Method and system for security protocol partitioning and virtualization
First Claim
1. A method for implementing a security protocol, comprising:
- receiving a packet from a network connection;
obtaining an identifier for one of a plurality of security association database (SADB) partitions associated with the packet, wherein each of the plurality of SADB partitions is associated with one of a plurality of packet destinations;
applying a security association from the one of the plurality of SADB partitions to the packet; and
sending the packet to the one of the plurality of packet destinations associated with the SADB partition,wherein the packet is processed at the one of the plurality of packet destinations.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for implementing a security protocol, involving receiving a packet from a network connection, obtaining an identifier for one of a plurality of security association database (SADB) partitions associated with the packet, wherein each of the plurality of SADB partitions is associated with one of a plurality of packet destinations, applying a security association from the one of the plurality of SADB partitions to the packet, and sending the packet to the one of the plurality of packet destinations associated with the SADB partition, wherein the packet is processed at the one of the plurality of packet destinations.
-
Citations
20 Claims
-
1. A method for implementing a security protocol, comprising:
-
receiving a packet from a network connection; obtaining an identifier for one of a plurality of security association database (SADB) partitions associated with the packet, wherein each of the plurality of SADB partitions is associated with one of a plurality of packet destinations; applying a security association from the one of the plurality of SADB partitions to the packet; and sending the packet to the one of the plurality of packet destinations associated with the SADB partition, wherein the packet is processed at the one of the plurality of packet destinations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network interface card, comprising:
-
a cryptographic offload engine; and a plurality of security association database (SADB) partitions associated with the cryptographic offload engine, wherein each of the plurality of SADB partitions is associated with one of a plurality of packet destinations, and wherein the cryptographic offload engine is configured to; receive a packet from a network connection, wherein the packet is encrypted using a security protocol; obtain an identifier for one of the plurality of security association database (SADB) partitions associated with the packet; apply a security association from the one of the plurality of SADB partitions to the packet to obtain a decrypted packet; and send the decrypted packet to the one of the plurality of packet destinations associated with the SADB partition. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer readable medium comprising software instructions to perform a method, the method comprising:
-
receiving a packet from a network connection; obtaining an identifier for one of a plurality of security association database (SADB) partitions associated with the packet, wherein each of the plurality of SADB partitions is associated with one of a plurality of packet destinations; applying a security association from the one of the plurality of SADB partitions to the packet; and sending the packet to the one of the plurality of packet destinations associated with the SADB partition, wherein the packet is processed at the one of the plurality of packet destinations. - View Dependent Claims (19, 20)
-
Specification