Integrated circuit apparatus and method for high throughput signature based network applications

Number of patents in Portfolio can not be more than 2000

United States of America Patent

APP PUB NO 20050114700A1
SERIAL NO

10640870

Stats

ATTORNEY / AGENT: (SPONSORED)

Importance

Loading Importance Indicators... loading....

Abstract

See full text

An architecture for an integrated circuit apparatus and method that allows significant performance improvements for signature based network applications. In various embodiments the architecture allows high throughput classification of packets into network streams, packet reassembly of such streams, filtering and pre-processing of such streams, pattern matching on header and payload content of such streams, and action execution based upon rule-based policy for multiple network applications, simultaneously at wire speed. The present invention is improved over the prior art designs, in performance, flexibility and pattern database size.

Loading the Abstract Image... loading....

First Claim

See full text

Family

Loading Family data... loading....

Patent Owner(s)

Patent OwnerAddressTotal Patents
INTEL CORPORATIONSANTA CLARA, CA29226
Sensory Networks, Inc.PALO ALTO, CA5

International Classification(s)

  • [Classification Symbol]
  • [Patents Count]

Inventor(s)

Inventor Name Address # of filed Patents Total Citations
Barrie, Robert Matthew Double Bay, AU 22 619
Gould, Stephen Queens Park, AU 43 754
Jong, Nicholas de Bondi Junction, AU 1 83
Williams, Darren Newtown, AU 27 616

Cited Art Landscape

Patent Info (Count) # Cites Year
 
INTERNATIONAL BUSINESS MACHINES CORPORATION (1)
* 2002/0077,995 PATTERN MATCHING IN COMMUNICATIONS NETWORK 2 1998
 
API CRYPTEK INC. (1)
* 6304973 Multi-level security network system 316 1998
* Cited By Examiner

Patent Citation Ranking

Forward Cite Landscape

Patent Info (Count) # Cites Year
 
AirTight Networks, Inc. (1)
* 2007/0171,885 AUTOMATED SNIFFER APPARATUS AND METHOD FOR WIRELESS LOCAL AREA NETWORK SECURITY 13 2007
 
JUNIPER NETWORKS, INC. (7)
8339959 Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane 204 2008
* 8955107 Hierarchical application of security services within a computer network 4 2008
* 2010/0071,024 HIERARCHICAL APPLICATION OF SECURITY SERVICES WITHIN A COMPUTER NETWORK 41 2008
9774520 Service aware path selection with a network acceleration device 0 2011
9251535 Offload of data transfer statistics from a mobile access gateway 1 2012
* 9787638 Filtering data using malicious reference information 0 2014
9813345 Offload of data transfer statistics from a mobile access gateway 0 2016
 
KASPERSKY LAB ZAO (1)
* 8042184 Rapid analysis of data stream for malware presence 60 2006
 
ZTE CORPORATION (2)
* 7937592 Network communication security processor and data processing method 1 2004
* 2007/0192,621 Network communication security processor and data processing method 2 2004
 
MITSUBISHI ELECTRIC RESEARCH LABORATORIES, INC. (1)
* 2009/0165,139 Secure Computer System and Method 9 2007
 
UDA, LLC (2)
* 9600550 Optimization for real-time, parallel execution of models for extracting high-value information from data streams 0 2014
9471656 Massively-parallel system architecture and method for real-time extraction of high-value information from data streams 0 2014
 
HUAWEI TECHNOLOGIES CO., LTD. (2)
* 8413124 System and method for compiling and matching regular expressions 2 2010
* 2010/0131,935 SYSTEM AND METHOD FOR COMPILING AND MATCHING REGULAR EXPRESSIONS 12 2010
 
ORACLE INTERNATIONAL CORPORATION (2)
* 8848554 Packet sniffing with packet filtering hooks 1 2011
* 2012/0230,210 PACKET SNIFFING WITH PACKET FILTERING HOOKS 2 2011
 
NXP B.V. (1)
9729329 Communications security 0 2015
 
UDA, LLD (1)
9477733 Hierarchical, parallel models for extracting in real-time high-value information from data streams and system and method for creation of same 0 2014
 
MCAFEE, LLC (2)
8572014 Pattern recognition using transition table templates 0 2009
* 2011/0093,694 Pattern Recognition Using Transition Table Templates 2 2009
 
SOUCEFIRE, INC. (1)
7949732 Systems and methods for determining characteristics of a network and enforcing policy 22 2004
 
