Method and apparatus for providing security mechanism guaranteeing transparency at transport layer

US 20060095758A1
Filed: 04/12/2005
Published: 05/04/2006
Est. Priority Date: 11/04/2004
Status: Active Grant

First Claim

Patent Images

1. A method of providing a security mechanism guaranteeing transparency at a transport layer, comprising:

receiving a data packet from an application program, and searching key information corresponding to the data packet in key information database;

determining whether to request a key exchange module of an application layer for a new key negotiation according to a result obtained by searching key information; and

performing encrypting/decrypting based on key information when the key exchange module stores key negotiation information obtained by the new key negotiation in a kernel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a method and apparatus for providing a security mechanism guaranteeing transparency at a transport layer. The method includes: receiving a data packet from an application program, and searching key information corresponding to the data packet in key information database; determining whether to request a key exchange module of an application layer for a new key negotiation according to a result obtained by searching key information; and performing encrypting/decrypting based on key information when the key exchange module stores key negotiation information obtained by the new key negotiation in a kernel. The apparatus encrypts/decrypts the data packet at the transport layer of the kernel, thereby providing the application program with security transparency, effectively controlling and making it easily expansible.

13 Citations

6 Claims

1. A method of providing a security mechanism guaranteeing transparency at a transport layer, comprising:
- receiving a data packet from an application program, and searching key information corresponding to the data packet in key information database;
  
  determining whether to request a key exchange module of an application layer for a new key negotiation according to a result obtained by searching key information; and
  
  performing encrypting/decrypting based on key information when the key exchange module stores key negotiation information obtained by the new key negotiation in a kernel.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the searching of key information comprises:
    - checking the data packet when the data packet is transmitted to a TCP/UDP protocol from a socket interface.
  - 3. The method of claim 1, wherein the determining comprises:
    - encrypting the data packet based on searched key information when the result obtained by searching key information is positive; and
      
      requesting the key exchange module for a key negotiation when the result is negative.
  - 4. The method of claim 1, wherein the performing of encrypting/decrypting comprises:
    - exchanging and negotiating key information between the key exchange module and a node;
      
      storing key negotiation information in the kernel, and driving a request processor on standby; and
      
      encrypting the data packet based on stored key negotiation information and transmitting encrypted data packet.

5. An apparatus for providing a security mechanism guaranteeing transparency at a transport layer, comprising:
- a key information search unit receiving a data packet transmitted from an application program to a TCP/UDP protocol, searching key information corresponding to the data packet in a key database, and determining whether the key database includes key information;
  
  a key request determiner requesting for a new key, and determining that an encrypting/decrypting processor is on standby if the key database does not include key information corresponding to the data packet; and
  
  an encrypting/decrypting unit encrypting/decrypting the data packet based on key information output by the key request determiner, and outputting encrypted/decrypted data packet.
- View Dependent Claims (6)
- - 6. The apparatus of claim 5, wherein the key request determiner comprises:
    - a key exchange module unit exchanging and negotiating key information with a node when the key request determiner requests for the new key; and
      
      a key information storage unit storing key negotiation information received from the node in the key database, and driving the encrypting/decrypting processor on standby.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Jang, Jong Soo, Kim, Jeong Nyeo, Lee, Sang Su, Lim, Sun Hee, Kim, Geon Woo, Kim, Ki Hyun

Granted Patent

US 7,571,309 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/04 for providing a confidentia...

H04L 63/061 for key exchange, e.g. in p...

Method and apparatus for providing security mechanism guaranteeing transparency at transport layer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing security mechanism guaranteeing transparency at transport layer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links