System and method for distributing security processing functions for network applications
First Claim
1. A network gateway device comprising:
- a network physical interface for receiving and transmitting data and for receiving packets for transmission and forwarding packets from received data; and
a packet processor hosting a security association (SA) used for encryption and decryption for communication with a network peer and including;
an ingress processing security subsystem with a decryption processor for decrypting packets; and
an egress processing security subsystem for encrypting packets, one or both of said ingress processing security subsystem and said egress processing security subsystem receiving one or both of ingress and egress SAs.
0 Assignments
0 Petitions
Accused Products
Abstract
A network gateway device is provided with a network physical interface for receiving and transmitting data and for receiving packets for transmission and forwarding packets from received data. A packet processor is provided that provides for a key exchange and hosts a security association (SA) used for encryption and decryption for communication with a network peer. The packet processor includes an ingress processing security subsystem with a decryption processor for decrypting packets and an egress processing security subsystem for encrypting packets. One or both of the ingress processing security subsystem and the egress processing security subsystem receiving one or both of ingress and egress SAs. The packet processor may include a processor subsystem for handling key exchanges and for distributing SAs to the ingress processing security subsystem and the egress processing security subsystem. As an alternative, the ingress processing security subsystem and the egress processing security subsystem may host a security association (SA) used for encryption and decryption for communication with a network peer. One of the ingress processing security subsystem and the egress processing security subsystem distributes at least one of an ingress and an egress SA to the other of the ingress processing security subsystem and the egress processing security subsystem.
-
Citations
25 Claims
-
1. A network gateway device comprising:
-
a network physical interface for receiving and transmitting data and for receiving packets for transmission and forwarding packets from received data; and
a packet processor hosting a security association (SA) used for encryption and decryption for communication with a network peer and including;
an ingress processing security subsystem with a decryption processor for decrypting packets; and
an egress processing security subsystem for encrypting packets, one or both of said ingress processing security subsystem and said egress processing security subsystem receiving one or both of ingress and egress SAs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A process for secure communication between network entities, the process comprising the steps of:
-
providing a device with a network interface and physical connection with a packet processing system including an ingress processing subsystem and an egress processing subsystem;
making a key exchange between the network entity and the other network entity and hosting a security association upon completion of the key exchange in association with a processing entity of the packet processing system, the security association including information as to authentication, encryption and changing of keys;
extracting data derived from the security association;
sending a message from a processing entity hosting the security association to one or both of said ingress processing subsystem and said egress processing subsystem to provide a security association at the processing subsystems. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification