Browse Prior Art Database

Network Security Adapter

IP.com Disclosure Number: IPCOM000117632D
Original Publication Date: 1996-Apr-01
Included in the Prior Art Database: 2005-Mar-31
Document File: 2 page(s) / 79K

Publishing Venue

IBM

Related People

Chamberlain, DR: AUTHOR [+2]

Abstract

Disclosed is an adapter card concept that provides security for communication networks. The concept solves the problem of requiring two separate adapter cards for providing security over communications networks.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 53% of the total text.

Network Security Adapter

      Single Solution Encryption and Networking Adapter

      Disclosed is an adapter card concept that provides security for
communication networks.  The concept solves the problem of requiring
two separate adapter cards for providing security over communications
networks.

      The disclosed method solves the problem of supporting security
encryption solutions on a communications adapter.  Today's current
encryption solutions require the use of separate encryption support
for workstations and separate communications adapter support.  This
solution combines these separate features into a single product,
taking advantage of commonality of function and interfaces, resulting
in reduced cost to the customer and reducing the number of adapter
slots required in a workstation.

      This disclosure takes the concept of combining an encryption
subsystem with the hardware design used in today's busmaster
technologies.  The encryption subsystem includes the encryption
hardware, key management, and software support for determining which
of the communications frames received from the network should be
processed by the encryption hardware.  The encryption subsystem must
have the ability to 'intercept' the data that is passed on the
communication adapter's internal bus.  This could be supported by
moving the bus control function into the frame filtering support
hardware that would communicate to the encryption subsystem.  See the
Figure for an illustration example of a security based LAN adapter.

For frame reception the flow would be as follows:
  o  The frame would be passed through the protocol chip to the frame
      filter hardware where the filtering determination would be made
      to send the frame on to the...