Network security device
First Claim
1. A method for encrypting a data packet, comprising the steps of:
- receiving the data packet at a first interface from a particular node, said packet having a header containing a source address and a first physical layer address of said particular node, said source address being an Internet address of said particular node;
replacing the first physical layer address in the received packet header with a second physical layer address;
determining a checksum verifing the packet;
saving the determined checksum in the packet; and
encrypting the packet including the checksum, but leaving the Internet address unencrypted and its position in the packet header unchanged.
0 Assignments
0 Petitions
Accused Products
Abstract
A network security device is connected between a protected client and a network. The network security device negotiates a session key with any other protected client. Then, all communications between the two clients are encrypted. The inventive device is self-configuring and locks itself to the IP address of its client. Thus, the client cannot change its IP address once set and therefore cannot emulate the IP address of another client. When a packet is transmitted from the protected host, the security device translates the MAC address of the client to its own MAC address before transmitting the packet into the network. Packets addressed to the host, contain the MAC address of the security device. The security device translates its MAC address to the client'"'"'s MAC address before transmitting the packet to the client.
60 Citations
1 Claim
-
1. A method for encrypting a data packet, comprising the steps of:
-
receiving the data packet at a first interface from a particular node, said packet having a header containing a source address and a first physical layer address of said particular node, said source address being an Internet address of said particular node;
replacing the first physical layer address in the received packet header with a second physical layer address;
determining a checksum verifing the packet;
saving the determined checksum in the packet; and
encrypting the packet including the checksum, but leaving the Internet address unencrypted and its position in the packet header unchanged.
-
Specification
-
- Resources
-
Current AssigneeAharon Friedman, Eva Bozoki
-
Original AssigneeAharon Friedman, Eva Bozoki
-
InventorsFriedman, Aharon, Bozoki, Eva
-
Application NumberUS09/866,460Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/160CPC Class CodesH04L 2101/622 Layer-2 addresses, e.g. med...H04L 61/00 Network arrangements, proto...H04L 61/2596 Translation of addresses of...H04L 61/35 involving non-standard use ...H04L 63/0428 wherein the data content is...H04L 63/0442 wherein the sending and rec...H04L 63/068 using time-dependent keys, ...H04L 63/0823 using certificates cryptogr...H04L 63/12 Applying verification of th...H04L 69/16 Implementation or adaptatio...H04L 69/161 Implementation details of T...H04L 9/40 Network security protocols
