177 shown in FIG. 9F illustrate one exemplary format used to carry SDNP information within the SDNP payload 438. The data packet includes one to eight data field headers 1178X having an SDNP preamble 1 198 and its corresponding data field "Data X Field". Each data field, such as a "data 1 field", "data 2 field", etc., is preceded by a corresponding header (Hdr 1, Hdr 2, etc.) and includes a voice, text, video, photo, movie, file, etc. Accompany the content. The number of data fields may vary between 1 and 8 as determined by 4b length field #, ie, binary 0001 to binary 1111. The lengths of the SDNP preamble 1148 and SDNP payload 438 are affected by the field # specification. If only one field is selected, that is, if field # = 0001 binary, the SDNP preamble 1198 will only contain L Fid 1 (L Fid 2 through L Fid 8 will be removed), and the SDNP payload ( 438 will only include the Hdr 1 and data 1 fields. If the maximum value of eight fields is selected, i.e., field # = 1111 binary, the SDNP preamble 1198 will contain eight length specifications (L field 1 to L field 8) and the SDNP payload 438 , Hdr 1, Data 1 field, Hdr 2, Data 2 field, ... Hdr 8, Data 8 field, will contain eight data fields and headers. As shown, the SDNP preamble 1 198 includes field length specifications (L Fid 1, L Fid 2 and L Fid 8). A small gap between L Fid 2 and L Fid 8 means to indicate sequence continuity and does not represent a gap in the data.

The length of each data field specified by L Fid X may vary from 0 or 0B (no data field) to a maximum hexadecimal length of FFFF or 65,535B. For practical reasons relating to compatibility with Ethernet, the maximum data packet length for any one field is preferably limited to 1500B or hexadecimal 05DC, and the total length of all data fields is based on a jumbo packet size of 9000B or hexadecimal 2328. It should not exceed. The specified length of each data field can be changed independently. For example, a field length of 0, L Fid 8 = 0000 hexadecimal, results in the removal of the corresponding data 8 field, but does not remove the corresponding header (Hdr 8). The header is only removed by the field # specification.

According to this SDNP protocol, the assignment of content across various data fields is very flexible. Data directed to a single destination may be included in a single data field or may be split into multiple data fields for deception purposes and merged with junk data. The size of the data field may vary independently. A data field containing only junk data may also be included, or alternatively an entire data packet containing only junk data may be generated. However, for efficient packet routing, data that targets different destinations must be partitioned into separate data fields, each data field having its own specific header.

The SDNP packet format can be applied for end-to-end transmission across the entire SDNP network, including across multiple clouds and zones, such as in SDNP cloud or last mile communications. Although the content of the SDNP data packet changes as it traverses the network, the SDNP packet format remains unchanged. Because this format includes minimal data overhead, the SDNP data packet format can be equally applied for large payloads or for time critical real time communication. The packet format is a cloud exiting the SDNP gateway for bidirectional data flow, i.e. for data flow from the last mile to the SDNP gateway and across the SDNP cloud, or vice versa, for transmission to the destination client device over the last mile. It can be applied to deliver the data packet generated from.

In operation, the direction of SDNP data routing is determined by the network layer 3 source and destination address described in the IP header 434 of FIG. 9E. At the time the media node prepares a packet to send the next media node on its path, each packet is loaded with its source and destination addresses and in tri-channel communication, the SDNP or IP address of the packet's destination is the outgoing packet. Command and control (C & C) packets are delivered from the signaling server to the media node prior to preparation. In general, the signaling server may send C & C indications to all nodes in the communication path, including both transmitting (caller) and destination (caller) devices. If only single channel communication is available, for example on a link with a long propagation delay, the signaling server may not warn in advance what to do with the media node of the incoming packet or something like that. In such case, the routing address is involved in the incoming data packet in the SDNP payload 438. In such a case, the media server follows the default instructions as to how to process the entry packet using the data fields contained in the entry SDNP packet including the routing and status information as well as the secure credit credentials.

Payload 438 is comprised of two parts: a readable portion that includes preamble 1198 and a non-readable portion 1199a that contains data in “hidden form”. The content of such packets may use any number of concealment techniques to conceal the content, such as encryption, scrambling, and possible junk data inclusion. The concealment method must be returned to its original state in order to extract useful content 1197a, 1997b and 1197c. This packet contains the destination address of a future outgoing packet. The address only exists in unhidden or decrypted form for only a short moment before the next packet can be prepared and encrypted.

As described, the SDNP preamble 1 198 includes information related to the entire packet. In addition to the data field specifications, FIG. 9F shows the SDNP preamble 1 198 which also includes the SDNP zone where the SDNP packet was generated, eg, zone U1, two numeric seeds, and two keys. Such keys and seeds can be used as zone specific security credentials in scrambling / unscrambling, junk insertion / removal, mixing / split, and encryption / decryption processes. The device of the client from a network of signaling servers, command and control computers, which may be used as an exclusive means for the transfer of secure credit credentials required for opening and reading data fields, or not included in the accompanying communication content in a media packet. And command and control packets sent to the SDNP gateway.

Seeds and keys can be securely delivered publicly, ie in a non-encrypted form, because the data does not have the information necessary for its use-they only contain part of the secure credit proof. Lost fragments, other parts of a secure credential, may have already been sent in another data packet or may include a shared secret, lookup table, and code of an algorithm that is not transmitted over the network and is not part of the message. The encryption key can be a symmetric key, where both the sender and the receiver can hold the key, or can hold the public key, in which case the public, including the sender, can access the encryption key but only the receiver, ie Only the party generating the encryption key holds the decryption key. In addition, all security credentials are limited to a specific security zone, for example U1, dynamic, and limited to a specific time or state that expires if not used within a certain time. For example, because the signaling server independently instructs SDNP devices involved in security operations, if the seed and key data fields are not used as secure credit credentials, these fields are populated with numeric values that appear incorrectly as cryptographic keys, resulting in cyber-attackers. Can mislead you to waste time analyzing the mandatory security key.

In last mile communication, the intermediate router between the client's device and the SDNP gateway does not process, interpret, or open the transmitted data packets, as they are not part of the SDNP network and can query or interpret SDNP packet data contained therein. Because you do not have the ability. Instead, all security operations are performed exclusively at two end points, SDNP Client and SDNP Gateway, because only these devices act as SDNP communication nodes. Because each end point dynamically executes the SDNP protocol, last mile communication is hyper-secure over the last last mile. If the other calling party also runs the SDNP software, the last mile of the second party is also secured by the SDNP method described above, and hyper-secure communication is “end-to-end” —from one caller to another. Now-guaranteed.

However, if the end device is not an SDNP client, the router closest to the caller, i.e., the last link router, may be enabled with SDNP firmware, and the last link may be connected to the SDNP enabled router even if it is not SDNP enabled. It can be reasonably secured from the special functions performed by it. This alternative last link security method is described in more detail in subsequent sections of this disclosure and will not be described in more detail in this section. The described method can be applied to last link communication security, but is not sufficient to protect other parts of the last mile.

Referring again to FIG. 9F, each and every SDNP data field is accompanied by an SDNP data field header 1178X that contains information specifically applicable to the associated data field but not useful for other data fields. Specifically, in the disclosed embodiment, each header is a destination zone, which is used to identify a particular data field and its destination, a forward zone from one zone to another zone, what kind of data is included in the associated data field. It includes data type fields that describe the urgency and delivery information, as well as the field areas used to carry the information. As shown, each SDNP data payload 438 includes an SDNP preamble 1119, and one or more SDNP data field headers 1178X and corresponding data x fields, where x is the size and urgency of the payload. Describe the number of separate payloads that may range from 5 to 50 depending on gender.

Although the signaling server can supply most of the descriptive information to the SDNP client and the SDNP gateway, one basic component that is necessarily accompanied by the last mile data packet is the "address field" or tag needed to identify the data packet. The field, referred to as the destination address of the SDNP payload (abbreviated as "Dest Addr" in the figure), may include any specific identifier sufficient to distinguish the identity of one data field from another. The purpose is similar to the function of a barcode used to tag and track bags or boxes shipped by a carrier at an airport. The address type may include, for example, numeric tags, SDNP collections, IPv4 or IPv6 addresses, NAT addresses, or even POTS canonical telephone numbers as long as the identifiers are specific enough to prevent collisions in the identification of data packets. have. The size of the destination address field depends on the type of address type selected.

In order to maintain packet anonymity during routing, it may be desirable to use a secret code, such as the SDNP Zip Code, as the SDNP destination address instead of the actual telephone number or IP address. In operation, each time a data packet from an SDNP client reaches the SDNP gateway, the SDNP payload is decrypted and then each data field header is checked for an identification destination address. Before the data header can be examined, the data packet must be decrypted or processed to undo the concealment method used in the generation of the packet. In the case of dual-channel or triple-channel communication, as shown in FIG. 9G, the signaling server 1603 informs the SDNP gateway in advance of the planned arrival of the data packet and its corresponding identification marking and security credit proof. Thus, when the SDNP gateway receives a data packet 438A containing last mile communication sent from the SDNP client, the gateway converts the SDNP payload from the female packet into plain text data packet 438B in order to convert the SDNP last. Perform mile security operations 1190D. The secure operation describes the processing of modifying the outgoing data packet to conceal the content and process and modifying the incoming data packet to reveal the content.

Specifically, security operations performed on incoming data packets may include decryption to undo encryption, unscramble to undo scrambling, reverse junk to remove junk insertion, and partition to undo. It is used to restore its contents by undoing the concealment action performed prior to the transfer, including mixing to turn it back. This process is carried out in accordance with the state and zone of such data packet when the data packet is generated. In an outgoing data packet, security operations include concealing the contents of the data packet prior to transmission by performing encryption, scrambling, junk insertion, and packet segmentation according to state and zone when the data packet is generated. The unencrypted seed and key data fields in data packet 438A can be ignored or optionally used with signaling server information to decrypt the cipher text. The resulting operation reveals data field 1 and its associated data field header, denoted Hdr 1, including the destination address, data type, urgency and delivery information of the data field. In such case, the destination address is not a routing address but merely an SDNP home, ie the tag used to identify the packet is part of a particular conversation.

If a particular data field is found to contain an identified destination address, eg, an SDNP Zip Code, that matches the indication from the signaling server 1603, the data field is extracted and optionally modified by the mixer 1184Z. It is mixed with the relevant content and then rewrapped into a new IP or SDNP datagram by the SDNP packet preparation operation 1191Z for delivery to the destination. The new data packet destined for the cloud includes an SDNP header 434Z, which contains the destination and data content of the new packet, which is the SDNP payload 435Z. The destination supplied to the gateway media node by the signaling server 1603 as an IP address or SDNP address may include another SDNP server acting as an SDNP cloud node, or may include last mile communication to other SDNP clients. In the case of such a three-channel communication, the destination address is not a real address but a means for identifying a packet, where the next destination is already known by the SDNP gateway. If the destination of the packet is for SDNP cloud routing, the data packet is processed by the SDNP client security operation 1190Z according to the Z1 security credential for the cloud, not the U1 credential used for the last mile.

In single channel communication, as shown in FIG. 9H, the signaling server cannot advertise the SDNP gateway prior to the impending arrival of the data packet and its data field, which may include (i) no signaling server operating in the local network, or (ii) ) The signaling server is temporarily offline, or (iii) the signaling server is too busy and cannot route packets in time preferentially. In such a case, the data packet 438A from the SDNP client is needed to decrypt the data packet using the SDNP last mile security operation 1190D, which converts the ciphertext data packet 438A into a plain text data packet 438B. It must be accompanied by a secure credit proof zone (U1), seed 1, seed 2, key 1 and key 2. The standard SDNP data packet format stores these data fields even if the contents of the fields are not required by the particular media node. For example, if the particular concealment process used to generate the data packet does not use the Key 2 field, then the data in that field is meaningless and not used by the destination node. Nevertheless, the data packet preserves the same number of bytes for used or unused fields, so that all SDNP data packets are in a homogeneous format. Once decrypted in the data packet 438A, the SDNP gateway extracts the contents of the data packet data 1 field and its associated Hdr 1 field header 1178D from the plain text data packet 438B. From this data packet, the IP packet recognition process 1191D has two reasons: first to confirm whether an incoming packet is expected in a three-channel communication, and second to generate a new SDNP address. Combine the data fields for type A and destination address from Hdr 1. This new SDNP address is combined with the D type, urgency and forwarding fields and processed by the SDNP packet preparation operation 1191Z to generate the SDNP header 434Z in the outgoing data packet. The content of the Data 1 field is also extracted from the ingress plaintext data packet 438B, and the content is optionally mixed (1184Z) with other outbound content to generate the outbound SDNP payload 435Z. The packet is then processed by SDNP cloud security 1190Z in preparation for forwarding. In this way, the address field performs a number of functions to identify incoming data packets and to provide forwarding addresses when necessary.

If the media node has received a data packet without first receiving an indication from the signaling server, the media node will return to the default indication of how to process the incoming data packet and how to prepare the outgoing data packet. If the media node does not hold any indication as to how to handle an unpublished entry packet, the data packet will be discarded. If the media node is enabled with an indication as to how to process a gourmet packet, the media node will first verify that the packet is a valid SDNP packet according to the security credential, and process it accordingly. However, if the sender cannot be identified, for example if the encryption code, seed, or source address is invalid, the packet will be discarded as forgery.

Referring again to FIG. 9F, a packet field labeled "field zone" describes whether the zone in which a particular field was created, i.e., whether past encryption or scrambling has been carried out, for example with U1 or U2 zone settings. In the case of nested security protocols or other nested concealment methods, unscrambling, decrypting, or undoing the concealment of data packets requires additional information, such as a key, seed, time or state, in which case Packet fields labeled "Field Other" may be used to carry field-specific information. In general, this field is not used except in nested security protocols, for example, where an encrypted data field is subsequently scrambled or second encrypted. Care should be taken when using nested security methods in order to perform data restoration in the exact opposite order of data packet preparation, or else content will be lost forever.

Packet fields marked “data type”, when used, do not require real-time communication from data packets containing time sensitive information such as voice and live video, context-specific routing, distinct data, pre- Facilitates recorded data, text, and computer files, ie, distinguishes real-time routing from non-real-time data. Data types include voice, text, real time video, data, software, and the like.

Packet fields labeled “urgent” and “delivery” are used together to determine how to optimally route data in a particular data field. Urgency includes snail, normal, priority, and urgent classifications. Delivery includes various QoS markers for general, duplicate, ad hoc, and VIP classification. In one embodiment of the invention, the binary size of the various data as shown in table 1177 is selected to minimize the required communication bandwidth. For example, the data fields as shown can range from 0 to 200B, whereby eight data fields of 200B per data field mean that the SDNP packet can carry 1,600B of data.

9G and 9H both show the case where a client device transmits a data packet to the gateway node via last mile in zone U1. The gateway node then processes the incoming data packet using the Zone U1 security credential to undo the last mile security and the concealment method used. The gateway node then mixes the content of the packet with the content of other packets in the mixing process 1184Z to generate new packets (or packets) for transmission over the SDNP cloud using the secure credit credentials of the zone Z1. Can be.

A similar process is used when the SDNP gateway receives a data packet from the cloud and sends the data packet to the client device, for example from the SDNP cloud for the client's phone (caller). As shown in FIG. 91, the dual-channel or triple-channel signaling server 2603 notified the SDNP gateway in advance of the planned arrival of data packets coming from the cloud and their corresponding identification markings and security credentials. Therefore, when the SDNP gateway receives the data packet 2438A from the SDNP cloud, the gateway performs the SDNP cloud security operation 2190D to convert the SDNP payload from the ammontext into a plain text data packet 2438B. do. The unencrypted seed and key data fields in data packet 2438 A may be ignored or optionally used with signaling server information to decrypt the cipher text. The use of the data field depends on the algorithm used in concealing the payload of the packet. For example, if encryption is not used, the key containing the encryption key is ignored.

The resulting operation extracts a large number of data fields. Subsequent operations split this data field in content-dividing operation 2184Z, using recognition operation 2191D to extract specific content including its associated data field header 2117D, denoted as data field 1 and Hdr 1. . The header Hdr 1 contains the destination address, data type, urgency, and delivery information of the data field. The extracted data field is then rewrapped into a new IP or SDNP datagram by SDNP packet preparation operation 1191Z for delivery to the next destination. The new data packet destined for the cloud includes an SDNP header 2434Z, which contains the destination (the IP address corresponding to the person's phone number) and the data content of the new packet, which is the SDNP payload 2435Z. The outgoing packet is then processed by the SDNP last mile security operation 2190Z, in accordance with the U1 security credential for the last mile, rather than the Z1 credential used in the cloud.

If the signaling server is not available, i.e. in single-channel communication, the media node must process the incoming data packet using the previously delivered indication as the default indication. In such a situation, the incoming data packet is checked against the criteria necessary to confirm that the transmitter is a valid SDNP client (such as the SDNP Zip Code or Authentication Code previously delivered as a predetermined shared secret). If the packet is determined to be valid, the packet is processed according to the default indication. Otherwise, the packet is discarded.

The foregoing method is illustrative and is not intended to limit the processing and routing of data packets to specific data packet formats.

Security and Privacy in Communications

An important consideration in last mile communication is the ability of the network to support both secure and private communications. Although privacy and security are often associated, they are not the same. Security, such as the term used in communication, is considered "control to prevent unauthorized access to communicate data in a recognizable form." However, security does not include the case where an individual or authority has the authority to access or monitor a communication.

Privacy is defined as "a condition or condition that is not observed or disturbed by the moon and free from public attention." The legal term for privacy is defined as the individual's right to control access to his or her information.

In telecommunications, an individual's privacy rights in voice calls, video, text, email, personal messaging, etc. vary greatly from country to country. The role of following applicable government regulations for providing legally valid access to communications is described in subsequent sections. In addition, the ideal network and communication system must be able to prevent hacking of the communication, i.e. it must be absolutely secure, and be able to ensure that all communication is restricted to those who have the right to know, i.e. private.

When evaluating the privacy and security capabilities of a network, the last mile of the network and its connected devices should be carefully considered. According to the security credentials used to establish the information access privilege, the last mile and its connecting device frequently determine the security and privacy of the network, ie the last mile represents the weakest link. Four possible combinations of communication networks should be considered:

* Secure and private network. From an individual's point of view, this represents an ideal network performance that ensures both security of information and privacy for the individual. In this extreme, a true secure private network is not allowed for any individual, information, authority, or company to be stolen from meaningful communication, and for personal behavior, behavior, contact and colleagues, their personal preferences and activities, etc. This means that private data cannot be obtained. Although privacy claims view an ideal secure private network as the gold standard in secret communications, governments, security agencies, and companies see absolute autonomy in communications as a problem, and individuals commit themselves with absolute security and immunity. To be involved in activities and terrorism.

* Unsecured network lacking privacy. Networks that are not secure and do not have privacy regulations (eg, Internet OTT carriers today) represent a significant risk to individuals, groups, clubs, companies or governments using communication channels. Since cyber-hackers have easy access to calls and data, any malicious party can use this information for any purpose they choose. In the case of real jokers and spammers, unsecured communication channels can be ordered to cause confusion, to flood the network with spam, to initially reject service attacks, and to create harmful adverse effects. In the case of ideological believers, policy activists, and religious cults, unsecured communications can be used to leak sensitive information that can lead to policy change, distrust of government officials, mob- ing, or even overthrow of government (e.g. See the historical novel "The Fifth Estate" (DreamWorks © 2013), such as the Wikileaks exposure of hundreds of thousands of sensitive government documents that caused reverberation. In the case of economically motivated cyber-scopes, such as those associated with organized coverage and mafia, attacks are monetary crimes, such as theft, fund transfers, fraud, identity theft, money laundering, extortion, blackmail, and other felony crimes. Focus on. In the case of those involved in fear and intimidation, such as drug cartels, gangs, and terrorists, its competitors, enemies, and target victims to plan and conduct violent crimes such as attacks, kidnappings, murders, bombings, or terrorist acts; Unsecured communications can be monitored to track the location, movement, and behavior of the user. Finally, in the case of an individual's cyber-attack, using unsecured communications, the individual's private information, including social security number, passport, bank information, credit card information, medical records, and other personal confidential information, may be included. It can illegally hack a database.

* Secure network lacking privacy. Examples of security networks that lack privacy typically include the right and authority of an information technology (IT) manager or security department to monitor all company communications to ensure that inappropriate or illegal communications do not occur across the company's network. Branches include company accounts. Although networks are secure from hackers and cyber-crimes, communications on those networks are not private, and unauthorized personal use of the company's communications infrastructure, corporate espionage, breach of confidentiality agreements, unauthorized disclosure of geologic property (IP leaks), Detect misconduct, including sexual harassment, violation of legitimate disclosure rules (registered FDs), insider trading, violations of FCPA, tolling, bribery, fraud, financial reporting violations, security violations, and others Can be monitored by an authorized agent. In corporate communications, an individual is notified at the time of entry that his or her corporate communications are not private and can be monitored, including corporate phone calls, email, text, personal messaging and SMS, and other communicators. In the case of court precedents, whether citizens or criminals, even if personal information is mixed with company information, their communicators can also be summoned in court and presented as evidence. In essence, where a company's employees use company communications, devices, and networks for personal use (except for agent-client privileges), all information is fair and should not be considered private. For these and other reasons, it is particularly problematic to mix personal messengers such as LINE and KakaoTalk for business and personal purposes, which gives employees the right to privacy to prevent inspection of their text chats, photos, and files. It cannot be argued.

Quasi-private, unsecured network. A semi-private unsecured network is one in which private transactions can be carried out secretly, even though the network that carries the data is hacked, for example wire tapped, but the lack of certain security provisions is met. In this way, privacy is established by verifying the identity of the caller (or callers) by various means using a shared secret, which cannot be exposed even by a hacker who intercepts the call. A common example of private unsecured communication is voice banking. The caller will tell you a series of ever-changing questions that may be difficult for the crook to answer, such as "I know you ate dinner last night and paid with our credit card. You can verify your identity by answering "Can you get a regular bill from the winery? What kind of winery are you?" Another example question is, "Can you tell me your favorite elementary and last name of your teacher?" In this identity verification method of operation, a bank has access to non-public information (such as a credit card statement), or a bank and its client, generally not electronically, when first creating an account in person, You have to build a set. In the case of a confirmed identity of the caller, the client may instruct the agency to perform certain actions that may not be beneficial to cybercrime. For example, "Move $ 10,000 from my savings to my checking account." However, if the transfer of money is transferred to another bank, more stringent authentication must be made to ensure the privacy of the client. In any case, privacy relies on the fulfillment of a condition in which the communication cannot expose the shared secret electronically or acoustically, otherwise all privacy will be lost and the account may be at risk. Thus, such authenticated communication on an unsecured line is referred to as semi-secure, which means conditional privacy. By the use of a security token, which is a device issued by a bank owned only by the client, another example or semi-secure communication over the unsecured network can be carried out. To the bank operator, which verifies that the customer matches the bank's authenticated customer, the pseudo-random number generated by the device. Since such numbers are eight or more, the probability of initially guessing the correct code is very small. If an incorrect token number is recorded, the call is terminated, the account is frozen and warned to investigate the fraud department. In any such case, the importance of ensuring privacy across unsecured networks relies on being able to talk without verbally exposing any secret details, such as account numbers, PINs, credit card information, etc. Communication is only quasi-private.

Identification and AAA -The concept of security and privacy relies on accurate and reliable identification, ie who the caller is talking to.

Identity verification, also known as "authentication," is important in validating the use of data and communications and in preventing illegal or unauthorized access. And is important in personal rights. Examples of the importance of identity verification include:

* For national security in the country, verifying the identity of the caller is important in tracking criminals, spies, terrorists, drug traffickers, and anyone who exposes state secrets or threatens national security. It is equally important to be able to identify a person who is authorized for confidential, confidential, or top secret communication, access, reading, or transmission of data and files.

* For law enforcement, caller identification is important in identifying individuals or entities involved in criminal activities such as theft, arson, drug trafficking, smuggling, prostitution and trafficking, extortion, blackmail, and other felony crimes. . It is equally important to be able to identify individuals who are authorized law enforcement agents, including police, firefighters, paramedics, park sheriffs, aviation security personnel, TSA and airport security personnel, airport authorities, clients, and coast guard services.

In the case of IP owners, such as movie studios, identity identification is important in identifying individuals, institutions, and objects related to the unauthorized distribution and privacy of copyrighted subjects such as music, movies, books, videos, and the like. This is equally important in ensuring valid and legitimate distribution of IP and copyright subjects.

* For business enterprises, the identification of the employee is used to identify individuals involved in the illegal disclosure of intellectual property in identifying persons involved in commercial espionage in tracking intentional or accidental leakage of material nonpublic information. And the fraudulent or personal use of corporate communications and is important in identifying persons who have committed other crimes. This is important in identifying the identity of people who can use company confidential information, and especially in authenticating certain types of data they can access. For example, the company's engineering department should not have access to the marketing department's personal records in order to compare how much marketing staff they receive.

In the case of individuals, identification is important in ensuring the "privacy" of the caller by ensuring that the person or people on the call are not fraudsters.

Accordingly, the role of identification is to verify the identity of the individual, i.e. to authenticate the claimant, and to identify, block, and finally arrest the person who falsely identifies the identity. Authentication is the first "A" of the triple-A security model, or AAA stands for "Authorization, Authentication, and Management". Many methods, such as PIN codes, passwords, fingerprints, tokens, and question and answer methods, are used to verify the identity of individuals and to verify that they have an account in the system.

Once authenticated, the identity of the effective user is used to determine access rights and privileges to communications, data, files, system operations, and the like. These privileges and access rights are collectively referred to as the " authentication " of users as granted by the system, ie, authenticated users can only access communications, data, files, and system features that are authorized to them. As such, authentication is synonymous with "privilege" or "access".

"A" in AAA indicates management. Management is a bookkeeping activity that records authenticated access to networks and files, for example, for usage based billing management, and to monitor and record unauthorized access attempts to network, files, and system operations. Management is also important in tracking changes in security credit credentials, PINs, passwords, and so forth that are required for authentication operations.

The network's ability to implement the AAA process is prioritized over ensuring privacy and preventing the use of the network from unauthorized users or network operators. Any network that cannot guarantee the identity of the user can be abused for illegal purposes. Network fraud by unauthenticated users is an inevitable problem in OTT communication because there is no means to verify the identity of the caller. Unauthorized access and network communication by gourmet users, namely anonymous users, is a significant risk in modern communications.

Anonymity -The principle of anonymity in communications is the intentional concealment of the identity of the caller in order to communicate without traceability. An almost symbolic example of anonymous communication is payphone. In pay phone calls, payments are made by cash that cannot be tracked, pay phones are public, and anyone can use such a phone, which means that the identity of the caller is unknown and there is no specific means to determine who the caller is. Means that. Since the telephone numbers are not listed, there is no way for an individual to identify the caller's identity (except through sophisticated speech recognition software) without owning the number. In the case of a registered device, such as a mobile phone, the identity of the owner of the device may be tracked through the telephone number, but the identity of the caller may still remain unknown. For example, the phone may be stolen or a usage based billing SIM card may be used to conceal the true identity of the caller. Alternatively, a laptop, tablet, or mobile phone may be connected via WiFi in a public cafe, providing anonymity similar to any public payphone or phone booth. Some OTT carriers were chosen to operate VoIP telephony services, such as Payphone, without subscriber identity verification. For example, in an online report (http://money.cnn.com/2015/11/17/technology/isis-telegram/), CNN Money states that an app called "Telegram" is a popular new one among temples. " Announced. According to the study, the Telegram application was the tool of an ISIS terrorist who made secret plans for the Paris attack. In such an article, "Telegram knows that Isis used such apps to communicate before the Paris attack" (http://www.independent.co.uk/life-style/gadgets-and- tech / news / telegram-knew-isis-communicate-paris-pavel-durov-a6742126.html),

Telegram developer Pavel Durov said: 'The right to privacy is more important than our fear of bad things like terrorism.'

Another example of privacy and anonymity used in crimes reported in the media is BitTorrent-an application and data network often used to download and share copyrighted material infrequently. In CNN Money Tech's news (http://money.cnn.com/201 l / 06/10 / technology / bittorrent_lawsuits /) titled "50,000 BitTorrent users have been accused of alleged illegal downloads," The user has been reported accused of under the new anti-privacy law for illegally downloading movies and other works called "The Hurt Locker." Network operator BitTorrent has taken a pay position that is not responsible for those who use the network for personal activities. Free speech advocates support this position, while law enforcement and government, national security, and IP rights advocates dislike this attitude as reckless and irresponsible. Regardless of the policy, the discussion of anonymous call interruption is purely academic, unless the communication system can perform caller identification.

Caller identification and certification includes intellectual property, engineering development, product evaluation, manufacturing know-how, confidential financial reports and projections, business situations, sales forecasts, inventory and WIP, quality surveys, business and IP contracts, customer lists, employee records, and It is particularly important for companies and business enterprises in controlling access to company confidential data, including other trade secrets. When accessing company communications, the access privileges granted to any employee, contractor, or officer depends on their identity verification. In conference calls, including investor calls, identification is important in identifying who is participating in the call and in ensuring that unknown people are not listening.

Paradoxically, caller authentication is used to prevent crime and prevent corporate espionage, while the same user authentication is advantageously useful in ensuring the privacy of the caller. If both parties in a call or text chat verify their identity through some signed authentication process, the fraudster does not have access to the call or its data and thus the call is protected from criminal attacks.

Finally, a distinction must be made to distinguish anonymous callers from anonymous calls. Anonymous callers are people who disguise their true identity from a communicating network. Anonymous calls, however, do not require the caller to be anonymous from the network, but only to confuse their true identity in the call data packet during communication. Registered account holders on the SDNP network may, according to this disclosure, use anonymous data to locate calls or transmit data even if the network knows its identity and telephone number. In this way, law-compliant citizens can communicate anonymously without having to conceal their identity to the SDNP network operator. If the caller is involved in a general private call, entertainment, or business, the network knows its identity as stored in the SDNP name server database, but their SDNP call remains private and secure.

Examples of the need for legal anonymous communication include global gaming where it is important to protect the identity of gamers, especially children. Another case where anonymity may be advantageous is vehicle-to-carrier (V2V) communication to protect drivers with road segments from harsh retaliation by identifying other drivers' personal data that makes driving worse. In contrast, when a caller is involved in a crime or other violent behavior in a communication, law officials may have access to that call and data transfer (according to applicable law). In this way, network operators can meet the requirements of court orders and subpoenas without exposing or disclosing the identity of law-abiding citizens.

In summary, using the disclosed SDNP communication method, only identifiable SDNP subscribers can place anonymous calls. American callers do not have access to the SDNP network or the ability to locate anonymous calls.

National Security and Privacy -The characteristics of security and private communications are further confused when government roles and laws are taken into account. All states claim their sovereignty to control communications within their borders. However, with the advent of the Internet and dynamically routed packet-switched data networks, network surveillance and monitoring face many technical and legal challenges. One concern is to monitor server-to-server networks-data packets passing through countries without interruption-through traffic. Because internet traffic is dynamically routed, network operations are not concerned about which data packets are carried by that server's network. Of course, all countries can intercept and decode such large amounts of data, but because of encryption, access without knowing the encryption key is particularly difficult for real-time monitoring. And because a caller may not stay in a country, certain countries have no jurisdiction to summon or require the encryption key used to locate the currency. Such network traversal-data is similar to radio wave traffic that traverses the Earth's atmosphere. Although radio waves pass through, there is no practical way to stop them. Similarly, there is no practical way to stop network pass-through data traffic, except to completely isolate the national infrastructure from the Internet.

A more practical solution for controlling communications is to focus on monitoring for last mile communications, i.e. intercepting and monitoring currency and currency data when the source and / or destination of the currency occurs within a country's borders. This approach means that (i) the size of the data is smaller, ie more manageable for analysis, (ii) the last mile telecommunications carrier or network operator is subject to the laws of the country of residence, (iii) the last mile carrier or network operator can be summoned for the provision of any available encryption key, (iv) the caller's device itself must be electronically "registered" to connect to the last mile network, and Doing so passes information about the caller, and (v) a large amount of pass-data, including that the location of any networked device can be determined using network address, GPS data, or radio signal triangulation. It has some advantages over traffic.

Unlike the legal and technical challenges associated with strengthening network pass-through data regulations, the laws governing last mile communication and call termination are generally the rights of the country in which the last mile network operator resides. In accordance with national privacy laws, national control may enforce the level of access required by Last Mile Communications, including the following combinations:

* You do not have the right to monitor any data or currency without a court subpoena based on the cause of the problem. The right to confidentially monitor any call or data communication with a range order.

* Right to monitor the metadata of all currencies without court order. * Right to monitor all calls and data communications without court order.

The right to intercept, monitor and block as necessary any and all communications.

For example, various governments, such as the United States, have taken positions with the right to monitor the "metadata" of currencies without court orders. The metadata does not actually access the call data itself, but includes data packet information related to who is talking with whom, how long the call is made, where the caller is located at the time of the call, and the like. In essence, the metadata includes the data header of the IP packet but not its payload. In contrast, monitoring of calls and data communications includes access to the payload itself, as well as header data. In such cases where the payload may be encrypted, the government may insist the network operator to provide a master encryption key (if present). One problem raised by privacy advocates is the abuse of power by the government. Specifically, in the case where the network relies on a set of master encryption keys, relinquishing these keys in response to a court order to enable government surveillance of a particular individual, although court orders are limited to individuals or groups However, it allows the government to monitor all calls. This problem is often referred to as the question "Who should be the police for the police?" Another consideration concerns the privacy rights of individuals who place currencies between countries. In such a case, the caller should be aware that the relevant law for government access depends on the location of both callers, ie where the two last mile networks originate. Currency from the United States to China will be governed by US law for those in the United States and Chinese law for other currencies in China. In such a situation, the call access by one government may be greater than the other. Thus, a caller in a country with greater privacy rights may consider their privacy violated by the government of another country, but will not complain because they speak with a country that does not have a legal basis.

In the case of communications using previously disclosed secure dynamic telephony networks and protocols, it is virtually impossible to intercept pass-data in hyper-secure cloud communications of fragmented, scrambled and dynamically encrypted data packets sent anonymously across the SDNP network. Thus, the privacy and security of a hyper secure call is determined by device and last mile communication. By adapting the dashed SDNP method to last mile communication, a last mile capable of hypersecurity communication and large-integrity privacy can be realized as disclosed herein.

In addition, mechanisms are disclosed to adjust the security and privacy settings of the SDNP network to accommodate local laws governing last mile communications for each country. Such methods include safeguards that enable authorized security authorities to monitor communications in accordance with law and court disposition, without exposing call data to hackers or cyber-crimes. Thus, in the hyper secure last mile communication disclosed herein, the use of a "back door" that is vulnerable to cyber-attack is not utilized.

Hypersecurity last mile communication method and device

To ensure end-to-end hypersecurity, the application of the previously disclosed method for routing encrypted and scrambled anonymous fragmented data packets within the SDNP cloud should be similarly configured for communication within the last mile. Ensuring last mile communication is particularly problematic, where data can be carried on a network that is not hosted by the SDNP operator, packet routing can involve conventional IP packet routing, and is inherent in the last mile network. This is because security can be compromised by cybercrime, possibly due to a conspiracy of last mile network operators.

In accordance with the present invention, last mile communication essentially involves the transmission of IP datagrams outside the data cloud network using a different packet format than the data packets in the SDNP cloud. As shown in FIG. 10, an SDNP cloud that includes a server 1201 (shown schematically by soft-switch enabled SDNP nodes M _0,0 through M _{0, f} ) is an example data packet 1222B. 1222C, and 1222F) to transmit VoIP, video, text, and data using the SDNP datagram. SDNP datagrams include SDNP Layer 3 source and destination addresses, and do not include Internet IP addresses. SDNP addresses are different from IP addresses in that they can only be recognized by the SDNP name server or by another server that performs the function of the SDNP name server and not by the DNS name server of the Internet.

As described in the aforementioned U.S. Application No. 14 / 803,869, SDNP packets change dynamically as they travel through the network, and the routing address is updated according to the shared secret and dynamic "state" (such as time). Constant changes in the payload are made. For example, the data packet 1222B sent by node M _0,0 includes a layer 3 SDNP datagram B, with a specific SDNP address and a specific encrypted payload. Downstream, the data packet 1222C output from node M _0,1 includes a layer 3 SDNP datagram C with a different SDNP address and re-encrypted payload. After a few tens of milliseconds, the same payload arrives at node M _{0, f} which processes the data and forwards the data packet 1223G containing the IP datagram G through the last mile.

Since the change is made in accordance with the defined state, the original data packet can be restored by performing a series of dysfunctional operations executed in the reverse order to that which has been implemented. For example, SDNP functional sequences, including scrambling, junk insertion (deception), and encryption steps, are subject to reverse sequence decryption, junk removal, and Unscrambling can be returned to its original state. State data for a packet may be embedded in the payload of the packet and accompanied by a time, seed, or key, or may be transmitted in advance in the packet. Data transfer and processing within the SDNP cloud is operated using SDNP cloud specific shared secrets and secure credit credentials. Media nodes that share a common set of shared secrets and secure credit credentials may be referred to as secure “zones”. Zones used for secure credit credentials operating within the SDNP cloud cannot be exposed to any user communication outside the SDNP cloud. Thus, all last mile communications must include a different SDNP security zone than the SDNP cloud.

In the example shown, server 1201A and server 1201F hosting corresponding nodes M _0,0 through M _{0, f} operate as SDNP gateways, ie they are SDNP in other clouds as well as devices outside the SDNP cloud. Communicate with nodes

Communication from such a gateway to a communication device outside of the cloud represents “last mile” communication. Thus, the gateway node must understand the area security credentials of both the SDNP cloud and the last mile network to which they are connected and act as a translator during packet routing. Semantically, the term last mile is an abbreviation for communication outside the SDNP cloud and does not specifically refer to a distance of one mile. Instead, the term last mile includes any communication between the client device at any distance and the SDNP cloud, regardless of whether the client device is acting as an SDNP client, that is to say to operate the SDNP application software or firmware. Or not.

The term last mile also applies to both the client device initiating the call and the client device being called. In the literature, the caller's data represents, instead of last, the "first mile" of the currency-the distinction between the first mile and the last mile is arbitrary. Specifically, in any duplex transformation or in any IP communication “session”, the device receiving the call essentially responds to the call or session request by sending a response to the caller. In any two-way communication, the first mile connection therefore necessarily functions as the last mile in the response data path. In essence, the first mile for the caller is at the same time the last mile for the respondent. Thus, the term defined as last mile is used throughout this application to mean both the first mile and the last mile, regardless of which device initiated the call or communication session.

