Communication method and apparatus
US-2024224039-A1 · Jul 4, 2024 · US
System and method for multi-PHY based MACsec over secure tunnels
US12470532B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12470532-B2 |
| Application number | US-202418594727-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 4, 2024 |
| Priority date | Jan 2, 2024 |
| Publication date | Nov 11, 2025 |
| Grant date | Nov 11, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an embodiment, a method includes receiving a data packet and generating an optimized security tag based on a standard security tag by replacing an 8-byte optional secure channel identifier (SCI) of the standard security tag with 32 most significant bits of a 4 packet number, a 2-byte MAC Security Entities (SecY) engine identifier, and a 2-byte short SCI. The method further includes encrypting the data packet and transmitting the encrypted data packet comprising the optimized security tag to an electronic device.
First claim
Opening claim text (preview).
What is claimed is: 1 . A first electronic device, comprising: one or more processors; and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the first electronic device to perform operations comprising: receiving, by the first electronic device, a data packet; generating, by the first electronic device, an optimized security tag based on a standard security tag by replacing an 8-byte optional secure channel identifier (SCI) of the standard security tag with 32 most significant bits of a packet number, a 2-byte MAC Security Entities (SecY) engine identifier, and a 2-byte short SCI; encrypting, by the first electronic device, the data packet; and transmitting, by the first electronic device, the encrypted data packet comprising the optimized security tag to a second electronic device. 2 . The first electronic device of claim 1 , wherein: the first electronic device comprises a plurality of first physical ports; and transmitting the data packet is via any one of the plurality of first physical ports. 3 . The first electronic device of claim 2 , wherein: the second electronic device comprises a plurality of second physical ports; and the encrypted data packet is to be received at any one of the plurality of second physical ports. 4 . The first electronic device of claim 3 , wherein the 32 most significant bits of the packet number and 32 least significant bits of the packet number are accessible by any one of the plurality of second physical ports for decrypting the encrypted data packet. 5 . The first electronic device of claim 3 , wherein the 32 most significant bits of the packet number and 32 least significant bits of the packet number are accessible by any one of the plurality of second physical ports for decrypting the encrypted data packet without packet number synchronization between the plurality of second physical ports. 6 . The first electronic device of claim 3 , wherein the plurality of first physical ports and the plurality of second physical ports communicate via a plurality secure tunnels. 7 . The first electronic device of claim 3 , the operations further comprising: generating, by the first electronic device, a security association to be shared among the plurality of second physical ports. 8 . The first electronic device of claim 3 , wherein the standard security tag comprises 16-byte data field comprising at least 32 least significant bits of the packet number and the 8-byte optional SCI. 9 . The first electronic device of claim 8 , wherein the packet number comprises the 32 least significant bits of the packet number and the 32 most significant bits of the packet number, and wherein the operations further comprise: decoupling the packet number from the security association by maintaining the packet number in a per-tunnel PN table keyed on the short SCI and an association number. 10 . The first electronic device of claim 1 , wherein the standard security tag and the optimized security tag have a same size. 11 . A method, comprising: receiving, by a first electronic device, a data packet; generating, by the first electronic device, an optimized security tag based on a standard security tag by replacing an 8-byte optional secure channel identifier (SCI) of the standard security tag with 32 most significant bits of a packet number, a 2-byte MAC Security Entities (Sec Y) engine identifier, and a 2-byte short SCI; encrypting, by the first electronic device, the data packet; and transmitting, by the first electronic device, the encrypted data packet comprising the optimized security tag to a second electronic device. 12 . The method of claim 11 , wherein: the first electronic device comprises a plurality of first physical ports; and transmitting the data packet is via any one of the plurality of first physical ports. 13 . The method of claim 12 , wherein: the second electronic device comprises a plurality of second physical ports; and the encrypted data packet is to be received at any one of the plurality of second physical ports. 14 . The method of claim 13 , wherein the 32 most significant bits of the packet number and 32 least significant bits of the packet number are accessible by any one of the plurality of second physical ports for decrypting the encrypted data packet. 15 . The method of claim 13 , wherein the 32 most significant bits of the packet number and 32 least significant bits of the packet number are accessible by any one of the plurality of second physical ports for decrypting the encrypted data packet without packet number synchronization between the plurality of second physical ports. 16 . The method of claim 13 , further comprising: generating, by the first electronic device, a security association to be shared among the plurality of second physical ports. 17 . The method of claim 11 , wherein the standard security tag and the optimized security tag have a same size. 18 . A non-transitory computer-readable medium comprising instructions that are configured, when executed by a processor, to: receive, by a first electronic device, a data packet; generate, by the first electronic device, an optimized security tag based on a standard security tag by replacing an 8-byte optional secure channel identifier (SCI) of the standard security tag with 32 most significant bits of a packet number, a 2-byte MAC Security Entities (Sec Y) engine identifier, and a 2-byte short SCI; encrypt, by the first electronic device, the data packet; and transmit, by the first electronic device, the encrypted data packet comprising the optimized security tag to a second electronic device. 19 . The non-transitory computer-readable medium of claim 18 , wherein: the second electronic device comprises a plurality of second physical ports; and the encrypted data packet is to be received at any one of the plurality of second physical ports. 20 . The non-transitory computer-readable medium of claim 19 , further comprising instructions that are configured, when executed by a processor, to: generate, by the first electronic device, a security association to be shared among the plurality of second physical ports.
Assignees
Inventors
Classifications
- H04L63/029Primary
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
at the network layer · CPC title
at the data link layer · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
- H04L63/0485Primary
Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12470532B2 cover?
- In an embodiment, a method includes receiving a data packet and generating an optimized security tag based on a standard security tag by replacing an 8-byte optional secure channel identifier (SCI) of the standard security tag with 32 most significant bits of a 4 packet number, a 2-byte MAC Security Entities (SecY) engine identifier, and a 2-byte short SCI. The method further includes encryptin…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/029. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).