Offload processing for secure data transfer
First Claim
1. A method of improving security processing in a computing network, comprising steps of:
- providing a security offload component which performs security processing;
providing control functions in an operating system kernel for directing operation of the security offload component;
providing an application program;
executing the application program; and
executing the provided control functions during execution of the application program, thereby selectably directing the security offload component to secure at least one communication of the executing application program.
1 Assignment
0 Petitions
Accused Products
Abstract
Improvements in security processing are disclosed which enable security processing to be transparent to the application. Security processing (such as Secure Sockets Layer, or “SSL”, or Transport Layer Security, or “TLS”) is performed in (or controlled by) the stack. A decision to enable security processing on a connection can be based on configuration data or security policy, and can also be controlled using explicit enablement directives. Directives may also be provided for allowing applications to communicate with the security processing in the stack for other purposes. Functions within the protocol stack that need access to clear text can now be supported without loss of security processing capability. No modifications to application code, or in some cases only minor modifications (such as inclusion of code to invoke directives), are required to provide this security processing. Improved offloading of security processing is also disclosed, which provides processing efficiencies over prior art offloading techniques.
-
Citations
13 Claims
-
1. A method of improving security processing in a computing network, comprising steps of:
-
providing a security offload component which performs security processing;
providing control functions in an operating system kernel for directing operation of the security offload component;
providing an application program;
executing the application program; and
executing the provided control functions during execution of the application program, thereby selectably directing the security offload component to secure at least one communication of the executing application program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for improving security processing in a computing network, comprising:
-
a security offload component which performs security processing;
at least one control function in an operating system kernel for directing operation of the security offload component;
means for executing the at least one provided control function; and
means, responsive to operation of the means for executing, for directing the security offload component to secure at least one communication of an application program.
-
-
13. A computer program product for improving security processing in a computing network, the computer program product embodied on one or more computer-readable media and comprising:
-
a security offload component which performs security processing;
at least one control function in an operating system kernel for directing operation of the security offload component;
computer-readable program code means for executing the at least one provided control function; and
computer-readable program code means, responsive to operation of the computer-readable program code means for executing, for directing the security offload component to secure at least one communication of an application program.
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsBrabson, Roy F., Overby, Linwood Hugh Jr.
-
Application NumberUS10/007,582Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/201CPC Class CodesH04L 63/0823 using certificates cryptogr...H04L 63/102 Entity profilesH04L 63/166 at the transport layer
