Selective encryption with parallel networks
DC CAFCFirst Claim
Patent Images
1. A method of preparing data for transmission, comprising:
- obtaining connections to at least two networks which are at least partially in parallel and which differ in their respective security characteristics;
receiving data packets in a first collection of data packets;
receiving data packets in a second collection of data packets;
treating each of the data packets of the first collection with a supplemental security measure which corresponds to a difference in respective security characteristics of a first network, namely, the internet, and a second network, namely, a private network, wherein the supplemental security measure for treating a data packet includes at least encrypting data in the data packet according to a security policy;
submitting the encrypted data packets of the first collection for transmission over a first path over the internet; and
submitting the data packets of the second collection for transmission over a second path through the private network, without treating the data packets of the second collection with the supplemental security measure;
wherein transmission of the data packet collections utilizes the networks, which are at least partially in parallel and which differ in their respective security characteristics, and data packets to be transmitted over one of the networks have been treated before their transmission over that network with a security measure which is not applied before transmission to data packets that are to be transmitted over another network.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Methods, devices, and systems for efficient secure parallel data transmission are disclosed. Data from a local source is divided, with one portion being encrypted and then sent over an open public network, and another portion being sent over a private network without any such supplemental encryption. The portions are thus transmitted at least partially in parallel over networks having different security characteristics, in a manner that helps compensate for the lower security of the open public network without imposing unnecessary encryption overhead on packets being sent over the more secure private network.
98 Citations
25 Claims
-
1. A method of preparing data for transmission, comprising:
-
obtaining connections to at least two networks which are at least partially in parallel and which differ in their respective security characteristics; receiving data packets in a first collection of data packets; receiving data packets in a second collection of data packets; treating each of the data packets of the first collection with a supplemental security measure which corresponds to a difference in respective security characteristics of a first network, namely, the internet, and a second network, namely, a private network, wherein the supplemental security measure for treating a data packet includes at least encrypting data in the data packet according to a security policy; submitting the encrypted data packets of the first collection for transmission over a first path over the internet; and submitting the data packets of the second collection for transmission over a second path through the private network, without treating the data packets of the second collection with the supplemental security measure; wherein transmission of the data packet collections utilizes the networks, which are at least partially in parallel and which differ in their respective security characteristics, and data packets to be transmitted over one of the networks have been treated before their transmission over that network with a security measure which is not applied before transmission to data packets that are to be transmitted over another network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A controller for data transmission, comprising:
-
components configured for transmission of data packets utilizing at least two networks at least partially in parallel to efficiently compensate for lower security in one network, namely; a first interface to a first wide area network which has a first set of security characteristics; a second interface to a second wide area network which has a second set of security characteristics, the second set of security characteristics including at least one distinguishing security characteristic that is not present in the first set of security characteristics; a supplemental security module which receives data, treats the data with a supplemental security measure including at least encryption in response to a security policy specification, and directs treated data to the first interface; a third interface to a local data source, the third interface capable of receiving data packets, directing some received packets to the supplemental security module, and directing other received packets to the second interface bypassing the supplemental security module; at least one hardware bus connecting at least one of the interfaces with the supplemental security module; wherein the controller includes software and hardware configured to operate together to receive data packets from the local data source, treat only a portion of the received data packets, and transmit the treated and untreated data packets at least partially in parallel through the wide area network interfaces; whereby transmission of the data packets utilizes the networks at least partially in parallel in a manner calculated to efficiently compensate for the lower security of the first network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A controller for efficient secure parallel data transmission, comprising:
-
components configured for transmission of data packets at least partially in parallel and to efficiently compensate for lower internet security while transmitting at least partially in parallel over the internet and a private network, namely; an internet network interface which is configured to interface the controller to an internet node; a private network interface which is configured to interface the controller to a private network which has higher security than the internet; a supplemental security module which treats data at least by encryption and which is configured to receive data, encrypt the data, and direct encrypted data to the internet interface, the supplemental security module also capable of receiving data packets from at least two wide area network interfaces, identifying encrypted packets and decrypting them, and capable of delivering decrypted data packets to an attached local area network; a local area network interface which is configured to receive data packets, direct a first portion of the packets to the supplemental security module, and direct a second portion of the packets to the private network interface bypassing the supplemental security module; a power supply; wherein the controller compensates efficiently for the lower security of the internet while transmitting at least partially in parallel over the internet and the private network, in that the controller includes software and hardware configured to operate together to receive data packets locally, encrypt only the first portion of the packets, and transmit the data packets at least partially in parallel through the network interfaces. - View Dependent Claims (23, 24, 25)
-
Specification