SYSTEM FOR ACTIVELY UPDATING A CRYPTOGRAPHY MODULE IN A SECURITY GATEWAY AND RELATED METHOD

US 20050149746A1
Filed: 05/19/2004
Published: 07/07/2005
Est. Priority Date: 12/30/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system for actively updating a cryptography module in a security gateway, the security gateway connected between a user computer system and a network system, the system comprising:

a Web GUI for generating at least one window in the user computer system, the window having a decryption/encryption module update system to allow a user to upload a new decryption/encryption module to the security gateway by the Web GUI;

an extended library for accommodating a decryption/encryption module; and

a module update unit for actively updating a corresponding decryption/encryption module in the extended library according to the new decryption/encryption module uploaded to the security gateway or adding the uploaded decryption/encryption module into the extended library.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for actively updating a cryptography module in a security gateway and related method is used in a security gateway, such as a VPN gateway according to an IPSEC protocol, which is connected between at least one user computer system and a network system. The system includes a Web GUI, a module update unit, a defined module unit, and an extended library. A user can easily update or add decryption/encryption modules into the extended library of the gateway through the Web GUI and the module update unit instead of updating the decryption/encryption modules along with the entire kernel firmware. This can reduce the setting time, increase the efficiency of operation, reduce the maintenance cost, and promote the expansion of decryption/encryption modules of the gateway so that network transmission can become much safer.

Citations

17 Claims

1. A system for actively updating a cryptography module in a security gateway, the security gateway connected between a user computer system and a network system, the system comprising:
- a Web GUI for generating at least one window in the user computer system, the window having a decryption/encryption module update system to allow a user to upload a new decryption/encryption module to the security gateway by the Web GUI;
  
  an extended library for accommodating a decryption/encryption module; and
  
  a module update unit for actively updating a corresponding decryption/encryption module in the extended library according to the new decryption/encryption module uploaded to the security gateway or adding the uploaded decryption/encryption module into the extended library.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the security gateway is a VPN gateway complying with an IPSEC protocol.
  - 3. The system of claim 1 wherein the security gateway includes a current library, a kernel, and a daemon, the module update unit being located in the current library.
  - 4. The system of claim 1 wherein the decryption/encryption module update system in the window of the Web GUI includes a system for allowing the user to update a current decryption/encryption module in the security gateway.
  - 5. The system of claim 4 wherein the decryption/encryption module update system in the window of the Web GUI further includes a defined decryption/encryption module system for allowing the user to add a defined decryption/encryption module into the security gateway.
  - 6. The system of claim 5 further comprising a defined module unit connected to the defined decryption/encryption module system for generating a window for providing the user with an instruction to fill in a field in the window with a description of the defined decryption/encryption module.
  - 7. The system of claim 6 wherein the description of the defined decryption/encryption module includes an algorithm, algorithmic identifier, data encryption block size, key length, and decryption/encryption executing function, the parameters of the decryption/encryption executing function including a data address, data block size, key information, key length, initial vector, and decryption/encryption flag.
  - 8. The system of claim 1 wherein the module update unit selects to actively update the corresponding decryption/encryption module in the extended library or to add the uploaded decryption/encryption module into the extended library according to the new decryption/encryption module.
  - 9. The system of claim 2 further comprising an extended library interface for assisting the extended library to communicate with the current library and the kernel.
  - 10. The system of claim 1 further comprising a configuration set unit such as a system file for setting an execution process according to an IPSEC protocol wherein after a decryption/encryption module is updated or added, the key exchange process is updated according to an IKE protocol.

11. A method for actively updating a cryptography module in a security gateway, the security gateway connected between a user computer system and a network system, the method comprising:
- downloading a new decryption/encryption module to the user computer system through the network system;
  
  starting a Web GUI of the security gateway for generating at least one window in the user computer system, the window having a decryption/encryption module update system;
  
  selecting a decryption/encryption module from the window provided by the Web GUI;
  
  uploading the selected decryption/encryption module to the security gateway;
  
  a module update unit of the security gateway actively updating a corresponding decryption/encryption module in the extended library according to the uploaded decryption/encryption module or adding the uploaded decryption/encryption module into the extended library; and
  
  updating a key exchange process in the security gateway according to an IKE protocol.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11 wherein the decryption/encryption module update system in the window of the Web GUI includes a system for allowing the user to update a current decryption/encryption module in the security gateway.
  - 13. The method of claim 12 wherein the decryption/encryption module update system in the window of the Web GUI further includes a defined decryption/encryption module system for allowing the user to add a defined decryption/encryption module into the security gateway.
  - 14. The method of claim 13 further comprising:
    - when starting the defined decryption/encryption module, generating a window for providing a user with an instruction to fill in a field in the window with a description of the defined decryption/encryption module.
  - 15. The method of claim 14 wherein the descriptions of the defined decryption/encryption module includes an algorithm, algorithmic identifier, data encryption block size, key length, and decryption/encryption executing function, the parameters of the decryption/encryption executing function including a data address, data block size, key information, key length, initial vector, and decryption/encryption flag.
  - 16. The method of claim 11 further comprising:
    - the security gateway executing the updated key exchange process.

17. A key exchange process in a security gateway according to an IKE protocol, the key exchange process comprising:
- (a) initiating a current IPSEC security association (SA) of the security gateway;
  
  (b) executing an IKE phase 1;
  
  (c) if there is no appropriate decryption/encryption module in a current library of the security gateway, selecting an appropriate decryption/encryption module from an extended library of the security gateway;
  
  (d) executing an IKE phase 2;
  
  (e) repeating step (c);
  
  (f) completing the key exchange process of the IKE phase 1 and 2; and
  
  (g) informing the kernel of the security gateway of an update to the current IPSEC SA.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IEI Integration Corp.
Original Assignee
IEI Integration Corp.
Inventors
Tzeng, Hong-Wei, Lu, Chih-Chung

Application Number

US10/709,635
Publication Number

US 20050149746A1
Time in Patent Office

Days
Field of Search
US Class Current

713/191
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

SYSTEM FOR ACTIVELY UPDATING A CRYPTOGRAPHY MODULE IN A SECURITY GATEWAY AND RELATED METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR ACTIVELY UPDATING A CRYPTOGRAPHY MODULE IN A SECURITY GATEWAY AND RELATED METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links