Patents by Inventor Joseph J. Tardo
Joseph J. Tardo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9258225Abstract: A system and method for efficient matching regular expression patterns across multiple packets. A deep packet inspection system can be embodied in a switch ASIC using a flow tracker and a signature matching engine. The flow tracker can be positioned in an ingress portion of the switch ASIC at a location where packets in a bi-direction flow can be observed and recorded. The flow tracker generates a signature match request that is forwarded to a signature matching engine in an auxiliary pipeline. The signature matching engine is enabled to perform cross-packet signature matching using signature matching state machines and reports the signature matching results to the flow tracker using a response packet that is sent to the ingress pipeline.Type: GrantFiled: February 28, 2014Date of Patent: February 9, 2016Assignee: BROADCOM CORPORATIONInventors: Nate Hill, Stanislas Wolski, Joseph J. Tardo
-
Publication number: 20140314084Abstract: A system and method for efficient matching regular expression patterns across multiple packets. A deep packet inspection system can be embodied in a switch ASIC using a flow tracker and a signature matching engine. The flow tracker can be positioned in an ingress portion of the switch ASIC at a location where packets in a bi-direction flow can be observed and recorded. The flow tracker generates a signature match request that is forwarded to a signature matching engine in an auxiliary pipeline. The signature matching engine is enabled to perform cross-packet signature matching using signature matching state machines and reports the signature matching results to the flow tracker using a response packet that is sent to the ingress pipeline.Type: ApplicationFiled: February 28, 2014Publication date: October 23, 2014Applicant: Broadcom CorporationInventors: Nate Hill, Stanislas Wolski, Joseph J. Tardo
-
Patent number: 8340299Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.Type: GrantFiled: July 28, 2010Date of Patent: December 25, 2012Assignee: Broadcom CorporationInventors: Mark L. Buer, Joseph J. Tardo
-
Patent number: 8055895Abstract: Methods and associated systems provide secured data transmission over a data network. A security device provides security processing in the data path of a packet network. The device may include at least one network interface to send packets to and receive packets from a data network and at least one cryptographic engine for performing encryption, decryption and/or authentication operations. The device may be configured as an in-line security processor that processes packets that pass through the device as the packets are routed to/from the data network.Type: GrantFiled: August 31, 2009Date of Patent: November 8, 2011Assignee: Broadcom CorporationInventors: Mark Buer, Scott S. McDaniel, Uri Elzur, Joseph J. Tardo, Kan Fan
-
Patent number: 7996670Abstract: Provided is an architecture for a cryptography accelerator chip that allows significant performance improvements over previous prior art designs. In various embodiments, the architecture enables parallel processing of packets through a plurality of cryptography engines and includes a classification engine configured to efficiently process encryption/decryption of data packets. Cryptography acceleration chips in accordance may be incorporated on network line cards or service modules and used in applications as diverse as connecting a single computer to a WAN, to large corporate networks, to networks servicing wide geographic areas (e.g., cities). The present invention provides improved performance over the prior art designs, with much reduced local memory requirements, in some cases requiring no additional external memory. In some embodiments, the present invention enables sustained full duplex Gigabit rate security processing of IPSec protocol data packets.Type: GrantFiled: July 6, 2000Date of Patent: August 9, 2011Assignee: Broadcom CorporationInventors: Suresh Krishna, Christopher Owen, Derrick C. Lin, Joseph J. Tardo, Patrick Law, Phillip Norman Smith
-
Publication number: 20100290624Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.Type: ApplicationFiled: July 28, 2010Publication date: November 18, 2010Applicant: Broadcom CorporationInventors: Mark L. BUER, Joseph J. Tardo
-
Patent number: 7773754Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.Type: GrantFiled: July 8, 2002Date of Patent: August 10, 2010Assignee: Broadcom CorporationInventors: Mark L. Buer, Joseph J. Tardo
-
