WO2025111023A2 - Systems and methods for secure satellite communications - Google Patents

Abstract

Communications via a radio route through a mesh of aerial-based system nodes (satellites, drones, balloons, and combinations thereof) are encrypted using encryption codes unique to every communication. The aerial-based nodes create radio routes in a routing phase in which the nodes themselves select antennas that link with other nodes. The identities of all of the selected antennas are received by the last node in the route. In a data transmission phase, the last node in the route comprises an originating node that uses the received antenna identities as an encryption code to encrypt the data. The encrypted data is transmitted in a node-to-node direction opposite to that in which the route was created, along with the identities of each node's selected antennas. The decryption code is thus available at the destination node only when it receives the encrypted data, which prevents decryption of data transmissions intercepted en route.

Description

SYSTEMS AND FOR SECURE SATELLITE COMMUNICATIONS CROSS-REFERENCE TO RELATED APPLICATIONS [0001] This application claims benefit of U.S. provisional application no.63/470,345 filed June 1, 2023 , the entire contents of which are incorporated by reference as part of the present disclosure as if set out in full herein. BACKGROUND [0002] Electronic networks carry a variety of sensitive content, including personal information, financial data such as bank account and credit card numbers and access codes, classified national security information, and strategic and tactical military communications. The utility of wired and wireless systems depends in the first instance on their ability to secure communications against interruption or interception. Systems that rely on wired connections are susceptible to interruption by cutting any physical “pipe” in the system, including local, regional and intercontinental cables. Satellite-based systems in which any part of a communication between a user and a satellite travels over a wire or cable can be interrupted the same way. Interception of content presents a separate problem, whether a system relies on wired, ground-based infrastructure or, like the SpaceX STARLINK® wireless satellite system described next, it supports direct user-satellite communications. Wireless systems—including those using unmanned aerial vehicles (“UAVs”) such as drones or balloons—are potentially more vulnerable to interception than wired ones because their signals are accessible by anyone with a radio. [0003] SpaceX’s STARLINK® satellite the “wire-cutting” problem by using self-contained user terminals on the ground that communicate directly with satellites in low-earth orbits. See “Starlink,” Wikipedia, https://en.wikipedia.org/wiki/Starlink. The tactical value of direct user-satellite communication in a war zone with severely compromised ground-based infrastructure has been demonstrated in action: On 26 February 2022, Musk [SpaceX] announced that Starlink satellites had been activated over Ukraine after a request from the Ukrainian government to replace internet services destroyed during the 2022 Russian invasion of Ukraine.... In May 2022 a Starlink-enabled Ukrainian Internet App was the key component of a successful new artillery fire coordination system. “Starlink,” Wikipedia. That type of wireless system has the same advantages in other scenarios where maintaining uninterrupted communications can be important, such as natural disasters which involve prolonged power outages. [0004] Known systems like STARLINK® comprise thousands of heavy satellites that are costly to launch and deploy, and that are maintained in known, fixed orbits that make them easy to find and disable. “Starlink,” Wikipedia. The vulnerability of satellites in known, predictable positions is real and has been demonstrated. Tingley, B., “Chinese Satellite Just Grappled Another and Pulled it Out of Orbit,” Jan.27, 2022, https://www.thedrive.com/the-war- zone/44054/a-chinese-satellite-just-grappled-another-and-pulled-it-out-of-orbit. These and similar existing systems require enormous expenditures to deploy an operational system that needs hundreds or thousands of satellites. Moreover, the satellites’ vulnerability can result in service interruptions in critical situations, not to mention the cost of inserting replacements into the orbits of those destroyed or otherwise compromised. [0005] The assignee has numerous issued patents and patent publications, both domestic and foreign, that disclose a wide variety of space-based systems, methods and apparatus that moot a lot of those cost issues. The U.S. Patents No.10,084,536, No.10,085,200, No.10,447,381, No.10,979,136 (“the ‘136 patent”), and No.11,968,023 (“the ‘023 patent”), describe novel route creation and data transmission protocols for establishing radio links in a system that can transmit data among large numbers of terrestrial nodes via one or more inexpensive satellites and/or other types of non-terrestrial aerial-based nodes. The assignee’s Pub. No. US 2022/0029699 describes a satellite construction especially adapted for systems using LEO (low-earth orbit, up to about 1000 miles) and VLEO (very low-earth orbit, up to about 300 miles) that facilitate direct communication with stand-alone terrestrial nodes, such as smartphones and tablet or laptop computers. The assignee’s Pub. No. US 2022/0173795 describes systems and methods for connecting satellites and moving terrestrial users, which will enhance ability of space-based systems to establish communications in various settings, such as military theaters encompassing ground and/or naval operations. The assignee’s Intl. Pub. No. WO 2023/229923 (“the ‘923 publication”) describes UAVs that can enhance direct connections to users’ devices for both local area communications via UAV-only routes and longer distance communications by linking UAVs and with satellites in cohorts orbiting at different altitudes, including one or more LEO or VLEO satellites. Systems and methods described in the ‘923 publication can provide, and even enhance, the tactical advantages of a STARLINK® satellite-only system at a small fraction of the cost. [0006] The detailed description that follows borrows from the ‘136 patent, the ‘023 patent and the ‘923 publication to explain an example of a system that enables the creation of radio routes via a constellation of hundreds or thousands of satellites and/or UAVs that need not be in known orbits and are thus not easily found by a “killer” satellite or other means of disabling them. Because the satellites in this exemplary system are not maintained in known orbits at fixed altitudes or attitudes, they do not require costly propulsion systems that add to the cost, weight and size of STARLINK® satellites. Even if one or even a few of the assignee’s satellites can be found destroyed, replacements can be launched for a fraction of the cost to deploy just one satellite in a STARLINK® constellation. And because, unlike the assignee’s satellites and UAVs, STARLINK® satellites have to be in fixed positions relative to each other, finding one will make it easier to find others. The assignee’s routing protocols automatically incorporate new satellites into routes through the constellation regardless of their locations relative to the earth’s surface, making the system self-healing when satellites are lost for any reason, not only by intentional destruction, but also through malfunctions or orbital decay. The same is true for systems comprising UAVs, either alone or with satellites. [0007] The assignee’s small, inexpensive satellites and the routing protocols that enable them to create routes with radio links between satellites have those and other operational advantages over satellite systems like STARLINK®. Even more significantly, the same protocols also uniquely support methods for enhancing the security of the data transmitted over routes through non-orbiting aerial nodes, a constellation of satellites— particularly when they’re in random, stochastic orbits—or a system with both. With the security enhancements in this disclosure, the more satellites in a route the greater the data security. It is believed that a STARLINK® system at present only supports a one-satellite, “bent pipe” route, but the encoding techniques disclosed here could be applied to that system, too. Moreover, the same security enhancements can be used in systems with any type of non-orbiting aerial-based node, including low-altitude unmanned heavier-than-air aircraft, lighter-than-air balloons or lighter-than-air airships. BRIEF DESCRIPTION OF THE DRAWINGS [0008] The manner by which systems and methods described here achieve certain objects of the disclosed subject matter will be better understood from the detailed description of preferred embodiments which follows below, when taken in conjunction with the accompanying drawings, in which and letters refer to like features throughout. The following is a brief identification of the drawing figures used in the accompanying detailed description. [0009] FIGURE 1 schematically depicts an embodiment of a satellite suitable for use in the communications systems disclosed herein. [0010] FIGURE 2 is a schematic representation of various operational components of the satellite depicted in FIGURE 1. [0011] FIGURE 3 comprises a Mercator projection of the earth showing the orbital paths of a constellation of stochastically distributed satellites like the one shown in FIGURE 1 deployed at various altitudes in low-earth orbits with different inclinations relative to the equator. [0012] FIGURE 4 is a schematic diagram illustrating a routing network with radio routes connecting system nodes using a routing protocol supporting embodiments of encryption methods according to this disclosure. [0013] FIGURE 5 is a flowchart illustrating a method of creating the radio routes depicted in FIGURE 4. [0014] FIGURE 6 is a not-to-scale representation of an example of a satellite-based radio route created using the method illustrated in FIGURE 5 [0015] FIGURE 7 is a flowchart illustrating an embodiment of a method for encrypting data transmitted via a route created by the method illustrated in FIGURE 5 and depicted in FIGURE 6. [0016] FIGURE 8 illustrates schematically circuitry resident in a satellite for effecting route creation and data transmission according to the description herein. [0017] FIGURE 9 is a notional depiction of routes through systems using various types of satellites and non-orbiting aerial nodes to which the encryption methods described here can be applied. [0018] One skilled in the art will readily understand that the drawings are not strictly to scale, but nevertheless will find them sufficient, when taken with the detailed descriptions of preferred embodiments that follow, to make and use the present invention. DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS [0019] The detailed description that follows is intended to provide specific examples of particular embodiments illustrating various ways of implementing the disclosed subject matter. It is written to take into account the level of knowledge of one of ordinary skill in the art to which the disclosed subject matter pertains. Accordingly, certain details may be omitted as being unnecessary for enabling such a person to realize the described embodiments. [0020] The following detailed description of certain preferred embodiments of the subject matter is organized as follows: I. Definitions II. Basic Communication Systems Principles III. Aerial Node Design: Antenna Configuration and Onboard Control Circuitry IV. Route Creation in Orbiting/Non-Orbiting Aerial-Based Communication Systems A. General Description of Exemplary Satellite Deployments B. Route Creation Protocols Supporting Enhanced Communication Security V. Enhanced-Security Communication Methods in an Aerial-Based Mesh System VI. Examples of Three-Dimensional Radio Mesh Systems [0021] I. Definitions [0022] The detailed description in the next sections uses numerous terms intended to have specific meanings. For satellite deployments, specific terms relate to options for systems and methods disclosed below using just satellites alone or in combination with non-orbiting aerial nodes such as the LTA and lift-assisted drones described in the ‘923 publication. Satellites can be deployed in known, fixed orbits or, in certain advantageous embodiments in which route creation is based on the statistical likelihood of creating node to node links, with satellites that are “stochastically distributed” or in “unconstrained orbits.” These terms are both related to the term “random orbits” used in the assignee’s patents and patent publications referenced earlier. The intended meaning of these terms is that a satellite, once deployed in orbit, can be permitted to assume any orbital path without the application to the satellite of motive power by an onboard propulsion system. However, neither term is intended to exclude initial deployment of a satellite at a particular orbital inclination, altitude, or attitude, or at a particular geolocation relative to another satellite in the system. Stated another way, “stochastically distributed,” “unconstrained” or “random” orbits means that satellites are deployed so that their locations relative to other satellites and to the ground at any given time are not controlled after they are inserted into orbit, although they may be initially deployed in a manner designed to provide coverage of a particular swath of the surface of the body they are orbiting. The satellites need not be deployed randomly in a mathematical sense, but it is within the scope of these terms to use mathematical methods to determine satellite deployment direction, inclination, altitude, velocity, etc. that take into account the geographic areas on the ground to be served by radio routes using one or more satellites. In addition, individual satellites can be launched in different orbital directions (for example, eastward or westward around the earth) in combination with any of the aforementioned or other deployment techniques. For example, the satellites could be ejected in different directions at velocities from a launch vehicle traveling in an orbital direction (that is, generally eastward or westward), so that after a time they will have separated themselves into “random” orbits in an essentially unconstrained manner. This will make a constellation of multiple satellites appear to an observer on the ground to be stochastically distributed in random orbits. [0023] The term “passive attitude control” and the related term “without active attitude control” as applied to a satellite in the systems described herein mean that the satellite carries no attitude control mechanism with parts that are moved to different positions by onboard apparatus requiring motive power to intentionally change the attitude of the satellite with respect to an external frame of reference. Examples of active attitude control mechanisms would be propulsion systems with thrusters capable of imparting moments on the satellite to cause it to rotate, or mechanical actuators with moving parts used to change the center of gravity or angular momentum of the satellite or the position and/or orientation of a satellite’s solar panels. The terms do not exclude the use of passive means for changing or controlling satellite attitude without using moving parts, whereby a satellite may tend to assume a particular attitude over time simply by virtue of its structure and the materials used in its manufacture. In addition, the terms do not exclude using various approaches such as using electrical means to stabilize the attitude of the satellites within certain limits. This could include techniques such as selective switching of arrays of one or more electromagnets to vary their interaction with the magnetic field of the body around which they are rotating in a manner that influences satellite attitude and in some applications also satellite velocity. Similar techniques known presently or developed in the future are also covered by the terms “passive attitude control” and “without active attitude control.” [0024] A “node” or “system node” is a physical object with one or more transceivers for transmitting radio signals intended to be received by other nodes and for receiving radio signals transmitted from other nodes. Nodes can be ground stations on the earth or other body. Examples of surface ground are described in the next paragraph. A ground station can also comprise transceivers above the surface. Aerial-based nodes include, but are not limited to, orbiting satellites and non-orbiting drones, which can be heavier-than- air fixed-wing or rotary-wing aircraft, and lighter-than-air rigid airships with or without propulsion and steering systems. Non-orbiting aerial nodes also include balloons. Similar to satellites, non-orbiting aerial-based nodes need not be maintained in precise, predetermined positions to support route creation. However, since they are subject to atmospheric conditions they may include propulsion and guidance systems sufficient to limit their range of motion. [0025] A “ground node,” “terrestrial node” or “ground-based node” can refer to a ground station at a fixed location, such as a cellular telephone switch on the ground, or to a mobile node that can move from place to place under motive power while transmitting and receiving radio signals. The term “mobile ground node” or “mobile terrestrial node” can also refer to an aircraft in flight serving as an originating node from which a passenger desires to transmit data to a destination ground node comprising another aircraft in flight or to a destination ground node actually on the surface; or it can be a destination ground node on the surface from which a system user desires to transmit data to an aircraft in flight or to another system ground node on the surface. Elevated ground nodes will enable more users to connect to a communications system in areas of low population density. The term “mobile ground node” or “mobile terrestrial node” can further mean a moving surface vehicle (such as an automobile) from which an occupant desires to transmit data to a destination ground node comprising an aircraft in flight or to a destination node actually on the surface; or it can be an originating node on the surface from which a system user desires to transmit data to an aircraft in flight or to another system node on the surface. Examples of other types of mobile ground nodes are, without limitation, portable devices such as smartphones and tablet computers, trucks and buses, and ships at sea such as cruise ships, fishing boats (of all pleasure boats. Accordingly, it will be understood that terms such as “ground-based node” and “terrestrial node” used in this disclosure are meant to be interpreted broadly as including any system node operated by a user that forms the terminus of a route from which data is transmitted (an “originating node”) or at which it is received (a “destination node”), whether or not it is in a fixed location or can move with the user, or it is physically on the surface, suspended above the surface, or on a body of water. [0026] “Routing messages” and “data communications” (or “data transmissions”) are also used in the description that follows. A “routing message” is a radio signal sent from a system node (terrestrial or aerial) that contains information