ENCRYPTION/DECRYPTION DEVICE FOR SECURE COMMUNICATIONS BETWEEN A PROTECTED NETWORK AND AN UNPROTECTED NETWORK AND ASSOCIATED METHODS
First Claim
1. An encryption/decryption device for secure communications between a protected network and an unprotected network, the encryption/decryption device comprising:
- a plaintext unit;
a ciphertext unit; and
a cryptographic unit connected between the plaintext unit and the ciphertext unit;
the plaintext unit comprising a first logic device (LD) for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit;
the ciphertext unit comprising a second LD for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network;
the cryptographic unit to perform encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams from the ciphertext unit to define the incoming datagrams.
4 Assignments
0 Petitions
Accused Products
Abstract
The encryption/decryption device includes a plaintext unit, a ciphertext unit and a cryptographic unit connected therebetween. The plaintext unit may include a logic device such as a first programmable logic device (PLD), e.g. a field programmable gate array (FPGA), for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit. The ciphertext unit may include a second logic device such as a PLD or FPGA for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network. The cryptographic unit may also be a PLD or FPGA and performs encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams from the ciphertext unit to define the incoming datagrams.
26 Citations
21 Claims
-
1. An encryption/decryption device for secure communications between a protected network and an unprotected network, the encryption/decryption device comprising:
-
a plaintext unit; a ciphertext unit; and a cryptographic unit connected between the plaintext unit and the ciphertext unit; the plaintext unit comprising a first logic device (LD) for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit; the ciphertext unit comprising a second LD for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network; the cryptographic unit to perform encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams from the ciphertext unit to define the incoming datagrams. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An encryption/decryption device for secure communications between a protected network and an unprotected network, the encryption/decryption device comprising:
-
a plaintext unit; a ciphertext unit; and a cryptographic unit connected between the plaintext unit and the ciphertext unit; the plaintext unit comprising a field-programmable gate array (FPGA) for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit; the ciphertext unit to interface with the unprotected network; the cryptographic unit to perform encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams. - View Dependent Claims (10, 11)
-
-
12. An encryption/decryption device for secure communications between a protected network and an unprotected network, the encryption/decryption device comprising:
-
a plaintext unit; a ciphertext unit; and a cryptographic unit connected between the plaintext unit and the ciphertext unit; the plaintext unit for interfacing with the protected network; the ciphertext unit comprising a field-programmable gate array (FPGA) for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network; the cryptographic unit to perform encryption of outgoing datagrams, and to perform decryption of incoming encrypted datagrams from the ciphertext unit. - View Dependent Claims (13, 14)
-
-
15. A method of making an encryption/decryption device for secure communications between a protected network and an unprotected network, the method comprising:
-
providing a plaintext unit; providing a ciphertext unit; and connecting a cryptographic unit between the plaintext unit and the ciphertext unit; wherein providing the plaintext unit comprises providing a first logic device (LD) for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit; wherein providing the ciphertext unit comprises providing a second LD for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network; and wherein connecting the cryptographic unit comprises providing the cryptographic unit to perform encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams from the ciphertext unit to define the incoming datagrams. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification