Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: Techniques for processing filter rules are disclosed. To this end, filter rules having one or more attributes where each attribute indicates a condition to qualify whether a filter rule applies to a subsequent event are received. Summary rules are generated where each summary rule has a number of summary conditions. Some filter rules become associated with the generated summary rules. The summary conditions are extended to span the attributes of the associated filter rules.

Abstract: The invention provides a system and method for “partitioning” a “namespace” managed by a name (or “directory”) registration server according to “security label” or other security attributes to allow the same registered (e.g., “domain”) name to be used for processing resource(s)/service(s)/application(s) operating under different security labels.

Abstract: The invention provides a system and method for sharing (or “multiplexing”) of the same internet (IP) address/port by multiple instances of multiple level security and/or single level security (SLS) server applications (each of which is used for processing one or more client request(s) falling within a range of security labels or other security attribute(s)) where the client processing request is directed to the system server capable of processing the request using the identified security label.

Abstract: The invention provides a system and method for “partitioning” a “namespace” managed by a name (or “directory”) registration server according to “security label” or other security attributes to allow the same registered (e.g., “domain”) name to be used for processing resource(s)/service(s)/application(s) operating under different security labels.

Abstract: The invention provides a system and method for sharing (or “multiplexing”) of the same internet (IP) address/port by multiple instances of multiple level security and/or single level security (SLS) server applications (each of which is used for processing one or more client request(s) falling within a range of security labels or other security attribute(s)) where the client processing request is directed to the system server capable of processing the request using the identified security label.