| 摘要 |
A unifying network model with a structure and architecture configured to address security, interoperability, mobility, and resource management, including priority and quality of services is provided. The network of the network model is structured as a hierarchical mesh network, with dynamically generated routing tables. The configuration of the network model optimizes routing and distributes communication load. Every device on the network is capable of being both an endpoint and a forwarder of communications. The network model may include underlying networks that are represented with one of two models, the link model or the star model. The nodes are organized in a hierarchical relationship structure to optimizes throughput. The model may include a cryptographic method of dynamically assigning local network addresses. |
| 主权项 |
1. A system for organizing without central administration of a network of non-trusting computing devices so that the computing devices can securely share network resources and communicate with each other, comprising:
a recipient computing device; and a sending computing device that sends a signed circuit establishment request to the recipient computing device via the network of non-trusting computing devices, wherein the sending computing device communicates the circuit establishment request comprising a first identity document and a computational challenge to the recipient computing device, wherein the first identity document identifies the sending computing device to the recipient computing device, and wherein the first identity document includes a first public key signed by the sending computing device, and wherein the first public key is associated with a first private key known only to the sending computing device; wherein the recipient computing device communicates a signed challenge with a solution and a second identity document to the sending computing device, wherein the second identity document identifies the recipient computing device to the sending computing device, wherein the second identity document includes a second public key signed by the recipient computing device, and wherein the second public key is associated with a second private key known only to the recipient computing device, wherein the solution of the signed challenge includes a missing portion of data which results in a cryptographic hash that is to be computationally solved by the sending computing device to complete the circuit establishment; wherein the sending computing device solves the signed challenge by computing the missing portion of data of the solution of the signed challenge, wherein the first private key and the first public key unique to the first identity document identify the sending computing device to the recipient computing device; wherein the second private key and the second public key uniquely identify the recipient computing device to the sending computing device; wherein a communications circuit is established between the sending computing device and the recipient computing device in response to the recipient computing device identifying the sending computing device based on the first identity document, in response to the sending computing device identifying the recipient computing device based on the second identity document, and in response to the sending computing device computationally solving the received signed challenge, wherein the recipient computing device saves challenge/response state information associated with the sending computing device only in response to the sending computing device computationally solving the received signed challenge, such that no challenge/response state information is kept for challenge requests, only for successful challenge responses, wherein, in response to the recipient computing device sending the sending computing device the signed challenge, the sending computing device determines the missing portion of data of the cryptographic hash, wherein the determined missing portion of data computationally is used to solve the challenge, and wherein the sending computing device determines the missing portion of data of the cryptographic hash by performing a brute force search for a number of missing bits of the cryptographic hash, wherein the number of missing bits are specified by the signed challenge. |
