Hardware acceleration for Diffie Hellman in a device that integrates wired and wireless L2 and L3 switching functionality
First Claim
1. An apparatus of sending an outbound packet originated by a wireless client to a wired network via an access point, comprising:
- a random number generator configured to generate an encryption key;
a mathematical accelerator configured to calculate exponentiation and modulii;
an encryptor configured to authenticate the wireless client, configured to associate the wireless client with the access point, configured to determine if the outbound packet requires security processing, and configured to process the outbound packet when the outbound packet requires security processing.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus provides an integrated single chip solution to solve a multitude of WLAN problems, and especially Switching/Bridging, and Security. In accordance with an aspect of the invention, the apparatus is able to terminate secured tunneled IPSec, L2TP with IPSec, PPTP, SSL traffic. In accordance with a further aspect of the invention, the apparatus is also able to handle computation-intensive security-based algorithms such as Diffie Hellman without significant reduction in traffic throughput. The architecture is such that it not only resolves the problems pertinent to WLAN it is also scalable and useful for building a number of useful networking products that fulfill enterprise security and all possible combinations of wired and wireless networking needs.
35 Citations
37 Claims
-
1. An apparatus of sending an outbound packet originated by a wireless client to a wired network via an access point, comprising:
-
a random number generator configured to generate an encryption key;
a mathematical accelerator configured to calculate exponentiation and modulii;
an encryptor configured to authenticate the wireless client, configured to associate the wireless client with the access point, configured to determine if the outbound packet requires security processing, and configured to process the outbound packet when the outbound packet requires security processing. - View Dependent Claims (2, 3, 4, 5)
-
-
6. The apparatus of 5, wherein the Incoming Security Association table includes a lookup key comprising the Internet Protocol Security in an authentication header.
-
7. The apparatus of 6, wherein the encryptor is further configured to drop the outbound packet if the look up fails.
-
8. The apparatus of 7, wherein the encryptor is further configured to log the dropped outbound packet if the lookup fails.
-
9. The apparatus of 8, wherein the encryptor is further configured to authenticate data within the outbound packet if the look up succeeds.
-
10. The apparatus of 9, wherein the encryptor is further configured to encrypt data within the outbound packet if the look up succeeds.
-
11. A method of sending an outbound packet originated by a wireless client to a wired network via an access point, comprising:
-
authenticating the wireless client;
associating the wireless client with the access point;
determining if the outbound packet requires security processing;
processing the outbound packet using a generated encryption key when the outbound packet requires security processing. - View Dependent Claims (12, 13, 14)
-
-
15. The method of 14, wherein the Incoming Security Association table includes a lookup key comprising the Internet Protocol Security in an authentication header.
-
16. The method of 15, further comprising:
dropping the outbound packet if the look up fails.
-
17. The method of 16, further comprising:
logging the dropped outbound packet if the lookup fails.
-
18. The method of 17, further comprising:
authenticating data within the outbound packet if the look up succeeds.
-
19. The method of 18, further comprising:
encrypting data within the outbound packet if the look up succeeds.
-
20. A computer-readable medium, encoded with data and instructions of sending an outbound packet originated by a wireless client to a wired network via an access point, when read by a computer causes the computer to:
-
authenticate the wireless client;
associate the wireless client with the access point;
determine if the outbound packet requires security processing;
process the outbound packet using an encryption key when the outbound packet requires security processing. - View Dependent Claims (21, 22, 23)
-
-
24. The computer-readable medium of 23, wherein the Incoming Security Association table includes a lookup key comprising the Internet Protocol Security in an authentication header.
-
25. The computer-readable medium of 24, further encoded with instructions comprising:
dropping the outbound packet if the look up fails.
-
26. The computer-readable medium of 25, further encoded with instructions comprising:
logging the dropped outbound packet if the lookup fails.
-
27. The computer-readable medium of 26, further encoded with instructions comprising:
authenticating data within the outbound packet if the look up succeeds.
-
28. The computer-readable medium of 27, further encoded with instructions comprising:
encrypting data within the outbound packet if the look up succeeds.
-
29. An apparatus of sending an outbound packet originated by a wireless client to a wired network via an access point, comprising:
-
means for authenticating the wireless client;
means for associating the wireless client with the access point;
means for determining if the outbound packet requires security processing;
means for processing the outbound packet using an encryption key when the outbound packet requires security processing. - View Dependent Claims (30, 31, 32)
-
-
33. The apparatus of 32, wherein the Incoming Security Association table includes a lookup key comprising the Internet Protocol Security in an authentication header.
-
34. The apparatus of 33, further comprising:
means for dropping the outbound packet if the look up fails.
-
35. The apparatus of 34, further comprising:
means for logging the dropped outbound packet if the lookup fails.
-
36. The apparatus of 35, further comprising:
means for authenticating data within the outbound packet if the look up succeeds.
-
37. The apparatus of 36, further comprising:
means for encrypting data within the outbound packet if the look up succeeds.
Specification