CA2452052C - Virtual private network mechanism incorporating security association processor - Google Patents

Virtual private network mechanism incorporating security association processor Download PDF

Info

Publication number
CA2452052C
CA2452052C CA2452052A CA2452052A CA2452052C CA 2452052 C CA2452052 C CA 2452052C CA 2452052 A CA2452052 A CA 2452052A CA 2452052 A CA2452052 A CA 2452052A CA 2452052 C CA2452052 C CA 2452052C
Authority
CA
Canada
Prior art keywords
security
security association
database
computing device
socket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA2452052A
Other languages
French (fr)
Other versions
CA2452052A1 (en
Inventor
Yaniv Shafira
Drory Shohat
Moshe Zezak
Niv Gilboa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telecom Italia SpA
Original Assignee
Telecom Italia SpA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telecom Italia SpA filed Critical Telecom Italia SpA
Publication of CA2452052A1 publication Critical patent/CA2452052A1/en
Application granted granted Critical
Publication of CA2452052C publication Critical patent/CA2452052C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Abstract

A novel and useful virtual private network (VPN) mechanism and related security association processor for maintaining the necessary security related parameters to perform security functions such as encryption, decryption and authentication. A security association database (SAD) and related circuitry is adapted to provide the necessary parameters to implement the IPSec group of security specifications for encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification.

Description

V;t~TIJA~, PP.I'4dATE NEWOi~ I'~J~CIRAIITISIi~ IIl~TCCb~P~3~A'I'I16TTG
S~C~JRI7C~' ASSOCIA~~~hT P~OCIESS~~
FIELD OF THE INVENTION
The present invention relates generally to data communication systems and more particularly relates to a mechanism for implementing virtual private networks (VPNs) incorporating a security association database and associated processor.
BACKGROUND OF THE INVENTION
In recent years, the world has witnessed the explosive growth of the Internet.
Each year many more hosts are added while the number of users seems to be growing without limit. The Internet enables communications using different techniques including remote computer login, file transfer, world wide web (WWW) browsing, email, etc.
Various protocols have been designed and are in use on the Internet to handle various types of communications. For example, file transfer protocol (FTP) for file transfer, hypertext markup language (HTML) for web traffic, etc. Generally, the protocol related to Internet communications are grouped under the umbrella of the transmission control protocol/internet protocol (TCP/IP) suite of protocols that includes protocols at various layers of the OSI
communications staclc.
A lcey feature of the Internet is that it is a public network that is accessible by nearly anyone with a computer, telephone line and Internet service provider (ISP) account. A
downside to this wide scale public accessibility is that it permits easy access to hackers and others intent on carrying out malicious activities against one or more hosts on the Internet.
Illegal conduct such as stealing of secret infomation or the deletion of important files by a malicious user is possible by a hacker that manages to brealc into a computer of a remote network and succeed to tap con ununication data. The need for security was addressed by the Internet Architecture Board (TAB) by including security features such as encryption and authentication in IPv6 that permit secure transactions over the Internet.
To combat the threat of hackers and to secure private networks, it is common today to place a firewall at the entrance of the private network in a company ox organization. The firewall employs some form of packet filter that functions to enforce a user defined security policy. The firewall is a system that sits at the boundary between the local network of the organization and the global Internet. It implements the filtering of all data communications CONFIRMATION COPY

in order to prevent leakage of information out to the external networlc and to pr event unauthorized access of the internal networlc from the outside. A deny/allow decision is made for each packet that is received by the firewall.
At the same time, the world is witnessing increasing demand for wireless services (i.e.
cellular phones, two way pagers, cordless devices, etc.) and personal computing devices such as laptops, PDAs, etc. Many of these personal computing devices incorporate wireless conununications circuitry to enable them to communicate via wireless networks (e.g., cellular or other broadband schemes) to WAN networks such as the Internet. Thus, more and more PDAs and cellular telephones are being connecting to the Internet thus exposing these devices to security rislcs. Preferably, these devices employ some type of firewall to protect against unauthorized access to the device. Most frrewalls today, however, are implemented in software and require the computing resources of an entire desktop computer, malting their use in a portable computing device such as cellular telephone or PDA very costly or impractical.
Thus, there is a need for a firewall or packet filter that can be easily implemented in hardware in small size suitable for incorporation in small portable electronic computing devices such as cellular telephones and wireless eoru-reeted PDAs.
SUMMARY OF THE INVENTION
The present invention provides a novel and usefitl virhial private networlc (VPN) mechanism for providing the necessary security related parameters to perform encryption/deciyption and authentication. The VPN mechanism is adapted to be suitable for implementation in hardware at relatively low cost thus enabling cost effective incorporation of the invention in to portable electronic communications device such as cellular telephones, personal digital assistants (PDAs), laptop computers, etc. in connecting to the Internet or other wide area networlc.
The present invention can be used in conjunction with a hardware-or software based IO firewall in portable computing devices such as cellular telephones and wireless connected PDAs that are adapted to connect to the Internet. The VPN mechanism of the present invention may also be implemented in software or a combination of hardware and software.
Thus, the VPN mechanism can be used to achieve, for example, secure branch office connectivity over the WAN, secure remote access over the WAN or securing e-commerce tr ansactions over the WAN.
The VPN mechanism comprises a security association database (SAD) and related circuitry that is adapted to provide the necessary parameters to implement the IPSec group of secLUity specifications fox encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification.
The invention performs security association (SA) related processing an an input paclcet stream. Note that the input paclcet stream may comprise both inbound and outbound paclcets. Typically, the invention is positioned between a WAN (i.e. the Internet) and a local LAN. In this case, the VPN mechanism is operative to filter both inbound packets sent from the WAN to the LAN and outbound paclcets sent from the LAN to the WAN.
The VPN mechanism of the present invention is operative to maintain a security parameter table referred to as the SAD for storing the security related parameters related to a one way connection. For a two way connection, two SAs need to be created. New security associations are added to the SA database and, once created, subsequent packets associated with this SA are processed in accordance with the parameters stored in the database for the particular SA. Depending on the paclcet and the SA parameters, the paclcet may be encrypted, decrypted, authenticated or dropped. Note that a paclcet is allowed only if the packet confoums to the security as specified in the SA database.
Although the invention is especially suited for implementation in hardware, it can also be implemented in software. In one embodiment, a computer comprising a processor, memory, etc. is operative to execute software adapted to perform the VPN
mechanism and security association processing of the present invention.
There is provided in accordance with the present invention a security association processor circuit comprising a security association database for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket, means for opening a new security association upon receipt of a socket not found in the security association database, means for searching for and recognizing a security association associated with a packet in accordance with its socket, means for retrieving from the security association database a plurality of security related parameters and means for forwarding the plurality of security related parameters to a Virtual Private Networking (VPN) security processor for performing one.or more security processes therewith.
There is also provided in accordance with the present invention a Virtual Private Network (VPN) circuit comprising security association database means for storing security related data for a pl-arality of security associations, ea;,h entry comprising security association related data corresponding to a unique soclcet, a plurality of security engines, each security engine adapted to perform a security process, means for opening a new security association upon receipt of a socket not found in the security association database means, means for searching for and recognizing a security association associated with an input packet in accordance with its socket, means for retrieving from the security association database means a plurality of security related parameters, means for forwarding the plurality of security related parameters to at least one of the security engines for perfomning a security process therewith and packet building means adapted to construct an output packet in accordance with a particular security mode utilizing the input packet and the results of the security process.
There is further provided in accordance with the ' present invention a portable computing device comprising communication means adapted to connect the device to a communications network, memory means comprising volatile and non-volatile memory, the non-volatile memory adapted to store program code, a processor coupled to the memory means and the communication means for executing the program code and a Virtual Private Network (VPN) circuit comprising security association database means for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket, a plurality of security engines, each security engine adapted to perfonw a security process, means for opening a new security association upon receipt of a soclcet not found in the security association database means, means for searching for and recognizing a security association associated with an input packet in accordance with its socket, means for retrieving from the security association database means a plurality of security related parameters, means for forwarding the phirality of security related parameters to at least one of the security engines for perfoznzing a security process therewith, packet building means adapted to constrict an output paclcet in accordance with a particular security mode utilizing the input packet and the results of the security process.
There is also provided in accordance with the present invention a security association processor circuit comprising a security association database for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket, a management unit adapted to open a new security association upon receipt of a socket not found in the security association database, a recognition unit adapted to search fox and recognize a security association associated with an input packet in accordance with its socket, a main processor unit adapted to retrieve from the S2CLtrli~ association database a plurality of security related parameters and forward them to a Viz-tiial Private Networking (VPN) security processor for performing one or more security processes therewith and a hash unit comprising a hash function and associated hash table for facilitating the search for stored security associations.
There is fin-ther provided in accordance with the present invention a method of security association, the method comprising the steps of establishing a security association database adapted to store security related data for a plurality of security associations, each entry within the security association database corresponding to a socket, opening a new security association upon receipt of a soclcet not found in the security association database, searching for and recognizing a security association associated with a packet in accordance with its socket, retrieving from the security association database a plurality of security related parameters and forwarding the plurality of security related parameters to a Virtual Private Networlcing (VPN) security processor for performing one or more security processes therewith.
There is also provided in accordance with the.present invention a computer readable storage medium having computer readable program code means embodied therein for causing a suitably programmed computer to a security association mechanism when such program is executed on the computer, the computer readable storage medium comprising computer readable prob am code means for causing the computer to establish a security association database for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket, computer readable program code means for causing the computer to open a new security association upon receipt of a soclcet not found in the security association database, computer readable program code means for causing the computer to search for and recognizing a security association associated with a packet in accordance with its socket, computer readable program code means for causing the computer to retrieve from the security association database a phmality of security related parameters and computer readable program code means for causing the computer to forward the plurality of security related parameters to a Virtual Private Networlcing (VPN) security processor for perfornzing one or more security processes therewith.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
Fig. 1 , is a block diagram illustrating several example applications of the virtual private network mechanism of the present invention in the context of a WAN or Internet;
Fig. 2 is a block diagram illustrating an example network comprising a local and remote LAN, WAN and dial up user communicating the virtual private network mechanism of the present invention;
Fig. 3 is a block diagram illustrating the virtual private network mechanism of the present invention in more detail;
Figs. A~A and 4B are a flow diagram illustrating the main SA processor method of the present invention;
Fig. S is a diagram illustrating the hashing technique of deternlining the SA
associated with an input packet;
Fig. 6 is a flow diagram illustrating the hashing method of the SA recognition process of the present invention;
Fig. 7 is a diagram illustrating the anti-replay window mechanism perfomned during checking by the main SA processor;
Fig. 8 is a flow diagram illustrating the anti-replay window method of the present invention;
Fig. 9 is a diagram illustrating the least recently used Iinlc list structure used to track the SA staleness;
Fig.. I0 is a flow diagram illustrating the method of updating the LRU linked list upon recognition of a SA associated with an input packet;
2~ Fig. 11 is a flow diagram illustrating the processing of the SA management module of the present invention;
Fig. 12 is a . flow diagram illustrating the . processing performed by the SA
management module of the present invention to open a SA;
Fig. 13 is a flow diagram illustrating the processing performed by the SA
management module of the present invention to close a SA;
Fig. 14 is a diagram illustrating the last open session pointer associated with each SA
record;
Fig. 15 is a diagram illustrating the previous and next session pointers and matching SA pointer that are associated with each session record;
Fig. 16 is a diagram illustrating an example relationship between a single session and single SA record;
Fig. 17 is a diagram illustrating an example relationship between multiple sessions and a single SA record; and Fig. 18 is a block diagram illustrating an example computer processing system to platform adapted to perform the VPN mechanism and related security association processing of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
Notation Used Throughout The following notation is used tluoughout this document.
Term Definition ARP Address Resolution Protocol ARV Anti-Replay Window ASIC Application Specific Integrated Circuit ADSL Asymmetric Digital Subscriber Line AH Authentication Header CPU Central Processing Unit CRC Cyclic Redlu~dancy Check CBC Cipher Bloclc Chaining DES Data Encryption Standard _ Digital Audio Tape DAT

