Method and apparatus for conveying a security context in addressing information
First Claim
1. A method for conveying a security context, comprising:
- obtaining a virtual address associated with a process executing on a recipient computer system;
issuing a first Internet Protocol version compliant packet, comprising;
invoking a Supernet Attach Command on an authentication server daemon;
receiving, in response to the Supernet Attach Command, Supernet configuration information comprising the security context; and
registering a mapping of the Supernet configuration information with a virtual address daemon,wherein the first Internet Protocol version compliant packet comprises a first Internet Protocol version compliant header,wherein the first Internet Protocol version compliant header comprises the security context,wherein the security context comprises a Supernet identifier, a Channel identifier, and the virtual address, andwherein data in a payload of the first Internet Protocol version compliant packet is encrypted using the Supernet identifier and the Channel identifier to obtain an encrypted payload;
issuing a second Internet Protocol version compliant packet, wherein the second Internet Protocol version compliant packet comprises a second Internet Protocol version compliant header,wherein the second Internet Protocol version compliant header comprises a second Internet Protocol version compliant address of the recipient computer system,wherein a payload of the second Internet Protocol version compliant packet comprises the first Internet Protocol version compliant packet, andwherein the first Internet Protocol version is different from the second Internet Protocol version; and
forwarding the second Internet Protocol version compliant packet to the recipient computer system,wherein the security context is used by the recipient computer to decrypt the encrypted payload.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for conveying a security context, including creating and assigning a virtual address to a client process, issuing a first Internet Protocol version compliant packet wherein the first Internet Protocol version compliant packet comprises a security context, prepending an issued packet with a second Internet Protocol version header producing a second Internet Protocol version compliant packet, forwarding the second Internet Protocol version compliant packet to a recipient, stripping away the second Internet Protocol version compliant header from the second Internet Protocol version compliant packet producing a stripped packet at the recipient, decrypting and authenticating the stripped packet using a particular method as indicated by the security context producing a decrypted and authenticated packet, and routing the decrypted and authenticated packet to a recipient process using the virtual address.
-
Citations
14 Claims
-
1. A method for conveying a security context, comprising:
-
obtaining a virtual address associated with a process executing on a recipient computer system; issuing a first Internet Protocol version compliant packet, comprising; invoking a Supernet Attach Command on an authentication server daemon; receiving, in response to the Supernet Attach Command, Supernet configuration information comprising the security context; and registering a mapping of the Supernet configuration information with a virtual address daemon, wherein the first Internet Protocol version compliant packet comprises a first Internet Protocol version compliant header, wherein the first Internet Protocol version compliant header comprises the security context, wherein the security context comprises a Supernet identifier, a Channel identifier, and the virtual address, and wherein data in a payload of the first Internet Protocol version compliant packet is encrypted using the Supernet identifier and the Channel identifier to obtain an encrypted payload; issuing a second Internet Protocol version compliant packet, wherein the second Internet Protocol version compliant packet comprises a second Internet Protocol version compliant header, wherein the second Internet Protocol version compliant header comprises a second Internet Protocol version compliant address of the recipient computer system, wherein a payload of the second Internet Protocol version compliant packet comprises the first Internet Protocol version compliant packet, and wherein the first Internet Protocol version is different from the second Internet Protocol version; and forwarding the second Internet Protocol version compliant packet to the recipient computer system, wherein the security context is used by the recipient computer to decrypt the encrypted payload. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for processing a security context, comprising:
-
receiving a first Internet Protocol version compliant packet comprising a first Internet Protocol version compliant header and a first Internet Protocol version compliant payload, wherein the first Internet Protocol version compliant payload comprises a second Internet Protocol version compliant packet, wherein the second Internet Protocol version compliant packet comprises encrypted data and a second Internet Protocol version compliant header comprising the security context, and wherein the security context comprises a 128 bit unique value, wherein the 128 bit unique value comprises a 16 bit set and a 112 bit set, wherein the 112 bit set comprises contiguous bits for a virtual address, a Supernet identifier, and a Channel identifier; extracting the encrypted data and the security context from the second Internet Protocol version compliant packet; decrypting the encrypted data, by a recipient computer system, using the Supernet identifier and Channel identifier to obtain decrypted data; and routing the decrypted data to a process in the recipient computer system using the virtual address, wherein the first Internet Protocol version compliant header comprises a first Internet Protocol version compliant address used to route the first Internet Protocol version compliant packet to the recipient computer system. - View Dependent Claims (11, 12, 13, 14)
-
Specification