APPARATUS FOR PROVIDING SECURITY OVER UNTRUSTED NETWORKS
0 Assignments
0 Petitions
Accused Products
Abstract
A network security apparatus adapted to provide for secure communications across data networks, including untrusted networks. In one embodiment, the security apparatus comprises one or more components disposed within the software stack of a computerized device, the components including an association process adapted to establish security associations between devices on the network, and an encryption key generation process adapted to generate one or more encryption keys. In one variant, the keys are specifically for use with temporary or ad hoc security associations. The one or more keys are exchanged according to a key exchange protocol after the device is authenticated or authenticates another device. In one implementation, the device comprises a portable device such as a laptop computer.
-
Citations
79 Claims
-
1-52. -52. (canceled)
-
53. Network security apparatus configured to communicate with a computerized host device and other network security apparatus on a network having components that may be individually secure or non-secure, the apparatus comprising:
-
a cryptographic material generation process, said generation process being adapted to generate cryptographic material comprising at least one encryption key; a message process adapted to exchange first security association information between the security apparatus and at least one of said other security apparatus on the network via one or more messages; and an association process configured to establish a security association between said network apparatus and said at least one other network security apparatus based at least in part on said first security association information; wherein said apparatus further comprises a key exchange protocol, said key exchange protocol being adapted to exchange said at least one encryption key between said network security apparatus and at least one other security apparatus using at least one message generated by said message process. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
69. A portable computerized device adapted for secure communications over an untrusted network, the device comprising:
-
network security apparatus configured to communicate with other network security apparatus on said network, the apparatus comprising; a cryptographic material generator, said generator being adapted to generate cryptographic material comprising at least one encryption key; a message process adapted to exchange first security association information between the security apparatus and at least one of said other security apparatus on the network via one or more messages; an association process configured to establish a temporary security association between said network apparatus and said at least one other network security apparatus based at least in part on said first security association information; and a key exchange protocol, said key exchange protocol being adapted to exchange said at least one encryption key between said network security apparatus and at least one other security apparatus using at least a request and reply message exchange; wherein said network security apparatus is disposed within a software stack of said portable device. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76, 77)
-
-
78. Network security apparatus configured to communicate with a computerized host device and other network security apparatus on a network having components that may be individually secure or non-secure, the apparatus comprising:
-
a message process adapted to exchange first security association information including a digital certificate between the security apparatus and at least one of said other security apparatus on the network via one or more messages, said digital certificate comprising a first encryption key; a cryptographic material management process, said management process being adapted to package cryptographic material comprising at least one second encryption key for distribution to said at least one other security apparatus; and an association process configured to establish a security association between said network apparatus and said at least one other network security apparatus based at least in part on said first security association information; wherein said apparatus further comprises a key exchange protocol, said key exchange protocol being adapted to exchange said at least one second encryption key between said network security apparatus and said at least one other security apparatus using at least one message generated by said message process.
-
-
79. A portable computerized device adapted for secure communications over an untrusted network, the device comprising:
-
network security apparatus configured to communicate with other network security apparatus on said network, the apparatus comprising; a message process adapted to exchange first security association information between the security apparatus and at least one of said other security apparatus on the network via one or more messages; a cryptographic material management process, said management process being adapted to package cryptographic material comprising at least one encryption key for distribution to said at least one other network security apparatus; an association process configured to establish an ad hoc security association between said network apparatus and said at least one other network security apparatus based at least in part on said first security association information; a key exchange protocol, said key exchange protocol being adapted to exchange said at least one encryption key between said network security apparatus and said at least one other security apparatus using at least a request and reply message exchange; and a block ciphering algorithm adapted to cipher data to be transmitted between said network security apparatus and said at least one other security apparatus; wherein said network security apparatus is disposed within a software stack of said portable device.
-
Specification