Computer network encryption/decryption device
First Claim
1. In an apparatus for encrypting a first packet transmitted from a first computer network to a second computer network, wherein said first packet includes a header field containing information about the first packet and a data field containing data, said apparatus including a first network connection, a second network connection, data encryption means for encrypting said first packet, and memory means for storing matching criteria, said matching criteria including a list of source addresses and a list of destination addresses, and key information;
- a method of operating said apparatus to selectively encrypt said first packet, said method comprising the steps of;
receiving said first packet from said first network via said first network connection;
extracting said information about the first packet from said header field of said first packet;
comparing said information about the first packet with said matching criteria to determine if said first packet is to be encrypted; and
encrypting said first packet.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer network encryption/decryption device includes at least one microprocessor, microprocessor support hardware, at least two network ports for connecting to upstream and downstream networks, memory hardware for storing program, configuration, and keylist data, and data encryption/decryption hardware. The device operates in one of two modes by selectively encrypting or decrypting packets or portions of packets based on information contained in a packer'"'"'s header.
-
Citations
45 Claims
-
1. In an apparatus for encrypting a first packet transmitted from a first computer network to a second computer network, wherein said first packet includes a header field containing information about the first packet and a data field containing data, said apparatus including a first network connection, a second network connection, data encryption means for encrypting said first packet, and memory means for storing matching criteria, said matching criteria including a list of source addresses and a list of destination addresses, and key information;
-
a method of operating said apparatus to selectively encrypt said first packet, said method comprising the steps of; receiving said first packet from said first network via said first network connection; extracting said information about the first packet from said header field of said first packet; comparing said information about the first packet with said matching criteria to determine if said first packet is to be encrypted; and encrypting said first packet. - View Dependent Claims (2, 3)
-
-
4. In an apparatus for decrypting the data field of a second packet transmitted from a second computer network to a first computer network, wherein said second packet includes a header field containing information about the second packet and a data field containing data, said apparatus including a first network connection, a second network connection, data decryption means for decrypting said data field of said second packet, and memory means for storing matching criteria, said matching criteria including a list of source addresses and destination addresses, and key information;
-
a method of operating said apparatus to selectively decrypt said data field of said second packet, said method comprising the steps of; receiving said second packet from said second network via said second network connection; extracting said information about the second packet from said header field of said second packet; comparing said information about the second packet with said matching criteria to determine if said data field of said second packet is to be decrypted; and decrypting said data field of said second packet. - View Dependent Claims (5, 6)
-
-
7. An apparatus for encrypting a first packet transmitted from a first computer network to a second computer network, wherein said first packet includes a header field containing information about the first packet and a data field containing data, said apparatus comprising:
-
means for receiving said first packet from said first network; means, coupled to said means for receiving, for extracting said information about the first packet from said header field of said first packet; memory means for storing matching criteria, said matching criteria including a list of source addresses and destination addresses; means, coupled to said memory means, for comparing said information about the first packet extracted from said header field of said first packet with said matching criteria to determine if said first packet is to be encrypted; and means for encrypting said first packet. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. An apparatus for decrypting the data field of a second packet transmitted from a second computer network to a first computer network, wherein said second packet includes a header field containing information about the second packet and a data field containing data, said apparatus comprising:
-
means for receiving said second packet from said second network; means, coupled to said means for receiving, for extracting said information about the second packet from said header field of said second packet; memory means for storing matching criteria, said matching criteria including a list of source addresses and destination addresses; means, coupled to said memory means, for comparing said information about the second packet extracted from said header field of said second packet with said matching criteria to determine if said data field of said second packet is to be decrypted; and means for decrypting said data field of said second packet. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification