Dynamic network security apparatus and methods or network processors
First Claim
Patent Images
1. A method comprising:
- generating a statistic associated with a plurality of communication packets received by a processor;
determining a security attack on the processor is in progress based at least in part on the statistic;
determining whether to load a security algorithm based on an amount of download time to download the security algorithm; and
loading the security algorithm in a fast path of the processor based on the determining whether to load the security algorithm.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for loading a security algorithm in a fast path of a network processor are disclosed. In an example method, a network processor generates a statistic associated with a plurality of communication packets received by the network processor, determines a security attack on the network processor is in progress based on the statistic and loads the security algorithm in the fast path of the network processor.
50 Citations
50 Claims
-
1. A method comprising:
-
generating a statistic associated with a plurality of communication packets received by a processor; determining a security attack on the processor is in progress based at least in part on the statistic; determining whether to load a security algorithm based on an amount of download time to download the security algorithm; and loading the security algorithm in a fast path of the processor based on the determining whether to load the security algorithm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a memory containing a plurality of security algorithms; and a processor coupled to the memory and programmed to; generate a statistic associated with a plurality of communication packets received by the processor; determine a security attack on the processor is in progress based at least in part on the statistic; determine whether to load a security algorithm based on an amount of download time to download the security algorithm; and load the one of the plurality of security algorithms in the processor based on the determining whether to load the security algorithm. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a machine accessible medium; and instructions stored on the machine accessible medium and adapted to be executed by a processor to; generate a statistic associated with a plurality of communication packets received by the processor; determine a security attack on the processor is in progress based on the statistic; determine whether to load a security algorithm based on an amount of download time to download the security algorithm; and load the one of the plurality of security algorithms in the processor based on the determining whether to load the security algorithm. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A machine accessible medium having associated data that, when accessed, causes a machine to:
-
generate a statistic associated with a plurality of communication packets received by the processor; determine a security attack on the processor is in progress based on the statistic; determine whether to load a security algorithm based on an amount of download time to download the security algorithm; and load the one of the plurality of security algorithms in the processor based on the determining whether to load the security algorithm. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method comprising:
-
receiving a request for a connection to a processor from a first network client; determining whether a second network client is already connected to the processor; presenting a first plurality of available security algorithms to the first network client when the second network client is not already connected to the processor and a second plurality of available security algorithms to the first network client when the second network client is already connected to the processor, wherein at least some of the second plurality of available security algorithms are different from the first plurality of available security algorithms; selecting a security algorithm from one of the first or second plurality of available security algorithms to be used for communications with the first network client; and downloading the selected security algorithm to be used for communications with the first network client to the processor. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A network communication device, comprising:
-
a memory containing a plurality of security algorithms; and a processor coupled to the memory and programmed to; receive a request for a connection to the processor from a first network client; determine whether a second network client is already connected to the processor; present a first set of the plurality of security algorithms to the first network client when the second network client is not already connected to the processor and a second set of the plurality of security algorithms to the first network client when the second network client is already connected to the processor, wherein at least some security algorithms in the second set of the plurality of security algorithms are different from security algorithms in the first set of the plurality of security algorithms; select a security algorithm from one of the first or second sets of the plurality of security algorithms to be used for communications with the first network client; and download the selected security algorithm to be used for communications with the first network client to the processor. - View Dependent Claims (34, 35, 36, 37)
-
-
38. An apparatus comprising:
-
a machine accessible medium; and instructions stored on the machine accessible medium and adapted to be executed by a processor to; receive a request for a connection to the processor from a first network client; determine whether a second network client is already connected to the processor; present a first plurality of available security algorithms to the first network client when a second network client is not already connected to the processor and a second plurality of available security algorithms to the first network client when the second network client is already connected to the processor, wherein at least some of the second plurality of available security algorithms are different from the first plurality of available security algorithms; select a security algorithm from one of the first or second plurality of available security algorithms to be used for communications with the first network client; and download the selected security algorithm to be used for communications with the first network client to the processor. - View Dependent Claims (39, 40)
-
-
41. A machine accessible medium having associated data that, when accessed, causes a machine to:
-
receive a request for a connection to the processor from a first network client; determine whether a second network client is already connected to the processor; present a first plurality of available security algorithms to the first network client when the second network client is not already connected to the processor and a second set of the plurality of security algorithms to the first network client when the second network client is already connected to the processor, wherein at least some security algorithms in the second set of the plurality of security algorithms are different from security algorithms in the first set of the plurality of security algorithms; select a security algorithm from one of the first or second plurality of available security algorithms to be used for communications with the first network client; and download the selected security algorithm to be used for communications with the first network client to the processor. - View Dependent Claims (42, 43)
-
-
44. A method comprising:
-
monitoring a characteristic of communications on a network; detecting a network security attack based at least in part on the monitored characteristic; determining whether to load a security algorithm based on an amount of download time to download the security algorithm; and loading the security algorithm in a fast path of a processor based on the determining whether to load the security algorithm. - View Dependent Claims (45, 46)
-
-
47. A computer system, comprising:
-
a memory containing a plurality of security algorithms; and a processor coupled to the memory and programmed to; monitor communications on a network; load the one of the plurality of security algorithms in the processor based on the monitored communications in response to determining that an amount of download time to download the security algorithm is acceptable relative to a second amount of time indicative of an elapsed duration since a previous download of the security algorithm. - View Dependent Claims (48, 49, 50)
-
Specification