System and method for a routing device to securely share network data with a host utilizing a hardware firewall

US 7,284,268 B2
Filed: 09/27/2002
Issued: 10/16/2007
Est. Priority Date: 05/16/2002
Status: Expired due to Term

First Claim

Patent Images

1. A node for use in a wireless ad-hoc communications network, said node comprising:

a host device for processing one or more data packets intended for said node; and

a routing device for routing one or more other data packets to and from one or more other nodes in said wireless ad-hoc network, said routing device comprising;

a memory for storing said one or more data packets and said one or more other data packets,an internal hardware firewall, adapted to provide access by said host device to said one or more data packets stored in said memory, and further adapted to prevent access by said host device to said one or more other data packets, anda controller, adapted to configure said internal hardware firewall to provide or prevent said access,wherein said memory comprises;

a register mailbox, anda packet buffer which has a plurality of addresses, andwherein said memory is adapted to provide a common set of registers to said host device and said controller.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing the ability to selectively share data in a network routing device with an associated host. The system and method employs a hardware firewall in the routing device which restricts the host such that it can only access areas in shared memory which contains data destined for the host. The routing device CPU notifies the host of pending data and the location of that data in the shared memory. The hardware firewall is also notified of the location in shared memory which the host may access. When the host attempts to read the data, the firewall ensures that only the stated memory area or areas are accessed by the host. Once the data has been read by the host, the firewall is notified to cancel the host'"'"'s ability to access the shared memory until such time as a new packet destined for the host arrives in the routing device.

Citations

21 Claims

1. A node for use in a wireless ad-hoc communications network, said node comprising:
- a host device for processing one or more data packets intended for said node; and
  
  a routing device for routing one or more other data packets to and from one or more other nodes in said wireless ad-hoc network, said routing device comprising;
  
  a memory for storing said one or more data packets and said one or more other data packets,an internal hardware firewall, adapted to provide access by said host device to said one or more data packets stored in said memory, and further adapted to prevent access by said host device to said one or more other data packets, anda controller, adapted to configure said internal hardware firewall to provide or prevent said access,wherein said memory comprises;
  
  a register mailbox, anda packet buffer which has a plurality of addresses, andwherein said memory is adapted to provide a common set of registers to said host device and said controller.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A node as claimed in claim 1, further comprising:
    - a modem, adapted to modulate an outgoing signal into an analog format, and demodulate an incoming signal into a digital format packet; and
      
      wherein said controller is further adapted to direct modem control functions to demodulate an incoming signal into a digital format packet.
  - 3. A node as claimed in claim 1, wherein:
    - said controller is further adapted to retrieve a completion reply from said host device and in response, to configure said internal hardware firewall to prohibit said host device to access said register mailbox and said packet buffer.
  - 4. A node as claimed in claim 2, wherein:
    - said controller is further adapted to direct routing functions to transfer a digital format packet from said modem to an address range of said packet buffer.
  - 5. A node as claimed in claim 2, wherein:
    - said controller is further adapted to determine if said host device requires access to said incoming signal digital format packet and in response, to configure said internal hardware firewall to allow said host device access to said register mailbox via a host interface.
  - 6. A node as claimed in claim 2, wherein:
    - said controller is further adapted to determine an address range in said packet buffer which contains said digital format packet and to place a message containing said address range in said register mailbox, and to signal said host device to access said register mailbox to retrieve said message.
  - 7. A node as claimed in claim 4, wherein:
    - said controller is further adapted to configure said internal hardware firewall to allow said host device to access said address range of said packet buffer.

8. A method of managing access to data stored within a node in a wireless ad-hoc network, wherein said node comprises a host device and a routing device, wherein said routing device includes a memory, an internal hardware firewall, and a controller, said method comprising:
- storing one or more data packets intended for said node within said memory;
  
  storing one or more other data packets intended for one or more other nodes in said wireless ad-hoc network;
  
  controlling said internal hardware firewall to;
  
  provide access by said host device to said one or more data packets stored in said memory, andprevent access to said one or more other data packets stored in said memory,wherein said memory includes a register mailbox and a packet buffer which has a plurality of addresses,said method further comprising providing a common set of registers to said host device and said controller.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A method as claimed in claim 8, further comprising:
    - controlling a modem to modulate an outgoing signal into an analog format, and to demodulate an incoming signal into a digital format packet; and
      
