WO2006060571A3 - A runtime adaptable security processor - Google Patents

A runtime adaptable security processor Download PDF

Info

Publication number
WO2006060571A3
WO2006060571A3 PCT/US2005/043469 US2005043469W WO2006060571A3 WO 2006060571 A3 WO2006060571 A3 WO 2006060571A3 US 2005043469 W US2005043469 W US 2005043469W WO 2006060571 A3 WO2006060571 A3 WO 2006060571A3
Authority
WO
WIPO (PCT)
Prior art keywords
security
layer
processing
processor
disclosed
Prior art date
Application number
PCT/US2005/043469
Other languages
French (fr)
Other versions
WO2006060571A2 (en
Inventor
Ashish A Pandya
Original Assignee
Ashish A Pandya
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ashish A Pandya filed Critical Ashish A Pandya
Priority to US11/323,165 priority Critical patent/US7685254B2/en
Publication of WO2006060571A2 publication Critical patent/WO2006060571A2/en
Publication of WO2006060571A3 publication Critical patent/WO2006060571A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/12Protocol engines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/323Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the physical layer [OSI layer 1]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/326Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the transport layer [OSI layer 4]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Abstract

A runtime adaptable security processor (6614) is disclosed. The processor architecture provides capabilities to transport and process Internet Protocol (IP) packets from Layer 2 through transport protocol layer and may also provide packet inspection through Layer 7. Further, a runtime adaptable processor is coupled to the protocol processing hardware (6615) and may be dynamically adapted to perform hardware tasks as per the needs of the network traffic being sent or received and/or the policies programmed or services or applications being supported. A set of engines (6603-6606) may perform pass-through packet classification, policy processing and/or security processing enabling packet streaming through the architecture at nearly the full line rate. A high performance content search and rules processing security processor is disclosed which may be used for application layer and network layer security. A scheduler schedules packets to packet processors for processing. An internal memory or local session database cache stores a session information database for a certain number of active sessions. The session information that is not in the internal memory is stored and retrieved to/from an additional memory. An application running on an initiator or target can in certain instantiations register a region of memory, which is made available to its peer(s) for access directly without substantial host intervention through RDMA data transfer. A security system is also disclosed that enables a new way of implementing security capabilities inside enterprise networks in a distributed manner using a protocol processing hardware with appropriate security features.
PCT/US2005/043469 2003-06-10 2005-12-02 A runtime adaptable security processor WO2006060571A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/323,165 US7685254B2 (en) 2003-06-10 2005-12-30 Runtime adaptable search processor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/004,742 US20050108518A1 (en) 2003-06-10 2004-12-02 Runtime adaptable security processor
US11/004,742 2004-12-02

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/323,165 Continuation-In-Part US7685254B2 (en) 2003-06-10 2005-12-30 Runtime adaptable search processor

Publications (2)

Publication Number Publication Date
WO2006060571A2 WO2006060571A2 (en) 2006-06-08
WO2006060571A3 true WO2006060571A3 (en) 2007-09-07

Family

ID=36565725

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/043469 WO2006060571A2 (en) 2003-06-10 2005-12-02 A runtime adaptable security processor

Country Status (2)

Country Link
US (2) US20050108518A1 (en)
WO (1) WO2006060571A2 (en)

