[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patents by Sun?



I believe that if you're willing to dig, you can go to the Patent Office web
site at www.uspto.gov and look it up by number.

At 05:32 PM 8/29/96 -0400, you wrote:
>
>Someone forwarded this to me. I don't know if its real.
>
>I must admit I haven't yet tracked this down to confirm it (it might
>be a hoax) but it appears by the looks of it that Ashar has patented
>IPSEC. Again, I have to track down an independent copy to confirm
>it. If the claims listed are genuine, they are all on their face
>invalidated by prior art, but...
>
>Perry
>
>------- Forwarded Message
>
>   System for signatureless transmission and reception of 
>   data packets between computer networks (Assignee -- Sun 
>   Microsystems, Inc.) 
> 
> 
>   Abstract: A system for automatically encrypting and 
>   decrypting data packet sent from a source host to a 
>   destination host across a public internetwork. 
> 
>   A tunnelling bridge is positioned at each network, and 
>   intercepts all packets transmitted to or from its 
>   associated network. 
> 
>   The tunnelling bridge includes tables indicated pairs of 
>   hosts or pairs of networks between which packets should 
>   be encrypted. 
> 
>   When a packet is transmitted from a first host, the 
>   tunnelling bridge of that host's network intercepts the 
>   packet, and determines from its header information 
>   whether packets from that host that are directed to the 
>   specified destination host should be encrypted; or, 
>   alternatively, whether packets from the source host's 
>   network that are directed to the destination host's 
>   network should be encrypted. 
> 
>   If so, the packet is encrypted, and transmitted to the 
>   destination network along with an encapsulation header 
>   indicating source and destination information: either 
>   source and destination host addresses, or the broadcast 
>   addresses of the source and destination networks (in the 
>   latter case, concealing by encryption the hosts' 
>   respective addresses). 
> 
>   An identifier of the source network's tunnelling bridge 
>   may also be included in the encapsulation header. At the 
>   destination network, the associated tunnelling bridge 
>   intercepts the packet, inspects the encapsulation header, 
>   from an internal table determines whether the packet was 
>   encrypted, and from either the source (host or network) 
>   address or the tunnelling bridge identifier determines 
>   whether and how the packet was encrypted. 
> 
>   If the packet was encrypted, it is now decrypted using a 
>   key stored in the destination tunnelling bridge's memory, 
>   and is sent on to the destination host. 
> 
>   The tunnelling bridge identifier is used particularly in 
>   an embodiment where a given network has more than one 
>   tunnelling bridge, and hence multiple possible 
>   encryption/decryption schemes and keys. 
> 
>   In an alternative embodiment, the automatic encryption 
>   and decryption may be carried out by the source and 
>   destination hosts themselves, without the use of 
>   additional tunnelling bridges, in which case the 
>   encapsulation header includes the source and destination 
>   host addresses. 
> 
> 
>   Ex Claim Text: A method for transmitting and receiving 
>   packets of data via an internetwork from a first host 
>   computer on a first computer network to a second host 
>   computer on a second computer network, the first and 
>   second computer networks including, respectively, first 
>   and second bridge computers, each of said first and 
>   second host computers and first and second bridge 
>   computers including a processor and a memory for storing 
>   instructions for execution by the processor, each of said 
>   first and second bridge computers further including 
>   memory storing at least one predetermined encryption/ 
>   decryption mechanism and information identifying a 
>   predetermined plurality of host computers as hosts 
>   requiring security for packets transmitted between them, 
>   the method being carded out by means of the instructions 
>   stored in said respective memories and including the 
>   steps of: 
> 
>   (1) generating, by the first host computer, a first data 
>   packet for transmission to the second host computer, a 
>   portion of the data packet including information 
>   representing an internetwork address of the first host 
>   computer and an internetwork address of the second host 
>   computer; 
> 
>   (2) in the first bridge computer, intercepting the first 
>   data packet and determining whether the first and second 
>   host computers are among the predetermined plurality of 
>   host computers for which security is required, and if 
>   not, proceeding to step 5, and if so, proceeding to step 
>   3; 
> 
>   (3) encrypting the first data packet in the first bridge 
>   computer; 
> 
>   (4) in the first bridge computer, generating and 
>   appending (4) in the first bridge computer, generating 
>   and appending to the first data packet an enapsulation 
>   header, including: 
> 
>      (a) key management information  identifying the 
>      predetermined encryption method, and 
> 
>      (b) a new address header representing the source and 
>      destination for the data packet, thereby generating a 
>      modified data packet; 
> 
>   (5) transmitting the data packet from the first bridge 
>   computer via the internetwork to the second computer 
>   network; 
> 
>   (6) intercepting the data packet at the second bridge 
>   computer; 
> 
>   (7) in the second bridge computer, reading the 
>   encapsulation header, and determining therefrom whether 
>   the data packet was encrypted, and if not, proceeding to 
>   step 10, and if so, proceeding to step 8; 
> 
>   (8) in the second bridge computer, determining which 
>   encryption mechanism was used to encrypt the first data 
>   packet; 
> 
>   (9) decrypting the first data packet by the second bridge 
>   computer; 
> 
>   (10) transmitting the first data packet from the second 
>   bridge computer to the second host computer; and 
> 
>   (11) receiving the unencrypted data packet at the second 
>   host computer. 
> 
>   Assignee: Sun Microsystems, Inc. 
> 
>   Patent Number: 5548646 
> 
>   Issue Date: 1996 08 20 
> 
>   Inventor(s): Aziz, Ashar; Mulligan, Geoffrey; Patterson, 
>   Martin; Scott, Glenn. State/Country CA 
> 
>
>------- End of Forwarded Message
>
>
>
>
>

               Rodney Thayer <rodney@sabletech.com>       +1 617 332 7292
               Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
               Fax: +1 617 332 7970           http://www.shore.net/~sable
                           "Developers of communications software"