DSP Digital Signal Processor DSL Digital Subscriber Line DVD Digital Versatile Disk EEPROM Electrically Erasable Programmable Read Only Memory EEROM Electrically Erasable Read Only Memory ECB Electronic Codebook ESP Encapsulating Payload Security ED Encryption/Decryption EPROM Erasable Prob amenable Read Only Memory FPGA Field Programmable Gate Array FTP File Transfer Protocol HMAC Header Message Authentication Code HDSL High bit rate Digital Subscriber Line HTML Hyper Text Marlcup Language IAB Internet Architecture Board ICMP Internet Control Message Protocol II~E Internet Key Exchange IP Internet Protocol ISP Internet Service Provider IV Initial Vector LPSec IP Security LRU Least Recently Used LAN Local Area Networlc MTU Maximum Transfer Unit MAN Metropolitan Area Networlc MRU Most Recently Used NIC Network Interface Card OSI Open Systems Interconnect PB Packet Builder PC Personal Computer PDA Personal Digital Assista~zt PDU Protocol Data Unit RAM Random Access Memory RIP Remote IP

ROM Read Only Memory SA Secl~rity Association SAP Security Association Processor SPD Security Policy.Database SPI Security Parameter Index TCP Transmission Control Protocol UDP User Datagram Protocol VDSL Veiy high bit rate Digital Subscriber Line VPN Virtual Private Network WAN Wide Area Network WWW World Wide Web Detailed Description of the Invention The present invention provides a novel and useful virt~.ial private networlc (VPN) mechanism for providing the necessary security related parameters to perform encryption/decryption and authentication. The VPN mechanism is adapted to be suitable for implementation in hardware at relatively low cost thus enabling cost effective incorporation of the invention in to portable electronic communications device such as cellular telephones, personal digital assistants (PDAs), laptop computers, etc. in connecting to the Internet or other wide area networlt. The present invention can be used in conjunction with a hardware-or software based firewall in portable computing devices such as cellular telephones and wireless connected PDAs that are adapted to connect to the Internet. The VPN
mechanism of the present invention may also be implemented in software or a combination of hardware and software..
The VPN mechanism comprises a security association database (SAD) and related circuitry that is adapted to provide the necessary parameters to implement the IPSec group of security specifications for encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification. Note that the SAs are initially negotiated during the Internet Key Exchange (II~E) procedure.
Although the invention may be implemented in software, the mechanism is particular adapted to be implemented in hardware that can provide greatly accelerated security processing.
Implementing the SAD and related processing in hardware enables all IPSec enciyption/decryption and authentication processing to be performed in hardware. Note that this applies to VPN sessions wherein the SAs have already been established. It is noted that VPN sessions whereby the SA has not been established are very rare and thus would have a negligible effect on system perfornlance.
IPSec provides security services at the IP layer by enabling a system to select the required security protocols, choose the algorithms to use and place into use the keys needed to provided the services. Two protocols are used in IPSec to provide security including an authentication protocol denoted Authentication Header (AH) and a combined encryption/authentication protocol denoted Encapsulating Security Payload (ESP). The security association or SA is used in both the AH and ESP mechanisms. The SA
is defined as a one-way relationship between a sender and a receiver that affords security services to the traffic carried on it. Note that for a two-way secure exchange, two SAs are required.
The invention performs security association (SA) related processing on an input packet stream. Note that the input packet stream may comprise.both inbound and outbound packets. Typically, the invention is positioned between a WAN (i.e. the Internet) and a local LAN. In this case, the VPN mechanism is operative to filter both inbound packets sent from the WAN to the LAN and outbound packets sent from the LAN to the WAN.
Note that the input stream may comprise any type of input data in accordance with the particular application, such as frames, paelcets, bytes, PDUs, etc. For iil-astratioll purposes only, the input data stream is considered a sequence of packets.
It is noted that the VPN mechanism and related module illustrated are presented as an example only and are not intended to limit the scope of the invention. One skilled in the electrical arts can construct other VPN modules, either in hardware, software or a combination of both to perform security related processing and VPN
implementation using the principles of the present invention described herein without departing from the scope of the invention.
The VPN mechanism of the, present invention is operative to maintain a security parameter table referred to as a security association database (SAD) for storing the security related parameters related to a one way connection. For a two way connection, two SAs need to be created. New security associations are added to the SA database and, once created, subsequent packets associated with this SA are processed in accordance with the parameters stored in the database for the particular SA. Depending on the packet and the SA parameters, the packet may be encrypted, decrypted, authenticated or dropped. Note that a packet is allowed only if the packet conforms to the security as specified in the SA
database.
The VPN mechanism of the present invention has widespread applications in many different types of systems. A block diagram illustrating several example applications of the VPN mechanism of the present invention in the context of a WAN or Internet is shown in Figure 1. Typically, the VPN mechanism is constmcted and used in combination with a firewall to prevent unauthorized access to a protected networlc, as is shown in each of the three examples shown herein.
In the first example, the VPN mechanism 14 is used with a firewall 16 that is implemented in a personal computing type device 12 in a wired or wireless communication with a network 10 which may be a WAN or the Internet for example. The personal computing device may comprise any device, such as a Personal Digital Assistant (PDA), e.g., Palm handheld, a cellular telephone, wireless handset, etc. In this example, the VPN
mechanism and associated firewall function to perform security processing bidirectionally on packets flowing between the WAN/111ternet and the device.
In a second example, the VPN mechanism 20 is used in combination with a firewall 22 whereby both are implemented in a cable plug adapter 18 in wired or wireless communication with the WAN or Internet 10. The device 18 normally sits between the WAN/Internet and a broadband modem 24 which functions to connect a LAN 26 to the WAN/Internet. The VPN mechanism in the cable plug adapter functions to perform security processing on paclcets sent from the WAN/Zinternet to the LAN and vice versa.
The broadband modem is adapted to modulate and demodulate a broadband signal such as xDSL, e.g., ADSL, HDSL, VDSL, etc., satellite, land based RF, microwave, etc.
In a third example, the VPN mechanism 30 is used with a firewall 32 wherein both are implemented on a stand alone. computer 28, e.g., personal computer (PC), laptop, etc., in wired or wireless communication with the WAN or Internet. The computer containing the firewall is located between the WANIInternet and the LAN 34 to be protected.
The VPN
mechanism functions to perform security processing on packets sent from the WAN/Inteunet to the LAN and vice versa.
A block diagram illustrating an example network comprising a local and remote LAN, WAN and dial up user communicating the victual private network mechanism of the present invention is shown in Figure 2. This example network scenario, generally referenced 40, comprises two LANs, one local 42 and one remote 52. Three computers A, B and C
are connected to the network and communicate with one another. A, B and C may comprise hosts, stations, users, etc. A VPN gateway 48 and firewall 46 sits at the entrance to the local LAN and a VPN gateway 56 and firewall 58 also is situated at the entrance to the remote LAN. The two LANs are connected via the WAN/Internet 50.

User C is also connected to the WAN/Intetnet via suitable means such as dial up modem, xDSL modem access, etc. and may comprise a VPN end user in which it incorporates a VPN gateway or may be a non-VPN connection.
In accordance with the present invention, the VPN mechanism is adapted to perform the security processing including creating, storing and managing the security parameters needed by one or more security processors in performing encryption, decryption, authentication, etc. The VPN mechanism is operative to process both inbound packets received from the WAN/Internet destined for the LAN and outbound packets the originate in LAN and are destined to the WAN/Internet.
In operation, plaintext outbound from the LAN is encrypted by the VPN and transmitted over the WAN. Similarly, cipher text inbound from the WAN is decrypted to plaintext by the VPN and forwarded over the LAN to the recipient. In accordance with the invention, the VPN mechanism is adapted to provide the necessary security parameters for implementing the IPSec specifications.
The invention comprises a VPN module constmcted from a ph~rality of elements that together function to implement the VPN mechanism. A block diagram illustrating the VPN
module of the present invention in more detail is shown in Fib ire 3. The VPN
module, generally referenced 70, comprises a bus interface 72, buffer/registers 74 a security association processor (SAP) 75 VPN security processor 88 and paclcet builder 92.
The security association processor comprises a SA recognition module 76, main SA
processing module 7$ incorporating a CPU interface 79, SA management module 80, hash table 82, SA Least Recently Used (LRU) circuit 84 and SA database 86 all of which are in communication over a bus with the security engines in the VPN security processor and the packet builder.
The VPN security processor comprises a plurality of security engines 90 each adapted and configured to perform a particular security related operation. For example, the VPN
security processor comprises separate security engines for perfomning encryption, decryption, authentication, the DES algorithm, Header Message Authentication Code (HMAC), etc.
The VPN module communicates with a host device/CPU 96, header decoder 100, static filter I02, dynamic filter 104 and content search unit I06 over a bus 107 via the bus interface.
Note that throughout this document, it is assumed that the VPN module is normally located between a WAN and LAN and is operative to perform security processing on both inbound and outbound packets. Inbound packets refer to pacleets received from the WAN

towards the LAN and outbound packets refer to paclcets received from the LAN
towards the WAN. Thus, the input packet stream may comprise both inbound and outbound packets.
The input packet stream 98 is received by the host device/CPU and the contents thereof are forwarded to the header decoder which functions to decode (or parse) the header portion of the packet. The header decoder is operative to extract the fields of interest that are used by the VPN module. The data extracted by the header decoder is forwarded to the other modules including the. static filter, dynamic filter and VPN module over the bus. The data includes two hash values, two sockets (one each for the dynamic filter and the SA processing) and type of paclcet, e.g., ICMP, ARP, TCP, UDP, etc. The socket for SA and VPN
processing comprises SPI, RIP and the protocol. The socket for the dynamic filter comprises source and destination IP addxess, source and destination pout and protocol.
Note that depending on the implementation, the header decoder may be constricted as an external module or may be integral with the VPN module.
In operation, the VPN module is operative to open new SA including establishing connections to the LRU and hash linlced lists, detexmining to which SA an input packet corresponds to, updating the state of the SA after successful processing of a packet and removing unused SAs from the connection table. Note that the SA database is implemented and arranged such that SA recognition and pointer management can be easily and quiclcly performed.
The main SA processing module fimctions as the main processing block of the security association processor. It opens new SAs, processes existing SAs and tracks the state of a SA. It also comprises circuitry adapted to implement an anti-replay mechanism including updating the anti-replay window for inbound paclcets, incrementing the sequence number on outbound packetslupdating on inbound packets, detecting sequence number overflow.
The maixi SA processing module is also adapted to update the status associated with a SA including maintaining a set of flags, sequence numbering, decrementing lifetime variables and updating a status register after processing each packet. The main SA
processor operates in a cyclic fashion for each received packet. The cycles include retrieving SA
parameters from the SA database, processing the packet, i.e. encrypting, decrypting, etc.
and updating the SA database once processing is complete. Note that the SA database is updated only when the security processing of the packet did not result in any errors and the packet was not rej ected.

