WO2021142049A1 - Présentation de données à un utilisateur sans serveur hôte - Google Patents

Présentation de données à un utilisateur sans serveur hôte Download PDF

Info

Publication number
WO2021142049A1
WO2021142049A1 PCT/US2021/012394 US2021012394W WO2021142049A1 WO 2021142049 A1 WO2021142049 A1 WO 2021142049A1 US 2021012394 W US2021012394 W US 2021012394W WO 2021142049 A1 WO2021142049 A1 WO 2021142049A1
Authority
WO
WIPO (PCT)
Prior art keywords
hosts
confederate
host
containers
blind
Prior art date
Application number
PCT/US2021/012394
Other languages
English (en)
Inventor
John Rankin
Original Assignee
John Rankin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by John Rankin filed Critical John Rankin
Publication of WO2021142049A1 publication Critical patent/WO2021142049A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/168Details of user interfaces specifically adapted to file systems, e.g. browsing and visualisation, 2d or 3d GUIs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0709Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a distributed system consisting of a plurality of standalone computer nodes, e.g. clusters, client-server systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • G06F11/0757Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0766Error or fault reporting or storing
    • G06F11/0784Routing of error reports, e.g. with a specific transmission path or data flow
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/34Flow control; Congestion control ensuring sequence integrity, e.g. using sequence numbers

