Modular cryptographic device providing enhanced communication control features and related methods

US 7,644,289 B2
Filed: 03/23/2004
Issued: 01/05/2010
Est. Priority Date: 03/23/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A cryptographic device comprising:

a cryptographic module and a communications module coupled thereto;

said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor;

said communications module comprising a network communications interface coupled to said cryptographic processor;

said host network processor generating cryptographic processor command packets for said cryptographic processor, each comprising an address portion for addressing the cryptographic processor and a data portion;

each data portion including one of unencrypted data and command packets for said communications module;

said host network processor also encapsulating the command packets for said communications module in the data portions of said cryptographic processor command packets;

said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module command packet to said communications module without performing cryptographic processing thereon;

said cryptographic processor determining if another give cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic device may include a cryptographic module and a communications module coupled thereto. The cryptographic module may include a user network interface, a host network processor coupled to the user network interface, and a cryptographic processor coupled to the host network processor. Additionally, the communications module may include a network communications interface coupled to the cryptographic processor. The host processor may generate cryptographic processor command packets for the cryptographic processor each having an address portion and a data portion, and it may also encapsulate command packets for the communications module in the data portions of the cryptographic processor command packets. The cryptographic processor may pass the communications module command packets to the without performing cryptographic processing thereon.

31 Citations

View as Search Results

41 Claims

1. A cryptographic device comprising:
- a cryptographic module and a communications module coupled thereto;
  
  said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor;
  
  said communications module comprising a network communications interface coupled to said cryptographic processor;
  
  said host network processor generating cryptographic processor command packets for said cryptographic processor, each comprising an address portion for addressing the cryptographic processor and a data portion;
  
  each data portion including one of unencrypted data and command packets for said communications module;
  
  said host network processor also encapsulating the command packets for said communications module in the data portions of said cryptographic processor command packets;
  
  said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module command packet to said communications module without performing cryptographic processing thereon;
  
  said cryptographic processor determining if another give cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The cryptographic device of claim 1 wherein said host network processor formats the data portions based upon the simple network management protocol (SNMP).
  - 3. The cryptographic device of claim 1 wherein the communications module command packets comprise Ethernet packets.
  - 4. The cryptographic device of claim 1 wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 5. The cryptographic device of claim 1 wherein said cryptographic module further comprises:
    - a first housing carrying said user network interface, said host network processor, and said cryptographic processor; and
      
      a first connector carried by said first housing and coupled to said cryptographic processor.
  - 6. The cryptographic device of claim 5 wherein said communications module further comprises:
    - a second housing carrying said network communications interface; and
      
      a second connector carried by said second housing and being removably mateable with said first connector of said cryptographic module.
  - 7. The cryptographic device of claim 1 wherein said cryptographic processor comprises:
    - an unencrypted data buffer circuit coupled to said host network processor;
      
      a cryptography circuit coupled to said unencrypted data buffer circuit; and
      
      an encrypted data buffer circuit coupled to said cryptography circuit.
  - 8. The cryptographic device of claim 1 wherein said communications module comprises a predetermined one from among a plurality of interchangeable communications modules each for communicating over a different communications media.
  - 9. The cryptographic device of claim 1 wherein said network communications interface comprises at least one of a wireless LAN (WLAN) communication circuit, a wireline communication circuit, and a fiber optic communication circuit.
  - 10. The cryptographic device of claim 1 wherein said user network interface comprises an Ethernet Local Area Network (LAN) interface, and wherein said network communications interface comprises a network LAN interface.
  - 11. The cryptographic device of claim 5 wherein said cryptographic module further comprises a tamper circuit for disabling said cryptographic processor based upon tampering with said first housing.