The main SA processing module also is adapted to count the number of bytes transferred on each SA per packet and generate a notification when the lifetime for a SA
overflows. Upon an overflow detected, the manager closes (i.e. kills) the SA.
The SA recognition module functions to receive a socket and search in the SA
database for a SA matching the socket. The socket is used to identify a SA and comprises a security parameter index (SPI), remote IP (RIP) and the security protocol identifier. The SPI
comprises a 32 bit random number generated by the CPU after the II~E process that references a specific SA. The SPI is transported in the AH and ESP headers to enable the receiving station to select the SA under which a received paclcet will be processed. The remote IP is the IP address of the destination endpoint of the SA which maybe an end user or a VPN gateway or any device with a VPN capability. The security protocol identifier indicates whether the SA is an AH or ESP SA, for example.
The SA management module functions to maintain the SA database. The SA
database is managed using least recently used (LRU) doubly linked list and is accessed using a hash table. In addition, the manager functions to insert new SAs into the database on inbound and outbound packet flow. The manager also functions to make the SA
associated with a matched packet the MRU, make available a number of unused SAs to the CPU upon demand, check the lifetime in terms of time for one or more SAs and when deleting a SA, update the LRU and hash linked lists and inform the dynamic filter the sessions associated with the SA to be deleted.
The SA database functions to store the soclcet and other SA related data, including SA
state and current status, for use by the various processing modules of the VPN
module. The hash table is used to accelerate the recognition of SAs. These components are described in more detail infra.
Main SA Processing The main SA processing will now be described in more detail. A flow diagram illustrating the main SA processor method of the present invention is shown in Figures 4A
and 4B. The VPN module and security association processor are constructed to process paclcet data in a three stage manner wherein SA data associated with the packet is read from the SA database in one stage, the data then processed in a second stage and the results of the processing written back to the SA database in a third stage. During the processing stage, one or more security procedures are performed on the paclcet and the SA state is tracked in accordance with the processing.

It is first checked whether the packet received is an inbound or outbound packet (step 110). If it is an outbound paclcet, it is then checlced whether a SA was found by the dynamic filter (step I54). Normally, the dynamic filter searches its database for a session with a socket that matches that of the received packet. For each session there is stored a corresponding SA in the session database in the dynamic filter. Upon finding a matching session, the corresponding SA is read out and input to the SA processor. The operation of the dynamic filter is descuibed in more detail in U.S. Application Serial No.
09/851,768, filed May 9, 2001, entitled "Dynamic Packet Filter Using Session Tracking,"
similarly assigned and incorporated herein in its entirety. ' I O If no SA was found for the paelcet (step I54), the packet is rejected (step 168) since the packet cannot be processed without a SA and the status register is updated (step 146). In this case, the CPU is operative to open a new SA and store a pointer to the SA
in the session database in the dynamic filter. The packet is then re-injected but this time the dynamic filter recognizes the session and passes the SA to the SA processor.
If a SA was found, the one or more security parameters are retrieved from the SA
database and the packet maximum transfer units (MTU) and upper flags are transferred to one or more sectuity engines in the VPN security processor (step 155). The MTU
represents the maximum size of the packet that is allowed to be transmitted without fragmentation.
The encryptionldecryption (ED) and Header Message Authentication Code (HMAC) axe examples of security engines that perform a security function on the packet data. The data transferred to the ED security engine comprises the IPSec mode, the particular encryption algorithm (e.g., DES, 3DES, etc.), CBC or ECB, padding stream type (i.e. zeros or incrementing), the class of each DES in 3DES, encryption inifiial vector (IV) (only fox CBC
mode), the encryption Icey and th.e encrypt/decrypt insttltction from the header decoder.
The data transferred to the HMAC security engine comprises the TPSec mode, authentication algorithm (e.g., SHAl, MDS, etc.), authentication header size (i.e. 96 or 160 bits) and the authentication lcey.
The soclcet is then passed to the packet builder (PB) for assembly as a paclcet (step 158). The data passed to the PB comprises the particular IPSec mode, the remote IP (the gateway IP if tmnel mode is implemented), the SPI, the sequence number incremented by one and the path MTU.
The sequence number and lifetime fields are then read from the SA database (step 160). A check of both the sequence number and lifetime is then performed (step 162). For the sequence number, it is checked whether an overflow has occurred. A
sequence number overflow may be hard or soft. If a hard overflow occurred, the SA is closed (step 164), the packet rejected (step 168) and the staW s register updated accordingly (step 146). If a soft overflow occurred, the GPU is informed by modifying the soft sequence (SEQ) bit in the lower flags and processing continues with step 120. If no seqLtence number overflow occurred, control passes to step 120.
For the lifetime, it is checked whether a lifetime overflow has occurred. Note that the main SA processing only checks the lifetime in teams of bytes. A lifetime check in teams of time is performed by the SA management. The size of the received paclcet is subtracted fiom the current value of the lifetime and the result checked for overflow. A
result of less than zero indicates an overflow. An overflow may be hard or soft. If a hard overflow occurred, the SA is closed (step 164), the paclcet rejected (step 168) and the status register updated accordingly (step 146). If a soft overflow occurred, the CPU is informed by modifying the soft lifetime (SLT) bit in the lower flags and processing continues with step 120. If no lifetime overflow occurred, control passes to step 120.
If the received packet is an inbound paclcet (step 110), security association recognition is performed on the packet (step 112), as described in more detail infra. The SA is identified by hashing the SPI, remote IP/gateway IP and the protocol. The results of the recognition are reizirned to the main SA processor. If no matching SA entry is found during the recognition process, the packet is rejected (such is the case when the SA does not exist yet). If the recognition finds a matching SA, the packet is decrypted. The dynamic filter recognizes the paclcet as a first packet, opens a new session and connects the session to the SA.
If the IPSec mode failed (step 114), the packet is rejected (step 152) and the status register updated (step 146). If it did not fail, the upper flags are passed to the security engines, e.g., ED, HMAC, and the packet builder (step 116). The paclcet builder functions to assemble the plaintext version of the packet for forwarding over the LAN.
The data transferred to the ED security engine comprises the IPSec mode, encryption algorithm (e.g., DES, 3DES, etc.), CBC or ECB, padding stream type, class of each DES in the case of 3DES, the encryption lcey and the encryption/decryption instruction from the header decoder (i.e. whether encryption or decryption is to be performed).
The data transferred to the HMAC security engine comprises the IPSec mode, authentication algorithm (e.g., SHAl, MDS, etc.), authentication header and the authentication key.
If an error is generated by any of the security engines (e.g., from the ED if padding failed or from the HMAC if authentication failed, etc.) the packet is rejected (step 114).

The anti-replay window method is them performed (step 118), described in more detail infra. If the received sequence number is beyond the anti-replay window (ARW), it is updated and shifted to adjust for the received sequence number.
If the SA is AH (step 120), the AH keys are transferred to the authentication security engine (step 148) and control passes to step 140. The SA may be (1) an AH only single SA
or (2) an AH SA that is part of an ESP and AH SA bundle. In the latter case, during the first pass thrOtlgh the method, the pointer points to the ESP portion of the bundle and during the second pass is set to the AH portion of the btmdle.
If the SA is other than an AH SA, it is checked if the packet is inbound (step 122) and CBC (step 124). If so, the IV is passed to the ED security engine (step 126).
If the paclcet is not inbound or not CBC, the ESP lceys are transferred to the ED security engine (step 128).
If the received paelcet is an ESP/AU paelcet (ESP with authentication) (step 130), the AH keys are transferred to the authentication security engine (step 148). If not, and the packet is not an ESP (step 132) and is an inbound packet (step 136), the AH SA
portion is pointed to for ESP and AH type packets (step 137) and control subsequently passes to step 118. If the paclcet is outbotmd, control passes to step 162. If the received packet is not an ESP/AU packet (step 130}, is an ESP packet (step 132), an outbound paclcet (step 134) and a CBC packet (step 138}, the encryption IV is stored in the SA database (step 139).
If the packet is an inbound packet (step 134), the ARW is stored in the SA
database (step 140), the updated sequence number is stored in the SA database (step 142), the lower flags are updated (step 144} and the status register is updated (step 146).
Following the status register update, an interrupt may be raised signaling the completion of the main SA
processing to the CPU or other host device.
Security Association Recognition The SA recognition process will now be described in more detail. A diagram illustrating the hashing technique of determining the SA associated with an input packet is shown in ,Figure 5. Each SA corresponds to a unique socket. A SA is identified by comparing the socltet of a received packet to the sockets associated with previously opened SAs stored in the SA database. To speed the recognition of a SA, a hash table is used which stores hash pointers to SA records in the SA database and permits rapid lookup of the SA
corresponding to a received socket.
New SAs are stored in the SA database and a hash on the socket is calculated, either by the VPN module, SA processor or the CPU. A hash pointer is stored at a location in the hash table 1,70 (Figure 5) pointed to by the hash result. If more than one SA
is stored at that location, the SA is added to a linked list. Note that initially, each entry in the hash table is initialized to NULL.
Upon receipt of a packet, the socket I72 is input to the hash calculator 176 which functions to generate and output a hash result 178. The hash result is used as the index to the hash table I70 that comprises a plurality of entries 180 each containing a hash pointer. The hash pointer points to a linked list of SAs 182 in the SA database. Each SA
record in the database comprises previous I86 and next pointers 184 thus implementing a doubly Iinlced list. If a hit on the socket occurs, each SA in the linlced list must be checked until a match with the socket of the received packet is found.
Preferably, the hash function is chosen to produce as even a spread as possible of hash results across the hash table. The hash function may be any suitable function, such as an XOR function or CRC. Tii one embodiment, performance can be improved over a simple XOR hash function by using a random vector 174 in calculating the hash result in accordance with the following equation.
SOCKI RT; RY, RY3 ... RYN OUTI

SOCK, RYZ Rh3 R~~ ... RUN-I OUTZ

SOCKS D R Tl3 R T~4 R Y~ . . O ( 1) . RYN-z UTS

SOCK,V1~,RT~R R TTn+i R ~a+~ ' TLrRO un ' ' R ~R+N-1 UT,~

wherein the operator O is defined as follows OUT,. _ (R h~ AND SOCKI ) O (RYZ AND SOCK ) ~ ... O+ (RYN AND SOCKN ) (2) and OUTS represents the ith byte of the output matrix;
SOCKk represents the kth byte of the input matrix;
RTT~I~ represents the r, j byte of the random vector matrix;
~ indicates the XOR function;
The input socket data is generated thus generated using the random vector and the input socket data.

