Modular cryptographic device providing enhanced communication control features and related methods

US 20050216734A1
Filed: 03/23/2004
Published: 09/29/2005
Est. Priority Date: 03/23/2004
Status: Active Grant

First Claim

Patent Images

1. A cryptographic device comprising:

a cryptographic module and a communications module coupled thereto;

said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor;

said communications module comprising a network communications interface coupled to said cryptographic processor;

said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion and a data portion, and encapsulating command packets for said communications module in the data portions of said cryptographic processor command packets;

said cryptographic processor passing the communications module command packets to said communications module without performing cryptographic processing thereon.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic device may include a cryptographic module and a communications module coupled thereto. The cryptographic module may include a user network interface, a host network processor coupled to the user network interface, and a cryptographic processor coupled to the host network processor. Additionally, the communications module may include a network communications interface coupled to the cryptographic processor. The host processor may generate cryptographic processor command packets for the cryptographic processor each having an address portion and a data portion, and it may also encapsulate command packets for the communications module in the data portions of the cryptographic processor command packets. The cryptographic processor may pass the communications module command packets to the without performing cryptographic processing thereon.

33 Citations

View as Search Results

41 Claims

1. A cryptographic device comprising:
- a cryptographic module and a communications module coupled thereto;
  
  said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor;
  
  said communications module comprising a network communications interface coupled to said cryptographic processor;
  
  said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion and a data portion, and encapsulating command packets for said communications module in the data portions of said cryptographic processor command packets;
  
  said cryptographic processor passing the communications module command packets to said communications module without performing cryptographic processing thereon.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The cryptographic device of claim 1 wherein said host network processor formats the data portions based upon the simple network management protocol (SNMP).
  - 3. The cryptographic device of claim 1 wherein the communications module command packets comprise Ethernet packets.
  - 4. The cryptographic device of claim 1 wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 5. The cryptographic device of claim 1 wherein said cryptographic module further comprises:
    - a first housing carrying said user network interface, said host network processor, and said cryptographic processor; and
      
      a first connector carried by said first housing and coupled to said cryptographic processor.
  - 6. The cryptographic device of claim 5 wherein said communications module further comprises:
    - a second housing carrying said network communications interface; and
      
      a second connector carried by said second housing and being removably mateable with said first connector of said cryptographic module.
  - 7. The cryptographic device of claim 1 wherein said cryptographic processor comprises:
    - an unencrypted data buffer circuit coupled to said host network processor;
      
      a cryptography circuit coupled to said unencrypted data buffer circuit; and
      
      an encrypted data buffer circuit coupled to said cryptography circuit.
  - 8. The cryptographic device of claim 1 wherein said communications module comprises a predetermined one from among a plurality of interchangeable communications modules each for communicating over a different communications media.
  - 9. The cryptographic device of claim 1 wherein said network communications interface comprises at least one of a wireless LAN (WLAN) communication circuit, a wireline communication circuit, and a fiber optic communication circuit.
  - 10. The cryptographic device of claim 1 wherein said user network interface comprises an Ethernet Local Area Network (LAN) interface, and wherein said network communications interface comprises a network LAN interface.
  - 11. The cryptographic device of claim 5 wherein said cryptographic module further comprises a tamper circuit for disabling said cryptographic processor based upon tampering with said first housing.

12. A cryptographic device comprising:
- a cryptographic module and a communications module coupled thereto;
  
  said cryptographic module comprising a user Local Area Network (LAN) interface, a host network processor coupled to said user LAN interface, and a cryptographic processor coupled to said host network processor;
  
  said communications module comprising a network LAN interface coupled to said cryptographic processor;
  
  said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion and a data portion, and encapsulating Ethernet command packets for said communications module in the data portions of said cryptographic processor command packets, said host network processor formatting the data portions based upon the simple network management protocol (SNMP);
  
  said cryptographic processor passing the communications module command packets to said communications module without performing cryptographic processing thereon.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The cryptographic device of claim 12 wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 14. The cryptographic device of claim 12 wherein said cryptographic module further comprises:
    - a first housing carrying said user LAN interface, said host network processor, and said cryptographic processor; and
      
      a first connector carried by said first housing and coupled to said cryptographic processor.
  - 15. The cryptographic device of claim 14 wherein said communications module further comprises:
    - a second housing carrying said network LAN interface; and
      
      a second connector carried by said second housing and being removably mateable with said first connector of said cryptographic module.
  - 16. The cryptographic device of claim 12 wherein said cryptographic processor comprises:
    - an unencrypted data buffer circuit coupled to said host network processor;
      
      a cryptography circuit coupled to said unencrypted data buffer circuit; and
      
      an encrypted data buffer circuit coupled to said cryptography circuit.
  - 17. The cryptographic device of claim 12 wherein said communications module comprises a predetermined one from among a plurality of interchangeable communications modules each for communicating over a different communications media.
  - 18. The cryptographic device of claim 12 wherein said network LAN interface comprises at least one of a wireless LAN (WLAN) communication circuit, a wireline LAN communication circuit, and a fiber optic LAN communication circuit.
  - 19. The cryptographic device of claim 12 wherein said user LAN interface comprises an Ethernet interface.
  - 20. The cryptographic device of claim 12 wherein said cryptographic module further comprises a tamper circuit for disabling said cryptographic processor based upon tampering with said first housing.

