CENTRALIZED SECURE OFFLOAD OF CRYPTOGRAPHIC SECURITY SERVICES FOR DISTRIBUTED SECURITY ENFORCEMENT POINTS
First Claim
1. A network data processing system configured for centralized secure offload of cryptographic security services for distributed security enforcement points, the system comprising:
- a security enforcement point controlling communication flows between devices in different less trusted zones of protection; and
,a security server communicatively coupled to the security enforcement point and hosting cryptographic security services disposed in a more trusted zone of protection,the security enforcement point comprising an interface to the cryptographic security services and program code enabled to offload at least one portion of a cryptographic security operation through the interface to cryptographic security services disposed in the more trusted zone of protection.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention address deficiencies of the art in respect to network security and provide a method, system and computer program product for centralized secure offload of key exchange services for distributed security enforcement points. In one embodiment, a data processing system for centralized secure offload of key exchange services for distributed security enforcement points can be provided. The system can include a security enforcement point controlling communication flows between devices in different less trusted zones of protection, and a security server communicatively coupled to the security enforcement point and hosting key exchange services disposed in a more trusted zone of protection. The security enforcement point can include an interface to the key exchange services and program code enabled to offload at least one portion of a key exchange through the interface to the key exchange services disposed in the more trusted zone of protection.
-
Citations
18 Claims
-
1. A network data processing system configured for centralized secure offload of cryptographic security services for distributed security enforcement points, the system comprising:
-
a security enforcement point controlling communication flows between devices in different less trusted zones of protection; and
,a security server communicatively coupled to the security enforcement point and hosting cryptographic security services disposed in a more trusted zone of protection, the security enforcement point comprising an interface to the cryptographic security services and program code enabled to offload at least one portion of a cryptographic security operation through the interface to cryptographic security services disposed in the more trusted zone of protection. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for centralized secure offload of cryptographic security services for distributed security enforcement points, the method comprising:
-
initiating a key exchange in a less trusted zone of protection with a responder; offloading a portion of the key exchange to logic disposed in a more trusted zone of protection; and
,completing the key exchange in the less trusted zone of protection. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product comprising a computer usable medium embodying computer usable program code for centralized secure offload of cryptographic security services for distributed security enforcement points, the computer program product including:
-
computer usable program code for initiating a key exchange in a less trusted zone of protection with a responder; computer usable program code for offloading a portion of the key exchange to logic disposed in a more trusted zone of protection; and
,computer usable program code for completing the key exchange in the less trusted zone of protection. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification