METHOD AND APPARATUS FOR SECURE COMMUNICATIONS AND RESOURCE SHARING BETWEEN ANONYMOUS NON-TRUSTING PARTIES WITH NO CENTRAL ADMINISTRATION

摘要

A unifying network model with a structure and architecture configured to address security, interoperability, mobility, and resource management, including priority and quality of services is provided. The network of the network model is structured as a hierarchical mesh network, with dynamically generated routing tables. The configuration of the network model optimizes routing and distributes communication load. Every device on the network is capable of being both an endpoint and a forwarder of communications. The network model may include underlying networks that are represented with one of two models, the link model or the star model. The nodes are organized in a hierarchical relationship structure to optimize throughput. The model may include a cryptographic method of dynamically assigning local network addresses.

主权项

1. A system for organizing without central administration of a network of non-trusting computing devices so that the computing devices can securely share network resources and communicate with each other, comprising:
a recipient computing device; and a sending computing device that sends a signed circuit establishment request to the recipient computing device via the network of non-trusting computing devices, wherein the sending computing device communicates the circuit establishment request comprising a first identity document to the recipient computing device, wherein the first identity document identifies the sending computing device to the recipient computing device, wherein the first identity document includes a first public key signed by the sending computing device, and wherein the first public key is associated with a first private key known only to the sending computing device; wherein the recipient computing device communicates a second identity document and a signed challenge with a solution to the sending computing device, wherein the second identity document identifies the recipient computing device to the sending computing device, wherein the second identity document includes a second public key signed by the recipient computing device, wherein the second public key is associated with a second private key known only to the recipient computing device, and wherein the solution of the signed challenge includes a missing portion of data which results in a cryptographic hash that is to be computationally solved by the sending computing device to complete the circuit establishment; wherein, in response to the recipient computing device sending the sending computing device the signed challenge, the sending computing device solves the signed challenge by determining the missing portion of data of the cryptographic hash; wherein the sending computing device determines the missing portion of the data of the cryptographic hash by performing a brute force search for a number of missing bits of the cryptographic hash, wherein the number of missing bits is specified by the signed challenge; and wherein a communications circuit is established between the sending computing device and the recipient computing device in response to the recipient computing device identifying the sending computing device based on the first identity document, in response to the sending computing device identifying the recipient computing device based on the second identity document, and in response to the sending computing device computationally solving the received signed challenge.