WO2002011390A3 - Network security accelerator - Google Patents

Network security accelerator Download PDF

Info

Publication number
WO2002011390A3
WO2002011390A3 PCT/US2001/023276 US0123276W WO0211390A3 WO 2002011390 A3 WO2002011390 A3 WO 2002011390A3 US 0123276 W US0123276 W US 0123276W WO 0211390 A3 WO0211390 A3 WO 0211390A3
Authority
WO
WIPO (PCT)
Prior art keywords
layer
communication
security
packets
network
Prior art date
Application number
PCT/US2001/023276
Other languages
French (fr)
Other versions
WO2002011390A2 (en
Inventor
Guillermo Maturana
Ashish V Naik
Original Assignee
Andes Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/792,964 external-priority patent/US20020035681A1/en
Application filed by Andes Networks Inc filed Critical Andes Networks Inc
Priority to AU2001277990A priority Critical patent/AU2001277990A1/en
Publication of WO2002011390A2 publication Critical patent/WO2002011390A2/en
Publication of WO2002011390A3 publication Critical patent/WO2002011390A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/166IP fragmentation; TCP segmentation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/325Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the network layer [OSI layer 3], e.g. X.25
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/326Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the transport layer [OSI layer 4]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/328Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the presentation layer [OSI layer 6]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Embodiments of the present invention provide method and apparatus that encrypt/decrypt messages sent over a network rapidly, and which do no require large amounts of computational or memory resources. In particular, one embodiment of the present invention is a method for handling security in a communication between a first end and a second end involving a security layer, a transport layer, and a network layer, which method includes steps of: (a) receiving network layer packets from the first end of the communication, which packets contain information encrypted using security layer encryption processing; (b) decrypting the encrypted information using security layer decryption; and (c) transmitting network layer packets toward the second end of the communication, which packets contain the decrypted information.
PCT/US2001/023276 2000-07-31 2001-07-24 Network security accelerator WO2002011390A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001277990A AU2001277990A1 (en) 2000-07-31 2001-07-24 Enhancing secure communications

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US63033000A 2000-07-31 2000-07-31
US09/630,330 2000-07-31
US70311000A 2000-10-31 2000-10-31
US09/703,110 2000-10-31
US09/792,964 2001-02-26
US09/792,964 US20020035681A1 (en) 2000-07-31 2001-02-26 Strategy for handling long SSL messages

Publications (2)

Publication Number Publication Date
WO2002011390A2 WO2002011390A2 (en) 2002-02-07
WO2002011390A3 true WO2002011390A3 (en) 2002-05-16

Family

ID=27417492

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/023276 WO2002011390A2 (en) 2000-07-31 2001-07-24 Network security accelerator

Country Status (2)

Country Link
AU (1) AU2001277990A1 (en)
WO (1) WO2002011390A2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020199098A1 (en) * 2001-06-08 2002-12-26 Davis John M. Non-invasive SSL payload processing for IP packet using streaming SSL parsing
US20060041741A1 (en) * 2004-08-23 2006-02-23 Nokia Corporation Systems and methods for IP level decryption
FR2887049A1 (en) * 2005-06-14 2006-12-15 France Telecom METHOD FOR PROTECTING THE PIRACY OF A CLIENT TERMINAL USING A SECURE CONNECTION WITH A SERVER ON A PUBLIC NETWORK
US9230373B2 (en) 2013-02-07 2016-01-05 Honeywell International Inc. System and method to aggregate control of multiple devices via multicast messages and automatic set up of connections
CN114143051B (en) * 2021-11-19 2024-02-23 江苏林洋能源股份有限公司 Method for intelligent ammeter to select TLS protocol based on performance adjustment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Packetized SSL Understanding the Advantage", ANDES NETWORKS TECHNICAL WHITE PAPER, 1 March 2001 (2001-03-01), XP002189707, Retrieved from the Internet <URL:http://www.andesnetworks.com/assets/115038519_ssl_advantage.pdf> [retrieved on 20020206] *
"Using the Accelar 710 User Switch, Part No. 207611-A", NORTEL NETWORKS, 11 October 1999 (1999-10-11), Santa Clara, CA (USA), XP002189706, Retrieved from the Internet <URL:http://www25.nortelnetworks.com/library/tpubs/pdf/accelar/207611A.PDF> [retrieved on 20020208] *

Also Published As

Publication number Publication date
WO2002011390A2 (en) 2002-02-07
AU2001277990A1 (en) 2002-02-13

Similar Documents

Publication Publication Date Title
US7879111B2 (en) System and method for RFID transfer of MAC, keys
US7961882B2 (en) Methods and apparatus for initialization vector pressing
US20030026428A1 (en) Method of transmitting confidential data
US10084492B2 (en) Method and system for non-persistent real-time encryption key distribution
WO2000060846A3 (en) Selective and renewable encryption for secure distribution of video on-demand
GR3034392T3 (en) Method for providing a secure communication between two devices and application of this method
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
JP2010268496A (en) Method for secure handover
WO2001078491A3 (en) Systems and methods for encrypting/decrypting data using a broker agent
MY141429A (en) Processing for managing a symmetric key in a communication network and devices for the implementation of this process.
CN101502041A (en) Encryption device, decryption device, encryption method, and decryption method
WO2005041461A3 (en) Method for providing point-to-point encryption in a communication system
JP4976633B2 (en) Method and apparatus for secure transmission of data
JPH10126406A (en) Data cipher system in network
CA2226831A1 (en) Decryption of retransmitted data in an encrypted communication system
WO2002041101A3 (en) Method and system for transmitting data with enhanced security that conforms to a network protocol
WO2002011390A3 (en) Network security accelerator
CN101325486B (en) Method and apparatus for transferring field permission cryptographic key
KR100601634B1 (en) High speed copy protection method
KR20060011999A (en) Des algorithm-based encryption method
JP2005501481A5 (en)
EP1067489A3 (en) Self-service terminal.
US7290135B2 (en) Method and arrangement for data communication in a cryptographic system containing a plurality of entities
CN101192918B (en) A method and system for processing encrypted stream in broadcast network
WO2024077857A1 (en) Data transmission method and apparatus, and device and storage medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP