Modular cryptographic device providing enhanced communication control features and related methods
First Claim
1. A cryptographic device comprising:
- a cryptographic module and a communications module coupled thereto;
said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor;
said communications module comprising a network communications interface coupled to said cryptographic processor;
said host network processor generating cryptographic processor command packets for said cryptographic processor, each comprising an address portion for addressing the cryptographic processor and a data portion;
each data portion including one of unencrypted data and command packets for said communications module;
said host network processor also encapsulating the command packets for said communications module in the data portions of said cryptographic processor command packets;
said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module command packet to said communications module without performing cryptographic processing thereon;
said cryptographic processor determining if another give cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic device may include a cryptographic module and a communications module coupled thereto. The cryptographic module may include a user network interface, a host network processor coupled to the user network interface, and a cryptographic processor coupled to the host network processor. Additionally, the communications module may include a network communications interface coupled to the cryptographic processor. The host processor may generate cryptographic processor command packets for the cryptographic processor each having an address portion and a data portion, and it may also encapsulate command packets for the communications module in the data portions of the cryptographic processor command packets. The cryptographic processor may pass the communications module command packets to the without performing cryptographic processing thereon.
31 Citations
41 Claims
-
1. A cryptographic device comprising:
-
a cryptographic module and a communications module coupled thereto; said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor; said communications module comprising a network communications interface coupled to said cryptographic processor; said host network processor generating cryptographic processor command packets for said cryptographic processor, each comprising an address portion for addressing the cryptographic processor and a data portion; each data portion including one of unencrypted data and command packets for said communications module; said host network processor also encapsulating the command packets for said communications module in the data portions of said cryptographic processor command packets; said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module command packet to said communications module without performing cryptographic processing thereon; said cryptographic processor determining if another give cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A cryptographic device comprising:
-
a cryptographic module and a communications module coupled thereto; said cryptographic module comprising a user Local Area Network (LAN) interface, a host network processor coupled to said user LAN interface, and a cryptographic processor coupled to said host network processor; said communications module comprising a network LAN interface coupled to said cryptographic processor; said host network processor generating cryptographic processor command packets for said cryptographic processor, each comprising an address portion for addressing the cryptographic processor and a data portion; each data portion including one of unencrypted data and Ethernet command packets for said communications module; said host network processor also encapsulating the Ethernet command packets for said communications module in the data portions of said cryptographic processor command packets, said host network processor formatting the data portions based upon the simple network management protocol (SNMP); said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated Ethernet command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module Ethernet command packet to said communications module without performing cryptographic processing thereon; said cryptographic processor determining if another given cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A communications method comprising:
-
coupling a cryptographic module to a network device, the cryptographic module comprising a user network interface, a host network processor coupled to the user network interface, and a cryptographic processor coupled to the host network processor; providing a communications module comprising a network communications interface coupled to the cryptographic processor; causing the host network processor to generate cryptographic processor command packets for the cryptographic processor each comprising an address portion for addressing the cryptographic processor and a data portion; each data portion including one of unencrypted data and command packets for the communication module; the host network processor also encapsulating the command packets for the communications module in the data portions of the cryptographic processor command packets; causing the cryptographic processor to determine if a given cryptographic processor command packet includes the encapsulated command packet and based thereon strip the address portion from each cryptographic processor command packet and pass the encapsulated communications module command packet to the communications module without performing cryptographic processing thereon; and causing the cryptographic processor to determine if another given cryptographic processor command packet includes the unencrypted data packet and encrypts the unencrypted data packet and passes the encrypted data packet to the communications module. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A communications system comprising:
-
a plurality of network devices coupled together to define a network, and a cryptographic device coupled to at least one of said network devices; said cryptographic device comprising a cryptographic module coupled to said at least one network device, and a communications module coupled to said cryptographic module; said cryptographic module comprising a user network interface, a host network processor coupled to said user network interface, and a cryptographic processor coupled to said host network processor; said communications module comprising a network communications interface coupled to said cryptographic processor; said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion for addressing the cryptographic processor and a data portion; each data portion including one of unencrypted data and command packets for said communications module; said host network processor also encapsulating the command packets for said communications module in the data portions of said cryptographic processor command packets; said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module command packet to said communications module without performing cryptographic processing thereon, said cryptographic processor determining if another given cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A cryptographic module comprising:
-
a user network interface; a host network processor coupled to said user network interface; and a cryptographic processor coupled to said host network processor; said host network processor generating cryptographic processor command packets for said cryptographic processor each comprising an address portion for addressing the cryptographic processor and a data portion; each data portion including one of unencrypted data and command packets for said communications module; said host network processor also encapsulating the command packets for a network communications module in the data portions of said cryptographic processor command packets; said cryptographic processor determining if a given cryptographic processor command packet includes the encapsulated command packet and based thereon stripping the address portion from the cryptographic processor command packet and passing the encapsulated communications module command packet to the network communications module without performing cryptographic processing thereon; said cryptographic processor determining if another given cryptographic processor command packet includes the unencrypted data packet and encrypting the unencrypted data packet and passing the encrypted data packet to said communications module. - View Dependent Claims (37, 38, 39, 40, 41)
-
Specification