Ultra-low power single-chip firewall security device, system and method

US 8,875,276 B2
Filed: 09/02/2011
Issued: 10/28/2014
Est. Priority Date: 09/02/2011
Status: Active Grant

First Claim

Patent Images

1. A firewall security device, comprising:

a processor; and

an operating system (OS) embedded in the processor, the OS comprising a protocol stack for communicating with one or more devices via a network interface, wherein the OS blocks unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies, the protocol stack comprising an Ethernet layer, an Internet Protocol (IP) layer on top of the Ethernet layer, a TCP layer on top of the IP layer, and an HTTP layer on top of the TCP layer; and

wherein the OS utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the OS are executed using the sockets style API.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A firewall security device, system and corresponding method are provided that includes an operating system of an entirely new architecture. The operating system is based fundamentally around a protocol stack (e.g., TCP/IP stack), rather than including a transport/network layer in a conventional core operating system. The firewall security device may include a processor and an operating system (OS) embedded in the processor. The OS may include a kernel. The operating system kernel is a state machine and may include a protocol stack for communicating with one or more devices via a network interface. The OS may be configured to receive and transmit data packets and block unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies.

Citations

21 Claims

1. A firewall security device, comprising:
- a processor; and
  
  an operating system (OS) embedded in the processor, the OS comprising a protocol stack for communicating with one or more devices via a network interface, wherein the OS blocks unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies, the protocol stack comprising an Ethernet layer, an Internet Protocol (IP) layer on top of the Ethernet layer, a TCP layer on top of the IP layer, and an HTTP layer on top of the TCP layer; and
  
  wherein the OS utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the OS are executed using the sockets style API.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device of claim 1, wherein the network interface comprises at least one Network Interface Controller (NIC) coupled to the processor.
  - 3. The device of claim 1, further comprising a Universal Asynchronous Receiver/Transmitter (UART) coupled to the processor.
  - 4. The device of claim 1, further comprising a memory coupled to the processor, the memory comprising read only memory (ROM) and random access memory (RAM).
  - 5. The device of claim 4, wherein the ROM stores instructions executable by the processor, the instructions comprising predetermined firewall policies for transmitting or blocking data packets.
  - 6. The device of claim 1, wherein the protocol stack comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) stack.
  - 7. The device of claim 1, wherein the protocol stack comprises a User Datagram Protocol/Internet Protocol (UDP/IP) stack.
  - 8. The device of claim 1, further comprising an asynchronous clock to serve as an internal clock for an OS kernel, the asynchronous clock being configured to automatically stop when clock cycles are not needed.
  - 9. The device of claim 8, wherein a time reference for the OS kernel is received via a Network Time Protocol (NTP) or Simple Network Time Protocol (SNTP) from a remote time server coupled to a network.
  - 10. The device of claim 1, wherein the predetermined firewall policies comprise one or more of policies based on an IP address, a protocol, an application, a user identity, and a network activity.

11. A method, comprising:
- receiving a data packet, within a protocol stack-based operating system (OS) embedded and executing within a processor, the OS comprising a kernel that consists of a state machine, the kernel consisting of a protocol stack that processes the data packet according to a network protocol;
  
  processing the received data packet within one or more layers of the protocol stack to determine whether the data packet is authorized based on predetermined firewall policies, wherein unauthorized data packets are blocked while authorized data packets are transmitted; and
  
  wherein the OS utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the OS are executed using the sockets style API.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the protocol stack comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) or a User Datagram Protocol/Internet Protocol (UDP/IP) stack.
  - 13. The method of claim 11, wherein data packets are transmitted via a network interface, the network interface comprising at least one Network Interface Controller (NIC).
  - 14. The method of claim 11, wherein executable instructions for the OS are stored in a read only memory (ROM) of the processor and executed through the sockets style API.
  - 15. The method of claim 11, wherein the predetermined firewall policies comprise one or more of the policies based on an IP address, a protocol, an application, a user identity, a network activity.

16. A system for routing data packets across communication networks, comprising:
- a plurality of communication ports;
  
  a switch, the switch being configured to transmit multiple data packets between the plurality of communication ports; and
  
  at least one firewall security device, the firewall security device comprising a processor and an operating system (OS) embedded in the processor, the OS being a state machine having a protocol stack for communicating with one or more devices via a network interface, wherein the OS blocks unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies, wherein the OS utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the OS are executed using the sockets style API.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, wherein the at least one firewall security device is coupled to at least one communication port and a switch.
  - 18. The system of claim 17, wherein the at least one firewall security device comprises a plurality of firewall security devices, each of the plurality of communication ports being provided with a respective one of the plurality of firewall security devices.
  - 19. The system of claim 17, wherein the protocol stack comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) stack or a User Datagram Protocol/Internet Protocol (UDP/IP) stack.

20. An operating system embedded within a processor, the operating system consisting of:
- a state machine that comprises a protocol stack for communicating with one or more devices via a network interface, blocking unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies, and allowing authorized data packets, the protocol stack consisting of an Ethernet layer, an Internet Protocol (IP) layer on top of the Ethernet layer, a TCP layer on top of the IP layer, and an HTTP layer on top of the TCP layer; and
  
  wherein the operating system utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the operating system are executed using the sockets style API.
- View Dependent Claims (21)
- - 21. The operating system according to claim 20, wherein the protocol stack consists of a UDP layer on top of the IP layer and a SNMP layer on top of the UDP layer, wherein the SNMP layer and the UDP layer are utilized in place of the HTTP layer and the TCP layer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Iota Computing, Inc.
Original Assignee
Iota Computing, Inc.
Inventors
Cullimore, Ian Henry Stuart, Walker, Jeremy
Primary Examiner(s)
THIAW, CATHERINE B

Application Number

US13/225,233
Publication Number

US 20130061313A1
Time in Patent Office

1,152 Days
Field of Search

726 11- 13
US Class Current

726/13
CPC Class Codes

G06F 1/3237   by disabling clock generati...

H04L 63/0209   Architectural arrangements,...

H04L 63/0227   Filtering policies mail mes...

Ultra-low power single-chip firewall security device, system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Ultra-low power single-chip firewall security device, system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links