Aug 19, 1998 - between sites on the Internet or other networks of computer networks. ..... This approach has certain adv
USO0RE39360E
(19) United States (12) Reissued Patent
(10) Patent Number:
Aziz et a]. (54)
US RE39,360 E
(45) Date of Reissued Patent:
SYSTEM FOR SIGNATURELESS
Oct. 17, 2006
FOREIGN PATENT DOCUMENTS
TRANSMISSION AND RECEPTION OF DATA
JP
PACKETS BETWEEN COMPUTER NETWORKS
W0
04 154,33
9, 02095
5/1992
*
6/1992
OTHER PUBLICATIONS (75)
Inventors: Ashar Aziz, Fremont, CA (US);
_
_
_
_
Geo?rey Mulligan, Fremont’ CA (Us);
Chuck Semeria, Understandrng IP Addressing: Everything
Martin Patterson Grenoble (FR).
You Ever Wanted to Know. 1996. 3Com CorOporation.*
Glenn Scott sunliyvale CA (Us),
Forne et al., “Hardware Implementation of a Secure Bridge
3
s
in Ethernet Environments,” Nov. 29, 1993, IEEE.
(73) AssigneeZ sun Micmsystems, Inc" Santa Clara’ CA (Us)
O’Higgins, et al, “Securing Information in X.25 Networks,” Dec. 25, 1990, Globecom ’90 IEEE Global Telecommuni cations Conference & Exhibition.
Sharp et al., “Network Security in a Heterogeneous Envi
(21) Appl' NO': 09/136’954 (22) Filed; Aug, 19, 1998
ronment,” Sep. 1994, AT&T Technical Journal. Yamaguchi et al., “A design for LAN cipher communica tions,” Jan. 21, 1994, Technical Report of IEICE, vol. 93,
Related US. Patent Documents
NO- 436
Reissue of:
Japanese O?ice Action dated Mar. 15, 2005, from corre
(64) Patent No.1
5,548,646
sponding Japanese Application No. 262037/95.
Aug. 20, 1996
* Cited b examiner
Appl. No.: Filed: (51) Int_ CL
08/306,337 seP' 15’ 1994
y Primary ExamineriHosuk Song (74) Attorney, Agent, or FirmiBeyer Weaver & Thomas,
H04L 9/00
(2006.01)
Issued:
LLP
(57) (52)
(58)
ABSTRACT
US. Cl. ......................... .. 713/150; 380/21; 380/49;
380/277; 713/151; 713/153; 713/154; 713/160;
A System for automatically encrypting and decrypting data
713/162
packet sent from a source host to a destination host across a
Field of Classi?cation Search ................. .. 380/49
Public meme/‘Work A tunnelling bridge is Positioned 2“
380/21 277, 713/151 153*15 4 160*163’
each network, and intercepts all packets transmitted to or
’ 715/150 20bi201_ 70’9/200 217’ ’ ’ See application ?le for complete search history.’
from its associated network. The tunnelling bridge includes tables indicated pairs of hosts or pairs of networks between
References Cited
which packets should be encrypted. When a packet is transmitted from a ?rst host, the tunnelling bridge of that host’s network intercepts the packet, and determines from its
US. PATENT DOCUMENTS
header information whether packets from that host that are directed to the speci?ed destination host should be
(56)
encrypted; or, alternatively, whether packets from the source
>1
HOST B PACKETS TO BE ENCRYPTED?
ENCRYPT PACKET
/ 250
{ ADD ENCAPSULATION HEADER
r'\ 260
T J~
TRANSMIT PACKET TO DESTINATION NETWORK
V 270
T INTERCEPT PACKET AT TB2
A 280
T HEAD ENCAPSULATION HEADER
\- 290
WAS PACKET ENCRYPTED?
DETERMINE ENCRYPTION MECHANISM
r- 320
T
>
DECRYPT PACKET
330
V
340
TRANSMIT PACKET TO HOST B
/FIG 6
U.S. Patent
0a. 17, 2006
420
Sheet 6 0f 7
US RE39,360 E
410
/
/ DATA
f
400
FIG. 7 450
(440) (420)
/
\W
(410)
/
:
\
(DATA)
1 402
A
Y
Y
430
(400)
FIG. 8 470
460 (440)
/ . ‘
‘ w"
(420)
(410)
/|
/
1
I: 8 33;)?
I
K
(DATA)
J\
1 404 J
Y
T
432
(409)
FIG. 9 450
460 (440)
x v 7%
&
‘
'
\
(420)
(410)
/I
.
/
I
l
(
DATA
A
)
