System for signatureless transmission and reception of data packets between computer networks

US RE39,360 E1
Filed: 08/19/1998
Issued: 10/17/2006
Est. Priority Date: 09/15/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method for transmitting and receiving packets of data via a an internetwork from a first host computer on a first computer network to a second host computer on a second computer network, the first and second computer networks including, respectively, first and second bridge computers, each of said first and second host computers and first and second bridge computers including a processor and a memory for storing instructions for execution by the processor, each of said first and second bridge computers further including memory for storing at least one predetermined encryption/decryption mechanism and information identifying a predetermined plurality of host computers as hosts requiring security for packets transmitted between them, the method being carded carried out be by means of the instructions stored in said respective memories and including the steps of:

(1) generating, by the first host computer, a first data packet for transmission to the second host computer, a portion of the first data packet including information representing an internetwork address of the first host computer and an internetwork address of the second host computer;

(2) in the first bridge computer, intercepting the first data packet and determining whether the first and second host computers are among the predetermined plurality of host computers for which security is required, and if not, proceeding to step 5, and if so, proceeding to step 3;

(3) encrypting the first data packet in the first bridge computer;

(4) in the first bridge computer, generating and appending to the encrypted first data packet an encapsulation header, including;

(a) key management information identifying providing a mechanism for identifying the predetermined encryption method, and (b) a new address header representing the source and destination for the first data packet, hereby generating a modified first data packet;

(5) transmitting the first data packet or the modified first data packet from the first bridge computer via the internetwork to the second computer network;

(6) intercepting the first data packet or the modified first data packet at the second bridge computer;

(7) in the second bridge computer, if the encapsulation header has been appended to the first data packet, reading the encapsulation header, and determining therefrom whether the first data packet was encrypted, and if not, proceeding to step 10, and if so, proceeding to step 8 and if it is determined that the first data packet has been encrypted, proceeding to step 8 and otherwise proceeding to step 10;

(8) in the second bridge computer, determining which encryption mechanism was used to encrypt the first data packet;

(9) decrypting the first data packet by the second bridge computer;

(10) transmitting the first data packet from the second bridge computer to the second host computer, ;

and (11) receiving the unencrypted first data packet at the second host computer.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for automatically encrypting and decrypting data packet sent from a source host to a destination host across a public internetwork. A tunnelling bridge is positioned at each network, and intercepts all packets transmitted to or from its associated network. The tunnelling bridge includes tables indicated pairs of hosts or pairs of networks between which packets should be encrypted. When a packet is transmitted from a first host, the tunnelling bridge of that host'"'"'s network intercepts the packet, and determines from its header information whether packets from that host that are directed to the specified destination host should be encrypted; or, alternatively, whether packets from the source host'"'"'s network that are directed to the destination host'"'"'s network should be encrypted. If so, the packet is encrypted, and transmitted to the destination network along with an encapsulation header indicating source and destination information: either source and destination host addresses, or the broadcast addresses of the source and destination networks (in the latter case, concealing by encryption the hosts'"'"' respective addresses). An identifier of the source network'"'"'s tunnelling bridge may also be included in the encapsulation header. At the destination network, the associated tunnelling bridge intercepts the packet, inspects the encapsulation header, from an internal table determines whether the packet was encrypted, and from either the source (host or network) address or the tunnelling bridge identifier determines whether and how the packet was encrypted. If the packet was encrypted, it is now decrypted using a key stored in the destination tunnelling bridge'"'"'s memory, and is sent on to the destination host. The tunnelling bridge identifier is used particularly in an embodiment where a given network has more than one tunnelling bridge, and hence multiple possible encryption/decryption schemes and keys. In an alternative embodiment, the automatic encryption and decryption may be carried out by the source and destination hosts themselves, without the use of additional tunnelling bridges, in which case the encapsulation header includes the source and destination host addresses.

