Method and system for retrieving security information for secured transmission of network communication streams
US6772348B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 27, 2000 |
| Grant date | Aug 3, 2004 |
| Priority date | — |
| Expiry date | Apr 27, 2020 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/164
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system and method for retrieving security data, such as Security Associations (“SAs”) of the IPSec protocols, required for secured transmission of network packets uses a caching mechanism to significantly enhance the speed of retrieving the security data. The system has a plurality of security policy filters, and each filter may have multiple security data entries associated with different communication streams. To enable fast retrieval of security data for network communication packets, the system maintains cache table. Each entry of the cache table contains data identifying a communication stream and negotiated SA data or an exempt filter for that stream. When a packet passes through the system, a security driver derives an index value from the communication stream data of the packet, and the cache table entry corresponding to the derived index value is then retrieved. If the retrieved security data in the cache table entry matches the packet, the security data therein are used for secured delivery of the packet.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.