The present invention relates to improved techniques for encrypting and decrypting data.
The need for effective and efficient data encryption/decryption is widespread throughout today's world. Whether it be data maintained by a governmental agency that pertains to national security or data maintained by a private company that pertains to the company's trade secrets and/or confidential information, the importance of effective and efficient encryption/decryption cannot be understated.
Effective encryption/decryption is needed to preserve the integrity of the subject data. Efficient encryption/decryption is needed to prevent the act of encrypting/decrypting the subject data from becoming an overwhelming burden on the party that maintains the subject data. These needs exist in connection with both “data at rest” (e.g., data stored in nonvolatile memory) and “data in flight” (e.g., data in transit from one point to another such as packet data transmitted over the Internet).
A number of data encryption/decryption techniques are known in the art. Many of these encryption techniques utilize a block cipher (see, e.g., block cipher 100 in
As an example of one such known mode of encryption/decryption, the electronic codebook (ECB) mode of encryption/decryption is commonly used due to its simplicity and high data throughput. Examples of the ECB mode of encryption/decryption are shown in
With ECB, the lack of sequential blockwise dependency in the encryption/decryption (i.e., feedback loops where the encryption of a given plaintext block depends on the result of encryption of a previous plaintext data block) allows implementations of the ECB mode to achieve high data throughput via pipelining and parallel processing techniques. While ECB exhibits these favorable performance characteristics, the security of ECB's encryption is susceptible to penetration because of the propagation of inter-segment and intra-segment uniformity in the plaintext to the ciphertext blocks.
For example, a 256 bit segment of plaintext containing all zeros that is to be encrypted with a 64 bit block cipher using ECB will be broken down into 4 64-bit blocks of plaintext, each 64-bit plaintext block containing all zeros. When operating on these plaintext blocks, ECB will produce a segment of ciphertext containing four identical blocks. This is an example of intra-segment uniformity. Furthermore, if another such 256-bit all zero segment is encrypted by ECB using the same key, then both of the resulting ciphertext segments will be identical. This is an example of inter-segment uniformity. In instances where intra-segment and/or inter-segment uniformity is propagated through to ciphertext, the security of the ciphertext can be compromised because the ciphertext will still preserve some aspects of the plaintext's structure. This can be a particularly acute problem for applications such as image encryption.
To address intra-segment and inter-segment uniformity issues, there are two commonly-used approaches. One approach is known as cipher block chaining (CBC). An example of the CBC mode of encryption/decryption is shown in
As shown in
Preferably, the reversible combinatorial operation 210 is an XOR operation performed between the bits of the vector 200 and the block 102. The truth table for an XOR operation between bits X and Y to produce output Z is as follows:
As is well known, the XOR operation is reversible in that either of the inputs X or Y can be reconstructed by performing an XOR operation between Z and the other of the inputs X or Y. That is, if one XORs X with Y, the result will be Z. If one thereafter XORs Z with Y, then X will be reconstructed. Similarly, if one thereafter XORs Z with X, then Y will be reconstructed.
Thus, on the decryption side, the CBC mode operates to decrypt ciphertext block 202 with the cipher block 100 using key 114 to thereby reconstruct the XOR combination of plaintext data block 102 and the initialization vector 200. Thereafter, this reconstructed combination can be XORed with the initialization vector 200 to reconstruct plaintext block 102. Next, at time t=t1, the process is repeated for the next ciphertext block 204, although this time the XOR operation will be performed using ciphertext block 202 (rather than initialization vector 200) to reconstruct plaintext data block 104. Ciphertext block 202 is used in this XOR operation because it was ciphertext block 202 that was used in the XOR operation when plaintext block 104 was encrypted. Then, once again this process is repeated at time t=t2, albeit with ciphertext block 204 being used for the XOR combination operation with the output from cipher block 100.
While the use of feedback by the CBC mode addresses the issue of inter-segment and intra-segment uniformity, such feedback imposes a sequential processing flow on the encryption that significantly limits the achievable throughput of the encryption engine. As such, the CBC mode cannot make ready use of pipelining because one of the inputs for the reversible combinatorial operation stage 210 of the encryption for a given data block depends upon the output of the cipher block stage 100 of the encryption performed on the previous data block. That is, because of the feedback, the reversible combinatorial operation stage in a CBC encryption engine must wait for the block cipher to complete its encryption of a given data block-bit vector combination before it can begin to process the next data block.
Furthermore, on the decryption side, the CBC mode's dependence on the sequential order of data block encryption can raise problems when one wants to retrieve only a portion of the encrypted data segment. For example, for a data segment that comprises data blocks DB1 through DB20, when that data segment is encrypted and stored for subsequent retrieval in its encrypted form, an instance may arise where there is a need to retrieve data blocks DB6 through DB10, wherein the other data blocks of the data segment are not needed. However, to be able to successfully decrypt data blocks DB6 through DB10, the retrieval operation and decryption operation will nevertheless need to operate on data blocks DB1 through DB5 so that decryption can be performed for data blocks DB6 through DB10.
Furthermore, when used for disk encryption, the CBC mode may be vulnerable to a “watermark attack” if the initialization vector 200 is not kept secret (such as may be the case when the initialization vector is derived from a quantity such as a disk volume number). With such an attack, an adversary can determine from the output ciphertext whether or not a specially crafted file is stored. While there are solutions to such an attack (such as using hashing to derive the initialization vector from the data blocks in the sector), these solutions add to the computational complexity of the encryption operation and thus further degrade the throughput and/or increase the computational resources required for the encryption.
A second approach is known as the Segmented Integer Counter (SIC) mode, or more succinctly the counter (CTR) mode.
As shown in
On the decryption side, this process can then be reversed where the combination blocks 302, 304 and 306 are decrypted by block cipher 100 using key 114, with the respective outputs therefrom being XORed with the ciphertext blocks 322, 324 and 326 respectively to reconstruct plaintext blocks 102, 104 and 106.
The SIC/CTR mode of encryption/decryption also suffers from a security issue if data segments are always encrypted with the same random value 300. If an adversary is able to gather several versions of the encrypted data segment, it would be possible to derive information about the plaintext because the cipher text (C) is simply the XOR of the variable (V) based on the random number and the plaintext (P), e.g., C=P⊕V, thus C⊕C′=P⊕P′.
Therefore, the inventors herein believe that a need exists in the art for a robust encryption/decryption technique that is capable of reducing both inter-segment and intra-segment uniformity while still retaining high throughput and exhibiting blockwise independence. As used herein, an encryption operation for a data segment is said to be “blockwise independent” when the encryption operations for each data block of that data segment do not rely on the encryption operation for any of the other data blocks in that data segment. Likewise, a decryption operation for a data segment is said to be “blockwise independent” when the decryption operations for each encrypted data block of that data segment do not rely on the decryption operation for any of the other data blocks in that data segment.
Toward this end, in one embodiment, the inventors herein disclose a technique for encryption wherein prior to key encryption, the plaintext data block is combined with a blockwise independent bit vector using a reversible combinatorial operation to thereby create a plaintext block-vector combination. This plaintext block-vector combination is then key encrypted to generate a ciphertext block. This process is repeated for all data blocks of a data segment needing encryption. For decryption of the cipher text blocks produced by such encryption, the inventors herein further disclose an embodiment wherein each ciphertext data block is key decrypted to reconstruct each plaintext block-vector combination. These reconstructed plaintext block-vector combinations can then be combined (using the reversible combinatorial operation) with the corresponding randomized bit vectors that were used for encryption to thereby reconstruct the plaintext blocks.
As an improvement relative to the CBC mode of encryption/decryption, each bit vector is blockwise independent. A bit vector is said to be blockwise independent when the value of that bit vector does not depend on any results of an encryption/decryption operation that was performed on a different data block of the data segment. Because of this blockwise independence, this embodiment is amenable to implementations that take advantage of the power of pipelined processing and/or parallel processing.
Moreover, because of the blockwise independent nature of the encryption performed by the present invention, a subset of the encrypted data segment can be decrypted without requiring decryption of the entire data segment (or at least without requiring decryption of the encrypted data blocks of the data segment that were encrypted prior to the encrypted data blocks within the subset). Thus, for a data segment that comprises data blocks DB1 through DB20, when that data segment is encrypted and stored for subsequent retrieval in its encrypted form using the present invention, a need may arise to retrieve plaintext versions of encrypted data blocks DB6 through DB10 and DB15, wherein the other data blocks of the data segment are not needed in their plaintext forms. A preferred embodiment of the present invention supports successful decryption of a subset of data blocks within the encrypted data segment (e.g., data blocks DB6 through DB10 and DB15) without requiring the decryption of the data segment's data blocks that are not members of the subset (e.g., data blocks DB1 through DB5, data blocks DB11 through DB14 and data blocks DB16 through DB20). Accordingly, the present invention supports the decryption of any arbitrary subset of the encrypted data blocks of a data segment without requiring decryption of any data blocks that are non-members of the arbitrary subset even if those non-member data blocks were encrypted prior to the encryption of the data blocks within the arbitrary subset.
