Computer system and method for providing secure and reliable high-bandwidth low latency communications in remote locations

The system addresses the security and reliability gaps in satellite communications by dynamically switching between networks and securing data transmission, ensuring robust connectivity and high-bandwidth communication in remote locations.

AU2024412155A1Pending Publication Date: 2026-07-09MDA SYST LTD

Patent Information

Authority / Receiving Office
AU · AU
Patent Type
Applications
Current Assignee / Owner
MDA SYST LTD
Filing Date
2024-12-30
Publication Date
2026-07-09

AI Technical Summary

Technical Problem

Existing satellite communication systems lack security, reliability, and resilience, particularly in remote locations, and do not efficiently route data through the best available networks, failing to meet the needs of users in sectors like finance, government, and military.

Method used

A system that establishes and maintains a list of available satellite communication networks, automatically switches to a better network upon detecting disruptions, and secures data transmission using encryption and multiple concurrent links with majority voting for fault tolerance.

Benefits of technology

Provides secure, reliable, and high-bandwidth communication by seamlessly switching between satellite networks to maintain connectivity and ensure data integrity, even in challenging environments.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 00000000_0000_ABST
    Figure 00000000_0000_ABST
Patent Text Reader

Abstract

A system and method for providing reliable satellite communications is provided herein. The system includes a first terminal configured to establish and maintain a list of networks available to the first terminal and a second terminal, communicatively connect to the second terminal via a first network to establish a first link for transmitting or receiving data between the terminals, detect a service disruption in the first link, and upon detecting a service disruption, switch the connection of the terminals over the first network from the first network to a second network to establish a second link for transmitting or receiving the data. The first terminal may be configured to secure the data transmitted between the first and second terminal wherein the data is secured by the first terminal prior to transmission over the first network or second network.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The following relates generally to satellite communications, and more particularly to systems and methods for secure and reliable satellite communications using multiple communication networks. Introduction

[0002] Multi-orbit and multi-band commercial SATCOM service providers offer a high level of resiliency to a satellite network for a ground segment terminal to take advantage of.

[0003] Multi-orbit is where two or more satellites are operating in different Earth orbits - such as high-altitude platforms (HAPS), Low Earth Orbit (LEO, Medium Earth Orbit (MEO), Geosynchronous Earth Orbit (GEO), and High Earth Orbit (HEO) - and are operating in the same frequency band.

[0004] Multi-band is when two or more satellites are operating at the same orbit but at different frequency bands, such as L, C, X, Ku, Ka, and V.

[0005] The ability to access different commercial SATCOM service providers that operate in different orbits and different frequencies offers major benefits, such as the ability overcome issues related to coverage, jamming, environmental disruptions, network congestion, latency time and bandwidths, and cost.

[0006] As an example of these benefits, many remote locations, such as in Canada's Arctic, are beyond the coverage of geosynchronous orbit (GSO) satellites, making conventional networks unsuitable for secure communication.

[0007] LEO SATCOM internet is a new technology that is still emerging. These providers are focused on delivering internet connectivity across their own networks to their customers. They are an enabling technology providing a means to send data in remote locations, but they are not focused on ensuring data is secure. This is similar to terrestrial networks, they provide a means to send data, but security from end point to end point is handled by users. Additionally, these providers are not considering routing data through the best available LEO SATCOM network, since that would mean they would be giving away business to another LEO SATCOM internet provider.

[0008] Organizations, entities, and persons are increasingly requiring reliable, trusted, secure and affordable communications solutions to provide both support and command and control to domestic and continental operations, particularly in security, possibility of jamming, and safety in the Northern regions including the Arctic.

[0009] Commercial service providers do not offer different levels of security, such as classified and protected to address the needs of users in the financial, government, and military sectors.

[0010] Accordingly, there is a need for an improved system and method for secure and reliable satellite communications that overcomes at least some of the disadvantages of existing systems and methods. Summary

[0011] Provided is a first terminal for providing reliable high-bandwidth low latency communications. The first terminal is configured to establish and maintain a list of networks available to the first terminal. The list of networks includes a first network and a second network. The first terminal is further configured to communicatively connect to a second terminal via the first network to establish a first link for transmitting or receiving data between the first terminal and the second terminal and detect a service disruption in the first link. Upon detecting a service disruption in the first link, the first terminal is configured to switch the connection of the first terminal to second terminal from the first network to the second network to establish a second link for transmitting or receiving the data over the second network.

[0012] The first terminal may further be configured to secure the data transmitted between the first and second terminal. The data may be secured by the first terminal prior to transmission over the first network or second network.

[0013] The first terminal may further be configured to secure the data by encrypting the second link based on an encryption implementation that corresponds to an encryption implementation of the second terminal.

[0014] The first terminal may further be configured to communicatively connect to a user device or network for receiving data to be transmitted from the first terminal to the second terminal.

[0015] Detecting the service disruption in the first link may include monitoring each network of the available networks and determining a cost for each network based on network performance metrics and determining, where the cost of first network exceeds the cost of at least one remaining network of the available networks, that a disruption has occurred.

[0016] In another aspect provided is a method for reliable high-bandwidth low latency communications. The method includes establishing and maintaining a list of networks available to a first terminal, the list of networks including a first network and a second network. The method includes communicatively connecting the first terminal to a second terminal via the first network to establish a first link for transmitting or receiving data between the first terminal and the second terminal and detecting a service disruption in the first link. Upon detecting a service disruption in the first link, the method includes switching the connection of the first terminal to second terminal from the first network to the second network to establish a second link for transmitting or receiving the data over the second network. Examples of disruptions include atmospheric conditions, man-made interference, and enemy jamming.

[0017] The method may include securing the data, in the first terminal, prior to transmission over the first network or second network.

[0018] The method may include securing the data based on an encryption implementation that corresponds to an encryption implementation of the second terminal.

[0019] The method may include communicatively connecting the first terminal to a user device or network for receiving data to be transmitted from the first terminal to the second terminal.