Communication outside the SDNP cloud for any device other than the SDNP client is essentially made using IP datagrams, not SDNP IP datagrams. For example, referring again to FIG. 10, data packet 1223A includes " IP datagrams A " constructed using SDNP payloads having IP addresses, not SDNP addresses. Similarly, incoming datagram G comprises a data packet 1223G containing the SDNP payload routed using the IP address. The IP source and destination address represents any IPv4 or IPv6 address that can be recognized by the network through which the routing takes place. The IP address may include an internet address that may be recognized by a DNS server of the internet, or alternatively, may include a NAT address used for routing across a local network formed by a local network service provider.

The analysis of last mile communications is used because the hardware and firmware used in last mile communications can vary considerably and can include telephone lines, fiber communications, cable TV networks, 3G and 4G radio networks, microwave communication towers, and satellites. Should be considered for the various layer 1 physical networks and their corresponding layer 2 data link formats. The format may include, for example, analog (POTS), Ethernet, WiFi, 3G, 4G / LTE, and DOCSIS3. The corresponding security and privacy capabilities of each last mile implementation are considered on a case-by-case basis in the sections below relating to SDNP "call out" communications.

SDNP Call Out Over Unsecured Lines -As in the art, any call leaving a regulatory network that is transmitted over separate (and generally different) networks is generally "call out". , Which means that data or voice leaves one network for transmission to another network. For example, communication between clients running a Skype application is generally referred to as a Skype call, but locating a call from a Skype client to a regular or mobile number is referred to as a Skype call out feature, or a "sky out" call. do. In general, a call out to a regular number includes some additional cost, either as a subscription fee or as a usage based billing.

In the context of this disclosure, communication from an SDNP cloud to any device other than an SDNP client over an unsecured last mile connection is referred to herein as a term defined as “SDNP call out”. 11 schematically illustrates two examples of SDNP call outs routed over an unsecured last mile. In the upper example, communication is made to an analog device such as a telephone or payphone 6A using an analog signal. In such a case, the SDNP gateway should include a digital-to-analog converter. Otherwise, a modem or translation device can be added to the gateway. The information is carried not by the data packet but by the analog signal 1221. Analog telephone signals are effective for voice carrying, but are not suitable for high speed data communication.

In the lower case, SDNP callouts are generated via a digital network to a digital device (e.g., mobile phone 32) that is not enabled as an SDNP client, i.e. not enabled with SDNP software or firmware. . In such a case, the data packet 1223 carries a call or data, generally using the IP packet format according to the Internet protocol, i.e., the seven-layer OSI model. An IP datagram contains an IP or NAT address in its source and destination address fields and includes IP or VoIP data as its payload. Digital pathways may include various forms of digital data, such as Ethernet, WiFi, or 4G / LTE, depending on the last mile connection.

In one of the exemplary schematics, since the last mile communication data is carried out of the SDNP network through an unsecured communication channel or network, the call is not secure and is exposed to hacking, spy, wire tapping, and other cyber attacks. As described in the Background section of this application, unsecured lines and connections for last mile, whether stranded copper wire, coaxial cable, fiber, Ethernet, WiFi, cellular, or satellite, have special security methods such as encryption. It is not inherently secure unless it is inserted into a large-end data path. The security of the most secure data cloud or VPN is thus compromised by the weakest link-in this example, the last mile. Especially in one well-formed electrical, microwave, or radio wave connection, even encryption does not guarantee security. In addition to lack of security, the schematic example does not include any mechanism for identity verification. In non-authenticated, Last Mile does not guarantee privacy. As such, the example schematic represents an unsecured last mile network lacking caller privacy.

FIG. 12 illustrates an SDNP implementing SDNP callout for unsecured last mile lack privacy, connecting to a public switched telephone network or PSTN gateway 1A over a digital network service provider NSP hosted wired or fiber link 24. Gateway 1201A is shown. The PSTN gateway 1A is then routed to a conventional conventional telephone system (POTS) switch 3 via an analog communication connection 4. The POTS switch 3 then places the normal telephone call in the home telephone 6, the wireless telephone system 5, or the telephone 6A via the twisted pair copper wire 7. The last last mile is neither private nor secure. Although communication of the data packet 1222A including the SDNP datagram A uses SDNP addressing and SDNP payload in the SDNP network, if data enters last mile hypersecurity, it loses its benefits. For example, a data packet 1223B comprising an IP datagram (B) carried by an NSP network hosted wired or fiber link 24 may use conventional IP addressing recognizable by an Internet DNS server and may optionally It includes a typical IP payload that can be sniffed by the cyber-pirate of. Analog lines 4 and 7 are likewise vulnerable because they carry simple analog audio signals as analog call data 1221. Although the SDNP Gateway can support unsecured non-private callouts, it is incorrectly routed to connect SDNP secured calls to unsecured last mile networks that lack privacy support.

Using garden authentication, some improvements to the above-mentioned unsecured last mile implementation can be achieved. FIG. 13 schematically illustrates an example of an SDNP call out routed over the last mile with unsecured but with two different types of authentication. The top example shows the SDNP call out from the SDNP gateway 1220A via analog or POTS to the business office desktop phone 9. As shown, the operator 1225 performs authentication manually to verify the identity of the account holder and the account ID. Although authenticated, the calls carried by analog sound 1221 are unsecured and private only if the secret or account information is not voiced in the conversation, i.e. the information is private if the secret is not exposed. Is no longer private when it is exposed. Thus, the term quasi-private is used herein to refer to an authenticated call over an unsecured line, that is, a conditional private call.

The bottom schematic diagram shows the SDNP call out from the SDNP gateway 1220A onto the unsecured digital last mile. The data delivered by IP datagram 1223 to a versatile device, such as desktop PC 36, may be authenticated using an electronic identity verification method, such as token 1226, which is unsecured but does not have access to the cyber-attack. Can be. Because the line is unauthenticated and can be sniffed, care must be taken in the digital dialog to avoid exposing account numbers or secret data.

Specific examples of semi-private unsecured currencies are shown in some examples below. In FIG. 14, an identity unsecured last mile communication is shown between the SDNP network and the office desktop phone 9, for example a private banker's phone. The account holder's currency, for example when located internally, can be routed across the globe using hypersecurity communication within the SDNP network and finally as the last mile as an SDNP callout through the SDNP gateway 1201A. Can be connected to. The long distance portion of the call is generated using a dynamically changing SDNP datagram, such as a data packet 1222A containing an SDNP datagram A with an SDNP payload. The data packet 1222A is then converted by the gateway gateway 1201A from the SDNP datagram A to the IP datagram B shown by the data packet 1223B. Unlike strand 2 datagram A, IP datagram B contains a sniffable IP payload. The data packet 1223B is sent to the public switched telephone network or PSTN gateway 1A by the operational wired or fiber link 24 to the network service provider (NSP). Again, this gateway is connected to the company switchboard 8A via a POTS line 4 carrying an analog call 1221. Company switchboard 8A is connected to desktop phone 9 via analog private branch exchange or to desktop phone 9 via PBX line 7A and also to personal authentication operator 1225. During the call, the account holder contacts the private banker on the desktop phone 9, but before any transaction contract can be initiated, the personal authentication operator 1225 joins the call to verify the identity of the caller, and After leaving the call, the caller's privacy is maintained accordingly. However, since the call is not secure, both private bankers and account holders should be careful to avoid leaking confidential information such as account numbers, passwords, or PINs. Thus, the currency is quasi-private, ie conditionally private.

In FIG. 15, a proven unsecured last mile communication is shown between the SDNP network and the desktop computer 36. In a digital communication session, desktop computer 36 communicates to SDNP gateway 1201A using IP datagram (B) carried over some digital medium. In the first leg, Ethernet 106A carries a data packet 1223D containing IP datagram B from desktop computer 36 to Ethernet-based local router 27B. The Ethernet local router again communicates to the network router 27 via an Internet service provider (ISP) wired or fiber link 24 using a data packet 1223C containing the IP datagram (B). Network Service Provider Line (NSP) Operation The wired or fiber link 24 carries a data packet 1223B containing an IP datagram (B) on the last leg of the last mile between the network router 27 and the SDNP gateway 1201A. To carry. Because IP datagrams are used, the last mile is insecure. Digital methods for identity verification, such as login window 1227 and security token 1228, may be used for authentication to ensure that the communication remains quasi-private. Such digital certificates should be limited to single use to prevent their use by fraudsters. For example, if a token generates a number and this is used for gaining access, the combination is no longer valid for such use, and if the hacker intercepts the token, the token is useless, which expires. Because it is no longer valid.

Another example of identity-proven unsecured last mile communication is shown in FIG. 16, where the SDNP gateway 1201A communicates with a point of sale (POS) terminal 38 and a gas pump POS terminal 38A as an SDNP call out. do. The last mile communication as shown is a mixture of digital and analog connections including an NSP wired or fiber link 24 carrying a data packet 1223B containing an IP datagram B to a network router 27, Wired or fiber link 24A then carries IP datagram B within data packet 1223C, and POTS or analog line 30B is point of sale terminal 38 and gas pump POS terminal 38A. Carry digital PCM (Pulse Code Modulation) data as an analog call 1221A coupled to the < RTI ID = 0.0 > Authentication in financial transactions is based on bank card data 1229, which may include electronic authentication based on smart card integrated circuits and may be by dynamic PIN 1228. Authentication includes verifying with a financial institution 1230 connected to the SDNP network through the SDNP gateway 1201A or through another last mile.

Hyper-Secure Last Mile Communication -By adapting the base of a secure dynamic communication network and protocol, hyper-secure communication can be achieved via the last mile. To facilitate hypersecurity, the connected device must execute the SDNP code as an "SDNP Client." The SDNP client includes operational instructions, shared secrets, and SDNP connectivity information, hosted on the connected communication device. The SDNP client may include software running on an operating system, microcontroller or programmable IC, or dedicated hardware or firmware running in an integrated circuit. 17 schematically illustrates an exemplary hypersecurity communication over the last mile using an “SDNP connection”. As shown, SDNP gateway 1201A is connected to a device running SDNP client, in this example to SDNP app 1335 running on desktop computer 36. SDNP clients are hardware and operating system specific. In mobile devices, separate apps are required for different mobile device platforms using Android, iOS, and Windows Mobile. Similarly, separate OS-specific applications are required for notebooks, desktop PCs, and servers, including Windows 10, MacOS, Unix, Linux, and the like. Hardware hosting of SDNP clients in devices that do not have higher level operating systems, such as POS terminals, hotspots, IoT, etc., must be adapted to the programmable devices that execute the code. Programmable integrated circuits often require programming in chip-specific development environments specific to IC suppliers such as Qualcomm, Broadcom, Intel, AMD, NVidia, Microchip, and others.

Since the SDNP gateway 1201A and the SDNP app 1335 communicate using the SDNP payload 1222, the caller identity and call payload cannot be understood in packet sniffing, specifically the SDNP payload 1222 It includes source and destination SDNP pseudo-addresses that are not recognized by the DNS server, and the payload contains SDNP data that can be scrambled, fragmented, mixed with junk data insertion, and dynamically encrypted. The SDNP payload 1222 is embedded within IP datagram 1223, which, in place of the SDNP address, is used in last mile using the IP address or NAT address of the network of the cellular, cable or ISP carrier used for last mile connectivity. Orient routing across.

Another aspect of SDNP based hypersecure last communication is that any SDNP client can in essence authenticate and garden proof. As such, the privacy feature is not based on the network's ability to achieve privacy to support AAA, but based on whether the client software or firmware is designed to facilitate the verification process. It is to be understood that the following hypersecurity last mile examples apply to both private and non-private secure communications, since any hypersecurity last mile can be identified. Thus, unlike an unsecured last mile network with quasi-privacy features, private communication across the hyper-secure last mile is determined by the SDNP client, not the network, and at any degree of single-factor or multi-factor desired by the client. It can support the factor authentication process.

Specific examples of hypersecure calls are shown in some of the examples below. In FIG. 18, hyper secure last mile communication is shown between the SDNP network and various cellular mobile devices having a WiFi last link. As shown, the data packet 1222A comprising the SDNP datagram (A) and containing the SDNP payload is, by means of the SDNP gateway 1201A for last mile communication, also including the SDNP payload. Is converted into a data packet 1223B including (B). The SDNP payload in the IP datagram (B) is the SDNP datagram because the hypersecurity last mile uses different shared secrets, numerical seeds, encryption keys, and other zone-specific secure credit credentials, instead of using the SDNP cloud. It is different from the SDNP payload in (A). In other words, the SDNP gateway 1201A by changing the payload from one security zone to another, and by embedding the SDNP routing information as a source and address SDNP address that cannot be recognized by the DNS server, Convert SDNP datagrams to IP datagrams.

This zone-specific SDNP payload is then wrapped in an IP datagram packet with an IP header containing a last mile network specific IP address, which is a NAT or Internet address, and thus the SDNP gateway 1201A and the communication device. That is, it helps packet routing between the tablet 33 and the mobile phone 32 acting as an SDNP client. Since the intermediate devices in the last mile routing are not SDNP clients, the configuration of the SDNP payload in the IP datagram B remains fixed as it travels over the last mile. In other words, data packets 1223B, 1223C, and 1223D are identically configured datagrams, all of which have the same SDNP payload, the payload that does not change when the packet hops from device to device along the last mile. SDNP datagram (B). In summary, whether an IP datagram or SDNP datagram, only the SDNP node or SDNP client can rebuild the SDNP payload embedded within the level 3 datagram.

As shown, the data packet 1223B containing the IP datagram B is carried to the network router 27 by the NSP operating wire or fiber link 24, and then the data packet 1223C is also operated by the ISP. IP datagram (B) carried by WiFi router 26 by wire or fiber link 24A. Subsequently, the WiFi router 26 receives a data packet containing an IP datagram B over the WiFi link 29 to a mobile device such as a mobile phone 32 and a tablet 33 on which the SDNP app 1335A is operated. 1223D) to facilitate last link communication. Thus, such a device includes an IP datagram (B) comprising a mix of decryption, de-junction, unscramble and content of payload and data fragments from other data packets to recreate the original message or sound. It functions as an SDNP client capable of interpreting the data contained in the data packet 1223D containing.

In FIG. 19, hyper secure last mile communication is shown between an SDNP network and various cellular mobile devices having a cellular last link. As shown, the data packet 1223B comprising the IP datagram B is carried to the network router 27 by the NSP operating wire or fiber link 24, and then the data packet 1223C is also carried by the cellular network. IP datagram (B) carried to cellular base station 17 by mobile network operator (MNO) wired or fiber link 24B to generate 25. The cellular base station 17 then comprises an IP datagram B spanning 3G, 4G / LTE 28 to mobile devices such as mobile phones 32 and tablet 33 on which the SDNP app 1335A is operated. Promotes last link communication using data packet 1223D.

As in the previous example, since the intermediate devices in last mile routing are not SDNP clients, the configuration of the SDNP payload in IP datagram B remains fixed as it travels over the last mile. In other words, data packets 1223B, 1223C, and 1223D are identically configured datagrams, all of which have the same SDNP payload, the payload that does not change when the packet hops from device to device along the last mile. SDNP datagram (B).

In FIG. 20, hyper secure last mile communication is shown between the SDNP network and various tethered (non-mobile) devices with Ethernet last links. As shown, the data packet 1223B containing the IP datagram B is carried to the network router 27 by the NSP operating wire or fiber link 24, and then the data packet 1223C is also used for Internet service. IP datagram (B) carried by Ethernet (103A) by provider (ISP) wired or fiber optic link 24A. Ethernet router 103A then uses a desktop computer 36 and SDNP firmware on which SDNP app 1335C is operating, over Ethernet 106A, using data packet 1223D containing IP datagram (B). 1335B facilitates last link communication with a tethered device, such as a desktop phone 37 that operates. When there are no SDNP network nodes or SDNP clients within the last mile, the data packets 1223B, 1223C, and 1223D are identically configured datagrams, all of which are identical SDNP payload-packets hopping from device to device along the last mile. SDNP datagram (B) with a payload that does not change when.

In FIG. 21, hyper secure last mile communication is shown between the SDNP network and the cable service client. As shown, a data packet 1223A comprising an IP datagram (B) is carried by the NSP wired or fiber link 24 to the cable CMTS 101, i.e., the command, communication and content distribution center of the cable operator. do. Such cable operators provide a variety of services, such as cable TV, usage-based billing, telephone services, Internet connectivity, business services, and others. The CMTS 101 head unit is then connected to the client via cable 106 using fiber or coaxial modulated according to DOCSIS3 and trellis formatting (described in the Background section of the present disclosure) to provide bandwidth. And optimize real-time services. Transparent to the client, the cable operator may maintain the datagram format or alternatively package the IP datagram in a proprietary datagram format. Such data packets, referred to herein as CMTS datagrams (C), utilize cable specific NAT addressing and convert the SDNP payload as n nested payload within the data packet 1224C for delivery on cable 106. Encapsulate.

As shown, the cable CMTS 101 routes the CMTS datagram C to the cable modem 103, which in turn includes an IP datagram B with an unaltered SDNP payload for last link delivery. The payload data packet 1223B is extracted. The last link to the SDNP client enabled device can be over an Ethernet 106 to a desktop computer 36 on which the SDNP client app 1335C runs, or a wireless telephone on which the SDNP client client firmware 1335B operates. It can occur in several formats, including over copper stranded wire 7 to 5A). The cable CMTS 101 also routes the CMTS datagram C to the cable modem 103, which in turn extracts the original IP datagram, for example IP datagram B, and retrieves this and other video content. The cable 106 transmits to the cable TV set-top box. The cable set-top box then forwards the IP datagram (B) and content via the HDMI-2 107 to the UHD interactive TV 39, where the SDNP app 1335D is operated. Alternatively, the SDNP firmware can be hosted by cable TV set top box 102.

In FIG. 22, hyper secure last mile communication is shown between the SDNP network and a WiFi home network connected through a cable service provider. As shown, a data packet 1223B comprising an IP datagram (B) is carried by the NSP wired or fiber link 24A to the cable CMTS 101, ie, the command, communication and content distribution center of the cable operator. do. The CMTS 101 head unit is then connected to a particular client's cable (WiFi) modem router 100B using a wired or fiber link 24A over coaxial or fiber to create a WiFi access point 26. Routing of data packet 1223C may include an IP datagram with Internet access, or may include a proprietary CMTS datagram (C) with NAT addressing. Routing between the SDNP gateway 1201A and the cable (WiFi) modem router 26 represents the wireline leg of the hyper secure last mile.

The last leg in the home network includes a WiFi link 29 that wirelessly connects a cable (WiFi) modem router 26 to various home devices by means of a data packet 1223D containing an IP datagram (B). To facilitate end-to-end hypersecurity, the device must be operated as an SDNP client using software or firmware loaded on the device. For example, notebook 35 and desktop computer 36 operate as SDNP clients using computer app 1335C, and cell phone 32 and tablet 33 as SDNP clients using mobile app 1335A. It works. In this case, the IoT device, which is the register 34K, can operate as an SDNP client when the SDNP firmware 1335E is loaded into their control system. However, if such a device does not or cannot be embedded with the software of the SDNP client, end-to-end security can be achieved by other means.

Identity-Paired Last Link Security -If the connected device cannot act as an SDNP client, hypersecurity may not be guaranteed end-to-end. In such a case, the use of the SDNP remote gateway can extend the hypersecurity communication to cover the last mile of the communication except for the last link. The portion of the last link, ie the last mile directly connected to the communication device, is not enabled as an SDNP host, and the last link security must be guaranteed through the local area network (LAN) used to facilitate the last link communication. 23 schematically illustrates the use of the SDNP remote gateway 1350 in last mile communication. SDNP remote gateway 1350 includes any communication device enabled by SDNP firmware 1335H to function as a remote gateway. Thus, the SDNP connection between SDNP gateway 1201A and SDNP remote gateway 1350 includes IP datagram 1223A including an IP or NAT source and destination address and SDNP payload 1222. SDNP payload 1222 includes a DNS server using last mile zone specific secure credit credentials and an SDNP address that is not recognizable by the nested SDNP payload. This SDNP connection is hypersecurity capable of supporting identity verification and call privacy.

Between the SDNP remote gateway 1350 and any connected device other than the SDNP client (eg, desktop computer 36), communication is via a local area network or LAN connection, such as Ethernet, WiFi, or other protocol. . Security is facilitated by LAN security protocols and devices paired between the communication device and the SDNP remote gateway. Device pairing is a process by which an authentication sequence between two communication devices establishes the identity of two devices to prevent unauthorized access.

In Fig. 24, the SDNP enabled router 1351, that is, the router on which the SDNP firmware 1335H is operated, functions as a remote SDNP gateway. This gateway converts the data packet 1223A containing the IP datagram A into a data packet 1223B containing the IP datagram B. Although SDNP firmware 1335H can interpret the SDNP payload contained in IP datagram A, the connected devices are not SDNP clients. Instead, the SDNP router 1351 converts the SDNP payload into a conventional IP payload. This last link is insecure unless additional security measures are introduced into the device. In home use, this unsecured device connection is often not a concern because the last link occurs within the home. Such wireline connections cannot be sniffed unless a hacker physically breaks into the home to connect to the wire tabs. An example of a wired in-home last link for a non-SDNP device is Ethernet 106A, shown by an example connected to a desktop computer 36 and to a modem 103C or HDMI-2 connected to a TV 39. It includes.

Since the SDNP connection and hypersecurity communication extends only to the SDNP router 1351, the last link must rely on authentication and encryption to achieve security in the wireline connection. In Ethernet, such security is any number of security methods (http: //www.computerweekly) including iSCSI operating on Layers 1 through 3, such as virtual local area network operations or VLANs using encryption between authenticated devices. .com / feature / iSCSI-security-Networking-and-security-options-available). Alternatively, security may be achieved using layer 4 to layer 6 methods using "IP security" or IPSec framework. Originally developed and promoted by Cisco for data storage as an industry standard, IPSec offers two security modes. In the "authentication header" mode, the receiving device can authenticate the sender of the data. In this mode, the data fields are encrypted but the header uses a recognizable IP address. In Secure Payload Encapsulation (ESP), also known as tunnel mode, the entire IP packet including the IP header is nested within the encrypted and newly decrypted IP packet, so that routing can function properly and the packet The correct network destination can be reached.

In either case, security depends on the authentication device to be able to connect to the network. In a home network, for example in a personal network connected to computers, shared storage drives, IoT and other device connections, network-connected hardware is not frequently exchanged. In such a case, authentication essentially involves the registration process of the device gaining access to the network or router. Instead of identifying the identity of a particular user, this type of authentication generally uses some device tag, name, or ID number to identify and recognize devices that are authorized for the connection, between devices, i.e. devices. It consists of a large device. Establishing a network connection includes a setup phase when the devices are first introduced to each other and the connection is approved by the user, followed by two devices whenever the wireline device is physically connected to another or in the case of WiFi Every time they come within range of each other, an automated authentication sequence is made. The setup phase, referred to herein as identity pairing, may also be referred to as device registration, device association, device pairing, pairing, or pairing association. A similar process is used with the device to connect Bluetooth headphones to a mobile phone or to pair a Bluetooth mobile phone with the vehicle's hands-free audio system. The protocol can be challenge challenge authentication protocol or CHAP, Kerberos V5, Simple Public-Key Generic Security Services Application Programming Interface (GSSAPI), Secure Remote Password (SRP), and Remote Authentication Dial-In User Service (RADIUS). ). Some methods, such as RADIUS, rely on encryption methods, which are used for destruction but still in combination with other technologies.

Ethernet communication is performed by an identity-paired device, such as an Ethernet modem 103C, a modem comprising an analog telephone signal transmitted to a wireless telephone 5A via a copper twisted pair conductor 7 and to a desktop telephone 37. Protect the output, but the last link is not secure. In addition, the communication format of the radiotelephone 5A is not secure but is exposed to interception and monitoring. For this reason, the use of home telephones in secure communications is not good.

The distribution of video content is another concern in security. For example, in the communication of the SDNP router 1351 to HDTV 39, high resolution multimedia interface (HDMI), DisplayPort (DP), digital virtual interface (DVI), and the less popular gigabit video interface (GVIF), Or a video communication format, such as an integrated digital interface (UDI), typically includes a physical connection to an HDTV or display monitor. Originally, the security of these connections and their data was of interest to movie studios and content providers, with a focus on preventing the piracy and distribution of copyrighted works. One security protocol developed by Intel Corp. to secure video links is High-bandwidth Digital Content Protection (HDCP) (https://en.wikipedia.org/wiki/High-bandwidth Digital Content Protection). ). Originally such a system was intended to prevent HDCP-encrypted content from playing on unauthorized devices. Such a system checks the authenticity of the TV receiver or display before transmitting the content. Accordingly, DHCP uses authentication to prevent non-licenses from receiving data, which encrypts the data and revokes the compromised device's key to prevent information eavesdropping.

By means of HDCP, the content flow from the modem to the TV can be secured by authentication, ie by the use of identification pairing. However, with the advent of smart TVs, the data flow is bidirectional. As a means for facilitating upstream data flow, ie, data flow from the TV to the modem or set-top box, starting with revision 1.4, HDMI embeds a high speed bidirectional data channel, now known as HEC or HDMI Ethernet channel. This data channel means that an HDMI connected device can transmit and receive data via lOOMC / sec Ethernet, thus allowing them to be ready for IP-based applications such as IP-TV. The HDMI Ethernet channel allows Internet-enabled HDMI devices to share an Internet connection over an HDMI link without requiring a separate Ethernet cable. Thus, secure communications can be facilitated over HDMI using identity pairing available over the same security protocol and Ethernet.

In Fig. 25, the use of an SDNP enabled WiFi router 1352, i.e. a WiFi router on which the SDNP firmware 1335J is operated, functions as a remote SDNP gateway. This gateway converts the data packet 1223A containing the IP datagram A into a data packet 1223B containing the IP datagram B. Although SDNP firmware 1335J can interpret the SDNP payload contained in IP datagram A, the connected devices are not SDNP clients. Instead, the SDNP WiFi router 1352 converts the SDNP payload into a conventional IP payload and wirelessly communicates with the connecting device using the WiFi access point 26 to facilitate communication over the WiFi link 29. do. This last link is insecure unless additional security measures are introduced into the device. In the case of WiFi communication in the home or office, security is concerned because data packets can be sniffed over long distances. Examples of WiFi and connected home and office devices include desktop computer 36, notebook 35, tablet 33, mobile phone 32, speaker 34B, printer / scanner 34A, and shared data drive 34C. It includes.

The security between the SDNP gateway, or SDNP WiFi router 1352, and the connected devices is based on WiFi protected access (WPA-II or WPA2) (IEEE 802.1 li-2004), which replaces the previous WPA and its unsecured leading WPE. The same is achieved using any number of industry standard protocols. WPA2 communication is protected using Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on AES processing with a 128-bit key and a 1280-bit block size. CCMP provides data reliability, requires authentication, and sets up access control. Authentication includes identity pairing in settings. Re-pairing must be done manually. CCMP security is good, but not hyper-secure, and does not have the anonymous data packets and dynamic characteristics of SDNP communication provided from SDNP clients.

In FIG. 26, as an example of an IoT connected device in a home network, the use of an SDNP enabled WiFi router 1352, that is, a WiFi router on which the SDNP firmware 1335J operates, functions as a remote SDNP gateway. This gateway converts the data packet 1223A containing the IP datagram A into a data packet 1223B containing the IP datagram B. Although SDNP firmware (1,335 J) can interpret the SDNP payload contained in IP datagram (A), connected IoT devices are not SDNP clients. Instead, the SDNP WiFi router 1352 converts the SDNP payload into a conventional IP payload and communicates wirelessly with the connecting device using the WiFi link 29 from the WiFi access point 26. This last link is insecure unless additional security measures are in place-especially WiFi data packets can be sniffed over long distances. Examples of WiFi connected IoT devices in the home include central heating and air conditioning (34D), lights (34G), blinds (34F), large appliances (34K), portable and indoor HVAC (34E), garage doors (34L), and home monitoring. 34J, and central security system 34H.

Security between the SDNP Gateway, or SDNP WiFi Router 1352, and the connected devices is achieved using any number of industry standards, such as the WiFi Protected Access Protocol (WPA2) described above, which utilizes CCMP to promote data confidentiality, Require authentication and set access control. WPA2 achieves security using identity pairing, device identification implemented as a layer 2 protocol. This method is cumbersome, including a manual authentication method.

Alternative protocol used for recently introduced local area networks for IoT communication-a proximal network called the AllJoyn framework. Such frameworks discover devices, create sessions, and help secure communications. The framework is designed to support IoT device connectivity using numerous layer 2 transport layers, including WiFi, Ethernet, serial bus communication, and power line PLCs. Applications run on numerous platforms, including Linux, Windows, MacOS, Android, iOS, RTOS real-time operating systems, and the open source development environment Arduino. It can be based on C and Java.

AllJoyn flexible applications enable end-to-end application level security by authenticating others and exchanging encrypted data. Authentication and data encryption run at application layer 7. Transport layer 2, also referred to as router layer, transmits security-related messages between application endpoints but does not implement any security logic itself. The reverse call feature, also known as the "Auth Listener", implemented at Application Layer 7, assists in authentication using a PIN, password, or authentication certificate. Security is achieved using AES128 peer-to-peer encryption. Like WPA, AllJoyn uses identity pairing in the authentication process before execution of command and control sequences. Supported authentication methods include pre-shared keys or PSK, secure remote password (SRP) key exchange, or login using a username and password. The protocol also supports temporary (elliptic curve Diffe-Hellman) key exchanges (i) without authentication, (ii) authenticated with pre-exchanged keys, and (iii) authenticated with X.509 ECDSA certificates.

The same technology can be applied to business enterprises. In FIG. 27, as an example of an IoT connected device in a home network, the use of an SDNP enabled WiFi and Ethernet router 1352Z, i.e., an Ethernet and WiFi router on which the SDNP firmware 1335J operates, functions as a remote SDNP gateway. do. This gateway converts the data packet 1223A containing the IP datagram A into a data packet 1223B containing the IP datagram B. Although the SDNP firmware 1335 J can interpret the SDNP payload contained in the IP datagram A, the connected IoT devices are not SDNP clients. Instead, the SDNP and Ethernet WiFi router 1352 converts the SDNP payload into a conventional IP payload and communicates with the connecting device using both the WiFi link and the Ethernet 106A.

This last link is unsecured unless additional security measures are in place-especially WiFi data packets that can be sniffed over long distances. Examples of WiFi connected IoT business devices include WiFi hotspot connected devices such as central heating and air conditioning 34D, lighting 34G, surveillance system 34J, security system 34H, POS terminal 38, and tablet 33. It includes. Business Enterprise Wireline The connected devices depend on the nature of the business. In banking, the device includes an Ethernet connected ATM machine 38D. In a gas station, the device comprises, for example, an Ethernet connected gas pump 38A.

In summary, the last link can be secured with a non-SDNP client communicating with the SDNP remote gateway. In this way, most of the last mile is hyper secure, while the last link utilizes identity paired encrypted security.

SDNP Bridge Communication —As mentioned above, last mile data transmission outside the SDNP cloud is an IP datagram, i.e., a data packet, using the Internet source and destination addresses, or alternatively using the NAT address of the network operator. Is essential. For example, in the case of a private network operating in an office building or working with a local network service provider who wishes to host SDNP soft-switches on a server, SDNP datagrams may be used to achieve hyper-secure communication on the part of the last mile. Can be.

As noted above, hyper-secure communication relies on a server to host SDNP soft-switch software or firmware and to communicate using SDNP datagrams and anonymous addresses, rather than IP datagrams in the SDNP cloud, and such SDNP Soft-switch enabled servers are referred to as SDNP nodes, as indicated by the SDNP node notation (M _0,1 , M _1,0 , M _1,1, etc.). U.S. Application No. 14 / 803,869, also described, also discloses communication between multiple independent SDNP clouds connected by an SDNP bridge-an SDNP gateway that routes IP datagrams to other SDNP clouds.

The concept of SDNP bridge can be similarly configured for part of last mile communication. In order to create an SDNP sub-network or mini-cloud within the last mile, two or more servers must be enabled by the SDNP bridge software or firmware. Unlike SDNP client software or firmware operating at an end device, i. Thus, two or more adjacent SDNP bridges may operate as a standalone SDNP bridge network, SDNP mini-cloud or SDNP ad hoc network. The SDNP bridge function, as described above, represents a layer 3 configuration similar to the layer 2 description of the bridge mode operation of a WiFi router. In an SDNP-bridge or SDNP bridge network, communication takes place using SDNP datagrams. Communication to SDNP-bridges from outside the SDNP-bridge or SDNP bridge network uses IP datagrams with SDNP payloads.

The operation of the SDNP bridge in last mile communication is illustrated in the schematic diagram shown in FIG. 28, which shows an SDNP network with SDNP gateway 1201A, SDNP bridge routers 1350 and SDNP firmware 1335H and 1335J respectively operated. 1352Z), and connected client devices, shown here as notebook 35, but not SDNP clients. As shown, communication between SDNP gateway 1201A and SDNP-bridge 1350 includes a secure connection using IP datagram 1223A having an IP address and SDNP payload. SDNP payload 1222A, in turn, includes SDNP routing information and secure SDNP payload encoded using zone specific secure credit credentials. Thereby, although IP address routing is used, hypersecurity is achieved using the SDNP payload.

Within the SDNP-bridge connection, ie, between the SDNP bridge routing 1350 and the WiFi-enabled bridge router 1352Z, hypersecure communication occurs using the SDNP datagram 1222B. SDNP routing information is extracted from SDNP addressing contained within SDNP payload 1222A. At the same time, the SDNP-Bridge and SDNP connections include the hyper-secure wireline leg of Last Mile Communications, which can support identity and account verification and can support privacy.

The connection from the SDNP-bridge router 1352Z to the non-SDNP client device, i. The security of this last link, though not exemplary, is secured by any of the aforementioned Ethernet and WiFi security protocols such as iSCSI, IPSec, WPA, AllJoyn, and others.

The implementation of the SDNP bridge can occur between any two SDNP enabled devices carried by any number of physical media, which means that SDNP bridging is agnostic from layer 1 PHY and layer 2 transport layer realization. Which means it is a layer 3 protocol. For example, in the top schematic diagram shown in FIG. 29A, two SDNP bridge Ethernet routers 1351A, each with SDNP firmware 1335H operated, communicate over an Ethernet (wireline) bridge using SDNP datagram 1222. do. In the central schematic, two SDNP-bridge routers 1352Z, each capable of Ethernet and WiFi communication, with SDNP firmware 1335J operating, communicate over a WiFi (wireless) bridge using the SDNP datagram 1222. . In the bottom schematic, the SDNP-Bridge Ethernet Router 1351A on which the SDNP Firmware 1335H is operated is connected to an SDNP Datagram with SDNP-Bridge Router 1352Z, capable of Ethernet and WiFi communication operation SDNP Firmware 1335J. 1222 to communicate over an Ethernet (wireline) bridge. In this way, an SDNP bridge that includes two or more SDNP enabled routers, although operating outside the SDNP cloud within the last mile, can route or distribute SDNP datagrams throughout the building or across a private network.

SDNP-bridges can be extended to systems using proprietary hardware such as cable TV systems. For example, in the top view shown in FIG. 29B, two cable CMTS "head" servers have been modified to operate the SDNP firmware or software 1335L and thus act as the cable CMTS SDNP bridge 101 and SDNP datagrams. Communicate over a cable or fiber (wireline) bridge using 1222. The SDNP-bridge may extend from the CMTS head to the subscriber's home. As shown in the central schematic, the cable CMTS SDNP bridge 101 on which the SDNP firmware or software 1335L is operated uses the SDNP datagram 1222 over the cable (coaxial) bridge to operate the SDNP firmware 1335M. Communicate with cable TV set-top box or cable modem 102. In this way, the SDNP bridge extends hypersecurity communications into homes or offices.

The disclosed SDNP-bridge method may also be used to transfer data over a radio network. In the bottom schematic diagram of FIG. 29B, two cellular base stations and radio towers on which SDNP firmware or software 1335N is operated serve as cellular base station SDNP bridges 17X and 17Y, using a cellular bridge 25X using SDNP datagram 1222. And 25Y) for communicating wirelessly over a cellular network. In the top schematic of FIG. 29C, the terrestrial microwave base station on which the SDNP firmware or software 1335O is operated serves as a ground-to-satellite link SDNP bridge 92C, and the SDNP firmware as a microwave satellite bridge using the SDNP datagram 1222. Or communicate with the orbiting satellite on which the software 1335P is operated, ie with respect to the satellite SDNP bridge 93. The satellite then communicates back with the subscriber or another satellite.

SDNP bridge communication may be adapted for automated applications using a peer-to-peer ad hoc communication network vehicle. In the lower schematic diagram of FIG. 29C, the telematics module inside the car 1390A in which the SDNP firmware 1335F is operated is operated via the car radio bridge, and also the SDNP firmware 1335F, using the SDNP datagram 1222. Communicate with a nearby vehicle 1390B. Each vehicle enabled with SDNP firmware forms another communication node within the dynamic telematics SDNP bridge network. Such communication does not represent information transmitted to a particular vehicle or driver, but instead forms a communication network that can convey information along the highway even where cell towers are not present locally.

The concept of the SDNP bridge network is particularly advantageous in communication over a wide area and in the transportation and shipping industry, including vehicles, trucks, emergency vehicles, trains, aircraft, boats and ocean vessels. In particular, satellite networks are needed to achieve wide coverage for communication. The system typically includes network connectivity with satellite operators, referred to as satellite bridges or backhauls, and satellite links to its clients and subscribers, also known as satellite distribution. 30 schematically illustrates various satellite connections configured for SDNP hypersecurity communication. The illustrated SDNP gateway 1201A operates a terrestrial satellite with SDNP firmware or software 1335O operating using a wireline connection 94A carrying a data packet 1222A containing an SDNP datagram (A) and an SDNP payload. It communicates with antenna dish 92C, which in turn relays the same SDNP datagram A as a data packet 1223B to satellite 93 through which SDNP firmware or software 1335P is operated via satellite bridge 95A.

Distributing the hypersecurity communication data packet from the SDNP enabled satellite 93 to various clients includes a data packet 1222C and an SDNP data packet-A containing the SDNP payload. Satellite communication is bidirectional, and the downlink from satellite 93 to terrestrial clients allows for stronger signal strength and faster data rates than uplink connections. In other words, satellites can transmit to Earth's clients at faster data rates and stronger signal strength than the client's response. An example of a satellite 93 link to a subscriber is an SDNP firmware 1335G for a dish Internet subscriber 92G on which SDNP firmware 1335T is operated, and a satellite telephone 92F on which SDNP firmware 1335S is operated. For satellite antenna array 92H located on top of operated high speed railway 1360C, SDNP firmware 1335R for satellite antenna array 92E located on top of ocean vessel 1360B, and SDNP firmware ( 1335Q includes satellite link 95B, to satellite antenna array 92H located on top of aircraft 1360A in which it is operated.