Publication number: 20090319775Abstract: Methods and associated systems provide secured data transmission over a data network. A security device provides security processing in the data path of a packet network. The device may include at least one network interface to send packets to and receive packets from a data network and at least one cryptographic engine for performing encryption, decryption and/or authentication operations. The device may be configured as an in-line security processor that processes packets that pass through the device as the packets are routed to/from the data network.Type: ApplicationFiled: August 31, 2009Publication date: December 24, 2009Applicant: Broadcom CorporationInventors: Mark L. Buer, Scott S. McDaniel, Uri Elzur, Joseph J. Tardo, Kan Fan
-
Patent number: 7600131Abstract: Provided is an architecture for a cryptography accelerator chip that allows significant performance improvements over previous prior art designs. In various embodiments, the architecture enables parallel processing of packets through a plurality of cryptography engines and includes a classification engine configured to efficiently process encryption/decryption of data packets. Cryptography acceleration chips in accordance may be incorporated on network line cards or service modules and used in applications as diverse as connecting a single computer to a WAN, to large corporate networks, to networks servicing wide geographic areas (e.g., cities). The present invention provides improved performance over the prior art designs, with much reduced local memory requirements, in some cases requiring no additional external memory. In some embodiments, the present invention enables sustained full duplex Gigabit rate security processing of IPSec protocol data packets.Type: GrantFiled: July 6, 2000Date of Patent: October 6, 2009Assignee: Broadcom CorporationInventors: Suresh Krishna, Christopher Owen, Derrick C. Lin, Joseph J. Tardo, Patrick Law
-
Patent number: 7587587Abstract: Methods and associated systems provide secured data transmission over a data network. A security device provides security processing in the data path of a packet network. The device may include at least one network interface to send packets to and receive packets from a data network and at least one cryptographic engine for performing encryption, decryption and/or authentication operations. The device may be configured as an in-line security processor that processes packets that pass through the device as the packets are routed to/from the data network.Type: GrantFiled: December 4, 2003Date of Patent: September 8, 2009Assignee: Broadcom CorporationInventors: Mark L. Buer, Scott S. McDaniel, Uri Elzur, Joseph J. Tardo, Kan Fan
-
Publication number: 20040143734Abstract: Methods and associated systems provide secured data transmission over a data network. A security device provides security processing in the data path of a packet network. The device may include at least one network interface to send packets to and receive packets from a data network and at least one cryptographic engine for performing encryption, decryption and/or authentication operations. The device may be configured as an in-line security processor that processes packets that pass through the device as the packets are routed to/from the data network.Type: ApplicationFiled: December 4, 2003Publication date: July 22, 2004Inventors: Mark L. Buer, Scott S. McDaniel, Uri Elzur, Joseph J. Tardo, Kan Fan
-
Publication number: 20040005061Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.Type: ApplicationFiled: July 8, 2002Publication date: January 8, 2004Inventors: Mark L. Buer, Joseph J. Tardo
-
Publication number: 20030023846Abstract: Provided is an architecture for a cryptography accelerator chip that allows significant performance improvements over previous prior art designs. In various embodiments, the architecture enables parallel processing of packets through a plurality of cryptography engines and includes a classification engine configured to efficiently process encryption/decryption of data packets. Cryptography acceleration chips in accordance may be incorporated on network line cards or service modules and used in applications as diverse as connecting a single computer to a WAN, to large corporate networks, to networks servicing wide geographic areas (e.g., cities). The present invention provides improved performance over the prior art designs, with much reduced local memory requirements, in some cases requiring no additional external memory. In some embodiments, the present invention enables sustained full duplex Gigabit rate security processing of IPSec protocol data packets.Type: ApplicationFiled: August 12, 2002Publication date: January 30, 2003Applicant: Broadcom CorporationInventors: Suresh Krishna, Christopher Owen, Derrick C. Lin, Joseph J. Tardo, Patrick Law, Phillip Norman Smith
-