or has a property that can be used for determining the suitability of the node for inclusion in a multi-link radio route. A “data communication” comprises content (digital or otherwise) sent over a radio link between two orbiting satellites or between two non-orbiting aerial nodes or between a satellite or other non-orbiting aerial node and a ground node, unless otherwise indicated explicitly or by context. While not limited as such, the systems and methods described herein are particularly well suited for the transmission of data in packets, defined here in the generally accepted sense as a collection of digital data with a portion representing the content of the transmission (sometimes referred to as the “payload”), and a control portion (sometimes referred to as a “header” or “trailer”), which contains information enabling the payload to be delivered successfully, such as source and destination addresses, error detection codes, sequencing information, and encryption information. A given radio signal can include both a routing message and a data communication. Throughout the description herein, the term “radio” is not limited to references to electromagnetic radiation in frequencies commonly referred to as radio waves. It is meant to encompass electromagnetic radiation of any frequency capable of transmitting information, including light, VHF (“very high frequency”), UHF (“ultrahigh frequency”), etc. [0027] As those skilled in the art will recognize that, in the description herein, control circuitry and components described and depicted in the various figures are meant to be exemplary of any electronic computer system capable of performing the functions ascribed to them. Such a computer system will typically include the necessary input/output interface devices and a central processing unit (CPU) with a suitable operating system, application software for executing program instructions, and transient and non-transient memory modules. In addition, terms referring to elements of the system are used herein for simplicity of reference. For example, the terms “component,” “module,” “system,” “apparatus,” “interface,” or the like are generally intended to refer to a computer-related entity, either hardware, a combination of hardware and software (firmware), software, or software in execution, unless the context clearly indicates otherwise. In addition, the term “module” or “component” does not of itself imply a self-contained structure, but rather can include various hardware and firmware that combine to perform a particular function. In that regard, a component or module may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on an electronic computing device and the device itself can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers. [0028] II. Basic Communication Systems Principles [0029] Table 1 sets out for orbiting and non-orbiting aerial nodes of different altitudes their distances to the horizon (DH) and footprints. To avoid interfering with commercial aviation, drones and balloons must be above about 10 miles; by FAA regulation; they can also fly below 400 feet as long as not in otherwise restricted airspace, such as near an airport. As a general note, the various embodiments and implementations of the subject matter of this disclosure will be described with reference to an earth-based system. In that context the term “earth” should be construed as including other celestial bodies such as the earth’s moon, other planets, or the moons of other planets. The same construction applies to the term “terrestrial,” which is not meant to imply applicability solely to an earth-based system. TABLE 1 Altitude – AL Distance to Horizon – DH Footprint – π∗DH² (miles) (miles) (sq. mi.) ≤ ^{400 ft. (drone/balloon)} 10–20 (drone/balloon) 280 ≤ DH ≤ 400 250,000 ≤ FP ≤ 500,000 100 900 2,500,000 200 1,280 5,100,000 400 1,830 10,500,000 500 2,000 12,500,000 800 2,600 21,200,000 1000 3,000 28,300,000 22,230 (_{Geostationary)} ^{26,000 2.1 × 109} [0030] This table illustrates trade-offs involved in designing communications using only orbiting satellites as system nodes. The distance to the horizon and the corresponding footprint increase as the satellite altitude increases, potentially providing wider coverage with fewer satellites, but the strength of the radio signals between the satellites and the ground is attenuated as their altitude increases. The following discussion references the information in Table 1 in various contexts for describing the data encryption methods that are a primary focus of this disclosure. [0031] III. Aerial Node Design: Antenna and Onboard Control Circuitry [0032] The assignee’s patents and publication referenced earlier disclose satellite and non-orbiting aerial node designs capable of creating radio links among those different types of aerial nodes and terrestrial nodes as defined. The following description uses a satellite as an example of an aerial-based node to which the described constructions apply, but similar components are used in non-orbiting aerial-based nodes to the same purposes. These constructions are capable of effecting the routing and data encryption protocols discussed herein, and will be used in describing certain basic features of those protocols. [0033] FIGURE 1 is a schematic depiction of an embodiment of a notional satellite 10 that can be used as an aerial node in the communication systems described further below. The satellite 10 is shown with an outer casing in the shape of a sphere centered at CT. Certain features of the satellite will be described with reference to a coordinate system having mutually orthogonal x, y, and z axes, but this coordinate system is used strictly for purposes of illustration in describing features of the satellite. For example, the coordinate system imposed on FIGURE 1 can be considered to be tied to the satellite and to change its angular orientation with respect to the earth as the satellite changes orientation (attitude). [0034] The exemplary satellite 10 includes a plurality of antenna modules 12, one of which is depicted in highly schematic fashion in FIGURE 1 for purposes of illustration. Each antenna module in this example comprises a directional antenna that transmits and receives radio signals in a predetermined direction. The present embodiment uses circular-dish parabolic antennas each of which occupies a solid angle Ω with a vertex at a point in the satellite interior. The antenna reflectors (omitted from the drawing for clarity) may be recessed below the surface of the satellite. The number of discrete antenna modules incorporated into the satellite will depend on the particular application of the system and the antenna design. In addition, the antenna modules can be structured in any other configuration that will enable to perform the functions described herein. In one embodiment Ω in steradians will be chosen so that a particular number of antenna modules, distributed around the satellite, will be capable of transmitting radio signals to and receiving radio signals from a sufficiently large spherical area to enable radio signals to be received from and transmitted to ground station transceivers and antennas in other satellites to effect operation of the systems described below. The actual configuration of the antenna modules 12 can be determined using known antenna design principles to achieve that goal. [0035] A satellite used in the present system will be large enough to accommodate the various electronic and mechanical components required for satellite operation, discussed below in detail in connection with FIGURE 2, as well as being sufficiently robust in construction to withstand the stresses of launch and long-term exposure to the hostile environment it will encounter in orbit. [0036] Satellites and antennas suitable for use in the present system can take different forms depending on trade-offs familiar to those skilled in engineering complex systems. One of the aspects of certain methods described herein involves transmission of radio signals from plural antennas in one or more satellites for receipt by antennas at other satellites. Increasing the number of antennas in a satellite node will increase the coverage of radio signals transmitted from and received by other nodes, which in turn will increase the probability that a signal from one node will be received at another. More antennas per satellite might make it possible to reduce the number of satellites placed in orbit in multi-satellite systems. Such satellites might be more expensive and heavier, thus increasing launch costs, but other factors might offset the increased cost because fewer satellites might need to be launched. Those skilled in the art will also recognize that the system described here can be implemented with satellite nodes having antenna collections that transmit with less than full 360° spherical coverage. [0037] The satellite 10 also includes a solar panels, three of which 14a, 14b, and 14c, are shown in FIGURE 1. In the illustrated embodiment the solar panels are oriented in mutually perpendicular planes and spaced equidistantly around the satellite 10. For purposes of describing the locations and orientations of the solar panels in this embodiment, a satellite equator 16 is defined as the great circle where the satellite surface is intersected by a plane parallel to the x-y plane and passing through the center CT of the sphere. A zero meridian 18 is defined as the great circle where the satellite surface is intersected by a plane parallel to the x-z plane and passing through the center CT of the sphere. And a normal meridian 20 is defined as the great circle where the satellite surface is intersected by a plane parallel to the y-z plane and passing through the center CT of the sphere. The solar panel 14a is attached to the satellite by suitable mounting structure 22a at the intersection of the equator 16 and the zero meridian 18. The solar panel 14b is attached to the satellite by suitable mounting structure 22b at the intersection of the equator 16 and the normal meridian 18. And the solar panel 14c is attached to the satellite by suitable mounting structure 22c at the intersection of the zero meridian 18 and the normal meridian 20. [0038] The solar panels are generally planar with solar cells distributed over one or both faces for generating electricity when the solar cells are exposed to sunlight. For maximum effectiveness, the planar solar panels are mounted in mutually orthogonal planes to ensure that an adequate number of solar cells are exposed to sunlight regardless of the angular orientation of the satellite. In the depicted embodiment, the solar panel 14a lies in the x-z plane, the solar panel 14b lies in the x-y plane, and the solar panel 14c lies in the y-z plane. It will also be appreciated that the satellite includes three more companion solar panels where the equator, zero meridian, and normal meridian intersect on the other side of the satellite. The companion solar panels (depicted with a prime (') in FIGURE 3) are preferably oriented in the same planes as each of their counterparts 14a, 14b, and 14c shown in FIGURE 1. Each solar as being normal to the surface of the satellite so that it does not obstruct the transmission and receipt of radio signals by antennas adjacent to the solar panels. [0039] FIGURE 1 is intended solely to illustrate features of the satellite 10 necessary to an understanding of the present embodiment. Those skilled in the art will understand that an actual satellite for implementing the present system may have design features different from and/or not shown in FIGURE 1’s schematic depiction. For example, good design practice may dictate that the mouths of the antennas be recessed below the surrounding surface of the satellite to reduce the possibility of impact damage by space debris. Or additional protection might be provided by covering each antenna mouth (recessed or not) with a sheet of material transparent to signals transmitted by and received at the satellite. The design and placement of the solar panels 14 shown in FIGURE 1 is also highly schematic, and the systems disclosed here are not limited to any particular solar panel configuration, placement, or means of deployment. In another variation, the antennas can be arranged so that the solar panels can be mounted flush with the satellite surface in spaces between antenna mouths. [0040] FIGURE 2 illustrates schematically various components housed by the satellite 10 for creating a radio route capable of transmitting and receiving data transmissions to and from other nodes. In the descriptions of this and other embodiments and aspects of the communications systems comprising the subject matter disclosed here, the control circuitry and components described and depicted in the various figures are meant to be exemplary of any electronic computer system capable of performing the functions ascribed to them. Such a computer system will typically include the necessary input/output interface devices and a central processing unit (CPU) with a suitable operating system and application software for executing program instructions. The satellite’s onboard computer system will also have appropriate memory modules for storing information. In addition, to elements of the system are used herein for simplicity of reference, and not by way of limiting their functions or modes of operation. [0041] Referring in more detail to FIGURE 2, the satellite 10 is depicted in a view in the x-z plane in FIGURE 1. FIGURE 2 depicts the solar panels 14a and 14c, as shown in FIGURE 1, as well as the diametrically opposed companion solar panels 14a' and 14c'. It also depicts a plurality of antenna modules 12a, 12b, 12c, 12d, 12e and 12f, intended as a schematic representation of all of the antenna modules onboard the satellite 10, for transmitting and receiving radio signals as discussed above in connection with FIGURE 1. This schematic depiction is intended to convey the principle of operation of the present embodiment whereby the plurality of antenna modules in combination will be capable of transmitting and receiving radio signals to and from a node in multiple radial directions. (However, as noted, the system described herein can also be implemented with nodes having antenna arrays that transmit with less than full 360° spherical coverage.) [0042] The satellite 10 includes a power module 30 capable of providing a reliable source of electrical power for operating the satellite components. The power module 30 includes rechargeable batteries that are charged by electricity generated by the solar panels. Suitable power regulating equipment provides steady-state power to the various electronic components carried by the satellite even though the solar panels will spend one half of each satellite orbit out of sight of the sun. In addition to the power module the satellite includes a central processing unit 40 with an operating system module 42 that stores operational software for controlling the various functions of the satellite. As shown in FIGURE 3, the CPU 40 is operatively connected to all of the antenna modules 12 via power and data links 40a, 40b, 40c, 40d, 40e, 40f, etc. [0043] FIGURE 2 also illustrates three main modules under the control of the operating system module 42. A Global Navigation Satellite System (GNSS) module 44 communicates with a global navigation satellite system, examples being the Global Positioning Satellite (GPS) system based in the United States, the European Union’s Galileo system, the Russian GLONASS system, and the Chinese BeiDou system. This module enables the satellite to determine its position relative to the earth’s surface in the manner employed by known global navigation satellite systems. Radio signals exchanged between system nodes via the antenna modules 12 are used by a route creation module 46 that includes antenna pairing circuitry for executing logic discussed further below to create a radio route comprising radio links supporting data communications between two or more nodes. A data movement module 48 includes data transmission circuitry that controls the transmission of data (content) between nodes as also discussed further below in more detail. [0044] Another important feature of certain systems and methods described here is that the satellites can operate without active onboard attitude control. Thus, in one basic form the satellites can be permitted to orbit without regard to their angular orientation. It is expected that satellites can be deployed from a launch vehicle such as a space station or the like. It may be preferable in some implementations to attempt to deploy them with as little angular velocity as possible, but in certain embodiments no special effort is required in that regard. Some system embodiments described herein can create radio routes even if the satellites tumble as they orbit, meaning that they need not be in a known, predetermined orientation (attitude). That the satellites can be stochastically distributed via unconstrained orbits and have no active attitude control, or in some cases attitude stabilization within certain limits, eliminates the need for heavy and costly onboard systems for operating onboard mechanisms such as rocket thrusters for changing or maintaining a satellite’s location or attitude. In addition, each satellite can include tracking telemetry to detect when its orbit is and it needs to be replaced, and to comply with any national or international protocols applicable to orbiting bodies. However, it is expected that it will be relatively simple and inexpensive to provide such telemetry. [0045] The encryption systems and methods in this disclosure can use other satellite constructions, antenna arrangements, and control circuitry to the purposes described. The ‘136 patent describes in section III.B. a number of exemplary satellite embodiments with features that are useful in the methods and systems disclosed here. They provide a variety of options for antenna and solar panel placement and construction, and ways to incorporate attitude control if desired, to meet the operational requirements of any given system. The ‘923 publication does the same vis-à-vis several UAV constructions that can be used with or without satellites in the routing protocols and encryption techniques described further below. The contents of the ‘136 patent and the ‘923 publication are incorporated by reference as part of the present disclosure as if set out in full herein. [0046] IV. Route Creation in Orbiting/Non-Orbiting Aerial Node Communications Systems [0047] This section discusses examples of systems that support creating radio routes for encrypted data communications between terrestrial ground nodes (sometimes referred simply as “ground stations”) via one or more satellite nodes in a constellation of multiple stochastically distributed satellites orbiting the earth or other celestial body, via a combination of orbiting satellite nodes and non-orbiting aerial nodes, and via non-orbiting aerial nodes alone. As noted, the assignee’s patents and publications already referenced describe various embodiments of such systems and methods, but the present discussion uses as a first example route creation and data communication between ground stations via a route through a constellation of satellites. The ground stations have plural directional antennas capable of transmitting and receiving radio signals around substantially the entire hemispherical space above