System and method for managing security packet processing
First Claim
Patent Images
1. A processing system comprising:
- a security engine to process inbound and outbound security packets received from a network processor; and
a processor to execute a software stack comprising a policy manager and a security manager, the policy manager to at least administer a security policy database (SPD), the security manager to allocate memory for the security engine.
1 Assignment
0 Petitions
Accused Products
Abstract
An IPSec packet processing system includes an IPSec manager to interface with an IPSec engine, to manage memory and to handle exceptions associated with IPSec packet processing. The IPSec manager may be a software module operating as part of a software stack on a host processor while the IPSec engine may perform IPSec packet processing. The IPSec manager may also initiate the negotiation of new keys, send ICMP messages for PMTU violations and log entries for exceptions.
190 Citations
51 Claims
-
1. A processing system comprising:
-
a security engine to process inbound and outbound security packets received from a network processor; and
a processor to execute a software stack comprising a policy manager and a security manager, the policy manager to at least administer a security policy database (SPD), the security manager to allocate memory for the security engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A security management system comprising:
-
a policy manager to establish security association database (SAD) entries from configuration information defining a number of security associations; and
a security manager to parse the SAD entries into an SA packet processing block and an SA key information block for use by a security engine. - View Dependent Claims (11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46, 48, 50, 51)
-
-
15. A method of managing security packet processing with a security manager, the method comprising:
-
allocating memory to a security processing system for packet processing; and
performing exception logging associated with security packet processing.
-
-
35. A method of managing security associations (SA) for processing security packets comprising:
-
establishing security association database (SAD) entries from configuration information defining security associations;
generating an SAD free memory list to include entries identifying memory available for the SAD entries; and
removing an entry from the SAD free memory list when an SAD entry is established.
-
-
39. A computer readable medium having program instructions stored thereon for managing security packet processing that when executed within a digital processing device, result in:
-
allocating memory for security packet processing by a security processing system; and
performing exception logging associated with security packet processing.
-
-
47. A processing engine comprising:
-
a streaming interface to receive inbound and outbound security packets for security processing;
a crypto-engine to process the security packets; and
a communication interface to interface with memory allocated to the processing engine.
-
-
49. A security packet processing system comprising:
-
memory to store a software stack comprising a policy manager and a security manager; and
a processor to execute the software stack, wherein when executed, the policy manager to at least administer a security policy database (SPD), the security manager to allocate memory for a security engine for processing inbound and outbound security packets.
-
Specification