Families Citing this family (226)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7130843B2 (en) * 2002-05-20 2006-10-31 International Business Machines Corporation Method, system and program product for locating personal information over a network
US7487264B2 (en) 2002-06-11 2009-02-03 Pandya Ashish A High performance IP processor
US7415723B2 (en) * 2002-06-11 2008-08-19 Pandya Ashish A Distributed network security system and a hardware processor therefor
US7219131B2 (en) * 2003-01-16 2007-05-15 Ironport Systems, Inc. Electronic message delivery using an alternate source approach
US7895649B1 (en) 2003-04-04 2011-02-22 Raytheon Company Dynamic rule generation for an enterprise intrusion detection system
CA2759064C (en) 2003-05-23 2017-04-04 Washington University Intellegent data storage and processing using fpga devices
US10572824B2 (en) 2003-05-23 2020-02-25 Ip Reservoir, Llc System and method for low latency multi-functional pipeline with correlation logic and selectively activated/deactivated pipelined data processing engines
US7685254B2 (en) * 2003-06-10 2010-03-23 Pandya Ashish A Runtime adaptable search processor
US20040268124A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation, Espoo, Finland Systems and methods for creating and maintaining a centralized key store
US7111102B2 (en) * 2003-10-06 2006-09-19 Cisco Technology, Inc. Port adapter for high-bandwidth bus
US7155706B2 (en) * 2003-10-24 2006-12-26 Microsoft Corporation Administrative tool environment
US7890751B1 (en) * 2003-12-03 2011-02-15 Comtech Ef Data Corp Method and system for increasing data access in a secure socket layer network environment
EP1716676B1 (en) * 2004-02-17 2012-06-13 Cisco Technology, Inc. Collecting, aggregating, and managing information relating to electronic messages
US20050204037A1 (en) * 2004-03-09 2005-09-15 Levy Kenneth L. Method and apparatus for content identification/control
US7756930B2 (en) * 2004-05-28 2010-07-13 Ironport Systems, Inc. Techniques for determining the reputation of a message sender
US7870200B2 (en) * 2004-05-29 2011-01-11 Ironport Systems, Inc. Monitoring the flow of messages received at a server
US7873695B2 (en) 2004-05-29 2011-01-18 Ironport Systems, Inc. Managing connections and messages at a server by associating different actions for both different senders and different recipients
US7849142B2 (en) * 2004-05-29 2010-12-07 Ironport Systems, Inc. Managing connections, messages, and directory harvest attacks at a server
US7748038B2 (en) * 2004-06-16 2010-06-29 Ironport Systems, Inc. Method and apparatus for managing computer virus outbreaks
US7573895B2 (en) * 2004-06-24 2009-08-11 Intel Corporation Software assisted RDMA
US7656901B2 (en) * 2004-08-10 2010-02-02 Meshnetworks, Inc. Software architecture and hardware abstraction layer for multi-radio routing and method for providing the same
US8560475B2 (en) 2004-09-10 2013-10-15 Cavium, Inc. Content search mechanism that uses a deterministic finite automata (DFA) graph, a DFA state machine, and a walker process
US8301788B2 (en) * 2004-09-10 2012-10-30 Cavium, Inc. Deterministic finite automata (DFA) instruction
US8392590B2 (en) * 2004-09-10 2013-03-05 Cavium, Inc. Deterministic finite automata (DFA) processing
WO2006029508A1 (en) * 2004-09-13 2006-03-23 Solace Systems Inc. Highly scalable subscription matching for a content routing network
JP4391375B2 (en) * 2004-09-30 2009-12-24 フェリカネットワークス株式会社 Information management apparatus and method, and program
US8151245B2 (en) * 2004-12-17 2012-04-03 Computer Associates Think, Inc. Application-based specialization for computing nodes within a distributed processing system
US7984513B1 (en) * 2005-02-09 2011-07-19 Liquid Machines, Inc. Method and system for using a rules engine for enforcing access and usage policies in rights-aware applications
US20060190997A1 (en) * 2005-02-22 2006-08-24 Mahajani Amol V Method and system for transparent in-line protection of an electronic communications network
JP2008532177A (en) 2005-03-03 2008-08-14 ワシントン ユニヴァーシティー Method and apparatus for performing biological sequence similarity searches
US8656488B2 (en) * 2005-03-11 2014-02-18 Trend Micro Incorporated Method and apparatus for securing a computer network by multi-layer protocol scanning
US7536681B2 (en) * 2005-03-22 2009-05-19 Intel Corporation Processing secure metadata at wire speed
US7624373B2 (en) * 2005-03-31 2009-11-24 Microsoft Corporation Security mechanism for interpreting scripts in an interpretive environment
US7685165B2 (en) * 2005-04-01 2010-03-23 International Business Machines Corporation Policy based resource management for legacy data
US7631341B2 (en) * 2005-04-28 2009-12-08 Microsoft Corporation Extensible security architecture for an interpretive environment
US20060253555A1 (en) * 2005-05-04 2006-11-09 Kwok-Yan Leung Remote control apparatus
US20070097976A1 (en) * 2005-05-20 2007-05-03 Wood George D Suspect traffic redirection
US8078740B2 (en) * 2005-06-03 2011-12-13 Microsoft Corporation Running internet applications with low rights
US8631483B2 (en) * 2005-06-14 2014-01-14 Texas Instruments Incorporated Packet processors and packet filter processes, circuits, devices, and systems
EP1897333B1 (en) * 2005-06-21 2013-03-27 Partners for Corporate Research International Method for parallel data integrity checking of pci express devices
US7784094B2 (en) * 2005-06-30 2010-08-24 Intel Corporation Stateful packet content matching mechanisms
US8572733B1 (en) 2005-07-06 2013-10-29 Raytheon Company System and method for active data collection in a network security system
WO2007006146A1 (en) * 2005-07-12 2007-01-18 Advancedio Systems Inc. System and method of offloading protocol functions
WO2007069095A2 (en) * 2005-07-18 2007-06-21 Broadcom Israel R & D Method and system for transparent tcp offload
US8078867B2 (en) 2005-08-12 2011-12-13 Research In Motion Limited System and method for authenticating streamed data
