Patents by Inventor Shushan Wen

Shushan Wen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12079136
    Abstract: At a first stage, cells of a row of the index table are searched, using a portion of the unified hash value bits as index to identify the row of the index table. Also, a pointer to the content table is identified by comparing an index table tag of an entry of a cell with a calculated tag of the hash to identify a cell in the row. At a second stage, a cell is looked up in the content table, responsive to a match of calculated tag of the hash and index table tag of entry, comparing the current full key value and the full key value in the content table entry. The content table full key value is retrieved using a pointer from the cell of the index table to the content table from the cell entry.
    Type: Grant
    Filed: March 31, 2023
    Date of Patent: September 3, 2024
    Assignee: Fortinet, Inc.
    Inventors: Shushan Wen, Zhi Guo
  • Patent number: 12052287
    Abstract: Systems, devices, and methods are discussed for classifying a number of security policies in relation to criteria for applying those security policies to yield a dual bitmap scheme representing a correlation between security policies and one or more criteria.
    Type: Grant
    Filed: March 1, 2022
    Date of Patent: July 30, 2024
    Assignee: Fortinet, Inc.
    Inventors: Shushan Wen, John Cortes, Zhi Guo
  • Publication number: 20240244085
    Abstract: Systems, devices, and methods for correlating security policies to received packets are provided. In one example, a network device, maintains information regarding multiple security policies within a dual bitmap based search tree including a first bitmap and a second bitmap formatted as information embedded in a node structure. A packet is received by the network. A first field of the packet is compared with a first range, corresponding to a first bit location in the first bitmap in which the first bit location in the first bitmap is associated with at least a first security policy. After determining the first field is within the first range, the network device accesses a second bit location in the second bitmap, corresponding to the first bit location. Based at least in part upon a value in the second bit location, a set of one or more security policies are applied to the packet.
    Type: Application
    Filed: March 28, 2024
    Publication date: July 18, 2024
    Applicant: Fortinet, Inc.
    Inventors: Shushan Wen, John Cortes, Zhi Guo
  • Patent number: 12041032
    Abstract: Systems, devices, and methods are discussed for identifying security policies applicable to a received information packet based upon a dual bitmap scheme accounting for bit position mergers and/or policies common to multiple bit positions.
    Type: Grant
    Filed: March 1, 2022
    Date of Patent: July 16, 2024
    Assignee: Fortinet, Inc.
    Inventors: Shushan Wen, John Cortes, Zhi Guo
  • Publication number: 20240205247
    Abstract: A CRC rule is generated for each CRC parity check circuit from a bank of CRC parity check circuits for mapping a fixed-length CRC output to a signature, each of the CRC parity check circuits servicing a specific string length. The selected CRC parity circuit outputs a fixed-length parity-check data for the specific data packet, and the string mapper maps the fixed-length parity-check data for the specific data packet to one of the string identifiers associated with the group of signatures. If a fixed-length parity-check match is found, outputting a string identifier of the match for a security action.
    Type: Application
    Filed: December 14, 2022
    Publication date: June 20, 2024
    Applicant: Fortinet, Inc.
    Inventors: Yuwei Zhang, Shushan Wen
  • Publication number: 20240114000
    Abstract: To activate side nodes, a traversal node is partitioned into deeper traversal nodes and leaf nodes. A limit is set on a number of leaf node policies. Each traversal node above the limit is cut into a deeper level with a new traversal node. Each traversal node at or below the limit is converted to a leaf node populated with a list of policies within the limit.
    Type: Application
    Filed: September 30, 2022
    Publication date: April 4, 2024
    Inventors: Shushan Wen, Tianrui Wei
  • Publication number: 20230283590
    Abstract: Systems, devices, and methods are discussed for identifying security policies applicable to a received information packet based upon a dual bitmap scheme accounting for bit position mergers and/or policies common to multiple bit positions.
    Type: Application
    Filed: March 1, 2022
    Publication date: September 7, 2023
    Applicant: Fortinet, Inc.
    Inventors: Shushan Wen, John Cortes, Zhi Guo
  • Publication number: 20230283638
    Abstract: Systems, devices, and methods are discussed for classifying a number of security policies in relation to criteria for applying those security policies to yield a dual bitmap scheme representing a correlation between security policies and one or more criteria.
    Type: Application
    Filed: March 1, 2022
    Publication date: September 7, 2023
    Applicant: Fortinet, Inc.
    Inventors: SHUSHAN WEN, JOHN CORTES, ZHI GUO
  • Publication number: 20230239213
    Abstract: During high-speed network policy searching for data packets, an upper limit and a lower limit for a policy count are predefined for a ratio of the policy count to the sum of the policy count and the range count. A policy tree builder generates a policy tree image from a set of recursive operations on the raw policy set including an on-the-fly determination of whether a specific node is a leaf based on a leaf policy count limit, wherein for a selected dimension, the specific node is converted to the leaf if the policy count does not exceed the leaf policy count limit and the range count for the selected dimension does not exceed a product of the leaf policy count limit and a range count limit coefficient, and otherwise the specific node is converted to two or more child nodes. A network processor configures at least one set of registers, at least one set of tables, and at least one sequence of instructions according to the policy tree image.
    Type: Application
    Filed: March 30, 2023
    Publication date: July 27, 2023
    Applicant: Fortinet, Inc.
    Inventor: Shushan Wen
  • Publication number: 20230214388
    Abstract: A raw policy set is received for the network processor and a dimension bitmap corresponding to the raw policy set. From the raw policy set, a policy tree builder generates a policy tree image from a set of recursive operations on the raw policy set including selecting boundaries of the raw policy set from cuts on a given dimension of the raw policy set, the dimension cut based on a dimension selection and a partition number selection for the raw policy set. Network processor hardware is configured according to the policy tree image including at least one set of registers, at least one set of tables, and at least one sequence of instructions. At runtime, the network processor applies the optimized policy set to processing of the packet session from the data communication network by the network processor hardware.
