Adaptive data security system and method
First Claim
1. A send host employing adaptive security, comprising:
- a processor coupled to a data bus;
a memory coupled to the data bus;
an input device coupled to the data bus to input a desired security configuration for a data stream to be communicated to a receive host;
an output device coupled to the data bus to display an actual security configuration for the data stream, the actual security configuration being received from the receive host; and
adaptive security logic stored on the memory and executable by the processor, the adaptive security logic including logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block with an authentication header containing the actual security configuration and a signature, the actual security configuration being based upon a number of available security operations in the receive host.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for data communication with adaptive security in which a send host transmits a data stream to a receive host in packets which contain an authentication data block with an authentication header and a signature block. The authentication header advantageously contains various fields including a verification type, a security algorithm, a minimum security level, a target security level, and an actual security level. The receive host adaptively performs verification of the data packets using varying security levels based in part on the availability of security operations per second (SOPS) in the receive host. Where a data stream in the receive host is delayed by a security processing bottleneck, the receive host may alter the verification type, security algorithm, or the actual security level to speed up the processing of the data stream by reducing the amount of security processing performed. The receive host further allocates the SOPS among the data streams received based on a priority assigned to each data stream.
134 Citations
34 Claims
-
1. A send host employing adaptive security, comprising:
-
a processor coupled to a data bus; a memory coupled to the data bus; an input device coupled to the data bus to input a desired security configuration for a data stream to be communicated to a receive host; an output device coupled to the data bus to display an actual security configuration for the data stream, the actual security configuration being received from the receive host; and adaptive security logic stored on the memory and executable by the processor, the adaptive security logic including logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block with an authentication header containing the actual security configuration and a signature, the actual security configuration being based upon a number of available security operations in the receive host. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A send host employing adaptive security, comprising:
-
a processor coupled to a data bus; a memory coupled to the data bus; an input device coupled to the data bus to input a desired security configuration for a data stream to be communicated to a receive host; an output device coupled to the data bus to display an actual security configuration for the data stream, the actual security configuration being received from the receive host; and adaptive security logic stored on the memory and executable by the processor, the adaptive security logic including; logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block with an authentication header containing the actual security configuration and a signature; and security thermostat logic to control an actual security level, the actual security level being included in the authentication header.
-
-
7. A send host employing adaptive security, comprising:
-
a processor coupled to a data bus; a memory coupled to the data bus; an input device coupled to the data bus to input a desired security configuration for a data stream to be communicated to a receive host; an output device coupled to the data bus to display an actual security configuration for the data stream, the actual security configuration being received from the receive host; and adaptive security logic stored on the memory and executable by the processor, the adaptive security logic including; logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block with an authentication header containing the actual security configuration and a signature; and logic to place a minimum security level in the authentication header.
-
-
8. A send host employing adaptive security, comprising:
-
a processor coupled to a data bus; a memory coupled to the data bus; an input device coupled to the data bus to input a desired security configuration for a data stream to be communicated to a receive host; an output device coupled to the data bus to display an actual security configuration for the data stream, the actual security configuration being received from the receive host; and adaptive security logic stored on the memory and executable by the processor, the adaptive security logic including logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block with an authentication header containing the actual security confirmation and a signature, wherein the desired security configuration comprises a desired verification type, a minimum security level, a target security level, a security algorithm, and an actual security level.
-
-
9. A receive host employing adaptive security, comprising:
-
a processor coupled to a data bus; a memory coupled to the data bus; a data communications interface coupled to the data bus, the data communications interface being configured to receive at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature; and adaptive security logic stored on the memory and executable by the processor, the adaptive security logic including logic including; logic to decompose the authentication header in the data packets; logic to perform a variable percentage verification on the data packets from the data stream; and logic to determine an actual verification percentage performed based on a number of available security operations in the receive host, a minimum security level, and a target security level, the minimum security level and the target security level being contained in the authentication header. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A send host employing adaptive security, comprising:
-
means for inputting a desired security configuration for a data stream to be communicated to a receive host; means for displaying the desired security configuration and an actual security configuration for the data stream, the actual security configuration being received from the receive host; and means for generating a plurality of data packets associated with the data stream, the data packets including a data block and an authentication data block having an authentication header containing the actual security configuration and a signature the actual security configuration being based upon a number of available security operations in the receive host.