A flow diab am illustrating the hashing method of the SA recognition process of the present invention is Shawn in Figure 6. The first step is to obtain a hash pointer (typically provided by the header decoder), the socket and sequence number of the received packet from the header decoder (step 190). The hash value is generated by the hash calculator 176.
Alternatively, the header decoder or other entity may calculate the hash pointer. A laolc up on the hash table is performed and the hash pointer is read fiom the table (step 191). If the hash pointer is equal to NULL, (step 192), the paclcet is rejected (step 200).
If the hash pointer is not NULL, the hash pointer is used to read the first SA
in the linked list associated with the hash pointer and socket comespanding to the SA
(step 194).
The SA's socket is compared to the socket in the received packet (step 196).
If the socleets match (step 197), a SA match is found (step 202) and reported to the main SA
process. If the sockets do not match (step 197), the next hash pointer is read from the linked list (step 19~) and the method repeats from step 192 until either the last hash pointer points to NULL or a SA match is found.
Note that a full compare on the soclcet is always performed even in the event only one SA is stored in the linked list. Note also that the scope of the invention is not limited by which entity updates and maintains the linlced list, i.e. either the SA
processor or the CPU.
The depth of the hash table can be any desired value. Typically, however, the depth is set in accordance with the number of SAs to be maintained simultaneously. Preferably, the number of hash entries is one or two times the number of SAs since it is not desirable to have many duplicates due to the time consuming naW re of the full soclcet compare.
Security Association Database The SA database ~6 (Figure 3) will now be described in more detail. As described supra, the SA database functions to store security related data for a plurality of security associations. The size of the SA database may vary depending on the implementation and the system requirements. The fields malting up each record of the database is listed below in Table 1.
Table 1: SA database record fields Field No. Field Description Length (bits) 1 Upper Flags 16 2 Path MTU 16 3 Remote IP Address/Gateway Address 32 4 Security Parameter Index (SPI) 32 Next SA bundle pointer 16 6 Previous SA bundle pointer 16 7 Next Hash pointer I6 8 Previous Hash pointer 16 9 Next LRU pointer 16 Previous LRU pointer 16 11 Lower Flags 16 12 Last matching session pointer 16 13 Sequence number 32 I4 Anti-replay window (127:0) 128 Encryption Initial Value (63:0) 64 16 Encryption Key (191:0) 192 17 Authentication Key/Hashed Key 160 Input (159:0) 18 Hashed Key Output (159:0) 160 19 Soft/Hard Lifetime 32 Fields 1 and I1 store the upper and lower flags, respectively, which comprise a plurality of status bits described in more detail infra. The path MTU is stored in field 2 and represents the maximum size permitted for a paclcet including all headers. The remote 5 IPlgateway IP address in field 3 and the SPI in field 4 make up the SA
socket along with the security protocol identifier. The next and previous SA pointers (fields 5 and 6) are used to construct a doubly linked list of SAs that are all associated with the same Security Policy Database (SPD). Fields 7 and 8 store the next and previous hash pointers within the hash linlced list described supra. The hash linked list is used during SA
recognition of a packet.
10 Fields 9 and 10 store next and previous LRU pointers in a LRU linked list used to order SAs in terms of staleness. The LRU linked list operation is described in more detail infra.
A pointer to the last open session with this SA is stored in field 12. The current sequence number for the SA is stored in field 13 . Field 14 stores the 128 bit anti-replay window used in the ARW mechanism for rejecting replay packets. Field 15 stores a 64 bit IS encryption initial value (IV), field 16 stores a 192 bit encryption lcey and field 17 stores a 160 bit authentication lcey/hashed key input (HIS. Field 18 stores the 160 hashed lcey output (HKO) value. Field 19 stores the soft/hard lifetime for the SA which is used to determine when to close a particular SA.
The HKI and HKO values are intermediary results generated during the authentication process. They are both stored in the table to save processing time upon receipt of subsequent packets. Both the HKI and HKO values are calculated from the hash of the authentication key and a predefined pad value. The HKI value is stored in place of the authentication lcey in the SA database because once it is calculated, the original key is not needed anymore.
Alternatively, the authentication key, HKI and HKO values may be stored separately in the database. The SA database receives the HKI and HKO values upon the first use of the. SA
from the HMAC security engine.
As described above, the SA database comprises upper and lower flags for conveying status related information to and from the CPU. The upper flags staW s comprises a plurality of bits as shown below in Table 2.

Table 2: Upper Flag Bits Flag DefinitionSize Value Description 0000 No VPN

0001 Transport AH

0010 Tunnel AH

0011 Transport ESP

0100 Tunnel ESP

0101 Transport ESP/AU

0110 Tunnel ESP/AU

IfM IPSec mode4 bits O1 Transport ESP Transport AH
I
l 1000 Tunnel ESP Transport AH

1001 Transport ESP null (AU only) 1010 Tunnel ESP null (AU only) 1011 Authentication Creation/Check 1100 EnciyptionlDecryption 1101 Enc~yption/Decryption + Authentication DET DES type 1 bit 1 3DES

DEM DES mode 1 bit 1 CBC

0 ESP padding with zeros PAM PAD mode 1 bit 1 ESP padding with incrementing values 3DE 3DES class3 bits I00 DEE

AHT AH type 1 bit 1 SHAT

st ~ This is the same key KEY use of 1 bit I First use of this lcey - create key HKI and HKO

0 AH size is 96 AHS AH size 1 bit 1 AH size is 160 0 This SA is ESP

AH AH or ESP 1 bit 1 This SA is AH

0 SA for outbound packets DIR Direction I bit 1 SA for inbound packets ~ This SA is used (SA is valid) EMP Empty 1 bit 1 This SA is empty (SA is invalid) All of the upper flags are set by the CPU and read by the SA processor. The EMP
flag can also be set by the SA processor. The SA processor sets this bit to a one when the SA
is empty, i.e. invalid. The CPU sets this bit to zero when the SA is valid.
The IPM bits indicate the specific IPSec mode, i.e., ESP, ESP/AU, AU only, transpout, W
nneling, etc. The last tluee IPSec modes can optionally be used to implement additional security standards, such as Secure Sockets Layer (SSL), to encrypt a certain file, etc. In these modes, the VPN
engine is used stand alone without the packet building functionality. Thus, the VPN engine functions as software accelerator implementing DES/3DES encryption/decryption engine mode (IPM=1100), SHA-1/MD-5 authentication engine mode (IPM=1011) or both encryption and authentication engine mode (IPM=1101).
The DET bit indicates the type of DES either DES or 3DES. The DEM bit indicates the DES mode either ECB or CBC. The PAM bit indicates either ESP padding with zeros or incrementing values. The 3DE bit indicates the particular 3DES class. The AHT
bit indicates the type of AH authentication either MDS or SHAT. The AHS bit indicates the size of the AH either 96 or 160 bits, the AH bit indicates the SA is either ESP or AH and the DIR
bit indicates whether the SA is for outbound or inbound paclcets.
The SA database also comprises 'a lower flags status register for conveying status related information to and from the CPU. The lower flags statixs comprises a plurality of bits as shown below in Table 3.
Table 3: Lower Flag Bits Flag Definition Size Value Description 00 Anti Replay disabled ARW ARW size 2 bits01 Anti Replay Window = 32 10 Anti Replay Window = 64 11 Anti Replay Window = 128 St 0 This is not the 1st SA in this HASH entry HSH in HASH 1 bit 1 This is the 1 SA in this 1 HASH entry HLD Hold 1 bit 0 ' 1 Don't delete this session 0 No manual lceying for this SA

MAN manual lcey 1 bit 1 Manual keying for this SA

_ SA lifetime 0 SA lifetime is measured in seconds SAL mode 1 bit 1 SA lifetime is measured in 64 bytes nits soft or hard1 bit 0 The lifetime in this SA
is soft SOH lifetime 1 The lifetime in this SA
is hard SLT soft lifetime1 bit 0 1 SA lifetime has reached soft overflow SEQ soft sequence1 bit 0 1 SA sequence has reached soft overflow The ARW bits indicate the size of the anti-replay window if it exists. The HLD
bit indicates not to delete a particular SA. This flag protects a SA entry from being deleted by the SA processor hardware. The MAN bit indicates whether there is manual keying for the SA. If manual keying is confib fired, the sequence rolls over when OxFFFFFFFF
is reached since manual keys are not allowed to be deleted by the SA processor. The SAL
bit indicates whether the SA lifetime is measured by time or data, i.e: in seconds ox 64 bytes units. The SOH bit indicates whether the lifetime is a soft or hard lifetime. The SLT bit indicates that soft overflow has occurred in the soft lifetime. The SEQ bit indicates that soft overflow has occurred in the SA sequence. Nota that the ARW, HLD, MAN, SAL and SOH flags are set by the CPU and read by the SA processor. The SLT and SEQ flags are set by the SA
processor and read by the CPU. Unless the HLD or MAN flag is set, the SA is deleted upon sequence overflow (OxFFFFFFFF).
Anti-Replay Window Mechanism h2 accordance with the invention, the main SA processing is adapted to implement an anti-replay mechanism whereby replay pacltets are rejected. The mechanism functions to track the sequence numbers in the packet and to reject packets whose sequence number is less than the minimum permitted. A diagram. illustrating the anti-replay window mechanism performed during checking by the main SA processor is shown in Figure 7.
The x-axis represents the SA sequence number with the minimum sequence nzunber . being 0x00000000 and the maximum sequence number being OxFFFFFFFF. A window is created, referred to as an anti-replay window (ARW) (segment 212) that represents permitted sequence munbers. Packets received whose sequence numbers are below the window are rejected (segment 210). In addition, only one packet is allowed per sequence number. Thus, the ARW comprises a bit for each sequence number that falls within it. As packets axe received, the corresponding sequence number bits are set. A packet received with a sequence nmnber whose bit is already set is rejected:
A flow diagram illustrating the anti-replay window method of the present invention is shown in Figure 8. The sequence number is first read from the received paclcet (step 280).
The cuz-rent position of the anti-replay window is retrieved from the SA
database (step 282).
If the sequence number is within the window (step 284), it is then checked whether a packet with that sequence number has already been received (step 286). If so, the packet is rejected (step 290). If not, the ARW mechanism allows the packet.
If the sequence number in the received packet is outside the window (step 284), it is checlced whether it is below.or higher than the ARW (step 288). if it lower than the window, the packet is rejected. If it is higher, the packet is allowed and the ARW is adjusted up to the new sequence number, i.e. shifted to the right.
SA iVTanagement Tvlodille In accordance with the invention, the SA management module is operative to maintain a doubly linked list for storing the SAs in least recently used order. The SA
management module performs several functions relating to maintenance and control of the SA database. The SA management module functions to check the validity of SA
entries (i.e.
lifetimes) of SAs in the SA database upon command from the CPU. When the conunand to check lifetimes is received, the lifetime fields of each record in the SA
database are 1~0 examined. Soft lifetime overflows are reported to the CPU and in the case of a hard lifetime overflow, the corresponding SA is deleted. Lifetime checking is performed on the S.As in order to flush SAs that have become stale and that were not normally closed for some reason.
For example, a SA may age out if it corresponds to a paclcet that violated a security mle.
When a SA is deleted, the SA management module functions to maintain and update SA bundles by maintaining the LRU and hash pointer relationships and inform the dynamic alter module which corresponding session should be closed in order to insure that sessions that utilize this SA will be closed.
The SA management module also functions to provide zmused (i.e. empty and available) SAs to the CPU upon request. In operation, the CPU requests one or more new SAs and the SA management module searches and returns the one or more indexes to the CPU. SAs are obtained from the LRU list by disconnecting the least recently used SA bundle (i.e. SAs for both transmit and receive directions) and all the associated connected sessions.
Similarly, the SA management module also gracefmlly disconnects SAs that are no longer in use. The SA management module also opens new SAs wherein LRU pointers and hash pointers in the hash table and SA database are updated.
A diagram illustrating the least recently used (LRU) linlc list stmcW re used to track SA use is shown in Figure 9. Security association entries are entered into the SA database via the CPU when a SA is opened. The CPU requests a SA index from the SA
management module. The next and previous SA bundle pointers are used to connect SAs that relate to each other. To insert a SA into the database, the index of the leading SA is used to insert the new SA into the LRU. In addition, the CPU calculates a hash value for the socket of the new SA and writes it into a register marking its hash value.