Similarly, even if an entire encrypted data segment is to be decrypted, the present invention supports the decryption of the encrypted data blocks in a block order independent manner. Further still, the present invention supports the encryption of data blocks in a block order independent manner as well as supports limiting the encryption to only a defined subset of a data segment's data blocks (wherein such a subset can be any arbitrary subset of the data segment's data blocks).
Furthermore, as an improvement relative to the SIC/CTR mode of encryption/decryption, a greater degree of security is provided by this embodiment because the data that is subjected to key encryption includes the plaintext data (whereas the SIC/CTR mode does not subject the plaintext data to key encryption and instead subjects only its randomized bit vector to key encryption).
Preferably, the blockwise independent bit vector is a blockwise independent randomized (BIR) bit vector. As is understood by those having ordinary skill in the art, randomization in this context refers to reproducible randomization in that the same randomized bit vectors can be reproduced by a bit vector sequence generator given the same inputs. Further still, the blockwise independent randomized bit vector is preferably generated from a data tag that is associated with the data segment needing encryption/decryption. Preferably, this data tag uniquely identifies the data segment. In a disk encryption/decryption embodiment, this data tag is preferably the logical block address (LBA) for the data segment. However, it should be noted that virtually any unique identifier that can be associated with a data segment can be used as the data tag for that data segment. It should also be noted that rather than using a single data tag associated with the data segment, it is also possible to use a plurality of data tags that are associated with the data segment, wherein each data tag uniquely identifies a different one of the data segment's constituent data blocks
A bit vector generation operation preferably operates on a data tag to generate a sequence of blockwise independent bit vectors, each blockwise independent bit vector for reversible combination with a corresponding data block. Disclosed herein are a plurality of embodiments for such a bit vector generation operation. As examples, bit vectors can be derived from the pseudo-random outputs of a pseudo-random number generator that has been seeded with the data tag; including derivations that employ some form of feedback to enhance the randomness of the bit vectors. Also, linear feedback shift registers and adders can be employed to derive the bit vectors from the data tag in a blockwise independent manner.
The inventors also disclose a symmetrical embodiment of the invention wherein the same sequence of operations are performed on data in both encryption and decryption modes.
One exemplary application for the present invention is to secure data at rest in non-volatile storage; including the storage of data placed on tape, magnetic and optical disks, and redundant array of independent disks (RAID) systems. However, it should be noted that the present invention can also be applied to data in flight such as network data traffic.
These and other features and advantages of the present invention will be apparent to those having ordinary skill in the art upon review of the following description and figures.
a) and (b) depict an embodiment of the present invention in both encryption and decryption modes;
a) and (b) depict exemplary encryption and decryption embodiments of the present invention;
a) and (b) depict exemplary encryption and decryption embodiments of the present invention showing their operations over time;
a)-(c) depict three additional exemplary embodiments of a bit vector sequence generator;
a) and (b) depict exemplary encryption and decryption embodiments of the present invention that are hybrids of the embodiments of
c) and (d) depict exemplary embodiments of the bit vector sequence generator for use with the hybrid embodiments of
a) and (b) depict an exemplary embodiment for symmetrical encryption/decryption in accordance with the present invention;
a) and (b) depict an exemplary embodiment for symmetrical encryption/decryption in accordance with the present invention wherein the blockwise independent bit vectors are derived from the data segment's LBA;
a) and (b) depict the embodiment of
c) and (d) depict a symmetrical encryption/decryption counterpart to the embodiments of
a) and (b) depict exemplary hardware environments for the present invention; and
a)-(c) depict exemplary printed circuit boards on which the encryption/decryption embodiments of the present invention can be deployed.
a) illustrates an embodiment of the present invention wherein the encryption operation is segmented into a plurality of stages. At stage 504, the blockwise independent bit vector 506 is generated, preferably from a data tag 502 that is associated with the data segment 400. Preferably, the bit vector 506 has a length that is the same as the data blocks of the data segment, although this need not be the case. Further still, it is preferred that the blockwise independent bit vector 506 have a randomized value to thereby enhance the security of the encryption. Also, it is preferred that a different bit vector 506 be generated for each data block of a data segment that is encrypted, although this need not be the case. The bit vectors that are used in the encryption of a data segment's data blocks should be either stored for subsequent use when it is time to decrypt one or more of the data segment's data blocks or should be reproducible from a known quantity (such as the data tag) when it is time to decrypt one or more of the data segment's data blocks.
At stage 210, a reversible combinatorial operation such as a bitwise XOR operation is performed on the blockwise independent bit vector 506 and plaintext data block. This reversible combinatorial operation preferably produces a data block-bit vector combination 508.
At stage 100, a block cipher performs an encryption operation on the data block-bit vector combination 508 using key 114 as per well-known key encryption techniques (e.g., AES, the Data Encryption Standard (DES), the triple DES (3DES), etc.). The output of the block cipher stage 100 is thus a ciphertext data block that serves as the encrypted counterpart to the plaintext data block that was fed into stage 210. It should be noted that any of several well-known key management techniques can be used in connection with managing the key(s) 114 used by the block cipher(s) 100. As such, the inventors do not consider the key management for the block cipher(s) 100 to be any limitation on the present invention. It should also be noted that “keyless” encryption techniques may also be used in the practice of the present invention (e.g., substitution ciphers that do not require a key).
b) depicts the decryption counterpart to
As can be seen in
The data tag 502 may be any data value(s) that can be associated with the data segment 400. Preferably, the data tag 502 serves as a unique identifier for the data segment 400, although this need not be the case. A preferred data tag 502 is the logical block address (LBA) for the data segment to be encrypted. An LBA for a data segment is the logical memory address for the data segment that is typically assigned by an Operating System (OS) or memory management system. However, other data tags may be used in the practice of the present invention; examples of which include file identifiers, physical memory addresses, and packet sequence numbers. The source of the data tag can be any of a variety of sources, including but not limited to communication protocol, storage subsystem, and file management systems.
a) and (b) illustrate embodiments of the invention where the data segment's LBA is used as the data tag 502 for the encryption/decryption operations. Sequence generator 600 processes the LBA to produce a different blockwise independent randomized bit vector 506 for XOR combination (210) with each plaintext data block. On decryption (shown in
a) illustrates the embodiment of
b) depicts the decryption counterpart to
As can be seen, the sequence of bit vectors 5061, 5062, . . . 506n produced by the sequence generator 600 of
It should also be noted that if the encryption/decryption technique involves using a data tag that is unique to each data block to generate each data block's corresponding blockwise independent bit vector 506, the need to pause operations while cycling through unneeded bit vectors can be eliminated.
a)-(c) depict other examples of sequence generator embodiments.
b) discloses a sequence generator 600 that uses the LBA 502 to seed a linear feedback shift register (LFSR) 1000 whose outputs then serve as the bit vectors 506 for combination with the data segment's data blocks.
c) discloses a sequence generator 600 that uses the LBA 502 to seed a feedback counter 1002, wherein the feedback counter 1002 has a constant increment 1004, and wherein the counter's outputs then serve as the bit vectors 506 for combination with the data segment's data blocks. As with the embodiments of
Data Tag′=Data Tag+k*Constant
wherein Data Tag′ represents the value of the data tag 502 that is fed into the sequence generator 600, wherein Data Tag represents the value of the data tag that is associated with the data segment, wherein k represents the block number within the data segment of the data block to be encrypted/decrypted, and wherein Constant represents the value of the incremental constant 1004 for adder 1002. This computation can be performed either within the sequence generator (in which case it will be the value Data Tag that is fed into the sequence generator 600) or in a module upstream from the sequence generator. Appropriate control logic is preferably used to control whether the multiplexer passes the data tag value 502 or the output of adder 1002 on to the reversible combinatorial stage 210.
It should also be noted that the present invention need not be limited to a single combination of a blockwise independent bit vector randomizer and a block cipher. Pairs of sequence generators 600, reversible combinatorial operations 210, and block ciphers 100 can be sequentially chained as shown in
Further still, the inventors herein disclose an embodiment that hybridizes the present invention and the CBC mode of encryption/decryption.
c) and (d) depict exemplary embodiments of a sequence generator 600′ that could be used to generate bit vectors for the embodiments of
d) depicts another exemplary embodiment for the sequence generator 600′. In the example of
As another embodiment of the present invention, the inventors disclose a symmetrical embodiment for encryption/decryption. With “symmetrical” encryption/decryption, the same order of operations can be performed on data blocks to both encrypt and decrypt those data blocks. Thus, with a symmetrical embodiment, the same module that is used to encrypt data can be used to decrypt encrypted data.
