| CPC H04L 63/0485 (2013.01) | 20 Claims |
|
1. A method comprising:
receiving a Domain Name Service (DNS) request to resolve a domain name on behalf of a source service;
forwarding a data packet having an unencrypted source address to a first server that manages connections between the source service and a destination service;
obfuscating, by the first server, the unencrypted source address into an encrypted source address for the data packet, wherein the encrypted source address includes a cipher associated with a plurality of ciphers;
forwarding the DNS request over a public DNS to a secure DNS resolver of a destination service;
forwarding, by the DNS resolver of the destination service, an unencrypted destination address to a second server that manages connections between the source service and the destination service;
obfuscating, by the second server, the unencrypted destination address into an encrypted destination address for a return packet, wherein the encrypted destination address includes the cipher associated with the plurality of ciphers;
receiving, by the source service, the return packet from the destination service, wherein the return packet has the encrypted destination address including the cipher encoded therein;
forwarding, along a packet flow, the data packet having the encrypted source address and the encrypted destination address from the first server to the second server;
identifying a decipher algorithm of a plurality of decipher algorithms based on the cipher;
applying the decipher algorithm to the encrypted destination address to identify an unencrypted destination address for the data packet; and
forwarding the data packet to the unencrypted destination address.
|