 Method, system, and program for returning a file requested through a network connection |
| OF THE PREFERRED EMBODIMENTS In the following description, reference is made to the accompanying ... |
|
| Control system with customizable menu structure for personal mobility vehicle |
| Referring now to the drawings, there is illustrated in FIG. 1 a diagrammatic representation of an ... |
|
| Intelligent network security device and method |
| I claim: 1. In a computer system connected to an external communications medium, a security device ... |
|
| Method for automatic intrusion detection and deflection in a network |
| OF THE INVENTION The present invention is of a method and a system for providing security to a ... |
|
| Enhanced browser application for service related to the transportation of a message |
| It is an object of the present invention to provide a universal browser, compatible with common ... |
|
| Representing and verifying network management policies using collective constraints |
| The foregoing needs and objects, and other needs and objects that will become apparent from the ... |
|
| Method and system for updating a root of trust measurement function in a personal computer |
| The present invention provides a method and system for updating a root of trust measurement ... |
|
| Spatial domain mechanism |
| OF VARIOUS EMBODIMENTS Referring to FIG. 1, a system 30 includes a host 32 coupled to a first ... |
|
|
Sliding scale adaptive self-synchronized dynamic address translation
| Details |
Inventors: Fink, Russell Andrew; Brannigan, Matthew Aloysius; Ferguson, Shelley Anne;
Assignee: Verizon Corporate Services Group Inc. (New York, NY)
Primary Examiner: Robinson; Greta
Assistant Examiner: Lewis; Cheryl
Attorney, Agent or Firm: Suchtya, Esq.; Leonard C., Wal, Esq.; Joel Fitzpatrick, Cella, Harper & Scinto
A bastion host is provided for a local area network (LAN). The bastion host processes packets to be transferred from the LAN to a wide area network (WAN). The bastion host intercepts packets originating from a host on the LAN, the packets being destined for transmission over the WAN, extracts bits from predetermined fields from each packet header to form one or more blocks for translation, masks bits from the one or more blocks that vary rapidly packet to packet, applies a predetermined encryption algorithm to translate the one or more blocks after masking; and reinserts bits from the translated block back into the packet header. |
|
DETAILED DESCRIPTION In view of the above, it is an object of the present invention to provide a method of translating packets in a manner that would entice a would-be adversary to try to ping the network to learn its topology, while hiding the true host source and destination addresses.
In accordance with one preferred embodiment, translation of packet information is performed such that the apparent host source address in the header of each packet emanating from a local area network, or enclave, is an arbitrary address, and one that changes every predetermined number of packets.
Such translation makes it appear to an outside observer that the packets are originating from various ones of hosts, the addresses for which do not relate to actual hosts in the source enclave.
Another embodiment of the present invention is an apparatus for processing packets to be transferred from a local area network (LAN) to a wide area network (WAN).
The apparatus includes means for intercepting packets originating from a host on the LAN, the packets being destined for transmission over the WAN.
This apparatus further includes means for extracting bits from predetermined fields from each packet header to form one or more blocks for translation, masking means for masking bits from the one or more blocks that vary rapidly packet to packet, means for applying a predetermined encryption algorithm to the one or more blocks after masking by the masking means, and means for reinserting bits from the translated block back into the packet header.
Another embodiment of the present invention is a method for processing packets to be transferred from a local area network (LAN) to a wide area network (WAN).
This method includes intercepting packets originating from a host on the LAN, the packets being destined for transmission over the WAN.
The method further includes extracting bits from predetermined fields from each packet header to form one or more blocks for translation, masking bits from the one or more blocks that vary rapidly packet to packet, applying a predetermined encryption algorithm to translate the one or more blocks after masking at the masking step, and reinserting bits from the translated block back into the packet header
|
| Related patents |
|
|
Methods and systems for managing virtual addresses for virtual networks
Reference will now be made in detail to the exemplary embodiments of the invention, examples of which are illustrated in the accompanying drawings. Wherever possible, ...
|
|
|
Data carrier for the storage of data and circuit arrangement for such a data carrier
The invention claimed is: 1. A data carrier for the storage of data, which data carrier has a first interface for communication with a first communication device and ...
|
|
|
Exhaust valve for diesel engine and production thereof
OF THE INVENTION Embodiments of the invention will be explained in referrence to the attached drawings. FIG. 1 shows the exhaust valve according to the invention for D...
|
|
|
Computer system having a plurality of stored system capability states from which to resume
According to the present invention a computer system is provided that has a plurality of suspend files allowing multiple system states to be selectively saved and ...
|
|
|
Barrier synchronization method wherein members dynamic voting controls the number of synchronization phases of protocols and progression to each new phase
The shortcomings of the prior art are overcome and additional advantages are provided through the provision of a barrier synchronization mechanism. A group cf members, ...
|
|
|
System for transferring data specified in a transaction request as a plurality of move transactions responsive to receipt of a target availability signal
The present invention is a system and method for efficiently transporting blocks of data through a high speed, bus-like interconnect, where the burst transfer size ...
|
|
|
Method and apparatus for synchronization of data retrieval and presentation
The present invention includes a method and an apparatus for synchronization of data retrieval; this data may be video and audio data which includes a sequence of frames ...
|
|
|
Method and system for message transfer session management
In accordance with the invention, there is provided a method and system for managing transfer of message packets in a session between first and second nodes in a message ...
|
|
|
APPARATUS FOR DISTRIBUTING INFORMATION OVER A NETWORK-BASED ENVIRONMENT, METHOD OF DISTRIBUTING INFORMATION TO USERS, AND METHOD FOR ASSOCIATING CONTENT OBJECTS WITH A DATABASE WHEREIN THE CONTENT OBJECTS ARE ACCESSIBLE OVER A NETWORK COMMUNICATION MEDIUM
A system and method are provided to document and quantify demand for particular information that is a requested by an individual user by sampling a worldwide user ...
|
|
|
Service providing system and service providing device that provides a specific service in response to user authority determination based on positional relationships of virtual objects
However, according to the related art method, since everyone can operate a projector and cause any type of data to be displayed by manipulating a controller, such as a PC...
|
|
|
Processing Data 