Note that in the example embodiment presented herein, the host or external CPU
configures the security related parameters of the SAs, e.g., lcey assigmnent, length of HMAC, padding, etc., during the IKE process. The acW al insertion of the SA is performed by the SA
management upon command of the CPU or host.
Every time a SA is recognized (i.e. accessed), and the corresponding packet is not , rejected by the SA processor, the SA is placed at the tail of the LRU linked list which represents the most recently used SA. The doubly linlced list, generally referenced 220, comprises a plurality of SAs 226 each having a next pointer 222 and a previous pointer 224.
The SA at the tail of the LRU linked list is pointed to by the contents of a tail LRU index reg register 228. The SA pointed to by this register represents the most recently used SA. The SA at the head of the LRU linked list is pointed to by the contents of a head LRU_index reg register 227.
The LRU linked list is used to determine, in the event the SA database is full, which SA to remove when a new SA is added. In this case, the least recently used SA
is closed and 1S the space is used to store the new SA.
A flow diagram illustrating the method of updating the LRU liuced list upon recognition of a SA associated with an input pacltet is shown in Figure 10.
The update method is performed every time a matching SA is accessed and the corresponding packet is allowed. ~lith reference to Fib ire 9, in paz-ticular to the SAs labeled Previous SA, Matched SA and Next SA, the matched SA is moved from its location in the list to the tail to become the most recently used SA. The matched SA is removed by (1) setting the next LRU pointer of the Previous SA to the next LRU pointer of the Matched SA and (2) setting the previous LRU pointer of the Next SA to the previous LRU pointer of the Matched SA (step 230).
The Matched SA is then made the most recently used by (1) setting the next LRU
pointer of the Matched SA to NULL, (2) setting the previous LRU pointer of the Matched SA
to the contents of the tail LRU_index reg register and (3) setting the tail LRU index reg register to the index of the Matched SA (step 232).
A flow diagram illustrating the processing of the SA management module of the present invention is shown in Figure 11. The SA management processing begins in the idle step 241 and moves to the next step depending on the event. In the case of a 'get unused' instruction from the CPU, the status of the least recently used SA is fetched (step 242). If the SA is in use (step 246), the SA and all related connected sessions are closed (step 244). If the SA is not in use, the head LRU_index reg is set to the next LRU pointer of the least recently used SA and the next(previous LRU pointer) is set to NULL (step 248). The next and previous LRU pointers of the SA removed are then set to NULL, thereby removing the least recently used SA from the LRU linked list (step 250). The unused sa variable is set to the SA just disconnected and the flag to inform the CPU accordingly is set to '1' (step 252). The process then returns to Idle (step 254).
A 'check lifetime' command from the CPU causes the SA manager to begin checking lifetimes of alI the active SAs. The index counter is incremented (step 260) and the status of a SA is fetched (i.e. the index counter) (step 262). If the SA is currently in use (step 264), the SA lifetime is fetched from the SA database (step 372). If the lifetime has overflowed, either measured by time or number of bytes (i.e. the SA has aged out) (step 272), the SA and all related connected sessions are closed (step 274).
If the SA is not used or if the SA has not aged out, it is checked whether the index counter is less than the last index (step 266). If it is, the index counter is incremented (step 268) and the method continues With step 262. If it is not, the CPU is notified via the main SA processing module that the lifetime check is complete (step 258) and the method returns to Idle (step 254).
A flow diagram illustrating the processing perfomed by the SA management module of the present invention to open a SA is shown in Figure 12. When a SA is opened, it is placed at the tail of the LRU lined list (step 330). The SA is also placed in the appropriate place in the hash linked list (step 332). The method then reti.~rns to the Idle state (step 334).
A flow diagram illustrating the processing performed by the SA management module of the present invention to close a SA is shown in Figure 13. If the SA is closable or the sequence number overflow has occurred (step 340), the SA is cleared without modification of the LRU pointers (step 342). All the sessions associated with this SA are then closed (step 344). The method then returns to the Idle state (step 359).
If the SA cannot be closed and no sequence number overflow occurred (step 340), and the request to close was due to a lifetime check (step 346), the SA is not closed (step 358) and the method returns to the Idle state (step 359). If the close request was not due to a lifetime checlc, the next SA status pointed to by the least recently used list is fetched (step 348). If this SA cannot be closed (step 350), the method continues with step 348 and the process repeats until a SA is found that can be closed. If a SA that can be closed is found, the SA is configured as the LRU (step 352). The SA is then cleared except for the LRU
pointers (step 354), all sessions associated with this SA are cleared (step 356) and the method returns to the Idle state (step 359).

As stated above, the SA management module also functions to maintain a pointer in the SA database that points to the last open session used on the SA. A diagram illustrating the last open session pointer associated with each SA record is shown in Figine 14. Each SA
entzy may comprises a pointer that points to a different last open session.
This pointer is updated each time a session is opened. Note that the last open session always is at the head of the related session list.
The session database in the dynamic filter is adapted to store several pointers including LRU, hash, family and SA pointers. The SA pointer functions to point to the SA
that this session uses. A diagram illustrating the previous and next session pointers and matching SA pointer that are associated with each session record is shown in Figure I5. The session record in the session database comprises a pointer to the matching SA
to be used for that session and previous and next family pointers to sessions that use the same SA. The next and previous pointers in the session entries are used when a SA is closed and all the sessions related to the SA are to be closed as well. The last open pointer in the SA
entry is used to point to the list of one or more sessions that use that SA. When the SA is closed, the related sessions must also be closed. Note that when a SA is closed, both the transmit and receive SAs are deleted and all the connected sessions are also deleted unless they are pant of a family. In this case, they are marlced as candidates to be killed (i.e. the PSV bit in the session database flags is set).
A diagram illustrating an example relationship between a single session and single SA
record is shown in Figi.~re 16. in this example, only one session entry uses the SA. The previous and next pointers thus point to NULL. The SA entry comprises a pointer to the last open session for that SA.
A diagram illustrating an example relationship between multiple sessions and a single SA record is shown in Figure 17. In this example, three sessions use the same SA. Thus, the matching SA pointers of all three sessions point to the same SA. The next and previous pointers of each session are confib red to fornl a doubly linlted list that includes the three sessions. The linked list logically connects the sessions that use the same SA
. The SA entry comprises a pointer to the last open session for that SA which points to the head of the linked list.
Computer Embodiment In another embodiment, a computer is operative to execute software adapted to perfornz the VPN mechanism of the present invention or any portion thereof such as the security association processor. A block diagram illustrating an example computer processing system to platform adapted to perform the VPN mechanism of the present invention is shown Figure 18. The system may be incorporated within a communications device such as a PDA, cellular telephone, cable modem, broadband modem, laptop, PC, network transmission or switching eduipment, network device or any other wired or wireless communications device.
The device may be constructed using any combination of hardware and/or software.
The computer system, generally referenced 300, comprises a processor 304 which may be implemented as a microcontroller, microprocessor, microcomputer, ASIC
core, FPGA core, central processing unit (CPLI) or digital signal processor (DSP).
The system further comprises static read only memory (ROM) 302 and dynamic main memory (e.g., RAM) 308 all in communication with the processor. The processor is also in communication, via a bus 326, with a number of peripheral devices that are also included in the computer system.
The device is connected to a WAN 318 such as the Inteznet via a WAN interface 316.
Alternatively, the network 318 may comprise an Optical Ethernet based MAN or other type of MAN depending on the location. The interface comprises wired and/or wireless interfaces to one or more WAN communication channels. Communications I/O processing 314 transfers data between the WAN interface and the processor. The computer system is also connected to a LAN 312 via a Network Interface Card (NIC) 310 adapted to handle the pauticular network protocol being used, e.g., one of the varieties of copper or optical Etheunet, Token Ring, etc. In operation, the computer system is operative to dynamically filter inbound packets from the WAN to the LAN and outbound packets from the LAN to the WAN as described supra.
An optional user interface 320 responds to user inputs and provides feedback and other stat~.is infomnation. A host interface 322 connects a host computing device 324 to the system. The host is adapted to configure, control and maintain the operation of the system.
The' system also comprises magnetic storage device 306 for storing application programs and data. The system comprises computer readable storage medium which may include any suitable memory means including but not limited to magnetic storage, optical storage, CD
ROM drive, ZIP drive, DVD drive, DAT cassette, semiconductor volatile or non-volatile memory, biological memory devices, or any other memory storage device.
Software operative to implement the functionality of the VPN mechanism of the present invention or any portion thereof such as the security association processor is adapted tn ,-PC;riP nn a computer readable medium, such as a magnetic disk within a disk drive unit or any other volatile or nonvolatile memory. Alternatively, the computer readable medimn may comprise a floppy dislc, Flash mernoiy card, EPROM, EEROM, EEPROM based memory, bubble memory storage, ROM storage, etc. The software adapted to perform the VPN
mechansm of the present invention or any portion thereof such as the security association processor may also reside, in whole or in part, in the static or dynamic main memories or in firmware within the processor of the computer system (i.e. within microcontroller, microprocessor, microcomputer, DSP, etc. internal memory).
In alternative embodiments, the method of the present invention may be applicable to implementations of the invention in integrated circuits, field programmable gate arrays (FPGAs), chip sets or application specific integrated circuits (ASICs), DSP
circuits, wireless implementations and other communication system products.
It is intended that the appended claims cover all sLlCl1 features and advantages of the invention that fall within the spirit and scope of the present invention. As numerous modifications and changes will readily occur to those skilled in the art, it is intended that the invention not be limited to the limited nLUnber of embodiments described herein.
Accordingly, it will be appreciated that alI suitable variations, lnodifications and equivalents may be resorted to, falling within the spirit and scope of the present invention.

