WO2021142049A1 - Présentation de données à un utilisateur sans serveur hôte - Google Patents
Présentation de données à un utilisateur sans serveur hôte Download PDFInfo
- Publication number
- WO2021142049A1 WO2021142049A1 PCT/US2021/012394 US2021012394W WO2021142049A1 WO 2021142049 A1 WO2021142049 A1 WO 2021142049A1 US 2021012394 W US2021012394 W US 2021012394W WO 2021142049 A1 WO2021142049 A1 WO 2021142049A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- hosts
- confederate
- host
- containers
- blind
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/168—Details of user interfaces specifically adapted to file systems, e.g. browsing and visualisation, 2d or 3d GUIs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/0709—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a distributed system consisting of a plurality of standalone computer nodes, e.g. clusters, client-server systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0751—Error or fault detection not based on redundancy
- G06F11/0754—Error or fault detection not based on redundancy by exceeding limits
- G06F11/0757—Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
- G06F11/0784—Routing of error reports, e.g. with a specific transmission path or data flow
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/34—Flow control; Congestion control ensuring sequence integrity, e.g. using sequence numbers
Definitions
- a daemon - also often referred to interchangeably as a server or service - is generally a software component of a device that runs a background process.
- the term “daemon” may refer to a component of a networked device that sends (source daemon) or receives (destination daemon), and processes communications between remote clients according to the TCP standard.
- the IP layer actually performs the communication function between two networked hosts.
- the IP software receives data segments from the TCP layer, ensures that the segment is sized properly to meet the requirements of the transmission path and physical adapters (such as Ethernets and CTCs).
- the IP software changes the segment size, if necessary, by breaking the segment down into smaller datagrams, and transmits the data to the physical network interface or layer of the host.
- HTML servers are specific host applications that are designed to distribute HTML pages, as well as graphical images, and sound and movie segments.
- the protocol used to achieve this distribution is known as HTTP (Hyper Text Transfer Protocol), and is more commonly understood as a web server.
- HTTP Hyper Text Transfer Protocol
- Each HTTP server or daemon maintains a collection of web pages (HTML), graphics (JPG, GIF), sound (WAV), or other such data files that can be distributed to the client browser.
- this service is being hosted directly or with the cloud, there is still a host machine containing the content and responding to web services requests. The communication traffic responding in and out of this host service is observable, and the location of the data archive is clearly known.
- FIGURE 3 is a simplified block diagram of an exemplary datagram fragment
- One or more blind hosts 12 may be selected which correctly implement the IP layer protocol, preferably, as defined by RFC 791 , and the ICMP protocol, preferably, as defined by RFC 792, though other protocols may be utilized.
- the system and process may provide the ability to store covert information within the network without revealing the storage existence or the origin of the covert data if the covert data is somehow discovered.
- the following additional system configurations and/or steps may be adhered to in exemplary embodiments.
- Several additional exemplary system attributes and/or process steps are provided below, though are not necessarily required. Flowever, such additional attributes and/or steps are exemplary and are not intended to be exclusive. Furthermore, such additional steps may be repeated or performed in any order.
- the source address 40 of the datagram 30 may identify the address of the next confederate host 14A-14G in the ring 20.
- the blind host 12A-12I may be forced to send an error message, and that message may be directed to the source address 40 - i.e., the sequentially next confederate host 14A-14G in the ring 20. In this way, the blind host 12A-12I may receive a transmission that the blind host 12A-12I will eventually determine is in error. Following the ICMP rules, or other preconfigured protocol rules, the blind host 12A-12I may generate and send an error message back to the host the blind host 12A- 12I believes created the error in the first place. However, because the confederate host’s
- the more fragments (MF) message may be indicated in the flags 38 section of the header 32 of the fragment 30 by the originating host 10.
- the MF message may engage the fragmentation routines of the blind host 12A-12I, as described herein.
- the MF message may cause the blind host 12A-12I to store the datagram fragment 30 as it awaits the purported arrival of additional fragments, and when those fragments never arrive, may trigger the blind host 12A-12I, according to protocol, to send a copy of the fragment 30 to the source address 40 (i.e., the next confederate host 14A-14G), and delete its copy of the fragment 30.