As shown in
For decryption, as shown in
Timing logic (not shown) can be employed to synchronize the outputs of bit vectors 506 from the bit vector generation stage 504 such that the appropriate bit vector 506 is fed to the second reversible combinatorial stage 1302 for each block ciphered data block-bit vector combination 1304 (or reconstructed data block-bit vector combination 508 for the decryption mode) that is processed thereby. Such synchronization could be designed to accommodate the latency within the block cipher 100 to thereby allow the same bit vector 506 to be used for reversible combination with a given data block by first reversible combinatorial operation stage 210 as is used for later reversible combination with the block ciphered data block-bit vector combination 1304 derived from that given data block by the second reversible combinatorial operation stage 1302.
a) (for encryption mode) and
a) (for encryption mode) and
It should also be noted that the symmetrical encryption/decryption embodiments described herein can also be used in a hybrid CBC embodiment like the ones shown in
As a further embodiment of the present invention, the inventors note that a parallel architecture 1600 such as the one shown in
The encryption/decryption techniques of the present invention can be implemented in a variety of ways including but not limited to a software implementation on any programmable processor (such as general purpose processors, embedded processors, network processors, etc.), a hardware implementation on devices such as programmable logic devices (e.g., field programmable gate arrays (FPGAs)), ASICs, and a hardware and/or software implementation on devices such as chip multi-processors (CMPs), etc. For example, some CMPs include built-in hardware for encryption ciphers, in which case software on parallel processors systems for the CMPs could perform the bit vector generation and reversible combinatorial tasks while offloading the block cipher operations to the dedicated hardware.
However, the inventors herein particularly note that the present invention is highly amenable to implementation in reconfigurable logic such as an FPGA. Examples of suitable FPGA platforms for the present invention are those described in the following: U.S. patent application Ser. No. 11/339,892 (filed Jan. 26, 2006, entitled “Firmware Socket Module for FPGA-Based Pipeline Processing” and published as 2007/0174841), published PCT applications WO 05/048134 and WO 05/026925 (both filed May 21, 2004 and entitled “Intelligent Data Storage and Processing Using FPGA Devices”), pending U.S. patent application Ser. No. 10/153,151 (filed May 21, 2002 entitled “Associative Database Scanning and Information Retrieval using FPGA Devices”, published as 2003/0018630, now U.S. Pat. No. 7,139,743), and U.S. Pat. No. 6,711,558 (entitled “Associative Database Scanning and Information Retrieval”), the entire disclosures of each of which are incorporated by reference herein.
a) depicts an example of an implementation environment for the present invention.
Data flowing to or from data store 1704 can be routed through reconfigurable logic device 1702 (which may be embodied by an FPGA). One or more firmware application modules (FAMs) 1730 are deployed on the reconfigurable logic using the techniques described in the above-incorporated references. The different stages of the encryption/decryption engine of the present invention can be implemented on the reconfigurable logic device 1702 as a processing pipeline deployed on one or more of these FAMs 1730. Firmware socket module 1720 can be implemented as described in the incorporated 11/339,892 patent application to control the flow of data to and from the encryption/decryption engine(s) deployed on the reconfigurable logic device 1702 via communication paths 1732 and 1734. Data to be encrypted and stored in the data store can be routed through the reconfigurable logic device 1702 along with appropriate control instructions for the encryption. Such control information can include the data tag used to generate the blockwise independent bit vectors. Moreover, these control instructions can emanate from any source with access to system bus 1712 including sources that connect to the system bus 1712 over a network. For example, in an embodiment wherein the data segment's LBA is used as the data tag from which the bit vectors are generated, the LBA can be passed to the FAM pipeline 1730 with the data from the data store 1704 or it can be passed to the FAM pipeline 1730 from processor 1708. Moreover, the data segments to be encrypted can emanate from any source with access to the reconfigurable logic device 1702. Encrypted data to be decrypted can also be routed through the reconfigurable logic device 1702 along with appropriate control instructions for the decryption.
Thus, when encrypting a data segment to be stored at an LBA of the data store 1704, the data blocks of the data segment can be streamed through a FAM 1730 on reconfigurable logic device 1702 that is configured to perform encryption in accordance with the teachings of the present invention (with the encryption FAM 1730 preferably deriving the blockwise independent bit vectors 506 from the LBA). The resultant ciphertext produced by the encryption FAM 1730 can then be stored in data store 1704 starting at the LBA. On decryption, the ciphertext data blocks of the encrypted data segment (or a subset thereof) can be streamed through a decryption FAM 1730 (or a symmetrical encryption/decryption FAM 1730) to reconstruct the plaintext data segment (or subset thereof). Once again, in an embodiment wherein the blockwise independent bit vectors are derived form the data segment's LBA, the LBA can also be used as the source of the bit vectors used during the decryption process.
It should also be noted that for disk or file encryption operations, it may be desirable to include the platform (e.g., FPGA or ASIC) on which the encryption/decryption engine of the present invention is deployed (or the encryption/decryption engine itself) on-board the disk controller 1706. It may also be desirable for the encryption/decryption engine to receive all data streaming to/from the disk(s), in which case control information could be added to the data streams to inform the encryption/decryption engine of which data is to be encrypted/decrypted and which data is to be passed through without modification. For example, such control information can take the form of a flag within a data set's SCSI control block (SCB).
The embodiment of
a) depicts a printed circuit board or card 1800 that can be connected to the PCI-X bus 1712 of a computer system (e.g., a commodity computer system or other) for use in encrypting/decrypting data. In the example of
b) depicts an alternate configuration for a printed circuit board/card 1800. In the example of
c) depicts another alternate configuration for a printed circuit board/card 1800. In the example of
It should be further noted that the printed circuit board/card 1800 may also be configured to support both a disk controller/connector 1810/1812 and a network interface controller/connector 1820/1822 to connect the board 1800 to disk(s) and network(s) via private PCI-X bus 1808, if desired by a practitioner of the invention.
It is worth noting that in either of the configurations of
Exemplary applications for the present invention include but are not limited to general purpose data encryption (e.g., files, images, documents, etc.), disk encryption, streaming message (e.g., packets, cells, etc.) encryption, and streaming image encryption (e.g., streaming reconnaissance imagery, etc.).
While the present invention has been described above in relation to its preferred embodiment, various modifications may be made thereto that still fall within the invention's scope. Such modifications to the invention will be recognizable upon review of the teachings herein. As such, the full scope of the present invention is to be defined solely by the appended claims and their legal equivalents.
This application is a continuation of pending U.S. patent application Ser. No. 11/690,034, filed Mar. 22, 2007, and entitled “Method and System for High Throughout Blockwise Independent Encryption/Decryption”, now U.S. Pat. No. 8,379,841, which claims priority to provisional patent application 60/785,821, filed Mar. 23, 2006, and entitled “Method and System for High Throughput Blockwise Independent Encryption/Decryption”, the entire disclosures of both of which are incorporated herein by reference.
