×

Network node with network-attached stateless security offload device employing out-of-band processing

  • US 8,826,003 B2
  • Filed: 02/26/2013
  • Issued: 09/02/2014
  • Est. Priority Date: 02/21/2012
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method, comprising:

  • storing, by a host information handling system (IHS), security metadata that is associated with a data packet;

    determining, by the host IHS, if the data packet requires security processing;

    providing, by the host IHS, the data packet to an internal network interface controller if the host IHS determines that the data packet does not require security processing, the internal network interface controller transmitting the data packet to a communications network for communication to an IHS other than the host IHS;

    offloading, by the host IHS via a secure data link, the data packet and associated security metadata and static security association (SA) information to a stateless network-attached external security offload device if the host IHS determines that the data packet requires security processing, thus providing an offloaded data packet, the stateless network-attached external security offload device being external to the host IHS;

    receiving, by the stateless network-attached external security offload device, the offloaded data packet and the static security association (SA) information;

    storing, by the stateless network-attached external security offload device, the offloaded data packet and the static security association (SA) information;

    encrypting and encapsulating, by the stateless network-attached external security offload device, the offloaded data packet, thus providing an encapsulated encrypted data packet;

    transmitting, by the stateless network-attached external security offload device via the secure data link, the encapsulated encrypted data packet back to the host IHS for further processing; and

    transmitting, by the internal network interface controller of the host IHS, the encapsulated encrypted data packet to a communications network for communication to an IHS other than the host IHS.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×