SYSTEM FOR ACTIVELY UPDATING A CRYPTOGRAPHY MODULE IN A SECURITY GATEWAY AND RELATED METHOD
First Claim
1. A system for actively updating a cryptography module in a security gateway, the security gateway connected between a user computer system and a network system, the system comprising:
- a Web GUI for generating at least one window in the user computer system, the window having a decryption/encryption module update system to allow a user to upload a new decryption/encryption module to the security gateway by the Web GUI;
an extended library for accommodating a decryption/encryption module; and
a module update unit for actively updating a corresponding decryption/encryption module in the extended library according to the new decryption/encryption module uploaded to the security gateway or adding the uploaded decryption/encryption module into the extended library.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for actively updating a cryptography module in a security gateway and related method is used in a security gateway, such as a VPN gateway according to an IPSEC protocol, which is connected between at least one user computer system and a network system. The system includes a Web GUI, a module update unit, a defined module unit, and an extended library. A user can easily update or add decryption/encryption modules into the extended library of the gateway through the Web GUI and the module update unit instead of updating the decryption/encryption modules along with the entire kernel firmware. This can reduce the setting time, increase the efficiency of operation, reduce the maintenance cost, and promote the expansion of decryption/encryption modules of the gateway so that network transmission can become much safer.
-
Citations
17 Claims
-
1. A system for actively updating a cryptography module in a security gateway, the security gateway connected between a user computer system and a network system, the system comprising:
-
a Web GUI for generating at least one window in the user computer system, the window having a decryption/encryption module update system to allow a user to upload a new decryption/encryption module to the security gateway by the Web GUI;
an extended library for accommodating a decryption/encryption module; and
a module update unit for actively updating a corresponding decryption/encryption module in the extended library according to the new decryption/encryption module uploaded to the security gateway or adding the uploaded decryption/encryption module into the extended library. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for actively updating a cryptography module in a security gateway, the security gateway connected between a user computer system and a network system, the method comprising:
-
downloading a new decryption/encryption module to the user computer system through the network system;
starting a Web GUI of the security gateway for generating at least one window in the user computer system, the window having a decryption/encryption module update system;
selecting a decryption/encryption module from the window provided by the Web GUI;
uploading the selected decryption/encryption module to the security gateway;
a module update unit of the security gateway actively updating a corresponding decryption/encryption module in the extended library according to the uploaded decryption/encryption module or adding the uploaded decryption/encryption module into the extended library; and
updating a key exchange process in the security gateway according to an IKE protocol. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A key exchange process in a security gateway according to an IKE protocol, the key exchange process comprising:
-
(a) initiating a current IPSEC security association (SA) of the security gateway;
(b) executing an IKE phase 1;
(c) if there is no appropriate decryption/encryption module in a current library of the security gateway, selecting an appropriate decryption/encryption module from an extended library of the security gateway;
(d) executing an IKE phase 2;
(e) repeating step (c);
(f) completing the key exchange process of the IKE phase 1 and 2; and
(g) informing the kernel of the security gateway of an update to the current IPSEC SA.
-
Specification