Citations

48 Claims

1. A method for transmitting and receiving packets of data via a an internetwork from a first host computer on a first computer network to a second host computer on a second computer network, the first and second computer networks including, respectively, first and second bridge computers, each of said first and second host computers and first and second bridge computers including a processor and a memory for storing instructions for execution by the processor, each of said first and second bridge computers further including memory for storing at least one predetermined encryption/decryption mechanism and information identifying a predetermined plurality of host computers as hosts requiring security for packets transmitted between them, the method being carded carried out be by means of the instructions stored in said respective memories and including the steps of:
- (1) generating, by the first host computer, a first data packet for transmission to the second host computer, a portion of the first data packet including information representing an internetwork address of the first host computer and an internetwork address of the second host computer;
  
  (2) in the first bridge computer, intercepting the first data packet and determining whether the first and second host computers are among the predetermined plurality of host computers for which security is required, and if not, proceeding to step 5, and if so, proceeding to step 3;
  
  (3) encrypting the first data packet in the first bridge computer;
  
  (4) in the first bridge computer, generating and appending to the encrypted first data packet an encapsulation header, including;
  
  (a) key management information identifying providing a mechanism for identifying the predetermined encryption method, and (b) a new address header representing the source and destination for the first data packet, hereby generating a modified first data packet;
  
  (5) transmitting the first data packet or the modified first data packet from the first bridge computer via the internetwork to the second computer network;
  
  (6) intercepting the first data packet or the modified first data packet at the second bridge computer;
  
  (7) in the second bridge computer, if the encapsulation header has been appended to the first data packet, reading the encapsulation header, and determining therefrom whether the first data packet was encrypted, and if not, proceeding to step 10, and if so, proceeding to step 8 and if it is determined that the first data packet has been encrypted, proceeding to step 8 and otherwise proceeding to step 10;
  
  (8) in the second bridge computer, determining which encryption mechanism was used to encrypt the first data packet;
  
  (9) decrypting the first data packet by the second bridge computer;
  
  (10) transmitting the first data packet from the second bridge computer to the second host computer, ;
  
  and (11) receiving the unencrypted first data packet at the second host computer.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the new address header for the modified first data packet includes the internetwork broadcast addresses of the first and second computer networks.
  - 3. The method of claim 2, wherein the new address header for the modified first data packet includes an identifier of the second bridge computer.
  - 4. The method of claim 1, wherein the new address header of the modified first data packet includes the address of the second host computer.
  - 5. The method of claim 4, wherein the new address header for the modified first data packet includes an identifier of the second bridge computer.

6. A system for automatically encrypting and decrypting data packets transmitted from a first host computer on a first computer network to a second host computer on a second computer network, including:
- a first bridge computer coupled to the first computer network for intercepting data packets transmitted from said first computer network, the first bridge computer including a first processor and a first memory storing instructions for executing encryption of data packets according to a predetermined encryption/decryption mechanism;
  
  a second bridge computer coupled to the second computer network for intercepting data packets transmitted to said second computer network, the second bridge computer including a second processor and a second memory storing instructions for executing decryption of the data packets;
  
  said first host computer including a third processor and a third memory including instructions for transmitting a first said data packet from said first to said second host;
  
  a first table stored in said first memory including a correlation of at least one of the first host computer and the first network with one of the second host computer and the second network, respectively;
  
  instructions stored in said first memory for intercepting said first data packet before departure from said first network, determining whether said correlation is present in said first table, and if so, then executing encryption of said first data packet according to said predetermined encryption/decryption mechanism, generating a new address header including a mechanism for identifying said predetermined encryption/decryption mechanism and appending said new address header to said encrypted first data packet, thereby generating a modified first data packet, and transmitting said modified data packet on to the second host computer;
  
  a second table stored in said second memory including a correlation of at least one of the first host computer and the first network with one of the second host computer and the second network, respectively; and
  
