Patent application number | Description | Published |
20090153212 | Clock generators for generation of in-phase and quadrature clock signals - Clock generator embodiments are provided to generate half-rate I and Q clock signals. The generators are configured to insure fan-out limitations, to insure correct phasing at startup, to reduce the number of signal inverters in a critical path, and to reduce the total number of inverter structures to thereby substantially extend generator operational frequency. An exemplary generator embodiment requires only two tri-state inverters and four inverters. These clock generators are particularly suited for variety of electronic systems such as high speed data serializers. | 06-18-2009 |
20090203333 | High-speed data transmitters - Data transmitter embodiments are provided which are particularly useful as interface devices for accurate and reliable transmittal of data from high-speed data system devices such as analog-to-digital converters. Transmitter embodiments have been found to provide excellent fidelity of data transfer at high data rates (e.g., 4 gigabits/second) while consuming only a portion of the power of many conventional transmitters and requiring only a portion of the layout area of these transmitters. Transmitter embodiments provide effective control of transmitter parameters such as matched impedances, data symmetry, common-mode level, data eye and current drain. | 08-13-2009 |
20090273494 | CLOCK GENERATORS FOR GENERATION OF IN-PHASE AND QUADRATURE CLOCK SIGNALS - Clock generator embodiments are provided to generate half-rate I and Q clock signals. The generators are configured to insure fan-out limitations, to insure correct phasing at startup, to reduce the number of signal inverters in a critical path, and to reduce the total number of inverter structures to thereby substantially extend generator operational frequency. An exemplary generator embodiment requires only two tri-state inverters and four inverters. These clock generators are particularly suited for variety of electronic systems such as high speed data serializers. | 11-05-2009 |
Patent application number | Description | Published |
20080285455 | MEDIUM AND SYSTEM FOR CONTROLLING ATM TRAFFIC USING BANDWIDTH ALLOCATION TECHNOLOGY - A medium and system for managing asynchronous transfer mode (ATM) traffic in a computer system is disclosed. The computer system is used in sending, receiving, or sending and receiving a plurality of ATM flows. Each ATM flow has a plurality of ATM cells, a minimum ATM bandwidth guarantee, and a maximum ATM bandwidth. The medium and system include determining whether excess bandwidth exists for the ATM flows. The method and system also include gracefully increasing a portion of the ATM cells transmitted for each ATM flow during periods of excess bandwidth. The portion of the ATM cells transmitted is not more than the maximum ATM bandwidth limit. If an ATM flow presents a sufficient offered load, the portion of the ATM cells transmitted in the flow is not less than a minimum ATM bandwidth guarantee. | 11-20-2008 |
20080298244 | APPARATUS AND METHOD FOR CACHING LOOKUPS BASED UPON TCP TRAFFIC FLOW CHARACTERISTICS - The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet. | 12-04-2008 |
20090083209 | MULTI-FIELD CLASSIFICATION DYNAMIC RULES UPDATES - The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree. | 03-26-2009 |
20090254991 | INTRUSION DETECTION USING A NETWORK PROCESSOR AND A PARALLEL PATTERN DETECTION ENGINE - An intrusion detection system (IDS) comprises a network processor (NP) coupled to a memory unit for storing programs and data. The NP is also coupled to one or more parallel pattern detection engines (PPDE) which provide high speed parallel detection of patterns in an input data stream. Each PPDE comprises many processing units (PUs) each designed to store intrusion signatures as a sequence of data with selected operation codes. The PUs have configuration registers for selecting modes of pattern recognition. Each PU compares a byte at each clock cycle. If a sequence of bytes from the input pattern match a stored pattern, the identification of the PU detecting the pattern is outputted with any applicable comparison data. By storing intrusion signatures in many parallel PUs, the IDS can process network data at the NP processing speed. PUs may be cascaded to increase intrusion coverage or to detect long intrusion signatures. | 10-08-2009 |
