Adaptive data security system and method
First Claim
1. A send host employing adaptive security, comprising:
- a processor coupled to a data bus;
a memory coupled to the data bus;
an input device coupled to the data bus to input a desired security configuration for a data stream to be communicated to a receive host;
an output device coupled to the data bus to display an actual security configuration for the data stream, the actual security configuration being received from the receive host; and
adaptive security logic stored on the memory, the adaptive security logic including logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block with an authentication header containing the actual security configuration and a signature.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for data communication with adaptive security in which a send host transmits a data stream to a receive host in packets which contain an authentication data block with an authentication header and a signature block. The authentication header advantageously contains various fields including a verification type, a security algorithm, a minimum security level, a target security level, and an actual security level. The receive host adaptively performs verification of the data packets using varying security levels based in part on the availability of security operations per second (SOPS) in the receive host. Where a data stream in the receive host is delayed by a security processing bottleneck, the receive host may alter the verification type, security algorithm, or the actual security level to speed up the processing of the data stream by reducing the amount of security processing performed. The receive host further allocates the SOPS among the data streams received based on a priority assigned to each data stream.
-
Citations
31 Claims
-
1. A send host employing adaptive security, comprising:
-
a processor coupled to a data bus;
a memory coupled to the data bus;
an input device coupled to the data bus to input a desired security configuration for a data stream to be communicated to a receive host;
an output device coupled to the data bus to display an actual security configuration for the data stream, the actual security configuration being received from the receive host; and
adaptive security logic stored on the memory, the adaptive security logic including logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block with an authentication header containing the actual security configuration and a signature. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A receive host employing adaptive security, comprising:
-
a processor coupled to a data bus;
a memory coupled to the data bus;
a data communications interface coupled to the data bus, the data communications interface being configured to receive at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature;
adaptive security logic stored on the memory, the adaptive security logic including logic including logic to decompose the authentication header in the data packets;
logic to perform a variable percentage verification on the data packets from the data stream; and
logic to determine an actual verification percentage performed based on a number of available security operations in the receive host, a minimum verification percentage, and a target verification percentage, the minimum verification percentage and the target verification percentage being contained in the authentication header. - View Dependent Claims (8, 9, 10)
logic to perform a delayed verification on a bundle of data packets from the data stream; and
logic to enable one of the delayed verification and the variable percentage verification based on a verification type field contained in the authentication header and on a number of available security operations in the receive host.
-
-
10. The receive host of claim 7, wherein the adaptive security logic further comprises logic to maintain a resource tracking table which indicates the security operations required to accomplish the minimum security level, the target security level, the actual security level, and the priority level of a particular data stream.
-
11. A send host employing adaptive security, comprising:
-
means for inputting a desired security configuration for a data stream to be communicated to a receiver;
means for displaying the desired security configuration and an actual security configuration for the data stream, the actual security configuration being received from the receiver; and
means for generating a plurality of data packets associated with the data stream, the data packets including a data block and an authentication data block having an authentication header containing the actual security configuration and a signature.
-
-
12. A receive host employing adaptive security, comprising:
-
means for receiving at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature;
means for decomposing the authentication header in the data packets;
means for performing a percentage based verification on the data packets from the data stream;
means for determining an actual security level performed based on a number of available security operations, a minimum security level, and a target security level, and a desired actual security level, the minimum security level and the target security level being contained in the authentication header; and
means for communicating the actual security level to a send host. - View Dependent Claims (13, 14)
means for performing a delayed verification on a bundle of data packets from the data stream; and
means for enabling one of the delayed verification and the variable percentage verification based on a verification type field contained in the authentication header and on a number of available security operations in the receive host.
-
-
15. A method for communicating a data stream employing adaptive security, comprising the steps of:
-
identifying a desired verification type, a desired security algorithm, a minimum security level, a target security level, and a desired actual security level in a send host for communicating a data stream from the send host to a receive host;
determining an actual verification type, an actual security algorithm, and an actual security level in the receive host based on the desired verification type, desired security algorithm, minimum security level, target security level, and an availability of a number of security processor operations;
communicating the actual verification type, the actual security algorithm, and the actual security level from the receive host to the send host;
generating a plurality of data packets associated with the data stream in the send host, the data packets having an authentication data block with an authentication header, the authentication header containing the actual verification type, actual security algorithm, minimum security level, the target security level, and the actual security level;
verifying the data packets using percentage based verification if the actual verification type is percentage based verification, the percentage based verification being performed at the actual security level which is greater or equal to the minimum security level and less than or equal to the target security level; and
performing a delayed verification on the data packets if the actual verification type is delayed verification. - View Dependent Claims (16, 17)
-
-
18. A computer program embodied on a computer-readable medium for operation in a send host to facilitate data communication with adaptive security, comprising:
-
logic to input a desired security configuration for a data stream to be communicated to a receiver;
logic to display a desired security configuration and an actual security configuration for the data stream, the actual security configuration being received from the receiver; and
logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block having an authentication header containing the actual security configuration and a signature.
-
-
19. A computer program embodied on a computer-readable medium for operation in a receive host to facilitate data communication with adaptive security, comprising:
-
logic to receive at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature;
logic to decompose the authentication header in the data packets;
logic to perform a percentage based verification on the data packets from the data stream;
logic to determine an actual security level performed based on a number of available security operations in a receive host, a minimum security level, and a target security level, the minimum security level and the target security level being contained in the authentication header; and
logic to communicate the actual security level to a send host. - View Dependent Claims (20, 21)
logic to perform a delayed verification on a bundle of data packets from the data stream; and
logic to enable one of the delayed verification and the variable percentage verification based on a verification type field contained in the authentication header and on the number of available security operations in the receive host.
-
-
22. A computer program embodied in a modulated data signal for transmission across a network, the computer program being for operation in a send host to facilitate data communication with adaptive security, comprising:
-
logic to input a desired security configuration for a data stream to be communicated to a receive host;
logic to display the desired security configuration and an actual security configuration for the data stream, the actual security configuration being received from the receive host; and
logic to generate a plurality of data packets associated with the data stream, the data packets including an authentication data block having an authentication header containing the actual security configuration and a signature.
-
-
23. A computer program embodied in a modulated data signal for transmission across a network, the computer program being for operation in a receive host to facilitate data communication with adaptive security, comprising:
-
logic to receive at least one data stream comprising a number of data packets, the data packets including an authentication data block, the authentication data block having an authentication header and a signature;
logic to decompose the authentication header in the data packets;
logic to perform a percentage based verification on the data packets from the data stream;
logic to determine an actual security level performed based on a number of available security operations, a minimum security level, and a target security level, the minimum security level, the target security level being contained in the authentication header; and
logic to communicate the actual security level to a send host. - View Dependent Claims (24, 25)
logic to perform a delayed verification on a bundle of data packets from the data stream; and
logic to enable one of the delayed verification and the variable percentage verification based on an availability of computer resources and on a verification type in the authentication header.
-
-
26. A receive host employing adaptive security with respect to at least one data stream having a number of data packets received by the receive host, comprising:
-
means for determining a number of available security operations in the receive host; and
means for allocating the number of available security operations in the receive host to perform a verification of a number of the data packets in the at least one data stream. - View Dependent Claims (27, 28)
-
-
29. A method for employing adaptive security with respect to at least one data stream having a number of data packets received by a receive host, comprising the steps of:
-
determining a number of available security operations in the receive host; and
allocating the number of available security operations in the receive host to perform a verification of a number of the data packets in the at least one data stream. - View Dependent Claims (30, 31)
-
Specification