  instruction stored in said second memory for intercepting said modified first data packet upon arrival at said second network, determining whether said correlation is present in said second table, and if so, then executing decryption of said first data packet according to said predetermined encryption/decryption mechanism, and transmitting the first data packet to the second host computer.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, A system for automatically encrypting and decrypting data packets transmitted from a first host computer on a first computer network to a second host computer on a second computer network, including:
    - a first bridge computer coupled to the first computer network for intercepting data packets transmitted from said first computer network, the first bridge computer including a first processor and a first memory storing instructions for executing encryption of data packets according to a predetermined encryption/decryption mechanism;
      
      a second bridge computer coupled to the second computer network for intercepting data packets transmitted to said second computer network, the second bridge computer including a second processor and a second memory storing instructions for executing decryption of the data packets;
      
      said first host computer including a third processor and a third memory including instructions for transmitting a first data packet from said first host to said second host;
      
      a first table stored in said first memory including a correlation of at least one of the first host computer and the first network with one of the second host computer and the second network, respectively;
      
      instructions stored in said first memory for intercepting said first data packet before departure from said first network, determining whether said correlation is present in said first table, and if so, then executing encryption of said first data packet according to said predetermined encryption/decryption mechanism, generating a new address header and appending said new address header to said encrypted first data packet, thereby generating a modified first data packet, and transmitting said modified first data packet on to the second host computer, wherein said new address header includes the internetwork broadcast addresses of the first and second computer networks.;
      
      a second table stored in said second memory including a correlation of at least one of the first host computer and the first network with one of the second host computer and the second network, respectively; and
      
      instructions stored in said second memory for intercepting said modified first data packet upon arrival at said second network, determining whether said correlation is present in said second table, and if so, then executing decryption of said first data packet according to said predetermined encryption/decryption mechanism, and transmitting the first data packet to the second host computer.
  - 8. The method of claim 7, wherein said new address header includes an identifier of the second bridge computer.
  - 9. The method of claim 6, wherein said new address header includes the address of the second host computer.
  - 10. The method of claim 9, wherein said new address header includes an identifier of the second bridge computer.

11. A method for transmitting and receiving packets of data via an internetwork from a first host computer on a first computer network to a second host computer on a second computer network, the first and second computer networks, each of said first and second host computer networks, each of said first and second host computers including a processor and a memory for storing instructions for execution by the processor, each said memory storing at least on a predetermined encryption/decryption mechanism and a source/destination table identifying a predetermined plurality of sources and destinations requiring security for packets transmitted between them, the method being carded carried out by means of the instructions stored in said respective memories and including the steps of:
- (1) generating, by the first host computer, a first data packet for transmission to the second host computer, a portion of the first data packet including information representing an internetwork address of a source of the first data packet and an internetwork address of a destination of the first data packet;
  
  (2) in the first host computer, determining whether the source and destination of the first data packet are among the predetermined plurality of sources and destinations identified in said source/destination table for which security is required, and if not, proceeding to step 5, and if so, proceeding to step 3;
  
  (3) encrypting the first data packet in the first host computer;
  
  (4) in the first host computer, generating and appending to the encrypted first data packet an encapsulation header, including;
  
  (a) key management information providing a mechanism for identifying the predetermined encryption method, and (b) a new address header identifying the source and destination for the first data packet, hereby generating a modified first data packet;
  
  (5) transmitting the first data packet or the modified first data packet from the first host computer via the internetwork to the second computer network;
  
  (6) in the second host computer, if the encapsulation header has been appended to the first data packet, reading the encapsulation header, and determining therefrom whether the first data packet was encrypted, and if not the first data packet was not encrypted, ending the method, and if so the first data packet was encrypted, proceeding to step 7;
  
  (7) in the second host computer, determining which encryption mechanism was used to encrypt the first data packet; and
  
  (8) decrypting the first data packet by the second host computer.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein the new address header for the modified first data packet includes internetwork broadcast addresses of the first and second computer networks.
  - 13. The method of claim 11, wherein the source/destination table includes data identifying internetwork addresses of the first and second host computers.