21. A communications method comprising:
- coupling a cryptographic module to a network device, the cryptographic module comprising a user network interface, a host network processor coupled to the user network interface, and a cryptographic processor coupled to the host network processor;
  
  providing a communications module comprising a network communications interface coupled to the cryptographic processor;
  
  causing the host network processor to generate cryptographic processor command packets for the cryptographic processor each comprising an address portion and a data portion, and to encapsulate command packets for the communications module in the data portions of the cryptographic processor command packets; and
  
  causing the cryptographic processor to pass the communications module command packets to the communications module without performing cryptographic processing thereon.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21 further comprising causing the host network processor to format the data portions based upon the simple network management protocol (SNMP).
  - 23. The method of claim 21 wherein the communications module command packets comprise Ethernet packets.
  - 24. The method of claim 21 wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 25. The method of claim 21 wherein the user network interface comprises an Ethernet Local Area Network (LAN) interface, and wherein the network communications interface comprises a network LAN interface.

26. A communications system comprising:
- a plurality of network devices coupled together to define a network, and a cryptographic device coupled to at least one of said network devices;
  
  said cryptographic device comprising a cryptographic module coupled to said at least one network device, and a communications module coupled to said cryptographic module;
  
  said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor;
  
  said communications module comprising a network communications interface coupled to said cryptographic processor;
  
  said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion and a data portion, and encapsulating command packets for said communications module in the data portions of said cryptographic processor command packets;
  
  said cryptographic processor passing the communications module command packets to said communications module without performing cryptographic processing thereon.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 27. The system of claim 26 wherein said host network processor formats the data portions based upon the simple network management protocol (SNMP).
  - 28. The system of claim 26 wherein the communications module command packets comprise Ethernet packets, and wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 29. The system of claim 26 wherein said cryptographic module further comprises:
    - a first housing carrying said user network interface, said host network processor, and said cryptographic processor; and
      
      a first connector carried by said first housing and coupled to said cryptographic processor.
  - 30. The system of claim 29 wherein said communications module further comprises:
    - a second housing carrying said network communications interface; and
      
      a second connector carried by said second housing and being removably mateable with said first connector of said cryptographic module.
  - 31. The system of claim 26 wherein said cryptographic processor comprises:
    - an unencrypted data buffer circuit coupled to said host network processor;
      
      a cryptography circuit coupled to said unencrypted data buffer circuit; and
      
      an encrypted data buffer circuit coupled to said cryptography circuit.
  - 32. The system of claim 26 wherein said communications module comprises a predetermined one from among a plurality of interchangeable communications modules each for communicating over a different communications media.
  - 33. The system of claim 26 wherein said network communications interface comprises at least one of a wireless LAN (WLAN) communication circuit, a wireline communication circuit, and a fiber optic communication circuit.
  - 34. The system of claim 26 wherein said user network interface comprises an Ethernet Local Area Network (LAN) interface, and wherein said network communications interface comprises a network LAN interface.
  - 35. The system of claim 26 wherein said cryptographic module further comprises a tamper circuit for disabling said cryptographic processor based upon tampering with said first housing.

36. A cryptographic module comprising:
- a user network interface;
  
  a host network processor coupled to said user network interface; and
  
  a cryptographic processor coupled to said host network processor;
  
  said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion and a data portion, and encapsulating command packets for a network communications module in the data portions of said cryptographic processor command packets;
  
  said cryptographic processor passing the communications module command packets to the network communications module without performing cryptographic processing thereon.
- View Dependent Claims (37, 38, 39, 40, 41)
- - 37. The cryptographic module of claim 36 wherein said host network processor formats the data portions based upon the simple network management protocol (SNMP).
  - 38. The cryptographic module of claim 36 wherein the communications module command packets comprise Ethernet packets.
  - 39. The cryptographic module of claim 36 wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 40. The cryptographic module of claim 36 wherein said cryptographic processor comprises:
    - an unencrypted data buffer circuit coupled to said host network processor;
      
      a cryptography circuit coupled to said unencrypted data buffer circuit; and
      
      an encrypted data buffer circuit coupled to said cryptography circuit.
  - 41. The cryptographic module of claim 36 wherein said user network interface comprises an Ethernet Local Area Network (LAN) interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
Yancy, Bruce Wayne, Waldo, Lawrence Richard

Granted Patent

US 7,644,289 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/160
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 21/85   interconnection devices, e....

G06F 2221/2113   Multi-level security, e.g. ...

G07F 7/1016   Devices or methods for secu...

H04L 2209/80   Wireless network architectu...

H04L 63/0485   Networking architectures fo...

H04L 63/30   for supporting lawful inter...

H04L 9/00   Cryptographic mechanisms or...

Modular cryptographic device providing enhanced communication control features and related methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Modular cryptographic device providing enhanced communication control features and related methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links