[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

GB2512807A - Network node with network-attached stateless security offload device - Google Patents

Network node with network-attached stateless security offload device Download PDF

Info

Publication number
GB2512807A
GB2512807A GB1414604.7A GB201414604A GB2512807A GB 2512807 A GB2512807 A GB 2512807A GB 201414604 A GB201414604 A GB 201414604A GB 2512807 A GB2512807 A GB 2512807A
Authority
GB
United Kingdom
Prior art keywords
external
network
security
offload
packets
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1414604.7A
Other versions
GB2512807B (en
GB201414604D0 (en
Inventor
Scott Christopher Moonen
Jr Linwood Hugh Overby
Christopher Meyer
Curtis Matthew Gearhart
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/400,575 external-priority patent/US20130219167A1/en
Priority claimed from US13/400,577 external-priority patent/US8918634B2/en
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB201414604D0 publication Critical patent/GB201414604D0/en
Publication of GB2512807A publication Critical patent/GB2512807A/en
Application granted granted Critical
Publication of GB2512807B publication Critical patent/GB2512807B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss. The external security offload device may be included in a firewall, or intrusion detection device, and may implement IPsec protocol.
GB1414604.7A 2012-02-21 2013-02-08 Network node with network-attached stateless security offload device Active GB2512807B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/400,575 US20130219167A1 (en) 2012-02-21 2012-02-21 Network node with network-attached stateless security offload device employing in-band processing
US13/400,577 US8918634B2 (en) 2012-02-21 2012-02-21 Network node with network-attached stateless security offload device employing out-of-band processing
PCT/IB2013/051061 WO2013124758A1 (en) 2012-02-21 2013-02-08 Network node with network-attached stateless security offload device

Publications (3)

Publication Number Publication Date
GB201414604D0 GB201414604D0 (en) 2014-10-01
GB2512807A true GB2512807A (en) 2014-10-08
GB2512807B GB2512807B (en) 2014-11-19

Family

ID=49005080

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1414604.7A Active GB2512807B (en) 2012-02-21 2013-02-08 Network node with network-attached stateless security offload device

Country Status (5)

Country Link
JP (1) JP5746446B2 (en)
CN (1) CN104137508B (en)
DE (1) DE112013000649B4 (en)
GB (1) GB2512807B (en)
WO (1) WO2013124758A1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106575333A (en) * 2014-07-29 2017-04-19 惠普发展公司,有限责任合伙企业 Transmit an authentication mark
CN104243484B (en) * 2014-09-25 2016-04-13 小米科技有限责任公司 Information interacting method and device, electronic equipment
GB2533098B (en) * 2014-12-09 2016-12-14 Ibm Automated management of confidential data in cloud environments
JP5847345B1 (en) * 2015-04-10 2016-01-20 さくら情報システム株式会社 Information processing apparatus, authentication method, and program
CN105678553A (en) * 2015-08-05 2016-06-15 腾讯科技(深圳)有限公司 Method, device and system for processing order information
US10225241B2 (en) * 2016-02-12 2019-03-05 Jpu.Io Ltd Mobile security offloader
CN107005574B (en) * 2016-12-23 2020-08-28 深圳前海达闼云端智能科技有限公司 Block generation method and device and block chain network
JP6588048B2 (en) * 2017-03-17 2019-10-09 株式会社東芝 Information processing device
JP6518378B1 (en) * 2018-12-21 2019-05-22 瀧口 信太郎 Authentication system, authentication method, and authentication program
US10506426B1 (en) 2019-07-19 2019-12-10 Capital One Services, Llc Techniques for call authentication
CN114968471B (en) * 2021-02-26 2024-12-03 中移(苏州)软件技术有限公司 A method and device for unloading a stream
WO2025029742A1 (en) * 2023-07-28 2025-02-06 Cisco Technology, Inc. Ipv6 extension headers and overlay network metadata for security and observability
WO2025029736A1 (en) * 2023-07-28 2025-02-06 Cisco Technology, Inc. Determining security actions at policy-enforcement points using metadata representing a security chain for a data flow

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222509A (en) * 2008-01-22 2008-07-16 中兴通讯股份有限公司 A data protection transmission method of point-to-point network
CN201788511U (en) * 2010-08-18 2011-04-06 赵景壁 Safety information exchange device

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7017042B1 (en) * 2001-06-14 2006-03-21 Syrus Ziai Method and circuit to accelerate IPSec processing
US20050060538A1 (en) * 2003-09-15 2005-03-17 Intel Corporation Method, system, and program for processing of fragmented datagrams
JP4346094B2 (en) * 2004-04-05 2009-10-14 日本電信電話株式会社 Packet encryption processing proxy device
JP2006041726A (en) * 2004-07-23 2006-02-09 Matsushita Electric Ind Co Ltd Shared key replacing system, shared key replacing method and method program
US8407778B2 (en) * 2005-08-11 2013-03-26 International Business Machines Corporation Apparatus and methods for processing filter rules
JP2007329730A (en) * 2006-06-08 2007-12-20 Kawasaki Microelectronics Kk Communication protocol processor
US20090038004A1 (en) * 2007-07-31 2009-02-05 Gabor Blasko Role change based on coupling or docking of information handling apparatus and method for same
JP2009230476A (en) * 2008-03-24 2009-10-08 Toshiba Corp Device, method and program for processing message
JP4906800B2 (en) * 2008-07-02 2012-03-28 三菱電機株式会社 COMMUNICATION DEVICE, ENCRYPTED COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM
US8700892B2 (en) * 2010-03-19 2014-04-15 F5 Networks, Inc. Proxy SSL authentication in split SSL for client-side proxy agent resources with content insertion
JP5779434B2 (en) * 2011-07-15 2015-09-16 株式会社ソシオネクスト Security device and security system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222509A (en) * 2008-01-22 2008-07-16 中兴通讯股份有限公司 A data protection transmission method of point-to-point network
CN201788511U (en) * 2010-08-18 2011-04-06 赵景壁 Safety information exchange device

Also Published As

Publication number Publication date
WO2013124758A1 (en) 2013-08-29
CN104137508A (en) 2014-11-05
GB2512807B (en) 2014-11-19
JP5746446B2 (en) 2015-07-08
CN104137508B (en) 2017-07-07
DE112013000649B4 (en) 2020-11-19
GB201414604D0 (en) 2014-10-01
DE112013000649T5 (en) 2014-11-06
JP2015511434A (en) 2015-04-16

Similar Documents

Publication Publication Date Title
GB2512807A (en) Network node with network-attached stateless security offload device
WO2014160722A8 (en) Transmission control protocol in long term evolution radio access network
WO2012149400A3 (en) Trusted wlan connectivity to 3gpp evolved packet core
MX360484B (en) EFFICIENT NETWORK LAYER FOR IPv6 PROTOCOL.
WO2013177316A3 (en) Efficient packet handling, redirection, and inspection using offload processors
WO2014153461A3 (en) Multifunction wireless device
GB2522949A (en) Methods and systems for transmitting and receiving packets
WO2014195501A3 (en) Electronic authentication systems
WO2015036789A3 (en) Communicating with a device
WO2015200326A8 (en) Inter-system mobility in integrated wireless networks
JP2015515154A5 (en) Network entity, user device, and communication control method
WO2012145377A3 (en) Device and system for facilitating communication and networking within a secure mobile environment
JP2018537912A5 (en)
JP2014057380A5 (en)
IN2014CN00663A (en)
GB201121585D0 (en) Communication system and method
WO2013155037A8 (en) Method, machine -type -communications (mtc) device and communication system for triggering mtc devices to attach to a wireless communications network
WO2014039280A3 (en) Systems, apparatus, and methods for association in multi-hop networks
MX359123B (en) Techniques for wireless communication between a terminal computing device and a wearable computing device.
WO2011100742A3 (en) System and method for signaling and data tunneling in a peer-to-peer environment
IN2015DN02963A (en)
WO2010081168A8 (en) Methods and apparatuses for fetching native security context between core network nodes after inter-system handover
WO2015137644A3 (en) Method for calculating and reporting an amount of data available for transmission and a device therefor
EP2530912A3 (en) Systems and methods for facilitating communication with foundation fieldbus linking devices
WO2015056995A3 (en) Method and device for performing wireless connection between devices in wireless communication system

Legal Events

Date Code Title Description
746 Register noted 'licences of right' (sect. 46/1977)

Effective date: 20141202