[0020] Detecting the disruption may include monitoring each network of the available networks, determining a cost for each network based on network performance metrics, and determining, where the cost of the first network exceeds the cost of at least one remaining network of the available networks, that a disruption has occurred.

[0021] A method is also provided. The method includes: providing a set of terminals configured to communicate with each other over an odd number of satellite communication (“satcom”) networks, the odd number being three or more; establishing concurrent active links between the terminals over the satcom networks; communicating the same information content over the concurrent active links; detecting a disruption in at least one of the concurrent active links using a majority vote that establishes a majority of the concurrent active links with correct information; and in response to the detected disruption, communicating only over the concurrent active links in the majority

[0022] Other aspects and features will become apparent, to those ordinarily skilled in the art, upon review of the following description of some exemplary embodiments. Brief Description of the Drawings

[0023] The drawings included herewith are for illustrating various examples of articles, methods, and apparatuses of the present specification. In the drawings:

[0024] Figure 1 is a block diagram of a transmission system for securely and reliably transmitting over satellite communication networks, according to an embodiment;

[0025] Figure 2 is a web access architecture of the system of Figure 1, according to an embodiment;

[0026] Figure 3 is a brokered web access architecture of the system of Figure 1, according to an embodiment;

[0027] Figure 4 is a point to point architecture of the system of Figure 1, according to an embodiment; and

[0028] Figure 5 is a schematic diagram of the system of Figure 1 showing further security details, according to an embodiment. Detailed Description

[0029] Various apparatuses or processes will be described below to provide an example of each claimed embodiment. No embodiment described below limits any claimed embodiment and any claimed embodiment may cover processes or apparatuses that differ from those described below. The claimed embodiments are not limited to apparatuses or processes having all of the features of any one apparatus or process described below or to features common to multiple or all of the apparatuses described below.

[0030] One or more systems described herein may be implemented in computer programs executing on programmable computers, each comprising at least one processor, a data storage system (including volatile and non-volatile memory and / or storage elements), at least one input device, and at least one output device. For example, and without limitation, the programmable computer may be a programmable logic unit, a mainframe computer, server, and personal computer, cloud-based program or system, laptop, personal data assistance, cellular telephone, smartphone, or tablet device.

[0031] Each program is preferably implemented in a high-level procedural or object-oriented programming and / or scripting language to communicate with a computer system. However, the programs can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Each such computer program is preferably stored on a storage media or a device readable by a general or special purpose programmable computer for configuring and operating the computer when the storage media or device is read by the computer to perform the procedures described herein.

[0032] A description of an embodiment with several components in communication with each other does not imply that all such components are required. On the contrary, a variety of optional components are described to illustrate the wide variety of possible embodiments of the present invention.

[0033] Further, although process steps, method steps, algorithms or the like may be described (in the disclosure and I or in the claims) in a sequential order, such processes, methods and algorithms may be configured to work in alternate orders. In other words, any sequence or order of steps that may be described does not necessarily indicate a requirement that the steps be performed in that order. The steps of processes described herein may be performed in any order that is practical. Further, some steps may be performed simultaneously.

[0034] When a single device or article is described herein, it will be readily apparent that more than one device I article (whether or not they cooperate) may be used in place of a single device / article. Similarly, where more than one device or article is described herein (whether or not they cooperate), it will be readily apparent that a single device I article may be used in place of the more than one device or article.

[0035] The following relates generally to satellite communications, and more particularly to systems and methods for providing secure and reliable communications using satellite communication networks. While reference is made throughout the present disclosure to low earth orbit (LEO) networks, it should be understood that this is one nonlimiting example and that the systems and methods of the present disclosure may use communication networks in multiple orbits such as LEO, GEO, MEO, HEO, and high altitude platform stations (HAPS).

[0036] Performance improvements include improvements in maximum achievable bandwidth, download speeds of file transfers as well as lower Round Trip Time (RTT). The present disclosure leverages public commercial low-earth orbit (LEO) satellite communication (SATCOM) networks to provide a deployable system that is capable of providing high-bandwidth low latency communications in remote locations, securely and reliably. The system provides for data transmission that remains secure and gets delivered reliably from source to destination.

[0037] A deployable standalone unit of the present disclosure is configured to (1) establish robust and secure point-to-point communications in remote locations, and (2) allow users to connect to and access their host applications securely and reliably. The system enables secure and confidential beyond-line of sight (BLOS) communications of, for example, classified data, using multiple low-earth orbit (LEO) network constellations.

[0038] Embodiments of the present disclosure use multi-orbit satcom service providers to tailor communication links to provide robust, reliable, and secure communications. The systems and methods of the present disclosure may offer three levels of security: high (red), protected (grey), and none (black). The systems of the present disclosure may be tailored by software reconfiguration to provide an amount of robustness, volume, bandwidth, latency, and link cost. In some embodiments, the router tailors the link, service provider, location (polar or non-polar locations), and cost. The systems of the present disclosure may allow a user to match communication needs to what is available in a multi-orbit SATCOM service provider, where the need includes location (artic, non-arctic), security (classified / secure, protected, unprotected), reliability / availability, bandwidth, latency, and available budget. In some cases, a network list may be preconfigured on the terminal based on the needs of the particular user.

[0039] Referring now to Figure 1, shown therein is a block diagram of a transmission system 100 for securely and reliably transmitting over LEO networks 102-1 through 102-n, according to an embodiment. In Figure 1, first, second, and nth satcom networks 102-1, 102-2, 102-n are shown. In embodiments, the number ‘n’ of satcom networks may vary, and the number is not particularly limited.

[0040] The system 100 is reliable. The system 100 establishes and maintains a network list (not shown) of available networks 102-1 through 102-n. The networks 102 are referred to herein collectively as networks 102, generically as network 102, and specifically as network 102-n. The networks may be satcom networks in the same orbit or in multiple orbits (e.g., LEO, GEO, MEO, HEO, HAPS).

