APPARATUS AND METHOD FOR SECURE ROUTER DEVICE
Method, systems, and devices for providing a multi-function router. A router may receive and forward data packets at a physical network interface. The router may also run a virtualized server or router using a logical network interface mapped statically or dynamically to the physical network interface.
Latest KCT HOLDINGS, LLC Patents:
- Secure internal data network communication interfaces
- APPARATUS AND METHOD FOR SELECTING AND PROVIDING NETWORK EQUIPMENT SECURITY DESIGNATIONS
- Apparatus and method for secure router device
- Apparatus and method for secure router with layered encryption
- SECURE INTERNAL DATA NETWORK COMMUNICATION INTERFACES
This application is a continuation of U.S. patent application Ser. No. 15/994,469, filed May 31, 2018, which claims the benefit of U.S. Provisional Application No. 62/513,853, filed Jun. 1, 2017 which is incorporated by reference as if fully set forth.
FIELD OF INVENTIONThe present application is directed to networking and electronic secure communication using a router.
BACKGROUNDThe concept of a router has been employed in some of the first known versions of computer networking. Routers relate to intelligent decision making for deciding where packets should be sent based on a specified protocol. A router is typically connected to a network, such as the internet or a local area network. A need may arise for a multi-function router device that provides functionality beyond what is currently available.
SUMMARYMethod, systems, and devices for providing a multi-function router. A router may receive and forward data packets at a physical network interface. The router may also run a virtualized router using a logical network interface mapped statically or dynamically to the physical network interface.
The present application is written with various examples, embodiments, scenarios, and situations that are meant to present non-limiting exemplary descriptions of the present application. Further, it is envisioned that any of the examples, embodiments, scenarios, or situations may be used separately, combined, or in any possible configuration as may be possible despite the description herein.
The router 101 may implement directly and/or indirectly various levels of security. The router 101 may be used in a Commercial Solutions for Classified (CSfC) program as instituted by the National Security Agency (NSA). CSfC provides secure solutions leveraging layered encryption solutions to provide adequate protection of classified data. The router 101 may be used as, in conjunction with, or may assist with: IPsec Virtual Private Network (VPN) Gateway, IPsec VPN Gateway, WLAN Access System, Certificate Authority, IPSec VPN Client, Wireless Local Area Network (WLAN) Client, Session Initiation Protocol (SIP) Server, Mobile Platform, Mobile Device Management (MDM), Software Full Drive Encryption (SW FDE), Hardware Full Drive Encryption, VoIP Applications, Transport Layer Security (TLS) Software Applications; E-mail Clients; Internet Protocol Security (IPS), Traffic Filtering Firewall, Web Browsers, File Encryption, TLS Protected Servers, Session Border Controller, Authentication Server, Medium Access Control Security (MACSEC) Ethernet Encryption Devices, and/or Virtualized Servers.
In one embodiment the router 101 may run a first IPSEC VPN alongside a second virtualized IPSEC VPN thereby providing two functions in one device that reduces costs and increases efficiency of one device solution. In this embodiment the first IPSEC VPN may be mapped to a first set of networking ports of a PNI 105 of the router 101 and the second virtualized IPSEC VPN may be mapped to a second set of networking ports of the PNI 105 of the router 101.
In another embodiment a router 101 may host software to facilitate network access to an eNodeB (eNB) that results in two functionalities in one hardware solution in support of network access to an eNodeB.
Claims
1. A device comprising:
- a processor configured to run a first virtual machine, wherein the first virtual machine is configured to establish a first IP security (IPSEC) Virtual Private Network (VPN) and receive data, apply a first encryption to the data thereby generating one-layer encrypted data, and send the one-layer encrypted data to a first set of ports; and
- the processor is further configured to run a second virtual machine, wherein the second virtual machine is configured to establish a second IPSEC VPN and receive the one-layer encrypted data at the first set of ports, apply a second encryption to the one-layer encrypted data thereby generating two-layer encrypted data, and send the two-layer encrypted data to a second set of ports.
2. The device of claim 1, wherein the processor is further configured to run Router Firmware Virtualization Infrastructure (RFVI) for the first virtual machine or the second virtual machine.
3. The device of claim 1, wherein the device sends the two-layer encrypted data connected over the internet to a remote second device via the second set of ports.
4. The device of claim 1, wherein the device receives the data from an external source, or an internal source, wherein the external source comprises a computer, a laptop, a tablet, a cell phone, a cellular base station, wherein the internal source includes a keyboard of the device, a USB port of the device, or a network port of the device.
5. The device of claim 1, wherein the device comprises a set of physical ports mapped to a set of logical ports, wherein the mapping is static or dynamic.
6. The device of claim 1, wherein the first virtual machine or the second virtual machine implements a virtual server, router, or switch to control the sending and receiving of any data.
7. The device of claim 1, wherein the device is a laptop, a computer, a smartphone, or a tablet.
8. The device of claim 1, wherein a set of physical ports includes the first set of ports, wherein a set of logical ports includes the second set of ports.
9. The device of claim 1, wherein the first set of ports include a wired connection and the second set of ports include a wireless connection.
10. The device of claim 1, wherein the device is a component of an apparatus, wherein the apparatus is a laptop, a computer, a smartphone, or a tablet.
11. A method implemented by a device, the method comprising:
- establishing, by a first virtual machine running on the device, a first IP security (IPSEC) Virtual Private Network (VPN) and receive data;
- applying, by the first virtual machine running on the device, a first encryption to the data thereby generating one-layer encrypted data;
- sending, by the first virtual machine running on the device, the one-layer encrypted data to a first set of ports;
- establishing, by a second virtual machine running on the device, a second IPSEC VPN and receive the one-layer encrypted data at the first set of ports,
- applying, by the second virtual machine running on the device, a second encryption to the one-layer encrypted data thereby generating two-layer encrypted data, and
- sending, by the second virtual machine running on the device, the two-layer encrypted data to a second set of ports.
12. The method of claim 11, wherein the processor is further configured to run Router Firmware Virtualization Infrastructure (RFVI) for the first virtual machine or the second virtual machine.
13. The method of claim 11, wherein the device sends the two-layer encrypted data connected over the internet to a remote second device via the second set of ports.
14. The method of claim 11, wherein the device receives the data from an external source, or an internal source, wherein the external source comprises a computer, a laptop, a tablet, a cell phone, a cellular base station, wherein the internal source includes a keyboard of the device, a USB port of the device, or a network port of the device.
15. The method of claim 11, wherein the device comprises a set of physical ports mapped to a set of logical ports, wherein the mapping is static or dynamic.
16. The method of claim 11, wherein the first virtual machine or the second virtual machine implements a virtual server, router, or switch to control the sending and receiving of any data.
17. The method of claim 11, wherein the device is a laptop, a computer, a smartphone, or a tablet.
18. The method of claim 11, wherein a set of physical ports includes the first set of ports, wherein a set of logical ports includes the second set of ports.
19. The method of claim 11, wherein the first set of ports include a wired connection and the second set of ports include a wireless connection.
20. The method of claim 11, wherein the device is a component of an apparatus, wherein the apparatus is a laptop, a computer, a smartphone, or a tablet.
Type: Application
Filed: Dec 10, 2021
Publication Date: Jul 7, 2022
Applicant: KCT HOLDINGS, LLC (Turnersville, NJ)
Inventor: Keiron Christopher TOMASSO (Turnersville, NJ)
Application Number: 17/547,960