In the case of large vehicles, such as ships, aircraft, and trains, each system connects these hypersecure satellite communication links to its own internal communication system or local area network. For example, FIG. 31A shows a commercial aircraft, where the satellite antenna module 92D, which operates the SDNP firmware 1335X mounted on top of the fuselage of the aircraft 1360A, operates the communication central server where the SDNP software 1335Z operates. Connected to 1361. The communication central server 1361 optionally includes an instrument 1357, a data writer and black box 1370, a media storage module 1363, and a WiFi router module 1362, on which the SDNP firmware 1335L is operated. Linked to various systems. The WiFi router module 1362 is connected to an array of WiFi antennas 1361 located throughout the aircraft to support WiFi hotspot communications. All communications except radio based flight control occur over a common satellite communications link, for example using antenna module 92D shown in FIG. 31B. The antenna module includes a satellite transmit antenna 1360A, a satellite receive antenna 1368A, an antenna control unit 1369, and a 40W voltage regulator 1370. The satellite receive antenna 1368A is smaller than the satellite transmit antenna 1360A because the satellite broadcast power and signal strength are greater than the antenna's broadcast strength and uplink capability.

Marine Ship Satellite Ship communication utilizes multiple bands of satellite communication, including high altitude and near-earth orbit satellites. For example, FIG. 32 illustrates the use of multi-band communications including Ku band satellite antenna 1383A and low-earth-orbit satellite antenna 1383B and 1383C. High altitude satellites do not provide or limit uplink capability but can cover large areas from high altitudes, including geostationary satellites. Due to its high altitude, the area coverage of each satellite is significant, as shown in map 1384. As shown in the map 1385, low earth orbit satellites cover smaller areas, require more satellites, and therefore cost more to cover the broadcast area. Depending on the ship's path, access to low earth orbit satellites may be intermittent depending on the satellite's orbit location.

Since the Ku band satellite antenna 1383A is used primarily for the distribution of TV and movie content, SDNP security is generally not required. Tracking and positioning is performed by antenna control 1383. Multi-channel data from the satellite antenna 1383A is fed into an L-band multiswitch 1381 that separates the signal into fixed video broadcast data and digital video broadcast DVB data that is routed to the TV receiver and tuner 1382. Video content is fed into a central communication server 1380. However, where secure communication is required, the Ku band satellite antenna 1383A can be configured to run SDNP software.

Data from the low-earth-orbiting satellite antennas 1383B and 1383C on which the corresponding SDNP firmwares 1335U and 1335V are operated is transferred from the satellite antenna to the central communication server 1380 on which the SDNP software 1335Z is operated. Relays Within range of the land, the communication system may also communicate using a 4G / LTE cellular network 25 hosted by the cellular base station 17 on which the SDNP firmware 1335N is operated. Communication through the server 1380 is distributed throughout the vessel using the SDNP WiFi router 1362 with the SDNP firmware 1335L operating. WiFi hotspot communication of the WiFi access point 26 is distributed throughout the vessel using the WiFi antenna 1361. Communication to an SDNP client, such as mobile phone 32, on which SDNP app 1335 operates, facilitates end-to-end hypersecurity communication. Devices that are not enabled as SDNP clients must rely on identity pairing using WAP, AllJoyn, or other security protocols.

33 shows an example of application of multi-band communication applied to a high speed train. As shown, train data centric server 1380 operating SDNP software 1335Z coupled to SDNP gateway 1201A includes satellite microwave 95B, 400 MHz radio 1372, and 60 Ghz microwave 1373. Communicate over high speed train 1360C via multiple PHY connections. During SDNP communication, SDNP data center 1380 relays data to satellite 93 on which SDNP firmware 1335P is operated via satellite antenna 92C on which SDNP firmware 1335D is operated. The satellite communicates with a train antenna array 1383V connected to the server 1361 on which the SDNP software 1335Y is operated. Alternative communications originate from the SDNP data center 1380 via 400 MHz antennas 1381 or 60 GHz antennas 1382 disposed at regular intervals along the train tracks. This satellite also communicates with an antenna array 1383B connected to a train communication SDNP server 1361 in which the SDNP software 1335Y is operated. The communication received by the SDNP server 1361 is then distributed by the WiFi bridge 1335Z to the client throughout the train and as a WiFi hotspot.

Communication functions in the automotive and professional trucking industry are multifaceted, including:

* Voice communication

* Navigation, maps, road information, warnings

* Entertainment, Hotspot Service, Infotainment

* Wireless payment, toll

* Emergency service, roadside assistance

* Collision Avoidance

* Flight scheduling (professional, ride together)

Additional functionality is also required for autonomous vehicles, ie self-driving vehicles. Existing automotive systems, based largely on conventional cellular networks such as CDMA (2.5G) controlled central units, referred to as "telematics" modules, have been found to be very vulnerable to hacking, cyber-attack, and privacy attacks. To eliminate these vulnerabilities, the entire network must be secured without significant expenditure, ie installing a new network is not a financial option. Instead, security infrastructure, such as security methods deployed at Layer 3 through Layer 7, should be placed above the hardware network. Such a strategy may be compatible with the SDNP last mile embodiments disclosed herein.

34 illustrates an exemplary hypersecurity last mile connection between the vehicle and the SDNP cloud. As with previous last mile connections, the particular data carriers involved in transmitting packets over the last mile can vary greatly from location to location. Thus, an example is shown for presenting a hyper-secure communication regardless of the associated data carrier. As shown, an SDNP gateway 1201A is connected to a network router 67A via a network service provider (NSP) managed wired or fiber link 24 to connect a data packet 1222A containing an SDNP datagram (A). Is converted into a data packet 1223A containing an IP datagram (B) containing an SDNP payload. The network router 67A then uses the cellular base station 17 as an IP datagram B as a data packet 1223B over a wired or fiber link 24A owned or operated by a mobile network operator (MNO). Route to. IP data packet B is then a data packet 1223C containing an SDNP datagram B containing an SDNP payload, via cellular network 25, using a cellular link 28, i. It communicates wirelessly to the telematics module in the motor vehicle 1390A, using 2.5G, 3G, 3.5G, or 4G / LTE, depending on the mobile network operator within. The SDNP firmware 1335F operating within the telematics module then interprets the SDNP payload embedded in the entry data packet 1223C to complete the example communication link. Thus, the automotive cellular last link functions as part of an exemplary last mile communication.

As shown in FIG. 35, the telematics module in automobile 1390A then uses security information for various functions controlled by infotainment interface 1377. Internal WiFi hotspot 1362D also distributes data packets 1223B and 1223C comprising IP datagram B and IP datagram C, respectively. IP datagram B includes an SDNP payload that facilitates end-to-end hypersecurity communication to the SDNP client, such as mobile phone 32B on which SDNP app 1335 operates. The IP datagram C, which uses only conventional IP payloads, is less secure, but the working device does not operate as an SDNP client, such as mobile phone 32A and tablet 33A. Identity pairing can be used to improve last link security for non-SDNP devices using WPA, AllJoyn or other protocols.

Another important function in automotive communication is the function of carrier-to-carrier communication, also referred to as V2V communication. The purpose of V2V communication is primarily for collision avoidance. However, according to the SDNP method disclosed herein, V2V communication may also function as a hypersecurity ad hoc peer-to-peer network. Such inter-vehicle SDNP communication is shown in FIG. 36, where automobiles 1390A, 1390B, and 1390C on which SDNP firmware 1335F is operated are peered with each other and cellular base station 17 connected to SDNP gateway 1201A. Form a two-peer network. Communication between the carriers can be performed using IP datagrams or SDNP datagrams.

If the SDNP client or gateway communicates with a non-SDNP device, the communication takes place using an IP datagram. For example, SDNP gateway 1201A converts SDNP datagram A with SDNP payload into data packet 1223A including IP datagram B with SDNP payload embedded. As shown, cellular base station 17 utilizes data packet 1223B including IP datagram (B) with embedded SDNP payload to drive vehicle 1390A across 2.5G or 3G cellular link 28A. Communication to a vehicle 1390C over 3.5G or 4G / LTE cellular link 28B using a data packet 1223C, which also includes an IP datagram (B) with an embedded SDNP payload. can do. In this way, SDNP payloads are distributed independently of the network used to carry data packets.

An automobile enabled with SDNP firmware 1335F may also form an ad hoc peer-to-peer SDNP bridge or breach network. For example, the automobile 1390A communicates with the automobile 1390B over the V2V radio link 1391A using a data packet 1222B including the SDNP datagram C, instead of the IP datagram. Similarly, car 1391B communicates with car 1390C over V2V radio link 1391B using data packet 1222C containing SDNP datagram D, and is not dependent on IP datagram. Regardless of the type of datagram used, the embedded content remains hyper secure using the SDNP payload.

Another feature of the SDNP ad hoc V2V network is its ability to perform tunneling functions, ie transfer data from one vehicle to another so that the intervening vehicle cannot monitor or interpret the passing data. In the case where the cellular link 28B has failed because the vehicle 1390C is out of range as with other paths, the cellular base station 17 is in the illustrated example a cellular link 28A, a V2V radio link 1391A, and last. By way of example, via the V2V radio link 1391B, an SDNP bridge network can be used to reach the same party. During data transmission, data packets 1223B, 1222B and 1222C are changed from IP datagram B to SDNP datagram C and finally to SDNP datagram D. Since the SDNP payload intended for the car 1390C is uniquely generated for the destination car, the car 1390B and its occupant, although dependent on the data packet 1222B over the ad hoc network, You may not hack or monitor the content of C).

In addition to conventional last mile communications, the same SDNP bridge technology can be used to transmit large amounts of data in hyper-secure, i.e. digital trunk communications over long distances. Three such examples, microwave trunk 98, fiber trunk 90, and satellite trunks 95A and 95B are shown in FIG. Although this functionality can be considered part of the SDNP cloud, the single data path is similar to the path of last mile communication, and thus uses similar methods to ensure hypersecurity. For example, the servers 21A and 21B in which the SDNP software 1335Z is operated use the data packets 1222 including the SDNP datagrams to operate the microwave towers 96A and 96B in which the SDNP firmware 1335W is operated. May communicate via microwave trunk 98 via way, or alternatively servers 21A and 21B may communicate directly via fiber trunk 98 which also utilizes data packet 1222 including SDNP datagrams. have. In global communications, for example in a trans-Pacific data link, servers 21A and 21B use microwave satellite trunks 92A and 92B, with earth based satellite antennas 92A and 92B on which both SDNP firmware 1335U is operated. 95A and 95B enable SDNP firmware 1335V to communicate with satellite 93 in operation. As with the fiber and microwave tower example, satellite trunk communication uses data packet 1222 containing the SDNP datagram.

In conclusion, the security and privacy features provided in last mile communication depend on the two communication devices. FIG. 38 contrasts four different combinations showing increased security and privacy, in order from bottom to top. In each case, three factors: (i) security, i.e. the ability to prevent unauthorized access to the community, (ii) identity verification, access and privileges based on their identity (Iii) anonymity, ie the ability to conceal the identity of the caller from monitoring, is taken into account.

In the bottom example, SDNP gateway 1395 communicates openly with a non-SDNP client without any security provision using data packet 1223C including an IP datagram with a sniffable IP address and an IP payload. Therefore, last mile connections are not secure and private. In the second example from the bottom, the SDNP gateway 1395 communicates with a non-SDNP client that provides device authentication and identity pairing features. The communication is carried out by means of a data packet 1223B containing an IP datagram with a sniffable IP address, but using an encrypted payload comprising a cryptography that only an identity-paired device can decrypt. . Although the communication is not private or anonymous, it provides improved security, at least for a limited duration.

The following example shows that if the SDNP gateway 1395 routes the communication through any bridge or router 1397, and the data packet 1223A includes the SDNP payload within the IP datagram, then hypersecurity is enabled. It still shows that you achieve. The level of security achieved depends only on the end device, not on the router. In the above example, SDNP using a data packet 1222 containing an SDNP datagram with SDNP addressing, i.e., using a source and destination address not recognized by an Internet DNS name server, and using an SDNP secure payload. Communicating between the gateway 1395 and the SDNP client 1396 is hyper secure, providing good security, full privacy, and anonymous packet routing.

Hyper-Secure Last Mile Packet Routing -Regardless of the Layer 1 physical hardware and Layer 2 data link algorithms and methods used, routing of packets between SDNP clients or SDNP-bridges and SDNP gateways carries and routes data packets across the last mile. To rely on IP datagrams. Unlike data routing in the SDNP cloud directed by the SDNP signaling server, the SDNP cloud or its signaling server does not control IP datagrams traversing the last mile. Thus, some variability in last mile propagation delay is expected. Fortunately, this uncertainty is small compared to the overall end-to-end propagation delay of global communications, because the distance and the number of possible paths of last mile communications are limited. The variation in total propagation delay due to last mile variability is estimated to be less than 10% of the total delay.

39 illustrates single path last mile communication between SDNP client 1400 and SDNP gateway 1401 using a fixed IP address. IP datagram 1405 includes the IP destination address of M _0,0 (SDNP gateway), and the IP address of source C _1,1 of the data packet, which is an SDNP client. Last link communication occurs over a single path 1404 to the router 1402A. Data is routed through any number of routers R, for example router 1402B, to SDNP gateway M _0,0 .

An alternative diagram of the last mile network connection shows each communication device as an IP stack representing the PHY, data link, and network connection as OSI layer, 1, 2, and 3. FIG. For example, FIG. 40A is a schematic IP stack diagram of single-root last mile hypersecurity communication using a fixed IP address. Thus, a client device comprising an SDNP client C ₁ , ₁ has a single path last mile connection 1409 with SDNP gateway 1401 including SDNP gateway M _0,0 via routers 1402A and 1402B. ), Where router 1402A includes a WiFi router and router 1402B is an Ethernet router. The client device 1400 is connected to the router 1402A via a last link 1404, where the PHY layer 1 physical connection and corresponding data link layer 2 of the IP stack 1411 are the corresponding layers in the router IP stack 1412A. 1 and layer 2 are connected.

Again, router 1402A is connected to router 1402B using Ethernet, where the PHY layer 1 physical connection and corresponding data link layer 2 of the WiFi router's IP stack 1412A are connected to the Ethernet router IP stack ( To corresponding layer 1 and layer 2 in 1402B. Finally, router 1402B connects to SDNP gateway server 1401 using Ethernet, where the PHY layer 1 physical connection and corresponding data link layer 2 of the IP stack 1412B of the Ethernet router is the IP stack ( To corresponding layer 1 and layer 2 in 1422. In operation, the router carries data indefinitely so that network layer 3 IP datagrams are moved from one IP stack to another, specifically from layer 3 to IP stacks 1412A and 1412B in IP stack 1411. Finally, the IP stack 1422 flows transparently. In this way, even when data is physically passed through multiple devices, the network carries IP datagrams over a virtual last mile connection 1409 as single path data.

In other words, layer 3 network data flows through the last mile independently of the physical connection used to carry the IP datagram, ie layer 3 last mile communication is applied to the underlying layer 1 and layer 2 implementations used for data transfer. It is agnostic about this. By removing the intermediate node from the schematic diagram as shown in FIG. 40B, this principle can be presented in a simplified form, where a client device 1400 and SDNP gateway server (including communication IP stacks 1411 and 1422) 1401 transfers data to and from the corresponding computing and data storage functions 1410 and 1421. IP datagram 1405 flows over last mile connection 1409, regardless of the number or media of routers used in the data packet delivery process. As such, a last mile may be considered as a "data configuration", that is to say abbreviated as meaning any and all physical means of transporting IP datagrams between devices. However, the last link has more physical meaning because the connected device of the caller must be able to connect to an upstream router of the communication link that cannot be established. For example, if the caller is sitting in a cafe with WiFi with a tablet computer with only a WiFi connection, but the caller does not have a WPA password for the WiFi network, the last link cannot be established and the caller is on the last mile. You cannot connect to the SDNP cloud, or place calls.

Another consideration of last mile communication is that the payload of IP datagram 1405 includes all of the upper OSI layers, including transport layer 4 data, session layer 5 data, presentation layer 6 data, and application layer 7 data. It includes information. In addition to the layer 4 data required to select the UDP or TCP protocol, the remaining data in the payload of the IP datagram is specific to published SDNP communication and operates along the last mile unless it runs the SDNP software or firmware itself. Can not be interpreted by the router. Thus, although the last mile network itself may include a mix of different devices, carriers, and network operators, only the end device, ie the caller or SDNP client and SDNP gateway, can interpret the last mile communication. .

Although the SDNP payload is secured by numerous secrets, including scrambling, fragmentation, junk data insertion and deletion, formatting-dependent state, and dynamic encryption, the IP address of IP datagrams traversing the last mile network is essential. The source and destination addresses of the client device 1400 and the SDNP gateway server 1401 are exposed. In order to provide a degree of anonymity over the last mile, address deception is advantageous, ie it dynamically changes the source and destination addresses in the IP datagram to direct the cyber-attack to the wrong place. IP deception is achieved by dynamically changing the IP address of the caller's connecting device, referred to herein as "dynamic client addressing", or by communicating with multiple SDNP gateways, ie by multi-path last mile communication.

The first method of IP address deception described includes dynamically changing the source address of sequential data packets. As shown in Fig. 41, the successfully transmitted IP datagrams A, B, and C include three different source addresses. Specifically, IP datagram (A) 1405A includes an IP source address (C ₁ , ₁ ), IP datagram (B) 1405B includes an IP source address (C _1,2 ), and IP Datagram (C) 1405C includes IP source addresses C ₁ , ₃ . Thus, although all packets entering router 1402A come from SDNP client 1400, the client source address C _{1, n} is dynamically changed, confusing the true IP address and having more than one communication device. Make it look like In order to complete the charade, the MAC address of the communication device must also be changed correspondingly with the dynamic source address.

This method is illustrated using the IP stack in FIG. 42A, where devices 1400, 1402A, 1402B, 1401 communicate over corresponding IP stacks 1411N, 1412A, 1412B, and 1422 using WiFi and Ethernet. However, the network layer 3 identity of the SDNP client includes multiple IP addresses C ₁ , ₁ , C _1,2 , and C ₁ , ₃ . As a result, as shown in the schematic diagram of the last link shown in FIG. 42B, the sequential data packets entering the router 1402A appear to be transmitted from three different client devices, rather than one. The shared PHY layer includes the WiFi standard frequency, and the data link layer connecting the devices follows a defined standard such as 802.11ac or 802.11n.

The IP datagram 1405N sent to the router device 1402 along the network connection 1408 is a sequential source address IP C _1, represented by a mathematical indication as the fixed destination IP addresses IP M _0,0 and IP C _{1, n ; 1} , IP C _1,2 , IP C _1,3 , and the like, where each sequential packet is uniquely identified as n = 1, 2, 3,... Each sequential IP packet also includes a corresponding payload (SDNP 1, SDNP 2, SDNP 3, and others). Although the present description cites each IP address using the mathematical abbreviation IP C _{1, n} , the IP address includes the actual IP address made according to international standards of IPv4 and IPv6 and excludes any preserved IP addresses. It should be noted that it should be understood.

Another option to improve security is to use multipath packet transmission at the last mile. In a manner similar to data transmission in the SDNP cloud, in multipath last mile communication, audio and sequential data are parsed and fragmented, then divided into separate packets and addressed to different SDNP gateways. An example of multipath data transmission using a static IP address is shown in FIG. 43, where the SDNP client 1400 communicates with multiple gateways 1401A, 1401B, and 1401C. As shown, the first data packet 1405A includes a payload SDNP 1 having an IP address C ₁ , ₁ and a destination address M _0,0 . The data packet 1405A is then routed through the routers 1402A and 1402B to the SDNP gateway 1401A via the last link 1404A. In a similar manner, the second data packet 1405B includes a payload SDNP 2 having an IP address C ₁ , ₁ and a destination address M ₀ , ₁ . The data packet 1405B is then routed through the router 1402C to the SDNP gateway 1401B via the last link 1404B. A third data packet (1405C) has a payload SDNP (3) having an IP source address (C _1,1) and a destination address (M _0,3). Data packet 1405C is then routed to SDNP gateway 1401C via routers 1402D and 1402E via last link 1404C.

In the path between the illustrated client device 1400 and one of the three gateways 1401A, 1401B, or 1401C, the IP datagram may be routed over multiple last links 1404A, 1404B, and 1404C to multiple routers 1402A, 1402B. , And 1402C. Such routers may be (i) fully independent routers using the same physical media, such as WiFi or Ethernet, (ii) multiple router channels in common hardware devices, for example multiple trellis channels in DOCSIS3 cable modems, or (iii) Different physical media for communication, such as one physical media over WiFi, another physical media over 3G, and the like.

For example, FIG. 44A shows an IP stack diagram of the aforementioned multi-root last mile hypersecurity communication over a common PHY last link 1404 using a fixed IP address. In operation, SDNP client C ₁ , ₁ communicates with routers 1402A, 1402B, and 1402C as a single device connection, using a common PHY, data link, and network layer. The address deception uses contiguous IP datagrams, including the fixed client address IP C _1,1 , but with the SDNP gateway address IP M _0,0 , IP M _0,1 , and IP M _0,3 changed. Is carried out. Misdirected packets can be generated algorithmically or randomly. For example, if a datagram every tenth of the datagrams sent from the client device 1400 is directed to the SDNP server 1401C, the tenth outgoing datagram from the client device 1400 is the destination address IP M. _0,03 and source IP address IP C _1,1 . The response from the SDNP gateway server 1401C returns to the client device 1400 in the opposite passage, i.e., in the passage having the source IP address IP M _0,3 and the destination address IP C _1,1 .

As shown, the PHY and data link between client device 1400 and routers 1402A, 1402D, and 1402C include a single media, such as WiFi. Although the last link connection is represented by a single line divided into three, it is to be understood that the physical connection is made point-to-point rather than the electrical Y connection used to generate the bouncing wires. Instead, the diagram shows that the connection shows the effect of the connection, that is, the PHY layer of the client IP stack 1411 extends one PHY connection to three, that is, to the PHY layer of the IP stacks 1412A, 1412C, and 1412D. It means to be connected. Functionally, this last link acts as a single input to three input expanders, where one is irrespective of whether the router function is contained in one common electronic device or divided into separate and separated routers. The clients of are connected to three router functions. As shown, it should be noted that the last link 1404 constitutes a single type of communication media—cable, fiber, WiFi, Ethernet, or cellular.

However, the remainder of the last mile may include any media that is not necessarily the same as the last link. An alternative last link includes a number of different PHY layers connected to independent routers. In such an implementation, an IP stack that performs multi-path last mile exemplary communication using a fixed IP address over multiple PHY last links is shown in FIG. 44B. Specifically, client device 1400 uses a common network layer 3 interface with a fixed client address IP C ₁ , ₁ , but is separated and separated layer 1 and represented by IP stacks 1411A, 1411B, and 1411C. It is operated using a layer 2 interface. In operation, IP stack 1411A is configured to route routers across last link 1404A to direct IP datagrams including source address IP C _1,1 and destination address IP M _0,0 traversing router 1402B. 1402A. Similarly, IP stack 1404B is coupled to router 1402C over last link 1404B that directs an IP datagram that includes source address IP C _1,1 and destination address IP M _0,1 . IP stack 1411C sends router 1402C across last link 1404C that directs an IP datagram including source address IP C _1,1 and destination address IP M _0,3 traversing router 1402E. Connected.

A combination of dynamic source addressing and multipath data transmission is shown in FIG. 45, where the SDNP client 1400 communicates with multiple gateways 1401A, 1401B, and 1401C using a dynamic source address. In this method, the first data packet 1405A includes a payload SDNP 1 having a dynamic IP address C ₁ , ₁ and a destination address M _0,0 . The data packet 1405A is then routed through the routers 1402A and 1402B to the SDNP gateway 1401A via the last link 1404A. In a similar manner, the second data packet 1405B includes a payload SDNP 2 having a dynamic IP address C _1,2 and a destination address M _0,1 . The data packet 1405B is then routed through the router 1402C to the SDNP gateway 1401B via the last link 1404B. A third data packet (1405C) has a payload SDNP (3) having a dynamic IP source address (C _1,3) and a destination address (M _0,3). Data packet 1405C is then routed to SDNP gateway 1401C via routers 1402D and 1402E via last link 1404C.

Thus, each successive data packet contains a changing SDNP payload, utilizes a dynamically changing source address, and is routed to specific SDNP gateways through different last links. Through multiple last links, i.e., last links 1404A, 1404B, and 1404C, or through multiple forms of media, which are single routers with multiple IP inputs, such as DOCSIS3 cable modems with trellis encoding. For example, a combination of radio and WiFi or other combination of wireline and wireless communication is used to transmit data over multiple WiFi bands. In one example, FIG. 46A illustrates an IP stack of multi-root last mile hypersecurity communication using a dynamic client IP address over a single PHY last link 1404. The client 1400 illustrates a shared physical interface that includes layer 1 and layer 2 communications shown in the IP stack 1411A. At network layer 3, IP stack 1411A generates a client address C _1,1 directed to SDNP gateway M _0,0 and IP stack 1411B generates a client address directed to SDNP gateway M _0,1 . C _1,2 ), and the IP stack 1411C generates a client address C _1,3 directed to the SDNP gateway M _0,3 .

As shown in the IP stack diagram of FIG. 46B, the same multi-path approach may be combined with dynamic client addressing and multiple PHY last layers. As shown, the client device 1400 may assign IP datagrams having corresponding IP addresses IP C _1,1 , IP C _1,2 , and IP C _1,3 , to corresponding last links 1404A, 1404B, and 1404C. Three IP stacks 1411A, 1411B, and 1411C that transmit to the SDNP gateway with IP addresses IP M _0,0 , IP M _0,1 , and IP M _0,3 ).

In many cases, the last link includes a single path, where multipath data transmission is used beyond the first router. In FIG. 47, SDNP client 1400 communicates with a single router 1402A over last link 1404. Beyond router 1402A, data packets are directed to multiple gateways 1401A, 1401B, and 1401C using dynamic source addresses. In this implementation, the first data packet 1405A includes a payload SDNP 1 having a dynamic IP address C ₁ , ₁ and a destination address M _0,0 . Data packet 1405A is routed to SDNP gateway 1401A via last link 1404 and through routers 1402A and 1402B.

In a similar manner, the second data packet 1405B includes a payload SDNP 2 having a dynamic IP address C _1,2 and a destination address M _0,1 . Data packet 1405B is routed to SDNP gateway 1401B via last link 1404 and through routers 1402A and 1402C. A third data packet (1405C) has a payload SDNP (3) having a dynamic IP source address (C _1,3) and a destination address (M _0,3). Data packet 1405C is routed to SDNP gateway 1401C via last link 1401 and through routers 1402A, 1402D, and 1402E. Thus, each successive data packet contains a changing SDNP payload, utilizes a dynamically changing source address, and is routed to a specific SDNP gateway over a common last link.

This last mile connection is shown using the IP stack in FIG. 48, where the IP stack 1411 in the SDNP client device 1400 with the last link 1404 having only the router 1402A is the network layer 3. Transmits a data packet to stack 1412A, which includes three different network addresses, specifically IP C ₁ , ₁ , IP C _1,2 , IP C _1,2 . Thus, although actually including a single client, client device 1400 appears to router 1402A as three separate clients. When the IP datagram reaches the router 1402A, the IP datagram is split and takes different paths to different destination gateways. A packet with source address IP C _1,1 may be routed to destination IP M _0,0 , for example, via router 1402B, and a packet with source address IP C _1,2 may route router 1402C. Can be routed to destination IP M _0,1 , and a packet with source address IP C _1,3 can be routed to destination IP M _0,3 via routers 1402D and 1402E. The routing table for directing data packets with a given dynamic client address (C _{1, n} ) to a particular SDNP gateway can be dynamically varied without being pre-fixed. IP addresses can be assigned on a packet-by-packet basis, further confusing the fact that unrelated data packets are all part of a single fragmented communication between two callers.

Physical Realization of Last Mile Routing-Physical realization of last mile may include communication over a variety of media, including Ethernet, WiFi, cellular, or DOCSIS3 enabled cable or fiber links. Regardless of the media used, the routing of data packets over the last mile is primarily controlled by three variables:

A media access control (MAC) address of the communication device,

Source IP address of the IP datagram,

* Destination IP address of the IP datagram.

Thus, the MAC address controls the physical media used to implement each hop, ie Layer 1 and Layer 2, in last mile communication, while the IP address is located at the two ends of the client device and the SDNP gateway, ie, last mile. Identifies which device is to be. Although the payload used in hyper-secure communication follows the protocol defined by the secure dynamic communication network and protocol, intermediate devices within the last mile, ie routers and other devices on the path of packets between client devices and gateways, are generally SDNP. It is not enabled to execute the function because there is no SDNP executable code in such a device. As such, the SDNP payload is not related to the routing of last mile hyper secure data packets.

One example is the use of Ethernet for last mile communication. In adaptation of the Ethernet data packet described above in FIG. 9E for SDNP last mile communication, FIG. 49 is a schematic diagram of IPv4 and IPv6 datagrams for Ethernet communication involving the SDNP payload. As shown, the layer 1 ethernet packet 188 includes a data frame header, namely a preamble 180, a start frame delimiter (SFD) 181, and a layer 2 ethernet packet 189. Ethernet packet 189 includes destination and source MAC addresses 182 and 183, optional 802.1Q tag 184 for VLAN implementation, Ethernet field 185 used to specify the type of data link used (Ethernet II). Or length specifications according to IEEE802.3), and a frame check 186 including a 32-bit CRC checksum of the entire data packet. Ethernet packet 189 also includes a variable length MAC payload 187 used to encapsulate SDNP content 1430 of the IP datagram.

Specifically, the MAC payload 187 includes an IP header 434 and an IP payload 435 that include a transmit-header 436 and an SDNP payload 1430.

The IP header 434 depends on whether the IP datagram follows IPv4 or IPv6 as determined by the protocol field 447 including binary method 4 or the protocol field 448 including binary method 6. Both preambles 440 and 444 include a transport header flag 470 that is used to determine the layer 4 transmission method used, for example TCP, UDP or maintenance function ICMP and IGMP. Specifically, in accordance with secure dynamic communication networks and protocols, TCP transport is used for software and data files, while UDP is used for real-time data such as VoIP and video. The length and format of the transport header 436 depends on the transport header 470. IP header 434 includes IPv4 source and destination addresses 441 and 442 or IPv6 source and destination addresses 445 and 446.

The last mile routing of an Ethernet packet depends on both the IP address and the MAC address, indicated by the example name of the device referred to by the IP or MAC, for example MAC C _1,1 or IP M _0,0 . Symbolic names representing numerical addresses created according to Ethernet formatted Internet protocol are used instead of numerical addresses for the sake of brevity. Note that IP address IP C _{1,1 follows} different formats and uses different number of bytes for IPv4 and IPv6 names. The format for the MAC address also depends on the Layer 2 data link protocol used. Thus, the MAC address MAC C _1,1 for a cellular radio is not the same as the MAC for the same device communicating using WiFi or Ethernet. The MAC address is not related to the IP address, that is, the IP address and the MAC address for the same client are not related.

Sequential last mile routing of Ethernet packets is shown in the example of FIGS. 50A-50D. Each figure includes two Ethernet packets, an upper Ethernet packet containing an IPv4 datagram and an lower Ethernet packet containing an IPv6 datagram. Because IPv4 and IPv6 use different formats with different field lengths, the illustrated Ethernet packets are generally not the same length, even when they carry the same payload. In the first phase of the communication sequence, the SDNP payload A is moved from the SDNP client 1400 to the router 1401A via the last link 1404 and then to the SDNP gateway 1401 via the gateway link 1414. . The response from the SDNP gateway to the client receives the SDNP payload (G), which is transferred from the SDNP gateway 1401 to the router 1402A through the gateway link 1414 and then to the client 1400 via the last link 1404. Include. The SDNP client 1400 has a numerical MAC and IP address MAC C _1,1 and IP C _1,1 , the router 1402A has a numerical MAC address MAC R, and the SDNP gateway has a numerical MAC and IP address MAC M _0,0 and IP M _0,0 . The IP address of router 1402A is not used in the data packet.

Unlike in the SDNP cloud, where the packet routing of the SDNP table is fully controlled by the SDNP network, in last mile communications using IP datagrams, the SDNP payload cannot be interpreted or affect routing, which is over the last mile. It means that each communication carried includes a fixed source and destination IP address. The physical media or channel used to direct Ethernet packets is controlled by the MAC address connecting each communication node within the last mile. For example, FIG. 50A illustrates a router 1402A comprising a source MAC address MAC C ₁ , ₁ , a destination MAC address MAC R, a source IP address IP C ₁ , ₁ , a destination address IP M _{0, 0,} and an SDNP payload. It shows the IPv4 and IPv6 last link Ethernet packets used for a single PHY to route to. 50B shows a corresponding Ethernet packet carrying SDNP payload A over gateway link 1414. As described, the source and destination IP addresses remain unchanged at IP C _1,1 and IP M _0,0 , while the MAC source and destination addresses are from their original values to MAC R and MAC M _0,0 . Is changed.

In response communication from the SDNP gateway 1401 to the client 1400, the SDNP payload G traverses the same network at the response authority, ie the source and destination addresses are swapped. As shown in FIG. 50C, the source and destination IP addresses include IP M _0,0 and IP C _1,1 , respectively, while the MAC address includes source address MAC M _0,0 and destination MAC R. In the last link communication shown in FIG. 50D, the MAC address is changed to source address MAC R and destination MAC C _1,1 , while the source and destination IP addresses are not changed to IP M _0,0 and IP C _1,1 . .

One convenient means for indicating last mile communication from the SDNP client is to use a "short" data packet that includes a data field containing a source and destination MAC address, a source and destination IP address, and an SDNP payload. The abbreviation form is convenient to describe the flow of data in any communication "session" that constitutes a continuous data packet and its response delivered to the SDNP gateway across the last mile. For example, consecutive Ethernet packets (shown in abbreviated form) sent from the SDNP client to the SDNP gateway are shown in the upper portion of FIG. 51A. Each row represents consecutive data packets containing SDNP payloads (A, B, and C). The leftmost column shows the data packets in the last link, while the right column carries the same payload across the gateway link. Shows a data packet. As shown, every packet specifies IP C _1,1 as the source IP address and IP M _0,0 as the destination IP address. Since only one pair of IP addresses is used, the last mile is referred to herein as SDNP single path last mile communication. Also, since the source IP address used by the SDNP client 1400 to carry consecutive data packets does not change, the last link uses "fixed client addressing".

In order to help layer 2 interconnection between respective communication nodes to the neighbor, the MAC addresses in different segments of the last mile are necessarily changed. As shown, all successive packets traveling across the last link from the client to the router use the source and destination MAC addresses MAC C _1,1 and MAC R. Since a single MAC address is used for clients in consecutive data packets, the last link contains a single physical media, ie a single PHY last link. The transport over the gateway link uses the source and destination MAC addresses MAC R and MAC M _0,0 respectively.

Thus, although the illustrated data packet contains the SDNP payload, routing over the last mile essentially uses a sniffable MAC and IP address-an address that can be interpreted by monitoring by an unauthorized listener. By tracking packets with the same source and destination IP address, unauthenticated listeners are likely that data packets are part of the same conversation or session, and although they cannot open the SDNP payload, they still have talk time, It can be estimated that metadata such as file size, data rate, etc. can be collected to create the profile of the caller. In addition, by following the MAC and IP addresses, the hacker can potentially track the origin of the call to the end device, i.e., the client device, metaphorically, like trace tracking, and then personally identify the caller. .

As disclosed herein, a better way to prevent client device tracking, to more confuse related call packets, and to prevent the collection of metadata is to dynamically calculate MAC and IP addresses in last mile and last link communications. To change. This method of deception of the present invention is:

* Transmission of data packets across changed communication media by dynamically changing the last link MAC address, referred to herein as "multi-PHY last link" communication,

* Concealing the caller by dynamically changing the identity of the client device's IP address, referred to as "dynamic client addressing", * a different SDNP gateway IP address, referred to herein as "multi-path last mile" communication. Changing the communication path of consecutive data packets over the last mile by dynamically changing the IP address of communication to and from it.

The combination of multi-PHY, dynamic client addressing, and multi-path last mile communication makes it extremely difficult to track and detect last mile and last link communication, which means that only SDNP callers and SDNP gateways have any packets on the same call or session. Because I know it's part of. These methods may be used separately or in combination.

For example, the lower half of FIG. 51A illustrates the use of multi-PHY last link communication in single path last mile communication with fixed client addressing. As shown, each row contains a pair of data packets used in communication from the SDNP client to the SDNP gateway-the left side represents the last link data packet and the right side represents the gateway link data package. Three rows represent three consecutive messages, the top row contains the second data set "SDNP payload (A)", the middle row contains the SDNP payload (B), and the bottom row the SDNP payload. A third continuous data packet including (C) will be described. In single path last mile communication with fixed client addressing, all consecutive data packets use a fixed client address IP C _1,1 and a fixed destination IP address M _0,0 .

In order to take advantage of multi-PHY last link communication, ie to route data in the last link across multiple physical media, the MAC address of the SDNP client must be dynamically changed in sequential data packets. Each MAC address corresponds to a specific PHY layer, for example Ethernet 100BASE-T and 1000BASE-T connections. In the case of three physical media, the MAC address of the client is dynamically and continuously changed from MAC C _1,1 to MAC C _1,2 , followed by MAC C _1,3 . When only two media can be used, the MAC address is MAC C _1,1 , MAC C _1,2 , MAC C _1,2 , MAC C _1,1 , MAC C _1,2 , MAC C _1, It can be changed to a random pattern such as ₁ , MAC C _1,2 , MAC C _1,1 , ... to prevent pattern recognition. While the source MAC address is changed, the MAC destination for the last link can be kept constant, i. E. As MAC R. Because all of the last link's multi-PHY paths terminate within the same router, the data path through the rest of the last mile remains fixed as single path communication. In other words, although the last link uses a multi-PHY connection, the last mile enters the SDNP cloud through a single gateway, and the last mile includes single-path communication.

Although the multi-PHY approach provides some degree of deception, packets that sniff data packets from a particular call can still be identified because they share a common client IP address. This detection method is avoided using dynamic client addressing—the operation by which the client changes its IP address with each packet it transmits—for example, FIG. 51B illustrates client dynamic IP addressing in single path last mile communication. Illustrate use. The upper set of data packets represents a single PHY last link connection, while the lower set of data packets describes a multi-PHY implementation. In SDNP single path last mile communication, the destination IP address 442 of the SDNP gateway is fixed at the numerical value IP M _0,0 within all data packets, regardless of whether the single PHY or multi-PHY method is used. maintain. As shown, a dynamic client addressing data packet carrying an SDNP payload (A) uses a dynamically selected source IP address 441 including IP C _1,1 , while carrying an SDNP payload (B). The dynamic client addressing data packet uses a dynamically selected source IP address comprising IP C _1,2 , and the data packet carrying the SDNP payload (C) is a dynamically selected source IP address comprising IP C ₁ , ₃ . And so on. The number of dynamically selected addresses is almost unlimited, especially in IPv6. In addition, if a predetermined time e.g. one second elapses before the address is recycled, the IP address can be reused. In the case of a dynamic client address with a single-PHY last link, even though the IP source address is changed, in MAC C _1,1 in this example, the value of the source MAC address 183 remains constant. In the case of a dynamic client address with a multi-PHY last link, the value of the source MAC address 183 is changed continuously, from MAC C _1,1 to MAC C _1,2 and then to MAC C _1,3 . There is no special numerical correspondence between the client's changing MAC address and its dynamic IP address.