US7950058B1 (en) 2005-09-01 2011-05-24 Raytheon Company System and method for collaborative information security correlation in low bandwidth environments
US8224761B1 (en) * 2005-09-01 2012-07-17 Raytheon Company System and method for interactive correlation rule design in a network security system
US7623534B1 (en) * 2005-09-09 2009-11-24 At&T Intellectual Property I, Lp Method and systems for content access and distribution
US20070061874A1 (en) * 2005-09-15 2007-03-15 International Business Machines Corporation System, method and program for determining a qualified support team to handle a security violation within a computer
US8301771B2 (en) * 2005-10-26 2012-10-30 Armstrong, Quinton Co. LLC Methods, systems, and computer program products for transmission control of sensitive application-layer data
US7562211B2 (en) * 2005-10-27 2009-07-14 Microsoft Corporation Inspecting encrypted communications with end-to-end integrity
GB2416891B (en) * 2005-11-09 2006-11-01 Streamshield Networks Ltd A network implemented content processing system
US8468589B2 (en) * 2006-01-13 2013-06-18 Fortinet, Inc. Computerized system and method for advanced network content processing
US8832048B2 (en) * 2005-12-29 2014-09-09 Nextlabs, Inc. Techniques and system to monitor and log access of information based on system and user context using policies
US20070180101A1 (en) * 2006-01-10 2007-08-02 A10 Networks Inc. System and method for storing data-network activity information
US7849185B1 (en) 2006-01-10 2010-12-07 Raytheon Company System and method for attacker attribution in a network security system
KR100791290B1 (en) * 2006-02-10 2008-01-04 삼성전자주식회사 Apparatus and method for using information of malicious application's behavior across devices
US20070192856A1 (en) * 2006-02-14 2007-08-16 Freescale Semiconductor, Inc. Method and apparatus for network security
JP4662273B2 (en) * 2006-03-24 2011-03-30 富士通株式会社 Communication apparatus, method and program
US7596628B2 (en) * 2006-05-01 2009-09-29 Broadcom Corporation Method and system for transparent TCP offload (TTO) with a user space library
US8151322B2 (en) 2006-05-16 2012-04-03 A10 Networks, Inc. Systems and methods for user access authentication based on network access point
US7756843B1 (en) * 2006-05-25 2010-07-13 Juniper Networks, Inc. Identifying and processing confidential information on network endpoints
US8185737B2 (en) 2006-06-23 2012-05-22 Microsoft Corporation Communication across domains
EP2036264A4 (en) * 2006-06-29 2010-10-06 Verint Americas Inc Systems and methods for providing recording as a network service
US7903568B2 (en) 2006-06-29 2011-03-08 Verint Americas Inc. Systems and methods for providing recording as a network service
US7660307B2 (en) 2006-06-29 2010-02-09 Verint Americas Inc. Systems and methods for providing recording as a network service
US7624105B2 (en) * 2006-09-19 2009-11-24 Netlogic Microsystems, Inc. Search engine having multiple co-processors for performing inexact pattern search operations
US9125130B2 (en) * 2006-09-25 2015-09-01 Hewlett-Packard Development Company, L.P. Blacklisting based on a traffic rule violation
US7716378B2 (en) 2006-10-17 2010-05-11 A10 Networks, Inc. System and method to associate a private user identity with a public user identity
US8312507B2 (en) 2006-10-17 2012-11-13 A10 Networks, Inc. System and method to apply network traffic policy to an application session
US7660793B2 (en) 2006-11-13 2010-02-09 Exegy Incorporated Method and system for high performance integration, processing and searching of structured and unstructured data using coprocessors
US8326819B2 (en) 2006-11-13 2012-12-04 Exegy Incorporated Method and system for high performance data metatagging and data indexing using coprocessors
US8811156B1 (en) 2006-11-14 2014-08-19 Raytheon Company Compressing n-dimensional data
EP1927956A1 (en) * 2006-11-30 2008-06-04 Incard SA Multi-applications IC Card with secure management of applications
US7996348B2 (en) 2006-12-08 2011-08-09 Pandya Ashish A 100GBPS security and search architecture using programmable intelligent search memory (PRISM) that comprises one or more bit interval counters
US20110029549A1 (en) * 2006-12-08 2011-02-03 Pandya Ashish A Signature search architecture for programmable intelligent search memory
US9141557B2 (en) 2006-12-08 2015-09-22 Ashish A. Pandya Dynamic random access memory (DRAM) that comprises a programmable intelligent search memory (PRISM) and a cryptography processing engine
WO2008073824A1 (en) * 2006-12-08 2008-06-19 Pandya Ashish A Dynamic programmable intelligent search memory
US7827190B2 (en) * 2006-12-08 2010-11-02 Pandya Ashish A Complex symbol evaluation for programmable intelligent search memory
US7890692B2 (en) * 2007-08-17 2011-02-15 Pandya Ashish A FSA context switch architecture for programmable intelligent search memory
US9015301B2 (en) * 2007-01-05 2015-04-21 Digital Doors, Inc. Information infrastructure management tools with extractor, secure storage, content analysis and classification and method therefor
US8448234B2 (en) * 2007-02-15 2013-05-21 Marvell Israel (M.I.S.L) Ltd. Method and apparatus for deep packet inspection for network intrusion detection
US8418135B2 (en) * 2007-05-31 2013-04-09 Red Hat, Inc. Method and apparatus to abstract away rule languages
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US20090064287A1 (en) 2007-08-28 2009-03-05 Rohati Systems, Inc. Application protection architecture with triangulated authorization
US8042185B1 (en) * 2007-09-27 2011-10-18 Netapp, Inc. Anti-virus blade
US7822841B2 (en) * 2007-10-30 2010-10-26 Modern Grids, Inc. Method and system for hosting multiple, customized computing clusters
US8086609B2 (en) 2007-11-01 2011-12-27 Cavium, Inc. Graph caching
US8819217B2 (en) * 2007-11-01 2014-08-26 Cavium, Inc. Intelligent graph walking
