RU2490703C1 - Method of protecting communication channel of computer network - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: in the method, initial data containing addresses of the message sender and the recipient are given. A base of Z false sender addresses is formed at the recipient and the sender in given initial data. The current address of the sender and the recipient is stored. The current false address of the sender is selected from the given base of false addresses and stored. At the sender, a packet header identifier is formed based on a random law and information on the return address of the sender is also formed. An initial data packet is formed. The formed message packet is sent from the sender to the recipient. The data packet is received from the sender. Encoded data are selected by the recipient and decoded. Information on new current addresses of the sender and recipient is formed at the recipient. A notifying message packet is then formed and sent from the recipient to the sender. The notifying packet is received from the recipient. The current addresses of the sender and recipient are extracted therefrom and compared with the stored false return address of the sender and the address of the sender. If the addresses do not match, the received data packet is not analysed, and in case of a match, encoded data are extracted from the received notifying message packet and decoded.

EFFECT: high level of security and secure operation of segments of a computer network over communication channels.

4 dwg

Description

The invention relates to the field of information security of digital communication systems and can be used in distributed computing networks connected via the Internet.

A known method of protection against unauthorized exchange between the first computer network and the second computer network, implemented in the "Protection System for Connected Computer Networks" according to the patent of the Russian Federation No. 2152691, IPC G06F 12/14, publ. 07/10/2000

The method consists in performing the following actions: receive a communication message in the first network protocol format on the first network interface from the first computer network. The communication message is converted to a second network protocol format, as a result of which the source and destination address information is deleted from the communication message. A communication message is transmitted to the second network interface. Carry out the inverse transformation in the second network interface of the communication message in the first format of the network protocol. A communication message is transmitted after the reverse conversion to a second computer network.

The disadvantage of this method is the high likelihood of violating the confidentiality of information when using a virtual private network, namely listening to and reconstructing the traffic of a virtual private network at some point on the Internet.

There is also a method of protecting a virtual channel, implemented in the "Virtual channel protection system of a corporate network with the mandatory principle of access control to resources built on communication channels and switching means of a public communication network" according to RF patent №2163727, IPC G06F 13/00, F 12 / 14, publ. 02/27/2001

The method consists in the following actions: the client negotiates its access rights with the firewall, for which checks are performed on the firewall. If all the checks are passed, then a packet is sent that allows the connection between the client and the firewall. Next, the packet that allows the connection comes to the client, passing the transceiver unit and the encryption / decryption unit and electronic signature. Then it is transferred to the closed protocol generation unit. Then they send a packet that establishes a connection using a standard connection, but in each packet they replace the IP addresses of the destination server with the IP address of the corporate firewall.

The disadvantage of this method is the high probability of penetration into the corporate network at the point of connection to the Internet and (or) a violation of its normal functioning.

There is a method of protecting information circulating in a distributed telecommunication system when transmitting it over public communication channels, implemented in the "Distributed telecommunication system for transmitting shared data intended for their separate transmission and reception" according to patent US 6912252, IPC H04L 12/56; H04L 12/28, publ. 11/08/2001 g.

The method consists in the following actions: the source data from the sender is divided into N parts. Further, from their combinations, intermediate data groups are formed. Then, intermediate data is transmitted independently over N communication channels. The recipient receives groups of intermediate data arriving via N communication channels and restores the original data.

The disadvantage of this method is the relatively low security of communication due to the transmission of information in open form, and low secrecy of communication due to the increased likelihood of recognizing the structure of a distributed telecommunication system due to the increased probability of detection of identifiers of its elements during information exchange as a result of an increase in the number of communication channels.