Although dynamic client addressing appears to include messages sent from different users, data packets still traverse most of the last mile (other than the last link in a multi-PHY implementation) over a single path. A more advanced way to further confuse packing sniffing of last mile communication is to use "multi-path" communication. In multi-path communication, more than one SDNP gateway IP address is used to connect the client to the SDNP cloud. Because SDNP network routing is defined by the signaling server and uses an identifying SDNP tag in each packet, regardless of whether data enters the SDNP cloud through a single gateway or through multiple gateways, the SDNP cloud will direct the packet to its destination. Can be routed. 51C illustrates the use of multi-path last mile communication with fixed client addressing. In all data packets shown within the last link, the client's source IP address 441 remains fixed at the numerical value IP C _1,1 , while contiguous data including the SDNP payloads (A, B and C). The packet dynamically changes the destination IP address 442 from IP M _0,0 to IP M _0,1 and to IP M _0,3 . The IP address of the SDNP gateway is not selected at random, but is "selected" by the SDNP signaling server, indicating a gateway that is temporarily close to the caller, i.e. the gateway with the minimum statistical propagation delay between the SDNP client and the particular SDNP gateway. In this example, the dynamic destination address is changed regardless of the PHY connection. For example, the top set of data packets shows a single PHY last link connection with the client source MAC address 183 for the last link with the numerical value MAC C _1,1 , while the lower set of data packets shows different media. A multi-PHY implementation is described, for example, changing the MAC source address across MAC C _1,1 , MAC C _1,2 , and MAC C _1,3 . There is no corresponding pattern or numerical relationship between the changing MAC address of the client and the destination IP address of the SDNP gateway.

The most effective degree of deception is to combine dynamic client addressing with multi-path last mile communication. A novel combination of these security features is shown in FIG. 51D for the single-PHY last link implementation (shown in the top half of the figure) and for the multi-PHY last link version shown in the bottom half. In this fully dynamic version, shown in the lower half, the source IP address 441 is dynamically and randomly changed from IP C _1,1 to IP C _1,2 and IP C _1,3 , while independently The destination IP address 442 of the SDNP gateway is changed from IP M _0,0 to IP M _0,1 and to IP M _0,3 . The SDNP gateway address is chosen by the SDNP signaling server to minimize propagation delay while the dynamic client address is changed in an unrelated manner. As in the above example, the upper set of data packets shows a single PHY last link connection with the client source MAC address 183 for the last link with the numerical value MAC C _1,1 , while the lower set of data packets Describes a multi-PHY implementation that changes the MAC source address across different media, for example MAC C ₁ , ₁ , MAC C _1,2 , and MAC C ₁ , ₃ . There is no corresponding pattern or numerical relationship between the MAC address of the changing client and the IP address of the changing client or SDNP gateway. However, in multi-path last mile communication, the multi-PHY last link may advantageously be connected to three separate routers R ₁ , R ₂ , and R ₃ , instead of centralizing all the data into a single router R. Can be.

Last mile deception as described above is located in top row # 1 from a minimal security implementation (shown at the bottom of the table as row # 10) that includes a single path last mile with a fixed client address and a single-PHY last link. Ten different cases as summarized in the table of FIG. 52A range up to better deception provided by a multi-PHY last link with dynamic source addressing and multi-path last mile communication. The intermediate combinations are ranked in order of security. The notations of (C _{1, n} ), (M _{0, n} ) and R _n refer to dynamically changing addresses for the SDNP client, SDNP gateway, and last link router. Dynamic addresses are not calibrated. Rows 7 to 10 describe single path last mile communications using a single gateway (M _0,0 ), while rows 1 to 6 describe multi-path last mile communications with multiple gateways. Except for shaded rows 1 and 4, the last link communication is connected to a single router with a MAC address (R). In contrast, in multi-path communication, shaded rows 1 and 4 describe multi-PHY last link communication for multiple routers with dynamic MAC addresses (R _n ).

The operation of single-path last mile communication consists of four combinations-fixed client addressing with single-PHY last link, fixed-client addressing with multi-PHY last link, dynamic client addressing with single-PHY last link, multi-PHY Dynamic-Client Addressing with Last Link-as shown topographically in FIG. 52B. Each box shows three consecutive data packet communications showing the data path used. The solid line represents the data packet flow, while the dotted line shows the possible passages that are not used. The shaded circle represents the communication node used in the last mile communication, while the empty circle represents the unused communication node. As shown, all examples terminate last mile data routing over a single connection between router R and SDNP gateway (M _0,0 ).

In the case of fixed client addressing over a single-PHY last link shown in the upper left corner, each successive packet takes the same path over the last last mile using an unchanged IP address. In the case of fixed client addressing over the multi-PHY last link shown in the lower left corner, each successive packet takes a different path over the last link as defined by the dynamically changing MAC address. The remainder of the last mile includes a single path as specified by the IP address which does not change. Despite single path transport, the changing physical media of the last link makes caller tracking more difficult. In the case of dynamic client addressing over a single-PHY last link shown in the upper right corner, each successive packet is the same over the last last mile using a constant client MAC address and an unchanged destination IP address for the last link. Take the passage Instead, deception is achieved by changing the client's identity by changing the dynamic source IP address. In the case of single path communication with dynamic client addressing and multi-PHY last link, shown in the lower right corner, all packets are routed to a single SDNP gateway, but the client's MAC address and source IP address are dynamically and randomly To change

Dynamic client addressing is a process by which a client device uses one or more temporary ad hoc IP addresses. The process includes two stages. In the first stage, when the device first logs onto the network, it registers its presence in the local subnet by contacting the nearest router. The router then redirects the connection to the nearest DHCP server on the same subnet. DHCP, an acronym for Dynamic Host Configuration Protocol (DHCP), is a network management protocol used to dynamically assign IP addresses. In the registration process, the client device downloads one or more IP addresses and stores the addresses in its communication data register. Until such time that the assigned IP address is updated by the local DHCP server, by starting a new session or requesting a new address, it uses this IP address each time the client device communicates. Because the address is dynamically generated within a particular subnet, the IP address of the client device is not an Internet address.

In the second stage, when the client device places a call or log in the SDNP network, the device automatically contacts the SDNP signaling server based on the static IP address of the SDNP server. The SDNP server, upon receiving the entry message, uploads the ad hoc IP address or addresses to the SDNP name server. The SDNP name server then assigns the SDNP address as a pseudo-code for each of the temporary IP addresses. In operation, immediately before routing, the SDNP source address of the packet is replaced by its local ad hoc IP address. In the case of SDNP dynamic addressing, the identity of the client device is hidden by repeatedly transmitting packets whose source address changes. In this way, dynamic deception hides the true identity of the client device.

When the SDNP gateway arrives, the source address for the outgoing packet discards the client IP address and replaces the SDNP address of the gateway server instead. Each outgoing packet then swaps the device's local IP address with its local ad hoc address just prior to transmission. Unlike Internet packet transmission, where the source and destination IP addresses are constant and required for response, in SDNP transmissions, each hop uses a new IP address. Thus, when the SDNP message finally reaches its destination, the source address of the client device is not included in the data packet. Instead, the signaling server notifies the destination device regarding the return path for the response.

The operation of the "multi-path" last mile communication is shown topographically in FIG. 52C with four combinations of single-PHY and multi-PHY last links as well as fixed and dynamic client addressing. In each multi-path communication, the destination IP address, or SDNP gateway, is constantly changing, which means that the last mile path is connected to different inputs to the SDNP cloud. In the left column, the client address remains fixed, which means that the identity of the caller does not change. The upper left corner example uses a single-PHY connection for the last link, which means that the MAC address for the client is also kept fixed. Although communication occurs to different destination gateways, the unchanged last link physical media and unchanged client IP address make the last mile easily tracked. These vulnerabilities can be cured by changing the last link media used to transmit the data packet or by disguising the true identity of the caller's IP address.

The lower left corner example uses a multi-PHY connection for the last link, which means that the MAC address for the client changes dynamically. Such an approach compensates for the fact that the identity of the client maintains a fixed IP address. As part of end-to-end multi-path last mile communication, each specific last link is connected to separate routers in the journey of consecutive packets to separate SDNP gateways. Thus, the first packet is routed through the specific PHY media from the client with the fixed address IP C _1,1 to the MAC address MAC R ₁ before finally routing to the SDNP gateway with the IP address IP M _0,0 . . In the second packet, the same client address IP C _1,1 is routed to another router with the media address MAC R ₂ before finally routing to the SDNP gateway with the IP address IP M _0,1 . Similarly, a third packet with a fixed client IP address C _1,1 is also routed to the router with the media address MAC R ₃ via specific PHY media, where it is subsequently routed to the SDNP gateway M _0,3 do. Despite using a client with a single source IP address, the use of multiple routers utilizes multiple PHY last links as the opportunity to deliver last mile packets in the overall separate trajectories.

In another embodiment, shown in the upper right corner, only one MAC address and PHY connection is used, but the identity of the client changes dynamically. The IP address of the client shown is varied from IP C _1,1 to IP C _1,2 and IP C _1,3 , while the physical media remains constant with source media address MAC C _1,1 and destination address MAC R. do. The data is then continuously routed to gateways M _0,0 , M _0,1 and M _0,3 in random order as determined by the SDNP signaling server.

Better security is achieved by combining all three methods of last mile deception, ie multi-PHY last link and multi-path communication using dynamic client addressing. This case is illustrated in the lower right corner of Figure 52C, where data packets sent using the multi-PHY last link and multiple routers are forwarded to multiple SDNP gateways via multiple paths from clients with dynamic IP addresses. do. As shown, a first packet from a client having a dynamic source network address IP C _1,1 is defined by the source and destination media addresses MAC C _1,1 and MAC R ₁ via multiple paths. Sent to destination IP M _0,0 using PHY last link. The second packet from the client with the dynamically selected source network address IP C _1,2 is multi-PHY last defined by the source and destination media addresses MAC C _1,2 and MAC R ₂ via multiple paths. Is sent to the destination IP M _0,1 using the link. Finally, the third packet from the client with the dynamically selected source network address IP C _1,3 is defined by the source and destination media addresses MAC C _1,3 and MAC R ₃ via multiple paths. -Sent to the destination IP M _0,3 using the PHY last link. In this way, the combination of client IP address, SDNP gateway IP address, client MAC address and router MAC all dynamically change in a random manner, making call tracking and collection of metadata almost impossible.

Confusion of client device IP address concealment and last mile routing by dynamic IP addressing, multiple PHY transmissions, and multi-path transmissions to multiple gateways can be determined by the client device or by the signaling server. The misleading process can be accomplished using random number generation or other pseudo-random algorithms. An important principle is that routing and transmission changes cannot be predicted.

Two slightly less powerful versions of last mile data transmission of Ethernet packets over multiple paths are shown in FIG. 52D, where the left figure uses fixed client addressing and multi-PHY last link connectivity, while the right figure is also Dynamic client addressing is shown, with multi-PHY last link connectivity. The difference between this implementation and the previous multi-PHY version shown in FIG. 52C is that this version uses a single router R instead of spread data transmission across multiple routers. Briefly, in multi-path transmission using a single router for last link connectivity, sequential data from the client is spread across multiple physical media, i.e., multi-PHY last link, and then re-collected by a single router (R). Multiple gateway links and a plurality of SDNP gateways defined by a separate destination IP address from this common router are transmitted over the remainder of the last mile including any other last mile (not shown) parallel sections.

As an attachment to Ethernet, WiFi wireless communication can also be used for last mile communication between the SDNP client and the SDNP gateway. WiFi communication requires data packets with two for radio links, one or two for wired network connections, three or four MAC addresses, and specifically uses Ethernet data packets. 53 shows the same WiFi packet format configured for SDNP last mile and last link communication. As an access point that can be applied for last link communication, only three 6B-length MAC addresses are required, specifically for the MAC 1 field 235 for a radio base station or "receiver", for a transmitting radio base station or "exmeter". A MAC Address 2 field 236 and a MAC Address 3 field 237 that includes the MAC address of the wired network connection to the WiFi router, i.e. Ethernet or " net ", are required. In operation, the numerical value of the MAC address loaded into the receiver and emitter data fields determines whether (i) the data packet is received at the radio and forwarded to the Ethernet or (ii) the entry data on the Ethernet is converted to radio communication. To direct from / to DS. The MAC address 4 data field 239 is optional and is only used when the WiFi device is used as a radio bridge in "wireless distribution mode". Such a mode can be used in long mile communications over long distances, for example in the desert, as an alternative to cellular or microwave networks, while the use of WiFi communications in SDNP last mile is generally required for SDNP clients. Focus on the last link connection. Accordingly, the following description will focus on the access point mode for a WiFi router, with the understanding that the SDNP technology herein can be equally applied in wireless distributed mode routing.

Similar to the Ethernet data packet, preamble 230 and start frame delimiter (SFD) 232 include layer 1 data for synchronizing data and devices. The physical layer convergence process (PLCP) 232 includes a mix of layer 1 and layer 2 information (related packet length, data rate, error checking in the header, etc.). In accordance with the IEEE 802.11 standard, the remaining data fields include Layer 2, which includes a frame control 233 that specifies a WiFi version packet type, such as management, control, retention, or "data," which is the type used in SDNP payload delivery. Contains data link information.

Duration and ID 234 include the NAV duration if the WiFi device is not in power saving mode, in which case the field contains the station ID. NAV or network allocation vector is a virtual carrier-sensing mechanism used for power saving in wireless communication systems. The NAV duration can be considered as a counter that counts a deduction to zero at a uniform rate, where it senses the media to determine if the radio is idle or still communicating. In idle mode, the counter repeatedly counts the NAV duration and checks to determine whether any radio communication activity request interest is detected. Sequential control or "sequence" field 238 describes the packet sequence and fragment number that define a layer 2 packet frame. Frame check 240 includes a 32-bit CRC checksum of the entire data packet, i.e. an error check data link tracker.

The WiFi payload 241 is a data field of length 0B to 2,312B used to carry the WiFi payload. In SDNP last mile communication, this field contains the IP datagram used in the last mile communication, including the IP header 434, the transport-header 436, and the SDNP payload 435.

The IP header 434 depends on whether the IP datagram follows IPv4 or IPv6 as determined by the protocol field 448 comprising binary method 4 or the protocol field 447 comprising binary method 6. Both preambles 440 and 444 include a transport header flag 470 that is used to determine the layer 4 transmission method used, for example TCP, UDP or maintenance function ICMP and IGMP. Specifically, in accordance with secure dynamic communication networks and protocols, TCP transport is used for software and data files, while UDP is used for real-time data such as VoIP and video. The length and format of the transport header 436 depends on the transport header flag 470. IP header 434 includes IPv4 source and destination addresses 441 and 442 or IPv6 source and destination addresses 445 and 446.

Similar to Ethernet data packets, the last mile routing of WiFi packets depends on both the IP address and the MAC address, symbolically represented by the name of the device to which the IP or MAC refers. Sequential last mile routing of WiFi packets is shown in the example of FIGS. 54A-54D. Each figure includes two WiFi packets, an upper WiFi packet containing an IPv4 datagram and a lower WiFi packet containing an IPv4 datagram. Because IPv4 and IPv6 use different formats with different field lengths, the WiFi packets shown are generally not the same length, even when they carry the same payload.

In the first phase of the communication sequence, the SDNP payload A is the WiFi radio media via the last link 1404 from the SDNP client 1400 to the WiFi base station / router 1402W and by the wireline BS link 1415. Is moved onto the router 1402X. Router 1402X then forwards the data packet to SDNP gateway 1401 via gateway link 1414. The response from the SDNP gateway to the client is via a wireline to the router 1402X from the SDNP gateway 1401 via the gateway link 1414, to the WiFi router 1402W across the BL link 1415, and to the communication media. As an SDNP payload (G) that is moved across the last link 1404 to the client 1400 using a WiFi radio. SDNP client has numerical MAC and IP address MAC C _1,1 and IP C _1,1 , WiFi 1402W has numerical MAC address MAC W, router 1402A has numerical MAC address MAC R, The SDNP Gateway has a numerical MAC and IP address MAC M _0,0 and IP M _0,0 . The IP addresses of WiFi router 1402W and wireline router 1402X are not required in the last mile communication shown.

In contrast to the SDNP cloud, where the packet routing of the SDNP table is fully controlled by the SDNP network, in last mile communications using IP datagrams, the SDNP payload cannot be interpreted or affect routing, which means It means that each communication carried over includes a fixed source and destination IP address. The physical media or channel used to direct WiFi packets in radio communications and to direct Ethernet packets in wireline communications is controlled by the MAC address connecting each communication node within the last mile.

For example, FIG. 54A is used for single-PHY radio routing to WiFi router 1402W over last link 1404, including emitter MAC address MAC C _1,1 and receiver MAC address MAC W. Shows IPv4 and IPv6 last link WiFi packets. WiFi router 1402W also provides BS link wireline 1415 for routing to Ethernet router 1402X with a "net" MAC destination address MAC R. Layer 3 network routing includes only the end device, namely SDNP client 1400 with IP address IP C _1,1 and SDNP gateway 1401 with destination address IP M _0,0 . Unlike the Ethernet data packet, WiFi packets are three address - include - X m or source-MAC address of the radio receiver or a radio MAC C _{1,1-destination} MAC addresses MAC W, and Ethernet "net" MAC address R. In the direction of this data transfer, the wireline router 1402X acts as a network destination of the WiFi router device. Thus, the WiFi data packet specifies two media, the WiFi radio last link 1404, and the Ethernet wireline BS link 1415. 54B shows a corresponding Ethernet packet carrying an SDNP payload over gateway link 1414. As described, the source and destination IP addresses remain unchanged as IP C _1,1 and IP M _0,0 , while the MAC source and destination addresses remain from their original values to MAC R and MAC M _0,0 . Is changed.

Response communication includes swapping destination and source IP addresses, and adjusting the MAC address accordingly. 54C shows IPv4 and IPv6 Ethernet packets for data transport from SDNP gateway 1401 over gateway link 1414 to wireline-based router 1402X. Layer 3 to the information datagram, IP source address 441 is the network address of the gateway SDNP 1401, that is, including the IP and _0,0 M, IP destination address, the address of the client, IP value C _1,1 It includes. The MAC address for the gateway link Ethernet pack is MAC M _0,0 for source address 183 and MAC R for destination MAC address 182.

54D shows IPv4 and IPv6 packets for BS link 1415 and last radio 1404 based on WiFi radio. Network layer 3 includes SDNP gateway 1401 address IP M _0,0 and SDNP client address IP C _1,1 as source and destination addresses 445 and 446. The function of the MAC address field 237, indicated by "net", changes depending on the radio mode. In the transmission mode shown here, this field contains the Ethernet MAC address of the wireline source of the entry data of the radio, i.e. the numerical value MAC R of the router 1402X, which transmits the data packet to the WiFi access point.

In the receiver mode shown earlier in FIG. 54A, this field defines the Ethernet destination of data received as a radio packet and converted into an Ethernet packet. In the example shown, the "net" field 237 contains the same MAC address of the router 1402X, MAC R, for both transmit and receive modes, which means that the WiFi access point is single for last mile connectivity. This means using an Ethernet router.

Optionally, in multipath communication over the last mile, in receive mode, the wireline used to route the data packet received by the WiFi access point routes the data packet transmitted by the WiFi access point in transmit mode. It may be different from what is used to do so. For example, the network MAC address 237 for a radio packet in receiver mode may have a numerical MAC address MAC R ₁ , while in transmission mode, data may be changed to a different router connection MAC R ₂ , which is It means that the BS link can optionally include multi-PHY implementations that are directionally different. In transmit mode, the last link WiFi packet used for the single-PHY radio 1404 last link routing from the WiFi router 1402W to the SDNP client 1400 is an emitter MAC address 236 having a numerical value MAC W. And a receiver MAC address 235 comprising a numerical value MAC C ₁ , ₁ . In the direction of this data transfer, the wireline router 1402A acts as a source of data transmitted by the WiFi router device. Thus, the WiFi data packet specifies two media, the WiFi radio last link 1404, and the Ethernet wireline BS link 1415.

The cellular network represents another form of wireless communication that can be configured for SDNP last mile communication. The cellular network re-partitions the incoming Ethernet packet into radio-specific media access control (MAC) packets. Data can be transmitted and received by time division (TDMA), by code division (CDMA), or by spreading of content (OFDM) over multiple sub-channel frequencies. For 4G / LTE communications based on OFDM or orthogonal frequency division multiplexing, layer 2 data packets are stacked across three different levels of all embedded service data units or SDUs in layer 2; Specifically, the lowest level is a PHY PDU 299 including a single frame MAC SDU 304 with padding 305 spread over 20 time slots 300 containing the MAC header 303 and PHY Layer 1 data. It includes. MAC SDU 304 again includes radio link control or RLC SDU 308.

Radio Link Control (RLC) is a layer 2 protocol used in 3G (UMTS) and 4G / LTE (OFDM) based telephony. The function of radio link control is to respond to upper layer requests in one of three modes: known mode, unknown mode, and transmissive mode, as well as error detection, error correction, duplication detection, and It is to provide packetization of data according to the format. Packetization of data includes concatenation, segmentation, and reassembly of RLC SDUs with rewriting and re-segmentation of RLC data PDUs. For example, after time allocation for implementing the radio overhead function, the single frame RLC SDU 308 is inevitably limited in the duration and data file size available to carry the payload. As such, the single frame RLC SDU 308 must be divided into segments and mapped to different RLC layer formats-multi-frame RLC SDUs 319.

As shown in FIG. 55, mapping a single-frame RLC SDU 308 to various K, K + l, K + 2 segments 313, 314, 315, etc. of the multi-frame RLC SDU 319 is one thing. It does not occur on a one-to-one basis. For example, as shown, the mapping of the single-frame RLC SDU 308 ends in the middle of the K + 2 segment 315. The untransmitted portion of the remaining K + 1 segment, instead, is within the new single-frame RLC SDU 312 but only after allowing the padding time 310 required for radio clock synchronization and after RLC header 311 processing. Is sent. In this way, the transmission of data encapsulated within the K + 2 slot is correctly resumed, where it remains as if the data flow had never been interrupted. Optionally, 4G is similar to stopping playback of a DVD-encoded movie in the middle of a DVD chapter, waiting for a moment to perform some other function, and then resumes playback exactly where it left off. Thus, the RF data transfer rate of the cellular system is maximized without losing any data content, radio bandwidth other than packet overhead (such as PDU headers) is not wasted, and data-rate degradation resulting from clock synchronization padding time 310 is lost. Is minimized.

The multi-frame RLC SDU 319 encapsulates the PDCP PDU 320 in one-to-one correspondence with each K segment. For example, the k-th segment 313 carries an IP payload that includes a PDCP header 321A and data 323, and the (K + l) -th segment 314 is a PDCP header 321B and data ( Carries an IP payload comprising 324, the (K + 2) th segment 314 carries an IP payload comprising a PDCP header 321C and data 325, and so on. The term PDCP is an acronym for data convergence protocols, as specified in 3G and 4G / LTE communication protocols, and performs functions such as compression, encryption, integrity as well as user and control data transfer. The PDCP header depends on the type of data being transmitted, eg user data, control data.

Because the data transfer in 4G data packets carries a stream of contiguous concatenated data, the payload size is not quantized into defined length blocks as in Ethernet and WiFi data packets. Instead, the data fields 323, 324, 325... Carried by the corresponding layer 2 data segments 313, 314, 315,..., As shown, transmit-header 436 and It can incrementally support any size payload, including an IP header 434 and an IP payload 435 that includes an SDNP payload 1430. In addition, in OFDM-based communications, each time slot carries data on multiple frequency subcarriers simultaneously, which means that the total data throughput is not simply determined by the duration over a single channel, as in TDMA. Means that. However, for convenience, it is often convenient to keep the IP datagram size to the size of the Ethernet or WiFi standard.

As shown, the IP header 434 determines whether the IP datagram follows IPv4 or IPv6 as determined by the protocol field 447 including binary method 4 or the protocol field 448 including binary method 6. Depends on. Both preambles 440 and 444 include a transport header flag 470 that is used to determine the layer 4 transmission method used, for example TCP, UDP or maintenance function ICMP and IGMP. Specifically, in accordance with secure dynamic communication networks and protocols, TCP transport is used for software and data files, while UDP is used for real-time data such as VoIP and video. The length and format of the transport header 436 depends on the transport header bit 470. IP header 434 includes IPv4 source and destination addresses 441 and 442 or IPv6 source and destination addresses 445 and 446.

As an example of 4G communication using IPv6 datagrams, FIG. 56A shows a cellular radio 1404 last link routed to a cell tower and base station 1402Q. Specifically, in the MAC source field 300A, the RLC PDU specifies a cellular source media address, such as MAC C _1,1 , which is the device of the client. Similarly, MAC destination field 300B specifies the cellular receiver media address as the MAC BS describing the cell tower and base station. Layer 3 network routing includes only last mile end devices, i.e., only the SDNP client 1400 with IP address IP C _1,1 and the SDNP gateway 1401 with destination address IP M _0,0 , shown in the source data field. do. As mentioned above, the data fields 323, 324, and 325 do not necessarily correspond to a particular section of the IPv6 datagram data payload, and the data fields 323 do not correspond to the IP source address 445, IP destination address ( 446, and a portion of the SDNP payload (A) 435 that includes the transport header 436. Data fields 324 and 325 carry the untransmitted remainder of SDNP payload 435.

56B shows a data packet for the response message SDNP payload G over the cellular last link 1404 from the cell tower and base station 1402Q to the mobile client device 1400, whereby the source from the previous data packet is shown. And the destination address is swapped, i.e., the media address MAC BS is loaded into the cellular source media address 300A, and the cellular destination media address 300B is set to MAC C _1,1 , which is the client's MAC address, and is in the IPv6 datagram. The IP source field 445 is set to IP M _0,0 and the IP destination field 445 is set to IP C _1,1 . Routing between network router 1402X and cellular tower and base station 1402Q over BS link 1415 uses Ethernet data packets consistent with the previous example.

Multi-PHY communication over the last link may include any of the foregoing media used in various combinations. Multi-PHY implementations connect multiple wireline connections using common or separate Layer 2 protocols such as USB, Ethernet 10BASE-T, 100BASE-T, 1000BASE-T, or DOCSIS3, with data at the same or different data rates. It may include. Wireline physical media may include twisted-pair copper connections for Ethernet or USB compliant network cables, coaxial cables, optical fibers, or even DSLs, even at reduced performance levels.

Wireless multi-PHY communication may include WiFi, cellular, satellite, or a combination of proprietary radio formats operating in radio frequency and microwave bands. Wireless last link communication may also include short range technologies such as Bluetooth or micro-cellular networks such as Japanese PHS. Wireless protocols include, for example, analog, TDMA, GSM, CDMA, UMTS, and OFDM, WiFi protocols such as 802.11a, 802.11b, 802.llg, 802.11n, and 802.11ac, as well as satellite communications or general radios. Cellular formats for 2G, 2.5G, 3G, and 4G / LTE, including proprietary formats for links. Since Layer 2 protocols vary with Layer 1 physical media, the term multi-PHY communication as used in the context of the present disclosure refers to a combination of both OSI physical and data link layers, that is, Layer 1 and Layer 2 It should not be construed as limiting the claim, meaning only layer 1 physical media.

An example of multi-PHY communication using a Common Layer 2 protocol, including Ethernet, WiFi, and a cellular implementation, is shown in FIG. 57A. In the top example of multi-PHY Ethernet, router 27 uses desktop computer 36 using two Ethernet cables, including wired or fiber links 24A and 24B, each of which operates 100BASE-T and 1000BASE-T. Communicate on To facilitate hypersecurity communication over the last mile, a desktop 36 is shown running SDNP software 1335C.

In the central example of multi-PHY WiFi, the WiFi router 100 communicates to the notebook 35 via two WiFi channels shown as WiFi links 29A and 29B, and the former operates with a 801.11n protocol above 2.4 GHz. The latter communicates over a 5 GHz channel using 802.11ac. In order to operate in the multi-PHY mode, the notebook 35 must be able to simultaneously transmit and receive signals at multiple frequencies using the multi-band antenna 26B in the notebook. Similarly, the WiFi router should be able to transmit and receive signals simultaneously on multiple frequencies using the multi-band antenna 26. In order to facilitate hyper-secure communication over the last mile, a notebook 35 on which SDNP software 1335C is operated is shown.

In the lower example illustrating multi-PHY cellular communication, cellular base station 17 uses two different radio channels, including cellular links 28A and 28B having corresponding frequencies of 1.8 GHz and 900 MHz, to multi-band cellular. Communicates simultaneously with tablet 39 via tower 18A. In the example shown, the cellular link includes a 4G / LTE network. As shown, the tablet 39 should be able to simultaneously transmit and receive signals at multiple frequencies using the internal multi-band antenna 18B. To assist hypersecurity communication over the last mile, a tablet 39 on which the SDNP app 1335A is operated is shown.

Such multi-PHY communication using the Common Layer 2 protocol disrupts cyber attacks because hackers must obtain physical access to two different Layer 2 data links, each of which may include its own security. In addition, when the SDNP software 1335H, SDNP app 1335A, or SDNP firmware 1335B (not shown) is running on the client, routing of the SDNP payload over a multi-PHY connection is a real-time for real-time hacking. It uses specific dynamic security credit proofs that make SDNP packet interception and interpretation very difficult.

An example of multi-PHY communication using mixed Layer 1 media and Layer 2 protocols is shown in FIG. 57B. In this example, the last link data is executed using a combination of cellular, WiFi, and satellite systems. In the top example of mixed media multi-PHY communication, the WiFi router 100 uses a combination of a 100BASE-T Ethernet wired or fiber link 24B and an 802.11ac WiFi link 29B that operates at 5 GHz to provide a desktop computer. Communicate with (36). In order to ensure hyper-secure communication over the last mile, a desktop 36 on which SDNP software 1335C runs is shown. Such an example represents a combination of wireline and wireless communication, where wireless packet sniffing cannot intercept or observe wireline data. This mixed Ethernet + WiFi multi-PHY last link distribution method is particularly well suited for deploying a corporate office network that includes a secure desktop computer in a building or campus that communicates to a private server locked in an access restricted server room.

In the middle diagram of the mixed-middle multi-PHY communication shown in FIG. 57B, the cell phone 32 with the internal multi-band antenna 18C communicates using two different radio technologies. The WiFi link 29C, which is one PHY, communicates to the WiFi router 100 and the antenna 26 using, for example, the 802.11n protocol at 5 GHz. Cellular link 28C, which is a second PHY connection, uses a 1.8 GHz carrier that operates in 4G / LTE protocol to promote last link connectivity to cellular tower 25 and base station 17. Since cellular cellular tower 25 and WiFi antenna 26 operate on unrelated systems, this multi-PHY approach completely obscures all relationships between data packets carried by multiple physical media in the last link. Let's do it. In order to ensure hyper secure communication over the last mile, the SDNP app 1335A is shown with a mobile phone 32.

A similar method for achieving multi-PHY last link communication combining cellular and satellite is shown in the bottom view of FIG. 57B, where the satellite / mobile phone 32Z on which the SDNP app 1335A is operated has two long range radios. Network-a cellular cellular tower 25 and base station 17 at 18 GHz, and a satellite link 95W for communicating with satellite 92 at 1.9 GHz, for example. Satellite 92 again communicates with terrestrial satellite antenna and base station 92B via wideband link 95X, not necessarily at the same frequency as client communications.

57C shows another various multi-PHY communication-multiple physical media that share a common protocol but are capable of multiple simultaneous communication channels using frequency division. Such systems require large bandwidth media for operation without significant loading effects, i.e. performance is reduced when more users occupy the bandwidth and throughput capacity of the media. Only three such media will readily utilize such a large bandwidth: (i) DOCSIS3 cable system using coaxial cable, (ii) DOCSIS3 cable system using optical fiber, and (iii) low-earth orbital multi-GHz satellite communication system. Can be. Specifically, the top view of the multi-PHY cable system shows the SDNP firmware 1335M, which communicates with the cable CMTS 101 using multiple bands via coax or fiber 105 on which the DOCSIS3 protocol operates. Shows a set top box or cable modem 102B on which is operated. The lower figure shows a multi-PHY satellite network, where a satellite enabled mobile phone 32Z, on which the SDNP app 1335A operates, uses a communication satellite (95Z) using multiple carrier bands 95Z formatted with a proprietary communication protocol. 92). The communication between satellite 92 and terrestrial satellite antenna and base station 92B utilizes trunk line protocol 95X, which mixes thousands of calls, utilizing multi-PHY communication across multiple bands within client link 95Z. Ensuring hyper-secure communication for this client, making it difficult for hackers to identify and interpret certain calls.

Another example of a data packet used in multi-PHY last link routing is shown in FIG. 58, where the SDNP client 1400 is, for example, an Ethernet wired or fiber link where protocols 100BASE-T and 1000BASE-T are operated, respectively. It communicates with the router 1402A through two separate PHY connections, including 24A and 24B. Router 1402A is in turn connected to SDNP gateway 1401 via gateway link 1414. Both Ethernet packets define the source IP address 445, ie the client device as IP C _1,1 and the destination IP address 446 of the SDNP gateway as IP M _0,0 . The Ethernet packet A routed over the PHY realized by the wired or fiber link 24A contains a MAC destination address 182 comprising MAC R and a MAC source address 183 comprising MAC C ₁ , ₁ . Include. An Ethernet packet A routed over a PHY realized by a wired or fiber link 24B comprises a MAC destination address 182 comprising a MAC R and a MAC C _1,2 forming an alternative PHY connection. Another MAC source address 183.

The change in source media address from MAC C _1,1 to MAC C _1,2 will redirect Ethernet communication from the 2.6GHz 100BASE-T connection to the 1000BASE-T connection. In operation, data packets from the SDNP client device 1400 are fragmented and then assigned to the SDNP payload A and SDNP payload B, in accordance with the SDNP algorithm and shared secret. Fragmented data transport across a multi-PHY last link is carried by the SDNP payload (A) carried by the Ethernet packet (A) over the wired or fiber link 24A and the Ethernet packet (B) on the wired or fiber link 24B. Consisting of the SDNP payloads (B) involved.

Another example of a data packet used in multi-PHY last link routing is shown in FIG. 59, where the SDNP client 1400 uses, for example, 2.4 GHz 802.11n and 5 GHz 802.11ac protocols, respectively, for example, WiFi. It communicates with the WiFi router 1402W through two separate PHY connections, including links 29A and 29B. Router 1402W is in turn connected to router 1402X through BS link 1415, and router 1402X is connected to SDNP gateway 1401 via gateway link 1414. Both WiFi packets define the source IP address 445, ie the client device as IP C _1,1 and the destination IP address 446 of the SDNP gateway as IP M _0,0 . The WiFi packet A routed over the PHY realized by the WiFi link 29A includes an _emitter MAC radio source address 236 including MAC C _1,1 , and a MAC radio receiver destination address including MAC W. 235, and a MAC network destination 237 that includes the MAC R. The WiFi packet B routed over the PHY realized by the WiFi link 29B includes an emitter MAC radio source address 236 comprising MAC C _1,2 and a MAC radio receiver destination address including MAC W. 235, and a MAC network destination 237 that includes the MAC R.

The change in source media address from MAC C _1,1 to MAC C _1,2 redirects transmission from the 2.6 GHz WiFi radio to the 5 GHz transceiver. In operation, data packets from the SDNP client device 1400 are fragmented and then assigned to the SDNP payload A and SDNP payload B, in accordance with the SDNP algorithm and shared secret. Fragmented data transport across a multi-PHY last link is carried by the SDNP payload (A) carried by the WiFi packet (A) over the WiFi link 29A and the WiFi packet (B) on the WiFi link 29B. SDNP payload (B).

Another example of a data packet used in multi-PHY last link routing is shown in FIG. 60 where the SDNP client 1400 is, for example, 4G / LTE at 1.8 GHz and 4G / LTE protocol at 900 MHz, respectively. Is used to communicate with cell tower 1402Q via two separate PHY connections including cellular links 28A and 28B. Router 1402Q is in turn connected to router 1402X via BS link 1415, and router 1402X is connected to SDNP gateway 1401 via gateway link 1414. Both cellular packets define the source IP address 445, ie the client device as IP C _1,1 and the destination IP address 446 of the SDNP gateway as IP M _0,0 . The cellular packet A routed over the PHY realized by the cellular link 28A is an MAC cell tower destination 300B comprising an emitter MAC radio source address 300A comprising MAC C _1,1 and a MAC BS. ). The cellular packet B routed over the PHY realized by the cellular link 28B is the MAC cell tower destination 300B including the emitter MAC radio source address 300A including MAC C _1,2 and the MAC BS. ).

The change in source media address from MAC C _1,1 to MAC C _1,2 redirects transmission from the 1.8 GHz 4G / LTE cellular radio to 900 MHz. In operation, data packets from the SDNP client device 1400 are fragmented and then assigned to the SDNP payload A and SDNP payload B, in accordance with the SDNP algorithm and shared secret. Fragmented data transport across a multi-PHY last link is carried by the SDNP payload (A) carried by the cellular packet (A) over the WiFi link 28A and the cellular packet (B) on the WiFi link 28B. SDNP payload (B).

As mentioned above, multi-PHY communication may also include different media. In such a case, the data packet for each connection must be formatted according to the Layer 2 protocol for the corresponding physical media. For example, FIG. 61 illustrates hybrid last link communication including Ethernet and WiFi, where the SDNP client 1400 uses Ethernet wired or fiber, for example using 802.11ac at 100BASE-T and 5 GHz, respectively. It communicates with the WiFi router 1402W through two separate PHY connections, including the link 24A and the WiFi link 29B. Router 1402W is in turn connected to router 1402X through BS link 1415, and router 1402X is connected to SDNP gateway 1401 via gateway link 1414. Both WiFi packets define the source IP address 445, ie the client device as IP C _1,1 and the destination IP address 446 of the SDNP gateway as IP M _0,0 . Ethernet (A) routed over a PHY realized by a wired or fiber link 24A includes a MAC source address 183 comprising MAC C ₁ , ₁ and a MAC destination address 182 comprising MAC W. do. The WiFi packet B routed over the PHY realized by the WiFi link 29B includes an emitter MAC radio source address 236 comprising MAC C _1,2 and a MAC radio receiver destination address including MAC W. 235, and a MAC network destination 237 that includes the MAC R.