US7949683B2 (en) 2007-11-27 2011-05-24 Cavium Networks, Inc. Method and apparatus for traversing a compressed deterministic finite automata (DFA) graph
US8180803B2 (en) * 2007-11-27 2012-05-15 Cavium, Inc. Deterministic finite automata (DFA) graph compression
US8316442B2 (en) * 2008-01-15 2012-11-20 Microsoft Corporation Preventing secure data from leaving the network perimeter
US20090252147A1 (en) * 2008-04-03 2009-10-08 Inventec Corporation Storage server implemented by internet small computer systems interface in linux system
US8392881B1 (en) * 2008-05-13 2013-03-05 Google Inc. Supporting efficient access to object properties in a dynamic object-oriented programming language
US8094560B2 (en) * 2008-05-19 2012-01-10 Cisco Technology, Inc. Multi-stage multi-core processing of network packets
US8667556B2 (en) * 2008-05-19 2014-03-04 Cisco Technology, Inc. Method and apparatus for building and managing policies
US20090288104A1 (en) * 2008-05-19 2009-11-19 Rohati Systems, Inc. Extensibility framework of a network element
US8677453B2 (en) * 2008-05-19 2014-03-18 Cisco Technology, Inc. Highly parallel evaluation of XACML policies
US8463181B2 (en) * 2008-08-14 2013-06-11 Mediatek Inc. Communication apparatuses and methods for flexibly providing various application profiles of a wireless communication system
US20100070471A1 (en) * 2008-09-17 2010-03-18 Rohati Systems, Inc. Transactional application events
US8813221B1 (en) * 2008-09-25 2014-08-19 Sonicwall, Inc. Reassembly-free deep packet inspection on multi-core hardware
US8763008B2 (en) 2008-09-30 2014-06-24 Ebay Inc. System and method for processing messages using native data serialization/deserialization in a service-oriented pipeline architecture
US8135785B2 (en) * 2008-09-30 2012-03-13 Ebay Inc. System and method for processing messages using pluggable protocol processors in a service-oriented pipeline architecture
US8806506B2 (en) * 2008-09-30 2014-08-12 Ebay Inc. System and method for processing messages using a common interface platform supporting multiple pluggable data formats in a service-oriented pipeline architecture
US9306793B1 (en) * 2008-10-22 2016-04-05 Alacritech, Inc. TCP offload device that batches session layer headers to reduce interrupts as well as CPU copies
US8473523B2 (en) * 2008-10-31 2013-06-25 Cavium, Inc. Deterministic finite automata graph traversal with nodal bit mapping
US20100153550A1 (en) * 2008-12-15 2010-06-17 Broadcom Corporation Pluggable device that enables an addition of security functionality in a network
US20120095893A1 (en) 2008-12-15 2012-04-19 Exegy Incorporated Method and apparatus for high-speed processing of financial market depth data
US8341280B2 (en) * 2008-12-30 2012-12-25 Ebay Inc. Request and response decoupling via pluggable transports in a service oriented pipeline architecture for a request response message exchange pattern
JP2010193024A (en) * 2009-02-17 2010-09-02 Seiko Epson Corp Network connection control system
US8719016B1 (en) 2009-04-07 2014-05-06 Verint Americas Inc. Speech analytics system and system and method for determining structured speech
TW201040678A (en) * 2009-05-13 2010-11-16 Acrosser Technology Co Ltd Multi-point universal encryption transmission interface apparatus
US8054848B2 (en) * 2009-05-19 2011-11-08 International Business Machines Corporation Single DMA transfers from device drivers to network adapters
IL199115A (en) 2009-06-03 2013-06-27 Verint Systems Ltd Systems and methods for efficient keyword spotting in communication traffic
US20110016154A1 (en) * 2009-07-17 2011-01-20 Rajan Goyal Profile-based and dictionary based graph caching
US10115065B1 (en) 2009-10-30 2018-10-30 Verint Americas Inc. Systems and methods for automatic scheduling of a workforce
JP5532849B2 (en) * 2009-11-20 2014-06-25 富士通株式会社 Computer, interprocess communication program, and interprocess communication method
US8644438B2 (en) * 2010-01-30 2014-02-04 Robert Welland Method and apparatus for providing a synthetic system
US9552299B2 (en) * 2010-06-11 2017-01-24 California Institute Of Technology Systems and methods for rapid processing and storage of data
US8782434B1 (en) 2010-07-15 2014-07-15 The Research Foundation For The State University Of New York System and method for validating program execution at run-time
US8700593B1 (en) 2010-07-16 2014-04-15 Netlogic Microsystems, Inc. Content search system having pipelined engines and a token stitcher
US8589405B1 (en) 2010-07-16 2013-11-19 Netlogic Microsystems, Inc. Token stitcher for a content search system having pipelined engines
US8572106B1 (en) 2010-07-16 2013-10-29 Netlogic Microsystems, Inc. Memory management in a token stitcher for a content search system having pipelined engines
US10127335B2 (en) 2010-08-22 2018-11-13 Qwilt, Inc System and method of performing analytics with respect to content storing servers caching popular content
US10097863B2 (en) 2010-08-22 2018-10-09 Qwilt, Inc. System and method for live service content handling with content storing servers caching popular content therein
US10097428B2 (en) 2010-08-22 2018-10-09 Qwilt, Inc. System and method for caching popular content respective of a content strong server in an asymmetrical routing topology
US9774670B2 (en) * 2010-08-22 2017-09-26 Qwilt, Inc. Methods for detection of content servers and caching popular content therein
US11032583B2 (en) 2010-08-22 2021-06-08 QWLT, Inc. Method and system for improving high availability for live content
US8949414B2 (en) * 2010-12-29 2015-02-03 Citrix Systems, Inc. Systems and methods for scalable N-core stats aggregation
US10122735B1 (en) 2011-01-17 2018-11-06 Marvell Israel (M.I.S.L) Ltd. Switch having dynamic bypass per flow
CN102110074B (en) * 2011-01-21 2012-05-30 杭州华三通信技术有限公司 Multi-core processor and flow classification control device and method thereof
US8799459B2 (en) * 2011-09-12 2014-08-05 Microsoft Corporation Event-driven detection of device presence for layer 3 services using layer 2 discovery information
