公开(公告)号：US20070011448A1

公开(公告)日：2007-01-11

申请号：US11175923

申请日：2005-07-06

申请人： Avnish Chhabra ,  Brian Swander

发明人： Avnish Chhabra ,  Brian Swander

IPC分类号： H04L9/00

CPC分类号： H04L63/0227 ,  H04L63/164

摘要： A method of communicating using IPSec security protocol. Security associations are provided for a connection based on session information that may include user information and/or information related to an application running on the device. One or more filters determine whether or not to accept a connection based on session information.

摘要翻译： 使用IPSec安全协议进行通信的方法。 为基于会话信息的连接提供安全关联，所述会话信息可以包括与在设备上运行的应用相关的用户信息和/或信息。 一个或多个过滤器确定是否基于会话信息接受连接。

公开(公告)号：US20070101023A1

公开(公告)日：2007-05-03

申请号：US11262350

申请日：2005-10-28

申请人： Avnish Chhabra ,  Vikrant Desai ,  Aditya Dube ,  Madhurima Pawar

发明人： Avnish Chhabra ,  Vikrant Desai ,  Aditya Dube ,  Madhurima Pawar

IPC分类号： G06F15/16

CPC分类号： H04L69/16 ,  H04L63/0428 ,  H04L63/164 ,  H04L69/12 ,  H04L69/161 ,  H04L69/166

摘要： In one embodiment, to determine what tasks may be offloaded to a peripheral hardware device (e.g., to be performed in hardware on the peripheral device, rather than on the CPU(s) of the host computer), an indication from the at least one peripheral hardware device may be provided, without the peripheral hardware device first being queried to determine the task offload capabilities provided by the peripheral hardware device. The peripheral hardware device may be capable of handling multiple task offloads on the same packet. For example, the peripheral device may be capable of performing large packet segmentation and encryption on the same packet. The peripheral device may also be capable of performing encryption and checksum calculation on the same packet.

摘要翻译： 在一个实施例中，为了确定哪些任务可能被卸载到外围硬件设备（例如，要在外围设备上的硬件而不是在主机的CPU上执行），来自至少一个 可以提供外围硬件设备，而不需要查询外围硬件设备来确定由外围硬件设备提供的任务卸载能力。 外围硬件设备可以处理相同数据包上的多个任务卸载。 例如，外围设备可能能够在相同的分组上执行大的分组分段和加密。 外围设备还可能能够对相同的分组执行加密和校验和计算。

公开(公告)号：US20060104308A1

公开(公告)日：2006-05-18

申请号：US11036167

申请日：2005-01-14

申请人： James Pinkerton ,  Avnish Chhabra ,  Sanjay Kaniyar

发明人： James Pinkerton ,  Avnish Chhabra ,  Sanjay Kaniyar

IPC分类号： H04J3/24 ,  H04J3/22 ,  H04J3/16

CPC分类号： H04L63/0485 ,  H04L63/164 ,  H04L69/10 ,  H04L69/32

摘要： The invention provides mechanisms for transferring processor control of secure Internet Protocol (IPSec) security association (SA) functions between a host and a target processing devices of a computerized system, such as processors in a host CPU and a NIC. In one aspect of the invention, the computation associated with authentication and/or encryption is offloaded while the host maintains control of when SA functions are offloaded, uploaded, invalidated, and re-keyed. The devices coordinate to maintain metrics for the SA, including support for both soft and hard limits on SA expiration. Timer requirements are minimized for the target. The offloaded SA function may be embedded in other offloaded state objects of intermediate software layers of a network stack.

摘要翻译： 本发明提供了用于在主机与诸如主机CPU和NIC中的处理器的计算机化系统的目标处理设备之间传送安全互联网协议（IPSec）安全关联（SA）功能的处理器控制的机制。 在本发明的一个方面，与认证和/或加密相关联的计算被卸载，而主机保持何时卸载，上传，无效和重新键入SA功能的控制。 设备协调维护SA的指标，包括对SA到期的软限制和硬限制的支持。 针对目标的计时器要求最小化。 卸载的SA功能可以嵌入到网络堆栈的中间软件层的其他卸载状态对象中。

公开(公告)号：US20070130352A1

公开(公告)日：2007-06-07

申请号：US11261982

申请日：2005-10-28

申请人： Avnish Chhabra ,  Aditya Dube ,  Sanjay Kaniyar ,  James Pinkerton

发明人： Avnish Chhabra ,  Aditya Dube ,  Sanjay Kaniyar ,  James Pinkerton

IPC分类号： G06F15/16

CPC分类号： G06F13/14 ,  H04L63/0485 ,  H04L63/164 ,  H04L69/12 ,  H04L69/22 ,  H04L69/32

摘要： In one embodiment, to determine what tasks may be offloaded to a peripheral hardware device (e.g., to be performed in hardware on the peripheral device, rather than on the CPU(s) of the host computer), an indication from the at least one peripheral hardware device may be provided, without the peripheral hardware device first being queried to determine the task offload capabilities provided by the peripheral hardware device. In one embodiment, a large packet that includes a plurality of extension headers may be offloaded to the peripheral hardware device for segmentation. An indication of the offset where the extension headers end may be provided in connection with the large packet. In another embodiment, a packet with extension headers that come before an encryption header in the packet are not offloaded to peripheral hardware device for encryption, while packets with no extension headers before the encryption header may be offloaded.

摘要翻译： 在一个实施例中，为了确定哪些任务可能被卸载到外围硬件设备（例如，要在外围设备上的硬件而不是在主机的CPU上执行），来自至少一个 可以提供外围硬件设备，而不需要查询外围硬件设备来确定由外围硬件设备提供的任务卸载能力。 在一个实施例中，包括多个扩展头的大分组可以被卸载到外围硬件设备进行分割。 扩展报头结束的偏移的指示可以与大分组相关联地提供。 在另一个实施例中，具有在分组中的加密头之前的扩展头的分组不被卸载到外围硬件设备进行加密，而可以卸载在加密头之前没有扩展头的分组。