Secure encrypted virtualization
US-2018165224-A1 · Jun 14, 2018 · US
Distribution of private session key to network communication device for secured communications
US11765142B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-11765142-B1 |
| Application number | US-202217883328-A |
| Country | US |
| Kind code | B1 |
| Filing date | Aug 8, 2022 |
| Priority date | Aug 8, 2022 |
| Publication date | Sep 19, 2023 |
| Grant date | Sep 19, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate, to the client device via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate, by the network communication device, decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate, from the network communication device to the user space software, the decrypted inbound session packets.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving from an operating system space a port identifier for a port provided by the operating system space to be used by user space software for a communication session; establishing a secure communication tunnel between the user space software and a client device; communicating, from the user space software to a network communication device, via the port identified by the port identifier, a private session key, the private session key communicated to the network communication device in at least one User Datagram Protocol (UDP) datagram; and communicating, from the user space software to the network communication device, outbound session packets; wherein the network communication device is programmed to initiate operations comprising: generating, by the network communication device, encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicating, by the network communication device to the client device via the secured communication tunnel, the encrypted outbound session packets; receiving, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generating, by the network communication device, decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicating, from the network communication device to the user space software, the decrypted inbound session packets. 2. The method of claim 1 , wherein: the communicating, from the user space software to the network communication device, the outbound session packets comprises communicating the outbound session packets to the network communication device via the port identified by the port identifier; and the communicating, from the network communication device to the user space software, the decrypted inbound session packets comprises communicating the decrypted inbound session packets to the user space software via the port identified by the port identifier. 3. The method of claim 1 , further comprising: communicating, from the user space software to the network communication device, a n-tuple, the n-tuple comprising data indicating a source IP address and a destination IP address, wherein the network communication device stores the n-tuple in association with the private session key to a software stack of the network communication device. 4. The method of claim 3 , further comprising: receiving, by the user space software from the network communication device, another UDP datagram indicating a completion status indicating that reception and storage of the n-tuple and private session key by the network communication device is complete; wherein the communicating, from the user space software to the network communication device, the outbound session packets is responsive to the receiving from the network communication device the other UDP datagram indicating a completion status indicating that reception and storage of the n-tuple and private session key by the network communication device is complete. 5. The method of claim 1 , wherein the private session key is not known to, nor discovered by, a hypervisor stack nor an operating system space of a data processing system hosting the user space software. 6. The method of claim 1 , wherein: the establishing the secure communication tunnel between the user space software and the client device comprises exchanging public keys between the user space software and the client device; and the public keys are not known to, nor discovered by, a hypervisor stack nor an operating system space hosting the user space software. 7. A system, comprising: a processor programmed to initiate executable operations comprising: receiving from an operating system space a port identifier for a port provided by the operating system space to be used by user space software for a communication session; establishing a secure communication tunnel between user space software and a client device; communicating, from the user space software to a network communication device, via the port identified by the port identifier, a private session key, the private session key communicated to the network communication device in at least one User Datagram Protocol (UDP) datagram; and communicating, from the user space software to the network communication device, outbound session packets; wherein the network communication device is programmed to initiate executable operations comprising: generating, by the network communication device, encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicating, by the network communication device to the client device via the secured communication tunnel, the encrypted outbound session packets; receiving, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generating, by the network communication device, decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicating, from the network communication device to the user space software, the decrypted inbound session packets. 8. The system of claim 7 , wherein: the communicating, from the user space software to the network communication device, the outbound session packets comprises communicating the outbound session packets to the network communication device via the port identified by the port identifier; and the communicating, from the network communication device to the user space software, the decrypted inbound session packets comprises communicating the decrypted inbound session packets to the user space software via the port identified by the port identifier. 9. The system of claim 7 , the executable operations further comprising: communicating, from the user space software to the network communication device, a n-tuple, the n-tuple comprising data indicating a source IP address and a destination IP address, wherein the network communication device stores the n-tuple in association with the private session key to a software stack of the network communication device. 10. The system of claim 9 , the executable operations further comprising: receiving, by the user space software from the network communication device, another UDP datagram indicating a completion status indicating that reception and storage of the n-tuple and private session key by the network communication device is complete; wherein the communicating, from the user space software to the network communication device, the outbound session packets is responsive to the receiving from the network communication device the other UDP datagram indicating a completion status indicating that reception and storage of the n-tuple and private session key by the network communication device is complete. 11. The system of claim 7 , wherein the private session key is not known to, nor discovered by, a hypervisor stack nor an operating system space of a data processing system hosting the user space software. 12. The system of claim 7 , wherein: the establishing the secure communication tunnel between the user space software and the client device comprises exchanging public keys between the user space software and the client device; and the public keys are not known to, nor discovered by, a hypervisor stack nor an operating system space hosting the user space software. 13. A computer program product, comprising: one or more computer readable storage mediums having program code stored thereon, the program code st
Assignees
Inventors
Classifications
- H04L63/0435Primary
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
Address processing for routing · CPC title
- H04L69/16Primary
Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP] · CPC title
involving Diffie-Hellman or related key agreement protocols · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11765142B1 cover?
- A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device. The network communication device c…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0435. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 19 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).