IP Verse

Server Systems And Methods For Decrypting Data Packets With Computation Modules Insertable Into Servers That Operate Independent Of Server Processors

Patent No. US11080209 (titled "Server Systems And Methods For Decrypting Data Packets With Computation Modules Insertable Into Servers That Operate Independent Of Server Processors") was filed by Xockets Inc on Dec 30, 2016.

What is this patent about?

’209 is related to the field of server systems, specifically addressing the problem of computationally intensive packet handling and security tasks in data centers. Traditional server architectures struggle to efficiently manage high-volume network traffic, especially when dealing with encryption/decryption and intrusion detection, leading to high power consumption and performance bottlenecks. The patent aims to alleviate these issues by offloading these tasks from the main server processor to specialized hardware.

The underlying idea behind ’209 is to introduce a removable computation module , such as a XIMM, that plugs into a standard memory socket (e.g., DIMM) of a server. This module contains dedicated processing circuits, including programmable logic devices (e.g., FPGAs), to handle tasks like header detection, packet classification, virtual switching, and decryption. By performing these operations independently of the server's main processor, the system can achieve lower latency, reduced power consumption, and improved security.

The claims of ’209 focus on a server system comprising multiple interconnected servers, each equipped with a server processor and at least one computation module. The computation module is connected to the server processor via a bus and includes first processing circuits for header detection and packet classification , along with decryption circuits implemented on programmable logic devices . Crucially, the computation module performs these functions independently of the server processor.

In practice, the computation module intercepts network packets, analyzes their headers to identify the session they belong to, and then decrypts the packet payload using the dedicated decryption circuits. The virtual switch functionality allows the module to route packets to different processing elements within the module itself, enabling complex packet processing pipelines. This offloading approach frees up the server's main processor to focus on other tasks, improving overall system performance and efficiency.

This design differentiates itself from prior solutions that rely on the server's main processor for all packet processing tasks. By using a dedicated hardware module with specialized circuits , the system avoids the overhead associated with context switching and the security risks of running encryption/decryption modules on general-purpose processors. The use of programmable logic devices like FPGAs allows for flexible customization and optimization of the decryption algorithms, adapting to evolving security threats and network protocols.

How does this patent fit in bigger picture?

Technical landscape at the time

In the early 2010s when ’209 was filed, packet handling and security applications often demanded significant computational resources in server and cloud-based data systems, at a time when x86 processors were commonly used. However, hardware or software constraints made high-volume packet analysis and encryption/decryption on x86 processors non-trivial due to power consumption, context switching overhead, limited parallelism, and security concerns.

Novelty and Inventive Step

The examiner allowed the claims because the prior art, including Baxter et al., Abe et al., Aybay et al., and Hui et al., did not explicitly disclose a system or method that includes first processing circuits on computation modules executing header detection and classifying packets by session identifier, decryption circuits implemented on programmable logic devices on the computation modules decrypting received packets, and the computation modules executing header detection, classifying of packets, and decryption of packets independent of the server processor.

Claims

There are 20 claims in total. Claims 1, 11, and 18 are independent. The independent claims are generally directed to a server system and a method involving computation modules with processing and decryption circuits that operate independently of the server processor. The dependent claims generally add detail to the elements and features recited in the independent claims.

Key Claim Terms New

Definitions of key terms used in the patent claims.

Term (Source)Support for SpecificationInterpretation
Computation module
(Claim 1, Claim 11, Claim 18)		“Packet handling and security applications for enterprise server or cloud based data systems can be efficiently implemented on offload processing modules connected to a memory bus, for example, by insertion into a socket for a Dual In-line Memory Module (DIMM). Such modules can be referred to as Xocket™ In-line Memory Modules (XIMMs), and can have multiple “wimpy” cores associated with a memory channel. Using one or more XIMMs it is possible to execute lightweight packet handling tasks without intervention from a main server processor.”A module connected to the server processor by at least one bus, including processing circuits and decryption circuits, that performs packet processing operations independently of the server processor.
Decryption circuits
(Claim 1, Claim 11, Claim 18)		“As will be discussed, XIMM modules can have high efficiency context switching, high parallelism, and can solve security problems associated with running encryption/decryption modules on x86 processors.”Circuits implemented on programmable logic devices that decrypt received packets.
Header detection
(Claim 1, Claim 11, Claim 18)		“Using one or more XIMMs it is possible to execute lightweight packet handling tasks without intervention from a main server processor. As will be discussed, XIMM modules can have high efficiency context switching, high parallelism, and can solve security problems associated with running encryption/decryption modules on x86 processors.”The process of examining packet headers, performed by first processing circuits on the computation module, to identify and classify packets.
Programmable logic devices
(Claim 1, Claim 11, Claim 18)		“Packet handling and security applications for enterprise server or cloud based data systems can be efficiently implemented on offload processing modules connected to a memory bus, for example, by insertion into a socket for a Dual In-line Memory Module (DIMM).”A type of integrated circuit that can be programmed to perform specific logic functions, used to implement the decryption circuits.
Session identifier
(Claim 1, Claim 11, Claim 18)		“Packet handling and security applications for enterprise server or cloud based data systems can be efficiently implemented on offload processing modules connected to a memory bus, for example, by insertion into a socket for a Dual In-line Memory Module (DIMM). Such modules can be referred to as Xocket™ In-line Memory Modules (XIMMs), and can have multiple “wimpy” cores associated with a memory channel.”A value used to classify received packets.

Patent Family

Patent Family

File Wrapper

The dossier documents provide a comprehensive record of the patent's prosecution history - including filings, correspondence, and decisions made by patent offices - and are crucial for understanding the patent's legal journey and any challenges it may have faced during examination.

  • Date

    Description

  • Get instant alerts for new documents

US11080209

XOCKETS INC
Application Number
US15396334
Filing Date
Dec 30, 2016
Status
Granted
Expiry Date
Oct 16, 2033
External Links
Slate, USPTO, Google Patents