Chart comparing Yu’s Claim 1 to ’859 Provisional
`
`Yu Claim Elements
`1. A policy engine comprising:
`
`U.S. Provisional Application No. 60/112,859
`Ex. _ (’859 Provisional), 2:
`“Policy Engine: A Policy Engine is a purpose-built hardware engine
`that takes in two inputs - network traffic and network policies. It
`then outputs regulated traffic flows based upon the specifications of
`the network policies. The Policy Engine preferably runs at wire
`speed.”
`
`Ex. __ (’859 Provisional), 4:
`“At the completion of the policy binding process, an entry for a
`given Stream is created on the policy engine which contains all the
`policy info (Action Specs, etc.).”
`
`Ex. __ (’859 Provisional), 4:
`“A policy engine is designed to address some or all of the above
`performance considerations. It preferably comes equipped with a
`Policy Engine API (PAPI). PAPI design takes into account the
`following considerations:
`1) Time-to-market for application developers – Understanding that
`time-to-market is a major concern for the application vendors, PAPI
`design preferably minimizes the development effort required by the
`application developers in order for the existing applications to take
`advantages of policy engine’s performance.”
`
`Ex. __ (’859 Provisional), 6:
`“Policy Engine
`“The policy engine has a built-in Stream Classifier and multiple of
`special purpose Action Processors. The stream classifier works in
`
`EX 1048 Page 1
`
`
`
`Yu Claim Elements
`1. A policy engine comprising:
`
`U.S. Provisional Application No. 60/112,859
`Ex. _ (’859 Provisional), 2:
`“Policy Engine: A Policy Engine is a purpose-built hardware engine
`that takes in two inputs - network traffic and network policies. It
`then outputs regulated traffic flows based upon the specifications of
`the network policies. The Policy Engine preferably runs at wire
`speed.”
`
`Ex. __ (’859 Provisional), 4:
`“At the completion of the policy binding process, an entry for a
`given Stream is created on the policy engine which contains all the
`policy info (Action Specs, etc.).”
`
`Ex. __ (’859 Provisional), 4:
`“A policy engine is designed to address some or all of the above
`performance considerations. It preferably comes equipped with a
`Policy Engine API (PAPI). PAPI design takes into account the
`following considerations:
`1) Time-to-market for application developers – Understanding that
`time-to-market is a major concern for the application vendors, PAPI
`design preferably minimizes the development effort required by the
`application developers in order for the existing applications to take
`advantages of policy engine’s performance.”
`
`Ex. __ (’859 Provisional), 6:
`“Policy Engine
`“The policy engine has a built-in Stream Classifier and multiple of
`special purpose Action Processors. The stream classifier works in
`
`EX 1048 Page 1
`
`
`
`concert with the application’s flow classifier to accelerate the
`classification process. The action processors are specialized in
`executing specific action specs at the wire speed. Each of the action
`processors can be enabled or disabled on a per stream basis. The
`policy engine uses a data structure called Policy Cache to keep track
`of all the active streams and the action specs associated with the
`streams. The policy cache is created on the fly by the policy engine
`and they are referenced by the stream classifier and the action
`processors for acceleration of action execution. This data structure
`can be managed and controlled by the application through the policy
`engine API.”
`
`Ex. __ (’859 Provisional), 2:
`
`
`Ex. __ (’859 Provisional), 7:
`
`
`
`EX 1048 Page 2
`
`
`
`[1.1] a stream classification module;
`
`
`
`Ex. __ (’859 Provisional), 3:
` “A Stream Spec is the criteria used by the Stream Classifier to
`uniquely identify a stream. In one embodiment, it is the 5-tuple in a
`packet header- source and destination address, source and
`destination port, and protocol type.”
`
`Ex. __ (’859 Provisional), 4:
`“Stream Classifier
`“Stream Classifier is the component that classifies packets into
`Streams based upon the packets’ header info.”
`
`Ex. __ (’859 Provisional), 6:
`“The policy engine has a built-in Stream Classifier and multiple of
`special purpose Action Processors. The stream classifier works in
`concert with the application’s flow classifier to accelerate the
`classification process. The action processors are specialized in
`
`EX 1048 Page 3
`
`
`
`executing specific action specs at the wire speed. Each of the action
`processors can be enabled or disabled on a per stream basis. The
`policy engine uses a data structure called Policy Cache to keep track
`of all the active streams and the action specs associated with the
`streams. The policy cache is created on the fly by the policy engine
`and they are referenced by the stream classifier and the action
`processors for acceleration of action execution. This data structure
`can be managed and controlled by the application through the policy
`engine API.”
`
`Ex. __ (’859 Provisional), 11:
`“The Stream Classification Module, based on the policy cache,
`creates a Packet Service Header for each packet. The Packet Service
`Header indicates what policies need to be enforced, in what order,
`and it is software programmable. The Packet Service Header
`includes a number of pairs of AP ID and AP Pointers.”
`
`Ex. __ (’859 Provisional), 7:
`
`
`
`EX 1048 Page 4
`
`
`
`
`Ex. __ (’859 Provisional), 9:
`
`[1.2] a packet input/output module that places received
`packets in an external packet memory and that notifies the
`stream classification module of the packets in the external
`packet memory;
`
`
`
`Ex. __ (’859 Provisional), 11:
`“The Packet Input/Output Module places the received packets in
`the external packet memory and notifies the Stream Classification
`Module of such packets. Upon completion of all policies
`enforcement, Packet Input/Output Module transmits the packet from
`external packet memory to the network.”