SIGNIFICS AND ELEMENTS, LLC (15)
8661422 Methods and apparatus for local memory compaction 3 2009
* 2010/0192,138 Methods And Apparatus For Local Memory Compaction 2 2009
8572590 Methods and apparatus for joint parallelism and locality optimization in source code compilation 5 2009
* 2010/0070,956 METHODS AND APPARATUS FOR JOINT PARALLELISM AND LOCALITY OPTIMIZATION IN SOURCE CODE COMPILATION 8 2009
8930926 System, methods and apparatus for program optimization for multi-threaded processor architectures 6 2010
* 2010/0218,196 SYSTEM, METHODS AND APPARATUS FOR PROGRAM OPTIMIZATION FOR MULTI-THREADED PROCESSOR ARCHITECTURES 19 2010
* 9185020 System, apparatus and methods to implement high-speed network analyzers 2 2010
* 2010/0281,160 SYSTEM, APPARATUS AND METHODS TO IMPLEMENT HIGH-SPEED NETWORK ANALYZERS 5 2010
8892483 Systems and methods for planning a solution to a dynamically changing problem 1 2011
8914601 Systems and methods for a fast interconnect table 2 2011
9134976 Cross-format analysis of software systems 0 2011
9489180 Methods and apparatus for joint scheduling and layout optimization to enable multi-level vectorization 0 2012
9798588 Efficient packet forwarding using cyber-security aware policies 0 2013
9684865 System and method for configuration of an ensemble solver 0 2013
9613163 Efficient packet forwarding using cyber-security aware policies 0 2015
 
F5 NETWORKS, INC. (7)
* 9614772 System and method for directing network traffic in tunneling applications 1 2003
8533308 Network traffic management through protocol-configurable transaction processing 9 2005
8565088 Selectively enabling packet concatenation based on a transaction boundary 1 2006
9106606 Method, intermediate device and computer program code for maintaining persistency 0 2008
8559313 Selectively enabling packet concatenation based on a transaction boundary 2 2011
8611222 Selectively enabling packet concatenation based on a transaction boundary 0 2012
9225479 Protocol-configurable transaction processing 0 2012
 
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE (1)
* 2006/0198,375 Method and apparatus for pattern matching based on packet reassembly 11 2005
 
AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. (3)
* 8136162 Intelligent network interface controller 4 2006
* 2008/0056,487 Intelligent network interface controller 34 2006
8418252 Intelligent network interface controller 6 2012
 
VERIZON PATENT AND LICENSING INC. (1)
* 2014/0236,908 METHOD AND APPARATUS FOR PROVIDING ENHANCED DATA RETRIEVAL WITH IMPROVED RESPONSE TIME 0 2013
 
LSI CORPORATION (1)
* 2008/0186,971 SYSTEMS AND METHODS FOR PROCESSING ACCESS CONTROL LISTS (ACLS) IN NETWORK SWITCHES USING REGULAR EXPRESSION MATCHING LOGIC 14 2007
 
Airtight Technologies, Inc. (F/K/A Wibhu Technologies, Inc.) (1)
* 2005/0259,611 Automated sniffer apparatus and method for monitoring computer systems for unauthorized access 36 2004
 
CISCO TECHNOLOGY, INC. (42)
7885190 Systems and methods for determining characteristics of a network based on flow analysis 21 2004
7801980 Systems and methods for determining characteristics of a network 26 2004
7730175 Systems and methods for identifying the services of a network 21 2004
7716742 Systems and methods for determining characteristics of a network and analyzing vulnerabilities 29 2004
7539681 Methods and systems for multi-pattern searching 22 2004
* 7496962 Intrusion detection strategies for hypertext transport protocol 30 2004
* 2008/0276,316 Intrusion detection strategies for hypertext transport protocol 7 2004
* 8010685 Method and apparatus for content classification 12 2005
7936682 Detecting malicious attacks using network behavior and header analysis 24 2005
7535909 Method and apparatus to process packets in a network 6 2005
* 2006/0161,986 Method and apparatus for content classification 36 2005
* 2006/0098,585 Detecting malicious attacks using network behavior and header analysis 51 2005
8046833 Intrusion event correlation with network discovery information 9 2005
7733803 Systems and methods for modifying network map attributes 14 2005
* 2008/0244,741 Intrusion event correlation with network discovery information 22 2005
* 2008/0198,856 Systems and methods for modifying network map attributes 5 2005
7948988 Device, system and method for analysis of fragments in a fragment train 5 2006
* 2008/0127,342 Device, system and method for analysis of fragments in a fragment train 14 2006
7701945 Device, system and method for analysis of segments in a transmission control protocol (TCP) session 37 2006
8069352 Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session 8 2007
7756885 Methods and systems for multi-pattern searching 11 2007
* 2008/0196,102 Device, system and method for use of micro-policies in intrusion detection/prevention 19 2007
7996424 Methods and systems for multi-pattern searching 8 2008
* 2008/0133,523 Methods and systems for multi-pattern searching 15 2008
8127353 Real-time user awareness for a computer network 8 2008
* 2008/0276,319 Real-time user awareness for a computer network 18 2008
8474043 Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing 7 2008
* 2009/0262,659 Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing 24 2008
8272055 Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system 13 2009
* 2010/0088,767 TARGET-BASED SMB AND DCE/RPC PROCESSING FOR AN INTRUSION DETECTION SYSTEM OR INTRUSION PREVENTION SYSTEM 13 2009
8289882 Systems and methods for modifying network map attributes 11 2010
* 2010/0205,675 SYSTEMS AND METHODS FOR MODIFYING NETWORK MAP ATTRIBUTES 16 2010
8433790 System and method for assigning network blocks to sensors 10 2010
8671182 System and method for resolving operating system or service identity conflicts 0 2010
8578002 Systems and methods for determining characteristics of a network and enforcing policy 6 2010
8601034 System and method for real time data awareness 7 2011
8677486 System and method for near-real time network attack detection, and system and method for unified detection via detection routing 3 2011
9055094 Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system 0 2012
9110905 System and method for assigning network blocks to sensors 0 2013
9135432 System and method for real time data awareness 1 2013
9450975 Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system 0 2015
9584535 System and method for real time data awareness 0 2015
 