Publication number: 20030014627Abstract: Provided is an architecture for a cryptography accelerator chip that allows significant performance improvements over previous prior art designs. In various embodiments, the architecture enables parallel processing of packets through a plurality of cryptography engines and includes a classification engine configured to efficiently process encryption/decryption of data packets. Cryptography acceleration chips in accordance may be incorporated on network line cards or service modules and used in applications as diverse as connecting a single computer to a WAN, to large corporate networks, to networks servicing wide geographic areas (e.g., cities). The present invention provides improved performance over the prior art designs, with much reduced local memory requirements, in some cases requiring no additional external memory. In some embodiments, the present invention enables sustained full duplex Gigabit rate security processing of IPSec protocol data packets.Type: ApplicationFiled: August 12, 2002Publication date: January 16, 2003Applicant: Broadcom CorporationInventors: Suresh Krishna, Christopher Owen, Derrick C. Lin, Joseph J. Tardo, Patrick Law
-
Patent number: 5497421Abstract: Apparatus for protecting the confidentiality of a user's password during a remote login authentication exchange between a user node and a directory service node of a distributed, public key cryptography system includes a specialized server application functioning as an intermediary agent for the login procedure. The login agent has responsibility for approving the user's login attempt and distributing a private key to the user. However, the login agent is not trusted with the user's password and is therefore a "semi-trusted" node. In another aspect of the invention, a login protocol enables remote authentication of the user password without transmitting the password over the network.Type: GrantFiled: September 28, 1994Date of Patent: March 5, 1996Assignee: Digital Equipment CorporationInventors: Charles W. Kaufman, Morrie Gasser, Butler W. Lampson, Joseph J. Tardo, Kannan Alagappan
-
Patent number: 5418854Abstract: Apparatus for protecting the confidentiality of a user's password during a remote login authentication exchange between a user node and a directory service node of a distributed, public key cryptography system includes a specialized server application functioning as an intermediary agent for the login procedure. The login agent has responsibility for approving the user's login attempt and distributing a private key to the user. However, the login agent is not trusted with the user's password and is therefore a "semi-trusted" node. In another aspect of the invention, a login protocol enables remote authentication of the user password without transmitting the password over the network.Type: GrantFiled: April 28, 1992Date of Patent: May 23, 1995Assignee: Digital Equipment CorporationInventors: Charles W. Kaufman, Morrie Gasser, Butler W. Lampson, Joseph J. Tardo, Kannan Alagappan
-
Patent number: 5235644Abstract: A decryption method, and associated cryptographic processor, for performing in-line decryption of information frames received from a communication network through a first in-line processing stage. As an information packet is streamed into the cryptographic processor, a determination is made to an acceptable level of probability whether the packet contains data that should be decrypted. The decision whether or not decrypt is made by analyzing the incoming packet header, recognizing a limited number of packet formats, and further parsing the packet to locate any encrypted data and to make sure that the packet is not a segment of a larger message. Falsely decrypted packets are looped back through the cryptographic processor, to regenerate the data that was falsely decrypted. Decryption and encryption are performed in such a manner that a false decryption is completely reversible without loss of data.Type: GrantFiled: June 29, 1990Date of Patent: August 10, 1993Assignee: Digital Equipment CorporationInventors: Amar Gupta, Butler W. Lampson, William R. Hawe, Joseph J. Tardo, Charles W. Kaufman, Mark F. Kempf, Morrie Gasser, B. J. Herbison
-
Patent number: 5070528Abstract: A method and related cryptographic processing apparatus for handling information packets that are to be cryptographically processed prior to transmission onto a communication network, or that are to be locally cryptographically processed and looped back to a node processor. A special cryptographic preamble is included in each information packet that is to be subject to cryptographic processing. The cryptographic preamble contains an offset value pointing to the starting location of information that is to be processed, and completely defines the type of cryptographic processing to be performed. The cryptographic processor can then perform the processing as specified in the preamble without regard to a specific protocol. If the packet is to be transmitted onto the network, the preamble is stripped from the packet after cryptographic processing, so that the formats of packets transmitted onto the network will be unaffected by the preamble.Type: GrantFiled: June 29, 1990Date of Patent: December 3, 1991Assignee: Digital Equipment CorporationInventors: William R. Hawe, Joseph J. Tardo, Charles W. Kaufman, Amar Gupta, Barry A. Spinney, Gregory M. Waters