The well-known "Method of protecting a corporate virtual private computer network from unauthorized exchange of information with a public transport network" according to the patent of the Russian Federation No. 2182355, IPC G06F 12/14, 9/00, publ. 05/10/2002

The method consists in performing the following actions: preliminary form tables of addresses of sources and recipients and their correspondence with identifiers. Form the source data packet from the sender. Identifies the sender and receiver. Encode packet data. Additional information (sender and recipient identifiers) is added to the message packet. Convert the output packet to TCP / IP format. Includes the current sender and receiver addresses in the converted TCP / IP data packet. Transfer the formed packet. Receive the transmitted packet from the recipient. The addresses and identifiers of the sender and receiver of messages are extracted from the received message packet. The recipient compares the addresses and identifiers of the sender and recipient of messages extracted from the received message packet with the pre-stored addresses and identifiers of the sender and recipient of messages. If they do not match, the received message packet is not analyzed, and if they match, the encoded data is extracted from the received packet. Decode the received data. The correspondence of the addresses of the message sender and the message recipient and the identifiers of the message sender and the message recipient contained in the received packet with the addresses of the message sender and message recipient and the identifiers of the message sender and the message recipient are pre-recorded in the third memory block. Transmit decoded packet data to the recipient of the message when they match.

The disadvantage of this method is the relatively low security and secrecy of communication due to the existence of a probability of recognizing a communication channel on a site that is part of the Internet by identifying the addresses of correspondents, as well as the possibility of opening the structure of a distributed aircraft.

The closest in technical essence to the claimed method is a method (options) of protecting a communication channel of a computer network according to the patent of the Russian Federation No. 2306599, IPC G06F 21/00 (2006.01), publ. September 20, 2007 under item 1.

The method consists in the following actions: set the source data, the sender form the source data packet. Then, the resulting data packet is encoded and converted to TCP / IP format. After that, the current addresses of the sender and recipient are included in it and the generated packet is transmitted. Replace the sender address. The address of the sender and recipient is allocated from the recipient and compared with predefined addresses. If there is a mismatch, the received packets are not analyzed, and if they match, the encoded data is extracted from the received packet and decoded. Replace the recipient address. Then re-form the original data packet from the sender.

The disadvantage of the prototype method is the relatively low level of security and secrecy of the operation of the segments of the computer network via communication channels, due to the fact that the change in the address of the sender and receiver in the transmitted packets occurs only within the database of real addresses used in interconnected remote segments of the distributed computer network, these changes are carried out only with real information exchange.

The purpose of the claimed technical solution is to develop a method of protecting a communication channel of a computer network, which improves the security level and secrecy of the segments of the computer network via communication channels by using a modified procedure for determining the addresses used in information exchange between remote segments of a distributed computer network by entering false addresses from the address spaces of networks that are not related to segments of a distributed computer network and changes in p real identifiers of transmitted packets.

и запоминают его. Формируют идентификатор пакета сообщения по случайному закону ID_случ. При формировании у отправителя информации об обратном адресе отправителя выделяют обратный ложный адрес отправителя $${А}_{отпр}^{облож}$$

из предварительно заданной базы ложных адресов Z и запоминают его. Затем для формирования исходного пакета сообщения у отправителя включают предварительно запомненный текущий адрес отправителя А_отпр и обратный ложный адресIn the claimed invention, the goal is achieved by the fact that in the known method of protecting a communication channel of a computer network, which consists in pre-setting the initial data, including the addresses of the sender and recipient of messages, remember the current address of the sender and recipient, form the sender with information about the return address of the sender , encode the data when generating the original message packet from the sender, and transmit it to the recipient, extract the encoded data from the received message packet, and decode and x, form at the recipient information about the addresses of the sender and recipient, as well as a notification message packet, and transmit it to the sender, and from the received notification message packet allocate the addresses of the sender and recipient, which are compared with previously remembered return addresses, in case of mismatch of addresses, the received packet is not they are analyzed, if they coincide, the encoded data is extracted from the received notification message packet and decoded, additionally form a base from Z false addresses for the recipient and sender s sender. Extract the current false sender address from the given base Z $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and remember it. The random message identifier of the message packet is _generated . When forming the sender with information about the return address of the sender, the return false address of the sender is allocated $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

from a predefined base of false addresses Z and remember it. Then, to create the message at the sender source packet previously memorized comprise a current sender address and a return _XMIT A false address