Number | Name | Date | Kind |
---|---|---|---|
4341925 | Frosch et al. | Jul 1982 | A |
5243655 | Wang | Sep 1993 | A |
5249292 | Chiappa | Sep 1993 | A |
5371794 | Diffie et al. | Dec 1994 | A |
5381480 | Butter et al. | Jan 1995 | A |
5432822 | Kaewell, Jr. | Jul 1995 | A |
5461712 | Chelstowski et al. | Oct 1995 | A |
5481735 | Mortensen et al. | Jan 1996 | A |
5619574 | Johnson et al. | Apr 1997 | A |
5701464 | Aucsmith | Dec 1997 | A |
5704060 | Del Monte | Dec 1997 | A |
5805832 | Brown et al. | Sep 1998 | A |
5813000 | Furlani | Sep 1998 | A |
5943421 | Grabon | Aug 1999 | A |
5991881 | Conklin et al. | Nov 1999 | A |
6023760 | Karttunen | Feb 2000 | A |
6028939 | Yin | Feb 2000 | A |
6044375 | Shmueli et al. | Mar 2000 | A |
6044407 | Jones et al. | Mar 2000 | A |
6064739 | Davis | May 2000 | A |
6067569 | Khaki et al. | May 2000 | A |
6073160 | Grantham et al. | Jun 2000 | A |
6084584 | Nahi et al. | Jul 2000 | A |
6105067 | Batra | Aug 2000 | A |
6134551 | Aucsmith | Oct 2000 | A |
RE36946 | Diffie et al. | Nov 2000 | E |
6147890 | Kawana et al. | Nov 2000 | A |
6147976 | Shand et al. | Nov 2000 | A |
6169969 | Cohen | Jan 2001 | B1 |
6185531 | Schwartz et al. | Feb 2001 | B1 |
6195024 | Fallon | Feb 2001 | B1 |
6226676 | Crump et al. | May 2001 | B1 |
6279113 | Vaidya | Aug 2001 | B1 |
6307936 | Ober et al. | Oct 2001 | B1 |
6309424 | Fallon | Oct 2001 | B1 |
6317795 | Malkin et al. | Nov 2001 | B1 |
6324286 | Lai et al. | Nov 2001 | B1 |
6377942 | Hinsley et al. | Apr 2002 | B1 |
6397259 | Lincke et al. | May 2002 | B1 |
6397335 | Franczek et al. | May 2002 | B1 |
6412000 | Riddle et al. | Jun 2002 | B1 |
6430272 | Maruyama et al. | Aug 2002 | B1 |
6442545 | Feldman et al. | Aug 2002 | B1 |
6463474 | Fuh et al. | Oct 2002 | B1 |
6499107 | Gleichauf et al. | Dec 2002 | B1 |
6578147 | Shanklin et al. | Jun 2003 | B1 |
6597812 | Fallon et al. | Jul 2003 | B1 |
6601104 | Fallon | Jul 2003 | B1 |
6604158 | Fallon | Aug 2003 | B1 |
6624761 | Fallon | Sep 2003 | B2 |
6625150 | Yu | Sep 2003 | B1 |
6633868 | Min et al. | Oct 2003 | B1 |
6658377 | Anward et al. | Dec 2003 | B1 |
6658423 | Pugh et al. | Dec 2003 | B1 |
6704816 | Burke | Mar 2004 | B1 |
6711558 | Indeck et al. | Mar 2004 | B1 |
6760439 | Windirsch | Jul 2004 | B1 |
6765918 | Dixon et al. | Jul 2004 | B1 |
6772170 | Pennock et al. | Aug 2004 | B2 |
6772345 | Shetty | Aug 2004 | B1 |
6782394 | Landeck et al. | Aug 2004 | B1 |
6804667 | Martin | Oct 2004 | B1 |
6807156 | Veres et al. | Oct 2004 | B1 |
6870929 | Greene | Mar 2005 | B1 |
6882747 | Thawonmas et al. | Apr 2005 | B2 |
6886103 | Brustoloni et al. | Apr 2005 | B1 |
6931545 | Ta et al. | Aug 2005 | B1 |
6941312 | Hoffman et al. | Sep 2005 | B1 |
6944168 | Paatela et al. | Sep 2005 | B2 |
6971017 | Stringer et al. | Nov 2005 | B2 |
6978223 | Milliken | Dec 2005 | B2 |
6981054 | Krishna | Dec 2005 | B1 |
7006627 | Hanounik | Feb 2006 | B2 |
7016910 | Egilsson et al. | Mar 2006 | B2 |
7016914 | Nayak | Mar 2006 | B2 |
7024408 | Dehlinger et al. | Apr 2006 | B2 |
7028250 | Ukrainczyk et al. | Apr 2006 | B2 |
7051037 | Thomas et al. | May 2006 | B1 |
7054854 | Hattori et al. | May 2006 | B1 |
7055039 | Chavanne et al. | May 2006 | B2 |
7082427 | Seibel et al. | Jul 2006 | B1 |
7089188 | Logan et al. | Aug 2006 | B2 |
7092956 | Ruediger | Aug 2006 | B2 |
7093023 | Lockwood et al. | Aug 2006 | B2 |
7096179 | Zhu et al. | Aug 2006 | B2 |
7106905 | Simske | Sep 2006 | B2 |
7113954 | Vogel | Sep 2006 | B2 |
7117437 | Chen et al. | Oct 2006 | B2 |
7120079 | McCollum et al. | Oct 2006 | B2 |
7120699 | Stork et al. | Oct 2006 | B2 |
7124140 | Barton | Oct 2006 | B2 |
7130913 | Fallon | Oct 2006 | B2 |
7139743 | Indeck et al. | Nov 2006 | B2 |
7161506 | Fallon | Jan 2007 | B2 |
7167980 | Chiu | Jan 2007 | B2 |
7181437 | Indeck et al. | Feb 2007 | B2 |
7181608 | Fallon et al. | Feb 2007 | B2 |
7222114 | Chan | May 2007 | B1 |
7321937 | Fallon | Jan 2008 | B2 |
7353267 | Cunningham et al. | Apr 2008 | B1 |
7362859 | Robertson et al. | Apr 2008 | B1 |
7378992 | Fallon | May 2008 | B2 |
7386046 | Fallon et al. | Jun 2008 | B2 |
7411957 | Stacy et al. | Aug 2008 | B2 |
7417568 | Fallon et al. | Aug 2008 | B2 |
7444515 | Dharmapurikar et al. | Oct 2008 | B2 |
7552107 | Indeck et al. | Jun 2009 | B2 |
7558925 | Bouchard et al. | Jul 2009 | B2 |
7570760 | Olson et al. | Aug 2009 | B1 |
7580719 | Karmarkar | Aug 2009 | B2 |
7606968 | Branscome et al. | Oct 2009 | B2 |
7620821 | Grohoski et al. | Nov 2009 | B1 |
7623660 | Cory | Nov 2009 | B1 |
7636703 | Taylor | Dec 2009 | B2 |
7660793 | Indeck et al. | Feb 2010 | B2 |
7680790 | Indeck et al. | Mar 2010 | B2 |
7702629 | Cytron et al. | Apr 2010 | B2 |
7714747 | Fallon | May 2010 | B2 |
7885405 | Bong | Feb 2011 | B1 |
7949650 | Indeck et al. | May 2011 | B2 |
7953743 | Indeck et al. | May 2011 | B2 |
7954114 | Chamberlain et al. | May 2011 | B2 |
8069102 | Indeck et al. | Nov 2011 | B2 |
8095508 | Chamberlain et al. | Jan 2012 | B2 |
8131697 | Indeck et al. | Mar 2012 | B2 |
8155308 | Poo et al. | Apr 2012 | B1 |
8224800 | Branscome et al. | Jul 2012 | B2 |
8229918 | Branscome et al. | Jul 2012 | B2 |
8234267 | Branscome et al. | Jul 2012 | B2 |
8244718 | Chamdani et al. | Aug 2012 | B2 |
8379841 | Taylor et al. | Feb 2013 | B2 |
8620881 | Chamberlain et al. | Dec 2013 | B2 |
20010007127 | Staring | Jul 2001 | A1 |
20010033656 | Gligor et al. | Oct 2001 | A1 |
20010047473 | Fallon | Nov 2001 | A1 |
20010052038 | Fallon et al. | Dec 2001 | A1 |
20010056547 | Dixon | Dec 2001 | A1 |
20020006196 | Shimoyama et al. | Jan 2002 | A1 |
20020016773 | Ohkuma et al. | Feb 2002 | A1 |
20020021802 | Muratani et al. | Feb 2002 | A1 |
20020023010 | Rittmaster et al. | Feb 2002 | A1 |
20020041685 | McLoone et al. | Apr 2002 | A1 |
20020080871 | Fallon et al. | Jun 2002 | A1 |
20020103663 | Bankier et al. | Aug 2002 | A1 |
20020105911 | Pruthi et al. | Aug 2002 | A1 |
20020106078 | Qi et al. | Aug 2002 | A1 |
20020112167 | Boneh et al. | Aug 2002 | A1 |
20020116508 | Khan et al. | Aug 2002 | A1 |
20020129140 | Peled et al. | Sep 2002 | A1 |
20020150248 | Kovacevic | Oct 2002 | A1 |
20020162025 | Sutton et al. | Oct 2002 | A1 |
20020166063 | Lachman et al. | Nov 2002 | A1 |
20020169873 | Zodnik | Nov 2002 | A1 |
20020181709 | Sorimachi et al. | Dec 2002 | A1 |
20020191784 | Yup et al. | Dec 2002 | A1 |
20030009693 | Brock et al. | Jan 2003 | A1 |
20030014521 | Elson et al. | Jan 2003 | A1 |
20030014662 | Gupta et al. | Jan 2003 | A1 |
20030018630 | Indeck et al. | Jan 2003 | A1 |
20030023876 | Bardsley et al. | Jan 2003 | A1 |
20030035547 | Newton | Feb 2003 | A1 |
20030039355 | McCanny et al. | Feb 2003 | A1 |
20030043805 | Graham et al. | Mar 2003 | A1 |
20030051043 | Wyschogrod et al. | Mar 2003 | A1 |
20030059054 | Hu et al. | Mar 2003 | A1 |
20030065943 | Geis et al. | Apr 2003 | A1 |
20030068036 | Macchetti et al. | Apr 2003 | A1 |
20030074582 | Patel et al. | Apr 2003 | A1 |
20030090397 | Rasmussen | May 2003 | A1 |
20030099352 | Lu et al. | May 2003 | A1 |
20030108195 | Okada et al. | Jun 2003 | A1 |
20030110229 | Kulig et al. | Jun 2003 | A1 |