ENTERASYS NETWORKS, INC. (1)
* 2006/0075,093 Using flow metric events to control network operation 33 2004
 
Sensory Networks, Inc. (6)
* 7082044 Apparatus and method for memory efficient, programmable, pattern matching finite state machine hardware 28 2004
* 2006/0120,137 APPARATUS AND METHOD FOR MEMORY EFFICIENT, PROGRAMMABLE, PATTERN MATCHING FINITE STATE MACHINE HARDWARE 8 2004
7301792 Apparatus and method of ordering state transition rules for memory efficient, programmable, pattern matching finite state machine hardware 7 2006
7219319 Apparatus and method for generating state transition rules for memory efficient programmable pattern matching finite state machine hardware 12 2006
* 2006/0253,816 Apparatus and Method For Memory Efficient, Programmable, Pattern Matching Finite State Machine Hardware 9 2006
* 2008/0022,401 Apparatus and Method for Multicore Network Security Processing 9 2006
 
ALCATEL-LUCENT USA INC. (2)
7725510 Method and system for multi-character multi-pattern pattern matching 18 2006
* 2008/0046,423 Method and system for multi-character multi-pattern pattern matching 48 2006
 
DELL PRODUCTS L.P. (2)
* 7840726 System and method for identifying and transferring serial data to a programmable logic device 0 2006
* 2007/0245,049 System and method for transferring serial data 1 2006
 
Reservoir Labs (1)
8688619 Systems, methods and apparatus for distributed decision processing 52 2010
 
BROCADE COMMUNICATIONS SYSTEMS, INC. (2)
* 9054972 Method and apparatus for determining bandwidth-consuming frame flows in a network 0 2013
* 2014/0036,717 METHOD AND APPARATUS FOR DETERMINING BANDWIDTH-CONSUMING FRAME FLOWS IN A NETWORK 0 2013
 
MOJO NETWORKS, INC. (10)
7536723 Automated method and system for monitoring local area computer networks for unauthorized wireless access 24 2004
* 7339914 Automated sniffer apparatus and method for monitoring computer systems for unauthorized access 36 2004
7440434 Method and system for detecting wireless access devices operably coupled to computer local area networks and related methods 46 2004
* 2005/0195,753 Method and system for detecting wireless access devices operably coupled to computer local area networks and related methods 20 2004
7710933 Method and system for classification of wireless devices in local area computer networks 7 2006
7804808 Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices 14 2006
* 2007/0025,313 Method and System for Monitoring a Selected Region of an Airspace Associated with Local Area Networks of computing Devices 19 2006
7970894 Method and system for monitoring of wireless devices in local area computer networks 15 2007
8789191 Automated sniffer apparatus and method for monitoring computer systems for unauthorized access 11 2012
9003527 Automated method and system for monitoring local area computer networks for unauthorized wireless access 10 2012
 
TEVA PHARMACEUTICALS USA, LTD. (1)
* 2006/0099,252 Compressed solid dosage form manufacturing process well-suited for use with drugs of low aqueous solubility and compressed solid dosage forms made thereby 3 2004
 
NETWORK APPLIANCE, INC. (1)
* 8042185 Anti-virus blade 2 2007
 
SYMANTEC CORPORATION (1)
* 7861304 Pattern matching using embedded functions 9 2004
 
LOK TECHNOLOGY, INC. (1)
* 2006/0277,267 Unified memory IP packet processing platform 1 2006
* Cited By Examiner