Selective encryption with parallel networks

DC CAFC

US 7,444,506 B1
Filed: 06/15/2006
Issued: 10/28/2008
Est. Priority Date: 12/28/2001
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A method of preparing data for transmission, comprising:

obtaining connections to at least two networks which are at least partially in parallel and which differ in their respective security characteristics;

receiving data packets in a first collection of data packets;

receiving data packets in a second collection of data packets;

treating each of the data packets of the first collection with a supplemental security measure which corresponds to a difference in respective security characteristics of a first network, namely, the internet, and a second network, namely, a private network, wherein the supplemental security measure for treating a data packet includes at least encrypting data in the data packet according to a security policy;

submitting the encrypted data packets of the first collection for transmission over a first path over the internet; and

submitting the data packets of the second collection for transmission over a second path through the private network, without treating the data packets of the second collection with the supplemental security measure;

wherein transmission of the data packet collections utilizes the networks, which are at least partially in parallel and which differ in their respective security characteristics, and data packets to be transmitted over one of the networks have been treated before their transmission over that network with a security measure which is not applied before transmission to data packets that are to be transmitted over another network.

View all claims

4 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Methods, devices, and systems for efficient secure parallel data transmission are disclosed. Data from a local source is divided, with one portion being encrypted and then sent over an open public network, and another portion being sent over a private network without any such supplemental encryption. The portions are thus transmitted at least partially in parallel over networks having different security characteristics, in a manner that helps compensate for the lower security of the open public network without imposing unnecessary encryption overhead on packets being sent over the more secure private network.

98 Citations

View as Search Results

25 Claims

1. A method of preparing data for transmission, comprising:
- obtaining connections to at least two networks which are at least partially in parallel and which differ in their respective security characteristics;
  
  receiving data packets in a first collection of data packets;
  
  receiving data packets in a second collection of data packets;
  
  treating each of the data packets of the first collection with a supplemental security measure which corresponds to a difference in respective security characteristics of a first network, namely, the internet, and a second network, namely, a private network, wherein the supplemental security measure for treating a data packet includes at least encrypting data in the data packet according to a security policy;
  
  submitting the encrypted data packets of the first collection for transmission over a first path over the internet; and
  
  submitting the data packets of the second collection for transmission over a second path through the private network, without treating the data packets of the second collection with the supplemental security measure;
  
  wherein transmission of the data packet collections utilizes the networks, which are at least partially in parallel and which differ in their respective security characteristics, and data packets to be transmitted over one of the networks have been treated before their transmission over that network with a security measure which is not applied before transmission to data packets that are to be transmitted over another network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the step of receiving data packets in a first collection is interleaved with the step of receiving data packets in a second collection, in that receipt of at least one data packet of the first collection occurs between receipt of at least two data packets of the second collection, and receipt of at least one data packet of the second collection occurs between receipt of at least two data packets of the first collection.
  - 3. The method of claim 1, wherein the supplemental security measure further includes at least one of the following:
    - user authentication, transmission source authentication, data watermarking, data tamper-detection, physical security restricting physical access to machines.
  - 4. The method of claim 1, wherein the supplemental security measure includes a particular form of data encryption which is different than an encryption used on the second network.
  - 5. The method of claim 1, further comprising tracking at least one of the following:
    - data throughput, transmission latency, transmission bandwidth, time required for encryption of data.
  - 6. The method of claim 1, further comprising dividing the data packets between the first collection and the second collection at least partly in response to at least one of the following:
    - first path load, second path load, first path failure, second path failure.
  - 7. The method of claim 1, further comprising receiving a security policy specification from at least one of an administrator, an end user, and a controller device;
    - and wherein the treating step is responsive to the security policy specification.
  - 8. The method of claim 1, further comprising receiving a revocable security override from at least one of an administrator and an end user;
    - and wherein while the security override is in effect data packets in the first collection are not encrypted.
  - 9. The method of claim 1, further comprising receiving from at least two networks a group of data packets, resequencing the data packets, and transmitting the resequenced data packets to an adjacent local area network which is identified in the packets as their destination.

10. A controller for data transmission, comprising:
- components configured for transmission of data packets utilizing at least two networks at least partially in parallel to efficiently compensate for lower security in one network, namely;
  
  a first interface to a first wide area network which has a first set of security characteristics;
  
  a second interface to a second wide area network which has a second set of security characteristics, the second set of security characteristics including at least one distinguishing security characteristic that is not present in the first set of security characteristics;
  
  a supplemental security module which receives data, treats the data with a supplemental security measure including at least encryption in response to a security policy specification, and directs treated data to the first interface;
  
  a third interface to a local data source, the third interface capable of receiving data packets, directing some received packets to the supplemental security module, and directing other received packets to the second interface bypassing the supplemental security module;
  
