| 发明名称 |
COMMUNICATION DEVICE FOR IMPLEMENTING SELECTIVE ENCRYPTION IN A SOFTWARE DEFINED NETWORK |
| 摘要 |
The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message. |
| 申请公布号 |
US2017026349(A1) |
申请公布日期 |
2017.01.26 |
| 申请号 |
US201514803755 |
申请日期 |
2015.07.20 |
| 申请人 |
Schweitzer Engineering Laboratories, Inc. |
发明人 |
Smith Rhett;Grussling Barry Jakob |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A communication device configured to selectively encrypt a data flow in a software defined network (SDN), the communication device comprising:
a data bus; a communication interface in communication with the data bus, the communication interface configured to receive a plurality of unencrypted data flows comprising a plurality of unencrypted data packets; an SDN controller communication subsystem in communication with the data bus and configured to:
receive from an SDN controller a first criterion used to identify at least one of the unencrypted data flows to be encrypted; an encryption subsystem configured to generate an encrypted data payload from an unencrypted data payload based on an encryption key; a packet processing subsystem configured to:
parse each packet in the identified unencrypted data flow to extract unencrypted routing information and an unencrypted data payload;pass the unencrypted data payload to the encryption subsystem;receive the encrypted data payload from the encryption subsystem;generate a substitute packet comprising the unencrypted routing information and the encrypted data payload;transmit the substitute packet using the unencrypted routing information via the communication interface. |
| 地址 |
Pullman WA US |
