| 摘要 |
A method and apparatus for protecting the routing of data packets in a packet data network. When a first end-host sends an address query to a DNS server system regarding a second end-host, the DNS server system responds by providing a destination parameter containing an encrypted destination address associated with the second end-host. Thereby, the first end-host is able to get across data packets to the second end-host by attaching the destination parameter to each transmitted data packet. A router in the packet data network admits a received packet if a destination parameter is attached to the pocket including a valid destination address encrypted by a key dependent on a distributed master encryption key. Otherwise, the router discards the packet if no such valid destination address can be derived from the packet by applying decryption to the destination parameter.
|
