US 12,407,728 B2
Secure communication system
W. Daniel Hillis, Rindge, NH (US); David C. Douglas, Concord, MA (US); Mathias Kolehmainen, Louisville, KY (US); Steven Willis, Cambridge, MA (US); Frank Kastenholz, Medford, MA (US); and Michael Dubno, New York, NY (US)
Assigned to APPLIED INVENTION, LLC, Burbank, CA (US)
Filed by Applied Invention, LLC, Burbank, CA (US)
Filed on Apr. 5, 2022, as Appl. No. 17/658,056.
Application 17/658,056 is a continuation of application No. 17/098,824, filed on Nov. 16, 2020, granted, now 11,799,844.
Application 17/658,056 is a continuation of application No. 17/091,944, filed on Nov. 6, 2020, granted, now 11,856,027.
Application 17/098,824 is a continuation in part of application No. 16/019,412, filed on Jun. 26, 2018, granted, now 11,102,194, issued on Aug. 24, 2021.
Application 17/098,824 is a continuation in part of application No. 16/019,423, filed on Jun. 26, 2018, granted, now 10,868,806, issued on Dec. 15, 2020.
Application 17/098,824 is a continuation of application No. 16/019,423, filed on Jun. 26, 2018, granted, now 10,868,806, issued on Dec. 15, 2020.
Claims priority of provisional application 63/057,875, filed on Jul. 28, 2020.
Claims priority of provisional application 62/551,685, filed on Aug. 29, 2017.
Claims priority of provisional application 62/539,220, filed on Jul. 31, 2017.
Claims priority of provisional application 62/525,623, filed on Jun. 27, 2017.
Prior Publication US 2022/0232000 A1, Jul. 21, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 9/32 (2006.01)
CPC H04L 63/20 (2013.01) [H04L 9/3268 (2013.01); H04L 63/0236 (2013.01); H04L 63/0263 (2013.01); H04L 63/08 (2013.01); H04L 63/083 (2013.01); H04L 63/10 (2013.01); H04L 63/1441 (2013.01); H04L 9/3234 (2013.01); H04L 9/3271 (2013.01); H04L 63/062 (2013.01); H04L 63/0861 (2013.01); H04L 63/0884 (2013.01); H04L 63/101 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A secure communication system enabling secure transport of information, comprising:
a secure network comprising one or more packet processing units (PPUs), wherein
each PPU comprises one or more processors and a memory;
one or more policy enforcement procedures configured for execution by a processor to store and apply a set of policies governing packet transmission;
a visa management service executed on one or more servers, the visa management service configured to generate and issue a plurality of visas, each visa being cryptographically signed, associated with a predefined configuration of policies, and associated with an expiration time; and
a plurality of internal packets transmitted within said secure network,
wherein each of said internal packets is associated with one of said visas,
wherein a PPU among said PPUs is configured to, before transmission of one of said internal packets:
(1) verify the authenticity of the visa associated with an internal packet using a cryptographic signature validation mechanism; and
(2) determine, based on the policy enforcement procedures, whether the configuration of policies associated with the visa permits transmission of the internal packet:
wherein the PPU transmits the internal packet only if the cryptographic signature is valid, the configuration of policies permits transmission, and the expiration time of the visa has not elapsed.