Hardware acceleration for Diffie Hellman in a device that integrates wired and wireless L2 and L3 switching functionality

US 20050063543A1
Filed: 07/02/2004
Published: 03/24/2005
Est. Priority Date: 07/03/2003
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus of sending an outbound packet originated by a wireless client to a wired network via an access point, comprising:

a random number generator configured to generate an encryption key;

a mathematical accelerator configured to calculate exponentiation and modulii;

an encryptor configured to authenticate the wireless client, configured to associate the wireless client with the access point, configured to determine if the outbound packet requires security processing, and configured to process the outbound packet when the outbound packet requires security processing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus provides an integrated single chip solution to solve a multitude of WLAN problems, and especially Switching/Bridging, and Security. In accordance with an aspect of the invention, the apparatus is able to terminate secured tunneled IPSec, L2TP with IPSec, PPTP, SSL traffic. In accordance with a further aspect of the invention, the apparatus is also able to handle computation-intensive security-based algorithms such as Diffie Hellman without significant reduction in traffic throughput. The architecture is such that it not only resolves the problems pertinent to WLAN it is also scalable and useful for building a number of useful networking products that fulfill enterprise security and all possible combinations of wired and wireless networking needs.

35 Citations

View as Search Results

37 Claims

1. An apparatus of sending an outbound packet originated by a wireless client to a wired network via an access point, comprising:
- a random number generator configured to generate an encryption key;
  
  a mathematical accelerator configured to calculate exponentiation and modulii;
  
  an encryptor configured to authenticate the wireless client, configured to associate the wireless client with the access point, configured to determine if the outbound packet requires security processing, and configured to process the outbound packet when the outbound packet requires security processing.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, the encryptor further configured to use the encryption key generated by the random number generator.
  - 3. The apparatus of claim 2, wherein the encryption key is a Diffie-Hellman key exchange.
  - 4. The apparatus of claim 3, wherein the security processing is Internet Key Exchange (IKE), Virtual Private Network, Internet Protocol Security (IPSec), Layer Two Tunneling Protocol (L2TP), Secure Sockets Layer (SSL) or Point-to-Point Tunneling Protocol (PPTP) packet processing.
  - 5. The apparatus of claim 4, wherein the encryptor is further configured to look up a Security Association (SA) in an Incoming Security Association table to authenticate or encrypt the outbound packet.

6. The apparatus of 5, wherein the Incoming Security Association table includes a lookup key comprising the Internet Protocol Security in an authentication header.

7. The apparatus of 6, wherein the encryptor is further configured to drop the outbound packet if the look up fails.

8. The apparatus of 7, wherein the encryptor is further configured to log the dropped outbound packet if the lookup fails.

9. The apparatus of 8, wherein the encryptor is further configured to authenticate data within the outbound packet if the look up succeeds.

10. The apparatus of 9, wherein the encryptor is further configured to encrypt data within the outbound packet if the look up succeeds.

11. A method of sending an outbound packet originated by a wireless client to a wired network via an access point, comprising:
- authenticating the wireless client;
  
  associating the wireless client with the access point;
  
  determining if the outbound packet requires security processing;
  
  processing the outbound packet using a generated encryption key when the outbound packet requires security processing.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein the encryption key is a Diffie-Hellman key exchange.
  - 13. The method of claim 12, wherein the security processing is Internet Key Exchange (IKE), Virtual Private Network, Internet Protocol Security (IPSec), Layer Two Tunneling Protocol (L2TP), Secure Sockets Layer (SSL) or Point-to-Point Tunneling Protocol (PPTP) packet processing.
  - 14. The method of claim 13, the processing of the outbound packet further comprising:
    - looking up a Security Association (SA) in an Incoming Security Association table to authenticate or encrypt the outbound packet.

15. The method of 14, wherein the Incoming Security Association table includes a lookup key comprising the Internet Protocol Security in an authentication header.