- the use of a series of blind hosts 12A-12I renders detection practically impossible because the unwitting blind hosts 12A-12I may also be randomly selected and may be changed for every point in the ring 20. Furthermore, the blind hosts 12A-12I and confederate hosts 14A-14G may be periodically changed.
- the fragment 30, in exemplary embodiments, is never stored within a confederate host 14A-14G as the confederate hosts 14A-14G are only used to propagate the fragment 30 with the covert data forward and remain unaware of any other confederate hosts 14A-14G except for next confederate host 14A-14G in the ring 20. Since the communication between these two confederate hosts 14A-14G is done through the use of the blind host 12A-12I, knowledge of the source and dimensions of the total ring 20 are not available.
- the blind host 116 may comprise a machine on the network 110.
- the blind host 116 may operate as a correctly implemented network gateway host.
- the blind host 116 may have a transmission path to both the destination host 114 and the origin host 112. This transmission path does not need to be on the same electric or wireless path, but must be reachable within the blind host’s 116 gateway operations. Stated another way, the transmission path may be direct or indirect such that other gateways may be located between the blind host 116 and the destination host 114 and/or the origin host 112.
- the blind host 116 does not need to have previous knowledge of the other hosts 112, 114, and 118.
- the blind host 116 may not have any further interaction with the other hosts 112, 114, and 118 after transmission of the payload is performed.
- the time to live field 142 may contain a value which is configured to generate creation of the error message at the blind host 116. In this way, the transmission from the origin host 112 may force the blind host 116 to generate the error message, preferably in accordance with ICMP, though any rules, protocols, standards, or the like may be utilized.
- the time to live field 142 on the header 132 is just one example of how to cause creation of the error message and this example is provided without limitation. Other such techniques may be as shown and/or described in the ‘220 Patent and/or the ‘834 Pub.
- the error message may list the address of the blind host 116 in the source address field 138 and the address of the destination host 114 in the destination address field 140.
- the containers 206A-C may be encrypted to ensure that its contents, such as but not limited to the data segments 204A-C, is not capable of practically being accessed without a key. Some or all of the containers 206A-C may be so encrypted. A portion or all of each container 206A-C may be so encrypted. [0076]
- the client 212 may be capable of decrypting the containers 206A-C. For example, without limitation, the client 212 may be in possession of a key for such decryption.
- the client 212 may access the file 202 through the following steps, which may be followed in the order described or in a different order. Any of the steps may be repeated or omitted.
- addresses shown and/or described herein may be IP addresses, other types, formats, or configurations of addresses may be utilized.
- addresses may be IP addresses, other types, formats, or configurations of addresses may be utilized.
- certain actions are described herein with respect to current ICMP protocols, any set of protocols, past, present, or future, may be utilized. Any number of datagrams containing any number of payloads, or a single payload spread across multiple datagrams, may be utilized.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Computer And Data Communications (AREA)
Abstract
L'invention concerne des systèmes et des procédés de présentation de données à un utilisateur faisant appel à la fragmentation d'un fichier comprenant les données en un certain nombre de fragments, à la mémorisation de chacun des fragments dans un conteneur séparé, à l'association de chacun des conteneurs avec un identificateur unique, à la transmission de chacun des conteneurs à un anneau d'hôtes confédérés à des fins de stockage. Une demande de fichier est reçue en provenance d'un client au niveau de l'un des hôtes confédérés avec l'identifiant unique. L'identifiant unique est transmis sur l'anneau et une copie d'une charge utile de données de chacun des conteneurs correspondant à l'identifiant unique est envoyée au client à des fins de reconstruction du fichier.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202062957957P | 2020-01-07 | 2020-01-07 | |
