Ultra-low power single-chip firewall security device, system and method
First Claim
1. A firewall security device, comprising:
- a processor; and
an operating system (OS) embedded in the processor, the OS comprising a protocol stack for communicating with one or more devices via a network interface, wherein the OS blocks unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies, the protocol stack comprising an Ethernet layer, an Internet Protocol (IP) layer on top of the Ethernet layer, a TCP layer on top of the IP layer, and an HTTP layer on top of the TCP layer; and
wherein the OS utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the OS are executed using the sockets style API.
1 Assignment
0 Petitions
Accused Products
Abstract
A firewall security device, system and corresponding method are provided that includes an operating system of an entirely new architecture. The operating system is based fundamentally around a protocol stack (e.g., TCP/IP stack), rather than including a transport/network layer in a conventional core operating system. The firewall security device may include a processor and an operating system (OS) embedded in the processor. The OS may include a kernel. The operating system kernel is a state machine and may include a protocol stack for communicating with one or more devices via a network interface. The OS may be configured to receive and transmit data packets and block unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies.
-
Citations
21 Claims
-
1. A firewall security device, comprising:
-
a processor; and an operating system (OS) embedded in the processor, the OS comprising a protocol stack for communicating with one or more devices via a network interface, wherein the OS blocks unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies, the protocol stack comprising an Ethernet layer, an Internet Protocol (IP) layer on top of the Ethernet layer, a TCP layer on top of the IP layer, and an HTTP layer on top of the TCP layer; and
wherein the OS utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the OS are executed using the sockets style API. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
receiving a data packet, within a protocol stack-based operating system (OS) embedded and executing within a processor, the OS comprising a kernel that consists of a state machine, the kernel consisting of a protocol stack that processes the data packet according to a network protocol; processing the received data packet within one or more layers of the protocol stack to determine whether the data packet is authorized based on predetermined firewall policies, wherein unauthorized data packets are blocked while authorized data packets are transmitted; and wherein the OS utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the OS are executed using the sockets style API. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system for routing data packets across communication networks, comprising:
-
a plurality of communication ports; a switch, the switch being configured to transmit multiple data packets between the plurality of communication ports; and at least one firewall security device, the firewall security device comprising a processor and an operating system (OS) embedded in the processor, the OS being a state machine having a protocol stack for communicating with one or more devices via a network interface, wherein the OS blocks unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies, wherein the OS utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the OS are executed using the sockets style API. - View Dependent Claims (17, 18, 19)
-
-
20. An operating system embedded within a processor, the operating system consisting of:
a state machine that comprises a protocol stack for communicating with one or more devices via a network interface, blocking unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies, and allowing authorized data packets, the protocol stack consisting of an Ethernet layer, an Internet Protocol (IP) layer on top of the Ethernet layer, a TCP layer on top of the IP layer, and an HTTP layer on top of the TCP layer; and
wherein the operating system utilizes sockets style Application Programming Interface (API) of sockets and ports on IP addresses for implementing the predetermined firewall policies, wherein all operations for the operating system are executed using the sockets style API.- View Dependent Claims (21)
Specification