the surface of the earth. The satellites comprise a plurality of directional antennas transmitting and receiving radio signals around substantially the entire spherical space surrounding the satellite, as in the embodiment depicted in FIGURES 1 and 2. Route creation involves sending initial routing messages from all of the antennas of all of the ground stations, and then transmitting routing messages from all of the antennas of a satellite that received an initial routing message. The satellite stores the identity of the antenna on which it received the initial routing message and the address of the ground station that sent it. Routing messages transmitted from the satellite include the address of the sending ground station and a quality of the initial routing message received at the satellite. (The concept of “quality” is discussed further below.) Basic principles and constructions are generally described here in the context of systems using randomly orbiting satellites, but they are not limited as such. Unless otherwise explicitly stated or clear from the context, they are also applicable to systems using satellites maintained in particular orbits and attitudes, as well as to systems including different combinations of aerial node types, such as those described in the ‘923 publication and other types of UAVs such as fixed-wing heavier-than-air aircraft, with or without orbiting satellites. [0048] Satellites that receive routing messages from other satellites in turn save the address of the sending ground station contained in the received routing message and the antenna on which the routing message was received. They transmit from all of their antennas further routing messages that comprise information on the quality of the respective routing messages they have received and the address of the sending ground station. A ground station that receives a routing message (a “receiving ground station”) from a satellite stores the antenna on which the routing message was received and its quality. When a receiving ground station receives routing messages on two antennas identifying different routes (that is, one via a different satellite or satellites) to the same sending ground station, it typically selects the antenna to use for data transmissions based on the quality information in the respective message and the quality of the received routing message itself. [0049] Significant advantages result from that routing technique, especially when the satellites do not control their location, so that to an observer they are distributed randomly (“stochastically”). The satellites are light, inexpensive to build and launch and can be deployed in large numbers, with the assignee’s novel routing techniques being used to automatically form routes throughout the satellite constellation. As a practical matter, that will make it difficult for a hostile force to disable or disrupt the system by destroying even large numbers of satellites. As soon as one or even several satellites have been destroyed, the satellites themselves, using these routing methods, begin to create routes among the remaining satellites. Additional satellites can be kept in reserve at a reasonable cost and then inexpensively placed into use when needed, after which they will be quickly and automatically incorporated into routes with the remaining satellites. Moreover, current technology appears only able to move a satellite from an intended orbit, as described in “Chinese Satellite Just Grappled Another and Pulled it Out of Orbit,” referenced earlier. Since the assignee’s system doesn’t require the satellites to be in particular orbits or locations, moving one would not disrupt communications. [0050] The assignee’s routing techniques have another important security application. They can be used to create an encryption code built during a route creation phase and completed only when a routing message from a satellite reaches the receiving ground station. The receiving ground station, which is now an “originating ground station” for data transmissions, holds the encryption code momentarily in a temporary memory only long enough to encrypt the data. Once it is deleted, the code is unavailable to anyone, including the system itself. The encrypted data is transmitted from the originating ground station, and the encryption code is rebuilt node-by-node as the data is transmitted back to the sending (“destination”) ground station. The destination ground station deletes the encryption code immediately after to decode the data, so that it is unavailable to an intruder during the entire route creation and data transmission phases of operation. [0051] A. General Description of Exemplary Satellite Deployments [0052] FIGURE 3 illustrates various forms that a constellation of satellites, such as those just described above, can assume for implementing the encryption methods described further below. FIGURE 3 is based on a standard Mercator projection of the earth showing the equator, the Tropic of Cancer, and the Tropic of Capricorn. FIGURE 3 illustrates exemplary systems comprising multiple satellites at different altitudes and orbital inclinations. The drawing shows satellites in four orbital tracks having different inclinations. A first orbital track OT1 shown in a double-dash line represents a satellite S1_X deployed into a 200-mile altitude circular orbit about the equator from launch site EL at 5°N lat.; a second orbital track OT2 shown in a dotted line represents a satellite S2_X deployed into a 200-mile altitude circular orbit from launch site DL at 13°N lat.; a third orbital track OT3 shown in a long-dash line represents a satellite S3_X deployed into a 400-mile altitude circular orbit from launch site CL at 28°N lat.; and a fourth orbital track OT4 shown in a short-dash line represents a satellite S4_X deployed into a 400-mile altitude circular orbit from launch site BL at 45°N lat. It will be appreciated that these are meant to be examples of orbital tracks that satellites in the present system can assume. [0053] The satellites in the orbital tracks will process, so that after a certain time they will appear to an observer on the ground to be randomly (stochastically) distributed in the sky. The length of time required to achieve stochastic distribution can be reduced by judiciously timing the deployment of the satellites in each orbital track, for example, by deploying satellites in a particular orbital track at substantially equal intervals. Although it may be theoretically possible using a sufficiently sophisticated algorithm to predict, or at least estimate, the satellites’ locations as a function of time and thus predetermine deployment timing, it is not necessary in the to predict their locations relative to each other. That is because as a stochastic system it relies on probabilities to establish radio links between different aerial nodes and between aerial nodes and ground nodes. [0054] One consideration in systems using plural satellites in unconstrained, stochastic orbits is how many satellites are likely to be within sight of a given point on the earth’s surface at any given time. To illustrate the statistical principles underlying such a system, consider a constellation of 100 satellites in the orbital path OT4 at an altitude of 400 miles. The satellites cover an area of the earth between 45°N lat. and 45°S lat. This is about 140,000,000 sq. mi., or roughly 70% of the earth’s surface of about 200,000,000 sq. mi. The satellites in this orbital track have a footprint of about 10,000,000 sq. mi. (Table 1; 400-mile high orbit), represented by a long-dash line in FIGURE 3. Thus, each satellite in orbital track OT4 in that swath will “cover” about 7.1% of the swath (10,000,000 sq. mi. ÷ 140,000,000 sq. mi.), so that on average any one point on the surface that is about 1,800 miles (Table 1; DH = 1,830 mi.) from the outer extent of the orbital path will “see” at least seven of the 100 satellites (100 × 0.071). Since establishing communications with the stochastically distributed satellites is based on probabilities, the system considers that the chance that a given satellite will not be visible from any point in that region is 92.9%. However, in a constellation of 100 satellites, the probability that any particular ground location in that region will not be able to see at least one satellite is only 0.929¹⁰⁰ ≈ 6.3 × 10^-4 (that is, about one in 1,600). Locations on the surface closer to the northern and southern boundaries of the orbital swath (in this example 45°N lat. and 45°S lat.) will see fewer satellites. For example, a location on the boundary of the swath will see only half as many satellites on average at any one time, but the probability of making connections with ground stations in such locations is still sufficient to support the immediate creation of multiple satellite-to-ground radio links with those ground stations. In addition, the system is fully scalable by adding satellites to the constellation to increase the probabilities of immediate a radio link between a satellite and any given ground station. [0055] An important factor in assembling a multi-satellite radio route is the number of other satellites that any given satellite can “see.” Referring to Table 1, a satellite in any orbital path can theoretically see other satellites over the horizon up to a distance of 2 × DH. In the example in the preceding paragraph, each satellite in a 400-mile orbit can theoretically “see” about 3,660 miles over the horizon (2 × 1,830 mi.), but interference from ground structures at the horizon may reduce that distance, so that 3,500 miles would be a more conservative estimate. Accordingly, a first satellite receiving an initial routing message from a sending ground station can on average see a very large number of other satellites within the swath covered by the constellation (extending between 45°N lat. and 45°S lat.) that can potentially receive routing messages from the first satellite, and satellites receiving those routing messages will be able to send further routing messages to a large number of other satellites within the swath up to 3,500 miles away, and so on. An object of the satellite configurations, routing protocols, ground station constructions, and system architectures described herein is to take advantage of this property to ends to be described. Other important characteristics of the disclosed systems and methods include, but are not limited to, the ability to be scaled up in complexity by incorporating more satellites and other types of aerial nodes at different altitudes, the ability to accommodate a wide variety of aerial node deployment strategies, and the ability to compensate for aerial node attrition, such as by orbital decay, node failure and hostile action. [0056] B. Route Creation Protocols Supporting Enhanced Communication Security [0057] As just described, a feature of an exemplary system as just described is route creation via one or more satellites in one direction (from a sending ground station to a receiving ground station), and then transmitting data from an originating ground station (the receiving ground station) to a ground station (the sending ground station) designated by address information in the data. Although the positions of stochastically distributed satellites in uncontrolled orbits constantly change relative to each other and to the ground stations, the exemplary embodiment described in this section assumes that a radio link created between two satellites has a useful life of at least four seconds. A principal feature of the route creation/data transmission method described here is separating the useful life of a route into segments for route creation and data transmission, respectively. “Useful life” refers to the length of time that the radio links— ground/satellite and satellite/satellite (if any)—remain sufficiently stable to permit the nodes to exchange radio signals. In this example, the first one-second interval is used for route creation by transmitting routing messages in one direction, and the remaining time, three seconds in this example, is used for transmitting the data in the reverse direction via the nodes of the just-created route. The route creation method makes it possible to securely encrypt the data content transmitted over the route in a manner that is secure from unauthorized access. [0058] FIGURES 4 and 5 illustrate one example of a route creation method to which the data encryption methods described further below can be applied. In this method, every ground-based node in the system creates routes to itself as a destination for data transmissions. FIGURE 4 illustrates how the system satellites themselves create a route to a particular ground station GSA from another ground station GSB. The system creates routes using a decentralized protocol that delegates routing decisions to the satellites (“aerial-based nodes”) without requiring recourse to a central computer that controls routing using knowledge of overall system conditions. The flowchart in FIGURE 5 depicts route creation from a system-wide perspective beginning with a step ST100 at time t = 0, during which every ground station in the system sends initial routing messages RMI including the address of the sending ground station from all of its antennas. Step ST100 lasts for 50 msec to provide for distant satellites in sight of a particular ground station to receive the initial routing messages. A permanent terrestrial ground station with an array of directional antennas will transmit high-power beams in every direction, that is, over the entire hemispherical area surrounding the ground station, to increase the likelihood that at least one satellite in the orbiting constellation will receive an initial routing message. The route creation circuitry 46 in the satellites effect the steps in FIGURE 5 under the control of the satellite’s CPU 40 (see FIGURE 3). [0059] The satellites that received initial routing messages RMI from sending ground stations initiate creation of a radio route at t = 50 msec, as in step ST102 in FIGURE 5. A satellite that received an initial routing message from a sending ground station is referred to as a “first tier satellite.” During the step ST102, which lasts until t = 100 msec, the route creation circuitry in each first tier satellite determines the quality Q of the initial routing message, as described in the paragraph that follows. The antennas in the satellites have unique identifiers, and each first tier satellite stores the identity of the antenna on which it received the initial routing message and associates it with the address information of the sending ground station. If a satellite receives an initial routing message including the address of the same ground station on more than one antenna, it only stores the identity of the antenna that received the highest quality initial routing message. [0060] FIGURE 4 uses as an example five first tier satellites 1A, 1B, 1C, 1D and 1E that received initial routing messages RMI from the sending ground station GSA. In the drawing the initial routing messages are referred to by the reference “RMIX,” where “X” is the first tier satellite that received the initial routing message. In an actual system there might be many more satellites that receive initial routing messages. The quality Q of each initial routing message, as determined by the receiving first tier satellite, is given in parentheses with each routing message. The quality Q is a quantitative parameter that indicates the relative suitability of a radio link between two nodes for supporting internodal data transmissions as described further below. In the system Q is the measured signal strength. Other implementations are possible, such as including error coding data in a routing message and then assessing the extent to which the routing message includes erroneous data. However, measured signal strength is one preferred parameter because it does not require including additional data in the routing messages that would increase the bandwidth, power, and time required for their transmission. [0061] In the following 100 msec all of the first tier satellites send first tier routing messages on all of their antennas as shown in step ST104 (100 < t ≤ 200 msec) in FIGURE 5. The first tier routing messages include the ground station address information in the received initial routing message and the quality of the received initial routing message. A satellite receiving a first tier routing message is referred to as a “second tier satellite.” The drawing shows four second tier satellites 2A, 2B, 2C, and 2E. The first tier routing messages are referred to by the reference “RM1X,” where “X” is the first tier satellite that sent the first tier routing message. Routing messages received by second tier satellites are indicated by dash-one-dot lines. Each second tier satellite stores the identity of the antenna on which it received the first tier routing message and determines the quality Q of the received first tier routing message. [0062] FIGURE 4 illustrates the routing protocol in the event a satellite such as the second tier satellite 2A receives two first tier routing messages that identify the same ground station. Say satellite 2A received a first tier routing message RM1A on antenna A_X and a first tier routing message RM1B on antenna A_Y. Although RM1B has a higher quality (Q = 8) than RM1A (Q = 6), a route to the ground station GSA through the satellite 1B would include link RMIB with a quality Q = 1. Applying the principle that “a chain is only as strong as its weakest link,” the satellite 2A will store the antenna A_X on which it received the first tier routing message RM1A (Q = 6) since the other potential route to the ground station GSA would include the link RM1B with a lowest quality (Q = 1), even though the sums of the qualities of the links RMIB (Q = 8) (Q = 1) is higher. That is, the satellite 2A discards (doesn’t store) the antenna on which it received a routing message with the lowest quality (lowest signal strength) from among the initial and first tier routing messages, and stores the identity of the antenna receiving the other first tier routing message. This is step ST106 during the interval 200 < t ≤ 300 msec shown in FIGURE 6. The stored Q is called the “highest first tier quality.” FIGURE 5 indicates the subroute selected by the first tier satellite by the heavy dash-one-dot line denoting the link established via the preferred first tier routing message RM1A. Discarded potential links are denoted by non-bold dash-one-dot lines. The second tier satellite stores the identity of the chosen antenna A_X, the quality Q of the lowest quality routing signal (RMIA) received on that antenna (Q = 2), and ground node address information of the ground node GSA to which that antenna has a route. Some satellites, such as the satellite 1D, may not receive any first tier routing messages. [0063] The second tier satellites then send second tier routing messages on all of their antennas during step ST108 (300 < t ≤ 400 msec). A second tier routing message will include the ground station address information and the lower of the qualities Q of the respective initial and first tier routing messages linking the first and second tier satellites and the first tier satellite and the ground station. In FIGURE 4 the second tier routing messages are referred to by the reference “RM2X,” where “X” identities a second tier satellite that sent a second tier routing