Changes in the source media address from MAC C _1,1 to MAC C _1,2 redirect the transmission from Ethernet to WiFi. In operation, data packets from the SDNP client device 1400 are fragmented and then assigned to the SDNP payload A and SDNP payload B, in accordance with the SDNP algorithm and shared secret. Fragmented data transport across a multi-PHY last link is accomplished by the WiFi packet (B) on the SDNP payload (A) and the WiFi link (29B) carried by the inner packet (A) over the wired or fiber link (24A). It consists of the accompanying SDNP payload (B).

FIG. 62 illustrates hybrid last link communication including WiFi and cellular communication, where SDNP client 1400 operates 802.11n over two separate PHY connections to two different wireless base stations, specifically at 2.4 GHz. Is communicated over a WiFi link 29A for a WiFi router 1402W, and a cellular link 28B for a cellular base station 1402Q operating 4G / LTE over a 900 MHz carrier frequency. Routers 1402W and 1402Q are in turn connected to router 1402X through BS links 1415A and 1415B, respectively, and router 1402X is connected to SDNP gateway 1401 via gateway link 1414. Both WiFi and 4G cellular packets define the source IP address 445, ie the client device as IP C _1,1 and the destination IP address 446 of the SDNP gateway as IP M _0,0 . The WiFi packet (A) routed at the PHY layer over the connection comprising the WiFi link 29A is sent to the MAC radio receiver destination including the emitter MAC radio source address 236 including MAC C _1,1 , MAC W. MAC network destination 237, including address 235, and MAC R. Cellular B routed as a PHY layer connection realized by WiFi link 29B includes a MAC source address 300B including MAC C _1,2 and a MAC destination 300B including MAC BS.

Changes in the source media address from MAC C _1,1 to MAC C _1,2 will redirect transmission from the WiFi LAN to the cellular network. In operation, data packets from the SDNP client device 1400 are fragmented and then assigned to the SDNP payload A and SDNP payload B, in accordance with the SDNP algorithm and shared secret. Fragmented data transport across the multi-PHY last link is carried by the SDNP payload (A) carried by the WiFi packet (A) over the WiFi link 29A and the cellular packet (B) on the cellular link 28B. SDNP payload (B).

Another form of multi-PHY communication includes a physical medium capable of supporting many channels of different frequencies and using a separate protocol for different data packets. Such an implementation can be facilitated using a DOCSIS3-based cable distribution system running SDNP software. The OSI communication stack for the SDNP enabled DOCSIS3 cable distribution system is shown in FIG. 63, which is an example of a cable-connected device as well as layer PHY connectivity, layer 2 data link, and cable modem end device CMTS 101. For example, it includes an overlap layer 3 network for both cable modem CM 103 or set top box (STB) 102. Specifically, the cable modem end system device CMTS 101 and its associated stack 378 are connected to the cloud server 22 and the Internet 20 or alternatively to a video headend, IPTV system, or VoIP system (not shown). A connected Layer 1 PHY network interface 361 is included. The combination of network interface 361 and data link layer 366 is included in device interface communication stack 378 of CMTS 101. At data link layer 2, data is passed from the network interface communication stack to the cable network interface communication stack, specifically into link level control (LLC) 369, via the forwarding function 370. Link level control 802.2 LLC 369 includes a hardware-dependent protocol defined in accordance with IEEE specification 802.2. The packet data is then modified by link security 368 to provide rudimentary packet security and primarily prevent unauthorized viewing of content such as usage based billing unicast broadcasts.

The layer 1 PHY cable interface 362 then transfers the data frame via cable network (CM) 103 or set top box (STB) via a distribution network 102 comprising a coaxial cable 104 or an optical fiber 91. Transmit to corresponding Layer 1 PHY cable interface 363 in 102. Cable interface 363 represents the PHY layer of the cable network interface shown as OSI communication stack 379 of cable modem (CM) 103 or set top box (STB) 102. Upon receiving the data packet, the cable MAC interface 371 then interprets the cable MAC address, passes the payload to link security 372 for decryption, and finally the hardware independent link layer control 802.2 LLC (for interpretation). 373). The input data for the CM or STB cable network communication stack is then sent to the CM or STB device interface communication stack via transmissive bridging 374, specifically device independent link layer control 802.2 LLC 375 in accordance with the specifications for IEEE 802.2. Is passed on. The packet is then forwarded to the HSD & IPTV MAC block 376 or WiFi 802.11 MAC block 377 to update the MAC address of the packet. In the case of WiFi communication, the data packet is then forwarded from the 802.11 MAC block 377 to the WiFi PHY Layer 1 radio interface 365 for transmission on the WiFi antenna 26. In the case of a wireline connection, the data packet is then passed from the HSD & IPTV MAC block 376 to the Ethernet or HDMI interface block 364 for the connection to the TV 39 or desktop 36.

The PHY and data link layers as described establish a connection from the CMTS to any number of cable modems (CMs). Within the CMTS communication stack 378 and within the CM communication stack 379, data packets are sent using OSI layer 3 layers 360A and 360B, using IP addresses that are recognized by the cable network or by DNS name servers on the Internet. Are prepared as IP datagrams IPv4, IPv6 or ICMPv6, respectively. In last mile communications, SDNP datagrams that use IPv4 or IPv6 data packets with SDNP source and destination IP addresses are not typically used, since connected devices that are not enabled by the SDNP software or firmware are not connected to the SDNP datagram routing address. It does not have the ability to interpret.

Transport layer 4 operation in the cable modem network is changed by the device. In the case of the CMTS 101, the layer 4 transport layer 1420 of the OSI communication stack 378 uses UDP independently because its operation requires real time communication, for example streaming of video data. to be. From this aspect, cable communication 102 is closer to the SDNP real time network than to the Internet. Since the cable modem has information processing interoperability with both the Internet and the cable network as a client, i.e., an end communication device, the Layer 4 transport layer 1420B in the OSI communication stack 379 of the CM 103 or STB 102 is in real time. Use UDP for operation and TCP for Internet data. Such use is problematic for OTT carriers using VoIP over the Internet, which allows cable networks to interpret IP datagrams as data, automatically using TCP and transport protocols, and reduce real-time communications QoS, latency, and propagation delays. Because I will. This problem does not occur in SDNP enabled cable modems-when the CM or STB is an operating SDNP firmware or software, the SDNP software is, in the context of, when the use of TCP (for software and files) is guaranteed. And for real time data, it determines when it is not.

The application layer, i.e., OSI layer 5 through layer 7, lies on top of the layer transport operation 1420A in the CMTS 101 and on top of the transport layer 1420B in the CM 103 or the STB 102. In CMTS 101, such applications typically include communication tasks such as SNMP 1431A, an Internet-standard protocol for collecting and configuring information connected devices on an IP network. Other functions include DHCPv4 1432A and DHCPv6 1433A. DHCP, the acronym for dynamic host configuration protocol, is a protocol for both clients and servers to automatically supply IP hosts with the necessary routing information, including dynamically generated (unfixed) IP addresses, default gateways, and subnet masks. . Although the Internet generation specific, i.e. the function of dynamic IP address generation for IPv4 or IPv6, is similar, similar to NAT gateway or SNMP, DOCSIS3 cable system for both CMTS 101 and CM 103 or STB 102 The same applies to.

The secure dynamic communication network and protocol application layer implementations disclosed herein, when realized as SDNP firmware 1430A operating on top of the CMTS 101 operating system, perform any number of specific challenges, including:

Operation as a pass that does not interpret the SDNP payload 1430, where the CM 103 must be enabled, ie the CM 103 must be an SDNP client to open and read the SDNP payload.

* Acting as the last mile remote SDNP gateway, ie, interpreting the contents of the SDNP payload and forwarding the content to DOCSIS3-specific messages (including link security) for forwarding to the CM 103. In such a case, the CM 103 does not need to operate the SDNP client software or firmware.

Operating as a last mile SDNP bridge, converting IP datagrams to SDNP datagrams, and communicating SDNP datagrams to the CM 103; In such a case, the CM 103 must run the SDNP client software or firmware to connect to the SDNP-bridge, ie form an ad hoc SDNP "floating" network.

As shown, OSI communication stack 379 for CM 103 and STB 102 includes OSI Layer 5, which includes the aforementioned communication-related apps SNMP 1431B, DHCPv4 1432B, and DHCPv6 1433B. To a number of applications classified as Tier 7. Another function, utility TFTP 1434B or "small file transfer protocol", is mainly used in DOCSIS3 as a means for downloading software from the CMTS to cable modems and set-top boxes via cable networks and for software updates. In cable networks, the HTTP 1435B or hypertext transfer protocol is primarily for painting dynamic menus that are useful in smart TVs. Other applications (shortened as "Otr" 1436B) include gaming apps, diagnostics, IPTV apps, video recording functions, and the like. SDNP firmware 1430B running on CM 103 or STB 102 extends all of the hyper-secure secure last mile communications for users and last links, regardless of whether CMTS 101 runs SDNP software. Let's do it.

64 illustrates a configuration of a DOCSIS3 data packet configured to carry an SDNP payload 1430. As shown, PHY layer 1 includes variable length and duration of data link layer 2 MAC data including preamble 391, variable length payload or codeword 392, and guard time 393. Physical media device frame 390. The preamble 391 includes an upstream preamble or a downstream preamble, depending on the communication direction. In the case of an upstream preamble, the preamble 391 includes a physical media device PMD header 398, a MAC header 399A and a data PDU 400A. In the case of a downstream preamble, the preamble 391 includes an MPEG header 401, a MAC header 399B and a data PDU 400B. The data PDU 400A in the upstream preamble and the data PDU 400B in the downstream preamble include a MAC destination address (DA) 403B and a MAC source address (SA) 403A. The content of variable length payload 392 may include short codeword 394 or long codeword 397.

The short codeword 394 includes a payload 395A containing data A and an error correction 396A including FEC A. In the case of the long codeword 397, the payload is divided into a number of payload blocks 395A, 395B, and 395C, each carrying data A, data B, and data C, respectively. The payload of s contains its own error checking blocks 396A, 396B, and 396C that include corresponding data (FEC A, FEC B, and FEC C). After error checking, the data transferred from DOCSIS3 includes data blocks 395A, 395B and 395C in the case of long codewords and only data block 395A in the case of short codewords. The combination of data A, data B, and data C includes a transport header (IP source address 445, IP destination address 446, and SDNP payload 1430 and layer 4 data). Contiguous IP datagrams comprising a data field 435 including 436, in this example, merged into an IPv6 datagram. In this way, DOCSIS3 uses a packet-switched data protocol to flexibly transfer data over the cable network.

As shown in FIG. 65A, data packets are carried within multiple channels, ie, at different frequencies, across a hybrid cable-fiber network. In DOCSIS 3.0, the data channel ranges from 5 MHz to 1,002 MHz, including analog TV signal 1440 (triangle), QAM data 1441, and “deplexer” control channel 1443. In phase 1 of DOCSIS 3.1, the frequency range extends to 1,218 MHz, and mainly in the frequency band beyond the existing channel assigned to QAM, DOCSIS3.1 data channel 1442 is added to assist OFDM modulation.

OFDM is preferred for the QAM modulation method because the channels can be spaced more tightly. Comparing modulation schemes, QAM frequency distribution 1445A represents a tail with broader spectral content than OFDM frequency distribution 1445B. Specifically, the spectral sideband width, f ₀ to f _-50 , from the carriage edge to the frequency at which the signal drops by -50 dB, is 4.3 normalized frequency unit width in the QAM frequency distribution 1445A, or OFDM frequency distribution ( In the case of 1445B) only 0.4 normalized frequency unit widths. As the spectrum width is narrower, more communication channels can be packed into the same spectrum, increasing the overall bandwidth and maximum total data rate of the network. In the phase 2 deployment of DOCSIS 3.1, the frequency range is extended to 1794 MHz.

Many of the bands originally assigned for QAM data 1442 are replaced with new channels that are explicitly allocated for OFDM data 1442.

In a DOCSIS-enabled cable network, one CMTS unit supports many CMs managing available channels. Although the CMTS can assign downstream communication and dynamic channel selection as needed, upstream communication requires contention management to help when multiple CMs attempt to send data simultaneously. Thus, each modem must request an uplink channel from the CMTS before transmitting data. This process is shown in FIG. 65B, which includes a sequence of communication operations between the CMTS 101 on which the SDNP app 1335L runs and the CM 103 on which the SDNP firmware 1335M runs. The routing of IP datagrams in multi-PHY communication includes the IP addresses " IP CMTS " and " IP CM1 " and " MAC CM1 " for the CM 103, for example " MAC CM1 " CMTS1 "," MAC CMTS2 "," MAC CMTS3 ", and" MAC CMTS4 "are used. In the top diagram showing a graph of frequency versus time, CM 103 transmits an RQST 1445A transmission request on a designated channel.

If there is no response, a second RQST 1445B is transmitted, resulting in a response from the CMTS 101 on a different channel in the form of a MAP data packet 1446. The content of the MAP data packet 1446 instructs the CM 103 which channel is available for transmission and for its upstream communication. After receiving the MAP data packet 1446, the CM 103 simultaneously transmits its upstream data spread over two channels in the uplink data packets 1447A and 1447B. The division of data transmitted simultaneously over the two channels shown in the central figure is referred to as channel bonding. Channel bonding is a means by which communication bandwidth and data rate between CMTS and CM can be increased. It is also a dynamic way of ensuring that no bandwidth is available that is not available. In the lower figure, the CMTS 101 responds by channel bonding four channels, namely 1448A, 1448B, 1448C, and 1448D, and at the same time but transmitting data with different durations.

In both upstream and downstream communications over hybrid fiber-cable networks, bandwidth is dynamically allocated between multiple channels, divided into small time segments called "minislots." 65C shows upstream communication from CM 103 to CMTS 101. Such upstream communication generally includes a message or request for transmission. In this example, data is transmitted over frequencies f ₁ and f ₂ including a total of five time minislots. As shown, minislots 1, 2, and 3 are transmitted at frequency f ₁ during intervals K, (K + l), and (K + 2), while minislots 4 and 5 are spaces ( Is transmitted at frequency f ₂ during K and (K + l), but not during interval K + 2. The upstream data packet 1450A, shown in simplified form, is an IP source address " IP CMl " and an IP destination address of last mile communication, i _. Specifies ₀ ".

In last link communication, the upstream data packet 1450A specifies "MAC CMl" as the source MAC address of the cable modem and specifies the channel of frequency f ₁ as the PHY media, in this case the MAC destination "MAC CMTS1". . The data packet 1450A including the SDNP payload A occupies a total of three minislots, namely minislots 1, 2 and 3, although they carry a single data packet and payload together. In contrast, minislot-4 and minislot-5 each comprise only 1450B and 1450C with a single data packet, ie SDNP payload (B) and SDNP payload (C), respectively. Like the data packet 1450A, both packets 1450B and 1450C specify the destination IP address of the SDNP cloud, specifically the SDNP gateway node M _0,0 .

However, in the MAC destination address, instead of specifying the same MAC and physical media as the first packet, both packets 1450B and 1450C define the MAC destination address of "MAC CMTS2". Using this address, data packets 1450B and 1450C must be accompanied at a different frequency than data packet 1450A-in this case, frequency f ₂ , not frequency f ₁ . The actual value of the frequency is dynamically mapped by the CMTS 101 and not specifically identified. Thereby, the DOCSIS3 enabled system represents a multi-PHY solution, whereby a single CMTS unit can simultaneously communicate to a cable modem or set-top box over multiple frequencies and using multiple protocols such as 256 QAM or OFDM. have.

Instead of allowing the CM and CMTS to determine which data packets use a common carrier channel or frequency as is common in DOCSIS3 systems, the SDNP client CM (according to the disclosed secure dynamic communication network and protocol for last mile communication) 103 specifies different MAC destination addresses to force communication across multiple frequencies and channels, i.e., to force multi-PHY operation. Since the CM 103 data packets 1450A and 1450B / C define different destination MAC addresses, namely MAC CMTS1 and MAC CMTS2, respectively, the data packet automatically executes a multi-PHY operation over the last link. Alternatively, if the CMTS facilitates other means of requesting specific channel assignments, for example using command and control requests, the use of MAC addresses to perform multi-PHY communication may be replaced by other means. Can be.

65D shows downstream from CMTS 101 to CM 103, showing the use of bonding to achieve large data rates in multi-PHY downstream communications. As shown, all data packets specify an IP address of "IP CMTS", a destination IP address of "IP CM1", and a MAC destination address of Greek "MAC CM1". Multi-PHY communication is controlled by the specification of the MAC source address of the CMTS 101. As shown, the data packet 1450G containing the SDNP payload G carries a MAC source address " MAC CMTS6 " corresponding to communication at frequency f ₆ involving data in minislots 15 and 16. It is specified. The data packet 1450H contains the SDNP payload H and specifies a MAC source address " MAC CMTS7 " corresponding to communication at frequency f ₇ involving data within minislots 17 and 20. The data packet 1450I containing the SDNP payload I specifies the MAC source address " MAC CMTS8 " corresponding to the communication at frequency f ₈ involving data in minislots 21, 22 and 23. . Finally, the data packet 1450J containing the SDNP payload J specifies the MAC source address " MAC CMTS9 " corresponding to the communication at frequency f ₉ involving the data in minislot members 24 and 25. do. In this way, related and unrelated data packets can be sent simultaneously from the CMTS 101 to the CM 103 using the multi-PHY method without channel contention or data collisions with concurrent upstream data.

HyperSecure Call Routing—HyperSecure call routing made in accordance with the disclosed secure dynamic communication network and protocol may be implemented using one of three methods for the following commands and controls.

A three-channel communication, in which the routing of a call or communicator carries three sets of servers, i.e., an audio, video or data file; Controlled using an SDNP signaling server for selecting the routing of calls, and an SDNP name server for storing dynamic mapping of telephone numbers to their corresponding SDNP addresses,

A dual-channel communication, in which the routing of a call or a communicator carries two sets of servers, i. E. An audio, video or data file; And an SDNP signaling server for routing a call and for performing the function of an SDNP name server for mapping telephone numbers to corresponding SDNP addresses,

* As single-channel communication, all data transport, route planning and SDNP address maps are implemented as a single server set.

In general, three-channel communication provides greater immunity to cyber-attack, because one set of servers does not contain all the information about the call. In all cases, however, the SDNP network uses distributed processing to limit the information contained within any given server. In addition, during data transport in single-, dual- or triple-channel communication, the SDNP media server is connected to a fourth type of server-a DMZ server. The DMZ server is used to accommodate the SDNP shared secrets required to process the SDNP data payload, including scrambling, splitting, mixing, junk data insertion and removal, and encryption. In operation, an incoming data packet received by the media server is forwarded to the DMZ server, where the data packet is modified and forwarded back to the media server. The media server does not know how the data packet has been modified or what logic or algorithm was used to process the data. Executable code and tables stored on the DMZ server are encrypted to prevent analysis of the code. In addition, the DMZ server is operated offline without being connected to a network or the Internet.

The figure below shows one exemplary implementation of a sequence used in three-channel SDNP communication and initiation of a call or transmission of a file over a network. The operation of dual-channel communication can be considered as a minor modification to tri-channel communication, where the SDNP name server function is incorporated into the signaling server. Single-channel communication involves integrating all three operations into a network of multifunction servers operating as SDNP communication nodes.

Although fragmented data transfers within the SDNP cloud are generally implemented using dynamically meshed routing, last mile communication specifically involves continuous data packets being (i) to a single SDNP gateway, i.e. as a single-path last mile communication. Routed, or alternatively (ii) routed to multiple SDNP gateways, ie as multi-path last mile communications. Other last mile routing choices include dynamic source addressing and multi-PHY last link connectivity. This delivery option is specified in an IP data packet generated within the signaling server. Despite the fact that these SDNP data packets specify their source and destination IP and MAC addresses, the exact path that a particular data packet takes within the last mile is unknown. Instead, the intermediate passage is determined by the operation of the router, the device owned by the local network operator, the mobile network operator, and the network service provider serving the last mile, and not by the SDNP signaling server. Thus, last mile communication is similar to a jump rope, with two ends fixed but a maze of specifically shaped passageways connecting them.

In short, the terms single-path, multi-path, and mesh-path communication refer to the passage of media packets, i.e., the passage "content" traversal between callers, while triple-channel, dual-channel. The terms, and single-channel communication refer to a command and control system used to control the transmission over the network of SDNP nodes. From the foregoing, the following set of figures shows a sequence, or "process," used to make a call of steps or initiate a communicator in accordance with the disclosed secure dynamic communication network and protocol.

FIG. 66 illustrates a single-channel for three-channel communication including SDNP client 1600, IP routers 1602A, 1602B, and 1602C signaling server 1603A, SDNP name server 1604A, and SDNP gateway 1601. The schematic of the route last mile network. Such a computer server may be a network node as shown, including SDNP client C _1,1 , router R, SDNP signaling server node S, SDNP name server node NS, and SDNP gateway node M _0,0 . Host SDNP communication nodes used to aid network communication with names and IP addresses. Network connection 1610 facilitates a last link between client C ₁ , ₁ , and its nearest router 1602A; Network connection 1611 facilitates a gateway link between SDNP gateway M _0,0 and its nearest router 1602B; Network connection 1612 facilitates a gateway link between SDNP signaling server 1603A and its nearest router 1602C; Network connections 1616 are interconnected to geographically adjacent routers 1602A and 1602B. Since the router's IP address is not used as the source or destination address in the IP datagram, the term "R" is shared by all routers on Layer 3. In the case of the description of Layer 1 and Layer 2, each router has a specific identity, but this aspect is not related to the description of IP network Layer 3 call routing. SDNP signaling server 1603A (node S) is connected to SDNP name server 1604A (node NS) via network connection 1613 and to SDNP client node M _0,0 via a large number of network connections 1614. . The signaling server 1603A is also connected to another signaling server (not shown) via a network connection 1615.

Using the SDNP network, locating a call, ie establishing a "session", comprises a sequence of the following steps initiated from the SDNP client making the call, ie the "caller":

1.SDNP call (or call out) request

2.SDNP address request

3. SDNP address forwarding

4.SDNP routing indication

5. Start an SDNP call (or call out)

The first step, “Call Request”, is shown diagrammatically in FIG. 67, where a passage 1610 in which a client 1600 with a caller, address “IP C _1,1 ,” has an IP datagram 1620. Contacts signaling server 1603A at IP " IP S " The command and control payload 621 of the datagram includes Layer 4 data transfers using TCP to ensure data accuracy, and conveys, urgency, security credit credentials, and contact information of the "called party" as the party being called. Specifies a large number of requested currency parameters, including. In the case of a call to another SDNP client, ie an “SDNP call”, this contact information includes the client's credit certificate (CID), which is the data present in the client's SDNP phone directory. In the case of "call out", which is a call to a party that is not an SDNP client, the contact information includes a telephone number. While the CID of the SDNP client is essentially anonymous and only known to the SDNP name server, the telephone number is not concealed. To protect the privacy of the party being called, the telephone number in the C & C payload is encrypted. Alternatively, the entire C & C payload 1621 may be encrypted. While the C & C payload 1621 may be in the form of cipher text, the IP address of IP datagram 1620 cannot be encrypted, and if encrypted, routers 1602A and 1602C cannot route the datagram.

The second step, "SDNP Address Request", is shown in Figure 68, where the SDNP signaling server with the address "IP S" is addressed through the path 1613 with the IP datagram 1622. Contact the SDNP Name Server at. The command and control payload of the datagram defines Layer 4 data transfer as TCP and includes the CID or encrypted telephone number of the party being called. In the case of an SDNP call, the name server 1604A translates the CID into the SDNP address of the client being talked to. In the case of a call out, the name server 1604A decodes the telephone number of the party being called and translates it to the SDNP address of the SDNP gateway closest to the called party's location. As shown in FIG. 69, the name server 1604A then forwards the SDNP address or gateway of the client in the IP datagram 1623 at the address “IP S” from the source address “IP NS” to the signaling server 1603A. .

Subsequently, the signaling server 1603A uses the SDNP addresses of the caller and the called party to make a call between them, which is the closest as a secure connection when the called party is an SDNP client or when the called party is not an SDNP client. Route to the SDNP gateway. The process used to prepare the routing instructions and distribute them to all the media nodes needed to complete the caller's connection is shown in FIG. As shown, the caller's delivery request included in the delivery and urgency field of the C & C payload 1621A, once verified for account information, as shown by operation 1650, the method of delivery of the datagram. It is used to select. Delivery methods, including normal, VIP, guaranteed, or special delivery, affect the routing of packets or sub-packets (when packets are fragmented or fragmented). In VIP delivery, for example, the fastest route is used for data transfer, while the loading of the same route by other clients is minimized. In guaranteed delivery, duplicate data packet fragments are transmitted across the network, i.e. using redundancy, to ensure timely delivery of the fastest packets and to ignore late arrivals. Then, combined with SDNP address data from the C & C payload 1621, operation 1651 maps the optimal route from the caller to the called party's SDNP address or to the nearest gateway if the callee is not an SDNP client. do. Package urgent operation 1652, using urgency request data contained within C & C payload 1621A, to reduce propagation delays in sequence—snail delivery (no need to rush), general undercarriage, priority delivery, and urgent delivery. Select).

Urgent request information is then used to select the routing and zone for sub-packet routing by operation 1653. These parameters, combined with any applicable secure credit credential 1621B, combine to synthesize routing command and control packets via operation 1660. These C & C data packets are forwarded to the last mile participating communication node using TCP specified Layer 4 transmissions, but include routing information when real time data uses UDP as its Layer 4 transmission protocol when used in the delivery. do. For example, the last mile routing made according to the Zone U1 security credential includes a C & C payload 1626 used to route data from client node C _1,1 to SDNP gateway node M _0,0 . It is generated as an IP datagram 1625. IP datagram 1625 is delivered to the SDNP client using TCP data transmission, while C & C payload 1626, referred to as " last mile routing U1 ", includes data used to route packets in real time, It requires the use of UDP as a layer 4 transport mechanism. SDNP C & C packet synthesis operation 1660 also generates many other C & C messages that are delivered as TCP data packets to nodes in the SDNP cloud. One example of a client indication data packet is an IP datagram 1627A that includes a C & C payload 1628A used to route data from SDNP M _0,0 to SDNP M _0,1 . As shown in FIG. 71, this SDNP routing indication packet is sent to a media node comprising client nodes C ₁ , ₁ over serial connections 1612, 1616, and 1610, and SDNP gateway node M across connections 1614. _0,0 and other nodes in the SDNP cloud.

Seeking of a Call is shown in FIG. 72, where a media SDNP datagram 1630, including SDNP data, such as sound, video, text, and the like, is placed on an IP header containing a C & C data packet 1626. SDNP from IPC _1,1 to IP M _0,0 from SDNP client 1600 through last link network connection 1601 to routers 1602A and 1602B and finally across gateway link 1611 Routed to gateway 1601. The identification tag, security zone, preamble, and SDNP data fields together constitute the payload of the SDNP media packet included in the media SDNP datagram 1630.

The simplified network diagram of FIG. 73A shows the routing of the above-mentioned SDNP call, including the mobile phone 32 on which the SDNP app 1335A operates, ie the hypersecurity call from the SDNP gateway M _0,0 to the SDNP client C _7,1 . Is shown. SDNP datagram 1631A, including media payload A and header 1628A, is routed between media nodes having SDNP addresses M _0,0 and M _0,1 . The SDNP gateway 1601 has two addresses-IP address "IP M _0,0 " for last mile communication, and SDNP address "SDNP M _0,0 "-for communication in the SDNP cloud. The content of each SDNP datagram changes as the packet traverses the SDNP cloud, and thus the content contained within the SDNP media payloads (A, B, and C)-sound, video and text are distinctly different, 20 Content from two different conversations or communicators. The mechanism of data routing and packet security in the SDNP cloud is disclosed in US Application No. 14 / 803,869 entitled “Secure Dynamic Communication Network and Protocol,” which describes the content and encryption of data packets that are anonymously moved through the SDNP cloud. How it changes dynamically and continuously, and only converges within the client's device.

Thus, SDNP datagram 1631B including media payload B and header 1628B is routed between media nodes having SDNP addresses M _0,4 and M _{0, f} . Data exiting the SDNP cloud through the SDNP gateway 1601B is converted from the SDNP datagram to the IP datagram 1632. IP datagram 1632 with header 1628C and SDNP media payload (C) uses a secure credit certificate for zone U2, which is the zone containing the last mile. IP datagram 1632 is then routed through the last mile via wired or fiber link 24 to network router 27, and then through cellular network 25 and cellular link 28 to the mobile phone. do. Since the cell phone 32 is an SDNP client, communication over the last mile maintains hypersecurity. In this simplified example, all data packets leaving the cloud over the last mile are routed from a single SDNP gateway 1601B. Indeed, more than one SDNP gateway may be used in last mile data routing.

Last mile communication for “call out” is shown in FIG. 73B. Although routing through the SDNP cloud uses the same SDNP datagrams 1631A and 1631B, as in calls to SDNP clients, SDNP gateway 1601B is the last server running SDNP software. Thus, the last mile of the communications in a call-out and use of the IP datagram having a non -SDNP payload, i.e. PSTN, the IP datagram (1635), from the IP gateway in the IP address IP M _0,0 C _7,9 It is routed up to carry VoIP type sound. The PSTN then converts the VoIP call format to a conventional telephone number using the analog sound in telephone # and sound packet 1636. In such case, the last mile does not constitute hypersecurity communication.

In the multipath last mile communication shown in FIG. 74, the command and control data packets distributed by the SDNP signaling server 1603A are transmitted to the client 1600 via the data links 1612 and 1610, 1625X. C & C data packet 1627X transmitted to SDNP gateway 1601X over data link 1614X, and C & C data packet 1627Y transmitted to SDNP gateway 1601Y over data link 1614Y. Another C & C data packet (not shown) is sent over the data link 1614X to another server hosting the media node. From address "IP S ", a C & C data packet 1625X is transmitted from address " IP S " to address " IP C _1,1 " containing C & C payload including last mile routing U1. Last mile routing (U1) has two different routing instructions—a routing instruction from “IP C _1,1 ” to “IP M _0,0 ” with tag 1 and preamble 1, and an “IP C with tag 2 and preamble 2”. _1,1 " to " IP M _0,1 " The C & C data packet sent to a communication node in the SDNP cloud, shown as an example, includes the one sent from "IP S" containing the indication SDNP cloud routing 1 to "IP M _0,0 ", and SDNP cloud routing 2 _Which is transmitted as "IP M _0,1 ".

SDNP Group Call -The last mile media packet routing from the SDNP client 1600 to the multiple SDNP gateways, shown in FIG. X) and two data packets 1630X and 1630Y containing SDNP data (Y). Data header 1626X with tag 1 and preamble 1 is routed from address " IP C _1,1 " to " IP M _{0,0 &} quot ;, while data header 1626Y with tag 2 and preamble 2 is address " IP " From C _1,1 " to "IP M _0,1 ".

As shown in FIG. 75B, data flowing backwards from the SDNP cloud to the client using multi-path communication includes header 1626U, tag 8, preamble 8, SDNP data (U), source address SDNP gateway address M _0, Data packet 1630U including ₀ and destination address "IP C _0,0 ". Currently, the data also includes a data packet 1630V including a header 1626V, tag 9, preamble 9, SDNP data (V), source address SDNP gateway address M _0,0 , and destination address "IP C _0,0 ". It includes. The SDNP application program running on the SDNP client 1600 then recreates the message text or voice (sound) by combining the incoming data packet SDNP data (U), SDNP data (V), and others.

C & C data packet delivery of routing indications can be extended to initiate three-way or group calls, group messaging, and other multi-client communications. In such group communicators or "conference calls", client messages are sent to multiple recipients simultaneously. This group function is initiated by the caller, and the caller's request for the group call first defines the group of clients to contact, and then, by the signaling server, how to handle routing of data packets associated with the particular group call. Instruct the requested media node. An example of a group call routing is shown in FIG. 76, where the signaling server 1603P sends routing instructions over the data link 1614A to the SDNP client 1600A and over the data link 1614Z for many media servers in the SDNP cloud. Communicate with (1600Z).

Thus, a TCP data packet 1627A containing last mile routing U1 is forwarded from the signaling server 1603P at address " IP S1 " to the SDNP client at address " IP C _1,1 " "Set" the group currency. The C & C data packet provided by the exemplary TCP data packet 1627Z is the SDNP cloud for zone Z1 from the signaling server address "IP S1" to the various destination addresses "IP M _{0, y} " over the data link 1614Z. Are distributed simultaneously throughout. Collectively, the SDNP cloud routing indication establishes packets routed from the caller's gateway to two or more other SDNP gateways that are located closest to the SDNP client being called throughout the SDNP cloud.

As shown by way of example, other SDNP clients may be located in different geographic areas and may be in separate secure zones, such as zones U7 and U9. In some cases, such a client may be sufficiently far from the signaling server 1603P, and thus another signaling server 1603Q may be used to plan packet routing for such SDNP clients. Signaling server 1603Q communicates routing instructions in zone U9 to SDNP client 1600M over data link 1614M and to SDNP client 1600L over data link 1614L. The C & C data packet 1625M, for example, communicates the last mile routing indication U9 from the signaling server located at "IP S4" to the SDNP client 1600M located at the address "C _9,1 ". Another C & C data packet (not shown) is similarly sent to the SDNP client located at address " IP C _9,4 ". The data packet 1627H containing instructions for last mile routing U7 is located at address " IP C _7,1 " from the signaling server 1603Q located at " IP S4 " Is sent to 1600H.

Signaling servers 1603P and 1603Q located at nodes S1 and S4 also exchange information as C & C data packets over data link 1613z. This information configures which part of the routing will be performed by the signaling server 1603P and which part will be performed by the signaling server 1603Q, essentially dividing the routing task across multiple signaling servers. In the example shown, signaling server node S1 manages last mile routing for zone U1 and for the SDNP cloud, while signaling server node S4 manages last mile communication within zones U7 and U9. do.

The routing of data during a call or a communicator is shown in FIG. 77A, where a voice accompanied by SDNP data 1 in data packet 1630A has an IP address " IP C _1,1 " To the nearest SDNP Gateway Media Node M _0,0 . The data packet is repackaged for SDNP cloud transmission and sent to gateway media nodes M _0,4 and M _0,8 . Pathway packet routing taken in the SDNP cloud is unknown to any of the conference call participants, has no central control and changes dynamically depending on network conditions. In this example, all SDNP data packets in the SDNP cloud use fragmented meshed data transmission with anonymous addressing and dynamic encryption, as well as dynamic scrambling, mixing, separating, junk data insertion and removal. In the example shown, the cloud transmission directs incoming communication at SDNP gateway node M _0,0 to another gateway, in this case to SDNP gateway nodes M _0,4 and M _0,8 .

The data packet 1630H carrying the voice of the caller, i.e., SDNP data 1, exits gateway node M _0,4 and, using header 1626H, uses an area U7 security credential to identify " IP M _{0, From} the media node at ₄ " to the client 1600H at "IP C _7,1 ". The header 1626H was supplied to the client 1600A in the C & C data packet 1627A before preparing the media data packet, as described in FIG. 76. In this way, all media packets carrying real time data can be prepared without delay when the content is ready for data transmission. In a real-time network, large QoS relies on timely routing of dynamic data. Otherwise, an unacceptable long propagation delay may result.

When routed through the SDNP cloud, the SDNP Data 1 payload is sent to the zone (U9) conference call participants, from the gateway media node M _0,8 to the client IP addresses "IP C _9,1 " and "IP C _9,4 ". That is, SDNP-clients (1600M and 1600L) are delivered. These last mile data packets 1630M and 1630L are preamble 9 information, key used to carry identification packet tags, tag 8, and tag 9, SDNP embedded indication used to recognize content associated with the same conversation. Headers 1626M and 1626L that specify the " L4 " data field used to specify layer 4 transmission as UDP. Although the data routing instructions delivered by the signaling server to ensure accuracy use the TCP transport protocol, the media packet content represents real-time data, and thus advantageously uses the UDP layer 4 protocol instead of TCP.

FIG. 77B shows the same conversation in which content from zone U7 client 1600H takes place-that is, when client C ₇ , 1 starts speaking. In order to contrast this data with voice content from clients C _1,1 , the payload is identified as "SDNP data 5" in every data packet. In addition to the specific payload, the only change from the previous schematic is that the last mile source and destination IP addresses for the data packets 1630H and 1630A are swapped. Specifically, for zone U7 SDNP users, the source IP address for data packet 1630H is changed to IP C _7,1 , and the destination is SDNP gateway address IP M _0,4 . In zone U1, the called party destination IP address for data packet 1630A is changed to IP C _1,1 , and its source address is SDNP gateway address IP M _0,0 . That several conference call participants can speak at the same time and that client node C whose data packets from SDNP client node C _1,1 sent to other call participants, including client node C _7,1 , respond to client node C _{1,1 It} should be understood that for _7,1 can occur simultaneously.

At network level 3 of last mile communication, no data collision of opposite traffic occurs. However, in physical and data link layers 1 and 2, last mile communication may include time division to prevent contention for the same communication link. However, such coordination occurs quickly, so that communication is likely to appear to be in a completely simultaneous manner, with no delay in the voice packet. 77A and 77B, the direction of data flow shown for zone U9 client remains unchanged, ie data flows from the cloud to the client. However, in FIG. 77C, zone U9 client node C _9,1 begins to speak. In this case, client nodes C _9,4 , C ₁ , ₁ , and C7 _{, 1} all become receivers of the voice, that is, SDNP voice data 6.

In the alternative embodiment shown in FIG. 78, the group call may include a mix of "call out" calls for SDNP calls to SDNP clients and for regular telephone numbers. Similar to the call or communicator shown in FIG. 77A, the media node M from the caller whose voice accompanied by SDNP data 1 in the data packet 1630A has the IP address " IP C _1,1 " Routed to the nearest SDNP gateway containing _0,0 . The data packet is repackaged for SDNP cloud transmission and sent to gateway media nodes M _0,4 and M _0,8 .

In the example shown, the cloud transmission directs incoming communication at SDNP gateway node M _0,0 to another gateway, in this case to SDNP gateway nodes M _0,4 and M _0,8 . The data packet 1630H carrying the voice of the caller, i.e., SDNP data 1, exits gateway node M _0,4 and, using header 1626H, uses an area U7 security credential to identify " IP M _{0, From} the media node at ₄ " to the client 1600H at "IP C _7,1 ". The SDNP Data 1 payload is also delivered to the conference call participant via gateway media nodes M _0,8 . Last mile communications from these SDNP gateways can be applied to PSTN 1, which includes two different types of connections, specifically a hyper-secure connection to the SDNP-client (1600M), and a conventional telephone system that does not use VoIP or packet protocols. Contains a secure "call out" connection. The last mile data packet 1630M delivered to zone U9 SDNP client at address "IP C _9,1 " carries an identification packet identifier tag 9, SDNP embedded indication, used to recognize content associated with the same conversation. Header 1626M that specifies the preamble 9 information, key, seed, and the like used for the purpose of specifying the " L4 " data field used for specifying layer 4 transmission as UDP.