14. A system for automatically encrypting and decrypting data packets transmitted from a first host computer on a first computer network and having a first host computer on a first computer network and , the first host computer having a first processor and a first memory, via an internetwork to a second host computer on a second computer network and having a second host computer on a second computer network and , the second host computer having a second processor and a second memory, the system including:
- security data stored in said first and second memories indicating that data packets meeting at least one predetermined criterion are to be encrypted;
  
  a predetermined encryption/decryption mechanism stored in said first and second memories;
  
  a decryption key stored in said second memory;
  
  instructions stored in said first memory for determining whether to encrypt one or more data packets, by determining whether said at least one predetermined criterion is met by said data packet one or more data packets;
  
  instructions stored in said first memory for executing encryption according to said predetermined encryption/decryption mechanism of at least a first said data packet one of said one or more data packets,when said at least one predetermined criterion is met, for generating a new address header for said first data packet and for appending an encapsulation header to said first data packet and transmitting said first data packet to said second host, said new address header identifying broadcast addresses of the first and second computer networks, said encapsulation header including at least said new address header;
  
  and instructions stored in said second memory for receiving said first data packet, determining whether it has been encrypted by reference to said security data in said second memory, and if so then determining which encryption/decryption mechanism was used for encryption, and decrypting said first data packet by use of said decryption key.
- View Dependent Claims (15, 40)
- - 15. The system of claim 14, wherein:
    - said security data comprises correlation data stored in each of said first and second memories identifying at least one of said first and second memories identifying at least one of said first host computer and said first network correlated with at least one of said second host computer and said second network;
      
      the system further including instructions stored in said first memory for determining whether to encrypt data packets by inspecting for a match between source and destination addresses of said data packets with said correlation data.
  - 40. The system of claim 15, wherein said correlation data includes:
    - encryption rules identifying source and destination networks to and from which packets are to be encrypted; and
      
      host information indicating exceptions to the encryption rules.

16. A system for automatically encrypting data packets for transmission from a first host computer on a first computer network to a second host computer on a second computer network, said first host computer including a first processor and a first memory including instructions for transmitting said data packets from said first host to said second host, the system including:
- a bridge computer coupled to the first computer network for intercepting at least a first said data packet transmitted from said first computer network, said bridge computer including a second processor and a second memory storing instructions for executing encryption of said first data packet according to a predetermined encryption/decryption mechanism;
  
  information stored in said second memory correlating at least one of the first host computer and the first network with one of the second host computer and the second network, respectively;
  
  and instructions stored in said second memory for intercepting said first data packet before departure from said first network, determining whether said correlation is present, and if so, then executing encryption of said first data packet according to said predetermined encryption/decryption mechanism, generating a new address header including a mechanism for identifying said predetermined encryption/decryption mechanism and appending said new address header to said first data packet, thereby generating a modified first data packet on to the second host computer.
- View Dependent Claims (44)
- - 44. The system as recited in claim 16, wherein the mechanism indirectly references said predetermined encryption/decryption mechanism.

17. A method for transmitting packets of data via an internetwork from a first host computer on a first computer network to a second host computer on a second computer network, the first computer networks including a first bridge computer, each of said first and second host computers and said bridge computer further including memory storing at least one predetermined encryption/decryption mechanism and information identifying a predetermined plurality of host computers as hosts requiring security for packets transmitted between them, the method being carried out according to the instructions stored in said respective memories and including the steps of:
- (1) generating, by the first host computer, a first data packet for transmission to the second host computer, a portion of the first data packet including information representing an internetwork address of the first host computer and an internetwork address of the second host computer;
  
  (2) in the first bridge computer, intercepting the first data packet and determining whether the first and second host computers are among the predetermined plurality of host computers for which security is required, and if not, proceeding to step 5, and if so, proceeding to step 3;
  
  (3) encrypting the first data packet in the first bridge computer;
  
  (4) in the first bridge computer, generating and appending to the first data packet an encapsulation header, including;
  
  (a) key management information providing a mechanism for identifying the predetermined encryption method, and (b) a new address header representing the source and destination for the data packet, thereby generating a modified first data packet; and
  
  (5) transmitting the first data packet or the modified first data packet from the first bridge computer via the internetwork to the second computer network.