20030115485 | Milliken | Jun 2003 | A1 |
20030149869 | Gleichauf | Aug 2003 | A1 |
20030163715 | Wong | Aug 2003 | A1 |
20030169877 | Liu et al. | Sep 2003 | A1 |
20030177253 | Schuehler et al. | Sep 2003 | A1 |
20030191876 | Fallon | Oct 2003 | A1 |
20030198345 | Van Buer | Oct 2003 | A1 |
20030221013 | Lockwood et al. | Nov 2003 | A1 |
20040028047 | Hou et al. | Feb 2004 | A1 |
20040047466 | Feldman et al. | Mar 2004 | A1 |
20040049596 | Schuehler et al. | Mar 2004 | A1 |
20040064737 | Milliken et al. | Apr 2004 | A1 |
20040117645 | Okuda et al. | Jun 2004 | A1 |
20040146164 | Jonas et al. | Jul 2004 | A1 |
20040165721 | Sano et al. | Aug 2004 | A1 |
20040196905 | Yamane et al. | Oct 2004 | A1 |
20040205149 | Dillon et al. | Oct 2004 | A1 |
20040208318 | Henry et al. | Oct 2004 | A1 |
20040218762 | Le Saint et al. | Nov 2004 | A1 |
20040228479 | Crispin et al. | Nov 2004 | A1 |
20040255130 | Henry et al. | Dec 2004 | A1 |
20050005145 | Teixeira | Jan 2005 | A1 |
20050086520 | Dharmapurikar et al. | Apr 2005 | A1 |
20050094805 | Kitani et al. | May 2005 | A1 |
20050135607 | Lee et al. | Jun 2005 | A1 |
20050135608 | Zheng | Jun 2005 | A1 |
20050175175 | Leech | Aug 2005 | A1 |
20050195832 | Dharmapurikar et al. | Sep 2005 | A1 |
20050207571 | Ahn et al. | Sep 2005 | A1 |
20050229254 | Singh et al. | Oct 2005 | A1 |
20050286720 | Fukuoka et al. | Dec 2005 | A1 |
20060053295 | Madhusudan et al. | Mar 2006 | A1 |
20060059213 | Evoy | Mar 2006 | A1 |
20060072746 | Tadepalli | Apr 2006 | A1 |
20060101005 | Yang et al. | May 2006 | A1 |
20060129745 | Thiel et al. | Jun 2006 | A1 |
20060136570 | Pandya | Jun 2006 | A1 |
20060147040 | Lee et al. | Jul 2006 | A1 |
20060269148 | Farber et al. | Nov 2006 | A1 |
20060294059 | Chamberlain et al. | Dec 2006 | A1 |
20070061594 | Ginter et al. | Mar 2007 | A1 |
20070067108 | Buhler et al. | Mar 2007 | A1 |
20070074047 | Metzger et al. | Mar 2007 | A1 |
20070078837 | Indeck et al. | Apr 2007 | A1 |
20070118500 | Indeck et al. | May 2007 | A1 |
20070121950 | Okaue | May 2007 | A1 |
20070130140 | Cytron et al. | Jun 2007 | A1 |
20070174841 | Chamberlain et al. | Jul 2007 | A1 |
20070183594 | Russell | Aug 2007 | A1 |
20070237327 | Taylor et al. | Oct 2007 | A1 |
20070260602 | Taylor | Nov 2007 | A1 |
20070260814 | Branscome et al. | Nov 2007 | A1 |
20070277036 | Chamberlain et al. | Nov 2007 | A1 |
20070286415 | Bertoni et al. | Dec 2007 | A1 |
20070297608 | Jonas et al. | Dec 2007 | A1 |
20080086274 | Chamberlain et al. | Apr 2008 | A1 |
20080109413 | Indeck et al. | May 2008 | A1 |
20080114724 | Indeck et al. | May 2008 | A1 |
20080114725 | Indeck et al. | May 2008 | A1 |
20080114760 | Indeck et al. | May 2008 | A1 |
20080126320 | Indeck et al. | May 2008 | A1 |
20080133453 | Indeck et al. | Jun 2008 | A1 |
20080133519 | Indeck et al. | Jun 2008 | A1 |
20080183688 | Chamdani et al. | Jul 2008 | A1 |
20080189251 | Branscome et al. | Aug 2008 | A1 |
20080189252 | Branscome et al. | Aug 2008 | A1 |
20080240424 | Park | Oct 2008 | A1 |
20080243675 | Parsons et al. | Oct 2008 | A1 |
20080260158 | Chin et al. | Oct 2008 | A1 |
20090060197 | Taylor et al. | Mar 2009 | A1 |
20090287628 | Indeck et al. | Nov 2009 | A1 |
20100082895 | Branscome et al. | Apr 2010 | A1 |
20100094858 | Indeck et al. | Apr 2010 | A1 |
20100198850 | Cytron et al. | Aug 2010 | A1 |
20110167083 | Branscome et al. | Jul 2011 | A1 |
20110199243 | Fallon et al. | Aug 2011 | A1 |
20110218987 | Branscome et al. | Sep 2011 | A1 |
20110231446 | Buhler et al. | Sep 2011 | A1 |
20110252008 | Chamberlain et al. | Oct 2011 | A1 |
20120109849 | Chamberlain et al. | May 2012 | A1 |
20120110316 | Chamberlain et al. | May 2012 | A1 |
Number | Date | Country |
---|---|---|
0880088 | Nov 1996 | EP |
0851358 | Jul 1998 | EP |
0887723 | Dec 1998 | EP |
0911738 | Apr 1999 | EP |
1469371 | Oct 2004 | EP |
2000286715 | Oct 2000 | JP |
2001268071 | Sep 2001 | JP |
2001285283 | Oct 2001 | JP |
2001518724 | Oct 2001 | JP |
2001357048 | Dec 2001 | JP |
2002101089 | Apr 2002 | JP |
2002108910 | Apr 2002 | JP |
2003122442 | Apr 2003 | JP |
2005242997 | Sep 2005 | JP |
9409443 | Apr 1994 | WO |
9905814 | Feb 1999 | WO |
9955052 | Oct 1999 | WO |
0041136 | Jul 2000 | WO |
0122425 | Mar 2001 | WO |
0161913 | Aug 2001 | WO |
0180558 | Oct 2001 | WO |
02061525 | Aug 2002 | WO |
03100650 | Apr 2003 | WO |
03036845 | May 2003 | WO |
2004017604 | Feb 2004 | WO |
2004042560 | May 2004 | WO |
2004042561 | May 2004 | WO |
2004042562 | May 2004 | WO |
2004042574 | May 2004 | WO |
2005017708 | Feb 2005 | WO |
2005026925 | Mar 2005 | WO |
2005048134 | May 2005 | WO |
2006023948 | Mar 2006 | WO |
2007087507 | Aug 2007 | WO |
2009029842 | Mar 2009 | WO |
Entry |
---|
Edward Tau, et al. A First Generation DPGA Implementation. In Proceedings of the Third CanadianWorkshop on Field-Programmable Devices, pp. 138-143, May 1995. |
“Lucent Technologies Delivers “PayloadPlus” Network Processors for Programmable, MultiProtocol, OC-48c Processing”, Lucent Technologies Press Release, downloaded from http://www.lucent.com/press/1000/0010320.meb.html on Mar. 21, 2002. |
“Overview, Field Programmable Port Extender”, Jan. 2002 Gigabit Workshop Tutorial, Washington University, St. Louis, MO, Jan. 3-4, 2002, pp. 1-4. |
“Payload Plus™ Agere System Interface”, Agere Systems Product Brief, Jun. 2001, downloaded from Internet, Jan. 2002, pp. 1-6. |
“RFC793: Transmission Control Protocol, Darpa Internet Program, Protocol Specification”, Sep. 1981. |
“Technology Overview”, Data Search Systems Incorporated, downloaded from the http://www.datasearchsystems.com/tech.htm on Apr. 19, 2004. |
“The Field-Programmable Port Extender (FPX)”, downloaded from http://www.arl.wustl.edu/arl/ in Mar. 2002. |
Aldwairi et al., “Configurable String Matching Hardware for Speeding up Intrusion Detection”, SIRARCH Comput. Archit. News, vol. 33, No. 1, pp. 99-107, Mar. 2005. |
Amanuma et al., “A FPGA Architecture for High Speed Computation”, Proceedings of 60th Convention Architecture, Software Science, Engineering, Mar. 14, 2000, pp. 1-163-1-164, Information Processing Society, Japan. |
Amer-Yahia et al., “XQuery 1.0 and XPath 2.0 Full-Text 1.0”, W3C Working Draft, http://www.w3.org/TR/query-full-text/, May 18, 2007—parts 1-4. |
Anerousis et al., “Using the AT&T Labs PacketScope for Internet Measurement, Design, and Performance Analysis”, Network and Distributed Systems Research Laboratory, AT&T Labs-Research, Florham, Park, NJ, Oct. 1997. |
ANSI X9.52/1998, “Triple Data Encryption Algorithm Modes of Operation”, American National Standards Institute, Approved: Jul. 29, 1998. |
Arnold et al., “The Splash 2 Processor and Applications”, Proceedings 1993 IEEE International Conference on Computer Design: VLSI in Computers and Processors (ICCD '93), Oct. 3, 1993, pp. 482-485, IEEE Computer Society, Cambridge, MA USA. |
Artan et al., “Multi-packet Signature Detection using Prefix Bloom Filters”, 2005, IEEE, pp. 1811-1816. |
Asami et al., “Improvement of DES Key Search on FPGA-Based Parallel Machine “RASH””, Proceedings of Information Processing Society, Aug. 15, 2000, pp. 50-57, vol. 41, No. SIG5 (HPS1), Japan. |
