Generic encryption technique for communication networks
First Claim
1. A method of handling information packets to be transmitted onto a communication network, and for which cryptographic processing is needed, the method comprising the steps of:
- appending a cryptographic preamble to the beginning of an information packet for which cryptographic processing is needed;
passing the information packet to a cryptographic processor;
detecting, in the cryptographic processor, that cryptographic processing is needed;
analyzing the cryptographic preamble to determine the location in the packet of material to be cryptographically processed, and the type of cryptographic processing to be performed;
performing the requested cryptographic processing; and
stripping the cryptographic preamble from the packet if the packet is to be transmitted onto the network, to preserve compatibility with existing packet formats transmitted over the network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and related cryptographic processing apparatus for handling information packets that are to be cryptographically processed prior to transmission onto a communication network, or that are to be locally cryptographically processed and looped back to a node processor. A special cryptographic preamble is included in each information packet that is to be subject to cryptographic processing. The cryptographic preamble contains an offset value pointing to the starting location of information that is to be processed, and completely defines the type of cryptographic processing to be performed. The cryptographic processor can then perform the processing as specified in the preamble without regard to a specific protocol. If the packet is to be transmitted onto the network, the preamble is stripped from the packet after cryptographic processing, so that the formats of packets transmitted onto the network will be unaffected by the preamble. Cryptographic processing modes include encryption of data for outbound transmission, encryption of a cipher key for loopback to the node processor, encryption or decryption of data for loopback to the node processor, and computation of an integrity check value for loopback to the node processor.
86 Citations
16 Claims
-
1. A method of handling information packets to be transmitted onto a communication network, and for which cryptographic processing is needed, the method comprising the steps of:
-
appending a cryptographic preamble to the beginning of an information packet for which cryptographic processing is needed; passing the information packet to a cryptographic processor; detecting, in the cryptographic processor, that cryptographic processing is needed; analyzing the cryptographic preamble to determine the location in the packet of material to be cryptographically processed, and the type of cryptographic processing to be performed; performing the requested cryptographic processing; and stripping the cryptographic preamble from the packet if the packet is to be transmitted onto the network, to preserve compatibility with existing packet formats transmitted over the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A cryptographic processor for in-line connection between a first processing stage, which forwards packets of information from a node processor, for cryptographic processing and subsequent transmission onto a communication network, and a second processing stage, which further processes packets prior to transmission onto the network, the cryptographic processor comprising:
-
means for analyzing an incoming information packet received from the first processing stage, including means for analyzing a cryptographic preamble inserted in the packet prior to its reaching the cryptographic processor; means responsive to an offset field in the cryptographic preamble, for locating the start of a data field in the information packet that is to be cryptographically processed; means for cryptographically processing the data field to be processed; means for conditioning the means for cryptographically processing to perform a requested mode of processing based on the contents of a mode field in the cryptographic preamble; and means for stripping the cryptographic preamble from the information packet if the mode of processing calls for transmission of the packet to the second processing means. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
Specification