Definitions

  • a daemon - also often referred to interchangeably as a server or service - is generally a software component of a device that runs a background process.
  • the term “daemon” may refer to a component of a networked device that sends (source daemon) or receives (destination daemon), and processes communications between remote clients according to the TCP standard.
  • the IP layer actually performs the communication function between two networked hosts.
  • the IP software receives data segments from the TCP layer, ensures that the segment is sized properly to meet the requirements of the transmission path and physical adapters (such as Ethernets and CTCs).
  • the IP software changes the segment size, if necessary, by breaking the segment down into smaller datagrams, and transmits the data to the physical network interface or layer of the host.
  • HTML servers are specific host applications that are designed to distribute HTML pages, as well as graphical images, and sound and movie segments.
  • the protocol used to achieve this distribution is known as HTTP (Hyper Text Transfer Protocol), and is more commonly understood as a web server.
  • HTTP Hyper Text Transfer Protocol
  • Each HTTP server or daemon maintains a collection of web pages (HTML), graphics (JPG, GIF), sound (WAV), or other such data files that can be distributed to the client browser.
  • this service is being hosted directly or with the cloud, there is still a host machine containing the content and responding to web services requests. The communication traffic responding in and out of this host service is observable, and the location of the data archive is clearly known.
  • FIGURE 3 is a simplified block diagram of an exemplary datagram fragment
  • One or more blind hosts 12 may be selected which correctly implement the IP layer protocol, preferably, as defined by RFC 791 , and the ICMP protocol, preferably, as defined by RFC 792, though other protocols may be utilized.
  • the system and process may provide the ability to store covert information within the network without revealing the storage existence or the origin of the covert data if the covert data is somehow discovered.
  • the following additional system configurations and/or steps may be adhered to in exemplary embodiments.
  • Several additional exemplary system attributes and/or process steps are provided below, though are not necessarily required. Flowever, such additional attributes and/or steps are exemplary and are not intended to be exclusive. Furthermore, such additional steps may be repeated or performed in any order.
  • the source address 40 of the datagram 30 may identify the address of the next confederate host 14A-14G in the ring 20.
  • the blind host 12A-12I may be forced to send an error message, and that message may be directed to the source address 40 - i.e., the sequentially next confederate host 14A-14G in the ring 20. In this way, the blind host 12A-12I may receive a transmission that the blind host 12A-12I will eventually determine is in error. Following the ICMP rules, or other preconfigured protocol rules, the blind host 12A-12I may generate and send an error message back to the host the blind host 12A- 12I believes created the error in the first place. However, because the confederate host’s
  • the more fragments (MF) message may be indicated in the flags 38 section of the header 32 of the fragment 30 by the originating host 10.
  • the MF message may engage the fragmentation routines of the blind host 12A-12I, as described herein.
  • the MF message may cause the blind host 12A-12I to store the datagram fragment 30 as it awaits the purported arrival of additional fragments, and when those fragments never arrive, may trigger the blind host 12A-12I, according to protocol, to send a copy of the fragment 30 to the source address 40 (i.e., the next confederate host 14A-14G), and delete its copy of the fragment 30.
  • the use of a series of blind hosts 12A-12I renders detection practically impossible because the unwitting blind hosts 12A-12I may also be randomly selected and may be changed for every point in the ring 20. Furthermore, the blind hosts 12A-12I and confederate hosts 14A-14G may be periodically changed.
  • the fragment 30, in exemplary embodiments, is never stored within a confederate host 14A-14G as the confederate hosts 14A-14G are only used to propagate the fragment 30 with the covert data forward and remain unaware of any other confederate hosts 14A-14G except for next confederate host 14A-14G in the ring 20. Since the communication between these two confederate hosts 14A-14G is done through the use of the blind host 12A-12I, knowledge of the source and dimensions of the total ring 20 are not available.
  • the blind host 116 may comprise a machine on the network 110.
  • the blind host 116 may operate as a correctly implemented network gateway host.
  • the blind host 116 may have a transmission path to both the destination host 114 and the origin host 112. This transmission path does not need to be on the same electric or wireless path, but must be reachable within the blind host’s 116 gateway operations. Stated another way, the transmission path may be direct or indirect such that other gateways may be located between the blind host 116 and the destination host 114 and/or the origin host 112.
  • the blind host 116 does not need to have previous knowledge of the other hosts 112, 114, and 118.
  • the blind host 116 may not have any further interaction with the other hosts 112, 114, and 118 after transmission of the payload is performed.
  • the time to live field 142 may contain a value which is configured to generate creation of the error message at the blind host 116. In this way, the transmission from the origin host 112 may force the blind host 116 to generate the error message, preferably in accordance with ICMP, though any rules, protocols, standards, or the like may be utilized.
  • the time to live field 142 on the header 132 is just one example of how to cause creation of the error message and this example is provided without limitation. Other such techniques may be as shown and/or described in the ‘220 Patent and/or the ‘834 Pub.
  • the error message may list the address of the blind host 116 in the source address field 138 and the address of the destination host 114 in the destination address field 140.
  • the containers 206A-C may be encrypted to ensure that its contents, such as but not limited to the data segments 204A-C, is not capable of practically being accessed without a key. Some or all of the containers 206A-C may be so encrypted. A portion or all of each container 206A-C may be so encrypted. [0076]
  • the client 212 may be capable of decrypting the containers 206A-C. For example, without limitation, the client 212 may be in possession of a key for such decryption.
  • the client 212 may access the file 202 through the following steps, which may be followed in the order described or in a different order. Any of the steps may be repeated or omitted.
  • addresses shown and/or described herein may be IP addresses, other types, formats, or configurations of addresses may be utilized.
  • addresses may be IP addresses, other types, formats, or configurations of addresses may be utilized.
  • certain actions are described herein with respect to current ICMP protocols, any set of protocols, past, present, or future, may be utilized. Any number of datagrams containing any number of payloads, or a single payload spread across multiple datagrams, may be utilized.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne des systèmes et des procédés de présentation de données à un utilisateur faisant appel à la fragmentation d'un fichier comprenant les données en un certain nombre de fragments, à la mémorisation de chacun des fragments dans un conteneur séparé, à l'association de chacun des conteneurs avec un identificateur unique, à la transmission de chacun des conteneurs à un anneau d'hôtes confédérés à des fins de stockage. Une demande de fichier est reçue en provenance d'un client au niveau de l'un des hôtes confédérés avec l'identifiant unique. L'identifiant unique est transmis sur l'anneau et une copie d'une charge utile de données de chacun des conteneurs correspondant à l'identifiant unique est envoyée au client à des fins de reconstruction du fichier.
PCT/US2021/012394 2020-01-07 2021-01-07 Présentation de données à un utilisateur sans serveur hôte WO2021142049A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202062957957P 2020-01-07 2020-01-07
US62/957,957 2020-01-07