18. A system for automatically decrypting data packets transmitted from a first computer to a second computer, the system comprising:
- a bridge coupled to the second computer for intercepting a data packet from the first computer, the data packet having an address header and a body, the address header including broadcast addresses of the first and second computers, the bridge including a processor and a memory that stores instructions for decrypting data packets;
  
  information stored in the memory of the bridge correlating the first and second computers; and
  
  instructions stored in the memory for intercepting the data packet, determining whether the information stored in the memory of the bridge correlates the first and second computers, and if so, decrypting at least a portion of the data packet to generate a new data packet including a new address header, and transmitting the new data packet onto the second computer.
- View Dependent Claims (19, 20, 45)
- - 19. The system of claim 18, wherein the data packet includes the new data packet in encrypted form.
  - 20. The method of claim 18, wherein the new address header includes information indicating the first computer is a source of the new data packet and the second computer is a destination of the new data packet.
  - 45. The system as recited in claim 20, wherein the mechanism indirectly identifies the encryption method.

21. A system for automatically decrypting data packets transmitted from a first computer to a second computer, the system comprising:
- a bridge coupled to the second computer for intercepting a data packet from the first computer, the data packet including a header storing key management information providing a mechanism for identifying an encryption method used to encrypt the data packet, the bridge including a processor and a memory that stores instructions for decrypting data packets;
  
  information stored in the memory of the bridge correlating the first and second computers; and
  
  instructions stored in the memory for intercepting the data packet, determining whether the information stored in the memory of the bridge correlates the first and second computers, and if so, decrypting the data packet to generate a new data packet including a new address header, and transmitting the new data packet onto the second computer.

22. A method for receiving data packets from a first computer to a second computer through a bridge including a processor and a memory that stores instructions for decrypting data packets and information correlating the first and second computers, the method being carried out according to instructions in the memory of the bridge and comprising:
- intercepting a data packet from the first computer to the second computer, the data packet including an address header and a body, the address header including broadcast addresses of the first and second computers and the body including address information representing an internetwork address of the first computer and an internetwork address of the second computer, wherein the address information is encrypted;
  
  determining whether the information stored in the memory of the bridge correlates the first and second computers, and if so, decrypting the data packet to generate a new data packet including a new address header; and
  
  transmitting the new data packet on to the second computer.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22, wherein the body includes the new data packet in encrypted form.
  - 24. The method of claim 22, wherein the new address header includes information indicating the first computer is a source of the new data packet and the second computer is a destination of the new data packet.

25. A method for receiving data packets from a first computer to a second computer through a bridge including a processor and a memory that stores instructions for decrypting data packets and information correlating the first and second computers, the method being carried out according to instructions in the memory of the bridge and comprising:
- intercepting a data packet from the first computer to the second computer, the data packet including information representing an internetwork address of the first computer and an internetwork address of the second computer;
  
  determining whether the information stored in the memory of the bridge correlates the first and second computers, and if so, decrypting the data packet to generate a new data packet including a new address header; and
  
  transmitting the new data packet on to the second computer;
  
  wherein the data packet includes a header storing key management information providing a mechanism for identifying an encryption method used to encrypt the new data packet.