US8819491B2 (en) 2011-09-16 2014-08-26 Tripwire, Inc. Methods and apparatus for remediation workflow
US8862941B2 (en) 2011-09-16 2014-10-14 Tripwire, Inc. Methods and apparatus for remediation execution
US9397960B2 (en) * 2011-11-08 2016-07-19 Mellanox Technologies Ltd. Packet steering
JP5915107B2 (en) * 2011-11-15 2016-05-11 株式会社バッファロー COMMUNICATION METHOD, COMMUNICATION DEVICE, STORAGE DEVICE, AND CONTROL PROGRAM
US9203805B2 (en) 2011-11-23 2015-12-01 Cavium, Inc. Reverse NFA generation and processing
US9047243B2 (en) 2011-12-14 2015-06-02 Ip Reservoir, Llc Method and apparatus for low latency data distribution
US20160342510A1 (en) * 2012-01-17 2016-11-24 Google Inc. Remote management of data planes and configuration of networking devices
US8667548B2 (en) * 2012-03-11 2014-03-04 Broadcom Corporation Audio/video channel bonding architecture
US10121196B2 (en) 2012-03-27 2018-11-06 Ip Reservoir, Llc Offload processing of data packets containing financial market data
US9990393B2 (en) 2012-03-27 2018-06-05 Ip Reservoir, Llc Intelligent feed switch
US10650452B2 (en) 2012-03-27 2020-05-12 Ip Reservoir, Llc Offload processing of data packets
US11436672B2 (en) 2012-03-27 2022-09-06 Exegy Incorporated Intelligent switch for processing financial market data
WO2013143611A1 (en) * 2012-03-30 2013-10-03 Nokia Siemens Networks Oy Centralized ip address management for distributed gateways
JP5968077B2 (en) * 2012-05-22 2016-08-10 キヤノン株式会社 Information processing apparatus, control method therefor, program, and image processing apparatus
US20150200962A1 (en) * 2012-06-04 2015-07-16 The Board Of Regents Of The University Of Texas System Method and system for resilient and adaptive detection of malicious websites
US9229901B1 (en) 2012-06-08 2016-01-05 Google Inc. Single-sided distributed storage system
US9009311B2 (en) * 2012-07-24 2015-04-14 Hewlett-Packard Development Company, L.P. Initiator zoning in progress command
US9058122B1 (en) 2012-08-30 2015-06-16 Google Inc. Controlling access in a single-sided distributed storage system
US9164702B1 (en) 2012-09-07 2015-10-20 Google Inc. Single-sided distributed cache system
US9122873B2 (en) 2012-09-14 2015-09-01 The Research Foundation For The State University Of New York Continuous run-time validation of program execution: a practical approach
EP2713570A1 (en) * 2012-09-28 2014-04-02 British Telecommunications public limited company Operation of a data network
KR101563059B1 (en) * 2012-11-19 2015-10-23 삼성에스디에스 주식회사 Anti-malware system and data processing method in same
US9530020B2 (en) 2013-01-22 2016-12-27 Amazon Technologies, Inc. Use of freeform metadata for access control
US10341281B2 (en) 2013-01-22 2019-07-02 Amazon Technologies, Inc. Access control policies associated with freeform metadata
KR101810755B1 (en) 2013-01-22 2017-12-19 아마존 테크놀로지스, 인크. Use of freeform metadata for access control
US9576141B2 (en) 2013-01-22 2017-02-21 Amazon Technologies, Inc. Access controls on the use of freeform metadata
CN105009135B (en) * 2013-02-28 2019-06-14 英特尔公司 For executing the method, apparatus and system of Binary Conversion
US10275375B2 (en) 2013-03-10 2019-04-30 Mellanox Technologies, Ltd. Network interface controller with compression capabilities
US9197362B2 (en) * 2013-03-15 2015-11-24 Mehdi Mahvi Global state synchronization for securely managed asymmetric network communication
US9122853B2 (en) 2013-06-24 2015-09-01 A10 Networks, Inc. Location determination for user authentication
US9563399B2 (en) 2013-08-30 2017-02-07 Cavium, Inc. Generating a non-deterministic finite automata (NFA) graph for regular expression patterns with advanced features
JP6351225B2 (en) * 2013-09-02 2018-07-04 キヤノン株式会社 Image processing apparatus, information processing system, control method therefor, and program for information processing apparatus and image processing apparatus
US9313274B2 (en) 2013-09-05 2016-04-12 Google Inc. Isolating clients of distributed storage systems
CN104679665A (en) * 2013-12-02 2015-06-03 中兴通讯股份有限公司 Method and system for achieving block storage of distributed file system
US11165770B1 (en) 2013-12-06 2021-11-02 A10 Networks, Inc. Biometric verification of a human internet user
US9513926B2 (en) * 2014-01-08 2016-12-06 Cavium, Inc. Floating mask generation for network packet flow
US9602532B2 (en) 2014-01-31 2017-03-21 Cavium, Inc. Method and apparatus for optimizing finite automata processing
US9904630B2 (en) * 2014-01-31 2018-02-27 Cavium, Inc. Finite automata processing based on a top of stack (TOS) memory
US10454991B2 (en) 2014-03-24 2019-10-22 Mellanox Technologies, Ltd. NIC with switching functionality between network ports
US10110558B2 (en) 2014-04-14 2018-10-23 Cavium, Inc. Processing of finite automata based on memory hierarchy
US10002326B2 (en) 2014-04-14 2018-06-19 Cavium, Inc. Compilation of finite automata based on memory hierarchy
US10154110B2 (en) 2014-04-22 2018-12-11 Qwilt, Inc. System and methods thereof for delivery of popular content using a multimedia broadcast multicast service
JP2016082508A (en) * 2014-10-21 2016-05-16 富士通株式会社 Information processing system, information processing apparatus and control method of information processing system
US10078763B2 (en) * 2014-11-19 2018-09-18 BAE Systems Information and Electronic Systems Integration Incc Programmable unit for metadata processing
US9553853B2 (en) * 2014-12-23 2017-01-24 Intel Corporation Techniques for load balancing in a packet distribution system
US10015048B2 (en) 2014-12-27 2018-07-03 Intel Corporation Programmable protocol parser for NIC classification and queue assignments
US9910615B2 (en) 2015-02-23 2018-03-06 Barefoot Networks, Inc. Coding scheme for indirect addressing of multiple action memories
US20160285735A1 (en) * 2015-03-23 2016-09-29 Brocade Communications Systems, Inc. Techniques for efficiently programming forwarding rules in a network system