[0041] In an embodiment, the system 100 reliably detects a service disruption and switches over to a next best available SATCOM network 102. For example, in the event of a detected disruption in network 102-1 (i.e., connectivity degradation or loss, service interruption, etc.), the system 100 switches from the current network 102-1 to another network second network 102-2 from the list (e.g., second network 102-2 or nth network 102-n) and routes the transmission 104, also referred to as traffic 104, over the other network.

[0042] The switching is without any user intervention. The switching may be instantaneous. It will be appreciated that where switching is referred to herein, the switching includes the corresponding routing. It will further be appreciated that switching between a network 102-1 and 102-2 as referred to herein may refer to switching between redundant components of a single network 102. For example, the switching may be between two different constellations of the same network that share other common network architecture, such as routers of antennas.

[0043] In another embodiment, the system 100 may communicate over an odd number ‘ of networks 102 (i.e., multiple active links) concurrently, where the odd number is three or more (e.g., 3, 5, 7, etc.). Each concurrent link connects two terminals (e.g., terminals 106, described below) or one terminal pair. So, for example, system 100 may include three terminal pairs, where each terminal pair communicates over one of three concurrent links. The terminals may be hardware terminals (i.e., physically separate hardware devices) or may be virtualized. For example, the system 100 may communicate over three concurrent links using two hardware terminals each configured with three unique antennas and associated RF front ends. Each hardware terminal emulates multiple (in this case, 3) virtual terminals that interface with their respective antennas. Similarly, a physical antenna of a terminal may emulate a number of virtual antennas, each pointing to different directions. Regardless of the terminal architecture, the system 100 communicates over the multiple concurrent links. The multiple concurrent links have identical information (i.e., identical information content by the ISO layers 1 and 3 may be unique). The system may use a majority vote to ensure the information is correct. If a disruption in network 102 is detected by system 100, the system 100 uses majority voting on the multiple concurrent links to select a network 102 to use in response to the disruption (e.g., in a three concurrent link scenario, relying on two of the links). This approach with multiple concurrent links and majority voting provides fault tolerance against disruptions and maintain a very fault tolerant link. An example where such an approach may be particularly well suited is with a critical UAV with missiles being remotely controlled, where a delay resulting from switching over networks may not be acceptable. As the number of concurrent links increases, error correction coding algorithms may be used with multiple links.

[0044] It is expressly contemplated that the system 100 may transmit, also known as communicate, simultaneously through multiple networks , which may be from a single orbit or multiple orbits (e.g., a LEO and HAPS network communication service provider). In some embodiments, such as service critical applications, traffic 104 is routed through one network 102 at a time.

[0045] Each network 102 may be a commercial, public or private LEO SATCOM network. Examples of networks and corresponding constellations include Eutelsat®’s OneWeb® and SpaceX®’s Starlink®.

[0046] Each network 102 may be a secured or unsecured LEO SATCOM network. The networks 102-1 and 102-2 may vary in configuration including ownership and / or security.

[0047] While LEO SATCOM networks are described herein, it will be appreciated the present disclosure may be applied to and incorporate various networks 102 such as networks involving high altitude platform systems (HAPS), and space vehicles in medium earth orbit (MEO), geosynchronous earth orbit (GEO), and high earth orbit (HEO). Multiorbit network 102 switching between varying inclinations, such as LEO, HEO, MEO’s, are expressly contemplated.

[0048] Example networks 102 or constellations provided by commercial service providers include HAPS: HAPSMobile®, LEO: OneWeb® or Starlink®, MEO: SES® O3b®, GEO: SES® or Inmarsat ®, HEO: Inmarsat®. Military examples include Milstar, Advance EHF, WGS, etc.

[0049] When “Earth” is referred to in the context of an orbit other celestial bodies such as other planetary bodies, moons, and the like are expressly contemplated.

[0050] The capability to switch between networks 102 beneficially provides redundancy avoiding risks that a particular network 102 will be unavailable or not sufficiently reliable. Switching between constellations further improves communication performance by enabling switching to a more optimal network 102-2 with for example a lower latency or higher bandwidth than the current network 102-1.

[0051] The system 100 is secure. The system 100 provides a means to send data securely across an untrusted public SATCOM network 102 (e.g., LEO network) with robust security. The system 100 sends data across a public satellite communications (SATCOM) network 102 (e.g., LEO network) in a manner that ensures that data remains secure and gets delivered reliably from source to destination. The system 100 provides secure and reliable communication / connectivity in remote locations. The system 100 leverages multiple SATCOM networks (e.g., LEO networks, networks in other orbits) to provide secure and reliable communications in remote locations.

[0052] The system 100 includes at least at least two terminals 106-1 and 106-2. The terminals 106 are referred to herein collectively as terminals 106, generically as terminal 106, and specifically as terminal 106-n.

[0053] Each terminal 106 is configured to communicatively connect to multiple networks 102 and provide a secure portal for the network connection.

[0054] When connected to the network 102-1, the terminals 106-1 and 106-2 define a first end and second end of a secure tunnel in the network 102-1 for securely transmitting and receiving the transmission 104 over the network 102-1.

[0055] The terminals 106-1 and 106-2 automatically establish a secure connection with each other over the selected available network 102. Secure systems, such as the secure devices 108-1 and 108-2 and source devices connected to the secure devices 108-1 and 108-2, can then be connected to the terminals 106 to allow them to communicate securely over the tunnel. The secure systems may be classified systems.

[0056] The securing may be via existing systems such as commercial solutions of classified (CSfC). CSfC enables sensitive data to be encapsulated and transmitted over an untrusted network. CSfC uses nested IPsec virtual private network (VPN) Tunnels with each tunnel being created using a unique Firewall vendor. The use of multiple Firewall vendors reduces the risk to the protected data as a bad actor with the ability to exploit a particular VPN implementation would not be able to decrypt the data which has also been encrypted by a second VPN vendor’s implementation. To minimize the impact of multiple LEO providers on the end user, the “inner” VPN tunnel provides a single path from the user to the infrastructure. The inner VPN tunnel is then routed over multiple possible outer VPN tunnels.

[0057] The system 100 uses an encryption implementation.

