Computer network encryption/decryption device

US 5,444,782 A
Filed: 01/19/1994
Issued: 08/22/1995
Est. Priority Date: 03/09/1993
Status: Expired due to Term

First Claim

Patent Images

1. In an apparatus for encrypting a first packet transmitted from a first computer network to a second computer network, wherein said first packet includes a header field containing information about the first packet and a data field containing data, said apparatus including a first network connection, a second network connection, data encryption means for encrypting said first packet, and memory means for storing matching criteria, said matching criteria including a list of source addresses and a list of destination addresses, and key information;

a method of operating said apparatus to selectively encrypt said first packet, said method comprising the steps of;

receiving said first packet from said first network via said first network connection;

extracting said information about the first packet from said header field of said first packet;

comparing said information about the first packet with said matching criteria to determine if said first packet is to be encrypted; and

encrypting said first packet.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network encryption/decryption device includes at least one microprocessor, microprocessor support hardware, at least two network ports for connecting to upstream and downstream networks, memory hardware for storing program, configuration, and keylist data, and data encryption/decryption hardware. The device operates in one of two modes by selectively encrypting or decrypting packets or portions of packets based on information contained in a packer'"'"'s header.

Citations

45 Claims

1. In an apparatus for encrypting a first packet transmitted from a first computer network to a second computer network, wherein said first packet includes a header field containing information about the first packet and a data field containing data, said apparatus including a first network connection, a second network connection, data encryption means for encrypting said first packet, and memory means for storing matching criteria, said matching criteria including a list of source addresses and a list of destination addresses, and key information;
- a method of operating said apparatus to selectively encrypt said first packet, said method comprising the steps of;
  
  receiving said first packet from said first network via said first network connection;
  
  extracting said information about the first packet from said header field of said first packet;
  
  comparing said information about the first packet with said matching criteria to determine if said first packet is to be encrypted; and
  
  encrypting said first packet.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further including the step of:
    - transmitting a second packet to said second network via said second network connection if said first packet has been encrypted, said second packet comprising a second header field containing information about the second packet, and a second data field containing said encrypted first packet.
  - 3. The method of claim 1 further including the step of:
    - transmitting said first packet to said second network via said second network connection if said first packet has not been encrypted.

4. In an apparatus for decrypting the data field of a second packet transmitted from a second computer network to a first computer network, wherein said second packet includes a header field containing information about the second packet and a data field containing data, said apparatus including a first network connection, a second network connection, data decryption means for decrypting said data field of said second packet, and memory means for storing matching criteria, said matching criteria including a list of source addresses and destination addresses, and key information;
- a method of operating said apparatus to selectively decrypt said data field of said second packet, said method comprising the steps of;
  
  receiving said second packet from said second network via said second network connection;
  
  extracting said information about the second packet from said header field of said second packet;
  
  comparing said information about the second packet with said matching criteria to determine if said data field of said second packet is to be decrypted; and
  
  decrypting said data field of said second packet.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4 further including the step of:
    - transmitting a first packet to said first network via said first network connection if said data field of said second packet has been decrypted, said first packet comprising said decrypted data field of said second packet.
  - 6. The method of claim 4 further including the step of:
    - transmitting said second packet to said first network via said first network connection if said data field of said second packet has not been decrypted.

7. An apparatus for encrypting a first packet transmitted from a first computer network to a second computer network, wherein said first packet includes a header field containing information about the first packet and a data field containing data, said apparatus comprising:
- means for receiving said first packet from said first network;
  
  means, coupled to said means for receiving, for extracting said information about the first packet from said header field of said first packet;
  
  memory means for storing matching criteria, said matching criteria including a list of source addresses and destination addresses;
  
  means, coupled to said memory means, for comparing said information about the first packet extracted from said header field of said first packet with said matching criteria to determine if said first packet is to be encrypted; and
  
  means for encrypting said first packet.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The apparatus of claim 7 further including means for transmitting a second packet to said second network if said first packet has been encrypted, said second packet comprising a second header field containing information about the second packet, and a second data field containing said encrypted first packet.
  - 9. The apparatus of claim 8 wherein said information about the second packet includes source and destination information.
  - 10. The apparatus of claim 7 further including means for transmitting said first packet to said second network if said first packet has not been encrypted.
  - 11. The apparatus of claim 7 wherein said information about the first packet includes destination information.
  - 12. The apparatus of claim 7 wherein said matching criteria includes a list of destinations to which said data fields are encrypted.
  - 13. The apparatus of claim 7 wherein said memory means also includes means for storing masking information, and said means for comparing includes means for masking said information about the first packet.

14. An apparatus for decrypting the data field of a second packet transmitted from a second computer network to a first computer network, wherein said second packet includes a header field containing information about the second packet and a data field containing data, said apparatus comprising:
- means for receiving said second packet from said second network;
  
  means, coupled to said means for receiving, for extracting said information about the second packet from said header field of said second packet;
  
  memory means for storing matching criteria, said matching criteria including a list of source addresses and destination addresses;
  
  means, coupled to said memory means, for comparing said information about the second packet extracted from said header field of said second packet with said matching criteria to determine if said data field of said second packet is to be decrypted; and
  
  means for decrypting said data field of said second packet.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 15. The apparatus of claim 14 further including means for transmitting a first packet to said first network if said data field of said second packet has been decrypted, said first packet comprising the decrypted data field of said second packet.
  - 16. The apparatus of claim 14 further including means for transmitting said second packet to said first network if said data field of said second packet has not been decrypted.
  - 17. The apparatus of claim 14 wherein said information about the second packet includes source information.
  - 18. The apparatus of claim 14 wherein said matching criteria includes a list of sources from which said data fields are decrypted.
  - 19. The apparatus of claim 14 wherein said memory means also includes means for storing masking information, and said means for comparing includes means for masking said information about the second packet.
  - 20. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a router.
  - 21. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a media adaptor unit.
  - 22. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a printer.
  - 23. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a printer spooler.
  - 24. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a modem.
  - 25. The apparatus of claim 7 or claim 14 wherein said apparatus ms incorporated into a modem spooler.
  - 26. The apparatus of claim 7 or claim 14 wherein said apparatus ms incorporated into a workstation.
  - 27. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a personal computer.
  - 28. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a laptop computer.
  - 29. The apparatus of claim 7 or claim 14 wherein said apparatus ms incorporated into a multiport repeater.
  - 30. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a microrepeater.
  - 31. The apparatus of claim 7 or claim 14 wherein said apparatus ms incorporated into a network concentrator.
  - 32. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a network multiplexer.
  - 33. The apparatus of claim 7 or claim 14 wherein .said apparatus is incorporated into an internetwork adaptor.
  - 34. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a network bridge.
  - 35. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a network repeater.
  - 36. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a terminal.
  - 37. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into an X windows terminal.
  - 38. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a disk drive.
  - 39. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a CD ROM drive.
  - 40. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a tape drive.
  - 41. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a keyboard.
  - 42. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a piece of testing or monitoring equipment.
  - 43. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a file server.
  - 44. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a remote system backup device.
  - 45. The apparatus of claim 7 or claim 14 wherein said apparatus is incorporated into a gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Uunet Technologies, Inc. (Verizon Communications Inc.)
Inventors
Adams, Jr., Richard L., Hallenbeck, Peter D.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/184,631
Time in Patent Office

580 Days
Field of Search

380/9, 380/20, 380/21, 380/23, 380/25, 380/43, 380/49, 380/50
US Class Current

713/153
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 9/40 Network security protocols

Computer network encryption/decryption device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Computer network encryption/decryption device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links