Trusted bypass for secure communication

US 8,316,228 B2
Filed: 12/17/2008
Issued: 11/20/2012
Est. Priority Date: 12/17/2008
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

a first port;

a second port;

a encryption module in communication with the first port and the second port, wherein the encryption module is configured to be operable in a first mode and in a second mode, wherein in the first mode the encryption module is configured to encrypt and send first data from the first port to the second port, and in the second mode the encryption module is configured to;

receive second data from the first port, andprevent the second data from being sent unencrypted to the second port until an approval indication is received by a user interface of the device; and

the user interface configured to;

display information indicating that the second data is to be sent unencrypted to the second port prior to the second data being sent to the second port,receive the approval indication, andindicate to the encryption module that the approval indication has been received, wherein the encryption module is further configured to send the second data unencrypted to the second port based on the approval indication being received by the user interface.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device having an encryption module in communication with first and second communication ports may facilitate connecting to an access network, without requiring a non-secure hard drive to initiate the network access. The encryption module may define a normal mode and a bypass mode. In normal mode, data from the first port may be sent encrypted to the second port, for communicating securely in an encrypted environment. In bypass mode, data from the first port may be sent unencrypted to the second port. The data being sent may be intercepted and presented to the user for approval in a human readable format. The user may confirm that the data is appropriate for being sent unencrypted. This data may be sent unencrypted in response to a request for information (e.g., an assent to terms and conditions) from the access network, such as at a hotel or public wireless hotspot, for example.

Citations

21 Claims

1. A device comprising:
- a first port;
  
  a second port;
  
  a encryption module in communication with the first port and the second port, wherein the encryption module is configured to be operable in a first mode and in a second mode, wherein in the first mode the encryption module is configured to encrypt and send first data from the first port to the second port, and in the second mode the encryption module is configured to;
  
  receive second data from the first port, andprevent the second data from being sent unencrypted to the second port until an approval indication is received by a user interface of the device; and
  
  the user interface configured to;
  
  display information indicating that the second data is to be sent unencrypted to the second port prior to the second data being sent to the second port,receive the approval indication, andindicate to the encryption module that the approval indication has been received, wherein the encryption module is further configured to send the second data unencrypted to the second port based on the approval indication being received by the user interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The device of claim 1, wherein the encryption module is further configured to pass third data from the second port to the first port, the third data being indicative of a request for assent to conditions for network access and the second data being responsive to the third data.
  - 3. The device of claim 2, wherein the encryption module is further configured to initiate a dummy hypertext transfer protocol session, and the second port is configured to receive the third data in response to the dummy hypertext transfer protocol session.
  - 4. The device of claim 1, wherein the encryption module is further configured to enter the second mode responsive to an indication from the user interface.
  - 5. The device of claim 1, wherein the user interface is configured to display the information indicating that the second data is to be sent unencrypted to the second port by displaying at least a portion of the second data in a human-readable format.
  - 6. The device of claim 5, wherein displaying at least the portion of the second data in the human-readable format comprises one or more of displaying at least one of printable ASCII, UTF-8, or Unicode characters of the second data, applying line feeds and carriage returns to the second data, displaying printable hexadecimal-encoded characters of the second data as at least one of ASCII, UTF-8, or Unicode characters, or displaying non-printable hexadecimal-encoded characters of the second data as character names.
  - 7. The device of claim 5, wherein displaying at least the portion of the second data in the human-readable format comprises displaying hidden data included in the second data.
  - 8. The device of claim 5, wherein the user-interface is configured to display at least the portion of the second data in a pop-up window.
  - 9. The device of claim 1, wherein encryption module is further configured to impose a time limit associated with continuous operation in the second mode.
  - 10. The device of claim 1, wherein the encryption module is further configured to impose a message limit associated with operation in the second mode.
  - 11. The device of claim 1, wherein the encryption module is further configured to store an indication of activity in the second mode in a security audit log.
  - 12. The device of claim 1, wherein the encryption device is a Type 1 encryption device.

13. A device comprising:
- a secure-side input;
  
  a non-secure-side output;
  
  an encryption module configured to operate in a bypass mode and a normal mode, wherein in the normal mode the encryption module is configured to encrypt data from the secure-side input and send the encrypted data to the non-secure-side output, and in the bypass mode the encryption module is configured to;
  
  receive unencrypted data from the secure-side input, andprevent the unencrypted data from being sent to the non-secure-side output until an approval indication is received by a user interface of the device; and
  
  the user interface configured to;
  
  present at least a portion of the unencrypted data for approval, andreceive the approval indication, wherein in the bypass mode the encryption module is further configured to send the unencrypted data to the non-secure-side output based on the approval indication being received by the user interface.
- View Dependent Claims (14, 15)
- - 14. The device of claim 13, wherein the encrypted data comprises data that is indicative of an assent to network conditions for a network in operable communication with the device via the non-secure-side output.
  - 15. The device of claim 13, wherein in the normal mode the encryption module is further configured to in prohibit data that is not encrypted from being sent from the secure-side input to the non-secure-side output.

16. A device comprising;
- an input;
  
  an output;
  
  an encryption module configured to operate in a bypass mode and a normal mode, wherein in the normal mode the encryption module is configured to encrypt data from the secure-side input and send the encrypted data to the non-secure-side output, and in the bypass mode the encryption module is configured to prevent unencrypted data received from the input from being sent to the output until an approval indication for the unencrypted data is received by a user interface of the device; and
  
  the user interface configured to present a request for approval to send the unencrypted data to the output and receive the approval indication after presenting the request for approval, wherein in the bypass mode the encryption module is further configured to send the unencrypted data to the output based on the approval indication being received by the user interface.
- View Dependent Claims (17)
- - 17. The device of claim 16, wherein in the normal mode the encryption module is further configured to block data that is not encrypted from being sent to the output.

18. A non-transitory computer readable storage medium to provide a bypass mode in an encryption system, the non-transitory computer readable storage medium including computer executable instructions to perform a method, the method comprising:
- operate an encryption module in a normal mode, wherein in the normal mode the encryption module encrypts data received from an input and sends the encrypted data to an output; and
  
  operate the encryption module in a bypass mode, wherein the bypass mode;
  
  the encryption module receives unencrypted data from the input,the encryption module prevents the unencrypted data from being sent to the output until an approval indication is received by a user interface,the user interface presents at least a portion of the unencrypted data for examination, andresponsive to an indication received via the user interface that the unencrypted data is approved, the encryption module forwards the unencrypted data to the output.
- View Dependent Claims (19, 20, 21)
- - 19. The non-transitory computer readable medium of claim 18, wherein the method further comprises converting the unencrypted data into a human-readable format for presentation.
  - 20. The non-transitory computer readable medium of claim 19, wherein converting the unencrypted data into the human-readable format for presentation comprises performing one or more of displaying printable one or more of ASCII, UTF-8, or Unicode characters of the unencrypted data, applying line feeds and carriage returns to the unencrypted data, displaying printable hexadecimal-encoded characters of the unencrypted data as one or more of ASCII, UTF-8, or Unicode, or displaying non-printable hexadecimal-encoded characters of the unencrypted data as character names.
  - 21. The non-transitory computer readable medium of claim 18, wherein the method further comprises blocking data that is not encrypted from being sent to the output while in the normal mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
L3 Technologies, Inc. (L3Harris Technologies, Inc.)
Original Assignee
L-3 Communications Corporation (L3Harris Technologies, Inc.)
Inventors
Winslow, Richard Norman
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US12/337,384
Publication Number

US 20100153704A1
Time in Patent Office

1,434 Days
Field of Search

None
US Class Current

713/153
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

Trusted bypass for secure communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted bypass for secure communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links