Publications (1)

Publication Number Publication Date
WO2021142049A1 true WO2021142049A1 (fr) 2021-07-15

Family

ID=76788378

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2021/012394 WO2021142049A1 (fr) 2020-01-07 2021-01-07 Présentation de données à un utilisateur sans serveur hôte

Country Status (1)

Country Link
WO (1) WO2021142049A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120117376A1 (en) * 2001-03-21 2012-05-10 Raytheon Bbn Technologies Corp. Method and apparatus for anonymous ip datagram exchange using dynamic newtork address translation
US20120243539A1 (en) * 2011-03-21 2012-09-27 Avaya Inc. Usage of masked ethernet addresses between transparent interconnect of lots of links (trill) routing bridges
US20160269294A1 (en) * 2013-09-19 2016-09-15 Connectivity Systems Incorporated ENHANCED LARGE DATA TRANSMISSIONS AND CATASTROPHIC CONGESTION AVOIDANCE OVER IPv6 TCP/IP NETWORKS
US20200053052A1 (en) * 2018-08-10 2020-02-13 John Rankin System and method for covertly transmitting a payload of data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120117376A1 (en) * 2001-03-21 2012-05-10 Raytheon Bbn Technologies Corp. Method and apparatus for anonymous ip datagram exchange using dynamic newtork address translation
US20120243539A1 (en) * 2011-03-21 2012-09-27 Avaya Inc. Usage of masked ethernet addresses between transparent interconnect of lots of links (trill) routing bridges
US20160269294A1 (en) * 2013-09-19 2016-09-15 Connectivity Systems Incorporated ENHANCED LARGE DATA TRANSMISSIONS AND CATASTROPHIC CONGESTION AVOIDANCE OVER IPv6 TCP/IP NETWORKS
US20200053052A1 (en) * 2018-08-10 2020-02-13 John Rankin System and method for covertly transmitting a payload of data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MISTREE BEHRAM: "PingFS", BMISTREE.COM, 5 December 2019 (2019-12-05), XP055840731, Retrieved from the Internet <URL:https://bmistree.com/pingfs> [retrieved on 20210525] *

Similar Documents

Publication Publication Date Title
US11522827B2 (en) Detecting relayed communications
Król et al. Rice: Remote method invocation in icn
US10938884B1 (en) Origin server cloaking using virtual private cloud network environments
US10686889B2 (en) Fastpath web sessions with HTTP header modification by redirecting clients
US8166547B2 (en) Method, apparatus, signals, and medium for managing a transfer of data in a data network
US8069213B2 (en) Method of controlling access to network resources using information in electronic mail messages
US7146505B1 (en) Secure data exchange between date processing systems
CN108243143B (zh) 一种基于web代理的网闸穿透方法及系统
US20020023143A1 (en) System and method for projecting content beyond firewalls
US20060029000A1 (en) Connection establishment in a proxy server environment
US10728220B2 (en) System and method for covertly transmitting a payload of data
US20030135735A1 (en) Self-monitoring and trending service system with a cascaded pipeline with enhanced authentication and registration
US20020129279A1 (en) Methods and apparatus usable with or applicable to the use of the internet
US11689543B2 (en) System and method for detecting transmission of a covert payload of data
US11055166B2 (en) Covertly storing a payload of data within a network
WO2021142049A1 (fr) Présentation de données à un utilisateur sans serveur hôte
US20030204586A1 (en) Intelligent data replicator
Nedergaard et al. Evaluating coap, OSCORE, DTLS and HTTPS for secure device communication
CN106355101B (zh) 一种面向简易存储服务的透明文件加解密系统及其方法
CN107888651B (zh) 用于多简档创建以减轻剖析的方法和系统
WO2016201673A1 (fr) Procédé de détection et dispositif de détection du nombre d&#39;hôtes d&#39;accès partagé
US11818104B2 (en) Anonymous proxying
CN104767781A (zh) 一种tcp代理装置以及方法
Maatkamp et al. Unidirectional secure information transfer via RabbitMQ
Reynders QUIC insight

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21738672

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21738672

Country of ref document: EP

Kind code of ref document: A1