Hybrid Java-C network appliance

US 20050132210A1
Filed: 08/02/2004
Published: 06/16/2005
Est. Priority Date: 08/01/2003
Status: Active Grant

First Claim

Patent Images

1. A method for applying security policies to data in a network, said method comprising the steps of:

1) intercepting data being transferred across the network;

2) determining that a policy to be performed can be offloaded for acceleration;

3) utilizing a Java engine to offload the data; and

4) performing a desired security function.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network appliance that runs both C and Java integrated software to provide a flexible architecture for rapid prototyping of XML security functionality, including SSL acceleration, XML encryption, XML decryption, XML signature, and XML verification, while the network appliance continues to provide high-speed performance.

Citations

26 Claims

1. A method for applying security policies to data in a network, said method comprising the steps of:
- 1) intercepting data being transferred across the network;
  
  2) determining that a policy to be performed can be offloaded for acceleration;
  
  3) utilizing a Java engine to offload the data; and
  
  4) performing a desired security function.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as defined in claim 1 wherein the method further comprises the step of utilizing a proxy engine to transparently offload the data.
  - 3. The method as defined in claim 2 wherein the method further comprises the step of performing the security function in software.
  - 4. The method as defined in claim 3 wherein the method further comprises the step of performing the security function in a C language module.
  - 5. The method as defined in claim 4 wherein the method further comprises the step of performing the security function in dedicated hardware.

6. A system for applying security policies to data in a network, said system comprised of:
- a C engine for performing offloaded functions; and
  
  a Java engine for offloading a message to the C engine for processing.
- View Dependent Claims (7)
- - 7. The system as defined in claim 6 wherein the system is further comprised of a hardware accelerator for assisting the C engine in performing security functions.

8. A method for accelerating processing of security functions in a network, said method comprising the steps of:
- 1) intercepting data being transferred across the network;
  
  2) determining that a security function to be performed can be offloaded for hardware acceleration;
  
  3) utilizing a proxy engine to transparently offload the data; and
  
  4) performing the security function in hardware.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 9. The method as defined in claim 8 wherein the method of utilizing a proxy engine further comprises the step of utilizing a Java Cryptographic Engine (JCE) to transparently offload the data to be offloaded.
  - 10. The method as defined in claim 9 wherein the method further comprises the step of entering a request in the JCE layer for a cryptographic function to be performed.
  - 11. The method as defined in claim 10 wherein the method further comprises the step of invoking Java Native Interface (JNI) hooks to function as an interface to an operating system specific programming language interface library.
  - 12. The method as defined in claim 11 wherein the method further comprises the step of invoking Java Native Interface (JNI) hooks in a JNI layer to function as an interface to a C programming language interface library.
  - 13. The method as defined in claim 12 wherein the method further comprises the step of unpacking data from the intercepted message so that the data can be manipulated in the operating system specific programming language.
  - 14. The method as defined in claim 13 wherein the method further comprises the step of marshalling the data so that the data can be transformed to a standard format.
  - 15. The method as defined in claim 14 wherein the method further comprises the step of marshalling the data in a cryptographic messaging layer.
  - 16. The method as defined in claim 15 wherein the method further comprises the step of marshalling the data so that the data can be transferred across a network having a specific network packet protocol.
  - 17. The method as defined in claim 16 wherein the method further comprises the step of transferring the data to a hardware driver.
  - 18. The method as defined in claim 17 wherein the method further comprises the step of using the hardware driver to prepare a hardware accelerator for receiving data to be cryptographically processed.
  - 19. The method as defined in claim 18 wherein the method further comprises the step of transferring the data from the hardware driver to the hardware accelerator for cryptographic processing.
  - 20. The method as defined in claim 19 wherein the method further comprises the step of selecting the type of cryptographic processing to be performed by the hardware accelerator from the group of cryptographic processes comprised of encrypting, decrypting, verification and signing.
  - 21. The method as defined in claim 20 wherein the method further comprises the step of interrupting the hardware driver when the hardware accelerator has completed its cryptographic processing of the data so that the data can be transferred to a next destination.
  - 22. The method as defined in claim 21 wherein the method further comprises the step of transferring the data from the hardware driver to the cryptographic messaging layer.
  - 23. The method as defined in claim 22 wherein the method further comprises the step of unpacking the data.
  - 24. The method as defined in claim 23 wherein the method further comprises the step of transferring the data from the cryptographic messaging layer to the JNI layer.
  - 25. The method as defined in claim 24 wherein the method further comprises the step of transforming the data in the JNI layer.
  - 26. The method as defined in claim 25 wherein the method further comprises the step of transferring the data from the JNI layer to the JCE layer through the JNI interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mamoon Yunus, Rizwan Mallal, Thomas C. Stickle
Original Assignee
Mamoon Yunus, Rizwan Mallal, Thomas C. Stickle
Inventors
Yunus, Mamoon, Mallal, Rizwan, Stickle, Thomas C.

Granted Patent

US 7,516,333 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 11/30   Monitoring

H04L 67/02   based on web technology, e....

H04L 67/34   involving the movement of s...

Hybrid Java-C network appliance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid Java-C network appliance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links