Method and apparatus for a per-packet encryption system

US 20050175184A1
Filed: 02/11/2004
Published: 08/11/2005
Est. Priority Date: 02/11/2004
Status: Abandoned Application

First Claim

Patent Images

1. A system for encrypting packets on a network comprising:

A. a plurality of network nodes;

B. a communication channel between said plurality of network nodes;

C. one or more packets sent between said plurality of network nodes over said communication channel;

D. wherein said one or more packets contain an encryption key identifier and a payload;

E. one or more encryption keys stored on one or more of said plurality of network nodes; and

F. a system for encrypting said payload based on said encryption key identifier and said one or more encryption keys;

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network security system designed to provide per-packet encryption based on an encryption key identifier and an associated encryption key. Packets or groups of packets are encrypted based on information that relates to the packet such as service type, network number, and the like. This encryption criterion is associated with an encryption key and encryption key identifier. When a packet contains the certain criteria, the packet is encrypted using the encryption key. The packet is sent across the network using the encryption key identifier and the encrypted payload. The targeted nodes decrypt the packet using the reverse process.

Citations

52 Claims

1. A system for encrypting packets on a network comprising:
- A. a plurality of network nodes;
  
  B. a communication channel between said plurality of network nodes;
  
  C. one or more packets sent between said plurality of network nodes over said communication channel;
  
  D. wherein said one or more packets contain an encryption key identifier and a payload;
  
  E. one or more encryption keys stored on one or more of said plurality of network nodes; and
  
  F. a system for encrypting said payload based on said encryption key identifier and said one or more encryption keys;
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A system for encrypting packets on a network as recited in claim 1, wherein said payload is only partially encrypted.
  - 3. A system for encrypting packets on a network as recited in claim 1, wherein said one or more packets contains a destination address.
  - 4. A system for encrypting packets on a network as recited in claim 1, wherein said encryption key identifier contains a value indicating “
    - no encryption”
      
      .
  - 5. A system for encrypting packets on a network as recited in claim 4, wherein information external to the said payload is used to select said encryption key identifier.
  - 6. A system for encrypting packets on a network as recited in claim 1, wherein said payload further comprises one or more fields that are used to select said encryption key identifier.
  - 7. A system for encrypting packets on a network as recited in claim 6, wherein said one or more fields are selected from the group consisting of a socket, a protocol identifier, a node address, a network address, a sub-network address, a service type, and a packet identifier.
  - 8. A system for encrypting packets on a network as recited in claim 6, wherein said one or more fields are selected from the group consisting of the application layer, the presentation layer, the session layer, the transport layer, the network layer, the data link layer, and the physical layer.
  - 9. A system for encrypting packets on a network as recited in claim 1, wherein said communication channel is a network selected from the group consisting of a wireless network, a light frequency network, a power line network, an acoustic network and a wired network.

10. A system for decrypting packets on a network comprising:
- A. a plurality of network nodes;
  
  B. a communication channel between said plurality of network nodes;
  
  C. one or more packets sent between said plurality of network nodes over said communication channel;
  
  D. wherein said one or more packets further comprises an encryption key identifier and a payload;
  
  E. one or more encryption keys stored on one or more of said plurality of network nodes; and
  
  F. a system for decrypting said payload based on said encryption key identifier and said one or more encryption keys.
- View Dependent Claims (11, 12, 13)
- - 11. A system for decrypting packets on a network as recited in claim 10, wherein said payload is only partially decrypted.
  - 12. A system for decrypting packets on a network as recited in claim 10, wherein said one or more packets further comprises a destination address.
  - 13. A system for decrypting packets on a network as recited in claim 10, wherein said communication channel is a network selected from the group consisting of, a wireless network, a light frequency network, a power line network, an acoustic network and a wired network.

14. A system for encrypting packets on a network comprising:
- A. a plurality of network nodes;
  
  B. a communication channel between said plurality of network nodes;
  
  C. one or more packets forming a packet group which are sent on said communication channel between said plurality of network nodes;
  
  D. said packet group further comprising an encryption key identifier and a payload;
  
  E. one or more encryption keys for occurrences of said encryption key identifier; and
  
  F. a system for encrypting said payload based on said encryption key identifier and said one or more encryption keys.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. A system for encrypting packets on a network as recited in claim 14, wherein said payload is only partially encrypted.
  - 16. A system for encrypting packets on a network as recited in claim 14, wherein said one or more packets further comprises a destination address.
  - 17. A system for encrypting packets on a network as recited in claim 14, wherein said encryption key identifier further comprises a value indicating “
    - no encryption”
      
      .
  - 18. A system for encrypting packets on a network as recited in claim 17, wherein information external to the packet payload is used to select said encryption key identifier.
  - 19. A system for encrypting packets on a network as recited in claim 14, wherein said payload further comprises one or more fields that are used to select said encryption key identifier.
  - 20. A system for encrypting packets on a network as recited in claim 19, wherein said field is selected from the group consisting of a socket, a protocol identifier, a node address, a network address, a sub-network address, a service type, and a packet identifier.
  - 21. A system for encrypting packets on a network as recited in claim 19, wherein said field is selected from the group consisting of the application layer, the presentation layer, the session layer, the transport layer, the network layer, the data link layer, and the physical layer.
  - 22. A system for encrypting packets on a network as recited in claim 14, wherein said communication channel is a network selected from the group consisting of, a wireless network, a light frequency network, a power line network, an acoustic network and a wired network.