Baboescu et al., “Scalable Packet Classification,” SIGCOMM'01, Aug. 27-31, 2001, pp. 199-210, San Diego, California, USA; http://www.ecse.rpi.edu/homepages/shivkuma/teaching/sp2001/readings/baboescu-pkt-classification.pdf. |
Baeza-Yates et al., “New and Faster Filters for Multiple Approximate String Matching”, Random Structures and Algorithms (RSA), Jan. 2002, pp. 23-49, vol. 20, No. 1. |
Baker et al., “High-throughput Linked-Pattern Matching for Intrusion Detection Systems”, ANCS 2005: Proceedings of the 2005 Symposium on Architecture for Networking and Communications Systems, pp. 193-202, ACM Press, 2005. |
Bianchi et al., “Improved Queueing Analysis of Shared Buffer Switching Networks”, ACM, Aug. 1993, pp. 482-490. |
Bloom, “Space/Time Trade-offs in Hash Coding With Allowable Errors”, Communications of the ACM, Jul. 1970, pp. 422-426, vol. 13, No. 7, Computer Usage Company, Newton Upper Falls, Massachusetts, USA. |
Braun et al., “Layered Protocol Wrappers for Internet Packet Processing in Reconfigurable Hardware”, Proceedings of Hot Interconnects 9 (Hotl-9) Stanford, CA, Aug. 22-24, 2001, pp. 93-98. |
Braun et al., “Protocol Wrappers for Layered Network Packet Processing in Reconfigurable Hardware”, IEEE Micro, Jan.-Feb. 2002, pp. 66-74. |
Brodie et al., “Dynamic Reconfigurable Computing”, in Proc. of 9th Military and Aerospace Programmable Logic Devices International Conference, Sep. 2006. |
Celko, “Joe Celko's Data & Databases: Concepts in Practice”, 1999, pp. 72-74, Morgan Kaufmann Publishers. |
Chamberlain et al., “Achieving Real Data Throughput for an FPGA Co-Processor on Commodity Server Platforms”, Proc. of 1st Workshop on Building Block Engine Architectures for Computers and Networks, Oct. 2004, Boston, MA. |
Chamberlain et al., “The Mercury System: Embedding Computation Into Disk Drives”, 7th High Performance Embedded Computing Workshop, Sep. 2003, Boston, MA. |
Chamberlain et al., “The Mercury System: Exploiting Truly Fast Hardware for Data Search”, Proc. of Workshop on Storage Network Architecture and Parallel I/Os, Sep. 2003, New Orleans, LA. |
Chaney et al., “Design of a Gigabit ATM Switch”, Washington University, St. Louis. |
Cho et al., “Deep Packet Filter with Dedicated Logic and Read Only Memories”, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Apr. 2004. |
Chodowiec et al., “Fast Implementations of Secret-Key Block Ciphers Using Mixed Inter- and Outer-Round Pipelining”, Proceedings of International Symposium on FPGAs, pp. 94-102 (Feb. 2001). |
Choi et al., “Design of a Flexible Open Platform for High Performance Active Networks”, Allerton Conference, 1999, Champaign, IL. |
Clark et al., “Scalable Pattern Matching for High Speed Networks”, Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2004; FCCM 2004, Apr. 20-23, 2004; pp. 249-257; IEEE Computer Society; Cambridge, MA USA. |
Cloutier et al., “VIP: An FPGA-Based Processor for Image Processing and Neural Networks”, Proceedings of Fifth International Conference on Microelectronics for Neural Networks, Feb. 12, 1996, pp. 330-336, Los Alamitos, California. |
Compton et al., “Configurable Computing: A Survey of Systems and Software”, Technical Report, Northwestern University, Dept. of ECE, 1999. |
Compton et al., “Reconfigurable Computing: A Survey of Systems and Software”, Technical Report, Northwestern University, Dept. of ECE, 1999, presented by Yi-Gang Tai. |
Cuppu and Jacob, “Organizational Design Trade-Offs at the DRAM, Memory Bus and Memory Controller Level: Initial Results,” Technical Report UMB-SCA-1999-2, Univ. of Maryland Systems & Computer Architecture Group, Nov. 1999, pp. 1-10. |
Department of Computer Science & Engineering; “Technical Reports”; Publication (http://cse.seas.wustl.edu/Research/Publications.asp); Dec. 17, 2007; pp. 1-26; Washington University in St. Louis. |
Dharmapurikar et al., “Deep Packet Inspection Using Parallel Bloom Filters,” IEEE Micro, Jan.-Feb. 2004, vol. 24, Issue: 1, pp. 52-61. |
Dharmapurikar et al., “Deep Packet Inspection Using Parallel Bloom Filters,” Symposium on High Performance Interconnects (Hotl), Stanford, California, 2003, pp. 44-51. |
Dharmapurikar et al., “Design and Implementation of a String Matching System for Network Intrusion Detection using FPGA-based Bloom Filters”, Proc. of 12th Annual IEEE Symposium on Field Programmable Custom Computing Machines, 2004, pp. 1-10. |
Dharmapurikar et al., “Longest Prefix Matching Using Bloom Filters,” SIGCOMM, 2003, pp. 201-212. |
Dharmapurikar et al., “Robust TCP Stream Reassembly in the Presence of Adversaries”, Proc. of the 14th Conference on USENIX Security Symposium—vol. 14, 16 pages, Baltimore, MD, 2005; http://www.icir.org/vern/papers/TcpReassembly/TCPReassembly.pdf. |
Dharmapurikar, “Fast and Scalable Pattern Matching for Content Filtering”, ACM, ANCS 05, 2005, pp. 183-192. |
Ebeling et al., “RaPiD—Reconfigurable Pipelined Datapath”, University of Washington, Dept. of Computer Science and Engineering, Sep. 23, 1996, Seattle, WA. |
Feldmann, “BLT: Bi-Layer Tracing of HTTP and TCP/IP”, AT&T Labs-Research, Florham Park, NJ, USA. |
FIPS 197, “ Advanced Encryption Standard”, National Institute of Standards and Technology (2001). |
FIPS 46-2, “Data Encryption Standard”, revised version issued as FIPS 46-3, National Institute of Standards Technology, Dec. 30, 1993. |
FIPS Pub. 46-3. Data Encryption Standard (DES). Revised version of 46-2. Reaffirmed Oct. 25, 1999. |
Franklin et al., “An Architecture for Fast Processing of Large Unstructured Data Sets.” Proc. of 22nd Int'l Conf. on Computer Design, Oct. 2004, pp. 280-287. |
Franklin et al., “Assisting Network Intrusion Detection with Reconfigurable Hardware”, Symposium on Field-Programmable Custom Computing Machines (FCCM 2002), Apr. 2002, Napa, California. |
Fu et al., “The FPX KCPSM Module: An Embedded, Reconfigurable Active Processing Module for the Field Programmable Port Extender (FPX)”, Washington University, Department of Computer Science, Technical Report WUCS-01-14, Jul. 2001. |
Pirsch et al., “VLSI Architectures for Video Compression—A Survey”, Proceedings of the IEEE, Feb. 1995, pp. 220-243, vol. 83, No. 2, Institute of Electrical and Electronics Engineers, Washington, DC, USA. |
Prakash et al., “OC/3072 Packet Classification Using BDDs and Pipelined SRAMs”, Department of Electrical and Computer Engineering, The University of Texas at Austin. |
Pramanik et al., “A Hardware Pattern Matching Algorithm on a Dataflow”; Computer Journal; Jul. 1, 1985; pp. 264-269; vol. 28, No. 3; Oxford University Press, Surrey, Great Britain. |
Ramakrishna et al., “A Performance Study of Hashing Functions for Hardware Applications”, Int. Conf. on Computing and Information, May 1994, pp. 1621-1636, vol. 1, No. 1. |
Ramakrishna et al., “Efficient Hardware Hashing Functions for High Performance Computers”, IEEE Transactions on Computers, Dec. 1997, vol. 46, No. 12. |
Ranganathan et al., “High-Speed VLSI Designs for Lempe-Ziv Based Data Compression”, IEEE Transactions on Circuits and Systems-II: Analog and Digital Signal Processing, Feb. 1993, pp. 96-106, vol. 40, No. 2, Institute of Electrical and Electronics Engineers, Washington, DC, USA. |