Claims (51)

What is claimed is:
1. A computing device, comprising:
communication means adapted to connect said device to a communications network;
memory means comprising volatile and non-volatile memory, said non-volatile memory adapted to store program code;
a processor coupled to said memory means and said communication means for executing said program code; and a Virtual Private Network, VPN, circuit, comprising:
security association database means for storing security related data for a plurality of security associations, each entry comprising security association related data corresponding to a unique socket;
a plurality of security engines, each security engine adapted to perform a security process;
means for opening a new security association upon receipt of a socket not found in said security association database means;
means for searching for and recognizing a security association associated with an input packet in accordance with its socket;
means for retrieving from said security association database means a plurality of security related parameters;
means for forwarding said plurality of security related parameters to at least one of said security engines for performing a security process therewith;
packet building means adapted to construct an output packet in accordance with a particular security mode utilizing said input packet and the results of said security process;
a session database comprising session records for storing session-related data for a plurality of communication sessions, wherein each session record includes a session socket and a pointer to a respective entry of the security association database means;
and wherein:
means for searching for and recognizing a security association associated with an input packet in accordance with its socket includes means for searching, in the session database, a session record storing a session socket matching the input packet socket and for providing to the means for retrieving the pointer to the entry of the security association database means, thereby the means for retrieving retrieves the security related parameters using the pointer;
the session database is configured in such a way that multiple session records related to sessions using a same security association point to a same entry of the security association database means; and the Virtual Private Network circuit comprises means for removing unused security associations from said security association database, and for causing the deletion from the session database of the session records related to all the sessions using a same security association when the corresponding security association is removed from the security association database means.
2. The computing device according to claim 1, further comprising means for updating the contents of said security association database in accordance with results of said security processes.
3. The computing device according to any of claims 1 and 2, wherein parameters associated with said security association are configured by an entity external to said circuit and wherein said circuit comprises means for storing in said security association database security related data corresponding to said new security association in said security association database and a hash value calculated on the socket associated with said new security association.
4. The computing device according to any of claims 1 to 3, wherein said security association is opened by an entity external to said circuit and wherein said circuit comprises means for inserting a pointer to said new security association in a Least Recently Used, LRU, linked list.
5. The computing device according to any of claims 1 to 4, wherein the means for removing remove unused security associations from said security association database upon exceeding a maximum timeout.
6. The computing device according to any of claims 1 to 5, wherein the means for removing remove unused security associations from said security association database upon exceeding a maximum byte count.
7. The computing device according to any of claims 1 to 6, wherein said means for searching for and recognizing a security association comprises:
means for calculating a hash value on the socket associated with the security association to be recognized;
means for looking up a hash pointer in a hash table using hash result as an index;
means for retrieving data from said security association database in accordance with said hash pointer; and means for recognizing said security association if the retrieved data matches the socket associated with the packet.
8. The computing device according to any of claims 1 to 7, further comprising means for applying an anti-replay mechanism to inbound packets.
9. The computing device according to any of claims 1 to 8, further comprising means for tracking sequence number of inbound packets.
10. The computing device according to any of claims 1 to 9, further comprising means for establishing and maintaining a least recently used, LRU, doubly linked list having a head and tail wherein most recently used security associations are stored at the tail and least recently used security associations are stored at the head.
11. The computing device according to claim 10, wherein in the event said LRU
list is full, the security associations at the head is deleted and a new security association is added to the tail.
12. The computing device according to any of claims 1 to 11, wherein said socket comprises a Security Parameter Index, SPI, remote IP and Protocol components.
13. The computing device according to any of claims 1 to 12, wherein said security association related data comprises any one or combination of the following values: IPSec mode, encryption algorithm, encryption key.
14. The computing device according to any of claims 1 to 13, wherein said security association related data comprises any one or combination of the following values: IPSec mode, authentication algorithm, authentication key.
15. The computing device according to any of claims 1 to 14, further comprising means for rejecting said packet if an error is received from said VPN security processor.
16. The computing device according to any of claims 1 to 15, wherein at least one of said security engines is adapted to implement IPSec tunnel mode services.
17. The computing device according to any of claims 1 to 16, wherein at least one of said security engines is adapted to implement IPSec transport mode services.
18. The computing device according to any of claims 1 to 17, wherein said communications network comprises a Wide Area Network, WAN.
19. The computing device according to any of claims 1 to 18, wherein said communications network comprises a Local Area Network, LAN.
20. The computing device according to any of claims 1 to 19, wherein said communications network comprises the Internet.
21. The computing device according to any of claims 1 to 20, wherein said communications network comprises a Public Switched Telephone Network, PSTN.
22. The computing device according to any of claims 1 to 21, wherein at least one of said security engines is adapted to perform encryption.
23. The computing device according to any of claims 1 to 22, wherein at least one of said security engines is adapted to perform decryption.
24. The computing device according to any of claims 1 to 23, wherein at least one of said security engines is adapted to perform authentication.
25. The computing device according to any of claims 1 to 24, wherein at least one of said security engines is adapted to perform an IPSec service.
26. The computing device according to any of claims 1 to 25, wherein said VPN
circuit is implemented in an Application Specific Integrated Circuit, ASIC.
27. The computing device according to any of claims 1 to 25, wherein said VPN
circuit is implemented in a Field Programmable Gate Array, FPGA.
28. The computing device according to any of claims 1 to 25, wherein said VPN
circuit is implemented in a Digital Signal Processor, DSP.
29. A method of security association, said method comprising the steps of:
establishing a security association database adapted to store security related data for a plurality of security associations, each entry within said security association database corresponding to a socket;
opening a new security association upon receipt of a socket not found in said security association database;
searching for and recognizing a security association associated with a packet in accordance with its socket;
retrieving from said security association database a plurality of security related parameters;
forwarding said plurality of security related parameters to a Virtual Private Networking, VPN security processor for performing one or more security processes therewith;
establishing a session database comprising session records for storing session-related data for a plurality of communication sessions, wherein each session record includes a session socket and a pointer to a respective entry of the security association database means;
searching for and recognizing a security association associated with an input packet in accordance with its socket by:
searching, in the session database, for a session record storing a session socket matching the input packet socket;
retrieving the pointer to the entry of the security association database; and retrieving the security related parameters using the pointer;
configuring the session database in such a way that multiple session records related to sessions using a same security association point to a same entry of the security association database; and removing unused security associations from said security association database, and causing the deletion from the session database of the session records related to all the sessions using a same security association when the corresponding security association is removed from the security association database.
30. The method according to claim 29, further comprising the step of updating the contents of said security association database in accordance with results of said security processes.
31. The method according to claim 29 or 30, wherein said step of opening a new security association comprises:
storing security related data corresponding to said new security association in said security association database;
calculating a hash value on the socket associated with said new security association; and storing said hash value in a hash table.
32. The method according to any of claims 29 to 31, wherein said step of opening a new security association comprises inserting a pointer to said new security association in a Least Recently Used, LRU, linked list.
33. The method according to any of claims 29 to 32, further comprising the step of removing unused security associations from said security association database upon exceeding a maximum timeout.
34. The method according to any of claims 29 to 33, further comprising the step of removing unused security associations from said security association database upon exceeding a maximum byte count.
35. The method according to any of claims 29 to 34, wherein said step of searching for and recognizing a security association comprises the steps of:

calculating a hash value on the socket associated with the security association to be recognized;
looking up a hash pointer in a hash table using hash result as an index;
retrieving data from said security association database in accordance with said hash pointer; and recognizing said security association if the retrieved data matches the socket associated with the packet.
36. The method according to any of claims 29 to 35, wherein said VPN security processor is adapted to perform encryption.
37. The method according to any of claims 29 to 36, wherein said VPN security processor is adapted to perform decryption.
38. The method according to any of claims 29 to 37, wherein said VPN security processor is adapted to perform authentication.
39. The method according to any of claims 29 to 38, wherein said VPN security processor is adapted to perform an IPSec specified service.
40. The method according to any of claims 29 to 39, further comprising the step of applying an anti- replay mechanism to packets received from a remote network.
41. The method according to any of claims 29 to 40, further comprising the step of tracking sequence numbers of packets received from a remote network.
42. The method according to any of claims 29 to 41, further comprising the step of establishing and maintaining a least recently used, LRU, doubly linked list having a head and tail wherein most recently used security associations are stored at the tail and least recently used security associations are stored at the head.
43. The method according to claim 42, wherein in the event said LRU list is full, the security associations at the head is deleted and a new security association is added to the tail.
44. The method according to any of claims 29 to 43, wherein said socket comprises a Security Parameter Index, SPI, remote IP and Protocol components.
45. The method according to any of claims 29 to 44, wherein said security association related data comprises any one or combination of the following values: IPSec mode, encryption algorithm, encryption key.
46. The method according to any of claims 29 to 45, wherein said security association related data comprises any one or combination of the following values: IPSec mode, authentication algorithm, authentication key.
47. The method according to any of claims 29 to 46, further comprising the step of rejecting said packet if an error is received from said VPN security processor.
48. The method according to any of claims 29 to 47, wherein said method is implemented in an Application Specific Integrated Circuit, ASIC.
49. The method according to any of claims 29 to 47, wherein said method is implemented in a Field Programmable Gate Array, FPGA.
50. The method according to any of claims 29 to 47, wherein said method is implemented in a Digital Signal Processor, DSP.
51. A computer readable storage medium having computer readable program code means embodied therein for causing a suitably programmed computer to perform a security association mechanism when such program is executed on said computer, said computer readable storage medium comprising computer readable program code means for causing said computer to perform the method according to any one of claims 29 to 50.
CA2452052A 2001-07-10 2002-07-10 Virtual private network mechanism incorporating security association processor Expired - Fee Related CA2452052C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/902,770 US7107464B2 (en) 2001-07-10 2001-07-10 Virtual private network mechanism incorporating security association processor
US09/902,770 2001-07-10
PCT/IB2002/002720 WO2003007524A2 (en) 2001-07-10 2002-07-10 Virtual private network mechanism incorporating security association processor