[0058] In an embodiment, the encryption implementation uses a pre-shared key / serial key to encrypt the data. The serial key is known (configured into each terminal 108) by parties in control of the communication. The key may be uploaded to the terminals 106-1 and 106-2 from connected devices such as the secure devices 108 and 108 further described below. The serial key is known (configured into each sides device or terminal) by parties of each side of the communication. The encryption implementation may be per National Institute of Science and Technology (NIST) Guidelines.

[0059] In some embodiments, such as a full public key infrastructure (PKI) the distribution of these keys is via a public-private encryption standard. This standard enables parties to share freely a known public key, to ensure the trust of the serial key received.

[0060] In some embodiments pre-shared serial keys are used. With the rise of the Quantum computer, the public-private encryption standards used today may not provide inadequate / acceptable security.

[0061] The configuration of the terminals may be changed, (i.e. as key infrastructures update). The modular approach of the system 100 enables the updateability of the terminals 106.

[0062] Existing methods of delivering serial keys include NIST standard methods, one-time passwords, and memorized passwords.

[0063] By securing the transmission via terminals 106, secure transmission over unsecured networks is beneficially enabled. In addition to potential benefits transmitting over unsecured networks such as lower costs, securing the network via terminals 106 further beneficially accommodates switching by avoid network and transmission protocol requirements associated with secure networks.

[0064] The system 100 provides a portal to transfer data quickly, securely, and reliably from international customers. The requirements of these customers, for example in transmission security and reliability, may vary. Securing the transmission 104 via terminals 106 provides configurability of the terminals 106 per customer requirements. The customer is, therefore, beneficially enabled to use networks 102 without necessarily relying on network 102 security. Switching between networks 102 may further be per customer requirements as the list of networks 102 may be provided based on networks 102 that meet customer requirements.

[0065] The system 100 may be configured with commercial of the shelf (COTS) products and to be modular / extendable. For example, each terminal 106 may be configured with COTS products. In some embodiments, the COTS products or devices that have been certified for use in a CSfC solution are used to beneficially minimize the cost of the system 100.

[0066] At least one terminal 106 of the system 100 is configured with a control, routing, and translation (CRT) function. The CRT function may be encoded as processorexecutable instructions that may be stored in memory and executed by a processor of the terminal 106 to provide the functions and functionalities of the CRT function. The CRT function may include one or more software modules.

[0067] The CRT function enables connection of multiple satellite networks 102. The CRT function includes the communications-related functions as well as the security architecture.

[0068] The CRT is the core function in the terminal 106 that accommodates the multi-network functionality and enables the resulting benefits.

[0069] The CRT is configured to provide confidentiality, integrity and availability of the data 104 transiting the system 100.

[0070] Confidentiality and integrity is achieved by aligning system 100 architecture with CSfC implementation. Availability is realized though the seamless integration of multiple networks 104. Integrating multiple networks 104 is possible through the use of the CRT function.

[0071] The CRT provides an Ethernet-based internet protocol (IP) interface provided to the end users. The CRT function controls the terminal 106, by modifying routing parameters.

[0072] The CRT function adds a layer to the terminal 106 which is controlled and managed. Configuration of the CRT function may include configuring parameters such as: selection of networks that can be used; any restrictions on which access terminals can use which networks; quality of service (QoS) rules for various applications; specific routing rules (e.g., always use specific networks for certain applications); interruption detection and reconfiguration rules; handling of network-specific configurations for access terminals; external media access (USB, external drive); configuration files; logs; serial key configuration; and configuration of DHCP parameters and IP addresses on red (secure or classified) network and black network (unsecure), where required.

[0073] Routers of the terminal (106) are preconfigured with transmission control protocol (TCP) / IP (IPv4) setting required for each provider such as a dynamic host configuration protocol (DHCP) client, static IP, a dedicated IP addressing topology, or other topology.

[0074] In an example, the terminal 106 detects network disruption and switches networks 102. Switching networks may be referred to as re-configuring the system 100. The disruption may be to network 102 link quality of service (QoS) or loss connection also known as the link being severed.

[0075] For example, the disruption detection may monitor transfer speeds and latencies of the network 102 link obtained for example via sending test packages or “hello messages”.

[0076] The terminal 106 may be configured to determine a cost, such as an Open Shortest Path First (OSPF) cost, for each network indicated by the results of sending the test packages. The terminal 106 may update these costs routinely and switch networks according to the corresponding costs.

[0077] The switching may be according to network agnostic protocols such as an OSPF protocol. Network agnostic protocols enable the terminal to include components such as COTS components that are agnostic to COTS vendor details.

[0078] For example, when traffic is determined to be moved (i.e. transmitted) between two terminals 106 software in the terminals determines the optimal network 1021. In an example, this determination is by evaluating performance heuristics generated from the test packets, such as in external firewall 528-2 of Figure 5 further described below.

[0079] The determination may also be by evaluating performance heuristics generated from internet service provider (ISP) terminals and external information sources, such as in router 524 of Figure 5, further described below.

[0080] The optimal network 102-1 is utilized for network traffic 104. If the link degrades or is severed, the software in external firewall 528 recognizes disruption and begins to re-route all network traffic 104 to the new optimal network 102-2. If the service disruption is over and the network 102-1 is determined to be optimal again, traffic 104 is then re-routed back to that network 102-1.

[0081] In some embodiments, at least one terminal 106 is configured to select networks that can be used to obtain the network list.

[0082] The selection may be based on requirements and / or restrictions on which access terminals can use which networks.

[0083] Information such as network QoS (i.e. latency and available bandwidth), jamming sources, EMI Interference, the atmospheric environment, and cost may be used to select the channel configuration for a mission and corresponding selected networks.

[0084] The restrictions or requirements may be provided by a customer, for example the customer owning, controlling, or providing the data for the transmission. The network list may be stored in the any or all of the terminals 106. The network list may be preconfigured into firewalls of a terminal 106 prior to deployment of the terminal 106.

