Cryptography – Communication system using cryptography
Reexamination Certificate
2000-03-21
2001-08-14
Peeso, Thomas R. (Department: 2132)
Cryptography
Communication system using cryptography
C380S256000, C380S257000, C380S269000, C713S168000
Reexamination Certificate
active
06275588
ABSTRACT:
The present invention generally relates to a technique for performing compression, encryption and transmission, and reception, decryption and decompression, respectively, of data communication packages on an area network.
The most commonly applied technique for performing transmissions on a network such as LAN (local area network) or WAN (wide area network) involves performing compression/decompression, encode/decode and transmission/reception of data communication packages to establish a fast communication between stations in the LAN. Techniques are disclosed in following patents and published patent applications DE 3 606 869, EP 0 582 907, U.S. Pat. Nos. 4,701,745, 4,996,690, 5,003,307, 5,016,009, 5,126,739, 5,146,221, 5,414,425, 5,463,390, 5,506,580, 5,532,694, 4,586,027, 4,872,009, 4,701,745 and 4,988,998 describing various aspects of compression/decompression and transmission from one unit to another unit. Reference is made to the above patents and published patent applications, and the above US patents are hereby incorporated in the present specification by reference.
According to present technology it appears that no technique is currently available ensuring a secure communication in combination with a fast communication. To secure data communication packages one must encrypt the data communication packages according to a between stations known encryption key or keys. This is a time consuming process and therefor slows down and in particular delays the transmission between two or more stations and consequently contradicts the combination of a secure and fast communication. Furthermore, according to present technology operations such as compression, encryption and transmission, and reception, decryption and decompression are performed consecutively and which further slows the transmissions on the LAN as the data packages increase. Since computer networking becomes a more and more significant part of today's computer applications and communication on networks becomes everyday practise, it is rendered necessary to develop an apparatus and method for performing secure transmissions and increased transmission rates between stations in a computer network.
An object of the present invention is to provide a novel apparatus and method for securing data communication packages by encryption and simultaneously ensuring a fast communication between stations in a network such as LAN or WAN.
A particular advantage of the present invention is the significant reduction or substantially elimination of delays in transmitting data communication packages through a network by continuously insuring data is presented to the LAN or WAN in an encrypted state.
A particular feature of the present invention relates to the fact that the apparatus according to the present invention may be produced fully or partly in a process compatible with the production of integrated electronic circuits using any appropriate circuit technology involving VLSI, LSI, ASIC, FPGA, PLD production techniques or any combinations thereof.
The above object, the above advantage and the above feature together with numerous other objects, advantages and features which will be evident from the below detailed description of a preferred embodiment of the present invention is according to a first aspect of the present invention obtained by a communication controller for performing data encryption and data decryption of data communication packages to be transferred in a network such as a LAN (local area network) or WAN (wide area network), the data communication package containing a first section of non-encrypted data and a second section containing encrypted data, and comprising a session key LUT unit and a transmission and encryption section comprising:
(a) a data read transmission control unit (
102
) connected to a system bus of a host system and receiving input data therefrom and communicating with said session key LUT (
186
), said session key LUT (
186
) providing a transmission encryption key for said data communication package,
(b) a data compressing unit (
118
) providing compression of a part of said input data thereby producing a compressed part of said input data contained in said second section of said data communication package,
(c) a data encryption unit (
126
) providing an encryption of said second section of said data communication package according to said transmission encryption key transferred from said session key LUT (
186
) to said data encryption unit (
126
),
(d) an integrity check value calculation unit (
122
) constituting a first series configuration from said data compression unit (
118
) intercommunicating through said integrity check value calculation unit (
122
) to said data encryption unit (
126
),
(e) a network transmission controller (
134
) providing said data communication package through a connection to said network, supplying said input data to said network in a transmission rate determined by said network transmission controller (
134
) and said network, and
(f) a first switch means (
108
) enabling switching between two modes of operation, a first mode of operation providing bypassing or disabling of said first series configuration and enabling communication between said data read transmission control unit (
102
) and said network transmission controller (
134
) for transferring said input data directly hereto and a second mode of operation enabling communication between said data read transmission control unit (
102
) through said first series configuration to said network transmission controller (
134
), said communication controller further comprising a receiving and decrypting section comprising:
(g) a LAN receiving controller (
140
) providing a connection to said network and receiving a received data communication package from said network,
(h) a data receiving control unit (
148
) receiving said received data communication package through communication with said network receiving controller (
140
), and communicating with said session key LUT (
186
), said session key LUT (
186
) providing a reception encryption key for said received data communication package,
(i) a data decompression unit (
172
) providing decompression of said second section of said received data communication package,
(j) a data decryption unit (
164
) providing a decryption of said second section of said received data communication package according to a reception encryption key transferred from said session key LUT (
186
) to said data decryption unit (
164
),
(k) an integrity check value verification unit (
168
) receiving said received data communication package from said data decryption unit (
164
), and constituting a second series configuration from said data decryption unit (
164
) intercommunicating through said integrity check value verification unit (
166
) to said data decompression unit (
172
), said integrity check value verification unit (
166
) transferring said second section of said received data communication package to said data decompression unit (
172
),
(l) a data write unit (
180
) connected to said system bus of said host system, supplying said system bus with said received data communication package, and
(m) a second switch means (
154
) enabling switching between two modes of operation, a third mode of operation providing bypassing or disabling of said second series configuration and enabling communication between said data receiving control unit (
148
) and said data write unit (
180
) for transferring said first section of said received data communication package directly hereto, and a fourth mode of operation enabling communication between said data receiving control unit (
148
) through said second series configuration to said data write unit (
180
).
By incorporating several of the functions of the communication controller, according to the first aspect of the present invention, in a single electronic circuit the time delay from one unit to the next is considerable reduced compared to time delays between discrete electronic components.
The term unit is to be understood as a
Steen Søren
Steenberg Kim
Videcrantz Peter
I-Data International A/S
Jack Todd
Jacobson Price Holman & Stern PLLC
Peeso Thomas R.
LandOfFree
Apparatus and method for performing and controlling... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus and method for performing and controlling..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for performing and controlling... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2495659