. Заменяют реальный идентификатор пакета на сформированный идентификатор по случайному закону ID_cлуч. После выделения и декодирования из принятого исходного пакета сообщения у получателя формируют информацию о новых текущих адресах отправителя и получателя, для чего выделяют из декодированных данных текущий адрес отправителя А_отпр и обратный ложный адрес отправителя $${А}_{отпр}^{облож}$$ и запоминают их в качестве текущего адреса получателя А_пол и текущего ложного адреса отправителя $${А}_{отпр}^{лож}$$

соответственно. Затем для формирования уведомляющего пакета сообщения у получателя включают в него предварительно запомненные текущий ложный адрес отправителя $${А}_{отпр}^{лож}$$

и реальный идентификатор заголовка пакета сообщения ID_реал. После преобразования кодированного пакета сообщения в формат TCP/IP, назначают текущим адресом отправителя и адресом получателя предварительно запомненные обратный ложный адрес отправителя $${А}_{отпр}^{облож}$$ и адрес получателя А_пол соответственно. Заменяют реальный идентификатор пакета сообщения на сформированный идентификатор по случайному закону ID_случ. После выделения из заголовка принятого уведомляющего пакета сообщения у отправителя сравнивают полученные текущие адреса отправителя $${А}_{отпр}^{облож}$$ и получателя А_пол с предварительно запомненными обратным ложным адресом отправителя $${А}_{отпр}^{облож}$$ и адресом отправителя A_отпр. При совпадении адресов сравнивают выделенные и декодированные текущий ложный адрес отправителя $${А}_{отпр}^{лож}$$

и реальный идентификатор пакета сообщения ID_реал с соответствующими предварительно запомненными значениями, и при их несовпадении принимают решение о неправильной передаче исходного пакета сообщения, а при совпадении принимают решение о правильной передаче, и запоминают ложный адрес отправителя $${А}_{отпр}^{лож}$$

и обратный ложный адрес отправителя $${А}_{отпр}^{облож}$$ для исключения повторного использования.sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$ as well as the actual packet identifier ID _real. After converting the encoded message packet to IP format, replace the current sender address with a previously stored false current sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

. Replace the real identifier of the package with the generated identifier according to the random law ID _case . After separation and decoding of the received source packet messages at the receiver generates information about the new current address of the sender and the recipient, which is isolated from the decoded data current sender address A and the return _XMIT false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$ and remember them as the current address of the recipient A _gender and the current false address of the sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

respectively. Then, to generate a notification packet, messages from the recipient include the previously remembered current false address of the sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and the real identifier of the packet header message ID _real . After converting the encoded message packet to the TCP / IP format, the sender and recipient address are assigned the previously remembered return false address of the sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$ and recipient address A _floor, respectively. Replace the real identifier of the message packet with the generated random identifier _case ID. After highlighting the message from the sender from the header of the received notification packet, the received current address of the sender is compared $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$ and receiver A is the _floor with the sender’s previously remembered return false address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$ A sender location and _send. When the addresses match, the selected and decoded current false address of the sender is compared $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and the real identifier of the message packet, the _real ID with the corresponding previously stored values, and if they do not match, they decide on the incorrect transmission of the original message packet, and if they match, they decide on the correct transmission, and the false address of the sender is remembered $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and return false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$ to exclude reuse.

Thanks to a new set of essential features in the claimed method, the indicated technical result is achieved through the use of a modified procedure for determining the addresses used in the information exchange between remote segments of a distributed computer network, by introducing false addresses from the address space of networks that are not related to segments of a distributed computer network and changing real identifiers transmitted packets.

The claimed method is illustrated by drawings, which show: in Fig.1 - an example of a typical structure of a distributed computing network;

figure 2 - structure of the IP header of the message packet;

Fig.3 is a diagram explaining the process of transmitting and receiving information and notification message packets;

figure 4 is a block diagram of a protection algorithm for a communication channel of a computer network.

