METHOD AND APPARATUS FOR SECURITY ENCAPSULATING IP DATAGRAMS
First Claim
1. A method performed by a network security device for security encapsulating an original IP datagram received from a network, the method comprising:
- determining whether an IP payload of the original IP datagram is a TCP segment, UDP datagram or packet of another type of network protocol;
based on the determining, encrypting a portion of the IP payload to form an encrypted payload;
forming a security encapsulated IP packet with source IP address, destination IP address, and IP protocol field from the original IP datagram, and the encrypted payload; and
providing the security encapsulated IP packet to the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and corresponding apparatus are provided to security encapsulate an original IP datagram received from a network. It is first determined whether an IP payload of the original IP datagram is a TCP segment, UDP datagram or packet of another type of network protocol. Based on this determination, a portion of the IP payload is encrypted resulting in an encrypted payload. A security encapsulated IP packet is then formed with source IP address, destination IP address, and IP protocol field from the original IP datagram, and the encrypted payload. The security encapsulated IP packet is then provided to the network.
29 Citations
21 Claims
-
1. A method performed by a network security device for security encapsulating an original IP datagram received from a network, the method comprising:
-
determining whether an IP payload of the original IP datagram is a TCP segment, UDP datagram or packet of another type of network protocol; based on the determining, encrypting a portion of the IP payload to form an encrypted payload; forming a security encapsulated IP packet with source IP address, destination IP address, and IP protocol field from the original IP datagram, and the encrypted payload; and providing the security encapsulated IP packet to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network security device to security encapsulate an original IP datagram received from a network, the device comprising:
-
an interface to the network; a security encapsulation processor communicatively coupled to the interface, the security encapsulation processor configured to; determine whether an IP payload of the original IP datagram is a TCP segment, UDP datagram or packet of another type of network protocol; based on the determination, encrypt a portion of the IP payload to form an encrypted payload; form a security encapsulated IP packet with source IP address, destination IP address, and IP protocol field from the original IP datagram, and the encrypted payload; and provide the security encapsulated IP packet to the network through the interface. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. Logic encoded in one or more non-transitory computer readable medium for execution and when executed operable to:
-
determine whether an IP payload of the original IP datagram is a TCP segment, UDP datagram or packet of another type of network protocol; based on the determination, encrypt a portion of the IP payload to form an encrypted payload; form a security encapsulated IP packet with source IP address, destination IP address, and IP protocol field from the original IP datagram, and the encrypted payload; and provide the security encapsulated IP packet to the network.
-
Specification