Network communications security agent
First Claim
Patent Images
1. A method comprising:
- receiving data from a network protocol layer of a receiving client, the data comprising a portion of an event being received at the receiving client;
determining if the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data;
creating a selector based on the selector data and using said selector to search a receiving client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said receiving client database storing a plurality of selector/security association pairs received from a key server corresponding to different timewise intervals of said event;
applying the security operation to the data if the data is eligible wherein applying the security operation comprises using the security, association on the at least a portion of the data; and
sending the data to which the security operation has been applied to a network application program interface (API) of the receiving client;
wherein, for any particular one of said timewise intervals of said event having a corresponding selector/security association pair, the receiving client receives said corresponding selector/security association pair from said key server and stores said corresponding selector/security association pair in said receiving client database prior to receiving said particular one of said timewise intervals of said event, andwherein determining if the data is eligible for the security operation comprises determining that the data is not eligible for the security operation if the selector cannot be created based on the selector data, and wherein said data is sent to the network API of the receiving client without an applied security operation if it is so determined that the data is not eligible.
5 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of an inventive networking environment includes clients called sending clients because they send network content through a network, and clients called receiving clients because they receive the network content from the sending clients through the network. Both sending clients and receiving clients are “clients” in that they rely on a management server to orchestrate the secure transfer of information from sending clients to receiving clients.
-
Citations
2 Claims
-
1. A method comprising:
-
receiving data from a network protocol layer of a receiving client, the data comprising a portion of an event being received at the receiving client; determining if the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data; creating a selector based on the selector data and using said selector to search a receiving client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said receiving client database storing a plurality of selector/security association pairs received from a key server corresponding to different timewise intervals of said event; applying the security operation to the data if the data is eligible wherein applying the security operation comprises using the security, association on the at least a portion of the data; and sending the data to which the security operation has been applied to a network application program interface (API) of the receiving client; wherein, for any particular one of said timewise intervals of said event having a corresponding selector/security association pair, the receiving client receives said corresponding selector/security association pair from said key server and stores said corresponding selector/security association pair in said receiving client database prior to receiving said particular one of said timewise intervals of said event, and wherein determining if the data is eligible for the security operation comprises determining that the data is not eligible for the security operation if the selector cannot be created based on the selector data, and wherein said data is sent to the network API of the receiving client without an applied security operation if it is so determined that the data is not eligible.
-
-
2. A machine readable storage medium having stored thereon machine executable instructions, execution of said machine executable instructions being operable to implement a method comprising:
-
receiving data from a network protocol layer of a receiving client, the data comprising a portion of an event being received at the receiving client; determining if the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data; creating a selector based on the selector data and using said selector to search a local receiving client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said receiving client database storing a plurality of selector/security association pairs received from a key server corresponding to a succession of timewise intervals of said event; applying the security operation to the data if the data is eligible, wherein applying the security operation comprises using a security association on the at least a portion of the data; and sending the data to which the security operation has been applied to a network application program interface (API) of the receiving client; wherein, for any particular one of said timewise intervals of said event having a corresponding selector/security association pair, the receiving client receives said corresponding selector/security association pair from said key server and stores said corresponding selector/security association pair in said receiving client database prior to receiving said particular one of said timewise intervals of said event, and wherein determining if the data is eligible for the security operation comprises determining that the data is not eligible for the security operation if a selector cannot be created based on the data, and wherein said data is sent to the network API of the receiving client without an applied security operation if it is so determined that the data is not eligible.
-
Specification