Relay apparatus for encrypting and relaying a frame
First Claim
1. A relay apparatus that relays a frame in a data link layer, the relay apparatus comprising:
- a plurality of ports to transmit and receive the frame to and from an outside of the relay apparatus;
a frame relay processing unit to relay the frame between two of the plurality of ports; and
a cryptographic processing unit thatis provided between a determined one of the plurality of ports and the frame relay processing unit;
has a first interface to transmit and receive the frame to and from the determined one of the plurality of ports,has a second interface to transmit and receive the frame to and from the frame relay processing unit,performs an encryption process when receiving the frame from either one of the first interface or the second interface, andperforms a decryption process when receiving the frame, which is encrypted, from the other one of the first interface or the second interface.
2 Assignments
0 Petitions
Accused Products
Abstract
A relay apparatus comprises a frame relay processing unit for relaying a frame, a plurality of ports for sending and receiving the frame to and from the outside, and a cryptographic processing module corresponding to each of the ports. Each cryptographic processing module is connected to the corresponding port and to the frame relay processing unit by means of general-purpose interfaces such as MII. The cryptographic processing module performs the encryption process and decryption process so that the frame relay processing unit can concentrate on the relay process and the relay speed is not subject to degradation. Also, the cryptographic processing module can generate a different cryptographic key for each frame without requiring dynamic exchange of key information.
32 Citations
20 Claims
-
1. A relay apparatus that relays a frame in a data link layer, the relay apparatus comprising:
-
a plurality of ports to transmit and receive the frame to and from an outside of the relay apparatus; a frame relay processing unit to relay the frame between two of the plurality of ports; and a cryptographic processing unit that is provided between a determined one of the plurality of ports and the frame relay processing unit; has a first interface to transmit and receive the frame to and from the determined one of the plurality of ports, has a second interface to transmit and receive the frame to and from the frame relay processing unit, performs an encryption process when receiving the frame from either one of the first interface or the second interface, and performs a decryption process when receiving the frame, which is encrypted, from the other one of the first interface or the second interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A relay apparatus that relays a frame in a data link layer, the relay apparatus comprising:
-
a plurality of ports to transmit and receive the frame to and from an outside of the relay apparatus; a frame relay processing unit to relay the frame; and a cryptographic processing unit that has a first interface to transmit and receive the frame to and from one of the plurality of ports, has a second interface to transmit and receive the frame to and from the frame relay processing unit, performs an encryption process when receiving the frame from either one of the first interface or the second interface by encrypting the frame and generating an encrypted frame, performs a decryption process when receiving the encrypted frame from the other one of the first interface or the second interface by decrypting the encrypted frame, and has a number storage unit to store a sequence number, wherein when performing the encryption process, the cryptographic processing unit generates a cryptographic key using the sequence number, generates the encrypted frame by encrypting the frame using the cryptographic key, incorporates the sequence number into the encrypted frame, and changes a value of the sequence number stored in the number storage unit, when performing the decryption process, the cryptographic processing unit generates the cryptographic key using the sequence number incorporated into the encrypted frame, and performs the decryption process using the cryptographic key, the cryptographic processing unit generates M number of values, M being 2 or a larger integral number, and stores the M number of values as candidate values , according to a pre-shared key that is a value preset in each of a plurality of the relay apparatuses combined to be used to transmit and receive the encrypted frame as an identical value from among the plurality of relay apparatuses, and the cryptographic processing unit selects one of the M number of candidate values according to the sequence number, and generates the cryptographic key using the selected candidate value. - View Dependent Claims (17, 18, 19, 20)
-
Specification