Data path security processing
First Claim
Patent Images
1. A security processing method comprising:
- receiving, by a security processor, packets from a Gigabit Ethernet network;
processing at least a portion of the received packets, the processing consisting of at least one of the group of encrypting, decrypting and authenticating; and
transmitting, from the security processor, at least one result of the processing of the at least a portion of the received packets.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods and associated systems provide secured data transmission over a data network. A security device provides security processing in the data path of a packet network. The device may include at least one network interface to send packets to and receive packets from a data network and at least one cryptographic engine for performing encryption, decryption and/or authentication operations. The device may be configured as an in-line security processor that processes packets that pass through the device as the packets are routed to/from the data network.
231 Citations
57 Claims
-
1. A security processing method comprising:
-
receiving, by a security processor, packets from a Gigabit Ethernet network;
processing at least a portion of the received packets, the processing consisting of at least one of the group of encrypting, decrypting and authenticating; and
transmitting, from the security processor, at least one result of the processing of the at least a portion of the received packets. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A security processor comprising:
-
at least one Gigabit MAC; and
at least one processor, connected to send data to and receive data from the at least one Gigabit MAC, for encrypting, decrypting or authenticating at least a portion of the data. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. An in-line security processor comprising:
-
a plurality of Gigabit MACs; and
at least one processor, connected to receive data from at least one of the Gigabit MACs and to send data to at least one of the Gigabit MACs, for encrypting, decrypting or authenticating at least a portion of the data. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A security processing system comprising:
-
at least one media access controller;
at least one security processor; and
at least one switch for distributing or collecting packets between the at least one media access controller and the at least one security processor. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A chassis-based switch comprising:
-
at least one backplane;
at least one processing blade connected to the at least one backplane, the at least one processing blade comprising at least one media access controller; and
at least one switching blade connected to the at least one backplane, the at least one switching blade comprising;
at least one security processor; and
at least one switch for routing packets between the at least one media access controller and the at least one security processor.
-
-
28. A security processing system comprising:
-
at least one media access controller for;
executing TCP operations;
generating information associated with at least one security association; and
generating at least one packet including the information; and
at least one security processor, connected to receive the at least one packet from the at least one media access controller for;
locating the at least one security association using the information; and
encrypting, decrypting or authenticating data using the security association. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A security processing system comprising:
-
at least one Ethernet controller for;
executing TCP operations and storing context information associated with the TCP operations;
generating information associated with at least one security association from the context information; and
generating at least one packet including the information associated with at least one security association; and
at least one security processor, connected to receive the at least one packet from the at least one Ethernet controller for;
locating the at least one security association using the information associated with at least one security association; and
encrypting, decrypting or authenticating data using the security association.
-
-
34. A method of configuring a security processor comprising:
-
generating configuration information;
formatting the configuration information into at least one packet; and
sending the at least one packet over a Gigabit Ethernet network to a security processor. - View Dependent Claims (35)
-
-
36. A method of configuring a security processor comprising:
-
receiving at least one packet containing configuration information over a Gigabit Ethernet network;
extracting the configuration information from the at least one packet; and
configuring a security processor using the extracted configuration information. - View Dependent Claims (37)
-
-
38. A method of configuring a security processor comprising:
-
generating at least one security association;
formatting the at least one security association into at least one packet; and
sending the at least one packet over a Gigabit Ethernet network to a security processor.
-
-
39. A method of configuring a security processor comprising:
-
receiving at least one packet containing at least one security association over a Gigabit Ethernet network;
extracting the at least one security association from the at least one packet; and
storing the extracted at least one security association.
-
-
40. A method of generating a TCP frame comprising:
generating at least one header comprising an Ethernet header and a reference to an address of a security association; and
appending the at least one header to an original TCP frame.
-
41. A method of processing a TCP frame comprising:
-
receiving a TCP frame according to an Ethernet header;
retrieving a security association from a data memory using to a reference to an address of a security association in the TCP frame; and
encrypting, decrypting or authenticating at least a portion of the TCP frame using the security association.
-
-
42. An in-line security processor comprising:
-
at least one MAC; and
at least one processor, connected to receive data from the at least one MAC and to send data to the at least one MAC, for encrypting, decrypting or authenticating at least a portion of the data. - View Dependent Claims (43, 44, 45, 46)
-
-
47. A security processing system comprising:
-
at least network controller; and
at least one security processor comprising;
at least one cryptographic processor; and
at least one MAC for sending packets to and receiving packets from the at least one network controller and for sending packets to and receiving packets from at least one network. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A security processing method comprising:
-
receiving, by a security processor, packets from a network connection;
processing at least a portion of the received packets, the processing consisting of at least one of the group of encrypting, decrypting and authenticating; and
transmitting, from the security processor, over a network connection, packets comprising at least one result of the processing of the at least a portion of the received packets.
-
Specification