[0085] Each terminal 106 may be configured with specific routing rules (e.g., always use or prefer specific networks for certain applications), interruption detection, and re-configuration rules.

[0086] Each terminal 106 may further be configured to handle network-specific configurations, with external Media Access (i.e. USB, External Drive), terminal specific configuration files, logs, serial key configurations, dynamic host configuration protocol (DHCP) parameters and / or internet protocol (IP) addresses.

[0087] Configuration of the terminal may be by authorization (i.e. authorized personnel or devices) to support confidentiality and security of the terminal 106. This authorization may be according to existing key management processes.

[0088] The configuration may be pre-deployment of the system and / or via remote access. In some embodiments the configurations of first terminal 106-1 and second terminal 106-2 are different. It is expressly contemplated that these configuration differences remain consistent with the first terminal 106-1 and second terminal 106-2 forming the secure tunnel.

[0089] The system 100 further includes a first secure device 108-1.

[0090] The first secure device 108-1 is communicatively connected to the first terminal 106-1 for providing to and receiving from the first terminal 106-1 the data to be transmitted (i.e. the transmission 104).

[0091] In some embodiments, the first secure device 108-1 a computer, server, tablet, memory, drive, or the like. In some embodiments, the first secure device 108-1 is a network device such as a router accommodate, the transmission to data from multiple source devices (not shown) using the first terminal.

[0092] The system 100 further includes a second secure device 108-2. The second secure device 108-2 is communicatively connected to the second terminal 106-2 for providing to and receiving from the second terminal 106-2 the data to be transmitted (i.e. the transmission 104). The second secure device 108-2 is otherwise similarly configured to the first secure device 108-1.

[0093] The system 100 addresses traditional disadvantages of SATCOM networks including security, reliability, jamming effects, coverage and transmission speed.

[0094] The system 100 is provider or ISP agnostic. The system 100 detects disruptions to a satcom network 102 (e.g., a LEO satcom network) and sends data through an alternate channel. Detected disruptions may be caused from, for example, inclement weather, jamming, malicious software attacks, and satellites out of view. Once the system 100 detects a service disruption event, the system 100 reroutes traffic through another satcom network. The alternate satcom network through which the traffic is rerouted may be of the same orbit or a different orbit.

[0095] The system 100, or components thereof, is deployable. In some embodiments, the system 100 is deployed in at static location. In an example, the first terminal 106-1 is deployed in a structure such as building or at a static location such as a location of interest in the field where the first secure device 108-1 is located. In some embodiments, the system is deployed on a mobile platform. For example, the second terminal 106-2 is deployed on a vehicle such as satellite, manned or unmanned surface vessel, ground vehicle, or man-pack. The vehicle may be moving at various speeds ranging from slow to fast. The system 100 may be implemented in rugged casing, such as a pelican® case or bespoke to fit the physical space available on the platform. The system 100 may be configured such that a user only needs to connect a power source in order to be online sending data securely across a LEO SATCOM network.

[0096] In an embodiment, the system 100 is configured and assembled from certified off the shelf (COTS) products with an emphasis on aligning with Commercial Solution for Classified (CSFC) accreditation.

[0097] Referring now to Figure 2, shown therein is a web access architecture 200 of the system 100, according to an embodiment.

[0098] The Web Access Architecture 200 enables an infrastructure side of the communication link to be stationed in any location of the world with internet access, as long as the infrastructure side has a static IP.

[0099] The system 100 sends data securely across an LEO SATCOM network 102.

[0100] The LEO SATCOM network 102 provides Satellite Non-Terrestrial Network Access. In some embodiments, the network 102 includes the SpaceX® network. The LEO SATCOM network 102 includes a satellite constellation (not shown) including at least one spacecraft 210 for transmitting data. The spacecraft 210 is also referred to as a space asset 210, space vehicle 210, satellite 210 or SATCOM satellite 210. The satellite 210 is configured to orbit in a LEO. The satellite 210 may be a satellite 210 of the Starlink® or OneWeb® constellation. In some embodiments spacecraft 210 of a vendor network 102 use inter-satellite links or redirect network traffic to vendor ground infrastructure (not shown). For example, the encrypted data packets and transmission may be directed between space and ground infrastructure.

[0101] The satellite 210 is communicatively connected to the internet 212 via an ISP link 214. An ISP ground station gateway (not shown), also referred to as a point of presence (POP) gateway, transmits and receives encrypted packets between the space asset 210 and ground infrastructure.

[0102] The system 100 further includes an infrastructure terminal 106-1 and a user terminal 106-2.

[0103] The infrastructure terminal 106-1 and user terminal 106-2 may be embodiments of the first terminal 106-1 and second terminal 106-2 of Figure 1, respectively.

[0104] The infrastructure terminal 106-1 and the user terminal 106-2 communicate with each other through a LEO SATCOM network 102.

[0105] The infrastructure terminal 106-1 and user terminal 106-2 define the ends of a secure tunnel across the LEO SATCOM network 102. Each terminal 106 includes system 100 hardware (not shown), such as hardware configured to implement the CRT function of the terminal 106.

[0106] The system 100 hardware includes hardware used to connect user devices 108, secure the link from the terminal 106 side and read the secure data transmitted over the secure link. The system 100 hardware may include network firewalls, switches, computers, routers, and encryption / decryption hardware.

[0107] The infrastructure terminal 106 connects to the internet 212 using either a traditional internet service provider (ISP) or a LEO network provider. The infrastructure terminal includes telecommunication vendor ground infrastructure to connect encrypted network traffic to the public internet / networks 212. The public internet / networks may include terrestrial and non-terrestrial networks. In some embodiments, the infrastructure terminal’s 106-1 internet connection is assumed to have a static IP address.

[0108] In some embodiments, the Infrastructure Terminal 106-1 is associated with a substantially permanent network, referred to herein as the red network 108-1.

[0109] While the red network 108-1 is referred to as a network, it will be understood that the red network 108-1 may refer to any networkable location, device, and the like.

