Generic encryption technique for communication networks

US 5,070,528 A
Filed: 06/29/1990
Issued: 12/03/1991
Est. Priority Date: 06/29/1990
Status: Expired due to Term

First Claim

Patent Images

1. A method of handling information packets to be transmitted onto a communication network, and for which cryptographic processing is needed, the method comprising the steps of:

appending a cryptographic preamble to the beginning of an information packet for which cryptographic processing is needed;

passing the information packet to a cryptographic processor;

detecting, in the cryptographic processor, that cryptographic processing is needed;

analyzing the cryptographic preamble to determine the location in the packet of material to be cryptographically processed, and the type of cryptographic processing to be performed;

performing the requested cryptographic processing; and

stripping the cryptographic preamble from the packet if the packet is to be transmitted onto the network, to preserve compatibility with existing packet formats transmitted over the network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and related cryptographic processing apparatus for handling information packets that are to be cryptographically processed prior to transmission onto a communication network, or that are to be locally cryptographically processed and looped back to a node processor. A special cryptographic preamble is included in each information packet that is to be subject to cryptographic processing. The cryptographic preamble contains an offset value pointing to the starting location of information that is to be processed, and completely defines the type of cryptographic processing to be performed. The cryptographic processor can then perform the processing as specified in the preamble without regard to a specific protocol. If the packet is to be transmitted onto the network, the preamble is stripped from the packet after cryptographic processing, so that the formats of packets transmitted onto the network will be unaffected by the preamble. Cryptographic processing modes include encryption of data for outbound transmission, encryption of a cipher key for loopback to the node processor, encryption or decryption of data for loopback to the node processor, and computation of an integrity check value for loopback to the node processor.

86 Citations

View as Search Results

16 Claims

1. A method of handling information packets to be transmitted onto a communication network, and for which cryptographic processing is needed, the method comprising the steps of:
- appending a cryptographic preamble to the beginning of an information packet for which cryptographic processing is needed;
  
  passing the information packet to a cryptographic processor;
  
  detecting, in the cryptographic processor, that cryptographic processing is needed;
  
  analyzing the cryptographic preamble to determine the location in the packet of material to be cryptographically processed, and the type of cryptographic processing to be performed;
  
  performing the requested cryptographic processing; and
  
  stripping the cryptographic preamble from the packet if the packet is to be transmitted onto the network, to preserve compatibility with existing packet formats transmitted over the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as defined in claim 1, wherein:
    - the cryptographic preamble includes an offset field indicating a number of data elements to skip to the start of the material to be cryptographically processed; and
      
      the method further comprises the step of skipping the number of data elements specified in the offset field, prior to performing the requested cryptographic processing.
  - 3. A method as defined in claim 2, wherein:
    - the cryptographic preamble further includes a mode field indicating the type of cryptographic processing to be performed; and
      
      the step of performing the cryptographic processing includes conditioning the cryptographic processor to perform the type of processing requested in the mode field.
  - 4. A method as defined in claim 3, wherein:
    - the step of cryptographic processing includes computing a cryptographic checksum of the data in the packet; and
      
      the method further comprises the step of forwarding the information packet with the checksum for outbound transmission onto the network.
  - 5. A method as defined in claim 3, wherein:
    - the step of performing the cryptographic processing includes encrypting data in the information packet; and
      
      the method further comprises the step of forwarding the information packet with encrypted data, for outbound transmission onto the network.
  - 6. A method as defined in claim 3, wherein:
    - the step of performing the cryptographic processing includes encrypting a cipher key contained in the information packet; and
      
      the method further comprises the step of looping the packet with the encrypted key back in the direction from which it was received.
  - 7. A method as defined in claim 3, wherein:
    - the step of performing the cryptographic processing includes encrypting data in the information packet; and
      
      the method further comprises the step of looping the packet with the encrypted data back in the direction from which it was received.
  - 8. A method as defined in claim 3, wherein:
    - the step of performing the cryptographic processing includes decrypting the data in the information packet; and
      
      the method further comprises the step of looping back the packet with the decrypted data back in the direction from which it was received.
  - 9. A method as defined in claim 3, wherein:
    - the step of performing the cryptographic processing includes computing an integrity check value from the data in the information packet; and
      
      the method further comprises the step of looping back the information packet modified to include only header information and the computed integrity check value.

10. A cryptographic processor for in-line connection between a first processing stage, which forwards packets of information from a node processor, for cryptographic processing and subsequent transmission onto a communication network, and a second processing stage, which further processes packets prior to transmission onto the network, the cryptographic processor comprising:
- means for analyzing an incoming information packet received from the first processing stage, including means for analyzing a cryptographic preamble inserted in the packet prior to its reaching the cryptographic processor;
  
  means responsive to an offset field in the cryptographic preamble, for locating the start of a data field in the information packet that is to be cryptographically processed;
  
  means for cryptographically processing the data field to be processed;
  
  means for conditioning the means for cryptographically processing to perform a requested mode of processing based on the contents of a mode field in the cryptographic preamble; and
  
  means for stripping the cryptographic preamble from the information packet if the mode of processing calls for transmission of the packet to the second processing means.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. A cryptographic processor as defined in claim 10, wherein:
    - one of the modes of processing is encryption of data in the information packet and forwarding the encrypted packet to the second processing stage for transmission onto the network.
  - 12. A cryptographic processor as defined in claim 10, wherein:
    - one of the modes of processing is computing a cryptographic checksum of data, and forwarding the information packet, with the data and the cryptographic checksum, to the second processing stage for transmission onto the network.
  - 13. A cryptographic processor as defined in claim 10, wherein:
    - one of the modes of processing is encryption of a cipher key contained in the information packet, and looping the encrypted key back to the node processor.
  - 14. A cryptographic processor as defined in claim 10, wherein:
    - one of the modes of processing is encryption of data in the information packet and looping the encrypted data back to the node processor.
  - 15. A cryptographic processor as defined in claim 10, wherein:
    - one of the modes of processing is decryption of data in the information packet and looping the decrypted data back to the node processor.
  - 16. A cryptographic processor as defined in claim 10, wherein:
    - one of the modes of processing is computation of an integrity check value from the data in the received information packet, and looping the information packet back to the node processor with the integrity check value and header information, but without the data in the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Digital Equipment Corporation (HP Inc.)
Inventors
Gupta, Amar, Kaufman, Charles W., Hawe, William R., Tardo, Joseph J., Waters, Gregory M., Spinney, Barry A.
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
CAIN, DAVID C

Application Number

US07/546,629
Time in Patent Office

522 Days
Field of Search

380/48, 340/825.04, 340/825.07, 340/825.52, 364/242.95
US Class Current

713/161
CPC Class Codes

H04L 9/40 Network security protocols

Generic encryption technique for communication networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Generic encryption technique for communication networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links