Network security accelerator
First Claim
Patent Images
1. A network processing system connected to a network that carries data in packet format, comprising:
- a security accelerator having a processor programmed to receive packets from the network and to examine each packet to determine whether data in the packet represents a potential security violation;
at least one processing unit programmed to respond to requests contained within the packets; and
an interconnection medium for directly connecting the security accelerator to the processing units.
1 Assignment
0 Petitions
Accused Products
Abstract
A network processing system uses intelligent security hardware as a security accelerator at its front end. The security hardware performs initial processing of incoming data, such as security detection tasks. The security hardware is directly connected to one or more processing units, via a bus or switch fabric, which execute appropriate applications and/or storage programming.
-
Citations
88 Claims
-
1. A network processing system connected to a network that carries data in packet format, comprising:
-
a security accelerator having a processor programmed to receive packets from the network and to examine each packet to determine whether data in the packet represents a potential security violation;
at least one processing unit programmed to respond to requests contained within the packets; and
an interconnection medium for directly connecting the security accelerator to the processing units. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
17. A method for processing network data at a network processing system that receives packet data via a network, comprising the steps of:
-
using a security accelerator having a processor to receive packets from the network and to examine each packet to determine whether data in the packet represents a potential security violation;
using at least one processing unit to respond to requests contained within the packets; and
directly connecting the security accelerator to the processing unit via an interconnection medium.
-
-
32. A security accelerator device for use at a network node, comprising:
-
at least one processor programmed to receive packets from the network and to examine each packet to determine whether data in the packet represents a potential security violation;
an front end interface for connecting the security accelerator to a network; and
a back end interface for connecting the security accelerator to an interconnection medium. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
-
-
40. A network connectable computing system providing at least some security functions in addition to system functionality, the system being configured to be connected on at least one end to a network, the system comprising:
-
at least one network connection configured to be coupled to the network;
at least one system processor for performing system functionality;
security hardware located in a data path between the network connection and the at least one processor; and
an interconnection between the at least one processor and the security hardware, wherein the security hardware off-loads at least some security functions from other system resources by analyzes data packets entering the network connectable computing system to perform security functions prior to forwarding the data packets to the remainder of the system. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 49, 50, 51, 52, 53, 54, 55, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
48. A method of operating a network connectable computing system, comprising:
-
receiving data from a network;
analyzing the data with programmable security hardware to decode incoming data packet headers;
performing at least one security function based upon the analysis of the data packet header; and
forwarding the data packet to at least one system processor through a system interconnection after performing the at least one function.
-
-
56. A network endpoint system for performing endpoint functionality, the endpoint system comprising:
-
at least one system processor, the system processor performing endpoint processing functionality;
a distributed interconnect coupled to the at least one system processor; and
security hardware coupled to the distributed interconnect, wherein the system is configured such that a data packet from a network may be processed by the security hardware prior to being processed by the at least one system processor, and wherein the security hardware is configured to process at least a portion of the data packet to perform a security function prior to the security hardware forwarding the data packet to the distributed interconnect.
-
-
66. A method of operating a network endpoint system, comprising:
-
providing a network processor within the network endpoint system, the network processor being at an interface which couples the network endpoint system to a network;
processing data passing through the interface with the network processor;
performing security functions as part of the processing of the network processor; and
forwarding incoming network data from the network processor to a system processor which performs at least some endpoint functionality upon the data. - View Dependent Claims (67, 68, 69, 70, 71, 72, 73, 74, 75)
-
-
76. A network connectable computing system, comprising:
-
a first connection to receive data packets from a network;
security hardware comprising at least one network processor, the security hardware coupled to the interface connection; and
a second connection to transmit data processed by the security hardware, wherein the at least one network processor analyzes at least a portion of the data packets to perform at least one security function. - View Dependent Claims (77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88)
-
Specification