message. [0064] The step ST110 (400 < t ≤ 500 msec) represents the processing performed by “third tier satellites” that received second tier routing messages. Taking as a first example, two of the second tier routing messages sent by the satellite 2A are received by two respective third tier satellites 3A and 3C. The satellite 3A received the second tier routing message RM2A₁ and the satellite 3C received the second tier routing message RM2A₂. Since the satellite 3A only received the second tier routing message RM2A₁, it stores the identity of the antenna on which it received the routing RM2A₁ and associates the ground node address information of the ground station GSA with that antenna. The potential links established via the second tier routing messages are denoted by dash-two-dot lines, with chosen links in bold. [0065] The satellite 3B received the single second tier routing message RM2B₁, and thus has only one potential route to the ground station GSA. The satellite 3C received three second tier routing messages: RM2A₂, RM2B₂, and RM2C₁ (from second tier satellite 2C). The routing message RM2A₂ includes the quality (Q = 2) of the initial routing message RMIA, as explained above. The second tier routing message RM2B₂ from the satellite 2B includes the quality (Q = 3) of the initial routing message RMIC sent from the satellite 1C to the satellite 2B, since that is the lower of the qualities Q of RM1C₁ (Q = 4) and RM1C (Q = 3). The routing message RM2C₁ from the satellite 2C includes the quality (Q = 3) of the initial routing message RMIC from the satellite 1C to the satellite 2B, since that is the lower of the qualities Q of RM1C₂ (Q = 5) and RMIC (Q = 3). The satellite 3C determines the quality of each of the received second tier routing messages and the qualities of the weaker links through the second and first tier satellites to the ground station. The satellite 3C thus chooses the subroute through the satellite 2C established by RM2C₁ because the lowest quality in the links back to the ground station GSA is Q = 3 (RMIC), as compared to Q = 2 for both of the routing messages RM2B₂ and RMIA. The satellite 3C stores the antenna on which it received the second tier routing message RM2C₁ and the ground station address information of the ground station GSA, as indicated in FIGURE 5 (see step ST110). [0066] The principle underlying the choice of preferred radio subroutes back to the sending ground station from third tier satellites can be stated in general terms via an understanding of the algorithm used by the satellites’ route creation circuitry to choose a preferred third tier routing message on which to base the subroute. The route creation circuitry of each third tier satellite makes two determinations. One, it determines the quality of each second tier routing received from a respective second tier satellite and matches it with the lower link quality included in the associated second tier routing message: RM2A₂ (Q = 7) matched with RMIA (Q = 2); RM2B₂ (Q = 2) matched with RMIC (Q = 3); and RM2C₁ (Q = 5) matched with RMIC (Q = 3). Two, it identifies a preferred second tier routing message representing a second subroute from the third tier satellite to the ground station via a first tier satellite. This second subroute comprises a third radio link between the third tier satellite and the second tier satellite associated with the preferred second tier routing message. In this instance, the preferred third tier routing message is RM2C₁ because all of its links have a higher quality than any first, second, or third radio link associated with any other received second tier routing message; that is, the links in the subroute through RM2C₁, RM1C₂ and RMIC all have qualities higher than the lowest quality link in the other possible subroutes (Q = 3 for RMIC vs. Q = 2 for RMIA and RM2B₂). The satellite memory stores the identity of the antenna on which the preferred third tier routing message was received and the associates it with the ground station address information in the third tier routing message. [0067] In the step ST114 (500 < t ≤ 600 msec) the third tier satellites send third tier routing messages on all of their antennas. A third tier routing message will include the ground station address information and the lowest quality Q included in the received second tier routing message associated with the sending ground station address. [0068] Next, as depicted in step ST114 (600 < t ≤ 1000 msec) in FIGURE 5, all of the ground stations in the system analyze all of the routing messages they have received during steps ST104, ST108 and ST112. FIGURE 4 illustrates the step ST114 by considering a ground station GSB that received a first tier routing message RM1D (Q = 2) from the satellite 1D during the step ST104; a second tier routing message RM2C₂ (Q = 6) from the satellite 2C during the step ST108; and a third tier routing message RM3E (Q = 5) from the satellite 3E during the step ST112. Using route creation circuitry that applies the same algorithm as the satellites, the receiving ground GSB that selects the antenna that received the routing message RM3E since the other potential routes (indicated by light solid lines in FIGURE 4) include links with qualities lower than the lowest of all of the link qualities of the received third tier routing massages and the respective link qualities included in them. The ground station GSB stores the identity of the selected antenna (the one that received the “highest” quality third tier routing message RM3E) and associates with it the address of the sending ground station GSA in that third tier routing message RM3E. The selected link is indicated by the heavy solid line in FIGURE 5. The receiving ground station now has all of the information it needs to encrypt the data for transmission to the receiving ground station address associated with the stored antenna identity, as described in the next section. [0069] The route creation process in the present embodiment occupies the first second of the four-second operational cycle. During the first second the route creation circuitry in each satellite performs the route creation process in assigned time slots. System timing is provided by the master clock of a global navigation satellite system. The satellites communicate with the GNSS system via the GNSS module 44 in each satellite (FIGURE 2). The ground stations include similar circuitry, so that all of the system nodes (satellites and ground stations) operate on the same master clock. [0070] The aforementioned method, in which each intermediate satellite selects the mathematically guaranteed optimum subroute back to the sending ground station and erases all other potential subroutes, permits all of the routing messages sent on a satellite antenna at any particular time to be combined into one string. A single checksum or other error detection data in the string can suffice for detection of possible errors in the routing messages, thus providing an efficient use of the capacity of the satellites’ onboard computers. The result is that the amount of data actually transmitted between satellites to create routes throughout a large number of ground stations is very small. Since each tier of satellites only sends routing provide the optimum subroute back to the sending ground station, and since the only other information in a routing message is the address of the ground station associated with it, the maximum number of routing messages that will be sent by any satellite is inherently limited to the number of sending ground stations. [0071] Route creation has been described with reference to a communication system in which a sending ground station creates a route to itself from a receiving ground station, and then sends data via that route from the receiving ground station to the sending ground station. However, route creation and encryption methods are not limited to ground-station-to- ground station routes. An important aspect of the disclosed routing protocols is that they can also create multi-link routes from an aerial-based node to another aerial-based node or from an aerial-based node to a ground-based node. In that more general sense, the system comprises “system nodes,” which in a given application can be both ground-based nodes and aerial-based nodes. In addition, the aerial-based nodes can be a plurality of orbiting satellites at the same or different altitudes in different orbital paths, a plurality of UAVs comprising heavier-than-air fixed-wing or rotary wing aircraft, lighter-than-air airships and/or balloons, or combinations of UAVs at the same or different altitudes, and combinations of orbiting satellites and UAVs. [0072] In that more general sense, the routing protocol creates a multi-link radio route including n system nodes S in a communications system comprising a constellation of T aerial-based system nodes, where n≥3 and T>>n. For example, in the route depicted in FIGURE 6, n=5 (the ground station GSA, the satellites 1E, 2E, 3E, and the ground station GSB). The number of satellites (“aerial-based system nodes”) to include in a particular system and their orbital paths and altitudes can be determined in accordance with the criteria just discussed, so that there is a predetermined probability that a certain number of satellites are visible to each other and to a point on the ground at any given time. A similar approach can be used to determine the orbiting aerial-based nodes to include in a system comprising only non-orbiting system nodes or non-orbiting system nodes in combination with satellites. Examples of typical satellite constellations are shown in FIGURE 3. The number T of satellites in a given system will depend on the extent to which the altitudes and orbital paths of the satellites provide line-of-sight visibility between them. In a system of stochastically distributed satellites the number T will be determined by considering the probabilities of creating links between the satellites within a desired time interval. A typical number of satellites will be in the range 100≤T≤200, although more or fewer may be used in a particular system. In an exemplary system like that depicted in FIGURE 12 of the ‘023 patent, up to 99 non-orbiting aerial-based nodes are used for local standalone systems and in combination with orbiting satellites at various altitudes for long distance routes. [0073] To summarize the more general application of the routing protocols, routes can be created between two ground-based system nodes GSA and GSB, and from aerial-based system nodes to a ground station, both types of which are explicitly shown in FIGURE 3. However, the ground station GSA simply acts in the routing protocol algorithms as an initial system node like any other. If it were an aerial-based system node instead, it would initiate the creation of routes to itself from other aerial-based nodes in the same way as the ground station GSA does—by sending initial routing messages from its antennas—and the route creation process would proceed as discussed above. [0074] V. Enhanced-Security Communication Methods in an Aerial-Based Mesh System [0075] The routing techniques described in the previous section are uniquely suited to the creation of an encryption code that is only known at a receiving system node, and only for a very brief time, and then again at a destination system node, also only for a very brief time. This means that the encryption code is not known at any point in the route, which eliminates any possibility that even sophisticated decryption algorithms can decode data in transit from one node to another, even if it were possible to intercept data transmissions over a route that might only last for seconds before all new routes are assembled. [0076] As noted, FIGURE 6 schematically depicts the route in FIGURE 4 connecting the ground station GSA, the satellites 1E, 2E, 3E and the ground station GSB. For purposes of explaining the data encryption method shown in the flowchart in FIGURE 7, the satellites in FIGURE 6 are given the respective reference numbers S1, S2 and S3. The steps on the left-hand side of FIGURE 7 mirror the steps ST100; ST102/ST104; ST106/ST108; ST110/ST112; and ST114 in FIGURE 5. In time sequence they arranged from top to bottom. The steps “DT” on the right-hand side of FIGURE 7 illustrate a data transmission phase in which encrypted data is transmitted from the receiving/originating ground station GSB to the destination/sending ground station GSA. In time sequence they are arranged from bottom to top. FIGURE 7 shows the steps performed by each node side-by- side to illustrate the interrelationship of the actions performed by the respective nodes during the two phases, although the relative times the respective steps are performed in the different phases are independent of each other. Details of the encryption method according to the present embodiment are discussed after describing the method for transmitting the data from the receiving (now originating) ground station GSB to the sending (now destination) ground station GSA. [0077] The “E” route shown in FIGURES 5 and 6 is assembled in accordance with the flowchart in FIGURE 7. FIGURE 6 depicts the routing messages in dashed lines, with the arrows indicating the direction in which the routing messages are sent from node to node. The route shown in FIGURE 6 is constructed as shown in the flowchart on the left-hand side of FIGURE 7. FIGURE 6 uses the following terms to describe one preferred embodiment of the route creation/data encryption process according to the present disclosure: GSA(D): the address of a sending station GSA that sent an initial routing message RMIE, where 0≤ D≤99, expressed as two digits da1, da2. GA(Y): the identity of the antenna of the ground station GSA that sent the initial routing message RMIE, where 0≤Y≤99, expressed as two digits GAy1, GAy2. SN(X): the identity of the antenna of a satellite N that received a routing message (RMIE, RM1E, RM2E), where 0≤ X≤ 99, expressed as two digits SNx1, SNx2. SN(Y): the identity of the antenna of a satellite N that sent a routing message (RM1E, RM2E, RM3E), where 0≤Y≤99, expressed as two digits SNy1, SNy2. GB(X): the identity of the antenna of the receiving ground station GSB that received the routing message RM3E, where 0≤X≤99, expressed as two digits GBx1, GBx2. [0078] FIGURE 7 depicts how an embodiment of the encryption method of this disclosure can be incorporated into the assignee’s previously disclosed route creation protocol described above with reference to FIGURES 4 and 5. The steps on the left-hand side of FIGURE 7, reading down, illustrate the route creation phase of the encryption method: ST200: In this step the ground station GSA performs the step ST100 in FIGURE 5. However, in the present encryption method embodiment it also sends the identity GA(Y) of the antenna that sent the initial routing message RMIE. The ground station does not store the sending antenna identity. ST204: The satellite S1 in FIGURE 6 performs the steps ST102 and ST104 in FIGURE 5 and sends the first tier routing message RM1E. The satellite's route creation circuitry creates a first tier antenna table to send with the routing message. This table includes (1) the identity of the GA sending antenna GA(Y) associated with the initial routing message RMIE, (2) the identity S1(X) of the antenna on which the satellite received the initial routing message, and (3) the identity S1(Y) of the antenna used to send the first tier routing message. The satellite S1 stores the identity of the satellite (X), but not the identity of the antenna S1(Y) on which it sent the first tier routing message or the first tier antenna table. ST208: The satellite S2 in FIGURE 6 performs the steps ST106 and ST108 in FIGURE 5 and sends the second tier routing message RM2E. The satellite’s route creation circuitry creates a second tier antenna table to send with the routing message. This table includes the three antenna identities (1), (2) and (3) in the received first tier antenna table, plus (4) the identity S2(X) of the antenna that received that first tier routing message, and (5) the identity S2(Y) of the antenna used to send the second tier routing message. The second tier satellite S2 stores the identity of the antenna S2(X), but not the identity of the antenna S2(Y) on which it sent the second tier routing message or the first or second tier antenna tables. ST212: The satellite S3 in FIGURE 6 performs the steps ST108 and ST112 in FIGURE 5 and sends the third tier routing message RM3E. This table includes the five antenna identities (1) – (5) in the received second tier antenna table, plus (6) the identity S3(X) of the antenna that received the second tier routing message, and (7) the identity S3(Y) of the antenna used to send the third tier routing message. The third tier satellite saves the identity of the antenna S3(X), but not the identity of the antenna S3(Y) on which it sent the third tier routing message or the second or third tier antenna tables. ST214: This step depicts the information on hand at a receiving ground station GSB that will be used in the data transmission phase (the right-hand side of FIGURE 7) to encrypt data addressed to the sending ground station address GSA(D). It includes the third tier antenna table sent with the third tier routing message associated with that ground station and the identities of the seven antennas that will be involved in transmitting data from the receiving (originating) ground station GSB to the sending (destination) ground station GSA(D). The ground station GSB also stores the identity of the antennae GB(X) on which it received the third tier routing message (ref. step in FIGURE 5), and the third tier antenna table received from the satellite S3 with the third tier routing message. [0079] The encryption approach represented by this method is deceptively simple in concept, in that it simply adds information already available (the identities of the antennas involved in route creation) from routing protocols in the assignee’s earlier referenced patents and publications. However, the data encryption/decryption method depicted in the data transmission phase in the right-hand flowchart in FIGURE 7, read upwardly from the step DT200, makes it difficult to intercept and decrypt data transmitted from the receiving (originating) ground station GSB, then from satellite to satellite, and finally to the destination (sending) ground station GSA in the exemplary “E” route in FIGURES 5 and 6. [0080] A basic principle underlying the encryption/decryption method of this disclosure will be explained using the “E” route and assuming that at the step ST200 in FIGURE 7 the ground station GSB has data addressed to the ground station GSA. The ground station GSB also has the third tier antenna table with seven antenna identities and the identity of the antenna GB(X) on which it received them. For the purpose of this description, the encryption code for the exemplary “E” route in FIGURE 6 will be the following eight antenna identities: TABLE 2 GA(Y)=06 S1(X)=03 S1(Y)=18 S2(X)=15 S2(Y)=19 S3(X)=04 S3(Y)=12 GB(X)=15 �_{GAy1 = 0 S1x1 = 0 S1y1 = 1 S2x1 = 1 S2y1 = 1 S3x1 = 0 S3y1 = 1 GBx1 = 0 GAy2 = 6}�� S_{1x2 = 3}�� S_{1y2 = 8}�� S_{2x2 = 5}�� S_{2y2 = 9}�� S_{3x2 = 3}�� S_{3y2 = 2}�� G_{Bx2 = 6}� [0081] The present description will assume that each node has 20 antennas, and that each is identified by a two-digit number, as shown the above table. As already noted, the antenna identities can