Network level protocol negotiation and operation

US 7,437,548 B1
Filed: 09/23/2002
Issued: 10/14/2008
Est. Priority Date: 07/11/2002
Status: Active Grant

First Claim

Patent Images

1. A method of negotiating security and compression of packets independently from an operating system, the packets being transmitted between a first computer having a first CPU running a first operating system and a first network processor and a second computer having a second CPU running a second operating system and a second network processor, the method comprising:

sending a first message over a network from the first network processor directly to the second network processor indicating existence of the first network processor having security protocol and compression protocol capability without prompting from the first operating system; and

sending a second message from the second network processor directly to the first network processor in response to the first message, the second message acknowledging existence in the second network processor of security protocol capability and compression protocol capability; and

the first network processor responding to receipt of the second message by directly sending packets which are compressed and encrypted over the network to the second network processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for network level protocol negotiation for Internet Protocol Security (IPSec) and Internet Protocol Payload Compression (IPComp) are described. More particularly, IPSec and IPComp capabilities are instantiated in a network processor unit of a network interface in at least two communicating computers. By determining each computer has the capacity to due IPSec and IPComp at the transport level, such is negotiated and executed at the transport level independently of an operating system and a central processing unit usage. Additionally, encryption and/or compression are done at the network level operating system and central processing unit offloading.

96 Citations

View as Search Results

16 Claims

1. A method of negotiating security and compression of packets independently from an operating system, the packets being transmitted between a first computer having a first CPU running a first operating system and a first network processor and a second computer having a second CPU running a second operating system and a second network processor, the method comprising:
- sending a first message over a network from the first network processor directly to the second network processor indicating existence of the first network processor having security protocol and compression protocol capability without prompting from the first operating system; and
  
  sending a second message from the second network processor directly to the first network processor in response to the first message, the second message acknowledging existence in the second network processor of security protocol capability and compression protocol capability; and
  
  the first network processor responding to receipt of the second message by directly sending packets which are compressed and encrypted over the network to the second network processor.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising:
    - negotiating security information independently from the operating system;
      
      negotiating compression information independently from the operating system; and
      
      sending the packets which are first compressed and then encrypted from the first computer to the second computer.
  - 3. The method of claim 2 wherein the step of negotiating security information is Internet Protocol Security, and wherein the step of negotiating compression information is Internet Protocol Payload Compression.
  - 4. A method as claimed in claim 1 wherein data transmission of the packets from the first computer to the second computer proceeds without compression and encryption if the acknowledgement is not received within a predefined time.
  - 5. The method of claim 1 comprising:
    - sending the packets which are first compressed and then encrypted from the first computer to the second computer.

6. A method of compression and security enhancement for communication between a first computer having a first network processor and a first central processing unit (CPU) that runs a first operating system, the first network processor embedded in a first media communications processor, and a second computer having a second network processor and a second CPU that runs a second operating system, the second network processor embedded in a second media communications processor, without intervention by the first and second operating systems, comprising:
- sending a first message from the first network processor directly to the second network processor indicating existence of the first network processor having a sequence processor capable of a security protocol and a compression protocols without intervention from the first operating system; and
  
  sending a second message from the second network processor directly to the first network processor in response to the first message, the second message indicating existence of the second network processor having a sequence processor capable of supporting the security protocol and the compression protocol without intervention from the second operating system.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6 further comprising:
    - negotiating at least one of the security protocol and compression protocol information; and
      
      sending packets in at least an encrypted form and a compressed form from the first computer to the second computer utilizing the negotiated protocols.
  - 8. The method of claim 7 wherein the step of negotiating security information is Internet Protocol Security, and wherein the step of negotiating compression information is Internet Protocol Payload Compression.
  - 9. The method of claim 8 wherein the step of sending packets comprises at least one of encrypting and compressing data in the packets with the first network processor.
  - 10. The method of claim 9 wherein the step of sending packets comprises multicasting the packets.
  - 11. The method of claim 7 wherein the packets comprise payload that is compressed but not encrypted.
  - 12. The method of claim 7 wherein the packets comprise payload that is encrypted but not compressed.
  - 13. The method of claim 7 wherein the packets comprise payload that is encrypted and compressed.

14. An integrated network processing unit (NPU) included in a host computer having a CPU running an operating system, the NPU configured to transmit packets over a network using internet protocol payload compression followed by internet protocol security without intervention by the operating system, comprising:
- a sequence processor configured for pipeline processing of frames of data, the sequence processor including;
  
  compression unit for compressing a frame data,encryption unit for encrypting the compressed frame of data,interface unit configured to send an IP Packet from the transmitting NPU without any prompting from the operating system directly to a receiving NPU, the IP Packet indicating to the receiving computer that the transmitting NPU is capable of sending compressed and encrypted packets, the transmitting NPU being configured to respond to an acknowledgement sent directly from the receiving NPU that the receiving computer supports compression and encryption by activating the sequence processor to send one or more data frames which are compressed and then encrypted, andwherein the sequence processor provides algorithms for controlling the compression unit and the encryption unit with respect to the packets sent by the NPU over the network independently of any operating system.
- View Dependent Claims (15, 16)
- - 15. The integrated network processing unit of claim 14 wherein the sequence processor is further configured to determine that the acknowledgement is received within a predetermined period of time, whereupon the one or more data frames are transmitted by the sequence processor.
  - 16. The integrated network processing unit of claim 15 wherein security and encapsulation are negotiated before the operating system is booted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NVIDIA Corporation
Original Assignee
NVIDIA Corporation
Inventors
Alfieri, Robert A.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Abyaneh; Ali S

Application Number

US10/253,362
Time in Patent Office

2,213 Days
Field of Search

713/150, 726/14, 726/2
US Class Current

713/150
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

H04L 69/04   Protocols for data compress...

H04L 69/16   Implementation or adaptatio...

Network level protocol negotiation and operation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

96 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Network level protocol negotiation and operation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links