A network authentication system authenticates a connection-request based on a manner that the connection-request traverses the network. In client-server terminology, a server authenticates a client request for connection by examining one or more sequences of network entities (or network nodes) that form entity-patterns. The client pseudo-randomly selects entities of the network to be redirectors that redirect a received connection-request to further redirectors and/or the server. The client generates a different connection-request for each of the redirectors, and each redirector does the same for each of the further redirectors. This results in substantially unique connection-requests transmitted by each entity of the network in connection with the user request. Thus, redirector patterns are substantially unique and may be used for authentication.
A secure session of communication between two entities in a network is disclosed. Using client-server terminology, a client sends a connection-request to a server that authenticates the connection-request and transmits a session-request to the client in response. The client reverse-authenticates the session-request and then passively waits to receive a tunnel-request transmitted by the server. The tunnel-request sets up one or more overlapping tunnels between the client and the server to support the desired communications. Each of the tunnels exists only for a specified time and is replaced by another tunnel that is set up after a selected time delay after the start of a previous tunnel.
Method And Apparatus For Preventing And Analyzing Network Intrusion
Aspects of the disclosure provide a method for preventing and analyzing network intrusion. The method includes receiving by a network device an initial communication from an entity, determining the entity is not trusted based on the initial communication, and transmitting signals to the entity that are indicative of first disinformation of the network device to hide real information of the network device.