The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Mar. 30, 2004
Filed:
Aug. 12, 1999
Kira Sterling Attwood, Chapel Hill, NC (US);
James Russell Godwin, Raleigh, NC (US);
Linwood Hugh Overby, Jr., Raleigh, NC (US);
Brian Sean Perry, Johnson City, NY (US);
David John Wierbowski, Owego, NY (US);
International Business Machines Corporation, Armonk, NY (US);
Abstract
Ipsec rules are searched in order from rules containing the most specificity to those containing the least specificity of attributes. The static rules include placeholders for sets of dynamic rules. Dynamic rules are searched only if a placeholder is the first matching rule in the static table. Sets of dynamic rules are partitioned into separate groups. Within each group there is no rule order dependence. Each such group is searched with an enhanced search mechanism, such as a search tree. For connection oriented protocols, security rule binding information is stored in association with the connection. This allows the searching of the rules to be performed only when a connection is first established. If a static or dynamic rule is changed during a connection, a search is repeated. For selected connectionless protocols, packets are treated as if they were part of a simulated connection. A pseudo-connection memory block is allocated with the creation of each socket and Ipsec security binding information is stored in the pseudo-connection memory block on a first packet.