Network security bridge and associated method
First Claim
1. A network local security bridge that bridges a first side of a network and a second side of the network, the first side of the network including local secure zone host devices within a local secure zone established by the network local security bridge, the second side of the network including network remote security bridges that each establish a remote secure zone and remote secure zone host devices within the remote secure zones, the network local security bridge comprising:
- a first interface controller to receive from the first side of the network a first data packet that contains a source address, a destination address, and a data frame;
a second interface controller to receive from the second side of the network a second data packet that contains a source address, a destination address, and a data frame;
a data packet processor coupled to the first and second interface controllers to process the first and second data packets by encrypting the data frame of the received first data packet when the source address of the received first data packet specifies one of the local secure zone host devices and the destination address of the received first data packet specifies one of the remote secure zone host devices, and by decrypting the data frame of the received second data packet when the source address of the received second data packet specifies one of the remote secure zone host devices and the destination address of the received second data packet specifies one of the local secure zone host devices;
the second interface controller transmitting the processed first data packet to the second side of the network; and
the first interface controller transmitting the processed second data packet to the first side of the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A network local security bridge and corresponding method for bridging a first side of a network and a second side of the network. The first side includes local secure zone host devices within a local secure zone established by the network local security bridge. The second side includes remote secure zone host devices within remote secure zones established by network remote security bridges. The network local security bridge processes a first side data packet received from the first side of the network and a second side data packet received from the second side of the network. In doing so, the network local security bridge encrypts the data frame of the first side data packet when its source and destination addresses respectively specify one of the local secure zone host devices and one of the remote secure zone host devices and leaves the data frame of the first side data packet unchanged when its source and destination addresses respectively specify one of the local secure zone host devices and one of the unsecure host devices. In addition, the network local security bridge decrypts the data frame of the second side data packet when its source and destination addresses respectively specify one of the remote secure zone host devices and one of the local secure zone host devices and leaves the data frame of the second side data packet unchanged when its source and destination addresses respectively specify one of the unsecure host devices and one of the local secure zone host devices. It then transmits the processed first side data packet to the second side and the processed second side data packet to the first side.
118 Citations
12 Claims
-
1. A network local security bridge that bridges a first side of a network and a second side of the network, the first side of the network including local secure zone host devices within a local secure zone established by the network local security bridge, the second side of the network including network remote security bridges that each establish a remote secure zone and remote secure zone host devices within the remote secure zones, the network local security bridge comprising:
-
a first interface controller to receive from the first side of the network a first data packet that contains a source address, a destination address, and a data frame; a second interface controller to receive from the second side of the network a second data packet that contains a source address, a destination address, and a data frame; a data packet processor coupled to the first and second interface controllers to process the first and second data packets by encrypting the data frame of the received first data packet when the source address of the received first data packet specifies one of the local secure zone host devices and the destination address of the received first data packet specifies one of the remote secure zone host devices, and by decrypting the data frame of the received second data packet when the source address of the received second data packet specifies one of the remote secure zone host devices and the destination address of the received second data packet specifies one of the local secure zone host devices; the second interface controller transmitting the processed first data packet to the second side of the network; and the first interface controller transmitting the processed second data packet to the first side of the network. - View Dependent Claims (2, 3)
-
-
4. A network local security bridge that bridges a first side of a network and a second side of the network, the first side of the network including local secure zone host devices within a local secure zone established by the network local security bridge, the second side of the network including unsecure host devices, network remote security bridges that each establish a remote secure zone, and remote secure zone host devices within the remote secure zones, the network local security bridge comprising:
-
a first interface controller to receive from the first side of the network a first data packet that contains a source address, a destination address, and a data frame; a second interface controller to receive from the second side of the network a second data packet that contains a source address, a destination address, and a data frame; a data packet processor coupled to the first and second interfaces to process the received first and second side data packets by encrypting the data frame of the received first data packet when the source address of the received first data packet specifies one of the local secure zone host devices and the destination address of the received first data packet specifies one of the remote secure zone host devices, by leaving unchanged the data frame of the received first data packet when the source address of the received first data packet specifies one of the local secure zone host devices and the destination address of the received first data packet specifies one of the unsecure host devices, by decrypting the data frame of the received second data packet when the source address of the received second data packet specifies one of the remote secure zone host devices and the destination address of the received second data packet specifies one of the local secure zone host devices, and by leaving unchanged the data frame of the received second data packet when the source address of the received second data packet specifies one of the unsecure host devices and the destination address of the received second data packet specifies one of the local secure zone host devices; the second interface controller transmitting the processed first data packet to the second side of the network; and the first interface controller transmitting the processed second data packet to the first side of the network. - View Dependent Claims (5, 6)
-
-
7. A method of bridging a first side of a network and a second side of the network to establish a local secure zone, the first side of the network including local secure zone host devices within the local secure zone, the second side of the network including network remote security bridges that each establish a remote secure zone and remote secure zone host devices within the remote secure zones, the method comprising the steps of:
-
receiving from the first of the network a first data packet that contains a source address, a destination address, and a data frame; receiving from the second of the network a second data packet that contains a source address, a destination address, and a data frame; processing the received first and second data packets including the steps of; encrypting the data frame of the received first data packet when the source address of the received first data packet specifies one of the local secure zone host devices and the destination address of the received first data packet specifies one of the remote secure zone host devices; and decrypting the data frame of the received second data packet when the source address of the received second data packet specifies one of the remote secure zone host devices and the destination address of the received second data packet specifies one of the local secure zone host devices; transmitting the processed first data packet to the second side; and transmitting the processed second data packet to the first side. - View Dependent Claims (8, 9)
-
-
10. A method of bridging a first side of a network and a second side of the network to establish a local secure zone, the first side of the network including local secure zone host devices within the local secure zone, the second side of the network including unsecure host devices, network remote security bridges that each establish a remote secure zone, and remote secure zone host devices within the remote secure zones, the method comprising the steps of:
-
receiving from the first side of the network a first data packet that contains a source address, a destination address, and a data frame; receiving from the second side of the network a second data packet that contains a source address, a destination address, and a data frame; processing the received first and second data packets including the steps of; encrypting the data frame of the received first data packet when the source address of the received first data packet specifies one of the local secure zone host devices and the destination address of the received first data packet specifies one of the remote secure zone host devices; and leaving unchanged the data frame of the received first data packet when the source address of the received first data packet specifies one of the local secure zone host devices and the destination address of the received first data packet specifies one of the unsecure host devices; decrypting the data frame of the received second data packet when the source address of the received second data packet specifies one of the remote secure zone host devices and the destination address of the received second data packet specifies one of the local secure zone host devices; and leaving unchanged the data frame of the received second data packet when the source address of the received second data packet specifies one of the unsecure host devices and the destination address of the received second data packet specifies one of the local secure zone host devices transmitting the processed first data packet to the second side; and transmitting the processed second data packet to the first side. - View Dependent Claims (11, 12)
-
Specification