Bridging system, bridge, and bridging method

US 8,880,870 B2
Filed: 05/05/2009
Issued: 11/04/2014
Est. Priority Date: 11/07/2007
Status: Active Grant

First Claim

Patent Images

1. A hardware bridge for performing a bridging to perform an encryption communication between a server and a client via a LAN (local area network), the hardware bridge comprising:

two channels, one of the channels making a LAN connection to either the server or the client and an other channel making a LAN connection to an internet; and

a processor configured to perform a LAN packet scramble, an encryption key management and a bridging system authentication for a packet from either the sever or the client through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition,wherein the hardware bridge is configured to perform a composite authentication management software mechanism provided with a plurality of authentication purpose interfaces configured to perform a composite authentication,wherein the hardware bridge is configured to perform;

the composite authentication management software mechanism; and

a concealment/save software mechanism;

the composite authentication management software mechanism being provided with a procedure to perform a mutual authentication including an On/Off state of the concealment/save software mechanism with an opposing hardware bridge, to perform an automatic key management, and to determine a common key, andwherein the concealment/save software mechanism comprises;

a key management process for managing and holding the common key even after the encryption communication when the concealment/save software mechanism is in an On state and for allowing decryption with the common key only on a sending side and preventing decryption with the common key on a receiving side; and

a non-decryption file management process for managing and holding a file information encrypting and for transmitting a payload of an application communicated with the common key at an internal of a sending side hardware bridge.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Bridges 30, 40 are interposed between a server 10 or a client 20 having two channels 2ch, one of the two channels making a LAN connection to either the server or the client and the other channel making the LAN connection to the internet. Each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, a scramble purpose encryption key management, and a bridging system authentication. Furthermore, each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, and a bridging system authentication for a packet derived from the server or the client. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. The bridge has a plurality of authentication purpose interfaces to perform a composite authentication. Each of the bridges performs a key management to manage and hold the common key in the authentication and performs a non-decryption file management which manages and holds a file information encrypting and transmitting a payload of an application communicated with a common key at an internal of a transmission side bridge.

23 Citations

View as Search Results

13 Claims

1. A hardware bridge for performing a bridging to perform an encryption communication between a server and a client via a LAN (local area network), the hardware bridge comprising:
- two channels, one of the channels making a LAN connection to either the server or the client and an other channel making a LAN connection to an internet; and
  
  a processor configured to perform a LAN packet scramble, an encryption key management and a bridging system authentication for a packet from either the sever or the client through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition,wherein the hardware bridge is configured to perform a composite authentication management software mechanism provided with a plurality of authentication purpose interfaces configured to perform a composite authentication,wherein the hardware bridge is configured to perform;
  
  the composite authentication management software mechanism; and
  
  a concealment/save software mechanism;
  
  the composite authentication management software mechanism being provided with a procedure to perform a mutual authentication including an On/Off state of the concealment/save software mechanism with an opposing hardware bridge, to perform an automatic key management, and to determine a common key, andwherein the concealment/save software mechanism comprises;
  
  a key management process for managing and holding the common key even after the encryption communication when the concealment/save software mechanism is in an On state and for allowing decryption with the common key only on a sending side and preventing decryption with the common key on a receiving side; and
  
  a non-decryption file management process for managing and holding a file information encrypting and for transmitting a payload of an application communicated with the common key at an internal of a sending side hardware bridge.
- View Dependent Claims (2, 3, 4)
- - 2. The bridge as claimed in claim 1, wherein the bridge performs a direct forwarding for a network address at a packet transmission side to a scramble &
    - bridging gateway of the packet.
  - 3. The bridge as claimed in claim 2, wherein the bridge performs the direct forwarding of a network address for a sender MAC address of the packet transmission side, which is one of the server and the client, to the scramble &
    - bridging gateway.
  - 4. The bridge as claimed in claim 1, wherein the composite authentication management software mechanism recognizes an individual authentication purpose device and a biometrics authentication purpose device via a device reader and reads an authentication purpose data, wherein the individual authentication purpose device performs a unique management using a system ID.

5. A bridging method for performing an encryption communication between a server and a client via a LAN (local area network), the bridging method comprising:
- connecting an internet via a hardware bridge in which two channels are equipped, one of the two channels making a LAN connection to either the server or the client and an other channel making a LAN connection to the internet,wherein the hardware bridge is provided with a procedure to perform a LAN packet scramble, a scramble purpose encryption key management, and a bridging system authentication for a packet from either the server or the client,wherein the hardware bridge is provided with a composite authentication management software mechanism provided with a plurality of authentication interfaces configured to perform a composite authentication and a concealment/save software mechanism,the composite authentication management software mechanism provided with a composite authentication management procedure to perform a mutual authentication including an On/Off state of the concealment/save software mechanism with an opposing hardware bridge, to perform an automatic key exchange, and to determine a common key, andthe concealment/save software mechanism being provided witha key management procedure to manage and hold the common key even after the encryption communication when the concealment/save software mechanism is in an On state and for allowing decryption with the common key only on a sending side and preventing decryption with the common key on a receiving side, anda non-decryption file management procedure to manage and hold a file information encrypting and to transmit a payload of an application communicated with the common key at an internal of a sending side hardware bridge.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The bridging method as claimed in claim 5, wherein the bridge is either a wire connection bridge configured to perform the encryption communication with the internet via a wire connection network equipment or a wireless connection bridge configured to perform the encryption communication with an access point at the internet wirelessly.
  - 7. The bridging method as claimed in claim 5, wherein the hardware bridge is provided with a procedure to perform a direct forwarding for a network address at a packet transmission side to a scramble &
    - bridging gateway.
  - 8. The bridging method as claimed in claim 7, wherein the composite authentication management procedure recognizes an individual authentication purpose device and a biometrics authentication purpose device via a device reader and reads authentication purpose data, wherein the individual authentication purpose device is provided with a procedure for performing a unique management using a system ID.
  - 9. The bridging method as claimed in claim 7, wherein the hardware bridge is provided with the procedure to perform the direct forwarding of a network address for a sender MAC address of the packet transmission side, which is one of the server and the client, to the scramble &
    - bridging gateway.