US10911353B2 (en) 2015-06-17 2021-02-02 Extreme Networks, Inc. Architecture for a network visibility system
US10771475B2 (en) 2015-03-23 2020-09-08 Extreme Networks, Inc. Techniques for exchanging control and configuration information in a network visibility system
US10482263B2 (en) * 2015-04-01 2019-11-19 Microsoft Technology Licensing, Llc Computing on encrypted data using deferred evaluation
US9823938B2 (en) 2015-06-18 2017-11-21 Intel Corporation Providing deterministic, reproducible, and random sampling in a processor
US9825862B2 (en) 2015-08-26 2017-11-21 Barefoot Networks, Inc. Packet header field extraction
US9723027B2 (en) 2015-11-10 2017-08-01 Sonicwall Inc. Firewall informed by web server security policy identifying authorized resources and hosts
US9860259B2 (en) * 2015-12-10 2018-01-02 Sonicwall Us Holdings Inc. Reassembly free deep packet inspection for peer to peer networks
US9813338B2 (en) * 2015-12-10 2017-11-07 Cisco Technology, Inc. Co-existence of routable and non-routable RDMA solutions on the same network interface
US10235176B2 (en) 2015-12-17 2019-03-19 The Charles Stark Draper Laboratory, Inc. Techniques for metadata processing
US10936713B2 (en) * 2015-12-17 2021-03-02 The Charles Stark Draper Laboratory, Inc. Techniques for metadata processing
US9912774B2 (en) 2015-12-22 2018-03-06 Intel Corporation Accelerated network packet processing
US10021070B2 (en) * 2015-12-22 2018-07-10 Cisco Technology, Inc. Method and apparatus for federated firewall security
KR20170115802A (en) * 2016-04-08 2017-10-18 삼성전자주식회사 Electronic apparatus and IOT Device Controlling Method thereof
US10296464B2 (en) 2016-12-09 2019-05-21 Intel Corporation System, apparatus and method for dynamic profiling in a processor
WO2018119035A1 (en) 2016-12-22 2018-06-28 Ip Reservoir, Llc Pipelines for hardware-accelerated machine learning
US11245572B1 (en) 2017-01-31 2022-02-08 Barefoot Networks, Inc. Messaging between remote controller and forwarding element
US10599856B2 (en) * 2017-06-07 2020-03-24 International Business Machines Corporation Network security for data storage systems
US10826840B1 (en) 2017-07-23 2020-11-03 Barefoot Networks, Inc. Multiple copies of stateful tables
US10356128B1 (en) * 2017-07-27 2019-07-16 Vmware, Inc. Tag-based policy architecture
US11469953B2 (en) 2017-09-27 2022-10-11 Intel Corporation Interworking of legacy appliances in virtualized networks
US10594630B1 (en) 2017-09-28 2020-03-17 Barefoot Networks, Inc. Expansion of packet data within processing pipeline
CN116260776A (en) * 2017-10-24 2023-06-13 英特尔公司 Hardware assisted virtual switch
US20210042100A1 (en) 2018-02-02 2021-02-11 Dover Microsystems, Inc. System and method for translating mapping policy into code
EP3746925A1 (en) 2018-02-02 2020-12-09 The Charles Stark Draper Laboratory Inc. Systems and methods for policy execution processing
US10701032B2 (en) * 2018-02-13 2020-06-30 Palo Alto Networks, Inc. Application layer signaling security with next generation firewall
JP6948472B2 (en) * 2018-02-13 2021-10-13 パロ アルト ネットワークス, インコーポレイテッドPalo Alto Networks, Inc. Transport layer signal security with next-generation firewall
US10715491B2 (en) * 2018-02-13 2020-07-14 Palo Alto Networks, Inc. Diameter security with next generation firewall
US10693838B2 (en) * 2018-02-13 2020-06-23 Palo Alto Networks, Inc. Transport layer signaling security with next generation firewall
US10701033B2 (en) * 2018-02-13 2020-06-30 Palo Alto Networks, Inc. Network layer signaling security with next generation firewall
US11057432B2 (en) * 2018-04-10 2021-07-06 Nutanix, Inc. Creation of security policies using a visual approach
EP3788488A1 (en) 2018-04-30 2021-03-10 Dover Microsystems, Inc. Systems and methods for checking safety properties
CN109408463B (en) * 2018-09-21 2020-12-08 深圳市九洲电器有限公司 File distributed storage method and device and node server
TW202022679A (en) 2018-11-06 2020-06-16 美商多佛微系統公司 Systems and methods for stalling host processor
US11841956B2 (en) 2018-12-18 2023-12-12 Dover Microsystems, Inc. Systems and methods for data lifecycle protection
EP3903461B1 (en) * 2018-12-24 2023-09-13 British Telecommunications public limited company Packet analysis and filtering
EP3942398A4 (en) 2019-05-23 2023-04-05 Hewlett Packard Enterprise Development LP System and method for facilitating data request management in a network interface controller (nic)
EP3757813A3 (en) 2019-06-18 2021-01-20 Tenstorrent Inc. Processor cores using packet identifiers for routing and computation
US20210409487A1 (en) * 2019-07-30 2021-12-30 Alibaba Group Holding Limited Apparatus and method for controlling data transmission in network system
US11159610B2 (en) 2019-10-10 2021-10-26 Dell Products, L.P. Cluster formation offload using remote access controller group manager
CN110933054B (en) * 2019-11-19 2022-04-15 北京西南交大盛阳科技有限公司 Data network security protection method and device, computer equipment and storage medium
WO2021130828A1 (en) * 2019-12-23 2021-07-01 日本電信電話株式会社 Intra-server delay control device, intra-server delay control method, and program
US11398979B2 (en) 2020-10-28 2022-07-26 Mellanox Technologies, Ltd. Dynamic processing trees
US11374838B1 (en) * 2021-03-29 2022-06-28 Mellanox Technologies, Ltd. Using a data processing unit (DPU) as a pre-processor for graphics processing unit (GPU) based machine learning
CN114154609A (en) * 2021-12-21 2022-03-08 福建省气象信息中心(福建省气象档案馆) One-way safe transmission simple device of private protocol
US20230247054A1 (en) * 2022-01-28 2023-08-03 Avago Technologies International Sales Pte. Limited High performance architecture for converged security systems and appliances
CN115967519B (en) * 2022-08-25 2024-04-09 云南电网有限责任公司 New energy station safety intelligent strategy calculation control system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US20040165588A1 (en) * 2002-06-11 2004-08-26 Pandya Ashish A. Distributed network security system and a hardware processor therefor

