Abstract: A network device comprises a storage device storing an application program for a secure communications service, and at least one processor configured to execute the application program for the secure communications service so as to enable the network device to send a request to look up a network address of a second device based on an identifier associated with the second device, receive an indication that the second device is available for the secure communications service, the indication including the requested network address and provisioning information for a secure communication link, connect to the second device over the secure communication link, using the received network address of the second device and the provisioning information for the secure communication link, and communicate at least one of video data and audio data with the second device using the secure communications service via the secure communication link.

Abstract: A method of establishing a secure communication link includes receiving, at a domain name server (DNS), a request to communicate securely, the request including an identifier of a client device and having been sent in response to a determination that a DNS request from the client device corresponds to a first computer configured to communicate securely. The method includes sending a second request to a server computer. In response to second request, the server computer compares the received client device identifier to one or more stored client device identifiers to determine a security level of the client device and determines a security level of the first computer. The sever computer determines, based on a comparison of the security level of the client device and the security level of the first computer, whether the client device is authorized to communicate with the first computer, and generates a resource used to establish the secure communication link between the client device and the first computer.

Abstract: A method performed by a name server includes receiving, at the name server from a first network device, a first name associated with a second network device and for which the name server supports establishing an encrypted connection to the second network device over a network. The method further includes determining a quality of service level for the encrypted communication link based on the first name and on a user associated with the first network device, wherein the quality of service level corresponds to a priority with which the first network device is granted access to the second network device. The method further includes selecting, based on the determined quality of service level, one or more network addresses for communicating with the second network device using the encrypted connection from among a plurality of network addresses associated with the second network device, wherein the selected one or more network addresses correspond to the determined quality of service level.

Abstract: A method of transmitting data over a computer network includes, at an originating terminal connected to the computer network, receiving a stream of data and inserting a first level packet payload containing an at least one dummy data. The method includes, identifying a network destination address for the stream of data. Further, the method includes, forming a first level packet including the first level packet payload and a first level header containing data representing the network destination address. The method further includes, encrypting at least a portion of the first level packet to form a second level packet payload. The method further includes, forming a second level packet including the second level packet payload and a second layer header containing a router address of an intermediate router connecting the originating terminal to the network destination address. The method further includes, sending the second level packet to the intermediate router at the router address.

Abstract: A method performed by a first network device for communicating over a network, the method includes receiving, at the first network device, a request to connect to a second network device. The method includes, based on the request to connect, determining whether the first network device is set to an encrypted communication mode. The method further includes, based on a determination that the first network device is set to the encrypted communication mode, sending, to a first name service, a first name associated with the second network device and for which the first name service supports establishing an encrypted connection to the second network device.

Abstract: A secure domain name service for a computer network is disclosed that includes a portal connected to a computer network, such as the Internet, and a domain name database connected to the computer network through the portal. The portal authenticates a query for a secure computer network address, and the domain name database stores secure computer network addresses for the computer network. Each secure computer network address is based on a non-standard top-level domain name, such as .scom, .sorg, .snet, .snet, .sedu, .smil and .sint.

Abstract: A method of transmitting data over a computer network includes, at an originating terminal connected to the computer network, receiving a stream of data and inserting a first level packet payload containing an at least one dummy data. The method includes, identifying a network destination address for the stream of data. Further, the method includes, forming a first level packet including the first level packet payload and a first level header containing data representing the network destination address. The method further includes, encrypting at least a portion of the first level packet to form a second level packet payload. The method further includes, forming a second level packet including the second level packet payload and a second layer header containing a router address of an intermediate router connecting the originating terminal to the network destination address. The method further includes, sending the second level packet to the intermediate router at the router address.

Abstract: A system and method for video conferencing over a secure communication link is disclosed. In various implementations, the system is configured connect to a communication network, store a plurality of network addresses of devices of registered users, each device of a registered user having an application program for conducting video conferencing between, the client device and the target device, and establish a secure communication link between the client device and the target device. The secure communication link is established in response to a query (a) generated by the client device and (b) including an identifier associated with a network address of the target device, the establishment of the secure communication link being based on a determination that the target device can accept a secure communication link connection with the client device. Video conferencing is conducted over the secure communication link connection between the client device and the target device.

