[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patents by Sun?
I believe that if you're willing to dig, you can go to the Patent Office web
site at www.uspto.gov and look it up by number.
At 05:32 PM 8/29/96 -0400, you wrote:
>
>Someone forwarded this to me. I don't know if its real.
>
>I must admit I haven't yet tracked this down to confirm it (it might
>be a hoax) but it appears by the looks of it that Ashar has patented
>IPSEC. Again, I have to track down an independent copy to confirm
>it. If the claims listed are genuine, they are all on their face
>invalidated by prior art, but...
>
>Perry
>
>------- Forwarded Message
>
> System for signatureless transmission and reception of
> data packets between computer networks (Assignee -- Sun
> Microsystems, Inc.)
>
>
> Abstract: A system for automatically encrypting and
> decrypting data packet sent from a source host to a
> destination host across a public internetwork.
>
> A tunnelling bridge is positioned at each network, and
> intercepts all packets transmitted to or from its
> associated network.
>
> The tunnelling bridge includes tables indicated pairs of
> hosts or pairs of networks between which packets should
> be encrypted.
>
> When a packet is transmitted from a first host, the
> tunnelling bridge of that host's network intercepts the
> packet, and determines from its header information
> whether packets from that host that are directed to the
> specified destination host should be encrypted; or,
> alternatively, whether packets from the source host's
> network that are directed to the destination host's
> network should be encrypted.
>
> If so, the packet is encrypted, and transmitted to the
> destination network along with an encapsulation header
> indicating source and destination information: either
> source and destination host addresses, or the broadcast
> addresses of the source and destination networks (in the
> latter case, concealing by encryption the hosts'
> respective addresses).
>
> An identifier of the source network's tunnelling bridge
> may also be included in the encapsulation header. At the
> destination network, the associated tunnelling bridge
> intercepts the packet, inspects the encapsulation header,
> from an internal table determines whether the packet was
> encrypted, and from either the source (host or network)
> address or the tunnelling bridge identifier determines
> whether and how the packet was encrypted.
>
> If the packet was encrypted, it is now decrypted using a
> key stored in the destination tunnelling bridge's memory,
> and is sent on to the destination host.
>
> The tunnelling bridge identifier is used particularly in
> an embodiment where a given network has more than one
> tunnelling bridge, and hence multiple possible
> encryption/decryption schemes and keys.
>
> In an alternative embodiment, the automatic encryption
> and decryption may be carried out by the source and
> destination hosts themselves, without the use of
> additional tunnelling bridges, in which case the
> encapsulation header includes the source and destination
> host addresses.
>
>
> Ex Claim Text: A method for transmitting and receiving
> packets of data via an internetwork from a first host
> computer on a first computer network to a second host
> computer on a second computer network, the first and
> second computer networks including, respectively, first
> and second bridge computers, each of said first and
> second host computers and first and second bridge
> computers including a processor and a memory for storing
> instructions for execution by the processor, each of said
> first and second bridge computers further including
> memory storing at least one predetermined encryption/
> decryption mechanism and information identifying a
> predetermined plurality of host computers as hosts
> requiring security for packets transmitted between them,
> the method being carded out by means of the instructions
> stored in said respective memories and including the
> steps of:
>
> (1) generating, by the first host computer, a first data
> packet for transmission to the second host computer, a
> portion of the data packet including information
> representing an internetwork address of the first host
> computer and an internetwork address of the second host
> computer;
>
> (2) in the first bridge computer, intercepting the first
> data packet and determining whether the first and second
> host computers are among the predetermined plurality of
> host computers for which security is required, and if
> not, proceeding to step 5, and if so, proceeding to step
> 3;
>
> (3) encrypting the first data packet in the first bridge
> computer;
>
> (4) in the first bridge computer, generating and
> appending (4) in the first bridge computer, generating
> and appending to the first data packet an enapsulation
> header, including:
>
> (a) key management information identifying the
> predetermined encryption method, and
>
> (b) a new address header representing the source and
> destination for the data packet, thereby generating a
> modified data packet;
>
> (5) transmitting the data packet from the first bridge
> computer via the internetwork to the second computer
> network;
>
> (6) intercepting the data packet at the second bridge
> computer;
>
> (7) in the second bridge computer, reading the
> encapsulation header, and determining therefrom whether
> the data packet was encrypted, and if not, proceeding to
> step 10, and if so, proceeding to step 8;
>
> (8) in the second bridge computer, determining which
> encryption mechanism was used to encrypt the first data
> packet;
>
> (9) decrypting the first data packet by the second bridge
> computer;
>
> (10) transmitting the first data packet from the second
> bridge computer to the second host computer; and
>
> (11) receiving the unencrypted data packet at the second
> host computer.
>
> Assignee: Sun Microsystems, Inc.
>
> Patent Number: 5548646
>
> Issue Date: 1996 08 20
>
> Inventor(s): Aziz, Ashar; Mulligan, Geoffrey; Patterson,
> Martin; Scott, Glenn. State/Country CA
>
>
>------- End of Forwarded Message
>
>
>
>
>
Rodney Thayer <rodney@sabletech.com> +1 617 332 7292
Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
Fax: +1 617 332 7970 http://www.shore.net/~sable
"Developers of communications software"