×

System for signatureless transmission and reception of data packets between computer networks

  • US RE39,360 E1
  • Filed: 08/19/1998
  • Issued: 10/17/2006
  • Est. Priority Date: 09/15/1994
  • Status: Expired due to Term
First Claim
Patent Images

1. A method for transmitting and receiving packets of data via a an internetwork from a first host computer on a first computer network to a second host computer on a second computer network, the first and second computer networks including, respectively, first and second bridge computers, each of said first and second host computers and first and second bridge computers including a processor and a memory for storing instructions for execution by the processor, each of said first and second bridge computers further including memory for storing at least one predetermined encryption/decryption mechanism and information identifying a predetermined plurality of host computers as hosts requiring security for packets transmitted between them, the method being carded carried out be by means of the instructions stored in said respective memories and including the steps of:

  • (1) generating, by the first host computer, a first data packet for transmission to the second host computer, a portion of the first data packet including information representing an internetwork address of the first host computer and an internetwork address of the second host computer;

    (2) in the first bridge computer, intercepting the first data packet and determining whether the first and second host computers are among the predetermined plurality of host computers for which security is required, and if not, proceeding to step 5, and if so, proceeding to step 3;

    (3) encrypting the first data packet in the first bridge computer;

    (4) in the first bridge computer, generating and appending to the encrypted first data packet an encapsulation header, including;

    (a) key management information identifying providing a mechanism for identifying the predetermined encryption method, and (b) a new address header representing the source and destination for the first data packet, hereby generating a modified first data packet;

    (5) transmitting the first data packet or the modified first data packet from the first bridge computer via the internetwork to the second computer network;

    (6) intercepting the first data packet or the modified first data packet at the second bridge computer;

    (7) in the second bridge computer, if the encapsulation header has been appended to the first data packet, reading the encapsulation header, and determining therefrom whether the first data packet was encrypted, and if not, proceeding to step 10, and if so, proceeding to step 8 and if it is determined that the first data packet has been encrypted, proceeding to step 8 and otherwise proceeding to step 10;

    (8) in the second bridge computer, determining which encryption mechanism was used to encrypt the first data packet;

    (9) decrypting the first data packet by the second bridge computer;

    (10) transmitting the first data packet from the second bridge computer to the second host computer, ;

    and (11) receiving the unencrypted first data packet at the second host computer.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×