Apparatus and a method for secure communications for network computers

US 6,922,785 B1
Filed: 05/11/2000
Issued: 07/26/2005
Est. Priority Date: 05/11/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method in a distributed data processing system for implementing secure network communication, the method comprising the data processing system implemented steps of:

receiving a block of data from a segmentation logic on a network interface card;

encrypting the block of data using encryption hardware built on the network interface card;

putting the encrypted data into a packet frame;

setting a flag in a header of the packet frame indicating an encryption algorithm, from a plurality of encryption algorithms, used to encrypt the block of data;

inserting a validation value for the encrypted data in a trailer of the packet frame; and

sending the packet over a network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Encryption hardware built on a network interface card is provided by the present invention for encrypting data sent from a computer to a network. A block of data is retrieved from the network interface card, encrypted using encryption hardware, and inserted into a data packet. A flag is set in the packet header to indicate the encryption type. If the data packet is received by a system equipped with similar network interface card, decryption algorithm indicated by the flag is applied to the data using decryption hardware on the network interface card. The decrypted data is sent to re-assembly logic to rebuild the original message for the transmitted packets. The original message is sent to a computer memory via a system bus for further processing. If the data packet is received by a system not equipped with the network interface card, suitable software is provided to decrypt the data packet.

68 Citations

View as Search Results

18 Claims

1. A method in a distributed data processing system for implementing secure network communication, the method comprising the data processing system implemented steps of:
- receiving a block of data from a segmentation logic on a network interface card;
  
  encrypting the block of data using encryption hardware built on the network interface card;
  
  putting the encrypted data into a packet frame;
  
  setting a flag in a header of the packet frame indicating an encryption algorithm, from a plurality of encryption algorithms, used to encrypt the block of data;
  
  inserting a validation value for the encrypted data in a trailer of the packet frame; and
  
  sending the packet over a network.
- View Dependent Claims (2, 13)
- - 2. The method of claim 1, wherein the encryption hardware on the network interface card does not use a main central processing unit for a computer.
  - 13. The method of claim 1, wherein the plurality of encryption algorithms includes Data Encryption Standard (DES) and Public Key Cryptography (RSA).

3. A method in a distributed data processing system for implementing secure network communication, the method comprising the data processing system implemented steps of:
- receiving a block of data from a packet frame on a network interface card;
  
  validating the data based on a validation value in a trailer of the packet frame;
  
  detecting an encryption algorithm used to encrypt the block of data based on a flag in a header of the packet frame;
  
  decrypting the block of data in decryption hardware built on the network interface card using the detected encryption algorithm; and
  
  sending the decrypted data to a reassembly logic on the network interface card.
- View Dependent Claims (4, 14)
- - 4. The method of claim 3, wherein the decryption hardware on the network interface card does not use a main central processing unit for a computer.
  - 14. The method of claim 3, wherein the detected encryption algorithm includes one of Data Encryption Standard (DES) and Public Key Cryptography (RSA).

5. A data processing system for implementing secure network communication, the data processing system comprising:
- a receiving means for receiving a block of data from a segmentation logic on a network interface card;
  
  an encrypting means for encrypting the block of data using encryption hardware built on the network interface card;
  
  a transfer means for transferring the encrypted data into a packet frame;
  
  a flagging means for setting a flag in a header of the packet frame indicating an encryption algorithm, from a plurality of encryption algorithms, used to encrypt the block of data;
  
  an inserting means for inserting a validation value for the encrypted data in a trailer of the packet frame; and
  
  a sending means for sending the packet over a network.
- View Dependent Claims (6, 15)
- - 6. The data processing system of claim 5, wherein the encryption hardware on the network interface card does not use a main central processing unit for a computer.
  - 15. The data processing system of claim 5, wherein the plurality of encryption algorithms includes Data Encryption Standard (DES) and Public Key Cryptography (RSA).

7. A data processing system for implementing secure network communication, the data processing system comprising:
- a receiving means for receiving a block of data from a packet fame on a network interface card;
  
  a validating means for validating the data based on a validation value in a trailer of the packet frame;
  
  a detecting means for detecting an encryption algorithm used to encrypt the block of data based on a flag in a header of the packet frame;
  
  a decrypting means for decrypting the block of data in decryption hardware built on the network interface card using the detected encryption algorithm; and
  
  a sending means for sending the decrypted data to a re-assembly logic on the network interface card.
- View Dependent Claims (8, 16)
- - 8. The data processing system of claim 7, wherein the decryption hardware on the network interface card does not use a main central processing unit for a computer.
  - 16. The data processing system of claim 7, wherein the detected encryption algorithm includes one of Data Encryption Standard (DES) and Public Key Cryptography (RSA).

9. A computer program product for implementing secure network communication, the computer program product comprising:
- instructions for receiving a block of data from a segmentation logic on a network interface card;
  
  instructions for encrypting the block of data using encryption hardware built on the network interface card;
  
  instructions for putting the encrypted data into a packet frame;
  
  instructions for setting a flag in a header of the packet frame indicating an encryption algorithm, from a plurality of encryption algorithms, used to encrypt the block of data;
  
  instructions for inserting a validation value for the encrypted data in a trailer of the packet frame; and
  
  instructions for sending the packet over a network.
- View Dependent Claims (10, 12, 17)
- - 10. The computer program product of claim 9, wherein the instructions for encryption on the network interface card does not use a main central processing unit for a computer.
  - 12. The computer program product of claim 9, wherein the instructions for decryption on the network interface card does not use a main central processing unit for a computer.
  - 17. The computer program product of claim 9, wherein the plurality of encryption algorithms includes Data Encryption Standard (DES) and Public Key Cryptography (RSA).

11. A computer program product for implementing secure network communication, the computer program product comprising:
- instructions for receiving a block of data from a packet frame on a network interface card;
  
  instructions for validating the data based on a validation value in a trailer of the packet frame;
  
  instructions for detecting an encryption algorithm used to encrypt the block of data based on a flag in a header of the packet frame;
  
  instructions for decrypting the block of data in decryption hardware built on the network interface card using the detected encryption algorithm; and
  
  instructions for sending the decrypted data to a re-assembly logic on the network interface card.
- View Dependent Claims (18)
- - 18. The computer program product of claim 11, wherein the detected encryption algorithm includes one of Data Encryption Standard (DES) and Public Key Cryptography (RSA).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Gupta, Sanjay, Brewer, James Arthur
Primary Examiner(s)
Rones, Charles
Assistant Examiner(s)
ORTIZ DITREN, BELIX M

Application Number

US09/569,499
Time in Patent Office

1,902 Days
Field of Search

713/153, 713/192, 713200-202, 713/151, 713/154, 713/176, 713/161, 380/28, 380/21, 380/47, 380 1- 2, 340/825.07, 340/824, 340/824.04, 710/15, 710/52
US Class Current

713/153
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 63/0428   wherein the data content is...

H04L 63/0485   Networking architectures fo...

H04L 9/0625   with splitting of the data ...

H04L 9/302   involving the integer facto...

Apparatus and a method for secure communications for network computers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and a method for secure communications for network computers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links