System and method of transmitting encrypted packets through a network access point

Abstract

A method and system for network communication efficiently transmits encrypted packets from a sending host on an external network to a receiving host on an intranet through a network access point (NAP) of the intranet. A packet to be sent by the sending host on the external network is constructed with the external network address of the NAP as the destination address of the packet. The intranet address of the receiving host is also included in the packet in the non-encrypted form and is used in the calculation of the cryptographic hash or the like that is included in the packet for authentication purposes. The encrypted packet is then routed to the NAP through the external network. When the NAP receives the packet, it strips the intranet address of the receiving host from the packet and uses that address to replace the original destination address in the packet. The NAP then forwards the modified packet to the receiving host. Because the NAP does not have to decrypt the packet, encrypted packets can quickly go through the NAP. When receiving host receives the modified packet, it decrypts the packet and authenticates it. Because the destination address in the modified packet is the same address used in calculating the cryptographic hash of the packet, the packet should be deemed valid by the receiving host.