Distributed network security system and a hardware processor therefor
First Claim
1. A security system comprising a network, said network comprising one or more networked systems of one or more types, a plurality of said one or more networked systems comprising a hardware processor providing transport layer protocol processing, said hardware processor comprising a protocol processing engine to do transport layer protocol processing;
- or a programmable rule processing engine to analyze network traffic for rule matching or taking actions on matched rules or a combination thereof;
or a security processing engine to do encryption, decryption, authorization or authentication or a combination thereof using standard or proprietary security protocols;
or a packet classification engine to classify the network traffic;
or a packet processing engine to perform packet processing tasks;
or a combination of any of the foregoing, said security system providing multiple protocol layer security in said network.
5 Assignments
0 Petitions
Accused Products
Abstract
An architecture provides capabilities to transport and process Internet Protocol (IP) packets from Layer 2 through transport protocol layer and may also provide packet inspection through Layer 7. A set of engines may perform pass-through packet classification, policy processing and/or security processing enabling packet streaming through the architecture at nearly the full line rate. A scheduler schedules packets to packet processors for processing. An internal memory or local session database cache stores a session information database for a certain number of active sessions. The session information that is not in the internal memory is stored and retrieved to/from an additional memory. An application running on an initiator or target can in certain instantiations register a region of memory, which is made available to its peer(s) for access directly without substantial host intervention through RDMA data transfer. A security system is also disclosed that enables a new way of implementing security capabilities inside enterprise networks in a distributed manner using a protocol processing hardware with appropriate security features.
-
Citations
27 Claims
-
1. A security system comprising a network,
said network comprising one or more networked systems of one or more types, a plurality of said one or more networked systems comprising a hardware processor providing transport layer protocol processing, said hardware processor comprising a protocol processing engine to do transport layer protocol processing; - or
a programmable rule processing engine to analyze network traffic for rule matching or taking actions on matched rules or a combination thereof;
ora security processing engine to do encryption, decryption, authorization or authentication or a combination thereof using standard or proprietary security protocols;
ora packet classification engine to classify the network traffic;
ora packet processing engine to perform packet processing tasks;
ora combination of any of the foregoing, said security system providing multiple protocol layer security in said network. - View Dependent Claims (3, 4, 5, 6, 7, 8, 17, 19)
- or
-
2. A security system for a storage area network,
said storage area network comprising one or more networked systems of one or more types, said security system comprising a set of systems from said one or more networked systems, a plurality of said set of systems comprising a hardware processor providing transport layer protocol processing, said hardware processor comprising a storage protocol processing engine to do protocol processing; - or
a protocol processing engine to do transport layer protocol processing;
ora programmable rule processing engine to analyze storage area network traffic for rule matching or taking actions on matched rules or a combination thereof;
ora security processing engine to do encryption, decryption, authorization or authentication or a combination thereof using standard or proprietary security protocols;
ora packet classification engine to classify the storage area network traffic;
ora packet processing engine to perform packet processing tasks like header processing or deep packet processing or a combination thereof;
ora combination of any or the foregoing, said security system providing multiple protocol layer security in said storage area network. - View Dependent Claims (20, 21, 22, 23, 24, 25)
- or
-
9. A security system comprising a network,
said network comprising one or more networked systems of one or more types, a plurality of said one or more networked systems comprising a hardware processor providing remote direct memory access capability, said hardware processor comprising an RDMA mechanism for performing RDMA data transfer or a protocol processing engine to do transport layer protocol processing; - or
a programmable rule processing engine to analyze network traffic for rule matching or taking actions on matched rules or a combination thereof;
ora security processing engine to do encryption, decryption, authorization or authentication or a combination thereof using standard or proprietary security protocols;
ora packet classification engine to classify the network traffic;
ora packet processing engine to perform packet processing tasks like header processing or deep packet processing or a combination thereof;
ora combination of any of the foregoing, said security system providing multiple protocol layer security in said network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18)
- or
-
26. A security system for a network,
said network comprising one or more networked systems of one or more types, said security system comprising a set of systems from said one or more networked systems, a plurality of said set of systems comprising a hardware processor providing transport layer protocol processing, said hardware processor comprising a protocol processing engine to do transport layer protocol processing; - or
a programmable rule processing engine to analyze network traffic for rule matching or taking actions on matched rules or a combination thereof;
ora security processing engine to do encryption, decryption, authorization or authentication or a combination thereof using standard or proprietary security protocols;
ora packet classification engine to classify the network traffic;
ora packet processing engine to perform packet processing tasks like header processing or deep packet processing or a combination thereof;
ora combination of the foregoing, said security system providing multiple protocol layer security in said network.
- or
-
27. A security system for a network comprising one or more networked systems, at least one of said networked systems having a hardware processor providing a protocol processing stack, said security system providing a secure operating environment for said protocol processing stack for trusted computing needs of one or more of said networked systems by providing a policy driver for setting up the hardware processor for security policy rules to be enforced by said hardware processor, and a central manager for compiling and distributing said rules and monitoring the enforcement of said rules by said hardware processor.
Specification