Gateway node M _0,8 also sends an IP packet 1635 to PSTN 1 at address IP C _7,9 . Instead of carrying a payload containing SDNP data 1, in this case the IP payload was converted to a VoIP sound package, which could be intercepted by packet sniffing. Then, in the telephone switch system, PSTN 1 shows this unsecured IP packet by POTS data 1636 containing the telephone number followed by a continuous analog circuit connection between telephone 37 and PSTN 1. Convert to an analog POTS phone connection to phone 37. Because these and any other call out connections are not hyper secure, the content carried by the call out last link is at risk of hacking, wire taps, and other surveillance techniques. If some hierarchical structure that defines the access privileges of the client is not implemented, the security of the entire call can be compromised by the weakest link, which means that everyone on the group call can hear everything.

These points are shown in the table shown in FIG. 79A, where the group call, along with the participant callouts at the telephone numbers “Ph # 1” and “Ph # 2”, includes SDNP network client nodes C _1,1 ,. _{Hypersecurity} participants on C _7,1 , C _9,1 , and C _9,4 . As shown, SDNP clients C _1,1 are group hosts, SDNP clients C _7,1 , C _9,1 are participants, which means they listen and speak, and SDNP clients C _9,4 are "listeners." Which means that they listen to the call but cannot speak or the participant can listen in. The participant at the call-out telephone number “Ph # 1” is also a participant who can also listen and speak, while at “Ph # 2” The participant of is only authenticated as a callout "listener" and cannot speak in a group call The group host, when setting up the call, defines these listening and speaking privileges, i.e. user authentication.

Referring back to the table, in a column named regular call, everyone on the group call, i.e., the caller authorized by the host, can listen to the call. A caller who wants to hack a call and is not authorized by the host does not have the ability to connect or break into the call or even determine whether the call is taking place. The same method can be applied to group chats, where participants can read and write messages, but observers can only read comments and not embed their text in the chat.

When utilizing authentication and identity verification to control network access made in accordance with this disclosure, the SDNP system provides privacy features that cannot be used in conventional group chats and group calls. This feature is created by selecting a private mode, for example by clicking on a lock symbol or other privacy icon, before writing or speaking text. In such a case, the communication is sent only to the authenticated SDNP client, not to the SDNP client whose identity has not yet been verified through authentication and not to any callout listener or participant on the unsecured device. These points are set out in the table above, where in private calls under the column labeled "Unauthorized SDNP Client", all group call clients are muted while both their microphone and speaker are "Authenticated SDNP Client". In the column marked ", all SDNP clients can listen and participants C _1,1 , C _7,1 , and C _9,1 can also speak, but all callout devices have their microphones and speakers muted. This means that only authorized SDNP clients in private mode can hear and speak. In this way, a group call with a mix of securely identifiable SDNP clients, and a callout connection with an unknown party can participate in the public part of the call, but does not expose confidential information to the callout device. By clicking on any SDNP participant's private icon under Talk or Text Writing, the “call out” caller can simply be removed from the private discussion. At the end of the private discussion, the private buttons are released and they are reconnected. During times when call-out callers are not connected, that is, essentially placed in "waiting for a call," the SDNP system can play atmospheric music, be quiet, or play white noise (such as waves or rain).

Text messages in group chat can also be managed in the same way. In a regular group chat, all text messages are sent to the SDNP app on the SDNP client device and sent to all callout chat members by SMS text message. Text messages can only be sent by participants. Text messages sent from "listener" or "diary only" chat members will be ignored and not forwarded to the chat group. If the participant clicks the lock or privacy icon before sending the message, the message will be sent only to the SDNP client and not to all callout clients. At the SDNP client receiving the private message, if they authenticated their identity, the message could be shown for reading. If they do not authenticate their identity, the message will be concealed, covered, hidden, or displayed with an icon, for example a lock, until the observer performs the identity verification.

By combining the privacy privilege and identity authentication regulated by SDNP network system authentication, hacking of the device is insufficient to open private text or listen to private calls, even in group chats and group calls. This feature cannot be guaranteed by relying only on device security parameters-information that can be hacked locally. System parameters are much harder to deceive because fake security and identity credentials will not match the system log and will be rejected as an invalid SDNP client.

Additional degrees of privacy can also be added to the execution of group calls and group chats. This specific embodiment of the hyper secure last mile described in the table shown in FIG. 79B is referred to herein as a hyper-private call or hyper-private chat. Hyper-Privacy requires callers or message acknowledgments against four criteria:

* All recipients of the communique on the group call must be SDNP clients, not call-out devices.

* The call or text should be chosen a priori as a hyper-private communion, whether call, text, video or the like.

* Recipients of the Communique on group calls or chats must have an authenticated connection to ensure their identity.

* The recipient of any hyper-private communicator must be pre-selected as a "private" participant or private listener.

Although the first three criteria are essentially the same as those in the example of the private party in the aforementioned group call, any Tohaja who is entitled to receive the fourth criterion, the hyper-private call or text, is " The requirement that a list of predefined clients as private "SDNP clients be loaded further restricts access to specific and sensitive information. For example, as shown in bar form, SDNP participant clients C _1,1 and C _1,1 , and SDNP listener client C _9,4 are all designated as "private" parties in a group call. In contrast, SDNP client C _9,1 is designated only as a participant, but not as a private participant. By definition, a call participant or listener cannot be registered as a private party.

As in the previous example, during a regular call, all participants, SDNP Clients C _1,1 , C _7,1 , and C _9,1 and Call Out Participant Ph # 1, can hear all conversations and read all text messages. In addition to being able to speak and write text at any time, "listeners" including clients C _9,3 and Ph # 2 can listen to all conversations and view text, but can speak or send messages in group calls or chats. Can not. However, in a hyper-private call, selecting a switch or icon to designate a hyper-private communication automatically blocks all unauthorized parties on a group call or chat, as well as any party other than the "private" party. Disable it. It also disables all callout connections and all unauthorized users. Thus, in operation, when any private participant selects a privacy icon, only the private participant (including the private group host) can view, read, speak, and write text about the group. All other parties' microphones and speakers are muted and likewise cannot receive or send text or attachments to the group. Specifically, in hyper-private mode, once authenticated, clients C _1,1 and C _7,1 can both hear and speak as well as read and send text, while private clients C _9,4 listen to the conversation. Can only read group text.

With the last mile routing control capability described above, group calls and group chats can be managed in any number of ways. For example, a group call host can determine who can join a call or group, who can speak or write text, and who can only listen and read. In a standard private call, the choice of private mode enables all SDNP clients and, once authenticated, joins the communicator with the same privileges they have during standard non-private group communication. In hyper-private mode, only SDNP clients defined as private participants and private listeners can communicate during hyper-private mode operation.

The choice of a person who is qualified for a portion of the hyper-private community, i.e. a person identified as a private participant or listener, and a person who is not, may be configured in several ways. In ad hoc hyper-private group communication, the group host determines who is the private caller and who is not. In SDNP "system defined" hyper-private group communications, the SDNP network operator determines in advance who is the private caller and who is not. In rule-based hyper-private group communication, the SDNP network defines rules for determining who is eligible and who is not a private caller. These rules can be based on company employment lists, for example, only vice presidents and above can participate in hyper-private calls. In government and security agencies, criteria may be established by national security permits, passport numbers, police badge numbers, and the like. The SDNP-enabled last mile communication method defined herein may support any of these example scenarios, or may use any other criteria for dividing a population into two groups, whereby a hyper-private commune Configure groups with and without access.

While such concepts may be extended to more than one group, hierarchical access criteria may generally be better applied to navigation manager-based professional communication systems than to telephony. As such, the application of the SDNP method for professional communication will not be described further herein.

One challenge for group calls is when everyone wants to speak at the same time. Overlapping speech can be confusing, difficult to hear, and can also cause unwanted noise. This problem can be solved by using the push-to-talk feature, which is a function that mimics a walkie-talkie or CB radio. In a push-to-talk or PTT operation, only one participant can speak at a time. When the participant wants to speak, pressing the switch causes the network microphone to mute everyone so that all other parties in the group call are in listen-only mode. As shown in FIG. 80A, in a regular PTT conversation, when the host presses the PTT button, as shown in the column labeled Host PTT, they take precedence over the group call, even when another caller presses their speak button. It takes precedence over other callers. All other callers' microphones, including call-out phone connections, are automatically muted and only become listeners. If the host does not press his PTT button, the PTT capability is handed over to any other SDNP participant in order of execution, as shown in the column labeled “Other PTT”. SDNP nodes and callout devices designated as listeners, such as C _9,4 and Ph # 1, can hear PTT conversations during the entire group call, but their microphones are muted.

When using SDNP last mile capability to identify a caller whose identity has been authenticated to the network, the PTT feature may be extended to private push-to-talk functionality. Each time a privacy feature or icon is selected, all unauthorized parties are removed from the group call and their speakers and microphones are muted. Callout connections by regulation cannot be authenticated and are therefore also muted. Silence is bidirectional and prevents the excluded party from listening to the conversation, but also separates the microphone of the excluded participant. In the case of an authenticated party, the operation proceeds in the same way as a regular PTT, where the host has priority to speak, otherwise any authenticated participant may have the PTT talk feature in order of execution.

The table of FIG. 80B shows that the hyper-private group call can be extended to the PTT function. In normal operation, the PTT functionality is the same as in the case described above. However, in hyper-private mode, only authorized parties previously designated as private participants or private listeners can participate in the hyper-private conversation. For example, in hyper-private mode, SDNP clients C _9,1 and C _9,5 are blocked from speaking or listening because they were not previously listed as private participants or listeners. Similarly, all callouts connected to the device are muted during hyper-private mode operation. In this way, access to various parties in a PTT group call can be explicitly controlled. Silence is the process of excluding some participants (eg, call-out listeners) from receiving data packets carrying the sound of the conversation, while continuing to supply data packets for unmute participants. In this disclosed method, data packets are individually sent to all participants in a normal conversation and only to a subset of the list when silence is activated by the user of the client.

In an alternative embodiment, the data packet is transmitted to all participants in the group call in broadcast mode, but using different cryptographic methods. In the case of a typical conference call, a data packet is sent to all users using a cipher, where every participant has a copy of the cipher key. In the private mode or silent mode, data packets broadcast to the user use different females, and only the user selected here shares the cryptographic key. The person with the key can participate in the call and the person without it is excluded. The advantage of using broadcast packets is that they require a narrower bandwidth in last mile communication than sending a separate packet request. In another embodiment, a single packet is sent to the gateway and the signaling server duplicates the packet for distribution to all participants in the normal call mode and to the selected caller in the private or silent mode.

Hyper-Secure File Storage -Although secure dynamic communication networks and protocols have been invented and developed as hyper-secure communication systems for telephony and real-time data transmission, the SDNP network and protocol-specific security mechanisms are perfectly suited for hyper-secure file and data storage. Do. In its simplest description, an anonymous fragmented data of scrambled encrypted data, in which the hyper-secure call is from one caller to another, ie in end-to-end communication from one SDNP client to another SDNP client. In the case of transmission, the hypersecurity file and data storage can be thought of as a communication stored in the buffer indefinitely until interrupted and recalled in between. Another name for hypersecurity distributed file storage is disaggregated data storage.

This simplified explanation that storage is communication interrupted in the middle of packet delivery is technically more accurate than originally thought. In the above-mentioned U.S. Application No. 14 / 803,869, the temporary buffering of data packets until another packet arrival is clearly disclosed and operatively described. Although buffering within the nodes of the SDNP cloud occurs on a millisecond scale, rather than months, the SDNP system has the ability to wait or maintain data without losing the information being restored to restore the original content. Of course, such a simplified implementation does not have the specific features required for long-term file management such as directories, menus, file recycling, renewing security credentials, and other such features.

An example of data transfer from a client to a fragmented data storage network is shown in FIG. 81. As shown, the SDNP client 1700A with IP address IP C _1,1 sends a series of data packets through the SDNP cloud, corresponding IP addresses IP F _7,1 , IP F _9,1 , and IP F _9, It transmits the SDNP file storage server (1700H, 1700M and 1700L) having _4. In operation, client node C _1,1 sends a series of data packets 1730X with corresponding header 1726X from address IP C _1,1 to SDNP gateway M _0,0 . Data packet 1730X is illustrated by data packets 1730H, 1730L, and 1730M with corresponding headers 1726H, 1726L, and 1726M. To ensure accuracy, Layer 4 transmissions use TCP instead of UDP. The packet includes Tag 1, Tag 2, and Tag 3, in the case of the SDNP Zip or other ID marked Tag X, Data Packet 1730H, 1730L, and 1730M, used to identify the packet for routing. The payload portion of each packet carries specific data within, for example, three partial fragmentation files SDNP file 1, SDNP file 2, and SDNP file 3. The secure credit proof within the last mile uses Zone U1 information with the corresponding preamble 1.

When a data packet enters the SDNP cloud, the data packets are routed to different destinations according to their identity and indication of a signaling server (not shown). Data packet 1730H with header 1626H and tag 1 carrying SDNP file 1 is routed to SDNP gateway node M _0,4 . SDNP gateway node M _0,4 then routes packet 1730H to file storage node F _7,1 using the secure credit credentials for zone U7. On the other hand, a packet 1730L having its ID as tag 2 carrying SDNP file 2 is independently routed to SDNP gateway node M _0,8 . SDNP gateway node M _0,8 then routes packet 1730L to file storage node F _9,4 using security credentials for zone U9.

At about the same time, a packet 1730M with its ID as tag 3 carrying SDNP file 3 is also independently routed to SDNP gateway node M _0,8 , and shares the same mesh routing path as the data packet with ID of tag 2. It is not necessarily necessary. Then, the SDNP gateway node M _0,8 also routes the packet 1730M to the file storage node F _9,1 using the secure credit credentials for the zone U9.

In this way, SDNP file 1 is delivered to storage node F _7,1 using a secure credential for zone U7, while SDNP file 2 and SDNP file 3 share both secure credentials for zone U9. File storage nodes F _9,4 F _9,1 , respectively. Although the file is owned by client node C ₁ , ₁ , the client does not have access to the secure credit credentials used to encode and protect the contents of the file. Because one file storage node does not contain all the data, and because the client who owns the data does not have access to the secure credentials used to store the data, hackers are hard to steal the contents of the file (i ) They are fragmented into pieces that are inconsistent and unusable, (ii) all files use different security credentials for scrambling and encryption of data, and (iii) they are stored at different locations and on different last mile networks (Iv) it is not known that various stored data come from the same SDNP source file. The zone containing the file storage server is also referred to as the "storage side" zone to distinguish from the zone in which the file owner is located, ie the zone on opposite sides of the SDNP client. By this definition, zone U1 is an SDNP client zone, also referred to as a "file owner", while zones U7 and U9 are "storage side" zones.

The application of the SDNP network communication protocol to file storage is further directed to the flowchart of FIG. 82A showing a " write operation ", which is a general step for the SDNP client and file owner to store, i.e., record, the data in a hyper secure file storage server. Is shown. As shown, the SDNP client 1700A performs an SDNP split operation to generate a multi-part file or document, which is a three-part file including the pulsed files 1706A, 1706B, and 1706C in the illustrated example. 1057 and parsing function 1052 are used to segment the unparsed file 1705. Optionally, the contents of the file can be scrambled before splitting. These three files are then transmitted across the SDNP network as irrelevant data or communicators. The steps involved in routing to the final destination across the SDNP network utilize the same method disclosed herein for hyper secure last mile communication and described above for mesh routing in the SDNP cloud. Specifically, last mile hypersecurity transfer 1707 uses secure credit credentials according to zone U1. Hyper-secure meshed transmission 1708 in the SDNP cloud uses Zone Z1 secure credit credentials. Although this hyper-secure data transfer operation is shown in large blocks, packet transmissions are described in this disclosure using a distributed system that is actually without a master key, no central control, and no access to packet content. Occurs across a network of routers, servers, and soft-switches.

Although zone (U1) last mile routing may include transmitting data packets across an infrastructure that includes a limited number of routing choices, multi-PHY last link routing, routing of sequential packets to multiple SDNP gateways, and The method described for hyper-secure last mile communication, including the use of dynamic source addressing, ie the use of the name of the IP address of the changing client, can equally be applied to the hyper-secure file storage operation. When a data packet arrives at the SDNP cloud, its transmission uses anonymous mesh routing with dynamically scrambled encrypted data to prevent monitoring of file content or even metadata associated with the communication. Finally, all three data packets have different SDNP file storage servers 1700H, 1700M, and 1700L with corresponding SDNP node names F _7,1 , F _9,1 , and F _9,4 located within different security zones. ) After network transportation, parsed file 1 is processed according to zone U7 file security operation 1709A and stored in SDNP file storage node F _7,1 . Parsed files 2 and 3 are processed according to zone U9 file security operations 1709B and 1709C and are stored in SDNP file storage nodes F _9,1 and F _9,4 . In this way, one file does not contain all of the data, and a single security credential does not unlock all component files in order to recreate the original.

In the "read operation" of the hypersecurity stored file shown in FIG. 82B, the sequence of data transfer between the file storage server and the SDNP client, i.e., the file owner, is reversed. Reading the hypersecurity file includes undoing the process in which the file was originally stored in the reverse order, which process comprises (i) identifying a parsed file within each storage server, and (ii) each parsed file. Removing local storage security provisions from the file, (iii) transferring each restored parsed file back to the SDNP client across the SDNP client and the hypersecurity last mile, and (iv) transferring the parsed file to various related Collecting from the communicator, and (v) merging (unpartitioning) the parsed file using the client's local security credentials to restore the original file and, if applicable, scrambling. do.

Further describing the described hypersecurity file "read operation", in order to restore the parsed file 1, the relevant content of the file storage server 1700H stored in the file storage node F _7,1 is stored in the zone U7 file security operation ( 1709A). Independent of parsed file 2 or 3, parsed file 1 is operated by hyper secure transfer operation 1708 using zone Z1 secure credit credentials, and then zone U1 last mile hypersecurity transfer operation 1707. Is communicated back to the SDNP client node C _1,1 using the example cloud shown in simplified form. At the same time, in order to recover parsed file 2, the relevant content of file storage server 1700M stored in file storage node F _9,1 is processed using zone U9 file security operation 1709B. Independent of parsed file 1 or 3, parsed file 2 is accessed by hyper secure transfer operation 1708 using zone Z1 secure credit credentials, and then zone U1 last mile hypersecurity transfer operation 1707. Is communicated back to the SDNP client node C _1,1 using the example cloud shown in simplified form. On the other hand, in order to restore the parsed file 3, the relevant contents of the file storage server 1700L stored in the file storage node F _9,4 are processed using the zone U9 file security operation 1709C. Independent of parsed file 1 or 2, parsed file 3 is accessed by hyper secure transfer operation 1708 using zone Z1 secure credit credentials, and then zone U1 last mile hypersecurity transfer operation 1707. Is communicated back to the SDNP client node C _1,1 using the example cloud shown in simplified form.

Independent packet routing of three component parsed files during a read operation is illustrated in FIG. 83, where server node 1700H carries SDNP file 1 and sends data packet 1731H with ID “tag 7”. And transmit from the file storage address IP F _7,1 to the SDNP gateway server at the address IP M _0,4 using TCP transmission. The packet 1731H includes a header 1725H that includes preamble 7 and other information previously provided in the command and control packets delivered by the signaling server in tri-channel communication.

On the other hand, the server node 1700L carries a SDNP file 2 using TCP transmission, and stores the data packet 1731L having the ID "tag 9" from the file storage address IP F _9,4 at the address IP M _0,0 . Send to SDNP gateway server. The packet 1731L includes a header 1725L that contains preamble 9 and other information previously provided in the command and control packets delivered by the signaling server in the tri-channel communication. Independently and simultaneously, the server node 1700M, using a TCP transport, carries the SDNP file 3 and sends the data packet 1731M with the ID "tag 8" from the file storage address IP F _9,1 to the address IP M _0. It also transmits from ₈ to SDNP gateway server.

The packet 1731M includes a header 1727M that includes preamble 9 and other information previously provided using command and control packets delivered by the signaling server in tri-channel communication. The three data packets 1731H, 1731L, and 1731M use the zone Z1 security credit credentials to secure the SDNP cloud until they finally come out of the SDNP gateway M _0,0 hosted by the SDNP cloud server 1701U. The data packet in the SDNP cloud server 1701U is traversed to the client device at address IP C _1,1 by a continuous data packet 1731X using the corresponding zone header 1729X and zone U1 security credentials. 1700A).

Referring back to FIG. 82B, after three parsed files 1, 2, and 3, i.e., 1706A, 1706B, and 1706C, are delivered to the SDNP client device 1700A using independent routing, they are mixed operations 1061. ) Is merged into one unparsed file 1795 and, where applicable, an unscrambled operation (not shown) is subsequently performed according to the zone U1 security credential.

Without adding additional file server operations to the stored data, secure operations 1709A, 1709B, and 1709C actually include last mile hypersecurity communication between the SDNP cloud and the corresponding storage-servers 1700H, 1700M, and 1700L. As a byproduct of Layer 3 network connectivity using the SDNP communication protocol, SDNP file storage is inherently hyper-secure and stored across distributed nonvolatile data drivers, including the use of data deception methods such as junk data insertion and junk files. It includes scrambling, fragmentation, and encrypted data. In addition to the data security methods described above, hyper-secure storage as disclosed herein has no meaningful metadata, no traceability to the file owner, no routing to forward the file, or lossy components from the source file of principle. Use an anonymous file name without the identity of any other file storage server that maintains it.

Despite the physical realization of the storage server, namely its layer 1 PHY implementation and layer 2 transport, information interoperability on the SDNP network, the protocol does not significantly affect storage functionality, access time, or global accessibility. can be changed. 84A illustrates the physical realization of an SDNP file storage server, including by way of example a top view showing SDNP gateway 1701B connected to SDNP file storage server 1740A via router 27. For greater network performance and additional resilience to attacks, the optical link 91 without intervening routers is used to show the direct connection between the SDNP gateway 1701B and the SDNP file storage server 1740A. As shown in the lower limit example, the file storage server may include a large memory array having a server controller 1740B and storage drivers 1740C and 1740D. The drive can include any media, including hard disk drivers or flash drive based nonvolatile memory. To further restrict access, the SDNP gateway and SDNP file storage server may be physically located within the same location and facility as the fiber link connecting them. They can even share a common space, for example, can be physically locked in an arched ceiling, and access control is strictly managed and surveillance can be monitored for everyone entering the facility.

84B further illustrates that some portions of the fragmented data file may be stored locally at the file owner's site. As shown, the file owner's desktop 36 is: (i) a local file storage server 1740A accessed over a WiFi router 1352 connected to SDNP gateway node M _0,0 on server 1701A, (ii) A distributed file can be stored across several devices, including a file storage server 1740B connected to the SDNP gateway node M _0,4 , and (iii) a file storage server 1740C connected to the SDNP gateway node M _0,8 . . Because data is fragmented when stored across distributed drives 1740A, 1740B, and 1740C, although the local file server 1740A and file owner desktop 36 share the same WiFi 1352, the notebook 35 Other devices, including the tablet 33 and the mobile phone 29 do not have access to the stored files.

The process of specifically storing each parsed portion of a file on a separate file storage server, referred to as non-duplicate hypersecurity file mapping, is shown in FIG. 85A. As shown, client device 1700A comprising SDNP client nodes C _1,1 includes parsed files 1, 2, and storage nodes F _7,1 , F _9,1 , and F _9,4 , respectively, and Corresponding to the one-to-one file mapping between the three, the file 1706 parsed only on the file storage server 1700H, the file 1706B parsed only on the file storage server 1700M, and the file storage server 1700L. Store the parsed file 1706C only). The transfer of files uses hyper secure last mile communication to secure the storage of the data as well as the transfer of the data. One disadvantage of non-duplicate file mapping is that the loss of either of the file storage servers risks file access and restoration, temporarily or permanently. In the context of the present application, the terms “resilient” and “resilient” are used to define guaranteed and timely access to stored data, i.e., that the stored data is not lost or that access is not lost for a significant duration. Used to define confidence. By this token, the non-redundant hypersecurity file mappings shown show poor resilience, because a single point of failure prevents file access. Bad resiliency can be overcome by redundant systems, where the same data is stored in more than one file storage server. Another metric that describes or evaluates the resiliency of a data storage system is defined herein as a Read Redundancy Factor (RRF), which is a term that defines the number of backup systems that provide data access when primary data storage is not available. Dimension. In the example shown, there is one location of each specific data piece. This results in a read redundancy factor of zero, or mathematically RRF = 0, meaning that a single point connection or file server failure can result in temporary or permanent data loss because the file cannot be read by the file owner. do.

An alternative file mapping with a read redundancy factor of RRF = 1 is shown in FIG. 85B. In this example, parsed file 1 is stored at file storage server nodes F _9,4 and F _7,1 , and parsed file 2 is stored at file storage server nodes F _9,1 and F _7,1 and parsed. File 3 is stored in file storage server nodes F _9,4 and F _9,1 . In such implementations, if file storage server node F _9,1 is damaged or unavailable, parsed file 3 can still be accessed from file storage server node F _9,4 , and parsed file 2 is file storage It can still be accessed from server node F _7,1 . Thus, the failure of any one storage node will not prevent read access to the hypersecurity file. 85C shows hypersecurity file mapping with RRF = 2. The file mapping maintains the file storage servers 1700L, 1700M, and 1700H, but the second set of file storage servers (to realize the file server storage nodes F _8,2 , F _4,4 , and F _6,8 , respectively) 1700J, 1700E, and 1700F). Thus, file storage server 1700J acts as a backup for file storage server 1700L, file storage server 1700E acts as a backup for file storage server 1700M, and file storage server 1700F is a file. Acts as a backup for storage server 1700H. Although the example shown includes a file parsed into three sections, it will be appreciated that the document can be parsed into a larger number of sections if desired. To ensure hyper-secure storage, the principle file should not be parsed into sections of less than two and ideally into sections of less than three.

In order to describe the process of enabling storage and reading of duplicate files using hyper secure file storage, it is advantageous to describe the transactional sequence of communication and file delivery functions placed on the SDNP network used to facilitate the storage process. The network shown in FIG. 86 is, for example, a client device 1700A implementing client node C ₁ , ₁ , a router 1702G, a signaling server 1715 implementing SDNP node S, and implementing SDNP node NS. Name server 1714, cloud server 1701U implementing SDNP client nodes M _0,0 , M _0,4 and M _0,8 , and SDNP file storage nodes F _7,1 , F _9,4 , and F _{9 And} SDNP file storage servers 1700H, 1700L, and 1700M, respectively, to realize.

In FIG. 87A, the client device 1700A at address " IP C _1,1 " includes a C & C payload 1711A, and again contains a data packet (a description of the file size and the requested level of security and redundancy). 1710A makes a file write request to the signaling server 1715 at the address " IP S ". In FIG. 87B, signaling server 1715 sends data packet 1710B to name server 1714 to request the IP or SDNP address of file storage server nodes F _7,1 , F _9,4 , and F _9,1 . do. The selection of a file address server node to use may be chosen at random from a list of storage nodes, or based on one node that is available geographically near the client or based on a node within a disaster free area. The selection may also be based on performance parameters such as the node's unused memory capacity, the propagation time to the file storage node, the node's uptime reliability rating, or other such considerations. In FIG. 87C, the name server 1714 sends a data packet 1710C containing the IP or SDNP address of the file storage server nodes F _7,1 , F _9,4 , and F _9,1 to the signaling server 1715. Send. The signaling server 1715 then calculates the last mile and meshed cloud delivery of the parsed file for the file storage servers 1700H, 1700L, and 1700M.

In FIG. 87D, signaling server 1715 sends data packet 1710D to client device 1700A, which is routed from address “IP S” to “IP C _1,1 ” through router 1702G. Data packet 1711D is the last mile routing for impending file delivery in zone U1, the client zone, specifically Tag 1, Tag 2, and Tag 3 of each packet (marked as "tag X" for brevity). A C & C payload 1711D that includes routing of multiple packets from the address " IP C _1,1 " to the SDNP gateway _at " IP M _0,0 " At the same time, signaling server 1715 also sends data packet 1710E to SDNP gateway 1701U, which is routed from address "IP S" to "IP M _0,0 ". This packet uses the Zone Z1 security credential for the packet with ID tag X, in this case from the SDNP gateway address "SDNP M _0,0 ", for example the address "SDNP M _0,5 " (not shown). A C & C payload 1711E showing the SDNP cloud routing to the next node in the cloud. In accordance with a secure dynamic communications network and protocol, the routing of data packets throughout the SDNP cloud using meshed anonymous fragmentation transmissions is dynamically selected based on the current conditions of the real-time network. Specifically, the routing in the SDNP cloud of real-time data packets arriving at any SDNP gateway depends on the node-to-node propagation delay in the SDNP cloud and the urgency of each real-time data packet assigned by the signaling server.

In FIG. 87E, the signaling server 1715 transmits the C & C data packet to the last mile node located on the storage side, i.e., to the zones U7 and U9. As shown, data packet 1710F is sent to SDNP gateway M _0,4 , the packet is routed from address "IP S" to "IP M _0,4-- ", and the packet is data with tag 1 C & C payload 1711F that communicates that the packet should be expected by gateway node M _0,4 , and when received, should be forwarded onto the last mile address “IP F _7,1 ”. The second data packet 1710G is forwarded from the signaling server 1715 to the storage server 1700H located at address " IP F _7,1 ". The C & C payload for storage in zone U7 defines an entry packet with this ID tag 1 from source address "IP M _0,4 ", but the destination field is empty because the node's function is storage and not communication. Is maintained, i.e. filled with invalid values. If command and control data packets are distributed over the network, file delivery can occur.

88 illustrates fragmented data transfer during file hyper-secure storage, where the client device 1700A uses a TCP data transfer to carry a series of data packets 1712X carrying SDNP data files 1, 2, and 3; Transmit from the address "IP C _1,1 " to the SDNP gateway located at the address "IP M _0,0 ". Each data packet has a specific identifier ID, namely tag 1, tag 2, and tag 3. This file is then transferred from the SDNP cloud to other gateways, ie to the SDNP gateway nodes M _0,4 and M _0,8 . A packet containing SDNP data 1 arriving at gateway node M _0,4 uses a TCP with zone (U7) security credential to transmit a data packet from address " IP M _0,4 " to " IP F _7,1 " Data 2 and 3 packets arriving at gateway node M _0,8 are sent from address " IP M _0,8 " together with zone U9 security credentials in data packets 1712B and 1712C. Are sent to addresses " IP F _9,4 " and "IP F _9,1 ", respectively. In order to prevent data scanning of the drive, the storage also includes local encryption in the file server. This encryption process is local and not related to SDNP security regulations. The contents of the data packet SDNP data 1, SDNP data 2, and SDNP 3 contain the actual fragmented files that are stored.

The preamble in each data packet, for example preamble 1 in data packet 1712A, may also include an encryption key supplied by the client as part of the symmetric key encryption operation. Using symmetric key encryption, SDNP client node C _1,1 generates a partitioning key, which is for encryption and its complement for decryption. The symmetric encryption key is then supplied to the file storage server node F ₇ , 1 carried in this example by the data packet 1712A. In the future, whenever a client requests reading or accessing the contents of a stored file, file storage server node F _7,1 uses this encryption key to encrypt the requested file before sending the file back to the client. Since only the client has an associated decryption key, only the client can open the readout. Although this method provides an extra layer of protection, only a single client can access the file as a read operation, and many needed to help duplicate access if the original client device is stolen, damaged, or lost. It has the disadvantage of preventing the use of the client file "owner".

Approximately at the time of the data delivery and file storage process, the signaling server 1715 also sends an indication to the file storage servers 1700H, 1700L, and 1700M in connection with the "link response" message routing. The link response is a data packet and C & C payload that confirms to the client that the write operation was successful and that the storage of each parsed file is complete. This message is sent to the client file-owner, independent of each file storage server associated with the storage of the parsed file delivered. The file server sends its write-acknowledgement to the client, independent of each other's unknown, and the write-communication response uses an independent security credential that includes a specific state different from the operating state at the time of the recording operation. Is sent. The routing of this link response message does not necessarily use the same reverse path of the routing path that was used to deliver the file. Such a response is likely used by the cyber-attacker as a backtrack to find the owner of the file.

Instead, the link response uses the packet ID to identify to the client that the stored file was part of the same file and was stored as part of the same fragmented write-operation.

In operation, the signaling server sends routing for the link response message to the file storage server, to the client file-owner, and to all intermediate SDNP nodes involved in link-response message routing. The signaling server 1715 coordinates the link response message routing using the data packet containing the command and control payload, as shown by the example of FIG. 89A, for example the file storage server 1700H Receive a data packet 1721G containing a C & C payload 1722G containing header data for "link 1 response" routing from IP F _7,1 to address IP M _0,4 . SDNP gateway node M _0,4 routes routing of Tag 1 data packets from address " SDNP M _0,4 " to other nodes in the SDNP cloud (not shown) in this case at address " SDNP M _{0,14 &} quot ;. Receive a data packet 1712F that includes a C & C payload 1722F that describes. Similarly, signaling server 1715 file stores a data packet 1721M that contains a " link 3 response " tag 3 packet last mile routing indication from address "IP F _9,1 " to " IP M _{0,8 &} quot ;. Send to server 1700M. While storage-side last mile routing for data packets and their corresponding link response messages may be the same or similar, routing of response messages through the SDNP cloud is most likely due to the dynamic nature of the SDNP cloud.

The actual routing of link response messages from participating file storage server nodes is shown in FIG. 89B. As shown, file storage server 1700H responds with a data packet 1720A identified by tag 1 and carrying the payload " FS Link 1 ". The packet is routed from the address " IP F _7,1 " to the SDNP gateway located at " IP M _0,4 " using the zone U7 security credential. From the SDNP gateway, the Tag 1 data packet is routed through the SDNP cloud to the client side gateway located at address " SDNP M _{0,0 &} quot ;, where the address is translated into last mile data packet 1720X, zone U1 Using a secure credential and using a TCP transport carrying Tag 1 data, i.e. preamble 1 and FS link 1, it is routed from address "IP M _0,0 " to address "IP C _1,1 ".

In a similar manner, file storage server 1700L responds with a data packet 1720B identified by tag 2 and carrying payload “FS link 2”. The packet is routed from the address " IP F _9,4 " to the SDNP gateway located at " IP M _0,8 " using the zone U9 security credential. From the SDNP gateway, the tag 2 identified data packet is routed through the SDNP cloud (not shown) to the client-side gateway located at address "SDNP M _0,0 ", where the address is translated into a last mile data packet 1720X. From the address "IP M _0,0 " to the address "IP C _1,1 ", using a zone U1 security credential and using a TCP transmission carrying Tag 2 data, i.e. preamble 2 and FS link 2. Is routed.

A third piece of parsed file identified by tag 3 and carrying payload “FS link 3” is sent from file storage server 1700M via data packet 1720C. This Tag 3 packet is routed from the address " IP F _9,1 " to the SDNP gateway located at " IP M _0,8 " using the zone U9 security credential. From the SDNP gateway, the tag 3 identified data packet is routed through the SDNP cloud to the client side gateway located at address " SDNP M _{0,0 &} quot ;, where the address is converted into a last mile data packet 1720X, and the zone ( U1) Routed from address " IP M _0,0 " to address " IP C _1,1 " using a secure credit certificate and using a TCP transport carrying tag 3 data, ie preamble 3 and FS link 3.

89C shows an example of the content of FS link data packet 1720A routed back from file storage server 1700H to the client and file owner. As shown, the data packet is from the address "IP F _7,1 " using TCP in the packet with the ID tag 1 generated in the security zone U7 to the SDNP gateway located at the address "IP M _0,4 ". It includes last mile routing. The response preamble 1917A includes a description of the data payload 1741A and also includes an optional security credential that is used to implement or enhance the security of the FS link data packet 1720A delivered to the client. However, in three-channel communication, the response security credential contained within the response preamble 1917A is generally not required and is not associated with being used by the client to access and open the hyper secure storage file later. Instead, the access credentials required to create a link from the client to the file stored at file storage node F _7,1 are included in data field 1741A, which includes:

Specific network tags, SDNP addresses, or pseudo-addresses required to identify the file storage server where a portion of the fragmented file is stored.

* A description of the zone that defines the security credential used to encode files in the "storage side" security zone (not the client's zone).

* A seed that may contain the numeric seed or time or state 920 required during encoding of the file prior to storage.

A seed 2 which may include a numeric seed 929 used to perform file encoding as part of the save operation.

A key comprising a decryption key 1030 for decrypting a zone U7 “storage side” encryption 1. This key may be used with a shared secret maintained within a DMZ server operating as part of a file storage server; It may represent a partial decryption key that can only be operated with other secure credit credentials, such as a numerical seed.

A key comprising an encryption key 1022 sent to the client and used to send a security indication from the client to the file storage server using symmetric key encryption.

File name or other information used to help the client identify the save file without revealing how to save it.

The foregoing data packet is used for illustrative purposes and should not be understood as limiting the content of the data packet to the exact element or format as shown in the examples. The FS link 1720X received by the SDNP client node C _1,1 , once received from a file storage server participating in fragmented file storage, is processed to create a file link for the client's device. As shown in FIG. 89D, this operation combines the FS links 1741A, 1741B, and 1741C using a blending operation 1753, thereby creating an FS link total “file store read link” 1754. . The file save link 1754 is placed on the client's hyper secure text manager or file management system for easy single-button recall of the hyper secure file. Hypersecurity behavior is not visible to the user. The file owner need not be concerned about the fact that the file was actually fragmented, encoded, and stored across a distributed file storage system. File recall appears to be that the file stays locally. As such, FS links are key elements for accessing any file stored across a distributed file storage system.

A simplified diagram of FS link communication is shown in FIG. 90A, where three file storage servers send their respective FS links to client nodes C _{1, 1} and corresponding client device 1700A, specifically file storage. Server 1700H transmits FS link 1, file storage server 1700M sends FS link 2, and file storage server 1700L sends FS link 3. Within client 1700A, SDNP app software in client node C ₁ , ₁ , combines the three incoming FS links 1, 2, and 3 to form a link to the stored file. This combined link appears in the SDNP messenger as a file save confirmation. In non-duplicate file management, FS link information is sent only to the client device. For user file management, file links may be named at the time when file storage was requested or upon receipt of a confirmation message.

Since the file store link is sent to the client directly from the file store server and not through the signaling server, only the client with the link has access to the file. This FS link is needed to recall and read fragmented files. Without the FS link, the stored file and its contents will be forever lost and irreversibly irreversible. To reduce this risk that an FS link can be lost, an alternative approach sends the FS link to two client devices-a client device and a secondary device. The secondary device may be a second device owned by the client or, in the case of a business, a second device owned by the company. Alternatively, the second device may include another server with its own login security and user identification.

