摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide a mechanism for transferring a processor control of an IPSec (secure internet protocol) SA (security association) function between a host and target processing devices of a computerized system such as a host CPU, a processor in a NIC, etc. <P>SOLUTION: In one embodiment of the present invention, a calculation relating to authentication and/or encryption is to be off-loaded, while the host holds a control about off-load, up-load, nullification, and key-update of a SA function when to be performed. The devices cooperatively hold metrics relating to the SA including both supports of software limitation and hardware limitation relating to term of validity of SA. Timer requirements are to be reduced to the minimum relating to a target. The SA function performed the off-load can be embedded into a state object performed the off-load except for intermediate software layers 908, 910, 912 of the network stack. <P>COPYRIGHT: (C)2006,JPO&NCIPI</p> |