be assigned any number, including more than two digits. The numbers also do not have to be from 0 to 19 (20 antennas). In a system in which the antennas are given two-digit identities, there can be up to 100 antennas at each node. Using the notation in Table 2, the encryption code for a (N=5), ground-station-to ground-station route such as that in FIGURE 6 is expressed more generally as follows: (GAy1,GAy2);(S1Ex1,S1Ex2);(S1Ey1,S1Ey2);(S2Ex1,S2Ex2);(S2Ey1,S2Ey2); (S3Ex1,S3Ex2);(S3Ey1,S3Ey2);(GBx1,GBx2)]. [0082] As noted, the scope of the route creation protocols and concomitant encryption methods is not limited to ground-station-to-ground-station routes. The following terminology is used to convey this more general application. Referring to FIGURE 4, a system node like GSA that begins the route creation protocol is a “ground-based sending node,“ and more generally an “initial system node SI” that sends initial routing messages. The receiving ground station GSB is a “receiving ground-based system node,” and also an “originating system node SO” from which the transmitted data originates. In an alternate version of the system shown in FIGURE 4, a four-node route (N=4) could comprise the satellite 3C as an originating system node or the satellite 3C could comprise a receiving ground station as the originating node. The same would apply in an alternate case where a three-node route (N=3) terminates at the satellite 2C, or the satellite 2C is an originating ground station. Finally, in all of those cases, the ground station GSA could itself be a satellite, whereby resulting routes would comprise only satellites. [0083] In that more general sense, encryption codes for three-, four- and five-node routes can be expressed as follows: N=3: [(SIy1,SIy2);(S1x1,S1x2);(S1y1,S1y2);(SOx1,SOx2)] N=4: (SIy1,SIy2);(S1x1,S1x2);(S1y1,S1y2);(S2x1,S2x2);(S2y1,S2y2);(SOx1,SOx2)] N=5: (SIy1,SIy2);(S1x1,S1x2);(S1y1,S1y2);(S2x1,S2x2);(S2y1,S2y2);(S3x1,S3x2); (S3y1,S3y2);(SOx1,SOx2)] The encryption code is then associated with a transposition algorithm in which human-readable characters in the data are transposed to different characters as described further below. Every ground station stores in a working memory a transposition algorithm uniquely associated with a code. The following description uses the five-node route shown in FIGURE 7 and the antenna identities in Table 2 to illustrate. [0084] The data transmission process is depicted on the right-hand side of FIGURE 7, reading up: DT200: After the data is encrypted it is transmitted from antenna GB(15) on which the third tier routing message was received. The transmission includes the address GSA(D) of the data destination, per the routing protocol described in connection with FIGURE 4 and the transmitting antenna identity GB(15). The antenna identity is deleted from the working memory of the ground station GSB once the data has been transmitted. DT202: The encrypted data is received on the antenna S3(12), along with the destination address GSA(D) and the antenna identity GB(15). The satellite S3 transmits the data and the destination address GSA(D) on its antenna S3(04), along with the antenna identities GB(15), S3(12) and S3(04). The antenna identities are not stored at the satellite S3. DT204: The encrypted data is received on the antenna S2(19), along with the destination address GSA(D) and the antenna identities GB(15), S3(12) and S3(04). The satellite S2 transmits the data and the destination address GSA(D) on its antenna S2(15), along with the antenna identities GB(15), S3(12), S3(04), S2(19) and S2(15). The antenna identities are not stored at the satellite S2. DT206: The encrypted data is received on the antenna S1(18), along with the destination address GSA(D) and the antenna identities GB(15), S3(12), S3(04), S2(19) and S2(15). The satellite S1 transmits the data and the destination address GSA(D) on its antenna S1(03), along with the antenna identities GB(15), S3(12), S3(04), S2(19), S2(15), S1(18) and S1(03). The antenna identities are not stored at the satellite S1. DT208: The destination ground (D) receives on its antenna GA(06) the encrypted data and the seven antenna identities transmitted with it. The ground station now has the encryption code [06,03,18,15,19,04,12,15] (see Table 2), and can use the predetermined algorithm in a working memory to decrypt the data. It deletes the encryption code and the antenna identities from its working memory once the data has been decrypted. [0085] There will be a corresponding encryption code for every antenna combination, so that in a system where every node has 20 antennas and each antenna identity comprises two digits, there will be 20⁸ (> 25 billion) encryption codes. Every encryption code, with its corresponding transposition algorithm, is stored at every ground station. Thus, while this example illustrates basic principles underlying encryption methods according to the present disclosure, it is impractical with currently available computer technology. Accordingly, the number of encryption codes has to be reduced to make the system capable of practical application. One alternative would use just the second digit of each antenna identity to create the encryption code, but that would only decrease the number of codes to 100 million (10⁸). Using only even (or odd) numbers for the antenna identities would still leave almost 400,000 (5⁸) encryption codes for a three-satellite route. Those alternatives are not practical with current technology, either. Eliminating the sending antenna identities sent with each routing message (left-hand side of FIGURE 7) would result in a four-antenna encryption code, thereby reducing the above numbers to 160,000 (20⁴), 10,000 (10⁴) and 625 (5⁴), respectively. However, in a route comprising only one or two satellites, the number of encryption codes would be concomitantly reduced. For example, a one-satellite, bent-pipe route would only have two antenna identities in the encryption code: the satellite receiving antenna and the ground station receiving antenna. This would greatly reduce the security enhancement provided by a code with a maximum number of digits while still being capable of practical application with current technology. [0086] Another alternative creates an transposition algorithm for each of the 100 two-digit coding numbers (d1,d2) for antenna identities from “00” to “99” (i.e., 0≤d1≤9, 0≤d2≤9). For example, the antenna identity “06” (d1=0, d2=6) would comprise the transposition algorithm: TABLE 3 (Antenna “06” Transposition Algorithm) Character No. 1 2 3 ... 25 26 27 28 29 ... 43 44 45 Data Character A B C ... Y Z 1 2 3 ... ! ? space Transposition Code 47 05 14 ... 33 02 35 18 66 ... 26 38 62 The transposition code numbers are chosen randomly for each antenna identity, but each data character is uniquely associated with a particular transposition code number. In this example, the system is capable of decoding 45 different alpha-numeric characters and symbols. More characters can be included depending on the nature of the data. Every ground station stores all of the transposition algorithms. In the present example, with 20 antennas, there are 20 transposition algorithms (i.e., 0≤d1≤1, 0≤d2≤9). [0087] The data is encrypted in a number of steps that corresponds to the number of antenna identities at the receiving ground station. In the above example, there are eight antenna identities (Table 2), so the data is encrypted eight times. A first encryption cycle creates a first encrypted data subset by encrypting the entire block of data using the transposition code for antenna “06.” The second encryption cycle creates a second encrypted data subset by encrypting the first encrypted data subset using the transposition code for antenna “03.” Each encryption cycle encodes the data that was encoded in the previous cycle. When the encoded data is received at the destination ground station, the process is reversed. For example, the received data will be decoded first via the intermediate transposition table for antenna identity “15” representing ground station GSB receiving antenna GB(X) (see Table 2), then the intermediate transposition table for antenna identity “12” representing the satellite S3 receiving antenna S3(Y), and so forth, ending with an eighth and final decoding the intermediate transposition table for antenna identity “06” representing the sending ground station A sending antenna GA(Y). This method provides a comparable level of security for routes of one, two or three satellites (or more in systems having more than the three route creation cycles in FIGURE 5). [0088] The manner in which the encryption code is generated and applied makes it difficult, if not impossible, to decipher the encoded data—even if it could be intercepted during transmission through a system of hundreds of stochastically distributed satellite in which routes are created on the fly and last only seconds. The general principle underlying the encryption/decryption process involves building the basis for an encryption code step by step from the identities of the satellite antennas used in each satellite during route creation. A receiving ground station uses the encryption code to encrypt the data, and then deletes it from memory. The encrypted data is then transmitted back to the sending (destination), while the encryption code is rebuilt with antenna identities added by each node in the route. The encryption code (the identities of the eight antennas involved in transmitting the data) is completed only when the destination ground station receives the data. [0089] It will be virtually impossible for unauthorized persons to decode the data by using the actual encryption/decryption method just described, but it may be possible nevertheless to decode the data by using certain characteristics of most languages. For example, encoded data in English could be analyzed for short words such as “a,” “an,” “I,” “the,” etc., and decoded by applying an algorithm that uses trial and error or artificial intelligence to determine a correspondence between code numbers and data characters. A computer with sufficient power and a database with English words might be able to discover the correspondence between code numbers and the content of the data in this type of linear encryption. [0090] This problem can be addressed by changing the encryption algorithm during the encoding process. In this variation the transposition encryption algorithms are changed in a predetermined manner during encoding. To that end, each transposition algorithm is indexed to an associated shift scheme that changes it in a predetermined manner. In one embodiment, an auxiliary coding algorithm is created using the first three digits (f1,f2,f3) of all possible encryption codes, from [00,00,00,00,00,00,00,00] to [99,99,99,99,99,99,99,99] (see Table 2) to create 1,000 auxiliary coding tables (i.e., 0≤f1≤d1, 0≤f2≤d2, 0≤f3≤d1). In the present example, with 20 antennas, there are 192 auxiliary coding tables (i.e., from (f1,f2,f3)=000 to (f1,f2,f3)=191). Each auxiliary coding table has an associated shifting algorithm denoted by a series of two-digit shift codes. In an exemplary embodiment there can be three shift codes [(D1,H1);(D2,H2);(D3,H3)] associated with each auxiliary coding table. Every ground station stores all of the transposition algorithm tables, all of the auxiliary coding tables, and all of the shift codes. [0091] An example will illustrate the application of this encryption method. For the antenna “06” transposition algorithm in Table 3, the associated shifting algorithm will be associated with the auxiliary coding table [060], based on the entire encryption code [06,03,18,15,19,04,12,15]. Assume that the shifting algorithm associated with the auxiliary coding table [060] is [(07,02);(15,03);(08,07)]. The first digit of each shift code indicates the number of data characters (D1=7) that will be encoded using the original “06” algorithm in Table 3. The second digit indicates the number of positions in Table 3 (H1=2) the transposition code is shifted to the right after those characters have been encoded. Thus, after seven data characters are encoded, the two-position right shift results in a transposition table in which a “space” in the data corresponds to transposition code “26,” the letter “A” corresponds to “38,” the letter “C” corresponds to “47,” etc. The next 15 (D2=15) data characters are encoded using the first-shifted table, after which the transposition code entries are shifted by three more positions (H2=3). The next eight characters (D3=8) are decoded twice-shifted table, after which the transposition code entries are shifted by seven more positions (H3=7). The process returns to the first-shifted table, and repeats the auxiliary coding until all of the characters in the data have been encoded. When encoded data is received at the destination ground station, the encoding process is reversed using the received antenna identities. Alternatively, the data can be encoded in a step-wise fashion at each node in a route by storing the transposition tables and auxiliary tables at each node (terrestrial and non-terrestrial). [0092] That dynamic, non-linear coding makes it impossible to determine which character in the encoded data corresponds to a character in the original data. Because potential hackers don’t know what ground stations are going to send any data, they have no way to begin to undo this non-linear coding. Using the first three digits of every possible encryption code in a system to create auxiliary coding tables converts the previously described linear coding process into a non-linear one. The previous paragraph uses a particular shifting algorithm as an example, but in practice each auxiliary coding table can be associated with a different shifting algorithm. In addition, the shifting algorithms are not limited to three shift codes, nor do all of the shifting algorithms need to comprise the same number of shift codes. Moreover, both linear and non-linear coding can be applied to systems in which the route creation process comprise more or fewer route creation steps ST102–ST112 in FIGURE 5. [0093] The encryption process described above uses antenna identities as the basis for the encryption codes. However, the process can be implemented by using arbitrary numbers instead of antenna identities, and saving the numbers at each satellite during route creation. The encryption code will be recreated by sending the stored numbers during each data transmission step. [0094] FIGURE 8 is a schematic diagram of in a satellite 10' comprising a modified version of the satellite 10 that is specially adapted to perform the routing/encryption methods depicted in FIGURES 4 to 7. The satellite 10' has multiple antenna modules 12₁, 12₂, ... ,12_n-1, 12_n corresponding to the antenna modules 12 in the satellite 10 discussed above in connection with FIGURE 1. The methods of route creation and data transmission described herein for a system with hundreds of ground stations and satellites require processing, transmission, and receipt of large amounts of information. The modified satellite 10' facilitates the flow of data and routing messages by incorporating in each antenna module 12 a dedicated microprocessor with buffer storage 402 and a dedicated modem 404 (modulator/demodulator), which combine to manage the flow of information between the satellite’s CPU 40 and the antenna 406 of the particular antenna module. Specifically as shown in FIGURE 9, the antenna module 12₁ includes a dedicated microprocessor 402₁, a dedicated modem 404₁, and a directional antenna 406₁; the antenna module 12₂ includes a dedicated microprocessor 402₂, a dedicated modem 404₂, and a directional antenna 406₂; the antenna module 12_n-1 includes a dedicated microprocessor 402_n-1, a dedicated modem 404_n-1, and a directional antenna 406_n-1; and the antenna module 12_n includes a dedicated microprocessor 402_n, a dedicated modem 404_n, and a directional antenna 406_n. The antenna modules are connected to the main CPU 40 by the respective data and power links 40₁, ... ,40_n (see FIGURE 2). [0095] The microprocessor 402 and modem 404 offload from the satellite’s main CPU 40 some of the more routine computational and formatting tasks involved in processing incoming and outgoing radio signals. In any given time interval in a particular route creation/data transmission cycle a satellite will receive and send large numbers of routing messages or receive and send myriad data communications. Signals received on the antennas 406 must be converted into the appropriate digital form for processing by the satellite’s main CPU 40, and digital signals to be sent must be converted into the appropriate form for transmission by the antennas. will typically be organized into packets of digital data prior to being converted into the appropriate form for transmission by a designated antenna. Likewise, demodulated incoming signals must be converted to the appropriate digital format for processing by the satellite’s main CPU. The dedicated antenna modules 12 in the satellite 10' offload these more or less routine tasks that would otherwise have to be performed by the satellite’s main CPU 40. For example, each microprocessor 402 can organize outgoing routing messages received from the CPU 40 for transmission into strings of bytes of digital data and store them in a queue for serial transmission by the associated antenna 406. This permits the more computationally intensive tasks described above involved in route creation and data transmission to be performed by the CPU in the time allotted for each portion of the route creation/data transmission cycle. [0096] VI. Examples of Three-Dimensional Radio Mesh Systems [0097] FIGURE 9 illustrates some examples of radio routes to which the encryption methods described here can be applied. For purposes of illustration, the system shown comprises five terrestrial nodes, four of which are fixed ground stations GS(1), GS(2), GS(3) and GS(4), and a mobile terrestrial node in the form of a handheld smartphone HD. The system will typically include a constellation of hundreds of satellites in the manner already described. FIGURE 9 only depicts three satellites in very low earth orbits designated SVLEO(1), SVLEO(2) and SVLEO(3), and two satellites in low earth orbits SLEO(1) and SLEO(2) for clarity. The notional system depicted in FIGURE 9 includes non-orbiting aerial nodes in the form of balloons BN(1) and BN(2) and drones DR(1) and DR(2). The drones can be heavier-than-air fixed-wing or rotary wing aircraft, lighter-than-air airships and/or balloons. Examples of drones and balloons particularly adapted for use in systems like that shown in FIGURE 9 are disclosed in the ‘923 publication. [0098] The data encryption methods can be applied to any node to node route created through the system shown in FIGURE 9, some examples being: 1. GS(1) ↔ BN(1) ↔ SLEO(1) ↔ SLEO(2) ↔ GS(4) (dash-one-cross line) 2. GS(2) ↔ DR(2) ↔ SVLEO(2) ↔ GS(3) (dash-two-cross line) 3. GS(1) ↔ SVLEO(1) ↔ SVLEO(2) ↔ SVLEO(3) ↔ GS(3) (dash-three-cross line) 4. HD ↔ DR(1) ↔ BN(2) ↔ GS(3) (solid line) [0099] The data encryption method illustrated in FIGURE 7 described with reference to the satellite-only route in FIGURE 6 (route 2 in FIGURE 9) can also be applied in any system with non-orbiting nodes and satellites (routes 1 and 4), routes with only non-orbiting nodes (route 3), and routes including satellites at different altitudes (not shown).