Ratha et al., “Convolution on Splash 2”, Proceedings of IEEE Symposium on FPGAS for Custom Computing Machines, Apr. 19, 1995, pp. 204-213, Los Alamitos, California. |
Ratha et al., “FPGA-based coprocessor for text string extraction”, IEEE, Sep. 11-13, 2000, pp. 217-221. |
Response to Office Action for U.S. Appl. No. 12/201,259 dated Feb. 10, 2012. |
Response to Office Action for U.S. Appl. No. 12/201,259 dated Jun. 9, 2011. |
Roberts, “Internet Still Growing Dramatically Says Internet Founder”, Press Release, Caspian Networks, Inc.—Virtual Pressroom. |
Roesch, “Snort—Lightweight Intrusion Detection for Networks”, Proceedings of LISA '99: 13th Systems Administration Conference; Nov. 7-12, 1999; pp. 229-238; USENIX Association, Seattle, WA USA. |
Roy, “A bounded search algorithm for segmented channel routing for FPGA's and associated channel architecture issues”, IEEE, Nov. 11, 1993, pp. 1695-1705, vol. 12. |
Russ et al., Non-Intrusive Built-In Self-Test for FPGA and MCM Applications, Aug. 8-10, 1995, IEEE, 480-485. |
Schmit, “Incremental Reconfiguration for Pipelined Applications”, FPGAs for Custom Computing Machines, Proceedings, The 5th Annual IEEE Symposium, Dept. of ECE, Carnegie Mellon University, Apr. 16-18, 1997, pp. 47-55, Pittsburgh, PA. |
Schuehler et al., “Architecture for a Hardware Based, TCP/IP Content Scanning System”, IEEE Micro, 24(1):62-69, Jan.-Feb. 2004, USA. |
Schuehler et al., “TCP-Splitter: A TCP/IP Flow Monitor in Reconfigurable Hardware”, Hot Interconnects 10 (Hotl-10), Stanford, CA, Aug. 21-23, 2002, pp. 127-131. |
Seki et al., “High Speed Computation of Shogi With FPGA”, Proceedings of 58th Convention Architecture, Software Science, Engineering, Mar. 9, 1999, pp. 1-133-1-134. |
Shah, “Understanding Network Processors”, Version 1.0, University of California-Berkeley, Sep. 4, 2001. |
Shalunov et al., “Bulk TCP Use and Performance on Internet 2”, ACM SIGCOMM Internet Measurement Workshop, 2001. |
Shasha et al., “Database Tuning”, 2003, pp. 280-284, Morgan Kaufmann Publishers. |
Shirazi et al., “Quantitative Analysis of FPGA-based Database Searching”, Journal of VLSI Signal Processing Systems for Signal, Image, and Video Technology, May 2001, pp. 85-96, vol. 28, No. 1/2, Kluwer Academic Publishers, Dordrecht, NL. |
Sidhu et al., “Fast Regular Expression Matching Using FPGAs”, IEEE Symposium on Field Programmable Custom Computing Machines (FCCM 2001), Apr. 2001. |
Sidhu et al., “String Matching on Multicontext FPGAs Using Self-Reconfiguration”, FPGA '99: Proceedings of the 1999 ACM/SIGDA 7th International Symposium on Field Programmable Gate Arrays, Feb. 1999, pp. 217-226. |
Singh et al., “The EarlyBird System for Real-Time Detection on Unknown Worms”, Technical report CS2003-0761, Aug. 2003. |
Skiena et al., “Programming Challenges: The Programming Contest Training Manual”, 2003, pp. 30-31, Springer. |
Sourdis and Pnevmatikatos, “Fast, Large-Scale String Match for a 10Gbps FPGA-based Network Intrusion Detection System”, 13th International Conference on Field Programmable Logic and Applications, 2003. |
Tan et al., “A High Throughput String Matching Architecture for Intrusion Detection and Prevention”, ISCA 2005: 32nd Annual International Symposium on Computer Architecture, pp. 112-122, 2005. |
Tau et al., “Transit Note #114: A First Generation DPGA Implementation”, Jan. 1995, 9 pages. |
Taylor et al., “Dynamic Hardware Plugins (DHP): Exploiting Reconfigurable Hardware for High-Performance Programmable Routers”, Computer Networks, 38(3): 295-310 (16), Feb. 21, 2002, and online at http://www.cc.gatech.edu/classes/AY2007/cs8803hpc—fall/papers/phplugins.pdf. |
Taylor et al., “Generalized RAD Module Interface Specification of the Field Programmable Port Extender (FPX) Version 2”, Washington University, Department of Computer Science, Technical Report, Jul. 5, 2001, pp. 1-10. |
Taylor et al., “Modular Design Techniques for the FPX”, Field Programmable Port Extender: Jan. 2002 Gigabit Workshop Tutorial, Washington University, St. Louis, MO, Jan. 3-4, 2002. |
Uluski et al., “Characterizing Antivirus Workload Execution”, SIGARCH Comput. Archit. News, vol. 33, No. 1, pp. 90-98, Mar. 2005. |
Villasenor et al., “Configurable Computing Solutions for Automatic Target Recognition”, FPGAS for Custom Computing Machines, 1996, Proceedings, IEEE Symposium on Napa Valley, CA, Apr. 17-19, 1996, pp. 70-79, 1996 IEEE, Napa Valley, CA, Los Alamitos, CA, USA. |
Waldvogel et al., “Scalable High-Speed Prefix Matching”, ACM Transactions on Computer Systems, Nov. 2001, pp. 440-482, vol. 19, No. 4. |
Ward et al., “Dynamically Reconfigurable Computing: A Novel Computation Technology with Potential to Improve National Security Capabilities”, May 15, 2003, A White Paper Prepared by Star Bridge Systems, Inc. [retrieved Dec. 12, 2006]. Retrieved from the Internet: <URL: http://www.starbridgesystems.com/resources/whitepapers/Dynamically%20Reconfigurable%20Computing.pdf. |
Weaver et al., “Very Fast Containment of Scanning Worms”, Proc. USENIX Security Symposium 2004, San Diego, CA, Aug. 2004, located at http://www.icsi.berkely.edu/˜nweaver/containment/containment.pdf. |
West et al., “An FPGA-Based Search Engine for Unstructured Database”, Proc. of 2nd Workshop on Application Specific Processors, Dec. 2003, San Diego, CA. |
Wooster et al., “HTTPDUMP Network HTTP Packet Snooper”, Apr. 25, 1996. |
Yamaguchi et al., “High Speed Homology Search with FPGAs”, Proceedings Pacific Symposium on Biocomputing, Jan. 3-7, 2002, pp. 271-282, vol. 7, Online, Lihue, Hawaii, USA. |
Yan et al., “Enhancing Collaborative Spam Detection with Bloom Filters”, 2006, IEEE, pp. 414-425. |
Yoshitani et al., “Performance Evaluation of Parallel Volume Rendering Machine Re Volver/C40”, Study Report of Information Processing Society, Mar. 5, 1999, pp. 79-84, vol. 99, No. 21. |
Ziv et al., “A Universal Algorithm for Sequential Data Compression”, IEEE Trans. Inform. Theory, IT-23(3): 337-343 (1997). |
Ziv et al., “Compression of Individual Sequence via Variable-Rate Coding”, IEEE Transactions on Information Theory, Sep. 1978, pp. 530-536, vol. IT-24, No. 5, Institute of Electrical and Electronics Engineers, Washington, DC, USA. |
U.S. Appl. No. 13/442,442, filed Apr. 9, 2012 (Indeck et al.). |
Gokhale et al., “Reconfigurable Computing”, 2005, pp. 3, 7, 11-15 and 92-93, Springer. |
Gokhale et al., “Reconfigurable Computing: Accelerating Computation With Field-Programmable Gate Arrays”, 2005, pp. 1-3, 7, 11-15, 39, 92-93, Springer. |
Gupta et al., “High-Speed Implementations of Rule-Based Systems,” ACM Transactions on Computer Systems, May 1989, pp. 119-146, vol. 7, Issue 2. |
Gupta et al., “Packet Classification on Multiple Fields”, Computer Systems Laboratory, Stanford University, Stanford, CA. |
Gupta et al, “PMM: A Parallel Architecture for Production Systems,” Proceedings of the IEEE, Apr. 1992, pp. 693-696, vol. 2. |
Gurtov, “Effect of Delays on TCP Performance”, Cellular Systems Development, Sonera Corporation, online at http://cs.helsinki.fi/u/gurtov/papers/pwc01.pdf. |