The implementation of the claimed method is explained as follows. When combining remote segments of a distributed aircraft through public communication networks (for example, the Internet), it becomes more difficult to solve the problem of ensuring communication security. This is due to the emergence of an almost unlimited range of potential threats associated with either unauthorized access to information or its interception during transmission through communication channels, or destructive effects on aircraft. The task of protecting the informational part of message packets is quite effectively solved by means of cryptography. However, even if there is no possibility of decoding the intercepted information, the intruder can analyze the information interaction of the distributed aircraft segments by analyzing network traffic (message packet headers). This is because the headers of the message packets are transmitted in clear text.

The main data from the message packet header used to determine the information interaction is the addresses of senders, recipients and the message packet identifier. IP addresses are the main type of address on the basis of which packets are transmitted between networks. These addresses consist of a 32-bit sequence. The IP address is assigned by the administrator and it consists of two parts: network number and node number. In addition, the entire address space is divided into five classes, according to which it is determined how many bits of the address belong to the network part, and how many to the nodal part. When routing a packet through external networks, the main part is played by the network part of the IP address, since on intermediate routers the direction of packet transmission is determined by the network number (network part of the IP address) [V.G. Olifer, N.A. Olifer. Computer networks: Principles, technologies, protocols. Textbook for high schools. 3rd ed. - SPb .: Peter. 2010, pp. 340-349].

In addition, when transmitting a packet, the source assigns it an identification number of 16 bits. This number is used when packet fragmentation is performed while passing through an external network. All fragments of the packet will have the same identification number. This is necessary for the correct assembly of fragments in the source package [C. Zolotov. Internet Protocols. - St. Petersburg: BHV-St. Petersburg, 1998, p. 182-190]. With the information interaction of the distributed aircraft segments, packet naming will be carried out sequentially.

Thus, to ensure the security and secrecy of the operation of distributed aircraft segments over communication channels, it becomes necessary to use the procedure for hiding the true addresses of correspondents and changing the values of packet identifiers in the information flow of messages.

The implementation of the claimed method can be explained on the diagram of the computer network shown in figure 1.

The distributed aircraft segments 1.1 and 1.2 are connected to external network 2 via router 1.1.3 and 1.2.3. In the general case, the distributed aircraft segment 1.1 is a combination of a personal computer 1.1.1 ₁ - 1.1.1 _N , peripheral and communication equipment 1.1.2 and 1.1.3, combined by physical communication lines. All these elements have identifiers, for which, in the most common TCP / IP protocol stack, network addresses (IP addresses) are used. The external network is represented by a set of routers 2.1 ₁ -2.1 ₉ , transporting information flows from one segment of a distributed aircraft to another.

The structure of message packets is known, as is the principle of packet transmission in computer networks. For example, figure 2 presents the header structure of IP message packets, where the fields are highlighted: identifier, address of the sender and receiver of the message packet [RFC 791, Internet Protocol, 1981, September, pp. 11-22]. When packets pass through an external network, it is routed from source to destination in accordance with the destination IP address.

Figure 3 presents a diagram explaining the process of transmitting and receiving information and notification message packets, and figure 4 is a flowchart of an algorithm that implements a method of protecting a communication channel of a computer network.

At the initial stage, initial data is set, including the addresses of the sender and recipient of messages. A base of Z false addresses of the sender is formed at the recipient and sender in a predefined source data. Then remember the current address of the sender and recipient (block 1-3, figure 4).

Extract the current false address from the given base of false addresses

и запоминают его. Формируют идентификатор заголовка пакета ID_случ по случайному закону (блок 4-6, фиг.4).sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and remember it. A random ID packet header ID is _generated randomly (block 4-6, FIG. 4).

и запоминают его (блок 7, фиг.4).The sender from a predefined database of false addresses of the sender is randomly allocated a return false address of the sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

and remember it (block 7, figure 4).