[0110] For example, the red network 108-1 may be interchangeable with the red laptop 108-2 further described below. In some embodiments, the red network 108-1 is a secure network of a secure facility. The red network 108-1 may include system 100 hardware such as network firewall, switches and computers configured to secure the link from the infrastructure side.

[0111] The user terminal 106-2 connects to the infrastructure terminal 106-1 via the internet 212 of the LEO SATCOM network 102.

[0112] The user terminal 106-2 communicatively connects to the LEO SATCOM network 102 through a LEO ISP Terminal (LIT) 216. The LEO ISP terminal 216 includes vendor hardware includes a specific kit of equipment to enable the user to connect the local network to the LEO constellation of the network 102. The LIT 216 may include any combination of antennas, receivers, routers or network switches, power supplies, waveguides, and cables used to establish an LEO link 218 to the vendor network 102 (space-based or otherwise).

[0113] In some embodiments, the LEO ISP terminal 216 is dedicated (i.e. composed and configured) to enable communication over a LEO SATCOM network 102 of a designated vendor and in some embodiments the LEO ISP terminal enables or may be configured to enable communication over a network 102 of various and / or multiple vendors. It is understood that a vendor may be a specific constellation, network type, and / or portion thereof. In an example, the LEO ISP Terminal 216. In some embodiments, the user terminal 106-2 is connected to multiple LEO ISP terminals 216. Each LEO ISP terminal 216 is configured to enable communication over a LEO SATCOM network 102 or set of LEO SATCOM network 102.

[0114] If connections over multiple networks 102 are available, the User Terminal 106-2 can be configured to prefer the best connection as described in Figure 1 above. For example, the user terminal 106-2 monitors the link 218 and where a service disruption is detected switches from a first LEO SATCOM network 102-1 to a second LEO SATCOM network 102-2.

[0115] In some embodiments, the user terminal 106-2 is associated with a mobile / moveable device, referred to herein as the device red laptop 108-2. While the red laptop 108-2 is referred to as a laptop, it will be understood that the red laptop 108-2 may refer to any networkable location, device, and the like. For example, the red laptop 1082 may be interchangeable with the red network 108-1 described above. In some embodiments, the red laptop 108-2 is a user computer or computer communicatively connected to the user terminal 106-2. The red laptop 108-2 may be a high security user device, such as a computer, tablet or mobile phone, internet of things (IOT) device (e.g., commercial), BOT device (e.g., military), or edge computing device. The red laptop 1082 may be a router to enable multiple source devices to connect to the user terminal 1062. The red laptop 108-2 may include system 100 hardware such as network firewall, switches and computers configured to secure the link from the user side.

[0116] In an example, the red network 108-1 and red laptop 108-2 are owned, controlled, and / or operated by separate customers Each terminal 106 are initially configured to meet the secure transmission requirements of the corresponding customer. Where a desire for the customers to communicate data is determined, each customer may configure the corresponding terminal 106 to meet the requirements of the other customer. This configurability beneficially enables the secure ISP agnostic communications of the system 100 and avoids the costs and efforts associated with identifying and engaging an ISP network that meets the unified set of requirements of each customer. The configuration may further be re-configured in real time (i.e. via remote access) enabling customers to swap configurations depending on the other customer being communicated with. This beneficially avoids the costs and reliability concerns associated with engaging a network for specific customer pairings.

[0117] Referring now to Figure 3, shown therein is a brokered web access architecture 300 of the system 100, according to an embodiment. The brokered web access architecture 300 is similarly configured to the web access architecture 200 of Figure 2 except as described below.

[0118] In the brokered web access architecture, the infrastructure terminal 306-1 is not assumed to have a static IP address. A broker 320 is used to establish a connection. In this configuration 300, the broker 320 has a static IP address. The broker 320 can be located anywhere in the world.

[0119] The infrastructure terminal 306-1 and user terminal 106-2 connect to the broker 320, which relays encrypted traffic between the two terminals 306-1 and 106-2. The terminals 306-1 and 106-2 connect to the broker 320 through the internet 212 and corresponding LEO ISP terminals 316-1,316-2 and links 318-1,318-2, respectively. This architecture results in a slower connection but is better suited to situations where the infrastructure terminal 306-1, in addition to the user terminal 106-2, relies on a LEO ISP for its internet connection.

[0120] Referring now to Figure 4, shown therein is a point to point architecture 400 of the system 100, according to an embodiment. The point to point architecture 400 is similarly configured to the brokered web access architecture 300 of Figure 3, except as described below.

[0121] The Point-to-Point Architecture may be deployed where both the infrastructure side terminal 406-1 and the user terminal side 406-2 are to be used in the areas with no direct web access. This architecture 400 would provide lower latency and higher throughput compared to web access architectures such as the architectures 200 and 300 of Figures 2 and 3, respectively. For the Point-to-Point architecture, the CRT function of the infrastructure terminals 406-1 and 406-2 are configured with a dedicated IP addressing topology. The dedicated IP addressing topology may be configured based on existing IP addressing topologies of the system 400 to accommodate integration with other configurations and architecture of the system 400.

[0122] Referring now to Figure 5, shown therein is a view 500 of system 100 of Figure 1 detailing security elements, according to an embodiment.

[0123] The system 500 includes a user device 508-2. The user device 508-2 may be an embodiment of the second secure device 108-2 of Figure 1. It will be appreciated that the user device 508-2 may be a device or embedded system such as an internet of things (IOT) or unmanned air vehicle (UAV) control system. The user device 508-2 may be a single device, multiple devices, or a device such as a router for connecting multiple source devices to the network of the system 500.

[0124] The system 500 further includes a secure network node 508-1. The secure network node 508-1 provides a link to a classified or protected network such as the red network 108-1 of Figures 3 through 5. The user device 508-2 connects to the protected network through the secure network node 508-1.

[0125] The system 500 further includes multiple satellites 510-1, 510-2, 510-n. n number of satellites 510 also known as spacecrafts 510 make up a vendor constellation which form the on-orbit black network 518 moving traffic across geographic locations. The black network 518 represents the network on which public network traffic is transmitted. This black network 518 may handle non-secured information.