      directing one or more modem control functions to demodulate an incoming signal into a digital format packet.
  - 10. A method as claimed in claim 8, further comprising:
    - retrieving a completion reply from said host device and in response, to configure said internal hardware firewall to prohibit said host device to access said register mailbox and said packet buffer.
  - 11. A method as claimed in claim 9, further comprising:
    - controlling routing functions to transfer a digital format packet from said modem to an address range of said packet buffer.
  - 12. A method as claimed in claim 9, further comprising:
    - determining if said host device requires access to said incoming signal digital format packet and in response, to configure said internal hardware firewall to allow said host device access to said register mailbox via a host interface.
  - 13. A method as claimed in claim 9, further comprising:
    - determining an address range in said packet buffer which contains said digital format packet and to place a message containing said address range in said register mailbox, and to signal said host device to access said register mailbox to retrieve said message.
  - 14. A method as claimed in claim 11, further comprising:
    - configuring said internal hardware firewall to allow said host device to access said address range of said packet buffer.

15. A computer-readable medium of instructions for managing access to data stored within a node in a wireless ad-hoc communications network, wherein said node comprises a host device and a routing device, wherein said routing device includes a memory, an internal hardware firewall, and a controller, said computer-readable medium of instructions comprising:
- a first set of instructions, adapted to control an internal hardware firewall at said node to provide access by said host device to a portion of said memory containing one or more data packets intended for said node, and to prevent access to an other portion of said memory containing one or more other data intended for one or more other nodes in said wireless ad-hoc network; and
  
  a second set of instructions, adapted to control a router device central processing unit (CPU) to configure said internal hardware firewall to provide or prevent said access, wherein;
  
  said second set of instructions is adapted to control said memory, including a register mailbox and a packet buffer which has a plurality of addresses, to provide a common set of registers to said host device and said controller.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. A computer-readable medium of instructions as claimed in claim 15, wherein:
    - said second set of instructions is adapted to control a modem to modulate an outgoing signal into an analog format, and to demodulate an incoming signal into a digital format packet; and
      
      wherein said second set of instructions is further adapted to direct modem control functions to demodulate an incoming signal into a digital format packet.
  - 17. A computer-readable medium of instructions as claimed in claim 15, wherein:
    - said second set of instructions is adapted to retrieve a completion reply from said host device and in response, to configure said internal hardware firewall to prohibit said host device to access said register mailbox and said packet buffer.
  - 18. A computer-readable medium of instructions as claimed in claim 16, wherein:
    - said second set of instructions is adapted to direct routing functions to transfer a digital format packet from said modem to an address range of said packet buffer.
  - 19. A computer-readable medium of instructions as claimed in claim 16, wherein:
    - said second set of instructions is adapted to determine if said host device requires access to said incoming signal digital format packet and in response, to configure said internal hardware firewall to allow said host device access to said register mailbox via a host interface.
  - 20. A computer-readable medium of instructions as claimed in claim 16, wherein:
    - said second set of instructions is adapted to determine an address range in said packet buffer which contains said digital format packet and to place a message containing said address range in said register mailbox, and to signal said host device to access said register mailbox to retrieve said message.
  - 21. A computer-readable medium of instructions as claimed in claim 18, wherein:
    - said second set of instructions is adapted to configure said internal hardware firewall to allow said host device to access said address range of said packet buffer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Original Assignee
MeshNetworks, Inc. (Motorola Solutions, Inc.)
Inventors
Barker, Jr., Charles R., Gutierrez, Philip A., Schmidt, Jeffrey C.
Primary Examiner(s)
ZIA, SYED

Application Number

US10/255,608
Publication Number

US 20040039941A1
Time in Patent Office

1,845 Days
Field of Search

713/201, 713/200
US Class Current

726/11
CPC Class Codes

H04L 45/60   Router architectures

H04L 63/0209   Architectural arrangements,...

H04L 63/10   for controlling access to d...

H04W 4/12   Messaging; Mailboxes; Annou...

H04W 84/18   Self-organising networks, e...

System and method for a routing device to securely share network data with a host utilizing a hardware firewall

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for a routing device to securely share network data with a host utilizing a hardware firewall

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links