| 摘要 |
Provided are system, methods, and computer-readable media for systems, methods, and computer-readable media for secure digital communications and networks. The system provides for secure communication between nodes through the use of a subscription between two nodes based on unique identifiers that are unique to each node, and communication between nodes without a subscription may be blocked. Additionally, secure communications between a node and a remote node are dynamically encrypted using asymmetric and symmetric encryption. The encryption algorithms and key lengths may be changed at each subsequent negotiation between a node and a remote node. |
| 主权项 |
1. A computer-implemented method for secure communications on a digital network, comprising:
receiving, at a processor, a first packet at a first node of a network; determining, by a processor, whether a subscription exists between the first node and a second node associated with the packet, wherein the subscription comprises a predefined relationship between the first node and the second node; dropping, by the processor, the packet if no subscription exists; performing, by the processor, an authentication of a connection between the first node and the second node if the subscription exists, the authentication comprising:
sending a unique identifier from the first node to the second node, the unique identifier comprising a node identifier associated with the first node, a fingerprint identifier associated with the first node, and a subscription identifier associated with the subscription; performing, by the processor, a first synchronization of the connection between the first node and the second node if the subscription exists, the first synchronization comprising:
receiving a first request from the second node for a first asymmetric public key;generating a first asymmetric public key and a first asymmetric private key each having a first asymmetric key length using a first encryption algorithm;sending the first asymmetric public key to the second node;receiving an encrypted first symmetric key from the second node, the first symmetric key encrypted using the first asymmetric public key and the first symmetric key generated using a second encryption algorithm; anddecrypting the first encrypted symmetric key to obtain the first symmetric key; encrypting data of the first packet using the first symmetric key; sending, over the network, the first packet to the second node; performing, by the processor, a second synchronization of the connection between the first node and the second node if the subscription exists, the second synchronization comprising:
receiving a second request from the second node for a second asymmetric public key;generating a second asymmetric public key and a second asymmetric private key each having a second asymmetric key length using a third encryption algorithm, the third encryption algorithm different from the first encryption algorithm and the second asymmetric key length different from the first asymmetric key length;sending the second asymmetric public key to the second node;receiving an encrypted second symmetric key from the second node, the second symmetric key encrypted using the first asymmetric public key and the second symmetric key having a second symmetric key length generated using a fourth encryption algorithm, the fourth encryption algorithm different from the second encryption algorithm and the second symmetric key length different from the first symmetric key length;decrypting the encrypted second symmetric key to obtain a second symmetric key; andencrypting data of a second packet using the symmetric key. |