US62/957,957 | 2020-01-07 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021142049A1 true WO2021142049A1 (fr) | 2021-07-15 |
Family
ID=76788378
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2021/012394 WO2021142049A1 (fr) | 2020-01-07 | 2021-01-07 | Présentation de données à un utilisateur sans serveur hôte |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2021142049A1 (fr) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120117376A1 (en) * | 2001-03-21 | 2012-05-10 | Raytheon Bbn Technologies Corp. | Method and apparatus for anonymous ip datagram exchange using dynamic newtork address translation |
US20120243539A1 (en) * | 2011-03-21 | 2012-09-27 | Avaya Inc. | Usage of masked ethernet addresses between transparent interconnect of lots of links (trill) routing bridges |
US20160269294A1 (en) * | 2013-09-19 | 2016-09-15 | Connectivity Systems Incorporated | ENHANCED LARGE DATA TRANSMISSIONS AND CATASTROPHIC CONGESTION AVOIDANCE OVER IPv6 TCP/IP NETWORKS |
US20200053052A1 (en) * | 2018-08-10 | 2020-02-13 | John Rankin | System and method for covertly transmitting a payload of data |
-
2021
- 2021-01-07 WO PCT/US2021/012394 patent/WO2021142049A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120117376A1 (en) * | 2001-03-21 | 2012-05-10 | Raytheon Bbn Technologies Corp. | Method and apparatus for anonymous ip datagram exchange using dynamic newtork address translation |
US20120243539A1 (en) * | 2011-03-21 | 2012-09-27 | Avaya Inc. | Usage of masked ethernet addresses between transparent interconnect of lots of links (trill) routing bridges |
US20160269294A1 (en) * | 2013-09-19 | 2016-09-15 | Connectivity Systems Incorporated | ENHANCED LARGE DATA TRANSMISSIONS AND CATASTROPHIC CONGESTION AVOIDANCE OVER IPv6 TCP/IP NETWORKS |
US20200053052A1 (en) * | 2018-08-10 | 2020-02-13 | John Rankin | System and method for covertly transmitting a payload of data |
Non-Patent Citations (1)
Title |
---|
MISTREE BEHRAM: "PingFS", BMISTREE.COM, 5 December 2019 (2019-12-05), XP055840731, Retrieved from the Internet <URL:https://bmistree.com/pingfs> [retrieved on 20210525] * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11522827B2 (en) | Detecting relayed communications | |
Król et al. | Rice: Remote method invocation in icn | |
US10938884B1 (en) | Origin server cloaking using virtual private cloud network environments | |
US10686889B2 (en) | Fastpath web sessions with HTTP header modification by redirecting clients | |
US8166547B2 (en) | Method, apparatus, signals, and medium for managing a transfer of data in a data network | |
US8069213B2 (en) | Method of controlling access to network resources using information in electronic mail messages | |
US7146505B1 (en) | Secure data exchange between date processing systems | |
CN108243143B (zh) | 一种基于web代理的网闸穿透方法及系统 | |
US20020023143A1 (en) | System and method for projecting content beyond firewalls | |
US20060029000A1 (en) | Connection establishment in a proxy server environment | |
US10728220B2 (en) | System and method for covertly transmitting a payload of data | |
US20030135735A1 (en) | Self-monitoring and trending service system with a cascaded pipeline with enhanced authentication and registration | |
US20020129279A1 (en) | Methods and apparatus usable with or applicable to the use of the internet | |
US11689543B2 (en) | System and method for detecting transmission of a covert payload of data | |
US11055166B2 (en) | Covertly storing a payload of data within a network | |
WO2021142049A1 (fr) | Présentation de données à un utilisateur sans serveur hôte | |
US20030204586A1 (en) | Intelligent data replicator | |
Nedergaard et al. | Evaluating coap, OSCORE, DTLS and HTTPS for secure device communication | |
CN106355101B (zh) | 一种面向简易存储服务的透明文件加解密系统及其方法 | |
CN107888651B (zh) | 用于多简档创建以减轻剖析的方法和系统 | |
WO2016201673A1 (fr) | Procédé de détection et dispositif de détection du nombre d'hôtes d'accès partagé | |
US11818104B2 (en) | Anonymous proxying | |
CN104767781A (zh) | 一种tcp代理装置以及方法 | |
Maatkamp et al. | Unidirectional secure information transfer via RabbitMQ | |
Reynders | QUIC insight |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21738672 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21738672 Country of ref document: EP Kind code of ref document: A1 |