Publications (2)

Publication Number Publication Date
CA2452052A1 CA2452052A1 (en) 2003-01-23
CA2452052C true CA2452052C (en) 2012-11-27

Family

ID=25416373

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2452052A Expired - Fee Related CA2452052C (en) 2001-07-10 2002-07-10 Virtual private network mechanism incorporating security association processor

Country Status (8)

Country Link
US (1) US7107464B2 (en)
EP (1) EP1405452B1 (en)
JP (1) JP4344609B2 (en)
CN (2) CN101494649B (en)
AU (1) AU2002319557A1 (en)
BR (1) BRPI0205727B1 (en)
CA (1) CA2452052C (en)
WO (1) WO2003007524A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494744A (en) * 2018-03-07 2018-09-04 杭州迪普科技股份有限公司 A kind of IPsec VPN clients message processing method and device

Families Citing this family (107)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8751647B1 (en) 2001-06-30 2014-06-10 Extreme Networks Method and apparatus for network login authorization
US7856660B2 (en) * 2001-08-21 2010-12-21 Telecommunication Systems, Inc. System for efficiently handling cryptographic messages containing nonce values
DE10142959A1 (en) * 2001-09-03 2003-04-03 Siemens Ag Method, system and computer for negotiating a security relationship on the application layer
GB2370732B (en) * 2001-10-17 2003-12-10 Ericsson Telefon Ab L M Security in communications networks
US7986937B2 (en) * 2001-12-20 2011-07-26 Microsoft Corporation Public access point
US7120791B2 (en) * 2002-01-25 2006-10-10 Cranite Systems, Inc. Bridged cryptographic VLAN
US7188364B2 (en) 2001-12-20 2007-03-06 Cranite Systems, Inc. Personal virtual bridged local area networks
US7246245B2 (en) * 2002-01-10 2007-07-17 Broadcom Corporation System on a chip for network storage devices
US7203957B2 (en) * 2002-04-04 2007-04-10 At&T Corp. Multipoint server for providing secure, scaleable connections between a plurality of network devices
US7188365B2 (en) * 2002-04-04 2007-03-06 At&T Corp. Method and system for securely scanning network traffic
JP3700671B2 (en) * 2002-04-10 2005-09-28 横河電機株式会社 Security management system
US7154861B1 (en) * 2002-04-22 2006-12-26 Extreme Networks Method and system for a virtual local area network to span multiple loop free network topology domains
US7937471B2 (en) 2002-06-03 2011-05-03 Inpro Network Facility, Llc Creating a public identity for an entity on a network
US7421736B2 (en) * 2002-07-02 2008-09-02 Lucent Technologies Inc. Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network
US7441262B2 (en) * 2002-07-11 2008-10-21 Seaway Networks Inc. Integrated VPN/firewall system
US8234358B2 (en) 2002-08-30 2012-07-31 Inpro Network Facility, Llc Communicating with an entity inside a private network using an existing connection to initiate communication
US20100138909A1 (en) * 2002-09-06 2010-06-03 O2Micro, Inc. Vpn and firewall integrated system
CN100389400C (en) * 2002-09-06 2008-05-21 美国凹凸微系有限公司 VPN and firewall integrated system
US20060182083A1 (en) * 2002-10-17 2006-08-17 Junya Nakata Secured virtual private network with mobile nodes
US7441043B1 (en) * 2002-12-31 2008-10-21 At&T Corp. System and method to support networking functions for mobile hosts that access multiple networks
EP1589708B1 (en) * 2003-01-31 2016-03-09 Nippon Telegraph And Telephone Corporation Vpn communication control device, communication control method in vpn, and virtual dedicated network management device
US7949785B2 (en) * 2003-03-31 2011-05-24 Inpro Network Facility, Llc Secure virtual community network system
US7991751B2 (en) * 2003-04-02 2011-08-02 Portauthority Technologies Inc. Method and a system for information identification
US7325002B2 (en) * 2003-04-04 2008-01-29 Juniper Networks, Inc. Detection of network security breaches based on analysis of network record logs
US20040268124A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation, Espoo, Finland Systems and methods for creating and maintaining a centralized key store
CN1315298C (en) * 2003-07-01 2007-05-09 智邦科技股份有限公司 System and method for synchronous packaging processing
US6988106B2 (en) * 2003-07-09 2006-01-17 Cisco Technology, Inc. Strong and searching a hierarchy of items of particular use with IP security policies and security associations
US7568107B1 (en) * 2003-08-20 2009-07-28 Extreme Networks, Inc. Method and system for auto discovery of authenticator for network login
CN100499451C (en) * 2003-08-26 2009-06-10 中兴通讯股份有限公司 Network communication safe processor and its data processing method
US7350233B1 (en) * 2003-09-12 2008-03-25 Nortel Networks Limited Fast re-establishment of communications for virtual private network devices
FI20031361A0 (en) * 2003-09-22 2003-09-22 Nokia Corp Remote management of IPSec security associations
US7636805B2 (en) * 2003-10-20 2009-12-22 Logitech Europe S.A. Method and apparatus for communicating data between two hosts
US7886057B2 (en) * 2003-10-20 2011-02-08 Logitech Europe S.A. Method and apparatus for communicating data between two hosts
US7464266B2 (en) * 2004-02-13 2008-12-09 Microsoft Corporation Cheap signatures for synchronous broadcast communication
US10375023B2 (en) * 2004-02-20 2019-08-06 Nokia Technologies Oy System, method and computer program product for accessing at least one virtual private network
US8186026B2 (en) * 2004-03-03 2012-05-29 Rockstar Bidco, LP Technique for maintaining secure network connections
US7502474B2 (en) * 2004-05-06 2009-03-10 Advanced Micro Devices, Inc. Network interface with security association data prefetch for high speed offloaded security processing
US20050283441A1 (en) * 2004-06-21 2005-12-22 Ipolicy Networks, Inc., A Delaware Corporation Efficient policy change management in virtual private networks
US20050283604A1 (en) * 2004-06-21 2005-12-22 Ipolicy Networks, Inc., A Delaware Corporation Security association configuration in virtual private networks
CN100385885C (en) * 2004-07-09 2008-04-30 威达电股份有限公司 Safety gateway with SSL protection function and method
US7890992B2 (en) * 2004-08-19 2011-02-15 Cisco Technology, Inc. Method and apparatus for selection of authentication servers based on the authentication mechanisms in supplicant attempts to access network resources
US7624263B1 (en) * 2004-09-21 2009-11-24 Advanced Micro Devices, Inc. Security association table lookup architecture and method of operation
US7543064B2 (en) * 2004-09-30 2009-06-02 Logitech Europe S.A. Multiplayer peer-to-peer connection across firewalls and network address translators using a single local port on the local host
US7565526B1 (en) * 2005-02-03 2009-07-21 Sun Microsystems, Inc. Three component secure tunnel
US8108691B2 (en) * 2005-02-07 2012-01-31 Sandisk Technologies Inc. Methods used in a secure memory card with life cycle phases
US8423788B2 (en) * 2005-02-07 2013-04-16 Sandisk Technologies Inc. Secure memory card with life cycle phases
US8321686B2 (en) * 2005-02-07 2012-11-27 Sandisk Technologies Inc. Secure memory card with life cycle phases
US7769858B2 (en) * 2005-02-23 2010-08-03 International Business Machines Corporation Method for efficiently hashing packet keys into a firewall connection table
US7984495B1 (en) * 2005-03-09 2011-07-19 Sonicwall, Inc. Method and an apparatus to identify security association of virtual private network tunnels
US7738468B2 (en) * 2005-03-22 2010-06-15 Logitech Europe S.A. Method and apparatus for packet traversal of a network address translation device
US8189481B2 (en) * 2005-04-08 2012-05-29 Avaya, Inc QoS-based routing for CE-based VPN
US7743409B2 (en) 2005-07-08 2010-06-22 Sandisk Corporation Methods used in a mass storage device with automated credentials loading
US8166547B2 (en) * 2005-09-06 2012-04-24 Fortinet, Inc. Method, apparatus, signals, and medium for managing a transfer of data in a data network
US7536540B2 (en) * 2005-09-14 2009-05-19 Sandisk Corporation Method of hardware driver integrity check of memory card controller firmware
US20070061597A1 (en) * 2005-09-14 2007-03-15 Micky Holtzman Secure yet flexible system architecture for secure devices with flash mass storage memory
ATE410874T1 (en) * 2005-09-20 2008-10-15 Matsushita Electric Ind Co Ltd METHOD AND DEVICE FOR PACKET SEGMENTATION AND LINK SIGNALING IN A COMMUNICATIONS SYSTEM
US7783615B1 (en) * 2005-09-30 2010-08-24 Emc Corporation Apparatus and method for building a file system index
US8032745B2 (en) * 2005-12-20 2011-10-04 International Business Machines Corporation Authentication of I2C bus transactions
US8176317B2 (en) * 2006-01-19 2012-05-08 Helius, Inc. System and method for multicasting IPSec protected communications
JP2007208632A (en) * 2006-02-01 2007-08-16 Sony Corp Information processor and information processing method, program, and recording medium
KR100772394B1 (en) * 2006-02-09 2007-11-01 삼성전자주식회사 Method and apparatus for updating ant-reply window of IPSec
US7962652B2 (en) * 2006-02-14 2011-06-14 International Business Machines Corporation Detecting network topology when negotiating IPsec security associations that involve network address translation
US7784086B2 (en) * 2006-03-08 2010-08-24 Panasonic Corporation Method for secure packet identification
US7881470B2 (en) * 2006-03-09 2011-02-01 Intel Corporation Network mobility security management
US7801144B2 (en) * 2006-03-31 2010-09-21 Agere Systems Inc. Switch-based network processor
ATE524909T1 (en) * 2006-05-17 2011-09-15 Deutsche Telekom Ag METHOD AND DEVICES FOR ENHANCEMENT OF VOICE CALLS AND SEMANTIC COMBINATION OF SEVERAL SERVICE SESSIONS INTO A VIRTUAL COMBINED SERVICE SESSION
US8001524B1 (en) * 2006-07-19 2011-08-16 Juniper Networks, Inc. Instruction extension for linked list lookup
US7616508B1 (en) * 2006-08-10 2009-11-10 Actel Corporation Flash-based FPGA with secure reprogramming
US20080052524A1 (en) * 2006-08-24 2008-02-28 Yoram Cedar Reader for one time password generating device
US20080072058A1 (en) * 2006-08-24 2008-03-20 Yoram Cedar Methods in a reader for one time password generating device
US8423794B2 (en) * 2006-12-28 2013-04-16 Sandisk Technologies Inc. Method and apparatus for upgrading a memory card that has security mechanisms for preventing copying of secure content and applications
KR100839941B1 (en) * 2007-01-08 2008-06-20 성균관대학교산학협력단 Abnormal ipsec packet control system using ipsec configuration and session data, and method thereof
JP5204791B2 (en) * 2007-03-16 2013-06-05 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Securing IP traffic
US20080267177A1 (en) * 2007-04-24 2008-10-30 Sun Microsystems, Inc. Method and system for virtualization of packet encryption offload and onload
US8423767B2 (en) * 2007-06-13 2013-04-16 Cisco Technology, Inc. Security association verification and recovery
US8370919B2 (en) * 2007-06-26 2013-02-05 Microsoft Corporation Host firewall integration with edge traversal technology
US7894420B2 (en) * 2007-07-12 2011-02-22 Intel Corporation Fast path packet destination mechanism for network mobility via secure PKI channel
US8051124B2 (en) * 2007-07-19 2011-11-01 Itt Manufacturing Enterprises, Inc. High speed and efficient matrix multiplication hardware module
US8661524B2 (en) * 2007-12-14 2014-02-25 Novell, Inc. Selective desktop control of virtual private networks (VPN's) in a multiuser environment
US8191133B2 (en) * 2007-12-17 2012-05-29 Avaya Inc. Anti-replay protection with quality of services (QoS) queues
US20090199290A1 (en) * 2008-02-01 2009-08-06 Secure Computing Corporation Virtual private network system and method
US20090228973A1 (en) * 2008-03-06 2009-09-10 Chendil Kumar Techniques for automatic discovery and update of client environmental information in a virtual private network (vpn)
US9137209B1 (en) * 2008-12-10 2015-09-15 Amazon Technologies, Inc. Providing local secure network access to remote services
KR101048510B1 (en) * 2009-05-06 2011-07-11 부산대학교 산학협력단 Method and apparatus for enhancing security in Zigbee wireless communication protocol
US8499338B1 (en) * 2010-02-16 2013-07-30 Sprint Communications Company L.P. Internet protocol controlled modem for use over a wireless voice network
US8549617B2 (en) 2010-06-30 2013-10-01 Juniper Networks, Inc. Multi-service VPN network client for mobile device having integrated acceleration
US10142292B2 (en) 2010-06-30 2018-11-27 Pulse Secure Llc Dual-mode multi-service VPN network client for mobile device
US8127350B2 (en) * 2010-06-30 2012-02-28 Juniper Networks, Inc. Multi-service VPN network client for mobile device
CN102065021B (en) * 2011-01-28 2012-12-26 北京交通大学 IPSecVPN (Internet Protocol Security Virtual Private Network) realizing system and method based on NetFPGA (Net Field Programmable Gate Array)
US8359466B2 (en) * 2011-04-29 2013-01-22 Lsi Corporation Security association prefetch for security protcol processing
US8261085B1 (en) 2011-06-22 2012-09-04 Media Patents, S.L. Methods, apparatus and systems to improve security in computer systems
US8181035B1 (en) 2011-06-22 2012-05-15 Media Patents, S.L. Methods, apparatus and systems to improve security in computer systems
US8595510B2 (en) 2011-06-22 2013-11-26 Media Patents, S.L. Methods, apparatus and systems to improve security in computer systems
US20120331308A1 (en) * 2011-06-22 2012-12-27 Media Patents, S.L. Methods, apparatus and systems to improve security in computer systems
US8775614B2 (en) 2011-09-12 2014-07-08 Microsoft Corporation Monitoring remote access to an enterprise network
US9246876B1 (en) * 2011-10-13 2016-01-26 Juniper Networks, Inc. Anti-replay mechanism for group virtual private networks
CN102970228B (en) * 2012-11-22 2016-04-27 杭州华三通信技术有限公司 A kind of message transmitting method based on IPsec and equipment
US10515231B2 (en) * 2013-11-08 2019-12-24 Symcor Inc. Method of obfuscating relationships between data in database tables
US9641542B2 (en) * 2014-07-21 2017-05-02 Cisco Technology, Inc. Dynamic tuning of attack detector performance
CN105791219B (en) 2014-12-22 2020-03-20 华为技术有限公司 Anti-replay method and device
WO2016118523A1 (en) 2015-01-19 2016-07-28 InAuth, Inc. Systems and methods for trusted path secure communication
US9621520B2 (en) * 2015-03-19 2017-04-11 Cisco Technology, Inc. Network service packet header security
CN106534153B (en) * 2016-11-30 2023-06-13 广东科达洁能股份有限公司 Bridge connection private line establishment system based on Internet
CN110098975B (en) * 2019-04-03 2021-03-30 新浪网技术(中国)有限公司 Detection method and system for user to access internet through virtual private network
US11032203B2 (en) * 2019-04-26 2021-06-08 Juniper Networks, Inc. Providing predictable quality of service traffic steering
US11477176B1 (en) * 2021-05-27 2022-10-18 Microsoft Technology Licensing, Llc Throughput for a single VPN connection using multiple processing cores
CN114301632B (en) * 2021-12-02 2023-11-10 北京天融信网络安全技术有限公司 IPsec data processing method, terminal and storage medium