Abstract: A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link.

Abstract: A system and method for video conferencing over a secure communication link is disclosed. In various implementations, the system is configured connect to a communication network, store a plurality of network addresses of devices of registered users, each device of a registered user having an application program for conducting video conferencing between, the client device and the target device, and establish a secure communication link between the client device and the target device. The secure communication link is established in response to a query (a) generated by the client device and (b) including an identifier associated with a network address of the target device, the establishment of the secure communication link being based on a determination that the target device can accept a secure communication link connection with the client device. Video conferencing is conducted over the secure communication link connection between the client device and the target device.

Abstract: A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link.

Abstract: In one embodiment, a method includes generating a Domain Name Service (DNS) request comprising a domain name, determining that the DNS request corresponds to a first computer configured to communicate securely, and sending, based on the determination, a request to establish a communication link with the first computer configured to communicate securely, the request including an identifier of a client device used to determine whether the client device is authorized to communicate with the first computer.

Abstract: A method performed by a first network device for communicating over a network, the method includes receiving, at the first network device, a request to connect to a second network device. The method includes, based on the request to connect, determining whether the first network device is set to an encrypted communication mode. The method further includes, based on a determination that the first network device is set to the encrypted communication mode, sending, to a first name service, a first name associated with the second network device and for which the first name service supports establishing an encrypted connection to the second network device.

Abstract: A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

Abstract: A network device comprises a storage device storing an application program for a secure communications service, and at least one processor configured to execute the application program for the secure communications service so as to enable the network device to send a request to look up a network address of a second device based on an identifier associated with the second device, receive an indication that the second device is available for the secure communications service, the indication including the requested network address and provisioning information for a secure communication link, connect to the second device over the secure communication link, using the received network address of the second device and the provisioning information for the secure communication link, and communicate at least one of video data and audio data with the second device using the secure communications service via the secure communication link.

Abstract: A device and method for establishing a connection between devices is disclosed. A first device receives a request to connect to a second network device and, based on the request, a determination is made as to whether the first device is set to a first communication mode or a second communication mode. If the first device is set to the first communication mode then a first name associated with the second device is sent to a first name service, the first name service supporting establishing an encrypted connection to the second device, a resource for the encrypted connection to the second device is received at the first device, and communication with the second device is established over the network via the encrypted connection using the received resource. If the first device is set to the second communication mode then communication with the second device is established via a second connection.

Abstract: A system for and method of establishing a secure communication link is disclosed. The method comprises: (1) generating a Domain Name Service (DNS) request; (2) determining that the DNS request corresponds a first computer configured to communicate securely; (3) sending, based on the determination, a request to establish a secure communication link with the first computer configured to communicate securely, the request including an identifier of a client device used to determine whether the client device is authorized to communicate with the first computer; (4) receiving, in response to the request to establish a secure communication link, a resource used to establish the secure communication link; (5) automatically establishing the secure communication link using the received resource; and (6) communicating securely with the first computer over the established secure communication link.

Abstract: A network device comprises a storage device storing an application program for a secure communications service, and at least one processor configured to execute the application program for the secure communications service so as to enable the network device to send a request to look up a network address of a second device based on an identifier associated with the second device, receive an indication that the second device is available for the secure communications service, the indication including the requested network address and provisioning information for a secure communication link, connect to the second device over the secure communication link, using the received network address of the second device and the provisioning information for the secure communication link, and communicate at least one of video data and audio data with the second device using the secure communications service via the secure communication link.

Abstract: A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link.

Abstract: A method of establishing a secure communication link comprises: (a) receiving a request that (i) includes an identifier of a client and (ii) was sent in response to a determination that a DNS request from the client corresponds to a first computer configured to communicate securely; (b) comparing the received client identifier to at least one stored client identifier; (c) determining, based on the comparison, whether the client is authorized to communicate with the first computer; (d) generating a resource used to establish the secure communication link between the client and the first computer; (e) generating a message in response to determining that the client is not authorized to communicate with the first computer; and (f) in response to determining that the client is authorized to communicate with the first computer, making the resource available to the client to automatically establish the secure communication link.