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5765011A (en) * 1990-11-13 1998-06-09 International Business Machines Corporation Parallel processing system having a synchronous SIMD processing with processing elements emulating SIMD operation using individual instruction streams
US6237029B1 (en) * 1996-02-26 2001-05-22 Argosystems, Inc. Method and apparatus for adaptable digital protocol processing
DE19654593A1 (en) * 1996-12-20 1998-07-02 Pact Inf Tech Gmbh Reconfiguration procedure for programmable blocks at runtime
US6205537B1 (en) * 1998-07-16 2001-03-20 University Of Rochester Mechanism for dynamically adapting the complexity of a microprocessor
US20020108059A1 (en) * 2000-03-03 2002-08-08 Canion Rodney S. Network security accelerator
US7069305B2 (en) * 2000-06-08 2006-06-27 Hitachi, Ltd. Computer system and a data transfer method thereof using remote direct memory access
JP2004526218A (en) * 2000-08-24 2004-08-26 ボルテール アドバンスト データ セキュリティ リミテッド Highly scalable and fast content-based filtering and load balancing system and method in interconnected fabric
US6611883B1 (en) * 2000-11-16 2003-08-26 Sun Microsystems, Inc. Method and apparatus for implementing PCI DMA speculative prefetching in a message passing queue oriented bus system
US20020085562A1 (en) * 2000-12-13 2002-07-04 International Business Machines Corporation IP headers for remote direct memory access and upper level protocol framing
US6947970B2 (en) * 2000-12-19 2005-09-20 Intel Corporation Method and apparatus for multilevel translation and protection table
CN100367730C (en) * 2001-02-14 2008-02-06 克利尔斯皮德科技有限公司 Interconnection system
US7149817B2 (en) * 2001-02-15 2006-12-12 Neteffect, Inc. Infiniband TM work queue to TCP/IP translation
US8051212B2 (en) * 2001-04-11 2011-11-01 Mellanox Technologies Ltd. Network interface adapter with shared data send resources
US6804673B2 (en) * 2001-04-19 2004-10-12 Fujitsu Limited Access assurance for remote memory access over network
US7017042B1 (en) * 2001-06-14 2006-03-21 Syrus Ziai Method and circuit to accelerate IPSec processing
US20030046474A1 (en) * 2001-06-21 2003-03-06 International Business Machines Corporation Mixed semantic storage I/O
US20030050990A1 (en) * 2001-06-21 2003-03-13 International Business Machines Corporation PCI migration semantic storage I/O
US7178145B2 (en) * 2001-06-29 2007-02-13 Emc Corporation Queues for soft affinity code threads and hard affinity code threads for allocation of processors to execute the threads in a multi-processor system
US20030043794A1 (en) * 2001-09-06 2003-03-06 Cayton Phil C. Data stream multiplexing in data network
US20030061296A1 (en) * 2001-09-24 2003-03-27 International Business Machines Corporation Memory semantic storage I/O
CA2358980A1 (en) * 2001-10-12 2003-04-12 Karthika Technologies Inc. Distributed security architecture for storage area networks (san)
US7248585B2 (en) * 2001-10-22 2007-07-24 Sun Microsystems, Inc. Method and apparatus for a packet classifier
US7380115B2 (en) * 2001-11-09 2008-05-27 Dot Hill Systems Corp. Transferring data using direct memory access
US20030105799A1 (en) * 2001-12-03 2003-06-05 Avaz Networks, Inc. Distributed processing architecture with scalable processing layers
US20030115447A1 (en) * 2001-12-18 2003-06-19 Duc Pham Network media access architecture and methods for secure storage
US6598144B1 (en) * 2001-12-12 2003-07-22 Advanced Micro Devices, Inc. Arrangement for limiting access to addresses by a consumer process instigating work in a channel adapter based on virtual address mapping
US7161904B2 (en) * 2002-06-04 2007-01-09 Fortinet, Inc. System and method for hierarchical metering in a virtual router based network switch
US6931530B2 (en) * 2002-07-22 2005-08-16 Vormetric, Inc. Secure network file access controller implementing access control and auditing
US20040027155A1 (en) * 2002-08-08 2004-02-12 Schlansker Michael S. System and method for self configuration of reconfigurable systems
US7468979B2 (en) * 2002-12-20 2008-12-23 Force10 Networks, Inc. Layer-1 packet filtering
US7464254B2 (en) * 2003-01-09 2008-12-09 Cisco Technology, Inc. Programmable processor apparatus integrating dedicated search registers and dedicated state machine registers with associated execution hardware to support rapid application of rulesets to data
US6988106B2 (en) * 2003-07-09 2006-01-17 Cisco Technology, Inc. Strong and searching a hierarchy of items of particular use with IP security policies and security associations