Claims

WHAT IS CLAIMED IS: 1. A method of creating an encryption code for encrypting data transmitted via a radio route including N system nodes S in a radio communication system including a constellation of T aerial-based system nodes AN, wherein 3≤N<n and T>>n, each said system node having a plurality of antennas with separate identities for receiving and transmitting radio signals in different directions, the method comprising: transmitting from each of a plurality of antennas of an initial system node SI an initial routing message RMI including an initial address SI(D) uniquely identifying said initial system node and an identity SI(Y) of said transmitting antenna; storing at a said aerial-based system node AN (N=1) the identity of an antenna A1(X) on which a said initial routing message RMI was received and the address SI(D) included in said initial routing message RMI; transmitting from each of a plurality of antennas of said aerial-based system node A1 a first-tier routing message RMN (N=1) including (i) an identity A1(Y) of said transmitting antenna, (ii) the antenna identity A1(X) included in said initial routing message, and (iii) the address SI(D) included in said initial routing message; transmitting from each of a plurality of antennas of an aerial-based system node AN (N≥2) that received an (N-1)-tier routing message an N-tier routing message RMN (N≥2) including (i) an identity AN(Y) of said transmitting antenna, (ii) each antenna identity A(N-1)(X) included in each said (N-1)-tier routing message, and (iii) the address SI(D) included in said (N-1)-tier routing message; storing at each system node SN (N≥2) that received an (N-1)-tier routing message (i) the identity of an antenna SN(X) on which said (N-1)-tier routing message was received, and (ii) the address SI(D) included in said (N-1)-tier routing message; selecting a system node SN (N≥2) that received an (N-1) routing message to be an originating system node SO for transmitting said data to said initial system node SI using the stored antenna identity SN(X) associated with the SI(D) included in said (N-1) routing message; and associating an encryption code with a system node SN selected to be a said originating system node SO, said encryption code comprising (i) the identity of an antenna SO(X) on which said originating system node received a said routing message RMN, (ii) the identity SI(Y) of the antenna of said initial system node SI included in said routing message RMN, and (iii) each antenna identity AN(X) and AN(Y) included in said routing message RMN.