26. A method of encrypting data packets, comprising:
- receiving a data packet from a source for a destination, the data packet including a header section and a data section, the header section storing a source identifier and a destination identifier;
  
  determining whether the data packet should be encrypted upon reference to at least one of the source and destination identifiers;
  
  if the data packet should be encrypted, encrypting the data packet to produce an encrypted data packet; and
  
  generating a new address header and appending the new address header to the encrypted data packet, thereby generating a modified data packet;
  
  wherein the new address header includes a mechanism for identifying an encryption method used to generate the encrypted data packet.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 46)
- - 27. The method of claim 26, further comprising transmitting the modified data packet to the destination.
  - 28. The method of claim 26, wherein the determining whether the data packet should be encrypted comprises accessing stored information that indicates by presence or absence of the source identifier that data packets from the source should be encrypted.
  - 29. The method of claim 26, wherein the determining whether the data packet should be encrypted comprises accessing stored information that indicates by presence or absence of a correlation between the source and destination identifiers that data packets from the source for the destination should be encrypted.
  - 30. The method of claim 26, wherein the encrypted data packet includes an encrypted data packet header section and an encrypted data packet data section, the encrypted data packet header section including the header section of the data packet after encryption and the encrypted data packet data section including the data section of the data packet after encryption, the modified data packet including a header portion storing the new address header and a data portion storing the encrypted data packet.
  - 31. The method of claim 30, wherein the encrypted data packet header section stores the source and destination identifiers.
  - 32. The method of claim 26, wherein the source is a host computer or a network.
  - 33. The method of claim 26, wherein the destination is a host computer or a network.
  - 46. The method as recited in claim 26, wherein the mechanism indirectly identifies the encryption method.

34. A computer program product adapted for encrypting data packets, comprising:
- computer code that when executed causes the reception of a data packet from a source for a destination, the data packet including a header section and a data section, and the header section storing a source identifier and a destination identifier;
  
  computer code that when executed causes the determination of whether the data packet should be encrypted upon reference to at least one of the source and destination identifiers;
  
  computer code that when executed, if the data packet should be encrypted, causes the encryption of the data packet to produce an encrypted data packet;
  
  computer code that when executed causes the generation of a new address header and appends the new address header to the encrypted data packet, the new address header including a mechanism for identifying an encryption method used to generate the encrypted data packet, thereby generating a modified data packet; and
  
  a computer readable medium that stores the computer codes.
- View Dependent Claims (35, 47)
- - 35. The computer program product of claim 34, wherein the computer readable medium is a memory, random-access-memory, read-only-memory, disk drive, or CD-ROM.
  - 47. The computer program product as recited in claim 34, wherein the mechanism indirectly identifies the encryption method.

36. A computer system for encrypting data packets, comprising:
- a processor;
  
  a computer readable medium coupled to the processor and storing a computer program comprising;
  
  computer code that when executed by the processor causes the processor to receive a data packet from a source for a destination, the data packet including a header section and a data section, and the header section storing a source identifier and a destination identifier;
  
  computer code that when executed by the processor causes the processor to determine whether the data packet should be encrypted upon reference to at least one of the source and destination identifiers;
  
  computer code that when executed by the processor causes the processor to encrypt the data packet to produce an encrypted data packet when it is determined that the data packet should be encrypted; and
  
  computer code that when executed by the processor causes the processor to generate a new address header and append the new address header to the encrypted data packet, thereby generating a modified data packet;
  
  wherein the new address header includes a mechanism for identifying an encryption method used to generate the encrypted data packet.
- View Dependent Claims (37, 48)
- - 37. The computer program product of claim 36, wherein the computer readable medium is a memory, random-access-memory, read-only-memory, disk drive, or CD-ROM.
  - 48. The computer system as recited in claim 36, wherein the mechanism indirectly identifies the encryption method.