Duplicate link access to fragmented distributed stored files made in accordance with the present invention can be applied to both read redundancy, ie, RRF> 1 and non-duplicate file storage systems. The use of redundant links in a hypersecurity distributed memory system without read redundancy (RRF = 0) is shown in FIG. 90B. In such a system, file mapping between parsed files 1706A, 1706B, and 1706C and corresponding file-storage servers 1700H, 1700M, and 1700L are non-redundant. As shown, FS links 1, 2, and 3 are two client devices: client device 1700A hosting SDNP client node C _1,1 and secondary client device hosting backup client node C _2,1 ( 1700B). If one of the FS links is lost or unavailable for any reason, the FS link on the backup client can be used to restore the file. In this regard, the SDNP distributed storage system describes a non-duplicate read implementation of single link redundancy, ie, RRF = 0 and LRF = 1.

An example of a hypersecurity memory that includes both read and link redundancy is shown in FIG. 90C, where parsed files 1, 2, and 3 are mapped to two file storage servers, respectively, thus reading read redundancy factor RRF = 1. And achieve link redundancy factor LRF = 1 with each FS link sent to two clients. The immunity of the storage system to both read and link related features means that the system can be considered as a truly redundant hypersecurity file management system with an overall storage redundancy factor SRF = 1. Storage redundancy factor (SRF) is defined herein as the same redundancy factor as the smallest of RRF and LRF. For example, when RRF = 0 and LRF = 1, SRF = 0. Instead, when RRF = 3 and LRF = 2, the overall storage redundancy is SRF = 2. In order to implement the overall system SRF = 3, each parsed file must be stored in four separate file storage servers (as shown earlier in FIG. 85C), and the FS link must be sent to four separate clients. .

Thus, the overall storage redundancy factor (SRF) is a direct means of recovery from failure of distributed storage systems. This principle is summarized in the graph of FIG. 91, where the abscissa describes the # of the file storage server used in the file storage system, and the ordinate describes the number of FS links sent to separate clients. As shown, a single file storage server does not have redundancy, ie RRF = 0. Increasing the number of file storage devices improves read redundancy but does not affect link redundancy. Conversely, sending a link to a single client does not provide link redundancy, ie LRF = 0, regardless of the number of file storage servers available. In either case, i.e. in one storage server or one client link, the total storage redundancy factor (SRF) = 0, which indicates that the file storage system is resilient, as schematically illustrated by the L-shaped region. It means not.

As shown, as shown previously, storing a three partial parsing file on three file storage servers results in a read redundancy factor (RRF) = 1. If at least two clients receive the FS link, link redundancy of LRF> 1 is achieved. The combination of LRF = 1 or RRF = 1 creates L-shaped region 1724B, where SRF = 1, ie, provides some system resiliency. Even if six servers are used, if the FS link is sent to only two clients, the system still shows a limited degree of resiliency, ie SRF = 1

By sending the FS link to three clients and storing the data in duplicate at six storage servers, region 1724C creates a condition where SRF = 2 provides a very strong degree of storage resiliency. Region 1724D shows further resiliency improvement, where SRF = 3 uses six file storage servers and four clients to receive the keys. Thus, the bottom row and the leftmost column have the lowest storage resilience, and the upper right corner has the best storage resilience.

Hyper-secure distributed file storage made in accordance with this disclosure achieves long term sustainable security by constructing, ie re-using, a number of elements according to the invention from SDNP communication. Such elements according to the invention include:

Parsing files and distributing their fragmented content across a large number of unrelated networks connected to file storage servers,

* Transferring files between the client and the file storage server using end-to-end hypersecurity communication, including SDNP dynamic scrambled and encrypted anonymous fragmented data transmission without a master key,

A "client side" last mile secure credit that the storage server does not have access to the client security credentials used to initially fragment and encode the stored data, i.e. the file storage server needs to decode, access or read the file. Storing fragmented files in a file storage server in a manner that does not have proof,

A "store" where the client (file owner) does not have the security credentials required to decode the stored data, except over a secure link, i.e. a "client side" last mile used to locally encode the file. Selectively encoding fragmented files within the storage server in a manner that does not have a side " last mile secure credit certificate,

Limiting the number of file store links needed to locate and open a file, and restrict user access to such links to the file owner's client device with any duplicate or backup device,

* Requiring client multi-factor authentication and identity verification to execute file links and perform read or delete operations,

By using anonymous data packet routing and anonymous file names, whereby the use of file links for data recall does not expose information about the location and encoding of hyper secure file storage, except that the routing information is Not stored in the SDNP network or hyper secure file storage system,

* Using fragmented file server locations and using anonymous identities not known to clients, SDNP networks, or other storage servers, except via file storage links, fragmented files can be sent to a large number of storage servers. Spread over,

Using triple-channel communication, the SDNP signaling server used to plan file routing for distributed storage does not have access to the content of the fragmented file or the secure credit credentials used to encode the file, The SDNP media node used to deliver the content uses a single hop SDNP data packet that does not have the identity or address of the client or file storage server,

* Use dynamic file renaming and data relocation at regular intervals and after repeated file accesses, replaying the encoding of security credentials at the time of file rewriting operations, and retrieving file storage server directories to prevent file analysis. Encrypt locally.

Using the foregoing, lack of any recognizable file identity; The use of fragmented files distributed across a network (possibly on a global scale); And the use of zone-specific secure credit credentials makes it unthinkable to access and reconfigure hyper secure stored files without access to file storage links. Such FS links, distributed over a limited number and only through SDNP communication systems, are more secure by identity verification.

Execution of the foregoing features for hypersecurity file storage can be provided schematically, in the same manner as in hypersecurity communication using the functional symbols shown previously in FIG. 9A. For brevity, any combination of scrambling 926, junk data insertion 1053, parsing 1052 and partitioning 1057, and encryption 1026 using state or time, as shown in the upper diagram of FIG. This may be provided as the SDNP encoding function 1750. Similarly, encoding function 1751 includes decryption 1032, blending 1061, junk data removal 1053B and unscrambling 928 using state or time 926B.

In using the security function described above, the top view of FIG. 93A shows the process of distributed file storage with client-side encoding. As shown, file 1705 is parsed (1052) and partitioned (1057) to produce a parsed file 1706 in client device 1700A used to realize SDNP client C _1,1 . The resulting fragmented file is then encoded using the Zone U1 security credential by the SDNP encoding operation 1750B for last mile communication performed in accordance with the methods disclosed herein. Subsequently, the file fragment conveyed in the serial or multi-path last mile communication is received by the SDNP gateway M _0,0 , and the SDNP decoding operation 1751C according to the zone U1 security credential for restoring the parsed file 1706. Is decoded using The parsed file 1706 is then re-encoded by the SDNP encoding operation 1750C according to the SDNP cloud zone Z1 security credential. During the meshed transmission, after a series of zone Z1 decoding and encoding operations in the SDNP cloud (not shown), the final data packet arrives at each SDNP gateway, including, for example, gateways M _0,8 , The SDNP decoding operation 1751D restores the parsed file 1706 and re-encodes it using the SDNP encoding operation 1750D according to the zone U9 security credential. In the example shown, the parsed file 1706 is then fragmented (split) into two files, and fragmented files 2 and 3 of the parsed file 1706 are then restored using the SDNP decoding function 1751E. Stored in file storage servers 1740B and 1740C, respectively. In this way, if a data file stored within a file storage server is fragmented but not fragmented (except for local drive encryption), the file can be accessed by a cyber attack on the drive data. Thus, security is achieved by file fragmentation and distributed storage.

By using the process shown in the bottom view of FIG. 93A, which shows the process of distributed file storage with full client-side encoding, a large degree of file security is achieved. As shown, the file 1705 is processed by the SDNP encoding operation 1750A, so that the encrypted, parsed file (scrambled) within the client device 1700A used to realize the SDNP client C _1,1 1706). Operation 1750A also includes dividing file 1706 into three fragmented files 1, 2, and 3. Fragmented files 1, 2, and 3 are then encoded using the Zone U1 security credential by the SDNP encoding operation 1750B for last mile communication performed in accordance with the methods disclosed herein. Subsequently, the file fragments conveyed in serial or multi-path last mile communication are received by the SDNP gateway M _0,0 and sent to the area U1 security credential that restores the scrambled, encrypted, parsed file 1706. Accordingly, it is decoded using the SDNP decoding operation 1751C. The parsed file 1706 is then re-encoded by the SDNP encoding operation 1750C according to the SDNP cloud zone Z1 security credential.

During the meshed transmission, after a series of zone Z1 decoding and encoding operations in the SDNP cloud (not shown), the final data packet arrives at each SDNP gateway, including, for example, gateways M _0,8 , The SDNP decoding operation 1751D restores the scrambled, encrypted, parsed file 1706 and re-encodes it using the SDNP encoding operation 1750D according to the zone U9 security credential. Fragmented files 2 and 3 of scrambled, encrypted, parsed file 1706 are then restored using SDNP decoding function 1751E and stored in file storage servers 1740B and 1740C, respectively. Thus, files are secured not only by fragmented and distributed storage, but also by some combination of scrambling, junk data, and encryption known only to the client's secure area. In a similar manner, file 1 is sent to gateway M _0,4 via the SDNP client, where the file is stored in file store 1700H in zone U7 as shown for packet 1712A in FIG. 88. do.

In both examples described, a greater degree of security can be achieved by eliminating the final SDNP decoding operation 1751E shown in the diagram of FIG. 93B. In this manner, files stored on the file storage server are encoded and maintained by the SDNP encoding operation 1750D using the zone U9 security credential. In the upper figure, the file is fragmented by the client but encoded according to the storage-side security credential for zone U9. In the lower figure, the file is encoded according to the client side secure credential U1 and then secondly according to the storage side secure credential for zone U9. In addition to being secured by fragmented and distributed file storage, double encoding of such files represents nested hyper-secure storage, in which files encoded by zone (U9) security credentials are encoded by U1 security credentials. This is because it includes files. An advantage of nested security as disclosed is that neither the client nor the storage server have the necessary information to open the storage file.

A gist of an exemplary method of hypersecurity disaggregated file storage is shown in FIG. 94. In the example shown, the encoding and decoding used for hyper-secure communication and SDNP client routing are removed to show only the net effect of file encoding. The upper left corner represents the case of client zone fragmentation, where the document is fragmented according to the zone U1 security credential, but without any additional security provisions imposed by the storage side of the network. The lower left corner represents the case of client zone encoding, where the document is encoded by operation 1750B, ie scrambled, junked, fragmented, encrypted according to zone U1 security credentials, It does not introduce any additional security provisions on the storage side.

The upper right corner shows the case of client zone U1 fragmentation, where additional steps of SDNP encoding, ie scrambling, junk insertion, fragmentation, and encryption, are introduced to the storage side according to zone U9. The lower right corner shows an example of a fully nested hyper secure file store, where the file is encoded and fragmented according to the SDNP encoding operation 1750B with zone U1 client side secure credit credentials, and then the file is stored last. Secondly encoded according to Mile's U9 Secure Credit Proof.

For the recall and reading of the file, the data recall must use a secure operation that includes an inverse function that is executed in the exact reverse order of encoding, as shown in FIG. In the upper left case, to recall client zone fragmented data, parsed file 1706 recalled from different file storage servers is recombined using merge operation 1061 to restore original file 1705. In the lower left case of recalling client zone encoded data, access the original file 1705 using the SDNP decoding operation 1751H, which is an exact inverse function of the segmentation operation 1750B including blending, decryption, and unscrambling. To be recovered, parsed file 1706 recalled from different file storage servers is recovered. In the upper right case for a storage zone encoded, client zone fragmented file, the inverse operation returns the effect of the zone U9 security credential to restore the parsed file 1706 to restore the parsed file 1706. Is performed first, followed by a file merging operation 1061 to cancel the effect of the file dividing operation 1057 created according to the zone Z1 security credential.

In the lower right example for reading a fully-nested hypersecurity file, the data stored on the different file storage servers are decoded by the SDNP decoding operation 1751D using the zone U9 security credential, and the zone Z1. As you see, it reconstructs the file 1706, which is still a multipart file that is scrambled, junked, parsed, and encrypted. Zone Z1 specific SDNP decoding operation 1751H then performs a sequential inverse function of encoder 1750B, which is an operation that includes blending, decryption, and unscrambling to recall the original file 1705. . Executing a sequential reverse function to restore a file must be done in the reverse order of the sequence used to create it. For example, if the encoding includes segmentation, followed by scrambling, and then encryption, the opposite or inverse function, i.e., decoding, must include an operating sequence of decryption, then unscramble, and then mix. However, if the decoding involves scrambling of the packet, then encryption, and then partitioning, the opposite or inverse function, i.e., decoding, must include a sequence of mixing, then decrypting, and finally unscrambled the data packets.

To perform a file recall or "file read operation", the client merges the files by clicking on the "File Save Read Link" to initiate the steps necessary to recall and read a file stored in the system's hyper secure file storage system. Perform the link. The reading process includes the following steps as shown in FIG. 96A:

The file owner and client 1700A or an authenticated user clicks on a "store file read link" within an SDNP application, such as SDNP enabled hypersecurity messenger 1196, file manager, or other SDNP enabled interface.

Using the dialog interface 1765 or optionally command line instructions, the client 1700A reads the file, edits the file (makes a copy of the file with write privileges), removes (delete) the file, refreshes the link (secure credit). Proof reissue), or redistribution of the file (moving file fragments to different file storage servers and forwarding a new file store read link to the file owner client or clients).

In “Client Verification” operation 1762, the SDNP signaling server 1715 verifies (authenticates) the client or clients requesting the file. Using dialog box 1767, the client must verify its identity using a PIN, or optionally a second factor that detects the device or security token. Alternatively, the SMS text can be sent to another device owned by the same client. In files requiring access authorization by multiple clients, the identity of every user must be verified (multi-authentication).

In a “validation privilege” operation 1763, the signaling server 1715 confirms that the requesting client 1700A is authorized to access the request file with read or read / delete privileges (authentication). Before confirming whether the user still wants to download or read the file, the result is displayed in dial box 1768. If the identity is not verified, the requestor may be instructed to try again. After the specified number of failed attempts, the file manager 1700Z (if any) will recognize the failed attempt and lock the account. The dialog box may inform the user of the problem and allow them to contact the file manager, or, alternatively, if the hacking is suspected, the box may be blank or even release the user completely from the SDNP application.

In document request management operation 1764, SDNP signaling server 1715 informs storage manager 1700Z regarding the file access request and the nature (management) of the request. These administrative steps may (i) be omitted entirely, (ii) log file access requests to the file storage manager's account, and (iii) send a message to the file storage manager immediately indicating the attempted file access. Or (iv) request the file storage manager's approval via dialog box 1769 before the client requesting the file is granted access.

After this authentication, authentication, and administration (AAA) step, upon approval, the client uses the steps shown in the flow chart shown in FIG. 96B, shown here to be used as a read request for the illustrated purpose. Request access to. These steps include the following:

In read request operation 1770, the requesting client 1700A sends a file read request to the SDNP signaling server 1715.

In storage server name request operation 1771, the SDNP signaling server 1715 sends a file storage server name request to the SDNP name server 1714 to indicate the current SDNP of the associated file storage server, e.g., file storage server 1700M. Request an address. According to the SDNP method, the SDNP address for the SDNP client (including the file server) is changed at least once daily to prevent long client traceability.

In store name forwarding operation 1772, SDNP name server 1714 forwards the requested file name “FS address” to SDNP signaling server 1715, whereby SDNP signaling server maps the file recall routing.

In routing indication operation 1773, the SDNP signaling server sends the file routing indication to the client 1700A, to a node in the SDNP cloud, such as the server 1700U, and to a state or time 920, numeric seed 923, decryption. Zone-specific secure credit credentials, such as file storage server 1700M with zone U9 security credit credentials including a key 1030, and an optional encryption key 1022 (used in symmetric key encrypted communication). To the file storage server.

In a local file restore operation 1774, when using applicable security credit credentials that include state or time information specific to the creation of a file, the DMZ server within every storage last mile decodes and records the parsed file, Arrange the data into one or more data packets in preparation for transport.

In file delivery operation 1175, each parsed file is delivered to the requesting client using independent delivery across the SDNP network in accordance with the routing instructions of the SDNP signaling server, for example, here the file storage server 1700M. Sends the file to the client 1700A.

The incoming parsed data file is further decoded according to the client zone security credential, and the parsed file is merged to recreate the original unparsed file prepared for observation or delivery.

Such steps are represented by the sequence of the figures below. In FIG. 97A, a client device at address “IP C _1,1 ” uses data packet 1810a, which includes a TCP transport, file related header information, and a C & C payload 1811A that specifies two or more FS links. To make a file read request to signaling server 1715 at address " IP S ". The FS link describes the location of an anonymously stored file fragment using a tag or pseudo address that must be translated into an SDNP address or IP address for routing. However, signaling server 1715 does not know the current SDNP address for this named user ID, and must request current information from SDNP name server 1714. In FIG. 97B, signaling server 1715 sends data packet 1810B to name server 1714 to retrieve the IP or SDNP addresses of file storage server nodes F _7,1 , F _9,4 , and F _9,1 . request. In FIG. 97C, the name server 1714 sends the data packet 1810C to the signaling server 1715 including the IP or SDNP address of the file storage server nodes F _7,1 , F _9,4 , and F _9,1 . Send. The signaling server 1715 then calculates the last mile and meshed cloud delivery of the parsed file to the file storage server.

In FIG. 97D, the signaling server 1715 transmits the C & C data packet to the last mile node located on the storage side, i.e., to the zones U7 and U9. As shown, data packet 1810G is forwarded from signaling server 1715 at address S to file storage server 1700H at address " IP F _7,1 ", so as to " file 1 read instruction " 1811G. Carries a C & C payload comprising a. This packet uses the U7 security credential to instruct the file storage server to send a file with ID tag 1 from its address "IP F _7,1 " to the SDNP gateway at address " IP M _0,4 ".

Currently, data packet 1810F is sent to SDNP gateway M _0,4 , the packet is routed from address "IP S" to "IP M _0,4-- ", and the packet is a data packet with tag 1 to the gateway. C & C payload 1811F that communicates that should be expected by node M _0,4 , and when received, should be forwarded to, for example, “IP M _0,31 ” using Z1 security credit credentials in SDNP cloud. ).

The second data packet 1810I, which contains the C & C payload including the "File 3 Read Instruction", is sent from the SDNP signaling server 1715 at address "IP S" to the file storage server at address "IP F _9,1 ". 1700M). This instruction instructs the file storage server 1700M to send the file with ID tag 3 to the SDNP gateway at address IP M _0,8 using the zone U90 security credential. Other C & C packets (not shown) likewise send nodes F _9,4 and M _0,8 as well as nodes such as nodes in the SDNP cloud to other file storage servers and gateways.

In FIG. 97E, signaling server 1715 sends data packet 1810D to client device 1700A, which is routed from address “IP S” to “IP C _1,1 ” through router 1702G. The data packet 1810D uses the zone U1 security credential to inform the client of the prediction of a number of incoming data packets with tag 1, tag 2, etc. from the SDNP gateway 1701U at address " IP M _{0,0 &} quot ;. It includes the C & C payload 1811D. Currently, signaling server 1715 also sends data packet 1810E to SDNP gateway 1701U, which is routed from address "IP S" to "IP M _0,0 ". This packet includes a C & C payload 1811E for last mile routing in zone U1 that can be applied for incoming data packets identified as Tag 1, Tag 2, and Tag 3 sent from within the SDNP cloud.

If command and control data packets are distributed over the network, file delivery can occur. A first step of delivery is shown in FIG. 98, where a data packet 1741R comprising FS link 3 is shown in an exemplary state 920, numeric seed 929, decryption key 1030, and encryption key. Information including 1022 is provided to an SDNP decoding operation 1175R. Instead of the SDNP decoding operation 1751R, this information is processed by the DMZ server 1762, where packet decryption 1032R, which is all performed at state 920, is the state when the parsed file was last encoded, Functions include shared secrets such as blend 1061R, reverse-junction 1053R, and unscrambled 928R. Although the encryption key 1022 is not specifically needed for file decoding, it can be used in symmetric key encryption to send the parsed file back to the client and file owner.

File routing and data transfer are shown in FIG. 99, which is a TCP data packet 1720A carrying file 1 from address “IP F _7,1 ” to “IP M _0,4 ” using U7 secure credit credentials, TCP data packet 1720B carrying file 2 from address "IP F _9,4 " to " IP M _0,8 " using U9 security credential, and address " IP F _{9, &} quot _; TCP data packet 1720C carrying file 3 from ₁ "to" IP M _0,8 ". After transmission over the SDNP cloud (not shown), a series of data packets 1720X are delivered from the SDNP gateway to the client address "IP C _1,1 " at address "IP M _0,0 ".

In a read operation, data is loaded into the SDNP app in its "read only" form. As long as the file remains sandboxed within the SDNP application, the file is protected by the features of the SDNP application and network and does not rely on the login process and weak security provisions of the device's operating system. The need for read-only access to private documents is common in business. Files created by the company's finance, legal, manufacturing, engineering, and quality departments often show examples of representing read-only content. In many cases, such company private files must be forwarded to the company executives for review prior to their release, i.e. distributed electronically.

Accidental or early disclosure of the communicated information, accompanied by serious economic and even legal consequences on the liability of the company and the individual to the person concerned, can be prevented. For example, an undisclosed financial report from a public company is a strict secret to its disclosure. In the United States, the FD or "fair disclosure" regulations mean that information must be publicly available to all at the same time without preference. If any external party accesses the information before the public disclosure, it is a violation of Regulation FD. If the court determines that a FD violation occurred because the company neglected its obligation to maintain and maintain the confidentiality of the document, the company would be guilty of the violation, even if there were no insider transactions resulting from selective disclosure. And the person in charge can be personally responsible.

In the SDNP app, to prevent data transfer from one account identity to another account identity, search files are sorted (sandboxed) and, for example, files cannot be swapped between business and personal accounts. Depending on the reader's authentication privilege, the user may or may not be able to download the search file out of the SDNP application and into unencoded storage in device memory.

File downloads outside the SDNP enabled application compromise the security of the file and the data it contains. For data in the SDNP application, access is controlled, user behavior is limited, and both the device and the SDNP network must prove the user's identity. Such multi-layer multi-factor authentication is much more difficult to overcome than the destruction of a simple four-digit pin required to open a phone. In contrast, once a file is downloaded to a computer, tablet, or mobile phone, it is almost impossible to prevent unauthorized access, determine who accessed, or determine who copied the file.

Thus, using SDNP communication, file owners can lock, i.e., sort, sensitive documents and files so that others can read them but not download them to the phone. Additional steps can be used to prevent screen shots or shooting of the LCD display screen. In other cases where security and privacy are not required, the transfer of search files from the SDNP app to the phone's memory is possible and can be used without limitation.

In an editing operation, an editable form of a file can be downloaded into the device and passed to an application program for editing the file. In order to perform file requests and data exchange-in terms of data transfer of the SDNP network-there is no fundamental difference in the SDNP network operation between the file read request and the file edit request, in addition to the operation of the client's SDNP application, and such operations are functional. Is equivalent to As such, the difference between read and edit operations can be considered to be predominantly present in the execution of Layers 5 through 7, including application specific files.

In order to edit the retrieved file, the application may be (i) an embedded application (eg, Simpletext) that is native to the device's operating system, but operated outside of the SDNP application, or (ii) on the device's operating system. , But may be a third party application operating outside of the SDNP application, such as Microsoft Word, Adobe Acrobat, or the like, or (iii) operating inside the SDNP application and not directly accessible by the device or its operating system. have. For example, a company press release can be edited within the SDNP application sandbox but cannot be downloaded into the phone's memory. As an added rule for maintaining business security, any file owned by a business, ie, sandboxed within the SDNP business account space, may be stored in the user's personal SDNP account, even if the personal and business profiles are operated within the same SDNP application. It cannot be delivered to.

After editing, the storage of the edited file on the SDNP file storage server is not overwritten on the existing file unless specifically requested by the file owner.

Instead, the second version is stored in addition to the first version, and the deletion of the previous version requires the user to perform the delete operation. Since hypersecure file storage always requires proof of identity, the process of storing the edited file may include specific system features that are not available from file storage that does not have dedicated hypersecurity network communication. One such specific feature is the signature verification function used to sign and date the file (or stamp / chopping and date in Asia). The signature function may include a registered receipt sent to the document holder and to the original document generator.

In the hyper secure data storage made in accordance with the present invention, the delete operation is to overwrite a random number on all existing parsed files and optionally do it again after 1 hour, thus reducing the small but detectable stored electric or magnetic field. Making the analog fluctuations more obscure. The file record is also overwritten to confuse the file record of the data drive. After deleting the data and file records, the client's data link is destroyed within the client device using the message self-destructive feature of the SDNP system, and any remainder of the FS link is purged from the SDNP system. However, if the file system administrator tracked the activity of that user base with third party software, even if the file itself was not accessed, the administrator still owns the file, its creation date, who and when it was accessed, and deletes it. It can still retain metadata about the history of the file, including when it is done.

The SDNP network and hypersecurity last mile functionality may also support other features and operational procedures for company accounts, not for personal account profiles. As mentioned above, the delete operation in a personal account may include rewriting junk data to a file, purging the driver's index record regarding the existence of the file, and using message self-destruction to a previously fragmented storage location of the file. This involves breaking all FS links. However, in a company account, the file storage administrator may use prior approval, for example, using an approval process similar to the dialog box 1769 of FIG. 96A but sent to the administrator rather than the file owner to permanently destroy the file. You may need it.

If a company's file manager chooses not to allow file deletion, several scenarios may occur, including: (i) The file will not be deleted and a file read link will appear in their SDNP application or SDNP communicator message history. The file owner is notified that the file is retained, or (ii) the file owner is notified that the file will not be deleted, for example, it will be preserved for "archive purposes", but the private file read link may be Using the destructive rule, it will be removed from their SDNP application, meaning that only the file storage administrator can recall in case the owner attempts to delete the file, or (iii) the file owner's personal file read link Use the SDNP system's message self-destruction rules to access their SDNP applications. Would be removed from, they do not notice that the files are being maintained by the company.

Due to the last mile hypersecurity inherent in the operation of the disclosed anonymous fragmented and distributed file storage system, stored files are not searchable without a "file read link", even by the file storage manager. In order for an administrator to gain access to a file, they must be in the corresponding file store read link each time the file is saved and edited. While this level of monitoring is possible for company accounts, the large amount of data generated when tracking every change to every file will always overwhelm every file management system. Intelligent filters possible in the disclosed SDNP system as disclosed only track attempted file deletions. In this approach, the administrator does not monitor the creation of the file, but only tracks attempts to delete the file. Each time a file owner attempts to delete a file, only then, the corresponding file store read link is passed to the administrator's database or console for approval or storage.

By identifying specific employees and contractors that need to be monitored, the database size can be further minimized. For example, if a company is involved in an audit or patent litigation, the parties are generally notified not to delete any relevant data or to delete any files. Using file management features enabled by the disclosed SDNP file storage system, any file deletion attempts by employees involved in the investigation can be tracked by logging the attempted deletion, and "at the time" in some cases. A copy of the file store link can be sent to the file store manager or to an independent investigator. Such a method is advantageous, which limits the amount of data that is monitored, which naturally alerts the administrator to suspicious activity that attempts to cover what is wrong. In order to prevent accidental or erroneous loss of file storage name links by destruction of the device itself of the client and file owner, the use of duplicate file storage links as disclosed above is essential. In the case of a company, backup copies can be maintained on a computer located in a secure office or on a centralized corporate server.

In the case of extreme security, for example in the case of national security, deletion of a file may comprise a number of steps including: (i) overwriting the file with random data, (ii) Copying all other files on the storage drive onto some other storage device, (iii) performing a bulk erase of the drive, (iv) reformatting the drive, (v) storing the driver's storage fields in random numbers Overwriting, and optionally (vi) copying the preserved file back as necessary. Unlike data overwriting of conventional files, the bulk deletion process affects the read-write storage media itself, which naturally randomizes its electrical, magnetic, or optical properties at the molecular level. Bulk erase of magnetic drives can utilize large electromagnets, and bulk erase of flash can heat ICs to high temperatures and possibly expose them to high operating voltage ionizing radiation. Magnetic-optical drives can be bulk erased using large magnetic fields. The rewritable optical drive can be bulk erased using a bright scanning laser that is scanned across the disc format track. In any case, bulk deletion represents an extreme case where the storage media loses data completely after deletion, even at the risk of damaging the storage media and making it unusable again.

Another important factor in a hypersecurity distributed file storage system is maintaining the integrity of file data and link access. In order to ensure the prevention of accidental loss of links, it is sometimes advantageous to rebuild, i.e., re-confirm and reissue, the secure credit proof, the file store read link. Such a process, referred to herein as a "refresh link" command, may be initiated from the client manually or automatically, and may also be initiated from the file storage server after some predefined interval. In the case of a request initiated from a client, the SDNP signaling server communicates command and control packets to the corresponding server. If link refresh is initiated as shown in FIG. 100, the file is in the SDNP state 320X, which is in the " old " state at time t ₁ , which was previously created using zone U9 security credit credentials. Read and decode by the decoding operation 1751F. The file is then re-encoded by the SDNP encoding operation 1750D using the new state 920Y at time t ₂ and stored in the storage drive. The refreshed storage link, eg FS link 3, is then sent back to the file owner, which is the client device 1700A, via the SDNP network. The resulting file contains encoded data updated with zone U9 security credential at time t ₂ . However, the security credentials of the client in the zone U1 used to generate and parse the original file are not updated. In order to read the file, the read operation must first decode the file using zone U9 security credentials in a state corresponding to time t ₂ , and then after the transfer to client node C ₁ , ₁ , the file is Decode the file using the Z1 security credential associated with the time it was originally created.

As another provision for enhanced security, the redistribution file operation moves all parsed files for the selected file storage link to a new or another file storage server. Such an operation may send the parsed file to an entirely new server, or alternatively the file may be redistributed among existing storage nodes. In each case, the security credential is updated and a new file FS link is issued and sent to the client or clients with access to the file. This operation is illustrated by way of example in FIG. 101, where the content of file storage SDNP node F _7,1 in zone U7 is in state 920X, where the state at the time t ₁ at which the file was created. Using the SDNP decoding operation 1751H. The file is then sent over the SDNP network (not shown) to the file storage SDNP node F _9,4 , where the file uses the zone U9 security credit certificate as state 920Y corresponding to time t ₂ . Encoded by the SDNP encoding operation 1750L. The file is then stored and an updated FS link 2 is sent to the file owner and other clients with file access.

Simultaneously with the aforementioned file delivery, SDNP decoding operation 1175L using state 920X, wherein the content of file storage SDNP nodes F _9,4 in zone U9 is in a state at time t _{1 when} the file was created. Is decoded by The file is then transferred over the SDNP network (not shown) to the file storage SDNP node F9, where the file is SDNP encoded using a zone U9 security credential as state 920Y corresponding to time t ₂ . Encoded by operation 1750M. The file is then stored and an updated FS link 3 is sent to the file owner and other clients with file access. In a similar manner, the content of file storage SDNP node F _9,1 in zone U9 is controlled by SDNP decoding operation 1701M using state 920X, which is a state at time t _{1 when} the file was created. Decoded. The file is then sent over the SDNP network (not shown) to the file storage SDNP node F _7,1 , where the file uses zone U7 security credit credentials as state 920Y corresponding to time t ₂ . Encoded by the SDNP encoding operation 1750H. The file is then stored and the updated FS link 1 is sent to the file owner and other clients with file access. In this way, all three files are relocated and a new security credential is issued, and a client with authenticated access is issued a new file store read link based on the updated FS links 1, 2, and 3.

Another essential maintenance function implemented by the hyper-secure file storage system is the operation used to check files that do not have any live links, ie "zombie files." This operation is similar to the refresh link operation except that a file storage server is initiated on behalf of the client or file owner. In operation, each file storage server keeps track of the time since the file was last accessed. If the last action on the file exceeds a specified interval without activity, for example one month, the file storage server contacts the client or clients to check whether the rank is still active. The file storage server may contact the client using the same method used to send the FS link to the client. At the time the file is saved, the file storage server retains the SDNP home or pseudo-address of the client.

If there is no activity for a certain interval, the file storage server contacts the SDNP signaling server in a request to reconfirm that the link remains active. The SDNP signaling server then plans the delivery path of the FS link attestation request for each participating in the file storage server. Each file storage server then sends the request to the client via the SDNP network. All participating SDNP client nodes respond with confirmation that the file link still exists in the device. If the file link is verified, then at that time the client has the option to perform a link refresh. However, if there is no device response, i.e., no active file read link is maintained, the file storage server notifies the administrator that the file link is down or lost, and after a predetermined interval such as one to three months, Delete unsolicited zombie files permanently or irreversibly.

Registered Communications -Another feature of SDNP communications made in accordance with the present invention is the ability of the network to deliver or store "registered communications". Registered communications, including the ability to e-sign and e-chop the communications to establish legal validity, include a secure communication of the communicator as a signed time-stamped message or a hyper-secure storage of a file. It includes. Registered communication also includes the ability to send a "certified message" handshaking method that confirms receipt of the document or file using a signed or chopped time-stamped response. All registered communications are initiated by the SDNP application in the client device, but are authenticated via last mile communication, ie, communication over the last mile of the SDNP network. Any attempt by the client to tamper with the stamp check will result in a mismatch between the message and the network record of the stamp check, ie the return receipt.

Time stamping is an inherent feature of SDNP communication when the time and other specific variables are used by the use of "states" in the SDNP communication, i.e. to establish message specific security credentials in the communicator and in file storage. This point is illustrated in the SDNP Communicator application window shown in FIG. 102, where each text message sent and received indicates when the message was sent, when the message was received, and when the message was read. Has a corresponding set of stamps 1801A and 1801B. Time information including the global time reference established by the SDNP signaling server is delivered to the client via the last mile network. The SDNP client app then integrates the time stamp into the information display.

In a registered communication, the communique generates an official stamp as part of the process. One example of a registered communication process is shown in FIG. 103, where a hypersecurity message is executed, beginning with an optional file attachment step 1802 including a dialog box 1803, in which a message or The client sending the file, i.e., the sender, chooses whether to attach the file to the message and if so, uses the directory browser to find the file. The command dialog 1804 is next used to transmit a registered message according to the dialog box 1805 that has selected whether to use regular or registered delivery. The message is then sent using hypersecure communication made in accordance with the present invention.

At "message accepted" step 1806, the receiving party includes a series of steps necessary to verify their identity to access the message and to send an authenticated receipt confirming the acceptance of the entry message and the file. This process begins with receipt authentication operation 1807, where the receiving client is asked to verify their identity. In the absence of their identity authentication, the receiving party will not be able to access the message, the message will be destroyed and the sender will be notified of the authentication phase failure. In this way, the sender may be warned that the receiving party may have had their device stolen. Once the identity is verified, the receiving party is asked at receipt authentication operation 1808 regarding whether they wish to accept or reject the incoming message and attachment. If the message is rejected, the sender is notified.

If the receiving party accepts the message by selecting 'Yes', they accept the message by selecting an electronic signature (e-sign) and / or by selecting a stamp / e (e- 촙). In order to sign, the receipt management step 1809 must be completed. The sender can specify the required options. In some countries, both law and death are required for legal binding. Subsequent dialog boxes (not shown) instruct the user to place a sign or a letter in the file directory of the device. Alternatively, audio / video recording can be used as confirmation. Recipients are given instructions on what to read during the record. If the message is signed, the message can be shown to the recipient and the attached file can be shown or downloaded according to the sender's requirements.

When accepting a document, a signed time-stamped message receipt 1811 identifying the message recipient, the embedded text and attached file name received, the date and time the message was received, and the e-sign, of A signature, which includes either audio recording, audio-video recording, or some combination thereof, is sent to the sender in notification operation 1810. At the archive receipt option 1812, the sender stores a copy of the signed time stamped message receipt 1811 in a hyper-secure file storage system of the system that receives the file read link 1813 required for the sender to recall the message. Have the opportunity to Alternatively, the message receipt 1811 can be used for download into the sender's device.

The encryption-based security-related issues - Government security agencies are today in the company's accounting fraud, IP theft, cyber crime, hacking, organized crime, drug cartels, the mafia, the Yakuza, an underground Distributors and terrorists can be traced to the caller Any communication system (metaphorically, PayPon) that provides anonymous anonymous communication, i.e. data security and a system that uses encryption to conceal the identity of the caller, is indiscriminate and irresponsible business practice for network operators, application developers, and device manufacturers. It claims to provide

Unfortunately, it is true that communications that rely on encryption to achieve security similarly protect criminals and law-compliant citizens. As noted above, the subject focused on many new stories about the criminal activity of ISIS terrorists and their attacks in Paris and Belgium, using a telephony application program called telegram. Such apps help secure communications using end-to-end encryption, also known as end-user-based encryption. End-to-end encryption is particularly problematic for security authorities because the decryption key is maintained only by two communication parties and not by the intervening network or its operator. Security authorities coping with telegrams argue that large-key end-to-end encryption provides national and even international security risks that allow terrorists to operate secretly using open communications. Friendly claims to telegrams, among other things, support personal privacy.

California, December 2, 2015, killing 14 people and wounding 22 people when the federal judge ordered Apple to assist in "opening" a locked phone allegedly owned by the shooter in favor of the FBI. Privacy debate arose over San Bernardino's shootings. On February 17, 2016, the Washington Post article titled "Apple vowed to reject the FBI's demand for an iPhone crack associated with the San Bernardino attack." Apple and its CEO cited several reasons for not following a court order. The article can be found online (https://www.washingtonpost.com/ world / national-security / us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter / 2016 / 02/16 / 69b903ee-d4d9-l le5-9823-02b905009f99_story.html). Most notably, Apple firmly asserted that because Apple was engineered in such a way that it doesn't have a decryption key, even when officials have a warrant, they can't unlock the new iPhone for law enforcement-essentially end-to-end. There is a fear of another example of end-to-end encryption challenges. Apple claimed that only the user of the phone-or someone who knows the password-can unlock the phone. The government argued that there was no need to unlock the encryption feature, but only to disable the feature that erased the phone's memory after ten unsuccessful login attempts. In an online statement, Apple's CEO, Tim Cook, argued that such could endanger iPhone security. He once said: "Once created," "the technology can continue to be used again on any number of devices. In the physical world, it can open hundreds of millions of locks-from restaurants and banks to stores and homes." It will be the same master key that you can. A reasonable person will not tolerate that. " He goes on to say that "opposing these orders is never frivolous. We think we should raise our voices at the request of the US government beyond the province."