  at least one hardware bus connecting at least one of the interfaces with the supplemental security module;
  
  wherein the controller includes software and hardware configured to operate together to receive data packets from the local data source, treat only a portion of the received data packets, and transmit the treated and untreated data packets at least partially in parallel through the wide area network interfaces;
  
  whereby transmission of the data packets utilizes the networks at least partially in parallel in a manner calculated to efficiently compensate for the lower security of the first network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The controller of claim 10, wherein the controller handles traffic of at least one of the following types:
    - IP, IPX, TCP, UDP.
  - 12. The controller of claim 10, wherein at least one of the following holds:
    - the first interface is configured to interface to an open public network, the second interface is configured to interface to a virtual private network.
  - 13. The controller of claim 10, wherein the controller further comprises a network router module.
  - 14. The controller of claim 10, wherein the controller is a local controller which is capable of communicating with a remote controller to identify available security measures.
  - 15. The controller of claim 14, wherein the local controller is capable of receiving from the remote controller a list identifying available security measures, and the local controller is capable of responding to the remote controller with at least one of the following:
    - an election specifying which security measure(s) to use, an indication that the available security measure(s) are inadequate and the data will therefore not be transmitted through the local controller.
  - 16. The controller of claim 10, wherein the controller is configured to send encrypted data over the first interface and to send plaintext data over the second interface.
  - 17. The controller of claim 16, wherein at least one of the following holds:
    - the first interface is configured to interface to the internet, the second interface is configured to interface to a private network.
  - 18. The controller of claim 10, comprising an encryption module which is capable of receiving data packets from at least two wide area network interfaces, identifying encrypted packets and decrypting them, and the controller is capable of delivering decrypted data packets to an attached local area network.
  - 19. The controller of claim 10, further comprising a resequencing module which is capable of receiving data packets from at least two wide area network interfaces and resequencing them, and the controller is capable of delivering resequenced data packets to an attached local area network.
  - 20. The controller of claim 10, wherein the supplemental security module is configured to treat data by at least one of the following:
    - authentication, and watermarking; and
      
      wherein the supplemental security module is configured to do so in response to a security selection.
  - 21. The controller of claim 10, further comprising a security override, and wherein if the security override is enabled then the controller is configured to not treat data sent over the first interface, thereby allowing temporary suspension of application of supplemental security.

22. A controller for efficient secure parallel data transmission, comprising:
- components configured for transmission of data packets at least partially in parallel and to efficiently compensate for lower internet security while transmitting at least partially in parallel over the internet and a private network, namely;
  
  an internet network interface which is configured to interface the controller to an internet node;
  
  a private network interface which is configured to interface the controller to a private network which has higher security than the internet;
  
  a supplemental security module which treats data at least by encryption and which is configured to receive data, encrypt the data, and direct encrypted data to the internet interface, the supplemental security module also capable of receiving data packets from at least two wide area network interfaces, identifying encrypted packets and decrypting them, and capable of delivering decrypted data packets to an attached local area network;
  
  a local area network interface which is configured to receive data packets, direct a first portion of the packets to the supplemental security module, and direct a second portion of the packets to the private network interface bypassing the supplemental security module;
  
  a power supply;
  
  wherein the controller compensates efficiently for the lower security of the internet while transmitting at least partially in parallel over the internet and the private network, in that the controller includes software and hardware configured to operate together to receive data packets locally, encrypt only the first portion of the packets, and transmit the data packets at least partially in parallel through the network interfaces.
- View Dependent Claims (23, 24, 25)
- - 23. The controller of claim 22, wherein the supplemental security module is configured to respond to an encryption selection to allow a user of the controller to select between at least two of the following:
    - a symmetric encryption, an asymmetric encryption, an encryption meeting a DES standard, an encryption meeting a United States governmental export standard.
  - 24. The controller of claim 22, wherein the controller is a local controller, in combination with a remote controller which is configured to communicate with the local controller to coordinate security for a data transmission, thereby facilitating a secure efficient parallel data transmission system.
  - 25. The controller of claim 22, wherein the controller further comprises a router.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Fatpipe Networks Private Ltd.
Original Assignee
Ragula Systems Incorporated
Inventors
Ragula, Bhaskar, Datta, Sanchaita
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
Abedin; Shanto M

Application Number

US11/424,263
Time in Patent Office

866 Days
Field of Search

713/151, 713/152, 713/153, 713/154, 713/160, 713/162, 713/155, 726/2, 726/3, 726/11, 726/10, 726/13, 726/26, 709/201, 709/232, 709/244, 370/270, 370/392
US Class Current

713/153
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/18 using different networks or...

Selective encryption with parallel networks

First Claim

4 Assignments

Litigations

0 Petitions

Accused Products

Abstract

98 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Selective encryption with parallel networks

First Claim

4 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links