2. The method of claim 1 for creating an encryption code to encrypt data transmitted via a radio route including: a ground-based sending system node GSA having an address GA(D) and comprising said initial system node SI with antennas GA(Y) corresponding to said antennas SI(Y), and a ground-based receiving system node GSB comprising said originating node SO with antennas GB(X) corresponding to said antennas SO(X).

3. The method of claim 2 for a radio route in which N=3 and said encryption code comprises the antenna identities GA(Y), A1(X), A1(Y) and GB(X), wherein: GA(Y) comprises a two-digit number GAy1 and GAy2, with 0≤GAy1≤9 and 0≤GAy2≤9; A1(X) comprises a two-digit number A1x1 and A1x2, with 0≤A1x1≤9 and 0≤A1x2≤9; A1(Y) comprises a two-digit number A1y1 and A1y2, with 0≤A1y1≤9 and 0≤A1y2≤9; and GB(X) comprises a two-digit number GBx1 and GBx2, with 0≤GBx1≤9 and 0≤GBx2≤9.

4. An encryption method using said encryption code of claim 3 to encrypt data sent from a said originating system node GSB using said antenna GB(X), the method comprising: creating a transposition algorithm comprising (i) every combination of the digits in the set of antenna identities (GAy1,GAy2,A1x1,A1x2,A1y1,A1y2,GBx1,GBx2), and (ii) a plurality of transposition codes each of which uniquely matches with each said combination of digits a corresponding set of character numbers representing respective human-readable characters; and storing said transposition codes at based system node.

5. A method of transmitting data encrypted using said encryption method of claim 4 to a particular address GA(D) from said originating system node GSB on the antenna GB(X) that received a routing message including said address, the method comprising: creating at said system node GSB a set of encrypted data comprising character numbers representing the human-readable characters in said data encrypted using said transposition code corresponding to the digits (GAy1,GAy2,A1x1,A1x2,A1y1,A1y2,GBx1,GBx2) in said routing message RM1 from said system node A1 received by said system node GSB on said antenna GB(X); transmitting on said antenna GB(X): (i) said encrypted data, (ii) said antenna identity GB(X), and (iii) said address GA(D); transmitting on said stored antenna A1(X): (i) said encrypted data received on antenna A1(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A1(X) and A1(Y), and (iii) said address GA(D); decrypting said encrypted data received by said system node GSA(D) on antenna GA(Y) using said stored transposition code comprising the digits (GAy1,GAy2) and the digits (A1x1,A1x2,A1y1,A1y2,GBx1GBx2) in said encrypted data to determine the character numbers of the human-readable characters in said decrypted data.

6. An encryption method using said encryption code of claim 3 to encrypt data sent from a said originating system node GSB using said antenna GB(X), the method comprising: creating a transposition algorithm comprising (i) a set of multiple two-digit coding numbers (d1,d2), wherein 0≤d1≤9, 0≤d2≤9, and (ii) a plurality of transposition codes each of which uniquely matches each two-digit coding number with a corresponding set of character numbers representing respective human-readable characters; and storing said transposition codes at each ground-based system node.

7. A method of transmitting data using said encryption method of claim 6 to a particular address GA(D) from said originating system node GSB on the antenna GB(X) that received a routing message including said address, the method comprising: (1) creating at said system node GSB a set of encrypted data by: (a) using the transposition code associated with said two-digit coding number matching the digits (GAy1,GAy2) to create a first encrypted data subset comprising character numbers representing respective human-readable characters in said data, (b) using the transposition code associated with said two-digit coding number matching the digits (A1x1,A1x2) to create a second encrypted data subset comprising character numbers corresponding to respective different character numbers in said first encrypted data subset, (c) using the transposition code associated with said two-digit coding number matching the digits (A1y1,A1y2) to create a third encrypted data subset comprising character numbers corresponding to respective different character numbers in said second encrypted data subset, and (d) using the transposition code associated with said two-digit coding number matching the digits (GBx1,GBx2) to create said set of encrypted data comprising character numbers corresponding to respective different character numbers in said third encrypted data subset; (2) transmitting on said antenna GB(X): (i) said set of encrypted data, (ii) said antenna identity GB(X), and (iii) said address GA(D); (3) transmitting on said stored antenna A1(X): (i) said set of encrypted data received on antenna A1(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A1(X) and A1(Y), and (iii) said address GA(D); and (4) decrypting said set of encrypted data received by said system node GSA(D) on antenna GA(Y) using said stored transposition code associated with the digits (GAy1,GAy2) and the digits [(A1x1,A1x2);(A1y1,A1y2);(GBx1,GBx2)] in said set of encrypted data received by said system node GSA(D) to: (a) determine from the associated with the received digits (GBx1,GBx2) the respective character numbers in third encrypted data subset corresponding to the characters numbers in said set of encrypted data, (b) determine from the transposition code associated with the received digits (A1y1,A1y2) the respective character numbers in the second encrypted data subset corresponding to the characters numbers in said third encrypted data subset, (c) determine from the transposition code associated with the received digits (A1x1,A1x2) the respective character numbers in said first encrypted data subset corresponding to the characters numbers in said second encrypted data subset, and (d) determine from the transposition code associated with the digits (GAy1,GAy2) the character numbers of the human-readable characters in said data corresponding to the respective character numbers in said first encrypted data subset.

8. An encryption method using said encryption code of claim 3 to encrypt data sent from a said originating system node GSB using said antenna GB(X), the method comprising: creating a transposition algorithm comprising (i) a set of multiple two-digit coding numbers (d1,d2), wherein 0≤d1≤9, 0≤d2≤9, (ii) a plurality of transposition codes each of which uniquely matches each two-digit coding number with a corresponding set of character numbers representing respective human-readable characters, (iii) plural auxiliary transposition coding tables comprising three-digit entries (f1,f2,f3), wherein 0≤f1≤d1, 0≤f2≤d2, 0≤f3≤d1, and (iv) a plurality of shifting algorithms each of which is associated with the transposition code in which d1=f1, d2=f2, wherein said shifting algorithm changes the correspondence between a particular said two-digit number and a corresponding set of character numbers in a predetermined manner based on said auxiliary transposition coding table; and storing said transposition codes, said auxiliary transposition coding tables, and said shifting algorithms at each ground-based system node.

9. A method of transmitting data using said encryption method of claim 8 to a particular address GA(D) from said originating system node GSB on the antenna GB(X) that received a routing message including said address, the method comprising: (1) creating at said system node GSB a set of encrypted data by: (a) using the transposition code associated with said two-digit coding number matching the digits (GAy1,GAy2) to create a first basic encrypted data subset comprising character numbers representing respective human-readable characters in said data, (b) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create a first shifted encrypted data subset comprising character numbers corresponding to respective different character numbers in said first basic encrypted data subset, (c) using the transposition code associated with said two-digit coding number matching the digits (A1x1,A1x2) to create a second basic encrypted data subset comprising character numbers corresponding to respective different character numbers in said first shifted encrypted data subset, (d) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create a second shifted encrypted data subset comprising character numbers corresponding to respective different character numbers in said second basic encrypted data subset, (e) using the transposition code associated with said two-digit coding number matching the digits (A1y1,A1y2) to create a third basic encrypted data subset comprising character numbers corresponding to respective different character numbers in said second shifted encrypted data subset, (f) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create a third shifted encrypted data subset comprising character numbers corresponding to respective different character numbers in said third basic encrypted data subset, (g) using the transposition code with said two-digit coding number matching the digits (GBx1,GBx2) to create a basic set of encrypted data comprising character numbers corresponding to respective different character numbers in said third shifted encrypted data subset, and (h) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create said set of encrypted data comprising character numbers corresponding to respective different character numbers in said basic set of encrypted data subset; (2) transmitting on said antenna GSB(X): (i) said set of encrypted data, (ii) said antenna identity GB(X), and (iii) said address GA(D); (3) transmitting on said stored antenna A1(X): (i) said set of encrypted data received on antenna A1(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A1(X) and A1(Y), and (iii) said address GA(D); and (4) decrypting said set of encrypted data received by said system node GSA(D) on antenna GA(Y) using (i) said stored transposition code associated with the digits (GAy1,GAy2) and the digits [(A1x1,A1x2);(A1y1,A1y2);(GBx1,GBx2)] in said received set of encrypted data, and (ii) said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1), by: (a) using said stored transposition code associated with the received digits (GBx1,GBx2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the respective character numbers in said third basic encrypted data subset corresponding to the characters numbers in said set of encrypted data, (b) using said stored transposition code associated with the received digits (A1y1,A1y2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the character numbers in said second basic encrypted data subset corresponding to the characters numbers in said third basic encrypted data subset, (c) using said stored transposition code associated with the received digits (A1x1,A1x2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the in said first basic encrypted data subset corresponding to the characters numbers in said second basic encrypted data subset, and (d) using said stored transposition code associated with the digits (GAy1,GAy2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the character numbers of the human-readable characters in said set of encrypted data corresponding to the respective characters numbers in said first basic encrypted data subset.

10. The method of claim 9, wherein said shifting algorithm shifts succeeding portions of said characters numbers in a said encrypted data subset by predetermined amounts until all of said character numbers correspond to respective different character numbers.

11. The method of claim 2, wherein: (1) each said first-tier aerial-based system node A1 that received an initial routing message: (a) determines a value QI of a parameter associated with said initial routing message, wherein said value QI indicates the suitability of including said aerial-based system node A1 in a radio route to said ground-based sending node GSA, and (b) includes said value QI in said first-tier routing messages; (2) each said ground-based receiving node GSB that received on one or more antennas first-tier routing messages including a particular sending ground station address GA(D) determines: (a) a value Q1 of a parameter associated with each said first-tier routing message, wherein said value Q1 indicates the suitability of including said system node A1 in a radio route to the ground-based sending node GSA that sent the initial routing message, and (b) a value Q1L using an algorithm based on the value Q1 of each said received first-tier routing message and the value QI included in said first-tier routing message, wherein said value Q1L indicates the relative suitability of particular said system node A1 in the radio route; and (3) each said second-tier aerial-based system node A2 that received on one or more antennas first-tier routing messages including a particular sending ground station address GA(D): (a) determines said value Q1 associated with each said first-tier routing message and said corresponding value Q1L, (b) stores the identity of the antenna A2(X) that received the first-tier routing message associated with the highest value of Q1L, and (c) transmits from a plurality of its antennas second-tier routing messages including said highest value of Q1L; and (4) each said ground-based receiving node GSB that received on one or more antennas second-tier routing messages including a particular sending ground station address GA(D) determines: (a) a value Q2 of a parameter associated with each said second-tier routing message, wherein said value Q2 indicates the suitability of including said system node A2 in a radio route to said ground-based sending node GSA, and (b) a value Q2L using an algorithm based on the value Q2 of each said received second-tier routing message and the value Q1L included in said first-tier routing message, wherein said value Q2L indicates the relative suitability of including a particular said system node A2 in the radio route; and (5) each said ground-based receiving node GSB that received on one or more antennas first-tier routing messages and one or more second-tier routing messages including a particular sending ground station address GA(D) stores the identity of the antenna GB(X) associated with the highest Q1L or Q2L; wherein: for a ground-based receiving node GSB that received only first-tier routing messages and first-tier routing messages associated with a value Q1L higher than the value Q2L associated with any received second-tier routing message, code comprises the stored antenna identities GA(Y), A1(X), A1(Y) and GB(X), and for a ground-based receiving node GSB that received only second-tier routing messages and second-tier routing messages associated with a value Q2L higher than the value Q1L associated with any received first-tier routing message, said encryption code comprises the stored antenna identities GA(Y), A1(X), A1(Y), A2(X), A2(Y) and GB(X).

12. The method of claim 2 for a radio route in which N=4 and said encryption code comprises the antenna identities GA(Y), A1(X), A1(Y), A2(X), A2(Y) and GB(X), wherein: GA(Y) comprises a two-digit number GAy1 and GAy2, with 0≤GAy1≤9 and 0≤GAy2≤9; A1(X) comprises a two-digit number A1x1 and A1x2, with 0≤A1x1≤9 and 0≤A1x2≤9; A1(Y) comprises a two-digit number A1y1 and A1y2, with 0≤A1y1≤9 and 0≤A1y2≤9; A2(X) comprises a two-digit number A2x1 and A2x2, with 0≤A2x1≤9 and 0≤A2x2≤9; A2(Y) comprises a two-digit number A2y1 and A2y2, with 0≤A2y1≤9 and 0≤A2y2≤9; and GB(X) comprises a two-digit number GBx1 and GBx2, with 0≤GBx1≤9 and 0≤GBx2≤9.