20120210430 | INTRUSION DETECTION USING A NETWORK PROCESSOR AND A PARALLEL PATTERN DETECTION ENGINE - An intrusion detection system (IDS) comprises a network processor (NP) coupled to a memory unit for storing programs and data. The NP is also coupled to one or more parallel pattern detection engines (PPDE) which provide high speed parallel detection of patterns in an input data stream. Each PPDE comprises many processing units (PUs) each designed to store intrusion signatures as a sequence of data with selected operation codes. The PUs have configuration registers for selecting modes of pattern recognition. Each PU compares a byte at each clock cycle. If a sequence of bytes from the input pattern match a stored pattern, the identification of the PU detecting the pattern is outputted with any applicable comparison data. By storing intrusion signatures in many parallel PUs, the IDS can process network data at the NP processing speed. PUs may be cascaded to increase intrusion coverage or to detect long intrusion signatures. | 08-16-2012 |
Patent application number | Description | Published |
20080229105 | Efficient Method for Providing Secure Remote Access - A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password. | 09-18-2008 |
20080232386 | PRIORITY BASED BANDWIDTH ALLOCATION WITHIN REAL-TIME AND NON-REAL-TIME TRAFFIC STREAMS - A method and system for transmitting packets in a packet switching network. Packets received by a packet processor may be prioritized based on the urgency to process them. Packets that are urgent to be processed may be referred to as real-time packets. Packets that are not urgent to be processed may be referred to as non-real-time packets. Real-time packets have a higher priority to be processed than non-real-time packets. A real-time packet may either be discarded or transmitted into a real-time queue based upon its value priority, the minimum and maximum rates for that value priority and the current real-time queue congestion conditions. A non-real-time packet may either be discarded or transmitted into a non-real-time queue based upon its value priority, the minimum and maximum rates for that value priority and the current real-time and non-real-time queue congestion conditions. | 09-25-2008 |
20080273464 | Retro Flow Control for Arriving Traffic in Computer Networks - The decision within a packet processing device to transmit a newly arriving packet into a queue to await further processing or to discard the same packet is made by a flow control method and system. The flow control is updated with a constant period determined by storage and flow rate limits. The update includes comparing current queue occupancy to a threshold. The outcome of the update is adjustment up or down of the transmit probability value. The value is stored for the subsequent period of flow control and packets arriving during that period are subject to a transmit or discard decision that uses that value. | 11-06-2008 |
20090034530 | PACKET CLASSIFICATION USING MODIFIED RANGE LABELS - A method and system for encoding a set of range labels for each parameter field in a packet classification key in such a way as to require preferably only a single entry per rule in a final processing stage of a packet classifier. Multiple rules are sorted accorded to their respective significance. A range, based on a parameter in the packet header, is previously determined. Multiple rules are evaluated according to an overlapping of rules according to different ranges. Upon a determination that two or more rules overlap, each overlapping rule is expanded into multiple unique segments that identify unique range intersections. Each cluster of overlapping ranges is then offset so that at least one bit in a range for the rule remains unchanged. The range segments are then converted from binary to Gray code, which results in the ability to determine a CAM entry to use for each range. | 02-05-2009 |
20120260335 | FRONT-END PROTOCOL FOR SERVER PROTECTION - The present invention provides for protecting against denial of service attacks. A request is sent by a client, the request comprises client indicia. The request is received at a server. A request count is incremented by the server. A sequence number is assigned as a function of the client indicia. A problem is selected by the server. The problem is sent by the server to the client. A solution to the problem is sent to the server. It is determined if the solution by client is correct. If the solution is correct, a session is performed. If the solution is not correct, the request is discarded. This can substantially decrease the amount of attacks performed by a rogue client, as the session set-up time can be substantial. | 10-11-2012 |
20120265834 | SYSTEM, METHOD AND COMPUTER PROGRAM TO BLOCK SPAM - A system, method and program product for blocking unwanted e-mails. An e-mail is identified as unwanted. A source IP address of the unwanted e-mail is determined. Other source IP addresses owned or registered by an owner or registrant of the source IP address of the unwanted e-mail are determined. Subsequent e-mails from the source IP address and the other IP addresses are blocked. This will thwart a spammer who shifts to a new source IP address when its spam is blocked from one source IP address. | 10-18-2012 |