Robert L Short

US Patent:

6618761, Sep 9, 2003

Filed:

Feb 26, 2002

Appl. No.:

10/082164

Inventors:

Edmund Colby Munger - Crownsville MD
Douglas Charles Schmidt - Severna Park MD
Robert Dunham Short - Leesburg VA
Victor Larson - Fairfax VA
Michael Williamson - South Riding VA

Assignee:

Science Applications International Corp. - San Diego CA

International Classification:

G06F 15173

US Classification:

709241, 709242, 370232, 370234, 370237

Abstract:

Methods and systems allowing a plurality of computer nodes to communicate using weighted transmission paths are provided. A load balancer distributes packets across weighted transmission paths according to transmission path quality, which is monitored and updated from time to time. As transmission quality on a specific transmission path decreases, the weight assigned to that transmission path is reduced. Similarly, weights may be increased if transmission quality improves. The weights assigned to various transmission paths may correspond to a relative number of packets to be transmitted on each respective transmission path. The transmission path for each packet can be selected based on the weights of the various transmission paths. Using weights based on transmission quality, transmission paths with higher transmission quality are used more often than transmission paths with lower transmission quality, resulting in more efficient communications.

US Patent:

7133930, Nov 7, 2006

Filed:

Mar 31, 2003

Appl. No.:

10/401551

Inventors:

Edmund Colby Munger - Crownsville MD, US
Vincent J. Sabio - Columbia MD, US
Robert Dunham Short - Leesburg VA, US
Virgil D. Gligor - Chevy Chase MD, US
Douglas Charles Schmidt - Severna Park MD, US

Assignee:

Science Applications International Corporation - San Diego CA

International Classification:

G06F 15/16
G06F 17/00

US Classification:

709245

Abstract:

A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. These techniques include a self-synchronization technique in which a sync field is transmitted as part of each packet, and a “checkpoint” scheme by which transmitting and receiving nodes can advance to a known point in their hopping schemes.

US Patent:

20020161884, Oct 31, 2002

Filed:

Feb 26, 2002

Appl. No.:

10/082285

Inventors:

Edmund Munger - Crownsville MD, US
Douglas Schmidt - Severna Park MD, US
Robert Short - Leesburg VA, US
Victor Larson - Fairfax VA, US
Michael Williamson - South Riding VA, US

Assignee:

Science Applications International Corporation - San Diego CA

International Classification:

G06F015/173
G06F011/30
H04L009/00
H04L009/32
G06F012/14

US Classification:

709/224000, 713/200000

Abstract:

A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication fiction between two separate entities.

US Patent:

20030037142, Feb 20, 2003

Filed:

Sep 30, 2002

Appl. No.:

10/259494

Inventors:

Edmund Munger - Crownsville MD, US
Douglas Schmidt - Severna Park MD, US
Robert Short - Leesburg VA, US
Victor Larson - Fairfax VA, US
Michael Williamson - South Riding VA, US

Assignee:

Science Applications International Corporation - San Diego CA

International Classification:

G06F015/173

US Classification:

709/225000

Abstract:

A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.

US Patent:

20030167342, Sep 4, 2003

Filed:

Mar 31, 2003

Appl. No.:

10/401888

Inventors:

Edmund Munger - Crownsville MD, US
Douglas Schmidt - Severna Park MD, US
Robert Short - Leesburg VA, US
Victor Larson - Fairfax VA, US
Michael Williamson - South Riding VA, US

Assignee:

Science Applications International Corporation - San Diego CA

International Classification:

G06F015/173

US Classification:

709/238000

Abstract:

A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer, that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.

US Patent:

20040098485, May 20, 2004

Filed:

Nov 18, 2003

Appl. No.:

10/714849

Inventors:

Victor Larson - Fairfax VA, US
Robert Short - Leesburg VA, US
Edmund Munger - Crownsville MD, US
Michael Williamson - South Riding VA, US

Assignee:

Science Applications International Corporation - San Diego CA

International Classification:

G06F015/16

US Classification:

709/227000

Abstract:

A secure domain name service for a computer network is disclosed that includes a portal connected to a computer network, such as the Internet, and a domain name database connected to the computer network through the portal. The portal authenticates a query for a secure computer network address, and the domain name database stores secure computer network addresses for the computer network. Each secure computer network address is based on a non-standard top-level domain name, such as .scom, .sorg, .snet, .snet, .sedu, .smil and .sint.

US Patent:

20040103205, May 27, 2004

Filed:

Nov 7, 2003

Appl. No.:

10/702580

Inventors:

Victor Larson - Fairfax VA, US
Robert Short - Leesburg VA, US
Edmund Munger - Crownsville MD, US
Michael Williamson - South Riding VA, US

Assignee:

Science Applications International Corporation - San Diego CA

International Classification:

G06F015/16

US Classification:

709/229000, 713/201000

Abstract:

A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet.

US Patent:

20040107285, Jun 3, 2004

Filed:

Nov 7, 2003

Appl. No.:

10/702486

Inventors:

Victor Larson - Fairfax VA, US
Robert Short - Leesburg VA, US
Edmund Munger - Crownsville MD, US
Michael Williamson - South Riding VA, US

Assignee:

Science Applications International Corporation - San Diego CA

International Classification:

G06F015/16

US Classification:

709/229000, 709/245000

Abstract:

A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet.