Secure protocol handshake offload using TNICs

US 7,631,182 B1
Filed: 06/24/2005
Issued: 12/08/2009
Est. Priority Date: 06/24/2005
Status: Active Grant

First Claim

Patent Images

1. A method for offloading a secure protocol handshake, comprising:

establishing a connection between a host system and a remote peer;

determining whether the secure protocol handshake is offloaded to a network interface card (NIC);

if the secure protocol handshake is offloaded to the NIC;

sending an offload request to offload the secure protocol handshake, wherein the offload request comprises a value of at least one cryptographic key;

performing a lookup operation on a cryptographic key table using the value of at least one cryptographic key to obtain at least one secret key, wherein the NIC comprises a key store, and wherein the key store comprises the cryptographic key table;

performing cryptographic operations associated with the secure protocol handshake using the at least one secret key; and

returning a status of the secure protocol handshake to the host system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for offloading a secure protocol handshake. The method includes establishing a connection between a host system and a remote peer, and determining whether the secure protocol handshake is offloaded to a network interface card (NIC). When the secure protocol handshake is offloaded to the NIC, an offload request is sent to offload the secure protocol handshake, where the offload request includes a value of at least one cryptographic key. The method further includes performing cryptographic operations associated with the secure protocol handshake using the value of at least one cryptographic key to obtain at least one secret key, and returning a status of the secure protocol handshake to the host system.

22 Citations

View as Search Results

18 Claims

1. A method for offloading a secure protocol handshake, comprising:
- establishing a connection between a host system and a remote peer;
  
  determining whether the secure protocol handshake is offloaded to a network interface card (NIC);
  
  if the secure protocol handshake is offloaded to the NIC;
  
  sending an offload request to offload the secure protocol handshake, wherein the offload request comprises a value of at least one cryptographic key;
  
  performing a lookup operation on a cryptographic key table using the value of at least one cryptographic key to obtain at least one secret key, wherein the NIC comprises a key store, and wherein the key store comprises the cryptographic key table;
  
  performing cryptographic operations associated with the secure protocol handshake using the at least one secret key; and
  
  returning a status of the secure protocol handshake to the host system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the NIC is a transport network interface card (TNIC).
  - 3. The method of claim 1, wherein the host system performs the secure protocol handshake, if the secure protocol handshake is not offloaded to the NIC.
  - 4. The method of claim 1, wherein determining whether the secure protocol handshake is offloaded to the NIC comprises determining whether the NIC includes sufficient resources to handle the secure protocol handshake.
  - 5. The method of claim 1, wherein the connection between the host system and the remote peer is a TCP connection.
  - 6. The method of claim 1, wherein cryptographic operations associated with the secure protocol handshake comprise exchanging public keys between the host system and the remote peer, resulting in the establishment of the at least one secret key.
  - 7. The method of claim 1, further comprising:
    - performing a data transfer phase, wherein cryptographic operations associated with the data transfer phase are performed by the NIC using the at least one secret key.

8. A system for offloading a secure protocol handshake, comprising:
- a host configured to;
  
  determine whether the secure protocol handshake is offloaded to a network interface card (NIC), andif the secure protocol handshake is offloaded to the NIC;
  
  send an offload request to offload the secure protocol handshake to a NIC, wherein the offload request comprises a value of at least one cryptographic key; and
  
  the NIC configured to;
  
  perform a lookup operations on a cryptographic key table using the value of at least one cryptographic key to obtain at least one secret key, wherein the NIC comprises a key store, and wherein the key store comprises the cryptographic key table;
  
  perform cryptographic operations associated with the secure protocol handshake using the at least one secret key; and
  
  return the status of the secure protocol handshake to the host system.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The system of claim 8, wherein the NIC is a transport network interface card (TNIC).
  - 10. The system of claim 8, wherein the NIC comprises a protocol offload module, a cryptographic hardware module, and the key store.
  - 11. The system of claim 10, wherein the protocol offload module is configured to process packets associated with the secure protocol handshake to determine the data on which cryptographic operations are performed.
  - 12. The system of claim 8, wherein determining whether the secure protocol handshake is offloaded comprises determining whether the NIC includes sufficient resources to handle the secure protocol handshake.
  - 13. The system of claim 8, wherein the NIC is further configured to process the secure protocol handshake using fast connection offloading.
  - 14. The system of claim 8, wherein the secure protocol handshake comprises one selected from the group consisting of a secure sockets layer (SSL) handshake and a transport layer security (TLS) handshake.
  - 15. The system of claim 8, wherein a TCP connection is established between the host and the remote peer.
  - 16. The system of claim 8, wherein the NIC is further configured to perform a data transfer phase, wherein cryptographic operations are performed during the data transfer phase by the NIC using the at least one secret key.
  - 17. The system of claim 16, wherein the NIC is further configured to store the at least one secret key in the cryptographic key table, and wherein the host is configured to provide the name of the at least one secret key to the NIC prior to the data transfer phase.

18. A computer system for offloading a secure protocol handshake, comprising:
- a processor;
  
  a memory;
  
  a storage device; and
  
  software instructions stored in the memory for enabling the computer system under control of the processor, to;
  
  establish a connection between a host system and a remote peer;
  
  determine whether the secure protocol handshake is offloaded to a network interface card (NIC);
  
  if the secure protocol handshake is offloaded to the NIC;
  
  send an offload request to offload the secure protocol handshake, wherein the offload request comprises a value of at least one cryptographic key;
  
  perform a lookup operation on a cryptographic key table using the value of at least one cryptographic key to obtain at least one secret key, wherein the NIC comprises a key store, and wherein the key store comprises the cryptographic key table;
  
  perform cryptographic operations associated with the secure protocol handshake using the at least one secret key; and
  
  return a status of the secure protocol handshake to the host system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Droux, Nicolas G., Tripathi, Sunay, Chu, Hsiao-Keng Jerry
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
TABOR, AMARE F

Application Number

US11/165,990
Time in Patent Office

1,628 Days
Field of Search

713151-154
US Class Current

713/151
CPC Class Codes

H04L 63/06 for supporting key manageme...

H04L 63/166 at the transport layer

Secure protocol handshake offload using TNICs

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure protocol handshake offload using TNICs

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links