Encryption mechanism in advanced packet switching system

US 7,239,634 B1
Filed: 06/17/2002
Issued: 07/03/2007
Est. Priority Date: 06/17/2002
Status: Active Grant

First Claim

Patent Images

1. A packet switching system comprising:

a packet identifying unit for detecting a virtual connection identifier (VCID) marker indicating that a VCID is provided in a portion of an incoming Internet Protocol (IP) packet allocated for IP address fields,an encryption detecting unit responsive to the incoming IP packet for determining whether at least a section of the portion of the incoming packet allocated for IP address fields comprises encrypted data, anda decrypting unit responsive to the encryption detecting unit for decrypting the encrypted data, if the encrypted data is detected, to produce decrypted data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet switching system for switching packets over corporate networks and the Internet using Internet Protocol (IP) suite of protocols is provided with an encryption detecting unit that determines whether at least a section of a portion of an incoming packet allocated for Internet Protocol (IP) address fields comprises encrypted data. If the encrypted data is detected, a decrypting unit decrypts the encrypted data. A packet identifying unit detects a virtual connection identifier (VCID) marker indicating that a VCID is provided in the portion of the incoming packet allocated for IP address fields. A data extracting unit extracts the VCID from the decrypted data. For example, the data extracting unit may extracts original source and destination IP addresses, or a Quality of Service (QoS) field for identifying parameters of Quality of Service. A route processing engine determines a route for forwarding the packet, and a packet forwarding unit places the packet into a queue for transmission. An encrypting unit encrypts the VCID of packets transmitted to a network that uses virtual connection identifiers for switching packets.

48 Citations

View as Search Results

25 Claims

1. A packet switching system comprising:
- a packet identifying unit for detecting a virtual connection identifier (VCID) marker indicating that a VCID is provided in a portion of an incoming Internet Protocol (IP) packet allocated for IP address fields,an encryption detecting unit responsive to the incoming IP packet for determining whether at least a section of the portion of the incoming packet allocated for IP address fields comprises encrypted data, anda decrypting unit responsive to the encryption detecting unit for decrypting the encrypted data, if the encrypted data is detected, to produce decrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, further comprising a data extracting unit for extracting the VCID from the decrypted data.
  - 3. The system of claim 2, wherein the data extracting unit is configured for extracting original source and destination IP addresses from the decrypted data.
  - 4. The system of claim 3, wherein the data extracting unit is configured for extracting from the decrypted data a Quality of Service (QoS) field for identifying parameters of Quality of Service.
  - 5. The system of claim 4, wherein the QoS field includes a Class of Service for identifying parameters of Class of Service.
  - 6. The system of claim 5, wherein the data extracting unit is configured for extracting security and management parameters from the decrypted data.
  - 7. The system of claim 6, further comprising a route processing engine responsive to the data extracting unit for determining a route for forwarding the packet.
  - 8. The system of claim 7, further comprising a packet forwarding unit responsive to the route processing unit for placing the packet into a queue for transmission.
  - 9. The system of claim 8, wherein the encrypting unit is configured for encrypting only packets transmitted to a network that uses virtual connection identifiers for switching packets.
  - 10. The system of claim 9, wherein the encrypting unit is configured for encrypting the original source and destination IP addresses.
  - 11. The system of claim 9, wherein the encrypting unit is configured for encrypting the QoS field.
  - 12. The system of claim 9, wherein the encrypting unit is configured for encrypting the security and management parameters.

13. A method of switching packets comprising the steps of:
- detecting a virtual connection identifier (VCID) marker indicating that a VCID is provided in a portion of an incoming Internet Protocol (IP) packet allocated for IP address fields,inspecting the incoming IP packet to determine whether at least a section of the portion of the incoming packet allocated for IP address fields comprises encrypted data, andif the encrypted data is detected, decrypting the encrypted data to produce decrypted data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The method of claim 13, further comprising the step of extracting the VCID.
  - 15. The method of claim 14, further comprising the step of extracting original source and destination IP addresses from the decrypted data.
  - 16. The method of claim 15, further comprising the step of extracting from the decrypted data a QoS field for identifying parameters of Quality of Service.
  - 17. The method of claim 16, wherein the QoS field includes a Class of Service for identifying parameters of Class of Service.
  - 18. The method of claim 16, further comprising the step of extracting security and management parameters from the decrypted data.
  - 19. The method of claim 18, further comprising the step of determining a route for forwarding the packet.
  - 20. The method of claim 19, further comprising the step of placing the packet into a queue for transmission.
  - 21. The method of claim 20 further comprising the step of encrypting at least an element of data provided in the portion of the packet allocated for IP addresses, after the step of placing the packet into a queue for transmission.
  - 22. The method of claim 21, wherein the step of encrypting is carried out for encrypting only packets transmitted to a network that uses virtual connection identifiers for switching packets.
  - 23. The method of claim 22, wherein the step of encrypting comprises encrypting the original source and destination IP addresses.
  - 24. The method of claim 22, wherein the step of encrypting comprises encrypting the QoS field.
  - 25. The method of claim 22, wherein the step of encrypting comprises encrypting the security and management parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Signafor Incorporated
Original Assignee
Signafor Incorporated
Inventors
Chakravorty, Sham
Primary Examiner(s)
Pham; Chi
Assistant Examiner(s)
Hyun; Soon D.

Application Number

US10/172,008
Time in Patent Office

1,842 Days
Field of Search

None
US Class Current

370/392
CPC Class Codes

H04L 49/30   Peripheral units, e.g. inpu...

H04L 63/0428   wherein the data content is...

H04L 69/22   Parsing or analysis of headers

Encryption mechanism in advanced packet switching system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption mechanism in advanced packet switching system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links