IPSec network adapter verifier
First Claim
1. A network terminal comprising:
- a network adapter that interfaces with a network and sends a transmission out to an interface of said network; and
a network adapter verifier that verifies that said transmission comprises a characteristic desired to be associated with said transmission when said network adapter is operating according to an established protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing system that supports verifiable IPSec network communication. The data processing system comprises an IPSec network adapter that connects the data processing system to an external network and provides IPSec encryption and routing of IPSec packets. The data processing system also comprises a network adapter verifier, which is a secondary network card that is utilized to verify that IPSec packets being transmitted to the external network by the IPSec network adapter have been encrypted. The network adapter verifier comprises a device driver, which caches a copy of an IP address from a generated IPSec packet prior to the packet being received by the network adapter. The network adapter verifier is connected to the external network and monitors the transmission of packets out to the network connection by the network adapter. The IP identification (ID) of the packets are compared to the captured IP address of the generated IPSec packet. When the IP address of the transmitted packet is not the same as that of the generated/cached IP address, the network adapter has failed to correctly encode the packet according to IPSec, and the transmission is thus not secure. The transmission of the stream of packets is therefore terminated.
62 Citations
23 Claims
-
1. A network terminal comprising:
-
a network adapter that interfaces with a network and sends a transmission out to an interface of said network; and
a network adapter verifier that verifies that said transmission comprises a characteristic desired to be associated with said transmission when said network adapter is operating according to an established protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for verifying that a particular communication component being transmitted from a network terminal out to an interface of a network exhibits a particular characteristic, said method comprising:
-
reading an identification (ID) from said component prior to sending said component to a network adapter of said network terminal;
dynamically determining when a characteristic exhibited by said component after said component is placed on the interface of said network by the network adapter does not reflect a characteristic desired to be associated with said component based on a transmission protocol controlling a generation and transmission of said component, wherein the determination is made after said component is placed on the interface of said network by the network adapter. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer program product, comprising:
-
a computer readable medium; and
program code on said computer readable medium for dynamically verifying that a particular communication component being transmitted from a network terminal out to an interface of a network exhibits a particular characteristic, said program code comprising code for;
reading an identification (ID) from said component prior to sending said component to a network adapter of said network terminal; and
dynamically determining when a characteristic exhibited by said component after said component is placed on the interface of said network by the network adapter does not reflect a characteristic desired to be associated with said component based on a transmission protocol controlling a generation and transmission of said component, wherein the determination is made after said component is placed on the interface of said network by the network adapter. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification