WO2004092930A3 - Transparent ipsec processing inline between a framer and a network component - Google Patents

Transparent ipsec processing inline between a framer and a network component Download PDF

Info

Publication number
WO2004092930A3
WO2004092930A3 PCT/US2004/009738 US2004009738W WO2004092930A3 WO 2004092930 A3 WO2004092930 A3 WO 2004092930A3 US 2004009738 W US2004009738 W US 2004009738W WO 2004092930 A3 WO2004092930 A3 WO 2004092930A3
Authority
WO
WIPO (PCT)
Prior art keywords
framer
transparent
network component
packet
ipsec processing
Prior art date
Application number
PCT/US2004/009738
Other languages
French (fr)
Other versions
WO2004092930A2 (en
Inventor
Richard E Kessler
Muhammad R Hussain
Original Assignee
Cavium Networks
Richard E Kessler
Muhammad R Hussain
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cavium Networks, Richard E Kessler, Muhammad R Hussain filed Critical Cavium Networks
Priority to JP2006509485A priority Critical patent/JP2006524959A/en
Priority to EP04749529.6A priority patent/EP1614250B1/en
Publication of WO2004092930A2 publication Critical patent/WO2004092930A2/en
Publication of WO2004092930A3 publication Critical patent/WO2004092930A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Abstract

A method and apparatus for transparent processing of IPsec network traffic by a security processor (103) in line between a framer (101) and a network processor (105). Security processor (103) parses packet header and tail information to determine if encryption or decryption is required. After encryption or decryption is completed, packet header and tail information is modified to reflect the changes in the packet such as length of the packet. The modified packet is then passed on to the network processor (105) or framer (101).
PCT/US2004/009738 2003-04-12 2004-03-30 Transparent ipsec processing inline between a framer and a network component WO2004092930A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2006509485A JP2006524959A (en) 2003-04-12 2004-03-30 Transparent IPSEC that handles inline between framer and network components
EP04749529.6A EP1614250B1 (en) 2003-04-12 2004-03-30 Transparent ipsec processing inline between a framer and a network component

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/411,909 US7398386B2 (en) 2003-04-12 2003-04-12 Transparent IPSec processing inline between a framer and a network component
US10/411,909 2003-04-12

Publications (2)

Publication Number Publication Date
WO2004092930A2 WO2004092930A2 (en) 2004-10-28
WO2004092930A3 true WO2004092930A3 (en) 2005-05-26

Family

ID=33131103

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/009738 WO2004092930A2 (en) 2003-04-12 2004-03-30 Transparent ipsec processing inline between a framer and a network component

Country Status (4)

Country Link
US (1) US7398386B2 (en)
EP (1) EP1614250B1 (en)
JP (2) JP2006524959A (en)
WO (1) WO2004092930A2 (en)

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7398386B2 (en) 2003-04-12 2008-07-08 Cavium Networks, Inc. Transparent IPSec processing inline between a framer and a network component
US7974284B2 (en) * 2003-06-27 2011-07-05 Broadcom Corporation Single and double tagging schemes for packet processing in a network device
US20050034045A1 (en) * 2003-08-08 2005-02-10 Lueck Andrew W. System for optimizing PCI-Express communications
US7620041B2 (en) * 2004-04-15 2009-11-17 Alcatel-Lucent Usa Inc. Authentication mechanisms for call control message integrity and origin verification
US7422152B2 (en) 2004-05-13 2008-09-09 Cisco Technology, Inc. Methods and devices for providing scalable RFID networks
US7895431B2 (en) * 2004-09-10 2011-02-22 Cavium Networks, Inc. Packet queuing, scheduling and ordering
US8316431B2 (en) * 2004-10-12 2012-11-20 Canon Kabushiki Kaisha Concurrent IPsec processing system and method
US7509431B2 (en) * 2004-11-17 2009-03-24 Cisco Technology, Inc. Performing message and transformation adapter functions in a network element on behalf of an application
US8458467B2 (en) 2005-06-21 2013-06-04 Cisco Technology, Inc. Method and apparatus for adaptive application message payload content transformation in a network infrastructure element
US7664879B2 (en) 2004-11-23 2010-02-16 Cisco Technology, Inc. Caching content and state data at a network element
US7987272B2 (en) 2004-12-06 2011-07-26 Cisco Technology, Inc. Performing message payload processing functions in a network element on behalf of an application
US7496750B2 (en) * 2004-12-07 2009-02-24 Cisco Technology, Inc. Performing security functions on a message payload in a network element
US7725934B2 (en) 2004-12-07 2010-05-25 Cisco Technology, Inc. Network and application attack protection based on application layer message inspection
US7606267B2 (en) 2004-12-10 2009-10-20 Cisco Technology, Inc. Reducing the sizes of application layer messages in a network element
US8082304B2 (en) 2004-12-10 2011-12-20 Cisco Technology, Inc. Guaranteed delivery of application layer messages by a network element
US7551567B2 (en) * 2005-01-05 2009-06-23 Cisco Technology, Inc. Interpreting an application message at a network element using sampling and heuristics
US7698416B2 (en) 2005-01-25 2010-04-13 Cisco Technology, Inc. Application layer message-based server failover management by a network element
GB2422752A (en) * 2005-02-01 2006-08-02 3Com Corp Deciphering encapsulated and enciphered UDP datagrams
GB2424556A (en) * 2005-03-23 2006-09-27 3Com Corp Packet fragment deciphering with cipher state storage
US7535907B2 (en) * 2005-04-08 2009-05-19 Oavium Networks, Inc. TCP engine
US8266327B2 (en) 2005-06-21 2012-09-11 Cisco Technology, Inc. Identity brokering in a network element
US7345585B2 (en) 2005-08-01 2008-03-18 Cisco Technology, Inc. Network based device for providing RFID middleware functionality
AU2005218009B2 (en) * 2005-09-28 2011-01-27 Canon Kabushiki Kaisha Decoupled header and packet processing in IPsec
KR100670817B1 (en) * 2005-12-09 2007-01-19 한국전자통신연구원 Method and apparatus for implementation ipsec engine in ixdp2851
US7797406B2 (en) * 2006-07-27 2010-09-14 Cisco Technology, Inc. Applying quality of service to application messages in network elements based on roles and status
US20080052531A1 (en) * 2006-08-11 2008-02-28 Id-Catch Ab Device and Method for Secure Biometric Applications
US8379638B2 (en) * 2006-09-25 2013-02-19 Certes Networks, Inc. Security encapsulation of ethernet frames
US8190881B2 (en) 2007-10-15 2012-05-29 Foundry Networks Llc Scalable distributed web-based authentication
US8635440B2 (en) 2007-12-13 2014-01-21 Microsoft Corporation Proxy with layer 3 security
US7817636B2 (en) 2008-01-30 2010-10-19 Cisco Technology, Inc. Obtaining information on forwarding decisions for a packet flow
AT507262B1 (en) * 2008-08-27 2011-04-15 Sgl Carbon Se METHOD FOR REPROCESSING SOLID OR MELTING SUBSTANCES
US9128769B2 (en) 2011-10-13 2015-09-08 Cavium, Inc. Processor with dedicated virtual functions and dynamic assignment of functional resources
US9129060B2 (en) 2011-10-13 2015-09-08 Cavium, Inc. QoS based dynamic execution engine selection
US9083563B2 (en) * 2012-06-29 2015-07-14 Avaya, Inc. Method for reducing processing latency in a multi-thread packet processor with at least one re-order queue
US9231865B2 (en) * 2012-08-10 2016-01-05 Wisconsin Alumni Research Foundation Lookup engine with reconfigurable low latency computational tiles
US9106618B2 (en) * 2013-01-23 2015-08-11 Alcatel Lucent Control plane encryption in IP/MPLS networks
WO2015039710A1 (en) * 2013-09-19 2015-03-26 Huawei Technologies Co., Ltd. Method and device for end-to-end cyclic redundancy check over multiple data units
US9461815B2 (en) * 2013-10-18 2016-10-04 Advanced Micro Devices, Inc. Virtualized AES computational engine
US9438414B2 (en) * 2013-10-18 2016-09-06 Advanced Micro Devices, Inc. Virtualized SHA computational engine
US9729574B2 (en) 2014-02-14 2017-08-08 Alcatel Lucent Seamless switchover for anti-replay connections in multiple network processor systems
WO2018142571A1 (en) * 2017-02-03 2018-08-09 三菱電機株式会社 Transfer apparatus and communication network
US11108751B2 (en) * 2017-10-27 2021-08-31 Nicira, Inc. Segmentation of encrypted segments in networks
US10721172B2 (en) 2018-07-06 2020-07-21 Marvell Asia Pte, Ltd. Limiting backpressure with bad actors
DE102019116510A1 (en) * 2019-06-18 2020-12-24 Beckhoff Automation Gmbh Network participants and automation network
US11646997B2 (en) * 2021-03-19 2023-05-09 Charter Communications Operating, Llc Data transmission method with selective latency reduction

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020042875A1 (en) * 2000-10-11 2002-04-11 Jayant Shukla Method and apparatus for end-to-end secure data communication