-
-
16. A receive host employing adaptive security, comprising:
-
means for receiving at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature; means for decomposing the authentication header in the data packets; means for performing a percentage based verification on the data packets from the data stream;
means for determining an actual security level performed based on a number of available security operations, a minimum security level, and a target security level, and a desired actual security level, the minimum security level and the target security level being contained in the authentication header; andmeans for communicating the actual security level to a send host. - View Dependent Claims (17, 18)
-
-
19. A method for communicating a data stream employing adaptive security, comprising the steps of:
-
identifying a desired verification type, a desired security algorithm, a minimum security level, a target security level, and a desired actual security level in a send host for communicating a data stream from the send host to a receive host; determining an actual verification type, an actual security algorithm, and an actual security level in the receive host based on the desired verification type, desired security algorithm, minimum security level, target security level, and a number of available security operations; communicating the actual verification type, the actual security algorithm, and the actual security level from the receive host to the send host; generating a plurality of data packets associated with the data stream in the send host, the data packets having an authentication data block with an authentication header, the authentication header containing the actual verification type, actual security algorithm, minimum security level, the target security level, and the actual security level; verifying the data packets using percentage based verification if the actual verification type is percentage based verification, the percentage based verification being performed at the actual security level which is greater than or equal to the minimum security level and less than or equal to the target security level; and performing a delayed verification on the data packets if the actual verification type is delayed verification. - View Dependent Claims (20, 21)
-
-
22. A computer program embodied on a computer-readable medium for operation in a send host to facilitate data communication with adaptive security, comprising:
-
logic to input a desired security configuration for a data stream to be communicated to a receive host; logic to display a desired security configuration and an actual security configuration for the data stream, the actual security configuration being received from the receive host; and logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block having an authentication header containing the actual security configuration and a signature, the actual security configuration being based upon a number of available security operations in the receive host.
-
-
23. A computer program embodied on a computer-readable medium for operation in a receive host to facilitate data communication with adaptive security, comprising:
-
logic to receive at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature; logic to decompose the authentication header in the data packets; logic to perform a percentage based verification on the data packets from the data stream; logic to determine an actual security level performed based on a number of available security operations in a receive host, a minimum security level, and a target security level, the minimum security level and the target security level being contained in the authentication header; and logic to communicate the actual security level to a send host. - View Dependent Claims (24, 25)
-
-
26. A computer program embodied in a modulated data signal for transmission across a network, the computer program being for operation in a send host to facilitate data communication with adaptive security, comprising:
-
logic to input a desired security configuration for a data stream to be communicated to a receive host; logic to display the desired security configuration and an actual security configuration for the data stream, the actual security configuration being received from the receive host; and logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block having an authentication header containing the actual security configuration and a signature, the actual security configuration being based upon a number of available security operations in the receive host.
-
-
27. A computer program embodied in a modulated data signal for transmission across a network, the computer program being for operation in a receive host to facilitate data communication with adaptive security, comprising:
-
logic to receive at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature; logic to decompose the authentication header in the data packets; logic to perform a percentage based verification on the data packets from the data stream; logic to determine an actual security level performed based on a number of available security operations, a minimum security level, and a target security level, the minimum security level, the target security level being contained in the authentication header; and logic to communicate the actual security level to a send host. - View Dependent Claims (28, 29)
-
-
30. A send host employing adaptive security, comprising:
-
logical circuitry to input a desired security configuration for a data stream to be communicated to a receive host; logical circuitry to receive an actual security configuration for the data stream, the actual security configuration being received from the receive host, the actual security configuration being based upon a number of available security operations in the receive host; and logical circuitry to generate a plurality of data packets associated with the data stream, the data packets including a data block and an authentication data block having an authentication header containing the actual security configuration and a signature.
-
-
31. A receive host employing adaptive security, comprising:
-
logical circuitry to receive at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature; logical circuitry to decompose the authentication header in the data packets; logical circuitry to perform a percentage based verification on the data packets from the data stream; logical circuitry to determine an actual security level performed based on a number of available security operations, a minimum security level, and a target security level, and a desired actual security level, the minimum security level and the target security level being contained in the authentication header; and logical circuitry to communicate the actual security level to a send host.
-
-
32. A receive host employing adaptive security, comprising:
-
a processor coupled to a data bus; a memory coupled to the data bus; and a data communications interface electrically coupled to the data bus, the data communications interface being configured to receive at least one data stream comprising a number of data packets; adaptive security logic stored on the memory and executable by the processor, the adaptive security logic including; logic to determine a number of available security operations in the receive host; and logic to allocate the number of available security operations in the receive host to perform a verification of a number of the data packets in the at least one data stream. - View Dependent Claims (33, 34)
-
Specification