ENCRYPTION/DECRYPTION DEVICE FOR SECURE COMMUNICATIONS BETWEEN A PROTECTED NETWORK AND AN UNPROTECTED NETWORK AND ASSOCIATED METHODS

US 20080181394A1
Filed: 01/30/2007
Published: 07/31/2008
Est. Priority Date: 01/30/2007
Status: Active Grant

First Claim

Patent Images

1. An encryption/decryption device for secure communications between a protected network and an unprotected network, the encryption/decryption device comprising:

a plaintext unit;

a ciphertext unit; and

a cryptographic unit connected between the plaintext unit and the ciphertext unit;

the plaintext unit comprising a first logic device (LD) for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit;

the ciphertext unit comprising a second LD for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network;

the cryptographic unit to perform encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams from the ciphertext unit to define the incoming datagrams.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The encryption/decryption device includes a plaintext unit, a ciphertext unit and a cryptographic unit connected therebetween. The plaintext unit may include a logic device such as a first programmable logic device (PLD), e.g. a field programmable gate array (FPGA), for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit. The ciphertext unit may include a second logic device such as a PLD or FPGA for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network. The cryptographic unit may also be a PLD or FPGA and performs encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams from the ciphertext unit to define the incoming datagrams.

26 Citations

View as Search Results

21 Claims

1. An encryption/decryption device for secure communications between a protected network and an unprotected network, the encryption/decryption device comprising:
- a plaintext unit;
  
  a ciphertext unit; and
  
  a cryptographic unit connected between the plaintext unit and the ciphertext unit;
  
  the plaintext unit comprising a first logic device (LD) for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit;
  
  the ciphertext unit comprising a second LD for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network;
  
  the cryptographic unit to perform encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams from the ciphertext unit to define the incoming datagrams.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The encryption/decryption device according to claim 1, further comprising:
    - a plaintext unit input/output processor to control the plaintext unit;
      
      a ciphertext unit input/output processor to control the ciphertext unit; and
      
      a cryptographic unit control processor to control the cryptographic unit.
  - 3. The encryption/decryption device according to claim 2, further comprising:
    - a plaintext unit network interface to interface the plaintext unit with the protected network; and
      
      a ciphertext unit network interface to interface the ciphertext unit with the unprotected network.
  - 4. The encryption/decryption device according to claim 1, wherein the plaintext unit comprises:
    - an egress directional component to perform the encapsulation of data from the protected network to define the outgoing datagrams; and
      
      an ingress directional component to perform the decapsulation of the incoming datagrams from the cytographic unit.
  - 5. The encryption/decryption device according to claim 1, wherein the ciphertext unit comprises:
    - an ingress directional component to perform the routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit; and
      
      an egress directional component to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network.
  - 6. The encryption/decryption device according to claim 1, wherein each of the first and second LDs comprises a field-programmable gate array (FPGA).
  - 7. The encryption/decryption device according to claim 6, wherein the cryptographic unit comprises a third FPGA.
  - 8. The encryption/decryption device according to claim 1, wherein the plaintext unit, ciphertext unit and cryptographic unit operate in accordance with the High Assurance Internet Protocol Interoperability Specification (HAIPIS).

9. An encryption/decryption device for secure communications between a protected network and an unprotected network, the encryption/decryption device comprising:
- a plaintext unit;
  
  a ciphertext unit; and
  
  a cryptographic unit connected between the plaintext unit and the ciphertext unit;
  
  the plaintext unit comprising a field-programmable gate array (FPGA) for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit;
  
  the ciphertext unit to interface with the unprotected network;
  
  the cryptographic unit to perform encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams.
- View Dependent Claims (10, 11)
- - 10. The encryption/decryption device according to claim 9, further comprising:
    - a plaintext unit input/output processor to control the plaintext unit;
      
      a ciphertext unit input/output processor to control the ciphertext unit; and
      
      a cryptographic unit control processor to control the cryptographic unit.
  - 11. The encryption/decryption device according to claim 9, wherein the plaintext unit comprises:
    - an egress directional component to perform the encapsulation of data from the protected network to define the outgoing datagrams; and
      
      an ingress directional component to perform the decapsulation of the incoming datagrams from the cytographic unit.

12. An encryption/decryption device for secure communications between a protected network and an unprotected network, the encryption/decryption device comprising:
- a plaintext unit;
  
  a ciphertext unit; and
  
  a cryptographic unit connected between the plaintext unit and the ciphertext unit;
  
  the plaintext unit for interfacing with the protected network;
  
  the ciphertext unit comprising a field-programmable gate array (FPGA) for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network;
  
  the cryptographic unit to perform encryption of outgoing datagrams, and to perform decryption of incoming encrypted datagrams from the ciphertext unit.
- View Dependent Claims (13, 14)
- - 13. The encryption/decryption device according to claim 12, further comprising:
    - a plaintext unit input/output processor to control the plaintext unit;
      
      a ciphertext unit input/output processor to control the ciphertext unit; and
      
      a cryptographic unit control processor to control the cryptographic unit.
  - 14. The encryption/decryption device according to claim 12, wherein the ciphertext unit comprises:
    - an ingress directional component to perform the routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit; and
      
      an egress directional component to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network.

15. A method of making an encryption/decryption device for secure communications between a protected network and an unprotected network, the method comprising:
- providing a plaintext unit;
  
  providing a ciphertext unit; and
  
  connecting a cryptographic unit between the plaintext unit and the ciphertext unit;
  
  wherein providing the plaintext unit comprises providing a first logic device (LD) for interfacing with the protected network to perform encapsulation of data from the protected network to define outgoing datagrams, and to perform decapsulation of incoming datagrams from the cytographic unit;
  
  wherein providing the ciphertext unit comprises providing a second LD for interfacing with the unprotected network to perform routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit, and to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network; and
  
  wherein connecting the cryptographic unit comprises providing the cryptographic unit to perform encryption of outgoing datagrams from the plaintext unit, and to perform decryption of incoming encrypted datagrams from the ciphertext unit to define the incoming datagrams.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method according to claim 15, further comprising:
    - providing a plaintext unit input/output processor to control the plaintext unit;
      
      providing a ciphertext unit input/output processor to control the ciphertext unit; and
      
      providing a cryptographic unit control processor to control the cryptographic unit.
  - 17. The method according to claim 16, further comprising:
    - providing a plaintext unit network interface to interface the plaintext unit with the protected network; and
      
      providing a ciphertext unit network interface to interface the ciphertext unit with the unprotected network.
  - 18. The method according to claim 15, wherein providing the plaintext unit further comprises:
    - providing an egress directional component to perform the encapsulation of data from the protected network to define the outgoing datagrams; and
      
      providing an ingress directional component to perform the decapsulation of the incoming datagrams from the cytographic unit.
  - 19. The method according to claim 15, wherein providing the ciphertext unit comprises:
    - providing an ingress directional component to perform the routing of incoming encrypted datagrams from the unprotected network to the cryptographic unit; and
      
      providing an egress directional component to perform routing of outgoing encrypted datagrams from the cryptographic unit to the unprotected network.
  - 20. The method according to claim 15, wherein providing each of the first and second LDs comprises providing a field-programmable gate array (FPGA).
  - 21. The method according to claim 20, wherein providing the cryptographic unit comprises providing a third FPGA.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Croga Innovations Limited (Atlantic IP Services Limited)
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
Dennis, Gary Roger, White, Robert Jeffery, Keefe, Richard John

Granted Patent

US 9,083,683 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/28
CPC Class Codes

H04L 12/22 Arrangements for preventing...

H04L 63/0485 Networking architectures fo...

ENCRYPTION/DECRYPTION DEVICE FOR SECURE COMMUNICATIONS BETWEEN A PROTECTED NETWORK AND AN UNPROTECTED NETWORK AND ASSOCIATED METHODS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

ENCRYPTION/DECRYPTION DEVICE FOR SECURE COMMUNICATIONS BETWEEN A PROTECTED NETWORK AND AN UNPROTECTED NETWORK AND ASSOCIATED METHODS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links