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US20040165588A1 (en) * 2002-06-11 2004-08-26 Pandya Ashish A. Distributed network security system and a hardware processor therefor

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"The Emerging FCIP Standard for Storage Area Network Connectivity Across TCP/IP Networks", STORAGE NETWORKING INDUSTRY ASSOCIATION (SNIA), June 2001 (2001-06-01), pages 2 *
RECIO R.: "An RDMA Protocol Specification (Version 1.0)", October 2002 (2002-10-01), pages 4, 46 *

Also Published As

Publication number Publication date
US20120117610A1 (en) 2012-05-10
WO2006060571A2 (en) 2006-06-08
US20050108518A1 (en) 2005-05-19

Similar Documents

Publication Publication Date Title
WO2006060571A3 (en) A runtime adaptable security processor
WO2005114339A3 (en) Runtime adaptable protocol processor
WO2005081855A3 (en) A distributed network security system and hardware processor therefor
WO2003104943A3 (en) High performance ip processor for tcp/ip, rdma and ip storage applications
US20200228433A1 (en) Computer-readable recording medium including monitoring program, programmable device, and monitoring method
US9794282B1 (en) Server with queuing layer mechanism for changing treatment of client connections
US9473460B2 (en) Using hypertext transfer protocol as a transport for bi-directional data streams
US7330908B2 (en) System and method for processing packets using location and content addressable memories
US7760733B1 (en) Filtering ingress packets in network interface circuitry
US7627674B2 (en) Speculative prefetch of protocol control information from an external memory unit
US9356844B2 (en) Efficient application recognition in network traffic
Hypolite et al. DeepMatch: practical deep packet inspection in the data plane using network processors
WO2007079095A3 (en) Runtime adaptable search processor
Xinidis et al. An active splitter architecture for intrusion detection and prevention
CN106973013A (en) Method and apparatus for the content router of internet protocol-based
US20090299937A1 (en) Method and system for detecting and managing peer-to-peer traffic over a data network
US20030226046A1 (en) Dynamically controlling power consumption within a network node
US7114011B2 (en) Multiprocessor-scalable streaming data server arrangement
US10404651B2 (en) Domain name system network traffic management
Chen et al. Packetcloud: an open platform for elastic in-network services
US6598088B1 (en) Port switch
Minturn et al. Addressing TCP/IP Processing Challenges Using the IA and IXP Processors.
CN106549815B (en) Apparatus and method for real-time deep application recognition in a network
Zhu et al. Content-oriented transport protocol
US20060277267A1 (en) Unified memory IP packet processing platform

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 11323165

Country of ref document: US

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

WWP Wipo information: published in national office

Ref document number: 11323165

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05852633

Country of ref document: EP

Kind code of ref document: A2