Method and apparatus for providing cryptographic protection of a data stream in a communication system
DC CAFCFirst Claim
1. In a communication system having a physical layer, data link layer, and a network layer, a method for providing cryptographic protection of a data stream, comprising:
- (a) assigning a packet sequence number to a packet derived from a data stream received from the network layer;
(b) updating a transmit overflow sequence number as a function of the packet sequence number;
(c) encrypting, prior to communicating the packet and the packet sequence number on the physical layer, the packet as a function of the packet sequence number and the transmit overflow sequence number;
(d) extracting the packet sequence number from the physical layer;
(e) updating a receive overflow sequence number as a function of the packet sequence number; and
(f) decrypting the encrypted packet as a function of the packet sequence number and the receive overflow sequence number.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method and apparatus for providing cryptographic protection of a data stream are described in accordance with the Open Systems Interconnection (OSI) model for a communication system. This cryptographic protection is accomplished on the transmitting side by assigning a packet sequence number to a packet derived from a data stream received from a network layer. Subsequently, a transmit overflow sequence number is updated as a function of the packet sequence number. Then, prior to communicating the packet and the packet sequence number on a physical layer, the packet is encrypted as a function of the packet sequence number and the transmit overflow sequence number. On the receiving side, the packet sequence number is extracted from the physical layer. In addition, a receive overflow sequence number is updated as a function of the packet sequence number. Finally, the encrypted packet is decrypted as a function of the packet sequence number and the receive overflow sequence number. In addition, a transmitting and a receiving communication unit for use in a communication system which includes cryptographic protection of a data stream is described.
196 Citations
18 Claims
-
1. In a communication system having a physical layer, data link layer, and a network layer, a method for providing cryptographic protection of a data stream, comprising:
-
(a) assigning a packet sequence number to a packet derived from a data stream received from the network layer; (b) updating a transmit overflow sequence number as a function of the packet sequence number; (c) encrypting, prior to communicating the packet and the packet sequence number on the physical layer, the packet as a function of the packet sequence number and the transmit overflow sequence number; (d) extracting the packet sequence number from the physical layer; (e) updating a receive overflow sequence number as a function of the packet sequence number; and (f) decrypting the encrypted packet as a function of the packet sequence number and the receive overflow sequence number. - View Dependent Claims (2, 3, 4)
-
-
5. In a communication system having a physical layer, data link layer, and a network layer, a method for providing cryptographic protection of a data stream, comprising:
-
(a) segmenting a data stream received from the network layer into a plurality of packets; (b) assigning a packet sequence number to each packet of the plurality of packets; (c) updating each transmit overflow sequence number as a function of each packet sequence number; (d) modifying each transmit overflow sequence number to indicate the direction of transmission, the direction of transmission being selected from the group consisting of an uplink transmission and a downlink transmission; (e) encrypting each particular packet of the plurality of packets as a function of a predetermined session key, the packet sequence number associated with the particular packet, and the modified transmit overflow sequence number associated with the particular packet; (f) buffering the encrypted plurality of packets; (g) transmitting the encrypted plurality of packets and the packet sequence number associated with each packet on the physical layer; (h) receiving the encrypted plurality of packets and the packet sequence number associated with each packet from the physical layer into a receiving buffer; (i) extracting each packet sequence number from the receiving buffer; (j) organizing the plurality of packets within the receiving buffer to ensure that the plurality of packets are extracted from the receiving buffer in order by sequence number; (k) updating a receive overflow sequence number as a function of each packet sequence number; (l) modifying each receive overflow sequence number to indicate the direction of reception, the direction of reception being selected from the group consisting of an uplink reception and a downlink reception; (m) decrypting each encrypted packet of the plurality of packets in the receiving buffer as a function of the predetermined session key, the packet sequence number associated with the particular packet, and the modified receive overflow sequence number associated with the particular packet; (n) concatenating the decrypted plurality of packets to form a received data stream; and (o) sending the received data stream to the network layer.
-
-
6. A transmitting communication unit for providing cryptographic protection of a data stream in a communication system having a physical layer, data link layer, and a network layer, transmitting communication unit comprising a data link layer device having:
-
(a) assigning means for assigning a packet sequence number to a packet derived from a data stream received from the network layer; (b) updating means, operatively coupled to the assigning means, for updating a transmit overflow sequence number as a function of the packet sequence number; and (c) encrypting means, operatively coupled to the assigning means and the updating means, for encrypting, prior to communicating the packet and the packet sequence number on the physical layer, the packet as a function of the packet sequence number and the transmit overflow sequence number. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A receiving communication unit for providing cryptographic protection of a data stream in a communication system having a physical layer, data link layer, and a network layer, receiving communication unit comprising a data link layer device having:
-
(a) extracting means for extracting a packet sequence number from the physical layer; (b) updating means, operatively coupled to the extracting means, for updating a receive overflow sequence number as a function of the packet sequence number; and (c) decrypting means, operatively coupled to the extracting means and the updating means, for decrypting an encrypted packet as a function of the packet sequence number and the receive overflow sequence number. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. In a communication system having a physical layer, data link layer, and a network layer, a method for providing cryptographic protection of a data stream, comprising:
-
(a) assigning a packet sequence number to a packet derived from a data stream received from the network layer; (b) updating a transmit overflow sequence number as a function of the packet sequence number; and (c) encrypting, prior to communicating the packet and the packet sequence number on the physical layer, the packet as a function of the packet sequence number and the transmit overflow sequence number.
-
-
18. In a communication system having a physical layer, data link layer, and a network layer, a method for providing cryptographic protection of a data stream, comprising:
-
(a) extracting a packet sequence number from the physical layer; (b) updating a receive overflow sequence number as a function of the packet sequence number; and (c) decrypting an encrypted packet as a function of the packet sequence number and the receive overflow sequence number.
-
Specification