[0126] The satellites 510 may be from multiple SATCOM vendors such as Starlink®, OneWeb®, O3b®, etc. Using satellites 510 form multiple SATCOM vendors rather than a single ISP vendor provides robust, diverse communication paths.

[0127] The system 500 further includes gateways 522-1 and 522-2, also known as ISP gateways 522-1 and 522-2. Each gateway 522 provides a communicative connection to the black network 518 the secure network node 508-1 and user device 508-2, respectively. The gateways 522 may include ISP antennas (i.e. provided and configured) or from a third party. In some embodiments gateways 522 may particularly include a bulk download, software defined, multi-band, or multi-orbit (i.e. custom developed) antenna or a user terminal capable of emulating ISP vendor equipment. In some embodiments, the gateways 522 include front end equipment to transmit and receive network traffic to / from the ISP satellites infrastructure (i.e. black network 518). In some embodiments, a gateway 522 is part of a LIT such as the LITs 216, 316, and 416 of Figures 2 through 4.

[0128] The system may further include an ISP vendor router 524. The ISP vendor router 524 distributes the public internet to network devices attached to the ISP vendor router. The ISP vendor router 524 is an interface to the communication hardware for a particular vendor (i.e. Starlink®) used to connect to the vendor communications infrastructure, such as the satellite 510.

[0129] The ISP vendor router 524 may be a commercial off the shelf or custom (SWAP constraint) router. In some embodiments, the ISP vendor router 524 is part of a terminal such as the terminals 106 and 406 of Figures 1 through 4. The ISP vendor router 524 redundantly routes the network traffic to the ISP vendor Antenna 522 and user device 508-2. The ISP vendor router 524 provides the switch over and fall back on the available, highest quality or most economical ISP vendor (i.e. black network 518) to fulfill the mission.

[0130] The system 500 further includes a LEO provider point of presence (POP) 526. The LEO provider POP 216 includes the vendor’s ground network infrastructure and provides an interface to the public internet. The LEO provider POP 526 represents the ISP vendor equipment that connects the ISP Gateway traffic to the internet backbone. In some embodiments, a LEO provider POP 526 is part of a LIT such as the LITs 216, 316, and 416 of Figures 2 through 4.

[0131] The system 500 further includes external firewalls 528-1 and 528-2. Each external firewall 528 corresponds to an end of a gray network 530, further described below. Each external firewall may be included in a terminal such as the terminals 106 and 406 of Figures 1 through 4. The external firewalls 528 act as the interface to the public internet and protect the internal network of the system 500 with an encrypted tunnel for traffic to / from the network. Each external firewall 528 is from a different vendor than the corresponding internal firewall 531 to mitigate risk of vendor vulnerabilities.

[0132] The external firewall 528 provides a demilitarized zone (DMZ) to the public internet and protects the internal network system with an additional encrypted tunnel for traffic to / from the network 500. A DMZ is a perimeter network that protects and adds an extra layer of security to an organization's internal local-area network from untrusted traffic. The external firewall 528 is a commercial off-the shelf vendor or custom (SWAP consideration) firewall. Using commercial off-the shelf vendor or custom (SWAP consideration) beneficially mitigates risk of vendor vulnerabilities.

[0133] The gray network 530 represents an encrypted tunnel of the external firewalls 528-1 and 528-2. The gray network 530 is used to send network traffic across the public internet. The gray network 530 wraps red network 534, further described below. The gray network 530 handles restricted or confidential security information.

[0134] The system 500 further includes internal firewalls 532-1 and 532-2. Each internal firewall 532 corresponds to an end of a red network 534. Each internal firewall 532 may be included in a terminal such as the terminals 106 and 406 of Figures 1 through 4. The red network 534 represents an encrypted tunnel of internal firewalls 532 where network traffic is able to move between the two corresponding terminals. The internal firewalls 532 protect the internal network 534 and exterior firewall DMZ 528 from unauthorized access and creates an encrypted tunnel for traffic to / from the network.

[0135] The red network 534 represents a virtual network. The user device 508-2 does not need to be concerned with the complexity of the outer VPN tunnel 534 (red network) or which LEO provider network 518 is currently routing the traffic. It will be appreciated that where an OSPF is used, the timers and weights of the OSPF settings are key to balance an adequate service to the applications and the integrity of the red network 534.

[0136] The infrastructure described above is primarily concerned with the handling of the actual user traffic. The system 500 also includes a management function.

[0137] The network management of the system 500 is controlled by the red side within the red network 534. The control is through a segregated Out-of-Band (OOB) connection which is not multiplexed with the user traffic to align with the industrial security mandates. In some embodiments, such as Starlink® terminal statistics, management of traffic will share the link with the red user traffic. Here, confidentiality of the red traffic is maintained. In some embodiments, finalization of all equipment configuration is completed prior to deployment. In these embodiments the OOB network may be removed in its entirety.

[0138] The management functions include the following topics: subscriber management: user credentials, permissions (e.g., for local management access), active directory; user terminal management: configuration of routing rules, including which networks can be used; preparation of corresponding configurations of terminals, including constraints (e.g. terminal constraints), interruption detection and re-configuration rules, QoS and application rules, terminal-specific security aspects (e.g., control lists, external port access); security management: key foundry, public-private key distribution, serial key distribution, security association rules and permissions, intrusion detection, other fault, configuration, accounting, performance and security (FCAPS) tasks: routing protocol configuration, including Infrastructure access to the various network POPs, infrastructure equipment configuration, performance monitoring, event logging,

[0139] Detection of interruptions and decisions for alternate routing for the system 500 will now be described. In some embodiments, the two firewalls 528-1 and 528-2 form multiple OSPF neighbour relationships. An OSPF process is configured to advertise which networks 518 are available. By forming at least two neighbour relationships, the firewall 528-1 is able to learn that there are two paths available to reach the remote firewall 528-2. OSPF sends periodic messages known as “hello messages” to ensure the other side is still reachable. When a configurable number of hello messages are missed, the relationship fails, and the path is removed from the routing table.

