Virtual private network mechanism incorporating security association processor
First Claim
Patent Images
1. A security association processor circuit, comprising:
- a security association database for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket;
means for opening a new security association upon receipt of a socket not found in said security association database;
means for searching for and recognizing a security association associated with a packet in accordance with its socket;
means for retrieving from said security association database a plurality of security related parameters; and
means for forwarding said plurality of security related parameters to a Virtual Private Networking (VPN) security processor for performing one or more security processes therewith.
2 Assignments
0 Petitions
Accused Products
Abstract
A novel and useful virtual private network (VPN) mechanism and related security association processor for maintaining the necessary security related parameters to perform security functions such as encryption, decryption and authentication. A security association database (SAD) and related circuitry is adapted to provide the necessary parameters to implement the IPSec group of security specifications for encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification.
120 Citations
78 Claims
-
1. A security association processor circuit, comprising:
-
a security association database for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket;
means for opening a new security association upon receipt of a socket not found in said security association database;
means for searching for and recognizing a security association associated with a packet in accordance with its socket;
means for retrieving from said security association database a plurality of security related parameters; and
means for forwarding said plurality of security related parameters to a Virtual Private Networking (VPN) security processor for performing one or more security processes therewith. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A Virtual Private Network (VPN) circuit, comprising:
-
security association database means for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket;
a plurality of security engines, each security engine adapted to perform a security process;
means for opening a new security association upon receipt of a socket not found in said security association database means;
means for searching for and recognizing a security association associated with an input packet in accordance with its socket;
means for retrieving from said security association database means a plurality of security related parameters;
means for forwarding said plurality of security related parameters to at least one of said security engines for performing a security process therewith; and
packet building means adapted to construct an output packet in accordance with a particular security mode utilizing said input packet and the results of said security process. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A portable computing device, comprising:
-
communication means adapted to connect said device to a communications network;
memory means comprising volatile and non-volatile memory, said non-volatile memory adapted to store program code;
a processor coupled to said memory means and said communication means for executing said program code; and
a Virtual Private Network (VPN) circuit, comprising;
security association database means for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket;
a plurality of security engines, each security engine adapted to perform a security process;
means for opening a new security association upon receipt of a socket not found in said security association database means;
means for searching for and recognizing a security association associated with an input packet in accordance with its socket;
means for retrieving from said security association database means a plurality of security related parameters;
means for forwarding said plurality of security related parameters to at least one of said security engines for performing a security process therewith;
packet building means adapted to construct an output packet in accordance with a particular security mode utilizing said input packet and the results of said security process. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A security association processor circuit, comprising:
-
a security association database for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket;
a management unit adapted to open a new security association upon receipt of a socket not found in said security association database;
a recognition unit adapted to search for and recognize a security association associated with an input packet in accordance with its socket;
a main processor unit adapted to retrieve from said security association database a plurality of security related parameters and forward them to a Virtual Private Networking (VPN) security processor for performing one or more security processes therewith; and
a hash unit comprising a hash function and associated hash table for facilitating the search for stored security associations. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. A method of security association, said method comprising the steps of:
-
establishing a security association database adapted to store security related data for a plurality of security associations, each entry within said security association database corresponding to a socket;
opening a new security association upon receipt of a socket not found in said security association database;
searching for and recognizing a security association associated with a packet in accordance with its socket;
retrieving from said security association database a plurality of security related parameters; and
forwarding said plurality of security related parameters to a Virtual Private Networking (VPN) security processor for performing one or more security processes therewith. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77)
-
-
78. A computer readable storage medium having computer readable program code means embodied therein for causing a suitably programmed computer to a security association mechanism when such program is executed on said computer, said computer readable storage medium comprising:
-
computer readable program code means for causing said computer to establish a security association database for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket;
computer readable program code means for causing said computer to open a new security association upon receipt of a socket not found in said security association database;
computer readable program code means for causing said computer to search for and recognizing a security association associated with a packet in accordance with its socket;
computer readable program code means for causing said computer to retrieve from said security association database a plurality of security related parameters; and
computer readable program code means for causing said computer to forward said plurality of security related parameters to a Virtual Private Networking (VPN) security processor for performing one or more security processes therewith.
-
Specification