Runtime adaptable security processor

US 20050108518A1

(54) RUNTIME ADAPTABLE SECURITY PROCESSOR

(76) Inventor: Ashish A. Pandya, El Dorado Hills, CA (US)

Correspondence Address:

DLA PIPER RUDNICK GRAY CARY US, LLP

2000 UNIVERSITY AVENUE

E. PALO ALTO, CA 94303-2248 (US)

(21) Appl. No.: 11/004,742

(22) Filed: Dec. 2, 2004

Related U.S. Application Data

(63) Continuation-in-part ol application No. 10/459,674, filed on Jun. 10, 2003.

Continuation-in-part ol application No. 10/459,349, filed on Jun. 10, 2003.

Continuation-in-part ol application No. 10/459,350, filed on Jun. 10, 2003.

Continuation-in-part ol application No. 10/459,019, filed on Jun. 10, 2003.

Continuation-in-part ol application No. 10/458,855, filed on Jun. 10, 2003.

Continuation-in-part ol application No. 10/459,297, filed on Jun. 10, 2003.

Continuation-in-part ol application No. 10/458,844,
filed on Jun. 10, 2003.

Continuation-in-part ol application No. PCT/US03/
18386, filed on Jun. 10, 2003.
Continuation-in-part ol application No. 10/783,890,
filed on Feb. 20, 2004.

Continuation-in-part ol application No. 10/845,345,
filed on May 12, 2004.

Publication Classification

(51) Int. CI.7 11041. 9/00

(52) U.S. CI 713/151; 713/152; 713/153

(57) ABSTRACT

A runtime adaptable security processor is disclosed. The processor architecture provides capabilities to transport and process Internet Protocol (IP) packets Irom Layer 2 through transport protocol layer and may also provide packet inspection through Layer 7. Further, a runtime adaptable processor is coupled to the protocol processing hardware and may be dynamically adapted to perform hardware tasks as per the needs ol the network traffic being sent or received and/or the policies programmed or services or applications being supported. A set ol engines may perform pass-through packet classification, policy processing and/or security processing enabling packet streaming through the architecture at nearly the lull line rate. A high performance content search and rules processing security processor is disclosed which may be used for application layer and network layer security. A scheduler schedules packets to packet processors for processing. An internal memory or local session database cache stores a session information database for a certain number ol active sessions. The session information that is not in the internal memory is stored and retrieved to/lrom an additional memory. An application running on an initiator or target can in certain instantiations register a region ol memory, which is made available to its peer(s) for access directly without substantial host intervention through RDMA data transler. A security system is also disclosed that enables a new way ol implementing security capabilities inside enterprise networks in a distributed manner using a protocol processing hardware with appropriate security leatures.