13. An encryption method using said encryption code of claim 12 to encrypt data sent from a said originating system node GSB using said antenna GB(X), the method comprising: creating a transposition algorithm comprising (i) every combination of the digits in the set of antenna identities (GAy1,GAy2,A1x1,A1x2,A1y1,A1y2,A2x1,A2x2,A2y1,A2y2,GBx1,GBx2), and (ii) a plurality of transposition codes each of which uniquely matches with each said combination of digits a corresponding set of character numbers representing respective human-readable characters; and storing said transposition codes at each ground-based system node.

14. A method of transmitting data encrypted using said encryption method of claim 13 to a particular address GA(D) from said originating system node GSB on the antenna GB(X) that received a routing message including said address, the method comprising: creating at said system node GSB a data comprising character numbers representing the human-readable characters in said data encrypted using said transposition code corresponding to the digits (GAy1,GAy2,A1x1,A1x2,A1y1,A1y2,A2x1,A2x2,A2y1,A2y2, GBx1,GBx2) in said routing message RM2 from said system node A2 received by said system node GSB on said antenna GB(X); transmitting on said antenna GB(X): (i) said encrypted data, (ii) said antenna identity GB(X), and (iii) said address GA(D); transmitting on said stored antenna A2(X): (i) said encrypted data received on antenna A2(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A2(X) and A2(Y), and (iii) said address GA(D); transmitting on said stored antenna A1(X): (i) said encrypted data received on antenna A1(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A2(X) and A2(Y), (iii) said antenna identities A1(X) and A1(Y), and (iv) said address GA(D); and decrypting said encrypted data received by said system node GSA(D) on antenna GA(Y) using said stored transposition code comprising the digits (GAy1,GAy2) and the digits A1x1,A1x2,A1y1,A1y2,A2x1,A2x2,A2y1,A2y2, GBx1,GBx2) in said encrypted data to determine the character numbers of the human-readable characters in said decrypted data.

15. An encryption method using said encryption code of claim 12 to encrypt data sent from a said originating system node GSB using said antenna GB(X), the method comprising: creating a transposition algorithm comprising (i) a set of multiple two-digit coding numbers (d1,d2), wherein 0≤d1≤9, 0≤d2≤9, and (ii) a plurality of transposition codes each of which uniquely matches each two-digit coding number with a corresponding set of character numbers representing respective human-readable characters; and storing said transposition codes at each ground-based system node.

16. A method of transmitting data using said encryption method of claim 15 to a particular address GA(D) from said originating system node GSB on the antenna GB(X) that received a routing message including said address, the method comprising: (1) creating at said system node GSB a set of encrypted data by: (a) using the transposition code associated with said two-digit coding number matching the digits (GAy1,GAy2) to create a first encrypted data subset comprising character numbers representing the respective human-readable characters in said data, (b) using the transposition code associated with said two-digit coding number matching the digits (A1x1,A1x2) to create a second encrypted data subset comprising character numbers corresponding to respective different character numbers in said first encrypted data subset, (c) using the transposition code associated with said two-digit coding number matching the digits (A1y1,A1y2) to create a third encrypted data subset comprising character numbers corresponding to respective different character numbers in said second encrypted data subset (d) using the transposition code associated with said two-digit coding number matching the digits (A2x1,A2x2) to create a fourth encrypted data subset comprising character numbers corresponding to respective different character numbers in said third encrypted data subset, (e) using the transposition code associated with said two-digit coding number matching the digits (A2y1,A2y2) to create a fifth encrypted data subset comprising character numbers corresponding to respective different character numbers in said fourth encrypted data subset, and (f) using the transposition code associated with said two-digit coding number matching the digits (GBx1,GBx2) to create said set of encrypted data comprising character numbers corresponding to respective different character numbers in said fifth encrypted data subset; (2) transmitting on said antenna GB(X): (i) said set of encrypted data, (ii) said antenna identity GB(X), and (iii) said address GA(D); (3) transmitting on said stored antenna A2(X): (i) said set of encrypted data received on antenna A2(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A2(X) and A2(Y), and (iii) said address GA(D); (4) transmitting on said stored (X): (i) said set of encrypted data received on antenna A1(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A2(X) and A2(Y), (iv) said antenna identities A1(X) and A1(Y), and (v) said address GA(D); and (5) decrypting said set of encrypted data received by said system node GSA(D) on antenna GA(Y) using said stored transposition code associated with the digits (GAy1,GAy2) and the digits [(A1x1,A1x2);(A1y1,A1y2); (A2x1,A2x2);(A2y1,A2y2); (GBx1,GBx2)] included with said set of encrypted data received by said system node GSA(D) to: (a) determine from the transposition code associated with the received digits (GBx1,GBx2) the respective character numbers in said fifth encrypted data subset corresponding to the characters numbers in said set of encrypted data, (b) determine from the transposition code associated with the received digits (A2y1,A2y2) the respective character numbers in said fourth encrypted data subset corresponding to the characters numbers in said fifth encrypted data subset, (c) determine from the transposition code associated with the received digits (A2y1,A2y2) the respective character numbers in said third encrypted data subset corresponding to the characters numbers in said fourth encrypted data subset, (d) determine from the transposition code associated with the received digits (A1y1,A1y2) the respective character numbers in said second encrypted data subset corresponding to the characters numbers in said third encrypted data subset, (e) determine from the transposition code associated with the received digits (A1x1,A1x2) the respective character numbers in said first encrypted data subset corresponding to the characters numbers in said second encrypted data subset, and (f) determine from the transposition code associated with the digits (GAy1,GAy2) the character numbers of the human-readable characters in said data corresponding to the characters numbers in said first encrypted data subset.

17. An encryption method using said code of claim 12 to encrypt data sent from a said originating system node GSB using said antenna GB(X), the method comprising: creating a transposition algorithm comprising (i) a set of multiple two-digit coding numbers (d1,d2), wherein 0≤d1≤9, 0≤d2≤9, (ii) a plurality of transposition codes each of which uniquely matches each two-digit coding number with a corresponding set of character numbers representing respective human-readable characters, (iii) plural auxiliary transposition coding tables comprising three-digit entries (f1,f2,f3), wherein 0≤f1≤d1, 0≤f2≤d2, 0≤f3≤d1, and (iv) a plurality of shifting algorithms each of which is associated with the transposition code in which d1=f1, d2=f2, wherein said shifting algorithm changes the correspondence between a particular said two-digit number and a corresponding set of character numbers in a predetermined manner based on said auxiliary transposition coding table; and storing said transposition codes, said auxiliary transposition coding tables, and said shifting algorithms at each ground-based system node.

18. A method of transmitting data encrypted using said encryption method of claim 17 to a particular address GA(D) from said originating system node GSB on the antenna GB(X) that received a routing message including said address, the method comprising: (1) creating at said system node GSB a set of encrypted data by: (a) using the transposition code associated with said two-digit coding number matching the digits (GAy1,GAy2) to create a first basic encrypted data subset comprising character numbers representing respective human-readable characters in said data, (b) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create a first shifted encrypted data subset comprising character numbers corresponding to respective different character numbers in said first basic encrypted data subset, (c) using the transposition code associated with said two-digit coding number matching the digits (A1x1,A1x2) to create a second basic encrypted data subset comprising character numbers corresponding to respective numbers in said first shifted encrypted data subset, (d) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create a second shifted encrypted data subset comprising character numbers corresponding to respective different character numbers in said second basic encrypted data subset, (e) using the transposition code associated with said two-digit coding number matching the digits (A1y1,A1y2) to create a third basic encrypted data subset comprising character numbers corresponding to respective different character numbers in said second shifted encrypted data subset, (f) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create a third shifted encrypted data subset comprising character numbers corresponding to respective different character numbers in said third basic encrypted data subset, (g) using the transposition code associated with said two-digit coding number matching the digits (A2x1,A2x2) to create a fourth basic encrypted data subset comprising character numbers corresponding to respective different character numbers in said third shifted encrypted data subset, (h) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create a fourth shifted encrypted data subset comprising character numbers corresponding to respective different character numbers in said fourth basic encrypted data subset, (i) using the transposition code associated with said two-digit coding number matching the digits (A1y1,A1y2) to create a fifth basic encrypted data subset comprising character numbers corresponding to respective different character numbers in said fourth shifted encrypted data subset, (j) using said shifting algorithm with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create a fifth shifted encrypted data subset comprising character numbers corresponding to respective different character numbers in said fifth basic encrypted data subset, (g) using the transposition code associated with said two-digit coding number matching the digits (GBx1,GBx2) to create a basic set of encrypted data comprising character numbers corresponding to the human-readable characters in said fifth shifted encrypted data subset, and (h) using said shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to create said set of encrypted data comprising character numbers corresponding to respective different character numbers in said fifth shifted encrypted data subset; (2) transmitting on said antenna GB(X): (i) said set of encrypted data, (ii) said antenna identity GB(X), and (iii) said address GA(D); (3) transmitting on said stored antenna A2(X): (i) said set of encrypted data received on antenna A2(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A2(X) and A2(Y), and (iii) said address GA(D); (4) transmitting on said stored antenna A1(X): (i) said set of encrypted data received on antenna A1(Y), (ii) said antenna identity GB(X), (iii) said antenna identities A2(X) and A2(Y), (iv) said antenna identities A1(X) and A1(Y), and (v) said address GA(D); and (5) decrypting said set of encrypted data received by said system node GSA(D) on antenna GA(Y) using (i) said stored transposition code associated with the digits (GAy1,GAy2) and the digits [(A1x1,A1x2);(A1y1,A1y2),(A2x1,A2x2);(A2y1,A2y2);(GBx1,GBx2)] in said received set of encrypted data, and (ii) said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1), by: (a) using said stored transposition code associated with the received digits (GBx1,GBx2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the respective character numbers in said fifth basic encrypted data subset corresponding to the characters numbers in said set of encrypted data, (b) using said stored transposition with the received digits (A2y1,A2y2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the character numbers in said fourth basic encrypted data subset corresponding to the characters numbers in said fifth basic encrypted data subset, (c) using said stored transposition code associated with the received digits (A2x1,A2x2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the character numbers in said third basic encrypted data subset corresponding to the characters numbers in said fourth basic encrypted data subset, (d) using said stored transposition code associated with the received digits (A1y1,A1y2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the character numbers in said second basic encrypted data subset corresponding to the characters numbers in said third basic encrypted data subset, (e) using said stored transposition code associated with the received digits (A1x1,A1x2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the character numbers in said first basic encrypted data subset corresponding to the characters numbers in said second basic encrypted data subset, and (f) using said stored transposition code associated with the digits (GAy1,GAy2) and said stored shifting algorithm associated with said coding table entry matching the digits (GAy1,GAy2,A1x1) to determine the character numbers of the human-readable characters in said set of encrypted data corresponding to the respective characters numbers in said first basic encrypted data subset.

19. The method of claim 18, wherein said shifting algorithm shifts succeeding portions of said characters numbers in a said encrypted data subset by predetermined amounts until all of said character numbers correspond to respective different character numbers.

20. The method of claim 1 for code to encrypt data transmitted via a radio route including: an aerial-based sending system node having an address AS(D) and comprising said initial system node SI with antennas AS(Y) corresponding to said antennas SI(Y), and a ground-based receiving system node comprising said originating node SO with antennas GB(X) corresponding to said antennas SO(X).

21. The method of claim 1 for creating an encryption code to encrypt data transmitted via a radio route including: an aerial-based sending system node having an address AS(D) and comprising said initial system node SI with antennas AS(Y) corresponding to said antennas SI(Y), and an aerial-based receiving system node comprising said originating node SO with antennas AR(X) corresponding to said antennas SO(X).

22. The method of claim 1 wherein said aerial-based system nodes include a constellation of multiple satellites orbiting in uncontrolled, stochastically distributed orbits.

23. The method of claim 22 wherein said constellation includes T satellites, where 100≤T≤200.

24. The method of claim 23 wherein said aerial-based system nodes further include multiple non-orbiting system nodes.

25. The method of claim 1 wherein said aerial-based system nodes include multiple non-orbiting unmanned heavier-than-air aircraft.

26. The method of claim 25 wherein said aerial-based system nodes further include a constellation of T satellites orbiting in uncontrolled, stochastically distributed orbits, where 100≤T≤200.

27. The method of claim 1 wherein based system nodes include multiple non-orbiting unmanned lighter-than-air aircraft.

28. The method of claim 27 wherein said aerial-based system nodes further include multiple non-orbiting unmanned heavier-than-air aircraft. 30. The method of claim 1 wherein said antennas are directional antennas for transmitting and receiving radio signals in a plurality of directions.