Network level protocol negotiation and operation
First Claim
1. A method of negotiating security and compression of packets independently from an operating system, the packets being transmitted between a first computer having a first CPU running a first operating system and a first network processor and a second computer having a second CPU running a second operating system and a second network processor, the method comprising:
- sending a first message over a network from the first network processor directly to the second network processor indicating existence of the first network processor having security protocol and compression protocol capability without prompting from the first operating system; and
sending a second message from the second network processor directly to the first network processor in response to the first message, the second message acknowledging existence in the second network processor of security protocol capability and compression protocol capability; and
the first network processor responding to receipt of the second message by directly sending packets which are compressed and encrypted over the network to the second network processor.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and apparatus for network level protocol negotiation for Internet Protocol Security (IPSec) and Internet Protocol Payload Compression (IPComp) are described. More particularly, IPSec and IPComp capabilities are instantiated in a network processor unit of a network interface in at least two communicating computers. By determining each computer has the capacity to due IPSec and IPComp at the transport level, such is negotiated and executed at the transport level independently of an operating system and a central processing unit usage. Additionally, encryption and/or compression are done at the network level operating system and central processing unit offloading.
96 Citations
16 Claims
-
1. A method of negotiating security and compression of packets independently from an operating system, the packets being transmitted between a first computer having a first CPU running a first operating system and a first network processor and a second computer having a second CPU running a second operating system and a second network processor, the method comprising:
-
sending a first message over a network from the first network processor directly to the second network processor indicating existence of the first network processor having security protocol and compression protocol capability without prompting from the first operating system; and sending a second message from the second network processor directly to the first network processor in response to the first message, the second message acknowledging existence in the second network processor of security protocol capability and compression protocol capability; and the first network processor responding to receipt of the second message by directly sending packets which are compressed and encrypted over the network to the second network processor. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of compression and security enhancement for communication between a first computer having a first network processor and a first central processing unit (CPU) that runs a first operating system, the first network processor embedded in a first media communications processor, and a second computer having a second network processor and a second CPU that runs a second operating system, the second network processor embedded in a second media communications processor, without intervention by the first and second operating systems, comprising:
-
sending a first message from the first network processor directly to the second network processor indicating existence of the first network processor having a sequence processor capable of a security protocol and a compression protocols without intervention from the first operating system; and sending a second message from the second network processor directly to the first network processor in response to the first message, the second message indicating existence of the second network processor having a sequence processor capable of supporting the security protocol and the compression protocol without intervention from the second operating system. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. An integrated network processing unit (NPU) included in a host computer having a CPU running an operating system, the NPU configured to transmit packets over a network using internet protocol payload compression followed by internet protocol security without intervention by the operating system, comprising:
-
a sequence processor configured for pipeline processing of frames of data, the sequence processor including; compression unit for compressing a frame data, encryption unit for encrypting the compressed frame of data, interface unit configured to send an IP Packet from the transmitting NPU without any prompting from the operating system directly to a receiving NPU, the IP Packet indicating to the receiving computer that the transmitting NPU is capable of sending compressed and encrypted packets, the transmitting NPU being configured to respond to an acknowledgement sent directly from the receiving NPU that the receiving computer supports compression and encryption by activating the sequence processor to send one or more data frames which are compressed and then encrypted, and wherein the sequence processor provides algorithms for controlling the compression unit and the encryption unit with respect to the packets sent by the NPU over the network independently of any operating system. - View Dependent Claims (15, 16)
-
Specification