38. A system for automatically encrypting and decrypting data packets transmitted from a first host computer on a first computer network, the first host computer having a first processor and a first memory, via an internetwork to a second host computer on a second computer network, the second host computer having a second processor and a second memory, the system including:
- security data stored in said first and second memories indicating that data packets meeting at least one predetermined criterion are to be encrypted;
  
  instructions stored in said first memory for determining whether to encrypt one or more data packets, by determining whether said at least one predetermined criterion is met by said one or more data packets;
  
  instructions stored in said first memory for executing encryption of at least a first one of said one or more data packets according to a predetermined encryption/decryption mechanism, when said at least one predetermined criterion is met, for generating a new address header for said first data packet and for appending an encapsulation header to said first data packet and transmitting said first data packet to said second host, said encapsulation header including said new address header and a mechanism for identifying said predetermined encryption/decryption mechanism;
  
  instructions stored in said second memory for receiving said first data packet, determining whether it has been encrypted by reference to said security data in said second memory, and if so then determining which encryption/decryption mechanism was used for encryption, and decrypting said first data packet by use of said encryption/decryption mechanism.
- View Dependent Claims (39)
- - 39. The system as recited in claim 38, wherein said predetermined encryption/decryption mechanism is provided in encrypted form within said encapsulation header.

41. A system for automatically encrypting data packets for transmission from a first host computer on a first computer network to a second host computer on a second computer network, said first host computer including a first processor and a first memory including instructions for transmitting said data packets from said first host to said second host, the system including:
- a bridge computer coupled to the first computer network for intercepting at least a first data packet transmitted from said first computer network, said bridge computer including a second processor and a second memory storing instructions for executing encryption of said first data packet according to a predetermined encryption/decryption mechanism;
  
  information stored in said second memory correlating at least one of the first host computer and the first network with one of the second host computer and the second network, respectively; and
  
  instructions stored in said second memory for intercepting said first data packet before departure from said first network, determining whether said correlation is present, and if so, then executing encryption of said first data packet according to said predetermined encryption/decryption mechanism, generating a new address header including the internetwork broadcast addresses of the first and second computer networks and appending said new address header to said first data packet, thereby generating a modified first data packet on to the second host computer.

42. A computer program product adapted for encrypting data packets, comprising:
- computer code that when executed on a computer causes the computer to receive a data packet from a source for a destination, the data packet including a header section and a data section, and the header section storing a source identifier and a destination identifier;
  
  computer code that when executed on a computer causes the computer to determine whether the data packet should be encrypted upon reference to at least one of the source and destination identifiers;
  
  computer code that when executed on a computer causes the computer to, if the data packet should be encrypted, encrypt the data packet to produce an encrypted data packet;
  
  computer code that when executed on a computer causes the computer to generate a new address header storing at least one of a broadcast address associated with the source and a broadcast address associated with the destination, and append the new address header to the encrypted data packet, thereby generating a modified data packet; and
  
  a computer readable medium that stores the computer codes.

43. A computer system for encrypting data packets, comprising:
- a processor;
  
  a computer readable medium coupled to the processor storing a computer program comprising;
  
  computer code that when executed by the processor causes the processor to receive a data packet from a source for a destination, the data packet including a header section and a data section, the header section storing a source identifier and a destination identifier;
  
  computer code that when executed by the processor causes the processor to determine whether the data packet should be encrypted upon reference to at least one of the source and destination identifiers;
  
  computer code that when executed by the processor causes the processor to if the data packet should be encrypted, encrypt the data packet to produce an encrypted data packet; and
  
  computer code that when executed by the processor causes the processor to generate a new address header storing at least one of a broadcast address associated the source and a broadcast address associated with the destination, and append the new address header to the encrypted data packet, thereby generating a modified data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Patterson, Martin, Mulligan, Geoffrey, Scott, Glenn, Aziz, Ashar
Primary Examiner(s)
Song, Hosuk

Application Number

US09/136,954
Time in Patent Office

2,981 Days
Field of Search

380/49, 380/21, 380/277, 713/151, 713153-154, 713160-163, 713/150, 713200-201, 709/200, 709/217
US Class Current

713/150
CPC Class Codes

H04L 12/22   Arrangements for preventing...

H04L 12/4625   Single bridge functionality...

H04L 2212/00   Encapsulation of packets

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

System for signatureless transmission and reception of data packets between computer networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

System for signatureless transmission and reception of data packets between computer networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links