    Type: Application
    Filed: December 31, 2021
    Publication date: July 6, 2023
    Inventor: Shushan Wen
  • Publication number: 20220207210
    Abstract: A compiler (CPL) plugin comprises a TC to, responsive to a new DV test, read configuration settings and selects appropriate plugin processes based on the configuration settings. An API interface can generate images that control the special purpose processor during a stage of a plurality of stages for a CPL-related design verification (DV) test and call selected plugin processes. A common compiler module comprising a common function codebase. A DV specialized support module comprising a DV function only codebase, wherein the DV has access to the common compiler module. An RP specialized support module can comprise an RP function only codebase, wherein the codebase is common for both DV and RP, and wherein top-level APIs are designed for both DV and RP. Responsive to completing the DV test, TC disables the plugins and injects traffic for the DV test, and wherein TC reports testing results.
    Type: Application
    Filed: December 31, 2020
    Publication date: June 30, 2022
    Inventors: Shushan Wen, Linna Mai
  • Patent number: 11330074
    Abstract: A packet parser generates a key from TCP metadata of a data packet for a specific session. A packet cache stores recent network policy identifiers associated with a plurality of network sessions, wherein the key is used as an index to search the packet cache. The packet cache responsive to a cache miss, checks a TFO cookie field for a rule ID stored by the client during a previous session as generated by the network processor. If there is no rule ID, a classification pipeline is activated. On the other hand, responsive to a cache hit, or responsive to identifying a rule ID for the session from the TFO cookie, the classification pipeline is bypassed for the data packets of the specific session.
    Type: Grant
    Filed: August 12, 2020
    Date of Patent: May 10, 2022
    Assignee: Fortinet, Inc.
    Inventor: Shushan Wen
  • Publication number: 20220053065
    Abstract: A packet parser generates a key from TCP metadata of a data packet for a specific session. A packet cache stores recent network policy identifiers associated with a plurality of network sessions, wherein the key is used as an index to search the packet cache. The packet cache responsive to a cache miss, checks a TFO cookie field for a rule ID stored by the client during a previous session as generated by the network processor. If there is no rule ID, a classification pipeline is activated. On the other hand, responsive to a cache hit, or responsive to identifying a rule ID for the session from the TFO cookie, the classification pipeline is bypassed for the data packets of the specific session.
    Type: Application
    Filed: August 12, 2020
    Publication date: February 17, 2022
    Inventor: Shushan Wen
  • Patent number: 10984158
    Abstract: Systems and methods for generating design verification test cases using a restricted randomization process are provided. According to one embodiment, a processor of a hardware design verification system receives a set of restrictions and defines a scenario involving the values that is to be excluded from the test case. The processor also receives pre-assigned values for one or more variables. For each variable other than the one or more variables, the processor assigns a first random value to the variable that is within a valid range for the variable. The processor then identifies a conflict between a first pair of variables, and resolves the conflict by assigning a second random value to a first variable or a second variable of the first pair of variables within their respective valid ranges.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: April 20, 2021
    Assignee: Fortinet, Inc.
    Inventors: Shushan Wen, John Cortes
  • Patent number: 10102164
    Abstract: A mapping technique sets coalescing latency values for computing systems that use multiple data queues having a shared base timer. A computing system having at least one receive queue and at least one transmit queue receives user-provided coalescing latency values for the respective queues, and converts these user-provided latencies to coalescing latency hardware register values as well as a base timer register value for the shared base timer. The hardware register values for the coalescing latencies together with the shared base timer register value determine the coalescing latencies for the respective queues. This mapping technique allows a user to conveniently set coalescing latencies for multi-queue processing systems while shielding the user settings from hardware complexity.
    Type: Grant
    Filed: April 9, 2018
    Date of Patent: October 16, 2018
    Assignee: Ampere Computing LLC
    Inventors: Shushan Wen, Keyur Chudgar, Iyappan Subramanian
  • Publication number: 20180225240
    Abstract: A mapping technique sets coalescing latency values for computing systems that use multiple data queues having a shared base timer. A computing system having at least one receive queue and at least one transmit queue receives user-provided coalescing latency values for the respective queues, and converts these user-provided latencies to coalescing latency hardware register values as well as a base timer register value for the shared base timer. The hardware register values for the coalescing latencies together with the shared base timer register value determine the coalescing latencies for the respective queues. This mapping technique allows a user to conveniently set coalescing latencies for multi-queue processing systems while shielding the user settings from hardware complexity.
    Type: Application
    Filed: April 9, 2018
    Publication date: August 9, 2018
    Inventors: Shushan Wen, Keyur Chudgar, Iyappan Subramanian
  • Patent number: 9965419
    Abstract: A mapping technique sets coalescing latency values for computing systems that use multiple data queues having a shared base timer. A computing system having at least one receive queue and at least one transmit queue receives user-provided coalescing latency values for the respective queues, and converts these user-provided latencies to coalescing latency hardware register values as well as a base timer register value for the shared base timer. The hardware register values for the coalescing latencies together with the shared base timer register value determine the coalescing latencies for the respective queues. This mapping technique allows a user to conveniently set coalescing latencies for multi-queue processing systems while shielding the user settings from hardware complexity.
    Type: Grant
    Filed: February 4, 2016
    Date of Patent: May 8, 2018
    Assignee: Ampere Computing LLC
    Inventors: Shushan Wen, Keyur Chudgar, Iyappan Subramanian