METHOD OF PROCESSING NETWORK TRAFFIC DATAGRAMS FOR PROTECTING INFORMATION COMPUTER SYSTEMS (VERSIONS) Russian patent published in 2013 - IPC G06F21/22 

FIELD: information technology.

SUBSTANCE: after allocating addresses of the sender S_A and recipient S_B, a transmission route m_j of a network datagram P_i over an external network between secure computer networks is formed in form of a series of trusted nodes S₁, S₂, S_vj, which is recorded in the "Option" field of the network datagram. A network datagram with the address of the recipient S_b and the address of the nearest trusted node S_Vj is formed in accordance with the transmission route m_j of the network datagram P_s. The network datagram is encrypted using a cryptographic key K and the operations are repeated, starting with formation of a network datagram and its encryption to formation of a network datagram with the address of the recipient S₁ and the address of the sender S_a. The formed secure network datagram D, which is received at a trusted node at the address of the recipient S₁, is transmitted over the communication channel of the external network. The network datagram is decrypted using the cryptographic key K and values of the "Option" field are recorded into the memory of a gateway computer. A new value of the "Option" field is generated based on the address of the passed trusted node, which is recorded into the "Option" field. Values given in the "Option" field are compared with values of the transmission route of the secure network datagram defined at the recipient node and if the transmission route does not match, the network datagram is blocked.

EFFECT: more reliable detection of forgery of computer addresses of the sender and recipient of network datagrams.

3 cl, 7 dwg