Offload processing for security session establishment and control
First Claim
1. A method of improving security processing in a computing network, comprising steps of:
- providing a security offload component which performs security handshake processing; and
providing a control function in an operating system kernel for initiating operation of the security handshake processing by the security offload component.
1 Assignment
0 Petitions
Accused Products
Abstract
Improvements in security processing are disclosed which enable security processing to be transparent to the application. Security processing (such as Secure Sockets Layer, or “SSL”, or Transport Layer Security, or “TLS”) is performed in (or controlled by) the stack. A decision to enable security processing on a connection can be based on configuration data or security policy, and can also be controlled using explicit enablement directives. Directives may also be provided for allowing applications to communicate with the security processing in the stack for other purposes. Functions within the protocol stack that need access to clear text can now be supported without loss of security processing capability. No modifications to application code, or in some cases only minor modifications (such as inclusion of code to invoke directives), are required to provide this security processing. Improved offloading of security processing is also disclosed, which provides processing efficiencies over prior art offloading techniques.
-
Citations
35 Claims
-
1. A method of improving security processing in a computing network, comprising steps of:
-
providing a security offload component which performs security handshake processing; and
providing a control function in an operating system kernel for initiating operation of the security handshake processing by the security offload component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method of improving security processing in a computing network, comprising steps of:
-
providing a security offload component which performs security session establishment and control processing; and
providing a control function in an operating system kernel for initiating operation of the security establishment and control processing by the security offload component.
-
-
34. A system for improving security processing in a computing network, comprising:
-
means for performing security session establishment and control processing in a security offload component; and
means for executing a control function in an operating system kernel, thereby initiating operation of the means for performing security establishment and control processing by the security offload component.
-
-
35. A computer program product for improving security processing in a computing network, the computer program product embodied on one or more computer-readable media and comprising:
-
computer-readable program code means for performing security session establishment and control processing in a security offload component; and
computer-readable program code means for executing a control function in an operating system kernel, thereby initiating operation of the computer-readable program code means for performing security establishment and control processing by the security offload component.
-
Specification