10. A bridging system for performing an encryption communication between a server and a client via a LAN (local area network), comprising:
- a server'"'"'s side hardware bridge comprising;
  
  an inbound channel configured to make a LAN connection to the server,an outbound channel configured to make a LAN connection to an internet, anda processor configured to perform a LAN packet scramble and a scramble purpose encryption key management for a packet from the server through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition; and
  
  a client'"'"'s side hardware bridge comprising;
  
  an inbound channel configured to make a LAN connection to the client,an outbound channel configured to make a LAN connection to the internet, anda processor configured to perform a LAN packet scramble and the scramble purpose encryption key management for a packet from the client through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition;
  
  wherein the processor of each of the client'"'"'s side hardware bridge and the server'"'"'s side hardware bridge is configured to perform;
  
  an authentication management software mechanism configured to perform a mutual authentication with an opposing hardware bridge, to perform an automatic key exchange, and to determine a common key, anda concealment/save software mechanism comprising;
  
  a non-decryption file management process for encrypting a payload of an application packet with the common key on a sending side, holding a remaining part of the application packet unencrypted, and sending the application packet including an encrypted payload and an unencrypted part, to the hardware bridge on a receiving side to save the encrypted payload on the receiving side in a concealed state to prevent decryption of the payload on the receiving side and to save the payload without decrypting on the receiving side,a key management process for saving the common key only on the sending side after a session of the encryption communication when the concealment/save software mechanism on the sending side is in an ON state in the session and for enabling decryption of the encrypted payload left encrypted on the receiving side, with the common key saved only on the sending side.
- View Dependent Claims (11, 12)
- - 11. The bridging system as claimed in claim 10, wherein at least one of the server'"'"'s side hardware bridge and the client'"'"'s side hardware bridge is configured to receive, from a host which is one of the sever and the client, an outgoing packet including a destination MAC address, a sender MAC address and a data portion, and to deliver the outgoing packet with the destination MAC address which is held unmodified and the sender MAC address which is modified to set the sender MAC address to a MAC address of the host.
  - 12. The bridging system as claimed in claim 10, wherein the client intrinsically has a client'"'"'s network address, the server intrinsically has a server'"'"'s network address, the inbound channel of the client'"'"'s side hardware bridge intrinsically has an inbound side network address, the outbound channel of the client'"'"'s side hardware bridge intrinsically has an outbound side network address, and wherein at least one of the server'"'"'s side hardware bridge and the client'"'"'s side hardware bridge is configured to receive, with the inbound channel, from a host which is one of the server or the client, an outgoing packet including a destination address, a sender address which is set at a network address of the host, and a data or payload portion and to deliver, from the outbound channel, the outgoing packet with the destination address remaining unmodified and the sender address which is modified to the network address of the host, from the outbound side network address of the outbound channel of the client'"'"'s side hardware bridge.

13. A bridging method for performing an encryption communication between a server and a client via a LAN (local area network), the bridging method comprising:
- a step of receiving, with a hardware bridge on a sending side, from a host which is one of the server and the client, an application packet including an application command and an application payload;
  
  a step of performing an automatic key exchange with a hardware bridge on a receiving side, and determining a common key;
  
  a step of encrypting the application payload of the application packet with the common key in the hardware bridge on the sending side;
  
  a step of sending the application packet including the application command remaining unencrypted and the application payload encrypted, from the hardware bridge on the sending side to the hardware bridge on the receiving side;
  
  a step of receiving the application packet including the application command remaining unencrypted and the application payload encrypted, from the hardware bridge on the sending side, with the hardware bridge on the receiving side;
  
  a step of transferring the application packet including the application command remaining unencrypted and the application payload left encrypted without decrypting the application payload, from the hardware bridge on the receiving side to a host on the receiving side which is the other of the server and the client;
  
  a step of storing the application packet including the application command remaining unencrypted and the application payload left encrypted, in the host on the receiving side; and
  
  a step of saving the common key in the hardware bridge on the sending side while the common key is not saved in the hardware bridge on the receiving side and the application payload is left encrypted in the host on the receiving side after a session of the encryption communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meidensha Corporation
Original Assignee
Meidensha Corporation
Inventors
Aizawa, Kazumasa
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US12/435,555
Publication Number

US 20090271615A1
Time in Patent Office

2,009 Days
Field of Search

713/153
US Class Current

713/153
CPC Class Codes

H04L 12/4625   Single bridge functionality...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 9/083   involving central third par...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3273   for mutual authentication n...

Bridging system, bridge, and bridging method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Bridging system, bridge, and bridging method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links