[0140] In an example, in order to accelerate how quickly a connection failure is observed, a hello message is sent every 1 second, and the connection is considered dead after 4 consecutive hello messages are missed and a switch of black networks 518 is initiated.

[0141] Any routers of the red network 534 are unaware of the changes in the black network 518 (i.e. switching from a first black network to a second black network). As long as the router on the grey network 530 is able to pass traffic from one side 508-1 to the other side 508-2, the red tunnel 534 will continue to operate and users will see little to no downtime.

[0142] To achieve the shortest outage, the router of grey network 530 must perform the routing change before an application stops retransmitting. The choice of routing protocols as well as the configuration of the inherited timers of these protocols is important to provide the minimizing of outage. In some embodiments, an application programable interface (API), such as loss of synchronization or other (typically signal-related) alarms may be used. Also, if a LEO terminal vendor can provide early indications of weak signal or an upcoming outage, the OSPF process can be adjusted to give priority to an alternate LEO terminal. “Watchdog” functions, may be used to enable better routing decisions.

[0143] While the above description provides examples of one or more apparatus, methods, or systems, it will be appreciated that other apparatus, methods, or systems may be within the scope of the claims as interpreted by one of skill in the art.

Claims

1. A first terminal for providing reliable high-bandwidth low latency communications, the first terminal comprising:a network interface device, a computer memory for storing data, and one or more processors in communication with the computer memory, the one or more processors configured to:establish and maintain a list of networks available to the first terminal, the list of networks including at least a first network and a second network;communicatively connect to a second terminal via the first network to establish a first link for transmitting or receiving data between the first terminal and the second terminal;detect a service disruption in the first link; andupon detecting a service disruption in the first link, switch the connection of the first terminal to second terminal from the first network to the second network to establish a second link for transmitting or receiving the data over the second network.

2. The first terminal of claim 1, wherein the one or more processors are further configured to secure the data transmitted between the first and second terminal, wherein the data is secured by the first terminal prior to transmission over the first network or second network.

3. The first terminal of claim 2, wherein the one or more processors of the first terminal are configured to secure the data by encrypting the second link based on an encryption implementation that corresponds to an encryption implementation of the second terminal.-27 -4. The first terminal of claim 1, wherein the one or more processors are further configured to communicatively connect to a user device or network for receiving data to be transmitted from the first terminal to the second terminal.

5. The first terminal of claim 1, wherein detecting the service disruption in the first link comprises:monitoring each network of the available networks and determining a cost for each network based on network performance metrics; anddetermining, where the cost of first network exceeds the cost of at least one remaining network of the available networks, that a disruption has occurred.

6. The first terminal of claim 1, wherein the data transmitted between the first and second terminals is unsecured.

7. The first terminal of claim 1, wherein the list of networks includes networks from satellites in multiple orbits.

8. The first terminal of claim 1, wherein the list of networks includes networks from at least two of: low earth orbit, geostationary orbit, medium earth orbit, highly elliptical orbit, and high altitude platform station.

9. The first terminal of claim 1, wherein detecting the service interruption in the first link includes detecting an interruption or jamming in a point of presence (POP) gateway of the first network and selecting the second network based on the second network having a POP gateway that is uninterrupted or in a benign area.

10. The first terminal of claim 1, wherein the data is fully protected by encryption.

11. The first terminal of claim 1, wherein the data is partially protected by encryption.-2812. The first terminal of claim 1, wherein the data is not protected by encryption.

13. The first terminal of claim 1, wherein the one or more processors execute a control, routing, and translation (CRT) function for modifying routing parameters of the first terminal to facilitate switching to the second network.

14. The first terminal of claim 1, wherein the one or more processors determine a cost for the first and second networks based on results from sending test packages and switch to the second network based on the second network having a lower cost.

15. The first terminal of claim 14, wherein the cost is an Open Shortest Path First (OSPF) cost.

16. The first terminal of claim 14, wherein the one or more processors update the cost determinations periodically.

17. The first terminal of claim 1, wherein the one or more processors monitor transfer speeds and latencies of the first and second networks by sending periodic test packages or hello messages and switch networks when a configurable number of test packages or hello messages are missed.

18. A method of providing reliable high-bandwidth low latency communications, the method executed by a first terminal comprising a computer memory and one or more processors in communication with the computer memory, the method comprising:establishing and maintaining, by the one or more processors, a list of networks available to a first terminal, the list of networks including at least a first network and a second network, the list of networks stored in the computer memory;-29-communicatively connecting, by the one or more processors, the first terminal to a second terminal via the first network to establish a first link for transmitting or receiving data between the first terminal and the second terminal;detecting, by the one or more processors, a service disruption in the first link; andupon detecting a service disruption in the first link, switching, by the one or more processors, the connection of the first terminal to second terminal from the first network to the second network to establish a second link for transmitting or receiving the data over the second network.

19. The method of claim 6, further comprising securing, by the one or more processors, the data in the first terminal prior to transmission over the first network or second network.

20. The method of claim 7, wherein securing the data is based on an encryption implementation that corresponds to an encryption implementation of the second terminal.

21. The method of claim 6, further comprising communicatively connecting, by the one or more processors, the first terminal to a user device or network for receiving data to be transmitted from the first terminal to the second terminal.

22. The first terminal of claim 6, wherein detecting the disruption comprises:monitoring each network of the available networks and determining a cost for each network based on network performance metrics; anddetermining, where the cost of the first network exceeds the cost of at least one remaining network of the available networks, that a disruption has occurred.

23. A method comprising:-30-providing a set of terminals configured to communicate with each other over an odd number of satellite communication (“satcom”) networks, the odd number being three or more;establishing concurrent active links between the terminals over the satcom networks;communicating the same information content over the concurrent active links;detecting a disruption in at least one of the concurrent active links using a majority vote that establishes a majority of the concurrent active links with correct information; andin response to the detected disruption, communicating only over the concurrent active links in the majority.