Runtime adaptable security processor
First Claim
1. A security solution comprising a network, said network comprising one or more networked systems of one or more types, at least one of said one or more networked systems comprising a security processor providing application layer or network layer or storage area network or application specific security or a combination thereof, said security processor comprising a programmable content search and rule processing engine to analyze network traffic to perform content search or take actions on matched rules or a combination thereof;
- or a runtime adaptable processor to provide adaptable hardware acceleration on network traffic presented to the said security processor;
or a programmable classification and rules processing engine based on CAM architecture to provide high speed rule searching and security processing to network traffic presented to the said security processor;
or a hardware processor providing transport layer protocol processing;
or a combination of two or more of the foregoing, said security solution providing multiple protocol layer security in the said network.
2 Assignments
0 Petitions
Accused Products
Abstract
A runtime adaptable security processor is disclosed. The processor architecture provides capabilities to transport and process Internet Protocol (IP) packets from Layer 2 through transport protocol layer and may also provide packet inspection through Layer 7. Further, a runtime adaptable processor is coupled to the protocol processing hardware and may be dynamically adapted to perform hardware tasks as per the needs of the network traffic being sent or received and/or the policies programmed or services or applications being supported. A set of engines may perform pass-through packet classification, policy processing and/or security processing enabling packet streaming through the architecture at nearly the full line rate. A high performance content search and rules processing security processor is disclosed which may be used for application layer and network layer security. A scheduler schedules packets to packet processors for processing. An internal memory or local session database cache stores a session information database for a certain number of active sessions. The session information that is not in the internal memory is stored and retrieved to/from an additional memory. An application running on an initiator or target can in certain instantiations register a region of memory, which is made available to its peer(s) for access directly without substantial host intervention through RDMA data transfer. A security system is also disclosed that enables a new way of implementing security capabilities inside enterprise networks in a distributed manner using a protocol processing hardware with appropriate security features.
-
Citations
19 Claims
-
1. A security solution comprising a network,
said network comprising one or more networked systems of one or more types, at least one of said one or more networked systems comprising a security processor providing application layer or network layer or storage area network or application specific security or a combination thereof, said security processor comprising a programmable content search and rule processing engine to analyze network traffic to perform content search or take actions on matched rules or a combination thereof; - or
a runtime adaptable processor to provide adaptable hardware acceleration on network traffic presented to the said security processor;
ora programmable classification and rules processing engine based on CAM architecture to provide high speed rule searching and security processing to network traffic presented to the said security processor;
ora hardware processor providing transport layer protocol processing;
ora combination of two or more of the foregoing, said security solution providing multiple protocol layer security in the said network. - View Dependent Claims (3, 4, 5, 6, 13, 19)
- or
-
2. A security solution for a storage area network,
said storage area network comprising one or more networked systems of one or more types, said security solution comprising a set of systems from said one or more networked systems, a plurality of said set of systems comprising a security processor providing application layer or network layer or storage area network or application specific security or a combination thereof, said security processor comprising a storage protocol processing engine to do storage protocol processing; - or
a programmable content search and rule processing engine to analyze storage area network traffic to perform content search or take actions on matched rules or a combination thereof;
ora runtime adaptable processor to provide adaptable hardware acceleration on storage area network traffic presented to the said security processor;
ora programmable classification and rules processing engine based on CAM architecture to provide high speed rule searching and security processing to storage area network traffic presented to the said security processor;
ora hardware processor providing transport layer protocol processing;
ora combination of two or more of the foregoing, said security solution providing multiple protocol layer security in the said storage area network. - View Dependent Claims (15, 16, 17, 18)
- or
-
7. A security solution comprising a network,
said network comprising one or more networked systems of one or more types, at least one of said one or more networked systems comprising a security processor providing remote direct memory access capability, said security processor comprising an RDMA mechanism for performing RDMA data transfer; - or
a programmable content search and rule processing engine to analyze network traffic to perform content search or take actions on matched rules or a combination thereof;
ora runtime adaptable processor to provide adaptable hardware acceleration on network traffic presented to the said security processor;
ora programmable classification and rules processing engine based on CAM architecture to provide high speed rule searching and security processing to network traffic presented to the said security processor;
ora hardware processor providing transport layer protocol processing;
ora combination of two or more of the foregoing, said security solution providing multiple protocol layer security in the said network. - View Dependent Claims (8, 9, 10, 11, 12, 14)
- or
Specification