16. The method of 15, further comprising:
- dropping the outbound packet if the look up fails.

17. The method of 16, further comprising:
- logging the dropped outbound packet if the lookup fails.

18. The method of 17, further comprising:
- authenticating data within the outbound packet if the look up succeeds.

19. The method of 18, further comprising:
- encrypting data within the outbound packet if the look up succeeds.

20. A computer-readable medium, encoded with data and instructions of sending an outbound packet originated by a wireless client to a wired network via an access point, when read by a computer causes the computer to:
- authenticate the wireless client;
  
  associate the wireless client with the access point;
  
  determine if the outbound packet requires security processing;
  
  process the outbound packet using an encryption key when the outbound packet requires security processing.
- View Dependent Claims (21, 22, 23)
- - 21. The computer-readable medium of claim 20, wherein the encryption key is a Diffie-Hellman key exchange.
  - 22. The computer-readable medium of claim 20, wherein the security processing is Internet Key Exchange (IKE), Virtual Private Network, Internet Protocol Security (IPSec), Layer Two Tunneling Protocol (L2TP), Secure Sockets Layer (SSL) or Point-to-Point Tunneling Protocol (PPTP) packet processing.
  - 23. The computer-readable medium of claim 22, the processing of the outbound packet further comprising:
    - looking up a Security Association (SA) in an Incoming Security Association table to authenticate or encrypt the outbound packet.

24. The computer-readable medium of 23, wherein the Incoming Security Association table includes a lookup key comprising the Internet Protocol Security in an authentication header.

25. The computer-readable medium of 24, further encoded with instructions comprising:
- dropping the outbound packet if the look up fails.

26. The computer-readable medium of 25, further encoded with instructions comprising:
- logging the dropped outbound packet if the lookup fails.

27. The computer-readable medium of 26, further encoded with instructions comprising:
- authenticating data within the outbound packet if the look up succeeds.

28. The computer-readable medium of 27, further encoded with instructions comprising:
- encrypting data within the outbound packet if the look up succeeds.

29. An apparatus of sending an outbound packet originated by a wireless client to a wired network via an access point, comprising:
- means for authenticating the wireless client;
  
  means for associating the wireless client with the access point;
  
  means for determining if the outbound packet requires security processing;
  
  means for processing the outbound packet using an encryption key when the outbound packet requires security processing.
- View Dependent Claims (30, 31, 32)
- - 30. The apparatus of claim 29, wherein the encryption key is a Diffie-Hellman key exchange.
  - 31. The apparatus of claim 29, wherein the security processing is Internet Key Exchange (IKE), Virtual Private Network, Internet Protocol Security (IPSec), Layer Two Tunneling Protocol (L2TP), Secure Sockets Layer (SSL) or Point-to-Point Tunneling Protocol (PPTP) packet processing.
  - 32. The apparatus of claim 31, the processing of the outbound packet further comprising:
    - means for looking up a Security Association (SA) in an Incoming Security Association table to authenticate or encrypt the outbound packet.

33. The apparatus of 32, wherein the Incoming Security Association table includes a lookup key comprising the Internet Protocol Security in an authentication header.

34. The apparatus of 33, further comprising:
- means for dropping the outbound packet if the look up fails.

35. The apparatus of 34, further comprising:
- means for logging the dropped outbound packet if the lookup fails.

36. The apparatus of 35, further comprising:
- means for authenticating data within the outbound packet if the look up succeeds.

37. The apparatus of 36, further comprising:
- means for encrypting data within the outbound packet if the look up succeeds.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SiNett Corp.
Original Assignee
SiNett Corp.
Inventors
Ambe, Shekhar, Kayalackakom, Mathew, Choudhury, Abhijit K., Chin, Ken C. K.

Application Number

US10/884,810
Publication Number

US 20050063543A1
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 69/12   Protocol engines

H04L 9/0841   involving Diffie-Hellman or...

H04W 12/088   using filters or firewalls

H04W 84/12   WLAN [Wireless Local Area N...

Hardware acceleration for Diffie Hellman in a device that integrates wired and wireless L2 and L3 switching functionality

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware acceleration for Diffie Hellman in a device that integrates wired and wireless L2 and L3 switching functionality

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links