, а также реальный идентификатор пакета ID_реал. После чего кодируют любым из известных способов кодирования (см., например, книгу Молдовян Н.А. и др. «Криптография: от примитива к синтезу». - СПб.: БВХ - Петербург, 2004, с.301-337) и преобразуют его в формат TCP/IP (блок 8-11, фиг.4). Преобразование заключается в добавлении IP-заголовка к кодированному пакету данных. Полученный в результате пакет является информационным пакетом сообщения, в котором заменены текущий адрес отправителя A_отпр на предварительно запомненный ложный текущий адрес отправителя $${А}_{отпр}^{лож}$$

, и реальный идентификатор заголовка пакета ID_реал на сформированный идентификатор ID_случ по случайному закону, а в качестве адреса получателя используется текущий адрес получателя A_пол. Передают получателю сформированный информационный пакет сообщений (блок 12-13, фиг.4).Initially, the sender form the original data packet, which includes pre-stored current sender address A and the return _XMIT false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

As well as the actual packet identifier ID _real. Then they encode using any of the known encoding methods (see, for example, the book by N. Moldovyan and others. “Cryptography: from primitive to synthesis.” - SPb .: BVH - Petersburg, 2004, p. 301-337) and transform it to the TCP / IP format (block 8-11, figure 4). The conversion is to add an IP header to the encoded data packet. The resulting packet is an information packet message, which the sender address is replaced by a current A _XMIT on previously memorized false sender address of the current $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

, and the real identifier of the packet header ID _real to the generated _case ID randomly, and the current address of the recipient A _floor is used as the recipient address. The generated informational message packet is transmitted to the recipient (block 12-13, FIG. 4).

At the second stage, after receiving the information packet from the recipient of the message, encoded data is extracted and decoded (block 14-16, FIG. 4).

, который используют в качестве текущего ложного адреса отправителя $${А}_{отпр}^{лож}$$

, и запоминают их (блок 17-19, фиг.4).Next, the recipient is formed with information about the new current addresses of the sender and recipient. For this decoded data is recovered from a current sender address A _XMIT which is used as the current A _floor, and return a false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

used as the current false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

, and remember them (block 17-19, figure 4).

и реальный идентификатор заголовка пакета ID_реал (блок 20-21, фиг.4). Далее кодируют пакет данных и преобразуют его в формат TCP/IP (блок 22-23, фиг.4). Назначают текущим адресом отправителя А_отпр предварительно запомненный обратный ложный адрес отправителя $${А}_{отпр}^{облож}$$

, полученный из принятого от отправителя пакета сообщения. Также назначают текущим адресом получателя A_пол предварительно запомненный адрес отправителя A_отпр (блок 24, фиг.4).At the third stage, in order to confirm the fact of receiving a packet from the sender, a notification message packet is generated from the recipient. For which it is similar, as with the sender, the source packet is formed, which is a notification of receipt of the information packet of the message. Then, the previously stored current false address of the sender is included in the source packet $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and the real identifier of the header of the packet _real ID (block 20-21, figure 4). Next, encode the data packet and convert it to TCP / IP format (block 22-23, figure 4). Assign current sender address A _XMIT previously memorized return false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

received from the message packet received from the sender. Also prescribed current receiver address _field A previously memorized sender _Sender A (block 24, Figure 4).

After that, the real identifier of the packet header of the _real ID is _replaced with the _generated random _case ID (block 25, figure 4). Next, the generated notification message packet is transmitted from the recipient to the sender (block 26, Fig. 4).

и получателя A_пол (блок 27-28, фиг.4). Сравнивают соответствующие адреса с предварительно запомненными обратным ложным адресом отправителя $${А}_{отпр}^{облож}$$

и адресом отправителя A_отпр (блок 29, фиг.4). При несовпадении адресов принятый пакет сообщения не анализируют, а при совпадении выделяют из принятого уведомляющего пакета сообщения кодированные данные и декодируют их (блок 30-32, фиг.4).At the fourth stage, after receiving a message from the sender of the notification packet, the current address of the sender is extracted from the packet header $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

and the recipient A _floor (block 27-28, figure 4). Compare the corresponding addresses with the pre-remembered sender's return false address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

and sender address _Sender A (block 29, Figure 4). If the addresses do not match, the received message packet is not analyzed, and if it matches, the encoded data is extracted from the received notification message packet and decoded (block 30-32, Fig. 4).

