Transparent IPSec processing inline between a framer and a network component

US 20040205336A1
Filed: 04/12/2003
Published: 10/14/2004
Est. Priority Date: 04/12/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a security processor to be inline between a framer and a network processor, the security processor to process an IPsec protocol layer without terminating any other protocol layer.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for transparent processing of IPsec network traffic by a security processor in line between a framer and a network processor. Security processor parses packet header and tail information to determine if encryption or decryption is required. After encryption or decryption is completed packet header and tail information is modified to reflect the changes in the packet such as length of the packet. The modified packet is then passed on to the network processor or framer.

Citations

25 Claims

1. An apparatus comprising:
- a security processor to be inline between a framer and a network processor, the security processor to process an IPsec protocol layer without terminating any other protocol layer.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, wherein the security processor decrypts an IPsec protocol layer.
  - 3. The apparatus of claim 1, wherein the security processor creates an encrypted IPSEC protocol layer.

4. An apparatus comprising:
- a first circuit to determine a protocol type of a packet;
  
  at least one execution unit coupled to the first circuit, the at least one execution unit to decrypt an encrypted protocol layer of the packet;
  
  a second circuit to correct protocol layer data after decryption; and
  
  a third circuit coupled to second circuit to communicate with a framer.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
- - 5. The apparatus of claim 4, further comprising:
    - a fourth circuit coupled to the first circuit to determine whether a packet contains an encrypted protocol layer.
  - 6. The apparatus of claim 4, wherein the first circuit parses the packet to determine at least one level two protocol type.
  - 7. The apparatus of claim 4, wherein the first circuit parses the packet to determine at least one level three protocol type.
  - 8. The apparatus of claim 4, wherein the third circuit receives the packet from the framer.
  - 9. The apparatus of claim 4, wherein the third circuit transmits the packet from the framer.
  - 10. The apparatus of claim 4, further comprising:
    - a fourth circuit coupled to the second circuit to communicate with a network processor.
  - 11. The apparatus of claim 4, wherein the second circuit alters length data in a protocol layer.
  - 12. The apparatus of claim 4, further comprising:
    - a fifth circuit coupled to the at least one execution unit to retrieve a security association context from a memory device.

13. A method comprising:
- receiving a packet;
  
  parsing the packet to determine the level two protocol information in the packet;
  
  processing an IPsec protocol layer;
  
  altering the packet to correct header information; and
  
  sending a packet to a framer device.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the processing of the IPsec protocol layer includes. decrypting the IPsec protocol layer.
  - 15. The method of claim 13, wherein the processing of the IPsec protocol layer includes encrypting the IPsec protocol layer.

16. An apparatus comprising:
- means for receiving a packet;
  
  means for parsing the packet to determine the level two protocol information in the packet;
  
  means for processing an IPsec protocol layer;
  
  means for correcting protocol layer information after processing; and
  
  means for sending a packet to a framer device.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, further comprising:
    - means for retrieving a security association context from a memory device.
  - 18. The method of claim 16, wherein the means for correcting protocol layer information include creating level two protocol information for the packet from parsed information and information modified after processing of the IPsec protocol layer.

19. A system comprising:
- a framer device;
  
  a network processor; and
  
  a security processor couple between the framer device and the network processor, the security processor to process an IPsec protocol layer without terminating any other protocol layer.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, further comprising:
    - a memory device to store security association context data, the memory device coupled to the security processor.
  - 21. The system of claim 19, wherein the security processor decrypts the IPsec protocol layer.

22. A machine-readable medium that provides instructions, which when executed by a machine cause the machine to perform operations comprising:
- processing a packet received from a framer device to determine the type of protocol layers included in the packet;
  
  processing the packet to decrypt an IPsec protocol layer; and
  
  modifying the packet to include a decrypted IP protocol layer and protocol layer information based on the decrypted IP protocol layer.
- View Dependent Claims (23, 24, 25)
- - 23. The machine-readable medium of claim 22, wherein the modifying the packet includes generating level two protocol layer information with a length including the size of the decrypted IP protocol layer.
  - 24. The machine-readable medium of claim 22, further comprising:
    - sending a modified packet to a network processor.
  - 25. The machine-readable medium of claim 22, further comprising:
    - generating a CRC field for a modified packet including a decrypted IP protocol layer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Original Assignee
Cavium, LLC (Marvell Technology Group Limited)
Inventors
Kessler, Richard E., Hussain, Muhammad R.

Granted Patent

US 7,398,386 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/160
CPC Class Codes

H04L 63/045   wherein the sending and rec...

H04L 63/0485   Networking architectures fo...

H04L 63/164   at the network layer

Transparent IPSec processing inline between a framer and a network component

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Transparent IPSec processing inline between a framer and a network component

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links