Family Cites Families (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US618226A (en) * 1899-01-24 Milk-heater
US5672929A (en) * 1992-03-03 1997-09-30 The Technology Partnership Public Limited Company Moving sensor using mechanical vibrations
WO1993017872A1 (en) * 1992-03-03 1993-09-16 The Technology Partnership Limited Electronic marking instrument
US5473607A (en) * 1993-08-09 1995-12-05 Grand Junction Networks, Inc. Packet filtering for data networks
US5384524A (en) * 1993-09-02 1995-01-24 Cirrus Logic, Inc. Voice coil motor control circuit and method for servo system control in a computer mass storage device
US6185409B1 (en) * 1995-11-30 2001-02-06 Amsc Subsidiary Corporation Network engineering/systems engineering system for mobile satellite communication system
US5809025A (en) * 1996-03-15 1998-09-15 Motorola, Inc. Virtual path-based static routing
US6073204A (en) * 1997-04-23 2000-06-06 Micron Technology, Inc. Memory system having flexible architecture and method
US5983350A (en) * 1996-09-18 1999-11-09 Secure Computing Corporation Secure firewall supporting different levels of authentication based on address or encryption status
US5944823A (en) * 1996-10-21 1999-08-31 International Business Machines Corporations Outside access to computer resources through a firewall
US6233686B1 (en) * 1997-01-17 2001-05-15 At & T Corp. System and method for providing peer level access control on a network
US6118087A (en) * 1997-03-31 2000-09-12 Idec Izumi Corporation Safety switch
US6021459A (en) * 1997-04-23 2000-02-01 Micron Technology, Inc. Memory system having flexible bus structure and method
US6175891B1 (en) * 1997-04-23 2001-01-16 Micron Technology, Inc. System and method for assigning addresses to memory devices
US5974499A (en) * 1997-04-23 1999-10-26 Micron Technology, Inc. Memory system having read modify write function and method
US6078985A (en) * 1997-04-23 2000-06-20 Micron Technology, Inc. Memory system having flexible addressing and method using tag and data bus communication
US6259456B1 (en) * 1997-04-30 2001-07-10 Canon Kabushiki Kaisha Data normalization techniques
AUPO647997A0 (en) * 1997-04-30 1997-05-22 Canon Information Systems Research Australia Pty Ltd Memory controller architecture
US6246396B1 (en) 1997-04-30 2001-06-12 Canon Kabushiki Kaisha Cached color conversion method and apparatus
US6173399B1 (en) * 1997-06-12 2001-01-09 Vpnet Technologies, Inc. Apparatus for implementing virtual private networks
US6055236A (en) * 1998-03-05 2000-04-25 3Com Corporation Method and system for locating network services with distributed network address translation
US6182226B1 (en) 1998-03-18 2001-01-30 Secure Computing Corporation System and method for controlling interactions between networks
US6226751B1 (en) * 1998-04-17 2001-05-01 Vpnet Technologies, Inc. Method and apparatus for configuring a virtual private network
US6175917B1 (en) * 1998-04-23 2001-01-16 Vpnet Technologies, Inc. Method and apparatus for swapping a computer operating system
US6154839A (en) * 1998-04-23 2000-11-28 Vpnet Technologies, Inc. Translating packet addresses based upon a user identifier
US6157955A (en) * 1998-06-15 2000-12-05 Intel Corporation Packet processing system including a policy engine having a classification unit
US6078957A (en) * 1998-11-20 2000-06-20 Network Alchemy, Inc. Method and apparatus for a TCP/IP load balancing and failover process in an internet protocol (IP) network clustering system
US6006259A (en) * 1998-11-20 1999-12-21 Network Alchemy, Inc. Method and apparatus for an internet protocol (IP) network clustering system
ATE297645T1 (en) * 1999-10-22 2005-06-15 Ericsson Telefon Ab L M MOBILE PHONE WITH BUILT-IN SECURITY FIRMWARE

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494744A (en) * 2018-03-07 2018-09-04 杭州迪普科技股份有限公司 A kind of IPsec VPN clients message processing method and device

Also Published As

Publication number Publication date
CN1600011A (en) 2005-03-23
AU2002319557A1 (en) 2003-01-29
WO2003007524A2 (en) 2003-01-23
JP2005508585A (en) 2005-03-31
CN100479451C (en) 2009-04-15
US20040117653A1 (en) 2004-06-17
BRPI0205727B1 (en) 2017-01-24
CA2452052A1 (en) 2003-01-23
EP1405452B1 (en) 2013-01-16
BR0205727A (en) 2004-07-06
CN101494649A (en) 2009-07-29
EP1405452A2 (en) 2004-04-07
WO2003007524A3 (en) 2003-05-30
US7107464B2 (en) 2006-09-12
CN101494649B (en) 2012-08-22
JP4344609B2 (en) 2009-10-14

Similar Documents

Publication Publication Date Title
CA2452052C (en) Virtual private network mechanism incorporating security association processor
US6816455B2 (en) Dynamic packet filter utilizing session tracking
EP1966977B1 (en) Method and system for secure communication between a public network and a local network
US7454610B2 (en) Security association updates in a packet load-balanced system
EP1203477B1 (en) Protection of communications
US7434045B1 (en) Method and apparatus for indexing an inbound security association database
US20190007374A1 (en) Reduction and acceleration of a deterministic finite automaton
GB2317792A (en) Virtual Private Network for encrypted firewall
US20100275008A1 (en) Method and apparatus for secure packet transmission
Wang et al. SICS: Secure and dynamic middlebox outsourcing
Fahandezh A framework for IPSec functional architecture.
HanPing et al. Research and Design for IPSec Architecture on Kernel
Song et al. One new research about IPSec communication based on HTTP tunnel
Ming et al. Research and Implementation of IPSec in IC Payment Gateway
Sobhi et al. Transient State Analysis of a Firewall System
Wenhong IP security gateway in E-Business
Güvensan et al. Protocol Independent Lightweight Secure Communication.
Kim et al. Analyses of Crypto Module for Gbps VPN System

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20190710