23. A system for decrypting packets on a network comprising:
- A. a plurality of network nodes;
  
  B. a communication channel between said plurality of network nodes;
  
  C. one or more packets forming a packet group which are sent on said communication channel between said plurality of network nodes;
  
  D. said packet group further comprising an encryption key identifier and a payload;
  
  E. one or more encryption keys; and
  
  F. a system for decrypting said payload based on said encryption key identifier and said one or more encryption keys.
- View Dependent Claims (24, 25, 26)
- - 24. A system for decrypting packets on a network as recited in claim 23, wherein said payload is only partially decrypted.
  - 25. A system for decrypting packets on a network as recited in claim 23, wherein said one or more packets further comprising a destination address.
  - 26. A system for encrypting packets on a network as recited in claim 23, wherein communication channel is a network selected from the group consisting of, a wireless network, a light frequency network, a power line network, an acoustic network and a wired network.

27. A method for encrypting packets on a network comprising:
- A. selecting an encryption key and an associated encryption key identifier;
  
  B. encrypting data to form a payload using said encryption key;
  
  C. building a packet comprising said payload and said encryption key identifier; and
  
  D. sending said packet from a sending network node across a communication channel.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. A method for encrypting packets on a network as recited in claim 27, wherein said packet is build with a payload that is partially encrypted.
  - 29. A method for encrypting packets on a network as recited in claim 27, wherein said packet is built further comprising a destination address.
  - 30. A method for encrypting packets on a network as recited in claim 27, wherein said packet is built with an encryption key identifier which indicates no encryption.
  - 31. A method for encrypting packets on a network as recited in claim 30, wherein selection of said encryption key identifier is based on information external to said payload.
  - 32. A method for encrypting packets on a network as recited in claim 27, wherein selection of said encryption key identifier is based on information within said payload.
  - 33. A method for encrypting packets on a network as recited in claim 32, wherein selection of said encryption key identifier is based on fields within said payload selected from the group consisting of a socket, a protocol identifier, a node address, a network address, a sub-network address, a service type, and a packet identifier.
  - 34. A method for encrypting packets on a network as recited in claim 27, wherein selection of said encryption key identifier is based on protocol layers within said payload selected from the group consisting of the application layer, the presentation layer, the session layer, the transport layer, the network layer, the data link layer, and the physical layer.
  - 35. A method for encrypting packets on a network as recited in claim 27, wherein said packet is sent on communication channel selected from the group consisting of a wireless network, a light frequency network, a power line network, an acoustic network and a wired network.

36. A method for decrypting packets on a network comprising:
- A. receiving a packet on a communication channel wherein said packet further comprises an encryption key identifier and a payload; and
  
  B. decrypting said payload by using an encryption key which is indicated by said encryption key identifier.
- View Dependent Claims (37, 38, 39)
- - 37. A method for decrypting packets on a network as recited in claim 36, wherein only part of said payload is decrypted.
  - 38. A method for decrypting packets on a network as recited in claim 36, wherein said packet further comprises a destination address.
  - 39. A method for decrypting packets on a network as recited in claim 36, wherein said packet is received on a communication channel selected from the group consisting of a wireless network, a light frequency network, a power line network, an acoustic network and a wired network.

40. A method for encrypting packets on a network comprising:
- A. selecting an encryption key and an associated encryption key identifier;
  
  B. encrypting data with said encryption key which forms one or more payloads;
  
  C. building one or more packets which form a packet group from said one or more payloads wherein a packet from said packet group further comprises an encryption key identifier which identifies said encryption key; and
  
  D. sending said packet group from a sending network node across a communication channel.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
- - 41. A method for encrypting packets on a network as recited in claim 40, wherein said one or more payloads are partially encrypted.
  - 42. A method for encrypting packets on a network as recited in claim 40, wherein said one or more packets are built with a destination address.
  - 43. A method for encrypting packets on a network as recited in claim 40, wherein said encryption key identifier indicates no encryption.
  - 44. A method for encrypting packets on a network as recited in claim 43, wherein selection of said encryption key identifier is based on information external to said payload.
  - 45. A method for encrypting packets on a network as recited in claim 40, wherein selection of said encryption key identifier is based on information within said payload.
  - 46. A method for encrypting packets on a network as recited in claim 45, wherein selection of said encryption key identifier is based on fields within said payload selected from the group consisting of a socket, a protocol identifier, a node address, a network address, a sub-network address, a service type, and a packet identifier.
  - 47. A method for encrypting packets on a network as recited in claim 40, wherein selection of said encryption key identifier is based on protocol layers within said payload selected from the group consisting of the application layer, the presentation layer, the session layer, the transport layer, the network layer, the data link layer, and the physical layer.
  - 48. A method for encrypting packets on a network as recited in claim 40, wherein said packet group is sent on a communication channel selected from the group consisting of a wireless network, a light frequency network, an acoustic network, a power line network, and a wired network.

49. A method for decrypting packets on a network comprising:
- A. receiving one or more packets which form a packet group on a communication channel wherein said packet group further comprises an encryption key identifier and one or more payloads; and
  
  p1 B. decrypting said one or more payloads using an encryption key which is indicated by said encryption key identifier.
- View Dependent Claims (50, 51, 52)
- - 50. A method for decrypting packets on a network as recited in claim 49, wherein only part of said one or more payloads is decrypted.
  - 51. A method for decrypting packets on a network as recited in claim 49, wherein said one or more packets further comprises a destination address.
  - 52. A method for decrypting packets on a network as recited in claim 49, wherein said packet is received on communication channel selected from the group consisting of a wireless network, a light frequency network, a power line network, an acoustic network and a wired network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phonex Broadband
Original Assignee
Phonex Broadband
Inventors
Leahy, Ronald S., Steck, Douglas, Grover, Douglas M., Willes, W. Paul, Rohlfing, Thomas R.

Application Number

US10/776,474
Publication Number

US 20050175184A1
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 63/0457   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 9/14   using a plurality of keys o...

Method and apparatus for a per-packet encryption system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for a per-packet encryption system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links