12. A cryptographic device comprising:
- a cryptographic module and a communications module coupled thereto;
  
  said cryptographic module comprising a user Local Area Network (LAN) interface, a host network processor coupled to said user LAN interface, and a cryptographic processor coupled to said host network processor;
  
  said communications module comprising a network LAN interface coupled to said cryptographic processor;
  
  said host network processor generating cryptographic processor command packets for said cryptographic processor, each comprising an address portion for addressing the cryptographic processor and a data portion;
  
  each data portion including one of unencrypted data and Ethernet command packets for said communications module;
  
  said host network processor also encapsulating the Ethernet command packets for said communications module in the data portions of said cryptographic processor command packets, said host network processor formatting the data portions based upon the simple network management protocol (SNMP);
  
  said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated Ethernet command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module Ethernet command packet to said communications module without performing cryptographic processing thereon;
  
  said cryptographic processor determining if another given cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The cryptographic device of claim 12 wherein the cryptographic processor command packets comprise Internet protocol (IT) packets.
  - 14. The cryptographic device of claim 12 wherein said cryptographic module further comprises:
    - a first housing carrying said user LAN interface, said host network processor, and said cryptographic processor; and
      
      a first connector carried by said first housing and coupled to said cryptographic processor.
  - 15. The cryptographic device of claim 14 wherein said communications module further comprises:
    - a second housing carrying said network LAN interface; and
      
      a second connector carried by said second housing and being removably mateable with said first connector of said cryptographic module.
  - 16. The cryptographic device of claim 12 wherein said cryptographic processor comprises:
    - an unencrypted data buffer circuit coupled to said host network processor;
      
      a cryptography circuit coupled to said unencrypted data buffer circuit; and
      
      an encrypted data buffer circuit coupled to said cryptography circuit.
  - 17. The cryptographic device of claim 12 wherein said communications module comprises a predetermined one from among a plurality of interchangeable communications modules each for communicating over a different communications media.
  - 18. The cryptographic device of claim 12 wherein said network LAN interface comprises at least one of a wireless LAN (WLAN) communication circuit, a wireline LAN communication circuit, and a fiber optic LAN communication circuit.
  - 19. The cryptographic device of claim 12 wherein said user LAN interface comprises an Ethernet interface.
  - 20. The cryptographic device of claim 12 wherein said cryptographic module further comprises a tamper circuit for disabling said cryptographic processor based upon tampering with said first housing.

21. A communications method comprising:
- coupling a cryptographic module to a network device, the cryptographic module comprising a user network interface, a host network processor coupled to the user network interface, and a cryptographic processor coupled to the host network processor;
  
  providing a communications module comprising a network communications interface coupled to the cryptographic processor;
  
  causing the host network processor to generate cryptographic processor command packets for the cryptographic processor each comprising an address portion for addressing the cryptographic processor and a data portion;
  
  each data portion including one of unencrypted data and command packets for the communication module;
  
  the host network processor also encapsulating the command packets for the communications module in the data portions of the cryptographic processor command packets;
  
  causing the cryptographic processor to determine if a given cryptographic processor command packet includes the encapsulated command packet and based thereon strip the address portion from each cryptographic processor command packet and pass the encapsulated communications module command packet to the communications module without performing cryptographic processing thereon; and
  
  causing the cryptographic processor to determine if another given cryptographic processor command packet includes the unencrypted data packet and encrypts the unencrypted data packet and passes the encrypted data packet to the communications module.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21 further comprising causing the host network processor to format the data portions based upon the simple network management protocol (SNMP).
  - 23. The method of claim 21 wherein the communications module command packets comprise Ethernet packets.
  - 24. The method of claim 21 wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 25. The method of claim 21 wherein the user network interface comprises an Ethernet Local Area Network (LAN) interface, and wherein the network communications interface comprises a network LAN interface.