и реальный идентификатор заголовка пакета ID_реал (блок 33, фиг.4). Сравнивают выделенный текущий ложный адрес отправителя $${А}_{отпр}^{лож}$$

и реальный идентификатор ID_реал с соответствующими предварительно запомненными ложным адресом отправителя $${А}_{отпр}^{лож}$$

и реальным идентификатором пакета ID_peал (блок 34, фиг.4).Extract the current false sender address from the decoded data $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and the real identifier of the header of the packet _real ID (block 33, figure 4). Compare highlighted current false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and the real identifier ID _real with the corresponding pre-stored false address of the sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and the real packet identifier ID _real (block 34, figure 4).

и обратный ложный адрес отправителя $${А}_{отпр}^{облож}$$

для исключения повторного их использования (блок 37, фиг.4).If the corresponding addresses do not match, they decide on the incorrect transmission of the message packet, and if they match, on the correct transmission (block 35-36, figure 4). Remember the sender’s false address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and return false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

to exclude their reuse (block 37, figure 4).

Thus, the claimed method through the use of a modified procedure for determining the addresses used in the information exchange between remote segments of a distributed computer network, by introducing false addresses from the address space of networks that are not related to segments of a distributed computer network, and changing the real identifiers of the transmitted packets, allows to increase the level security and secrecy of the operation of computer network segments through communication channels.

Claims (1)

A method of protecting a communication channel of a computer network, which consists in pre-setting initial data, including the addresses of the sender and recipient of messages, storing the current address of the sender and recipient, generating information about the sender’s return address from the sender, encoding the data when generating the original message packet from the sender, and transmit it to the recipient, extract encoded data from the received message packet and decode it, form the recipient information about the addresses of the sender and recipient, as well as e the notification message packet and transmit it to the sender, and from the received notification message packet the addresses of the sender and recipient are selected, which are compared with previously stored return addresses, if the addresses do not match, the received packet is not analyzed, if they coincide, the encoded data is extracted from the received notification message packet and they are decoded, characterized in that they additionally form at the receiver and the sender a base of Z false addresses of the sender, extract the current false from the given base Z address of sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

, Memorize it, form the message ID packet ID randomly _happened during the formation of the sender information on the return address of the sender is released back a false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

from a predetermined base Z of false addresses, and storing it, and then to form the original message packet from the sender previously memorized comprise a current sender address A and the return _XMIT false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

, as well as the real packet identifier ID _real , after converting the encoded message packet to IP format, replace the current sender address with a previously stored false current sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

Replace the actual packet identifier to the generated identifier at random ID _happen after separation and decoding of the received original packet messages at the receiver generates information about the new current address of the sender and the recipient, which is isolated from the decoded data, the current address of the sender A _XMIT and reverse a false address sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

, and remember them as the current recipient address A _gender and the current false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

respectively, then, to form a notification packet, messages from the recipient include the sender’s previously remembered current false address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and the real identifier of the message packet header ID _real , after converting the encoded message packet to TCP / IP format, the sender’s address and the recipient’s address are pre-stored with the return sender’s false address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

and recipient address A _floor, respectively, replace the real identifier of the message packet with the generated random identifier ID _case , after highlighting the message from the sender from the header of the received notification packet, the received current address of the sender is compared $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

and receiver A _floor with pre-remembered sender return false address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

A sender location and _XMIT, and compared at the coincidence of addresses allocated and a current decoded false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and the real identifier of the message packet, the _real ID with the corresponding previously stored values, and if they do not match, they decide on the incorrect transmission of the original message packet, and if they match, they decide on the correct transmission and remember the false address of the sender $${\mathrm{BUT}}_{\mathrm{about}tPR}^{l\mathrm{about}\mathrm{well}}$$

and return false sender address $${\mathrm{BUT}}_{\mathrm{about}tPR}^{\mathrm{about}bl\mathrm{about}\mathrm{well}}$$

to exclude reuse.

Images