Centralized secure offload of cryptographic security services for distributed security enforcement points

Assignee

• International Business Machines Corporation · US

Inventors

• Curtis M. Gearhart · Raleigh, US
• Christopher Meyer · Vestal, US
• Linwood H. Overby, Jr. · Raleigh, US
• David J. Wierbowski · Owego, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/76
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments of the present invention address deficiencies of the art in respect to network security and provide a method, system and computer program product for centralized secure offload of key exchange services for distributed security enforcement points. In one embodiment, a data processing system for centralized secure offload of key exchange services for distributed security enforcement points can be provided. The system can include a security enforcement point controlling communication flows between devices in different less trusted zones of protection, and a security server communicatively coupled to the security enforcement point and hosting key exchange services disposed in a more trusted zone of protection. The security enforcement point can include an interface to the key exchange services and program code enabled to offload at least one portion of a key exchange through the interface to the key exchange services disposed in the more trusted zone of protection.