DISTRIBUTED NETWORK SECURITY SYSTEM AND A HARDWARE PROCESSOR THEREFOR

US 20090019538A1
Filed: 07/21/2008
Published: 01/15/2009
Est. Priority Date: 06/11/2002
Status: Active Grant

First Claim

Patent Images

1. A security system comprising a storage area network comprising a hardware processor providing transport layer protocol processing, said hardware processor comprising a protocol processing engine for performing transport layer protocol processing;

said security system providing multiple protocol layer security in said storage area network.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An architecture provides capabilities to transport and process Internet Protocol (IP) packets from Layer 2 through transport protocol layer and may also provide packet inspection through Layer 7. A set of engines may perform pass-through packet classification, policy processing and/or security processing enabling packet streaming through the architecture at nearly the full line rate. A scheduler schedules packets to packet processors for processing. An internal memory or local session database cache stores a session information database. The session information that is not in the internal memory is stored and retrieved to/from an additional memory. An application running on an initiator or target can a region of memory, which is made available to its peer for access without substantial host intervention through RDMA data transfer. A security system is also disclosed that enables a new way of implementing security capabilities inside enterprise networks in a distributed manner.

135 Citations

View as Search Results

19 Claims

1. A security system comprising a storage area network comprising a hardware processor providing transport layer protocol processing, said hardware processor comprising a protocol processing engine for performing transport layer protocol processing;
- said security system providing multiple protocol layer security in said storage area network.
- View Dependent Claims (2, 3, 4)
- - 2. The security system of claim 1, wherein the storage area network is configured to transport storage area network traffic, said hardware processor further comprising:
    - a storage protocol processing engine for performing storage protocol processing;
      
      a programmable rule-matching engine for analyzing the storage area network traffic for security rule matching or taking actions on matched security rules;
      
      an authentication engine for performing encryption, decryption, authorization or authentication using standard or proprietary security protocols;
      
      a packet classification engine for classifying the storage area network traffic; and
      
      a packet processing engine for performing packet processing tasks.
  - 3. The security system of claim 2, wherein said packet processing tasks comprises one or more of header processing and deep packet processing.
  - 4. The security system of claim 1, wherein the multiple protocol layer security comprises a plurality of security functions performed at one or more protocol layers of the OSI stack for providing one or more of packet filtering, intrusion detection, denial of service attack detection, port scanning detection, virus scan, spam filtering, and unauthorized access.

5. A security system comprising:
- a network comprising a hardware processor providing a remote direct memory access (RDMA) capability and configured to execute a transport layer protocol,said hardware processor comprising an RDMA mechanism for performing RDMA data transfer, said security system providing multiple protocol layer security in said network.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The security system of claim 5, wherein said network is configured to transport network traffic, and said hardware processor further comprises:
    - a protocol processing engine for performing transport layer protocol processing;
      
      a programmable rule-matching engine for analyzing the network traffic for security rule matching or taking actions on matched security rules;
      
      an authentication engine for performing encryption, decryption, authorization or authentication using standard or proprietary security protocols;
      
      a packet classification engine for classifying the network traffic; and
      
      a packet processing engine for performing packet processing tasks.
  - 7. The security system of claim 6, wherein said packet processing comprises one or more of header processing and deep packet processing.
  - 8. The security system of claim 5, wherein said hardware processor provides a transport layer remote direct memory access capability.
  - 9. The security system of claim 5, wherein the multiple protocol layer security comprises a plurality of security functions performed at one or more protocol layers of an OSI stack for providing one or more of packet filtering, intrusion detection, denial of service attack detection, port scanning detection, virus scan, spam filtering, unauthorized access, and detect other security attacks.

10. A security system comprising a remote direct memory access (RDMA) processor configured to execute a plurality of RDMA data transfers and configured to execute a transport layer protocol,said security system providing multiple protocol layer security in said network.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The security system of claim 10, further comprising a hardware processor comprising an RDMA mechanism for performing the RDMA data transfers.
  - 12. The security system of claim 11 further comprising a hardware processor, said hardware processor comprising:
    - a protocol processing engine for performing transport layer protocol processing;
      
      a programmable rule-matching engine for analyzing network traffic for security rule matching or taking actions on matched security rules;
      
      an authentication engine for performing encryption, decryption, authorization or authentication using standard or proprietary security protocols;
      
      a packet classification engine to classify the network traffic; and
      
      a packet processing engine to perform packet processing tasks.
  - 13. The security system of claim 12, wherein said packet processing comprises one or more of header processing and deep packet processing.
  - 14. The security system of claim 10, further comprising a hardware processor comprising a transport layer remote direct memory access capability.

15. A security system comprising a storage area network comprising a remote direct memory access (RDMA) capability for performing RDMA data transfers, said security system providing multiple protocol layer security in said storage area network.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The security system of claim 15, further comprising a hardware processor comprising an RDMA mechanism for performing the RDMA data transfers.
  - 17. The security system of claim 16, wherein said hardware processor further comprises:
    - a storage protocol processing engine for performing protocol processing;
      
      a protocol processing engine for performing transport layer protocol processing;
      
      a programmable rule-matching engine for analyzing storage area network traffic for security rule matching or taking actions on matched security rules;
      
      an authentication engine for performing encryption, decryption, authorization or authentication using standard or proprietary security protocols;
      
      a packet classification engine to classify the storage area network traffic; and
      
      a packet processing engine to perform packet processing tasks.
  - 18. The security system of claim 17, wherein said packet processing comprises one or more of header processing and deep packet processing.
  - 19. The security system of claim 15, further comprising a hardware processor that provides a transport layer remote direct memory access capability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Memory Access Technologies LLC
Original Assignee
Ashish A. Pandya
Inventors
Pandya, Ashish A.

Granted Patent

US 8,181,239 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0272   Virtual private networks

H04L 67/1097   for distributed storage of ...

H04L 69/12   Protocol engines

DISTRIBUTED NETWORK SECURITY SYSTEM AND A HARDWARE PROCESSOR THEREFOR

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

135 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTED NETWORK SECURITY SYSTEM AND A HARDWARE PROCESSOR THEREFOR

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links