Apple's last point that the US judiciary has surpassed that authority is not a technical position, but a legal debate, and those who reflect the feelings of constitutionalists and privacyists have no reason to let the government monitor communications for no apparent reason. Or asserts that they do not have the legal authority to violate an individual's privacy. In the case of San Bernardino, in particular, it clearly meets certain criteria, but the idea of creating a general-purpose backdoor to open all of the controversial communication devices results in abuse of authority by the authorities. In their February 23, 2016 article, The Atlantic agrees, "Apple is right: the FBI wants to penetrate many phones." The same day, Guardian reported, "Apple claims that the FBI wants to access tens of iPhones."

Oddly, the US Congress took the same privacy-related position. In a follow-up article in Guardian's March 1 issue titled, "The FBI presses the FBI to unlock the iPhone," US planners accused the US Justice Department of violating and invading privacy. . Brad Smith, Microsoft legal counsel, said at the RSA conference in San Francisco, "The path to hell begins in the back door." Smith challenged the computer security industry presented at the rally "to support Apple in this important event."

In that fire, many security experts, including NSA whistleblower Edward Snowden, have announced that unlocking the phone is not as difficult as the FBI claims. In Doron (March 8 and 9) through a video link from Moscow to the Common Cause Blueprint for the Great Democracy Conference, Snowden said: "The FBI said, 'Apple's proprietary technical means for unlocking the phone. "To be fair, this is bullshit." Before the case came to court, the FBI reported that it had already found a way to break through the locked iPhone. On March 29, 2016, an article in Fortune Magazine reported that "The FBI didn't tell Apple how to pierce the iPhone."

The legal and geopolitical consequences of the Apple-FBI case have had a big impact. Under the FBI's precedence, other countries are expected to claim backdoors for all communication devices connected to their networks-including phones carried by US citizens traveling around the world. Also, now that the iPhone has been successfully hacked, criminals will someday discover or re-invent this method for committing new forms of cybercrime and identity theft. To avoid being criminals, the government may try to use the same method to expand surveillance and spy activities, and even different departments within the same government may use this method to spy on each other's activities. As a related story, several governments consider limiting the level of encryption used in end-to-end communication.

Collectively, this event clearly supports the realization that the obvious combination of existing security methods currently available in the public domain does not guarantee both security and privacy, at least without helping criminals and terrorists. The problem arises from relying only on encryption to achieve both network security and end-to-end security and its associated caller privacy. Increasing the security of a text, voice, or file by letting the bit size of the encryption key make any communicator more secure and more difficult to crack. Enhanced security protects business and law-compliant citizens in maintaining security and privacy, and in the fight against identity theft. Unfortunately, the same enhanced security protects criminals and terrorists from detection, without discrimination, allowing them to operate without punishment and without exposure.

This point is shown in FIG. 104A, where the caller 1825A is connected through an unsecured network, such as the Internet 1821, which is subjected to many cyber-attacks, ie, a network that has a "attack surface" of great vulnerability. Communicate to the speaker 1825Q. To reduce the attack surface, encryption 1026 and decryption 1032 are used to form an encrypted pipe or tunnel 1820 having a smaller attack surface than the network 1821. The problem is to determine how large the encryption key should be used. As shown in table 1824, the larger the encryption key, the more combinations there are and the more difficult it is to crack the password. Encryption is used for two purposes: (i) to provide network security to prevent man-in-the-middle attacks, and (ii) to ensure caller privacy through end-to-end security. As shown by line 1823, any improvement in network security results in an improvement in equivalent end-to-end security. While high network security is beneficial in preventing malicious external attacks, excessive end-to-end encryption is a double-edged sword. If a large key size is used, for example AES256 or AES512, the system delivers "top secret" network performance, and of course provides the same level of security for the caller. However, if the caller is a suspected criminal or terrorist, the network operator or government cannot detect or monitor the caller's activity.

Key size conflict is complicated. If the encryption key is too small, the criminal can attack the network and its users as a target. If the encryption keys are too large, criminals can use the network to hide their illegal activity and to neutralize investigators' efforts to detect ongoing fraud and fraud. In a corporate environment, a company's security officer may refuse to end-to-end encryption entirely because it prevents monitoring employee activity or following company investigations and IP litigation.

It is even difficult to determine what size keys are destructible and what security is, depending on the development of the technology. Referring back to table 1824, the number of possible combinations that should be analyzed in brute force attacks is calculated according to the key size of the cipher. A 16-bit key has only 65k combinations, whereas a 56-bit key has 10 ¹⁶ combinations and a 128-bit key has more than 10 ³⁸ combinations. 256-bit keys have a combination of 39 orders of magnitude greater than 128-bit keys. Ignoring the use of pattern recognition, brute force attacks try all combinations to hack code. In EETimes' article "How do I secure AES against brute force attacks?" (Http://www.eetimes.com/document.asp?doc_id=1279619), the author writes in order to launch a brute force attack. Estimate the time needed for a 2012 supercomputer capable of 10.5 petaflops. A petaflop is a thousand points or 10 ¹⁵ floating point operations per second, or a thousand teraflops. Thus, a 56-bit key requires only 399 seconds, a 128-bit key requires 1.02 x 10 ¹⁸ years, a 192-bit key requires 1.872 x 10 ³⁷ years, and a 256-bit key 3.31 x 10 needs ⁵⁶ years.

The time required to overcome brute force attacks also changes. Since the article was written, the world's fastest computers have already tripled in speed. According to a BBC News article dated July 30, 2015 titled "Supercomputer: Obama Ordered the World's Fastest Computer," the investigator found that the target speed of the next-generation supercomputer was 20 times higher than the record-bearing computer. It is reported to be fast, that is, a machine capable of exo-flop per second, or million-million floating point operation. This means that the time required to crack a password will continue to get shorter every year. Another new approach to cracking crypto is to use massively parallel processing, the same method as bitcoin mining. Instead of having a single supercomputer, using thousands or millions of parallel computers allows you to attack at the same time, proportionally reducing time. Today's fastest microprocessors have already surpassed 1.1 teraflops, and the 3,000 top-level microprocessors working together are the same as the fastest computers in the world today. It is required for the realization of exoflop computers with only one million microprocessors. While dedicated ASICs can further compromise security, quantum operations will change computational power by many orders of magnitude.

As a result, large key end-to-end encryption is not a good solution for achieving privacy and security in communication. An alternative approach enabled by SDNP network and hyper secure last mile communication as disclosed herein separates end-to-end encryption from network security. As shown in Fig. 104B, communication between the SDNP clients 1700A and 1700Q representing the caller and the called party, respectively, is executed by the SDNP network 1831. The small attack surface of the network is realized by anonymous multi-path and mesh data transfer using dynamic scrambling, fragmentation, junk injection, and hop-by-hop encryption, routed using triple-channel communication for control. do. Although the last mile communication and every hop in the SDNP cloud includes dynamically changing security credentials, the process is provided in a simplified form by the SDNP encoding operation 1832 and the SDNP decoding operation 1833.

As described by table 1834 and shown by line segment 1830, this method, in various combinations, does not rely solely on encryption, but achieves security equivalent to a secret or top secret encryption standard. Since line segment 1830 is flat, this means that there is no interdependence between end-to-end encryption shown on the y-axis and network security shown on the x-axis. Instead, the network security level can be adjusted from case A to case D by the application of various SDNP security methods. This secure operation is performed by the SDNP software in such a way that the caller and the called party do not know the secure credit credentials used to transmit data packets over the SDNP network 1831 and its various secure zones. In particular, communicating clients do not knowingly participate in the key exchange of any cryptographic last mile network. As a distributed network, the use of encryption in the SDNP cloud is not related to last mile security and there is no master key for such a system. Thus, SDNP network 1831 security does not rely on end-to-end encryption enforced by encryption 1026 and decryption 1032 to create encrypted pipes or tunnels 1820.

The encryption used by the SDNP network 1831 does not need to use a key of the same size as the end-to-end encrypted tunnel 1820. As shown in the graph, commercial and corporate security applications of end-to-end encryption use 128b (such as AES128) shown by dashed line 1835, even when single-hop dynamic encryption in the SDNP cloud uses AES256. Key encryption can be used. In fact, end-to-end encryption can use RSA or other cryptography without compromising network security. The SDNP network 1831 is still protected by AES encryption that follows FIPS 140-2 military grade security, even if it is not an end-to-end encryption tunnel 1820. As described, SDNP network 1831 protects against all external cyber-attacks and man-in-the-middle attacks. End-to-end encrypted tunnel 1820 protects the caller from network operator intervention and other “inside” hacker activity. In this regard, in this disclosure end-to-end encryption is used primarily to ensure caller privacy, not to achieve data packet transmission security.

Since the strength of end-to-end encryption can be increased or reduced or even eliminated without jeopardizing the security of the network, such a method can be configured for a wide range of applications. For example, if the 128b key encryption shown by dashed line 1835 is too strict for small companies or for personal use, the number of bits can be reduced without giving up personal privacy. In military or government applications, the encryption key length can be increased to 192b, 256b or even 512b as needed. In this regard, the disclosed SDNP system overcomes the shortcomings in today's encryption-based calls, providing features that cannot be used by any alternative application, device, or network.

Security Management -Another key feature of SDNP communication is the specific approach to security management. Security management is required in a number of situations, including:

* Monitoring of employee communications conducted in accordance with HR policies or employee surveys;

* Monitoring and recording employee communications in accounting auditing, legal accounting, or accounting reporting support;

* Documentation of intercompany communications as part of merger and acquisition transactions;

* Documentation of intercompany communications as part of an IP or company litigation;

* Complying with the requirements of the communicators and documents under subpoena and scope investigation;

* Follow legal orders for account information, currency and message monitoring, and file access related to national security.

With proper authentication, SDNP network administrators can facilitate access of SDNP network traffic to designated " SDNP Security Agents " for communication monitoring and data monitoring. The process of building and enabling the SDNP security agent includes a multi-layer authorization and authentication process that is mandatory prior to monitoring activities. To prevent abuse, no individual, even the SDNP network administrator, can start monitoring independently. Due to the dynamic nature of SDNP communication as a distributed network with no central control, without the master network key, and with dynamic SDNP encoding and decoding performed using zone-specific security credentials that operate offline within the DMZ server. There is no mechanism for restoring data or recalling a conversation afterwards. Data stays in the SDNP network only for a short duration, typically less than 100 milliseconds. As a distributed system, SDNP networks are designed to have essentially no central control, and even without such central control no metadata of previous calls can be used. Thus, the SDNP network only supports a priori security monitoring, which means that monitoring by the designated SDNP security agent must be established before intercepting the community.

In addition, due to the dynamic nature of fragmented meshed communication in the SDNP cloud, SDNP nodes in the cloud do not carry data packets of complete conversation, i.e. they do not carry beyond the SDNP gateway. Most nodes carry less than 5% of the data and typically only 10 ms in time before the routing change. In accordance with SDNP communication, dynamic routing continues to redirect communication through different media servers. Therefore, cloud access is not valid for the restoration or monitoring of communicators. Although data packets of the SDNP cloud can be captured, they include useless mixtures of irrelevant sounds, data, conversations, and junk data. Instead, monitoring by a designated SDNP security agent can occur productively only within the last mile, where a complete set of related data packets is essentially traversed within the client device or preferably within the SDNP gateway.

An example of data packet routing in security monitoring is schematically illustrated in FIG. 105A, where the SDNP security agent 1840 monitors the conversation between the SDNP client device 1600A and the SDNP client device 1600H. A conversation is made using data packets transmitted from the SDNP client device 1600A to the last mile router 1602G to the SDNP gateway 1701U and through the SDNP cloud, while the data packets sent from the client device 1600A are SDNP. Closed by gateway 1700U and securely routed to designated SDNP security agent 1840. Specifically, during UDP transmission, the last mile data packet 1630A carries SDNP data 1 from the SDNP client at address " IP C _1,1 " to the SDNP gateway at address " IP M _0,0 " It comes out of the SDNP gateway at IP M _0,4 "and is passed to the SDNP client address" IP C _7,1 "via the U7 last mile. During authenticated monitoring, replicated SDNP data 1 is securely delivered to SDNP security agent 1840 at SDNP address "IP SA". The duplicated monitoring data packet 1841 operates in the same manner as the SDNP group-call, except that callers can see duplicate data copies. As such, the caller does not know that they are being monitored.

Security monitoring also works for incoming calls. In FIG. 105B, SDNP data 7 is transmitted from the client device 1600H having the address “IP C _7,1 ” to the SDNP gateway at the address “IP M _0,4 ”. After the SDNP cloud transfer, the data is transferred from the SDNP gateway at address "IP M _0,0 " to two destinations. The first destination, the client 1600A at address " IP C ₁ , _{1 &} quot ;, receives a response data packet 1640A containing SDNP data 7. The second destination, which is the SDNP security agent 1840, receives, via the data packet 1842, the same payload containing the replicated data “SDNP data 7”. The delivery of data packets 1882 is invisible to callers, and therefore they do not know that they are monitored.

The same method can be applied for monitoring fragmented distributed file storage. However, instead of capturing fragmented data files, the security agent only needs to receive a copy of the associated FS link. Such an example is shown in FIG. 106, where the SDNP file storage device 1700H transfers a data packet 1740H containing FS link 1 from address " IP F _1,1 " to gateway address " IP M _{0,4 &} quot ;. And it is forwarded to the client 1600A by the data packet 1740A after being routed through the SDNP cloud. The replicated payload "FS link 1" is also delivered to SDNP security agent 1840 at address "IP SA" by data packet 1843 sent from gateway address "IP M _0,0 ". As in the case of real-time communication, the file owner, client 1600A, does not know that it is monitored by the SDNP security agent.

The same monitoring mechanism works for multi-path last mile communication, where data packets enter and exit the SDNP cloud through more than one SDNP gateway. This case is illustrated in FIG. 107, where the last mile communication from the client device 1600A is performed by the client via split data packet 1630A containing payload SDNP data 1, and through the SDNP gateway 1701U and 1701V, respectively. Data packet 1630B carrying payload SDNP data 2 entering. After SDNP cloud routing, data packets are shown to be recombined and coming out of the cloud as a single data packet 1630L having a payload comprising the combined data SDNP data 3. In operation, the signaling server sends the address "IP" to generate copies of the incoming SDNP data 1 and SDNP data 2 from client nodes C _1,1 and directs them to the SDNP security agent 1840 at address "IP SA". _Indicates to the SDNP gateway with M _0,0 "and" IP M _0,11 ". The replicated data uses the same hypersecurity method, except that the security agent is operated within its own specific secure zone, ie within a zone (SA) that uses a credential that cannot be used on any other device. Is sent in data packets 1841A and 1841B. Thus, there is no record or evidence that a given security agent has monitored a particular conversation.

Because SDNP monitoring activities are equivalent to secret and essentially undetectable non-exposed conference calls, in order to authorize and verify the use of network monitoring and to designate and verify SDNP security agents authorized to perform monitoring, It is important to use an independent check. The SDNP security agent can be any SDNP client except the network administrator. As a protection against system corruption, no SDNP network operator or SDNP administrator can act as an SDNP security agent, that is, the person who manages the network destroys its ability for itself, even when they are threatened or blackmailed. Can not.

SDNP security agents may constitute individuals, government agencies, government-designated representatives, or lawyers. The specific mandatory qualifications of the designated security agent will vary by company or country according to applicable local laws. The monitoring hardware of the SDNP security agent may include communication devices and computer servers with recording, data storage, and sophisticated decryption capabilities. All communications sent from the SDNP network to the designated SDNP security agent are sent in the same hypersecurity communication as the client's communicator itself, so that security monitoring, except for monitoring performed by an authorized security agent, Does not compromise the privacy of the caller.

In addition, the implementation of monitoring and allowed capabilities of authorized SDNP agents does not compromise network integrity and security by any means. Operational details or DMZ shared secrets are not exposed to network operators or to any security agents-the operation of the SDNP system is done automatically and autonomously, without human operator intervention or involvement, while the DMZ server accesses online access. Security is provided using zone-specific credit proofs that cannot be used through SNS. As such, security monitoring does not compromise the security of the system or make the SDNP network vulnerable to cyber attacks.

The data payload is delivered to the SDNP security agent in the same form as generated by the caller. As part of the delivery to the SDNP security agent, all network SDNP encoding is decoded so that no network security provisions exist in the forwarded data packets. However, if the client uses end-to-end cryptography, the client agrees to pre-share the end-to-end decryption key with the network or to use an independent key server utility that can be accessed by the SDNP network. If not, the SDNP security agent will have to destroy the client's end-to-end password. Again, such end-to-end encryption and decryption keys are primarily included in the SDNP method for privacy purposes and are not relevant to all encryption used in the SDNP dynamic encoding function.

In order to minimize the risk of monitoring abuse, SDNP management is a multi-step process used to establish and authenticate a designated SDNP security agent for monitoring a client or group of clients. Although the SDNP system includes regulations for conducting monitoring, the legitimate application of these features is the responsibility of the network operator, network administrator, and certification agent or agent. Together, these parties are personally responsible for ensuring that monitoring is done lawfully and in accordance with the laws of the country in which it is carried out.

The need for monitoring may arise from any number of situations. In a company, whistleblower complaints or claims related to sexual harassment can trigger an HR investigation or lead to legal accounting. Court subpoenas associated with litigation matters (potentially including gag orders) may also require monitoring. In company matters, communications using a corporate SDNP network are generally limited to corporate communicators and do not cover private and personal communications. In most countries, private communications are protected unless criminal intent is suspected. In the case of national security or law enforcement actions, both the public and private SDNP accounts of the caller can be monitored. In such a case, the corporate SDNP network operator for the company will conduct a monitoring process for corporate communications, while the independent telecommunication SDNP network operator will be the only provider in the position to perform monitoring of the caller's private communications. . In some countries, governments must present court-approved subpoenas to begin monitoring private citizens, while in other countries, governments can claim the right to monitor any and all private communications on a fact-based basis. . In the case of international communications, it is more difficult to determine what laws may apply and where the location of the network to enable call monitoring should be.

One example of an AAA process used to enable monitoring is shown in FIG. 108. The process for approving the monitoring of the client is preferably a network manager 1850 used to set up the monitoring operation, operating autonomously and independently of the network operator or network management, the security agent 1840 responsible for client monitoring. , And three authentication agents 1851A 1851B, and 1851C used to approve the monitoring process. The process begins with a network manager 1850 wishing to make a monitor request 1862 in response to an inquiry or court order. Using command dialog box 1862, the administrator identifies the telephone number of the individual whose monitoring is requested. If the request is for monitoring a group of people, they can be entered one by one into a system of files listing all parties, and their associated telephone number can be uploaded into the system.

In the authentication step 1863, the network manager 1850 identifies the candidate security agent 1840 recommended for performing the monitoring function using the example dialog box 1864. In the case of a company, an individual can be an HR supervisor, legal advisor, member of an audit committee, and an independent accounting firm representative, or an independent investigator. In legal cases, the security agent may be a lawyer, district attorney, FBI agent, or other duly appointed investigating committee member, such as, for example, a special prosecution commission investigating panel in case of government misconduct. The system then checks with the SDNP name server 1714 to ensure that the security agents have SDNP accounts and that they comply with the rules specified by the company or network operator. In some cases related to national security, subsequent investigations of the proposed security agent credit credentials and criminal records may be conducted, prior to their approval.

If the security agent is approved, the request for monitoring is forwarded to authentication agents 1851A, 1851B, and 1851C in authentication step 1865, where the authentication agent has a name for the description of the subject, the security having the task of performing the monitoring. Review information present in dialog box 1866, including the name or location of the agent, the expected duration of the monitoring survey, and the reason for the survey. Each authentication agent may accept or reject the request. The rule of the network operator or company then determines whether the monitoring operation is approved based on the unanimous approval of the authentication agent or simply by majority. The identity of the authentication agent may be known, as in the case of a company, or in the case of a crime, their identity may be kept anonymous and protected by the anonymous communication features of the SDNP network.

Once the monitoring is approved, in management step 1867, the client's database 1868 is updated at the name server 1714 to tag the monitored SDNP client and authenticated as a security agent, shaded data in this example. Identifies the row of. The SDNP addresses in this database are updated together daily when the SDNP addresses are mixed to maintain the same relationship between the monitored client and the designated security agent. When the survey date expires, the monitoring link is automatically disconnected. At management step 1869, SDNP security agent 1840 is sent to the link, allowing them to receive all ongoing communications of the identified client being monitored. Their use of this information is not a matter of SDNP network operation. Unauthorized leaks of an individual's private information by a security agent may constitute a crime for which the security agent is fully responsible.

Through this monitoring method of the present invention, the SDNP network can thereby support criminal investigations of cheating and potential terrorist activities, while maintaining a secure communication media for law-abiding citizens. It is possible to securely communicate private client communications to authorized persons under legislative court orders without jeopardizing the privacy of unprivileged citizens or compromising the security of the SDNP Global Communications Network. Since no backdoor or master key was used in the court order delivery, subsequent communications across the SDNP network remain anonymous and hyper secure. In this way, secure dynamic communications networks and protocols and their hyper-secure last-mile communications can provide security features that cannot be used by any other means, and are used by OTT and virtually all messenger and communicator apps. -It can be completely prevented from helping crime and terror caused by excessive dependence on end-to-end encryption.

Overcoming SS7 Vulnerabilities -If the Apple-FBI debate wasn't a big problem for the communications and security industry, the 60 Minutes episode (http://www.cbsnews.com/news/60-minutes-hacking-your-phone/) Exposed to severe security vulnerabilities of signaling system 7 or SS7, a signal control channel for conventional wireless telephony. As is evident in such a show, SS7 vulnerabilities potentially expose all smartphones and connected devices to packet sniffing and cyber attacks, thus simply intercepting wireless conversations by simply knowing the individual's phone number, and SMS text, Enables observation of attached files, and photographs.

Signaling System 7 is a telephone call signaling protocol developed in 1975 that is used in all types of digital telephone calls worldwide. This includes the message transfer portion or " MTP " operation operated at PHY layer 1, data link layer 2, and network layer 3 to handle routing of the call. End-to-end routing is managed using a signaling connection control portion or " SCCP " operation operated at transport layer 4. The protocol also includes a large number of application layer 7 functions related to billing, roaming, and call authentication. The SS7 protocol, although inevitably needed, is extremely vulnerable to attack and presents a significant risk to a typical telephone call.

In April 2016 (https://en.wikipedia.org/wiki/Signalling_System_No._7), the US Congressional Supervisory Commission said, "An application with these vulnerabilities is an economic spy for US companies, from criminals monitoring individual targets. There seems to be no limit to foreign objects in action, to countries monitoring US government officials .... Vulnerability has a serious impact not only on personal privacy but also on US innovation, competitiveness and national security. Many innovations in digital security can become obsolete-such as multi-factor authentication that we use. "

SS7 cyber attacks essentially result from the classification of packet sniffing, which intercepts both content and metadata by using specific formatting of SS7 information as a guide. The SS7 protocol essentially provides an information template that enables the interpretation of packet information. As shown in FIG. 109, the problem begins with a SIM card or "subscriber identity module", which contains various types of personal information about subscribers and their accounts. As shown, the carrier SIM card 1880 generally issued by the network provider is connected to the cellular network shown by antennas 25A, 25B, and 25C having corresponding radio links 28A, 28B, and 28C. Is used to identify the phone 32. Each SIM card includes a specific identifier, which is an ICCID or " integrated circuit card ID " having 18 or 19 digits used to internationally identify the SIM card. The international mobile subscriber identity or IMSI identifies a separate operator network, ie the home network on which the SIM card operates. The local network provider uses the IMSI number to communicate with the SIM card to establish a call.

The SIM card also includes a "mobile country code" or MCC, which is a three-digit number for identifying the country where the SIM card was issued. When placing an international cell phone call from a mobile phone, the MCC is required as part of the dialing sequence. Examples of MCCs include 310 to 316 for the United States, 234 to 235 for the United Kingdom, 460 for China, 208 for France, 250 for Russia, 262 for Germany, 302 for Canada, and 724 for Brazil. . The MCC is used with a "mobile network code" or MNC to identify the network provider that issued the SFM card. The full list of codes is listed online at https://en.wikipedia.org/wiki/Mobile_country_code. The SIM card also specifically includes a 15-digit "mobile station international subscriber directory number" or MSISDN, which specifically specifies the type and network of subscribers on which the SFM operates. The SFM card also maintains a user phone number and SMS text directory, and the SMS text directory contains the text of the incoming and outgoing calls and the transmitted text along with the time and date information. In recent years, carriers have begun to use special SIM cards with so-called secure elements for storing credit card credit proofs to facilitate mobile payments.

Since the MCC, MNC and MSISDN codes are sent as part of the connection process, the home country and carrier of any SIM card and associated telephone number of the subscriber can be easily identified by SS7 intrusion and packet sniffing. The transmitted data 1882 can be readily used to track the identity of the caller through the phone directory, online information, or social media, ie, through profiling. Once identified and correlated, phone numbers and SIMs can be used to monitor subscriber activity, regardless of where the subscriber is moving in the world. Encryption does not conceal basic currency information or metadata. Even in end-to-end cryptography, data packets can be easily identified as coming from the same conversation, can be captured, and stored for subsequent decryption signals.

In addition to metadata and content, the caller's location is also compromised by the SS7 vulnerability. In any cellular network, the phone sends a message to a local cell tower that identifies whether it is available for a particular call. These registration packets are sent at regular intervals. Monitoring these packets allows the location of the phone with a particular SIM card to be located, even when the phone is not in a call and even when GPS is off. In that way, the location and movement of subscribers can be accumulated without knowing them.

Despite the inherent vulnerabilities of SS7, hyper-secure last mile communications created in accordance with secure dynamic communications networks and protocols prevent SS7 attacks by masking meaningful calls within the last link. In particular, hyper-secure last mile communications provide significant security over conventional telephony or OTT Internet communications, including:

* Hyper-Secure Last Mile Communication does not expose the telephone number or IP address of the party making the call or receiving the message, even if the party is not an SDNP client.

Hypersecurity last mile communication does not identify whether the sequential data packet is part of the same call or represents an unrelated data packet with different destinations.

By concealing the call specificity of the data packet, the hyper-secure last mile communication hides metadata about the talk time.

Hyper-Secure Last Mile Communication dynamically encodes payloads, preventing unauthorized access to packet content and protecting the privacy of photos, files, and other content as well as voice, video, and text communications.

Thus, as described, communications using the disclosed secure dynamic communications networks and protocols and hyper secure last mile communications are not affected by SS7 vulnerabilities. Since SDNP communication is carried by its own protocol and carried by an encoded payload, call data or content, even in packets carried over open unencrypted channels such as 2G, 3G, and 4G / LTE telephony Cannot be extracted from the SDNP data packet. As such, packet sniffing is ineffective in initiating cyber-attack for SDNP coding and fragmented data transmission.

SDNP Concealment -In the foregoing, the only impact of SS7 vulnerability on SDNP communication is the caller's location exposure. Because the phone number in the carrier's SIM is associated with the identity of each user, each time the phone is turned on it necessarily communicates with the nearest cell phone tower, even when no phone call is taking place. This cell tower information can then be used to triangulate the user's location and track the subscriber's movement even when GPS is turned off. Since such unauthorized tracking relies on SS7, devices using SIM cards of conventional carriers are vulnerable to location tracking, even if such devices act as SDNP clients.

As shown in FIG. 110, which is a simplified network schematic, an improvement in last mile hypersecurity communication, referred to herein as “SDNP concealment”, entirely prevents subscriber tracking. To implement this feature, the generic carrier SIM card 1880 is replaced with an SDNP SIM card 1882. The SDNP SIM card is registered with the SDNP network operator, not the subscriber, so that no personal subscriber information is included in the SDNP SIM card 1882. The SDNP SIM card 1882 is similar to the prepaid SIM card in that it has network access but no personal information. Instead, all of the account holder's personal information is securely contained within the SDNP network name server and is not accessible to hackers or vulnerable to cyber-attack.

In operation, SDNP concealment hides the true identity of the owner by using a SIM card 1882, known only to the SDNP network operator. Thus, the telephone number contained in the SIM card is used to establish a PHY Layer 1 and Data Link Layer 2 connection 28B between the cell phone 32 and the cell tower 25B, but does not provide routing. Instead, data packet source and destination addresses for last mile routing are managed by the SDNP app 1335A and SDNP gateway 1601A according to instructions from the SDNP signaling server 1603A.

When routed through the SDNP gateway 1601A, calls from the SDNP app appear to have a different number than the SIM card number. This conversion from the physical SIM card number to the SDNP phone number is performed by the SDNP name server 1604A, during which the call routing changes the SDNP phone number to the SIM phone number, thereby randomizing according to the conversion table 1885. Conceal the physical SIM card number for the user. With SDNP concealment, the true identity of the telephone owner is completely concealed. To place a call on an SDNP client, external callers place their call on SDNP # even if they are not themselves SDNP clients. The SDNP network automatically routes the call to the SDNP client, never exposing the SIM card phone number. Similarly, the SDNP client places the call out to the non-SDNP called party, and the call recipient confirms the incoming call from SDNP #, not from the SIM card number. In this way, the SDNP implements a telephony function similar to that of a NAT gateway in Internet communications, except that the SDNP system is a real-time network and the Internet is not.

Since the true user identity of the phone 32 is never exposed by the call 28B, triangulating the location of the phone is ineffective because the user and all communication remain anonymous. Thus, tracking the location of the Gourmet Phone Number is not beneficial to hackers and avoids SS7 vulnerabilities. If the SDNP client travels internationally, the mobile can purchase a local prepaid SIM card and link it to its SDNP number. The SDNP subscriber will still receive calls located at that SDNP phone number, but the last link will be made using a local SIM card, thereby preventing roaming charges. In this way, a single SDNP telephone number functions as a global number, with no long distance costs.

SDNP Subnet —Using its specific softswitch software-based communication node, the SDNP communication cloud can be deployed remotely across any network of interconnected computers, private or publicly hosted. Examples of server networks include privately owned publicly leased networks, such as those hosted by Microsoft, Google, and Amazon. 111 illustrates two network clouds deployed across two separate server networks. As shown, the SDNP cloud, which includes servers 1901A, 1901B, 1901C, and 1901D, hosts SDNP communication nodes M _0,0 , M _0,4 , M _0,7 , and M _0,8 , respectively. A second SDNP cloud, including servers 1902A, 1902B, and 1902C, hosts SDNP nodes M _10,0 , M _10,1 , and M _10,2 , respectively. Because they use separate secure credit credentials, each of zones Z0 and Z10, the two SDNP clouds are completely separate and cannot share information directly. However, a single SDNP client, shown as mobile phone 32 on which SDNP app 1335 operates, has appropriate authenticated access to both clients, although they are hosted by different computer server leasing providers. As shown by the example, SDNP client C _1,1 can access SDNP gateway node M _0,7 in the zone Z0 cloud using hyper-secure last mile communication through router 1910, and communicate or Without the risk of mixing data packets, it is possible to access the SDNP gateway node M _10,0 in the zone Z10 cloud using hyper secure last mile communication through the same router 1910.

Access to two independent clouds is through a common communicator application (UI / UX 1920). Access to each cloud is compartmentalized within separate dialog boxes 1921A and 1921B. Although information can be downloaded from the personal account sandbox 1921A into the phone, data exposure from the business account sandbox 1921B depends on the security management of the business and the company.

The connection to the device's SDNP cloud requires the installation of the SDNP app, as software or firmware, into the device. The installation may include (i) downloading an application, (ii) verifying device identity with an SDNP network-generated authentication code, (iii) building a personal identification credit credential, and (iv) authorizing for a specific SDNP cloud combination. It includes receiving. Once activated, the SDNP application creates a hyper secure last mile connection to an independent SDNP cloud. In many cases, identity validation and user authentication for a business account is more sophisticated than that required for personal account access and may involve a multi-factor authentication method.

Since the SDNP communication is software-based, there is no interaction between any installed SDNP communication networks, even when hosted by the same server, in separate and separate secure credentials for each communication cloud. In the zone specific security credential that specifically forms each custom SDNP cloud, the two SDNP clouds are not similar and thus cannot share data directly. Advantageously, multiple SDNP clouds can coexist in the same server or server network without the risk of data leakage. As defined by the requirements of the cloud owner, access to the business network is controlled. Thus, when sharing a common host server, operating with the same security, such as when two different phones are required to be connected to two separate networks, mixing of two accounts and communication clouds is prohibited. The autonomy of the zone specific SDNP cloud or “subnet” is further illustrated in FIG. 112, where servers 1901A, 1901B, 1901C, and 1901D are two cloud-zone-Z0 SDNP communication nodes M _0,0 , M _0. One cloud comprising _{, 4} , M _0,7 , M _0,8 , and a region comprising a Zone-Z7 SDNP communication node M _7,0 , M _7,4 , M _7,7 , M _7,8 2 Host the cloud at the same time. Despite operating within the same server, hyper-secure communication using SDNP established protocols prevents any direct data exchange. As such, access is merged by last mile communication, not through direct inter-cloud data exchange.

SDNP communications are not limited to privately leased publicly available servers, but can also be configured for different types of company or government agencies. In fact, it is often desirable for private companies to host their own networks, especially in business critical applications. Examples of private networks include FedEx, Walmart, IBM, and the like. For confidentiality, networks used by research institutes, universities, and medical centers are also frequently self-hosted. Private server networks may also include global business cloud applications such as SalesForce.com, Box.com, Dropbox, eTrade, SAP, and the like; e-commerce platforms and comparison-shopping networks such as eBay, Amazon.com, Priceline.com, e-Insurance; Media streaming services such as YouTube, Amazon Prime, Netflix, Hulu, Comcast Xfinity; And for hosting novel media such as Facebook, Twitter, and Snapchat.

In large enterprises, the IT department may choose to operate separate networks for the parent company and its subsidiaries. However, in many private hosted businesses, infrastructure costs are considered an important factor in network design. Instead of supporting two completely different hardware based systems, the SDNP system gives the company the ability to deploy the network using a combination of separate and shared server resources. As shown in FIG. 113, two legal objects, eg, the parent company and its subsidiaries, together-host a server network that includes both separate and shared summers. In particular, servers 1901, 1904B, 1904C, and 1904D host zone Z7 communication nodes M _7,0 , M _7,4 , M _7,7 , and M _7,8, respectively, for the parent company object, while the server ( 1901A, 1901B, 1901C, and 1903 host corresponding zone Z0 communication nodes M _0,0 , M _0,4 , M _0,7 , and M _0,8 for the local subsidiaries of the company. As shown, for example, server 1903 hosts two SDNP communication nodes, node M _7,0 for the parent company object and node M _0,8 for the subsidiary. Due to its separate security credentials, although server 1903 and other servers (not shown) are shared by both objects, data is not directly shared between the parent SDNP cloud and the subsidiary SDNP cloud. Employees are limited to accessing only that employee's cloud, but in the case of company managers, access to both clouds may be required. Suitable authenticated users, such as those shown by the SDNP Communicator app (UI / UX 1920), include separate dialog sandboxes 1921C and 1921D for various legal objects. In this way, one cell phone or tablet can access multiple SDNP clouds of different legal objects, without the risk of combining data, such as when a user involves multiple phones.

The multi-profile feature of the SDNP App, which uses Last Mile Hyper-Secure Security Credentials to enable or prohibit access to multiple SDNP Clouds, supports a limited number of account profiles from a single SDNP App. In FIG. 114, for example, SDNP client C _1,1 spans zone Z99 global SDNP telco, including servers 1909A to 1909E hosting SDNP nodes M _99,1 to M _99,5, respectively. without long distance costs, it is possible to position the global currency, another cloud, for example, including a server (1905A, 1905B, and 1905C) that hosts the node SDNP M _9,0, M _9,4, M _9,8 Zone (Z9) can obtain access to the enterprise cloud, and also through the zone (1901A, 1901B, and 1901C) hosting SDNP nodes M _0,0 , M _0,4 , and M _0,8 respectively. Z0) can call a subscriber in the cloud. Access privileges to any given cloud are enforced up to the SDNP gateway via last mile communication and are managed by the SDNP signaling server and SDNP name server of the system used to manage the authenticated user.

SDNP communication can equally be applied in the high security and limited access networks required for government and security. For example, in the United States, security proposed communications, including congressional and judicial server networks, include local and state law enforcement, the FBI, US National Guard, US National Security, US military (separately or collectively), and the US Department of State. Required by various departments. Similarly, other countries host separate networks for various government agencies.

In order to support access to a particular cloud based on "need to know," a nested subnet architecture can be implemented using SDNP communication methods and techniques. For example, in FIG. 115, the nested SDNP client architecture is a leased computer server 1907A-1907D that hosts SDNP communication nodes M _0,0 , M _0,4 , M _0,5 , and M _0,9 respectively. It includes a secure cloud, including). The communication within this external network "shell" includes the Zone Z0 security credential and is displayed within the "secret" level dialog sandbox 1912E as displayed on the SDNP communicator 1920. Nested cloud also provides enhanced security with zone Z8 security credit credentials including government-hosted servers 1906A, 1906B, and 1906C corresponding SDNP server nodes M _8,0 , M _8,2 , and M _8,4 . It includes an inner core. In order for Client C _1.1 to gain access to the Zone Z8 core, they must have a "top secret" security rating and communicate through the enhanced communication sandbox 1921F. One exemplary government application of this technology is in the US Department of State, where the top secret communications within Zone Z8 are limited to access by the Ambassador and Secretary of State, while other US Embassy employees throughout the world ) Limited to hypersecure "secret" communications using secure credit credentials.

Claims (9)

A method of transmitting a data packet from a client device to a cloud, wherein the data packet is included in the communication, the cloud comprises a plurality of media nodes and a plurality of gateway nodes, and wherein the media node and gateway node are hosted on a server:
Sending a first data packet in the communication from the client device to a first gateway node; And
Sending a second data packet in the communication from the client device to a second gateway node. The method of claim 1,
Transmitting the first data packet from the client device through the first physical media to the first gateway node, and sending the second data packet from the client device through the second physical media to the second gateway node. Comprising the steps of: The method of claim 2,
And the first physical media comprises a cellular telephone link and the second physical media comprises a WiFi channel. The method of claim 2,
Providing the first data packet having a first source address, and providing the second data packet having a second source address. The method of claim 1,
Providing the first data packet having a first source address, and providing the second data packet having a second source address. A method of transmitting a data packet from a client device to a cloud, wherein the data packet is included in the communication, the cloud comprises a plurality of media nodes and a plurality of gateway nodes, and wherein the media node and gateway node are hosted on a server:
Sending a first data packet from the client device to a first gateway node via a first physical media; And
Sending a second data packet from the client device to a second gateway node via a second physical media. The method of claim 6,
And the first physical media comprises a cellular telephone link and the second physical media comprises a WiFi channel. The method of claim 6,
Providing the first data packet having a first source address, and providing the second data packet having a second source address. A method of transmitting a data packet from a client device to a cloud, wherein the data packet is included in the communication, the cloud comprises a plurality of media nodes and a plurality of gateway nodes, and wherein the media node and gateway node are hosted on a server:
Providing a first data packet having a first source address, and
Providing a second data packet having a second source address.

Images