Hauck et al., “Software Technologies for Reconfigurable Systems”, Northwestern University, Dept. of ECE, Technical Report, 1996. |
Herbordt et al., “Single Pass, BLAST-Like, Approximate String Matching on FPGAs”, 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'06), Apr. 2006, pp. 1-10, IEEE. |
Hollaar, “Hardware Systems for Text Information Retrieval”, Proceedings of the Sixth Annual International ACM Sigir Conference on Research and Development in Information Retrieval, Jun. 6-8, 1983, pp. 3-9, Baltimore, Maryland, USA. |
Hutchings et al., “Assisting Network Intrusion Detection with Reconfigurable Hardware”, FCCM 2002: 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2002. |
International Preliminary Report on Patentability (Chapter I) for PCT/US2008/074862 issued Mar. 11, 2010. |
International Search Report for PCT/US2002/033286 dated Jan. 22, 2003. |
International Search Report for PCT/US2005/030046; Sep. 25, 2006. |
International Search Report for PCT/US2008/074862 dated Nov. 12, 2008. |
Jacobson et al., “RFC 1072: TCP Extensions for Long-Delay Paths”, Oct. 1988. |
Jacobson et al., “tcpdump—dump traffic on a network”, Jun. 30, 1997, online at www.cse.cuhk.edu.hk/˜cslui/CEG4430/tcpdump.ps.gz. |
Johnson et al., “Pattern Matching in Reconfigurable Logic for Packet Classification”, College of Computing, Georgia Institute of Technology, Atlanta, GA. |
Jung et al., “Efficient VLSI for Lempel-Ziv Compression in Wireless Data Communication Networks”, IEEE Transactions on VLSI Systems, Sep. 1998, pp. 475-483, vol. 6, No. 3, Institute of Electrical and Electronics Engineers, Washington, DC, USA. |
Keutzer et al., “A Survey of Programmable Platforms—Network Proc”, University of California-Berkeley, pp. 1-29. |
Lockwood et al., “Field Programmable Port Extender (FPX) for Distributed Routing and Queuing”, ACM International Symposium on Field Programmable Gate Arrays (FPGA 2000), Monterey, CA, Feb. 2000, pp. 137-144. |
Lockwood et al., “Hello, World: A Simple Application for the Field Programmable Port Extender (FPX)”, Washington University, Department of Computer Science, Technical Report WUCS-00-12, Jul. 11, 2000. |
Lockwood et al., “Parallel FPGA Programming over Backplane Chassis”, Washington University, Department of Computer Science, Technical Report WUCS-00-11, Jun. 12, 2000. |
Lockwood et al., “Reprogrammable Network Packet Processing on the Field Programmable Port Extender (FPX)”, ACM International Symposium on Field Programmable Gate Arrays (FPGA 2001), Monterey, CA, Feb. 2001, pp. 87-93. |
Lockwood, “An Open Platform for Development of Network Processing Modules in Reprogrammable Hardware”, IEC DesignCon 2001, Santa Clara, CA, Jan. 2001, Paper WB-19. |
Lockwood, “Building Networks with Reprogrammable Hardware”, Field Programmable Port Extender: Jan. 2002 Gigabit Workshop Tutorial, Washington University, St. Louis, MO, Jan. 3-4, 2002. |
Lockwood, “Evolvable Internet Hardware Platforms”, NASA/DoD Workshop on Evolvable Hardware (EHW'01), Long Beach, CA, Jul. 12-14, 2001, pp. 271-279. |
Lockwood, “Hardware Laboratory Configuration”, Field Programmable Port Extender: Jan. 2002 Gigabit Workshop Tutorial, Washington University, St. Louis, MO, Jan. 3-4, 2002. |
Lockwood, “Introduction”, Field Programmable Port Extender: Jan. 2002 Gigabit Workshop Tutorial, Washington University, St. Louis, MO, Jan. 3-4, 2002. |
Lockwood, “Platform and Methodology for Teaching Design of Hardware Modules in Internet Routers and Firewalls”, IEEE Computer Society International Conference on Microelectronic Systems Education (MSE'2001), Las Vegas, NV, Jun. 17-18, 2001, pp. 56-57. |
Lockwood, “Protocol Processing on the FPX”, Field Programmable Port Extender: Jan. 2002 Gigabit Workshop Tutorial, Washington University, St. Louis, MO, Jan. 3-4, 2002. |
Lockwood, “Simulation and Synthesis”, Field Programmable Port Extender: Jan. 2002 Gigabit Workshop Tutorial, Washington University, St. Louis, MO, Jan. 3-4, 2002. |
Lockwood, “Simulation of the Hello World Application for the Field-Programmable Port Extender (FPX)”, Washington University, Applied Research Lab, Spring 2001 Gigabits Kits Workshop. |
Madhusudan, “Design of a System for Real-Time Worm Detection”, Hot Interconnects, pp. 77-83, Stanford, CA, Aug. 2004, found at http://www.hoti.org/hoti12/program/papers/2004/paper4.2.pdf. |
Madhusudan, “Design of a System for Real-Time Worm Detection”, Power Point Presentation in Support of Master's Thesis, Washington Univ., Dept. of Computer Science and Engineering, St. Louis, MO, Aug. 2004. |
Mao et al., “Cluster-based Online Monitoring System of Web Traffic”, Dept. of Computer Science and Technology, Tsinghua Univ., Bejing, 100084 P.R. China. |
Mosanya et al., “A FPGA-Based Hardware Implementation of Generalized Profile Search Using Online Arithmetic”, ACM/Sigda International Symposium on Field Programmable Gate Arrays (FPGA '99), Feb. 21-23, 1999, pp. 101-111, Monterey, CA, USA. |
Moscola et al., “FPGrep and FPSed: Regular Expression Search and Substitution for Packet Streaming in Field Programmable Hardware”, Dept. of Computer Science, Applied Research Lab, Washington University, Jan. 8, 2002, unpublished, pp. 1-19, St. Louis, MO. |
Moscola et al., “FPSed: A Streaming Content Search-and-Replace Module for an Internet Firewall”, Proc. of Hot Interconnects, 11th Symposium on High Performance Interconnects, pp. 122-129, Aug. 20, 2003. |
Moscola, “FPGrep and FPSed: Packet Payload Processors for Managing the Flow of Digital Content on Local Area Networks and the Internet”, Master's Thesis, Sever Institute of Technology, Washington University, St. Louis, MO, Aug. 2003. |
Motwani et al., “Randomized Algorithms”, 1995, pp. 215-216, Cambridge University Press. |
Navarro, “A Guided Tour to Approximate String Matching”, ACM Computing Surveys, vol. 33, No. 1, Mar. 2001, pp. 31-88. |
Necker et al., “TCP-Stream Reassembly and State Tracking in Hardware”, School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA. |
Nunez et al., “The X-MatchLITE FPGA-Based Data Compressor”, Euromicro Conference 1999, Proceedings, Italy, Sep. 8-10, 1999, pp. 126-132, Los Alamitos, CA. |
Nwodoh et al., “A Processing System for Real-Time Holographic Video Computation”, Reconfigurable Technology: FPGAs for Computing and Application, Proceedings for the SPIE, Sep. 1999, Boston, pp. 129-140, vol. 3844. |
Office Action for U.S. Appl. No. 10/550,323 dated Jan. 3, 2011. |
Office Action for U.S. Appl. No. 10/550,326 dated Dec. 23, 2010. |
Office Action for U.S. Appl. No. 12/201,259 dated Feb. 10, 2012. |
Office Action for U.S. Appl. No. 12/201,259 dated Jun. 9, 2011. |
Office Action for U.S. Appl. No. 12/201,259 dated Nov. 13, 2012. |
Patterson, “High Performance DES Encryption in Virtex™ FPGAs using JBits™”, IEEE Symposium on Field-Programmable Custom Computing Machines, 2000, pp. 113-121. |
Number | Date | Country | |
---|---|---|---|
20130148802 A1 | Jun 2013 | US |
Number | Date | Country | |
---|---|---|---|
60785821 | Mar 2006 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 11690034 | Mar 2007 | US |
Child | 13759227 | US |