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7032242B1 (en) * 1998-03-05 2006-04-18 3Com Corporation Method and system for distributed network address translation with network security features
US6141705A (en) 1998-06-12 2000-10-31 Microsoft Corporation System for querying a peripheral device to determine its processing capabilities and then offloading specific processing tasks from a host to the peripheral device when needed
US6253321B1 (en) * 1998-06-19 2001-06-26 Ssh Communications Security Ltd. Method and arrangement for implementing IPSEC policy management using filter code
US20030037235A1 (en) * 1998-08-19 2003-02-20 Sun Microsystems, Inc. System for signatureless transmission and reception of data packets between computer networks
US7107614B1 (en) * 1999-01-29 2006-09-12 International Business Machines Corporation System and method for network address translation integration with IP security
US7370348B1 (en) 1999-07-30 2008-05-06 Intel Corporation Technique and apparatus for processing cryptographic services of data in a network system
US6678734B1 (en) * 1999-11-13 2004-01-13 Ssh Communications Security Ltd. Method for intercepting network packets in a computing device
US6327625B1 (en) * 1999-11-30 2001-12-04 3Com Corporation FIFO-based network interface supporting out-of-order processing
US7000120B1 (en) * 1999-12-23 2006-02-14 Nokia Corporation Scheme for determining transport level information in the presence of IP security encryption
US6708218B1 (en) * 2000-06-05 2004-03-16 International Business Machines Corporation IpSec performance enhancement using a hardware-based parallel process
US7028332B1 (en) * 2000-06-13 2006-04-11 Intel Corporation Method and apparatus for preventing packet retransmissions during IPsec security association establishment
US7131137B1 (en) * 2000-06-29 2006-10-31 Intel Corporation Communication system including a security system
US7155740B2 (en) * 2000-07-13 2006-12-26 Lucent Technologies Inc. Method and apparatus for robust NAT interoperation with IPSEC'S IKE and ESP tunnel mode
JP2002271417A (en) * 2001-03-06 2002-09-20 Hitachi Cable Ltd Tunneling device
US8161539B2 (en) * 2002-04-19 2012-04-17 International Business Machines Corporation IPSec network adapter verifier
US7398386B2 (en) 2003-04-12 2008-07-08 Cavium Networks, Inc. Transparent IPSec processing inline between a framer and a network component

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020042875A1 (en) * 2000-10-11 2002-04-11 Jayant Shukla Method and apparatus for end-to-end secure data communication

Also Published As

Publication number Publication date
EP1614250B1 (en) 2015-08-26
JP2006524959A (en) 2006-11-02
US7398386B2 (en) 2008-07-08
US20040205336A1 (en) 2004-10-14
WO2004092930A2 (en) 2004-10-28
JP2010259081A (en) 2010-11-11
EP1614250A2 (en) 2006-01-11
EP1614250A4 (en) 2011-03-23
JP5074558B2 (en) 2012-11-14

Similar Documents

Publication Publication Date Title
WO2004092930A3 (en) Transparent ipsec processing inline between a framer and a network component
AU2001288755A1 (en) Apparatus and method for selectively encrypting different the payload portion of multimedia data sent over a network
DE60126119D1 (en) CONTENT MANAGEMENT METHOD, CONTENT PROCESS AND APPARATUS
BR9910416B1 (en) method, device and protocol for determining the optimal size of the transmitting and retransmitting data block at varying communication speeds.
WO2002079949A3 (en) Internet security system
WO2005046178A3 (en) Method and apparatus for providing network security using security labeling
AU2001269794A1 (en) Method and apparatus for enhancing network security protection server performance
EP2312556B8 (en) Map data product, map data processing program product, map data processing method, and map data processing device
BR0112510A (en) Secure Packet-Based Data Broadcast Architecture
AU2001281147A1 (en) Methods, apparatus and data structures for providing access to an edge router ofa network
WO2002019229A8 (en) Method and system for financial data aggregation, analysis and reporting
MXPA02010189A (en) Methods and apparatus for heuristic firewall.
AU2003236284A1 (en) Communication system, information processing device, and method
AU2002315462A1 (en) Method and apparatus in data packet processing
ATE470311T1 (en) PROCESSING OF ENCRYPTED DATA PACKET STREAM
WO2005001637A3 (en) Method and apparatus for client-in-charge business transaction processing
GB2408368B (en) Apparatus, system and method for enhancing data security
AU2003226243A1 (en) Method and system for budgeting resources dedicated to processing non-voice data traffic
NO20025013L (en) Device and method for numeric group publishing, encryption device and decryption device
FI20030845A0 (en) Data processing method, receiver and network device
EP1681811A4 (en) Communication system, information processing apparatus, server, and communication method
EP1351183A3 (en) Sequence data combining method, apparatus and program
HK1044246A1 (en) Information providing apparatus, server apparatus and information processing method
TW200605547A (en) Method and apparatus for processing header bits and payload bits
WO2004112341A3 (en) Method and device for processing real-time data

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2006509485

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2004749529

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2004749529

Country of ref document: EP