US 12,088,569 B1
Protocol free encrypting device
Joshua E. Cline, Edgewater, MD (US); Dan A. DeVries, Brooklyn, MD (US); William J. Layton, Sykesville, MD (US); Zachary Smith, Severn, MD (US); Brendan S. Surrusco, Highland, MD (US); Andrew H. White, Catonsville, MD (US); David F. Wiecek, Ft. George G. Meade, MD (US); and Mitchell E. Buchman, Hanover, MD (US)
Assigned to Government of the United States as represented by the National Security Agency
Filed by The Government of the United States as represented by the Director, National Security Agency, Ft. George G. Meade, MD (US)
Filed on Jan. 23, 2023, as Appl. No. 18/100,312.
Application 18/100,312 is a continuation of application No. 17/200,468, filed on Mar. 12, 2021, granted, now 11,588,798.
Claims priority of provisional application 62/988,484, filed on Mar. 12, 2020.
Int. Cl. H04L 9/40 (2022.01); G06F 21/60 (2013.01); H04L 45/74 (2022.01); H04W 28/06 (2009.01)
CPC H04L 63/0471 (2013.01) [G06F 21/602 (2013.01); H04L 45/74 (2013.01); H04L 63/0272 (2013.01); H04W 28/06 (2013.01)] 3 Claims
OG exemplary drawing
 
1. A hub and spoke system of encrypting devices, for transmitting packets between trusted devices over an untrusted network comprising:
an untrusted router, a plurality of server-side encrypting devices and a trusted router hosted on a trusted network server; and
a plurality of client-side encrypting devices each in communication with a trusted device via a trusted interconnect and in communication with an untrusted network;
wherein each client-side encrypting device comprises,
an encryption unit, including a first passive interface for connection to the trusted interconnect and a second passive interface; and
a communications unit having a passive and an active interface, the communication unit paired with a communications unit of a paired server-side encrypting device via the untrusted network and the active interface;
wherein each server-side encrypting device comprises,
an encryption unit, including a first passive interface in communication with the trusted router and a second passive interface; and
a communications unit paired with a communications unit of a paired client-side encrypting device and linked with the second passive interface of the encryption unit via a connectionless interconnect, the communications unit having an active interface for communication with the untrusted network via the untrusted router;
wherein the encryption unit of each client-side encrypting device and each server-side encrypting device, encrypts a native packet received at said first passive network interface using a encryption key and adds a connectionless header to the encrypted native packet to form an outgoing connectionless datagram, and receives an incoming connectionless datagram including an encrypted native packet at said second passive interface and decrypts said encrypted native packet using said encryption key; and
wherein the communications unit of each client-side encrypting device and each server side encrypting device receives an outgoing connectionless datagram, adds a complex header to form a packet for delivery to the paired encrypting device via the active interface, receives a packet including an encrypted native packet and a complex header from the paired encrypting device via an active interface, removes the complex header from said packet, and adds a connectionless header to form a connectionless datagram including an encrypted native packet to be sent to the encryption unit via the passive interface.