26. A communications system comprising:
- a plurality of network devices coupled together to define a network, and a cryptographic device coupled to at least one of said network devices;
  
  said cryptographic device comprising a cryptographic module coupled to said at least one network device, and a communications module coupled to said cryptographic module;
  
  said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor;
  
  said communications module comprising a network communications interface coupled to said cryptographic processor;
  
  said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion for addressing the cryptographic processor and a data portion;
  
  each data portion including one of unencrypted data and command packets for said communications module;
  
  said host network processor also encapsulating the command packets for said communications module in the data portions of said cryptographic processor command packets;
  
  said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module command packet to said communications module without performing cryptographic processing thereon,said cryptographic processor determining if another given cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 27. The system of claim 26 wherein said host network processor formats the data portions based upon the simple network management protocol (SNMP).
  - 28. The system of claim 26 wherein the communications module command packets comprise Ethernet packets, and wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 29. The system of claim 26 wherein said cryptographic module further comprises:
    - a first housing carrying said user network interface, said host network processor, and said cryptographic processor; and
      
      a first connector carried by said first housing and coupled to said cryptographic processor.
  - 30. The system of claim 29 wherein said communications module further comprises:
    - a second housing carrying said network communications interface; and
      
      a second connector carried by said second housing and being removably mateable with said first connector of said cryptographic module.
  - 31. The system of claim 26 wherein said cryptographic processor comprises:
    - an unencrypted data buffer circuit coupled to said host network processor;
      
      a cryptography circuit coupled to said unencrypted data buffer circuit; and
      
      an encrypted data buffer circuit coupled to said cryptography circuit.
  - 32. The system of claim 26 wherein said communications module comprises a predetermined one from among a plurality of interchangeable communications modules each for communicating over a different communications media.
  - 33. The system of claim 26 wherein said network communications interface comprises at least one of a wireless LAN (WLAN) communication circuit, a wireline communication circuit, and a fiber optic communication circuit.
  - 34. The system of claim 26 wherein said user network interface comprises an Ethernet Local Area Network (LAN) interface, and wherein said network communications interface comprises a network LAN interface.
  - 35. The system of claim 26 wherein said cryptographic module further comprises a tamper circuit for disabling said cryptographic processor based upon tampering with said first housing.

36. A cryptographic module comprising:
- a user network interface;
  
  a host network processor coupled to said user network interface; and
  
  a cryptographic processor coupled to said host network processor;
  
  said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion for addressing the cryptographic processor and a data portion;
  
  each data portion including one of unencrypted data and command packets for said communications module;
  
  said host network processor also encapsulating the command packets for a network communications module in the data portions of said cryptographic processor command packets;
  
  said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module command packet to the network communications module without performing cryptographic processing thereon;
  
  said cryptographic processor determining if another given cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module.
- View Dependent Claims (37, 38, 39, 40, 41)
- - 37. The cryptographic module of claim 36 wherein said host network processor formats the data portions based upon the simple network management protocol (SNMP).
  - 38. The cryptographic module of claim 36 wherein the communications module command packets comprise Ethernet packets.
  - 39. The cryptographic module of claim 36 wherein the cryptographic processor command packets comprise Internet protocol (IP) packets.
  - 40. The cryptographic module of claim 36 wherein said cryptographic processor comprises:
    - an unencrypted data buffer circuit coupled to said host network processor;
      
      a cryptography circuit coupled to said unencrypted data buffer circuit; and
      
      an encrypted data buffer circuit coupled to said cryptography circuit.
  - 41. The cryptographic module of claim 36 wherein said user network interface comprises an Ethernet Local Area Network (LAN) interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
Waldo, Lawrence Richard, Yancy, Bruce Wayne
Primary Examiner(s)
Lanier, Benjamin E
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US10/806,948
Publication Number

US 20050216734A1
Time in Patent Office

2,114 Days
Field of Search

713/192, 713/150, 713/153, 713/160, 713/162, 713/189, 713/190
US Class Current

713/192
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 21/85   interconnection devices, e....

G06F 2221/2113   Multi-level security, e.g. ...

G07F 7/1016   Devices or methods for secu...

H04L 2209/80   Wireless network architectu...

H04L 63/0485   Networking architectures fo...

H04L 63/30   for supporting lawful inter...

H04L 9/00   Cryptographic mechanisms or...

Modular cryptographic device providing enhanced communication control features and related methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Modular cryptographic device providing enhanced communication control features and related methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links