Hybrid Java-C network appliance

US 7,516,333 B2
Filed: 08/02/2004
Issued: 04/07/2009
Est. Priority Date: 08/01/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for applying security policies to data in a network, said method comprising the steps of:

intercepting data being transferred across the network;

determining that a security function to be performed can be offloaded for acceleration;

utilizing a JAVA®

Cryptographic Engine (JCE) to transparently offload the data;

performing the security function in hardware, said hardware performing the steps of;

entering a request in a JCE layer for a cryptographic function to be performed;

invoking JAVA®

Native Interface (JNI) hooks in a JNI layer to function as an interface to an operating system specific C programming language interface library;

unpacking data from the intercepted data so that the unpacked data can be manipulated in the operating system specific programming language; and

marshalling the unpacked data in a cryptographic messaging layer so that the unpacked data can be transformed to a standard format.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network appliance that runs both C and Java integrated software to provide a flexible architecture for rapid prototyping of XML security functionality, including SSL acceleration, XML encryption, XML decryption, XML signature, and XML verification, while the network appliance continues to provide high-speed performance.

11 Citations

View as Search Results

12 Claims

1. A method for applying security policies to data in a network, said method comprising the steps of:
- intercepting data being transferred across the network;
  
  determining that a security function to be performed can be offloaded for acceleration;
  
  utilizing a JAVA®
  
  Cryptographic Engine (JCE) to transparently offload the data;
  
  performing the security function in hardware, said hardware performing the steps of;
  
  entering a request in a JCE layer for a cryptographic function to be performed;
  
  invoking JAVA®
  
  Native Interface (JNI) hooks in a JNI layer to function as an interface to an operating system specific C programming language interface library;
  
  unpacking data from the intercepted data so that the unpacked data can be manipulated in the operating system specific programming language; and
  
  marshalling the unpacked data in a cryptographic messaging layer so that the unpacked data can be transformed to a standard format.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as defined in claim 1 wherein the method further comprises the step of marshalling the data so that the data can be transferred across a network having a specific network packet protocol.
  - 3. The method as defined in claim 2 wherein the method further comprises the step of transferring the data to a hardware driver.
  - 4. The method as defined in claim 3 wherein the method further comprises the step of using the hardware driver to prepare a hardware accelerator for receiving data to be cryptographically processed.
  - 5. The method as defined in claim 4 wherein the method further comprises the step of transferring the data from the hardware driver to the hardware accelerator for cryptographic processing.
  - 6. The method as defined in claim 5 wherein the method further comprises the step of selecting the type of cryptographic processing to be performed by the hardware accelerator from the group of cryptographic processes comprised of encrypting, decrypting, verification and signing.
  - 7. The method as defined in claim 6 wherein the method further comprises the step of interrupting the hardware driver when the hardware accelerator has completed its cryptographic processing of the data so that the data can be transferred to a next destination.
  - 8. The method as defined in claim 7 wherein the method further comprises the step of transferring the data from the hardware driver to the cryptographic messaging layer.
  - 9. The method as defined in claim 8 wherein the method further comprises the step of unpacking the data.
  - 10. The method as defined in claim 9 wherein the method further comprises the step of transferring the data from the cryptographic messaging layer to the JNI layer.
  - 11. The method as defined in claim 10 wherein the method further comprises the step of transforming the data in the JNI layer.
  - 12. The method as defined in claim 11 wherein the method further comprises the step of transferring the data from the JNI layer to the JCE layer through the JNI interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mamoon Yunis, Rizwan Mallal, Thomas C. Stickle
Original Assignee
Mamoon Yunis, Rizwan Mallal, Thomas C. Stickle
Inventors
Mallal, Rizwan, Yunis, Mamoon, Stickle, Thomas C.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Simitoski; Michael J

Application Number

US10/909,848
Publication Number

US 20050132210A1
Time in Patent Office

1,709 Days
Field of Search

726/1, 726/12, 713/153, 713/160, 713/192, 380/239
US Class Current

713/192
CPC Class Codes

G06F 11/30   Monitoring

H04L 67/02   based on web technology, e....

H04L 67/34   involving the movement of s...

Hybrid Java-C network appliance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Hybrid Java-C network appliance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others