`
`
`EX 1048 Page 5
`
`
`
`Ex. __ (’859 Provisional), 11:
`“Upon completion of all policy enforcement for a particular packet,
`the packet scheduler copies that packet to external packet memory.
`The Packet Input/[O]utput module is then notified and transmits the
`packet to the network.”
`
`Ex. __ (’859 Provisional), 9:
`
`[1.3] wherein the stream classification module creates a
`packet service header for each packet in the external packet
`
`Ex. __ (’859 Provisional), 10:
`
`
`
`EX 1048 Page 6
`
`
`
`memory indicating, based on a policy cache, policies to be
`enforced on that packet;
`
`“Packet Service Header: 12-byte Packet Service Header is stored
`in the On Chip Packet Buffers. One Packet Service Header is
`generated per incoming packet.”
`
`Ex. __ (’859 Provisional), 11:
`“The Stream Classification Module, based on the policy cache,
`creates a Packet Service Header for each packet. The Packet Service
`Header indicates what policies need to be enforced, in what order,
`and it is software programmable. The Packet Service Header
`includes a number of pairs of AP ID and AP Pointers. An AP ID
`uniquely defines an Action Processor, and the AP pointer points to
`the Action Spec required to enforce such policy. An example of an
`action processor is a DES engine which needs a 56-bit or 112-bit
`key to do the encryption or decryption. The policy cache can be
`modified if network requirements changes. In addition to that, the
`order of different policy enforcement can also be programmed to
`achieve different application requirements.”
`
`Ex. __ (’859 Provisional), 11:
`“A Next AP field, together with the AP IDs in the Packet Service
`Header, tells the Policy Enforcement Module where is the next
`destination Action Processor of each cell.”
`
`Ex. __ (’859 Provisional), 4:
`“Policy Cache
`“At the completion of the policy binding process, an entry for a
`given Stream is created on the policy engine which contains all the
`policy info (Action Specs, etc.). The collection of all active entries is
`called Policy Cache.”
`
`Ex. __ (’859 Provisional), 6:
`
`EX 1048 Page 7
`
`
`
`“The policy engine uses a data structure called Policy Cache to keep
`track of all the active streams and the action specs associated with
`the streams. The policy cache is created on the fly by the policy
`engine and they are referenced by the stream classifier and the
`action processors for acceleration of action execution. This data
`structure can be managed and controlled by the application through
`the policy engine API.”
`
`Ex. __ (’859 Provisional), 7:
`“As shown in Fig. 5, in one particular implementation, a stream
`oriented table is implemented as the policy cache to cache the policy
`(action specs) on a per stream basis.”
`
`Ex. __ (’859 Provisional), 8:
`“Upon the completion of policy binding process, the policy engine
`may immediately take control of the bound stream and execute the
`appropriate actions per action specs (e.g., in the policy cache)
`without any intervention from the “host” (policy-based) application.
`The application need not “see” any packets belonging to that stream
`after the binding (unless the stream is actually destined for the
`host.).”
`
`Ex. __ (’859 Provisional), 11:
`“In addition to this, it is capable of reading the required action spec
`based on the AP pointer on the packet Service Header. Each Action
`Processor may also have an input and output FIFO to buffer the
`cells.
`“Each cell is routed to the next Action Processor based on the Packet
`Service Header and Cell Service Header. The cell routing is
`preferably distributed to each Action Processor, instead of being
`centralized to a cell routing unit.
`
`EX 1048 Page 8
`
`
`
`
`Ex. __ (’859 Provisional), 9:
`
`
`Ex. __ (’859 Provisional), 5:
`
`
`
`EX 1048 Page 9
`
`
`
`
`Ex. __ (’859 Provisional), 10:
`
`
`
`[1.4] a policy enforcement module to enforce policies on the
`packets, including a packet scheduler that fragments each
`packet into cells and schedules enforcement of the policies
`on each cell based on the packet service header;
`
`
`
`Ex. __ (’859 Provisional), 11:
`“The Policy Enforcement Module includes a Packet Scheduler, an
`On Chip packet Buffer(s), and several Action Processors. The
`Packet Scheduler copies packets from external packet memory to On
`Chip Packet Buffer. After copying the packets to the Packet Buffer,
`packets are fragmented into 64 bytes cells. An 8-bit Cell Service
`Header is added to the beginning of each 64-byte cell. The Cell
`
`EX 1048 Page 10
`
`
`
`Service Header has a packet Number to uniquely identify a packet in
`the Policy Enforcement Module pipeline and a Start and Stop bit to
`indicate the first and last cell of a packet. A Next AP field, together
`with the AP IDs in the Packet Service Header, tells the Policy
`Enforcement Module where is the next destination Action Processor
`of each cell.
`“It is preferable to have the On Chip Packet Buffer because it allows
`Action Processors very low latency and high bandwidth access to
`the packets as compared with external Packet Memory. In case the
`next Action Processor is busy for a cell, the On Chip Packet Buffer
`serves as temporary storage for that cell. This prevent the blocking
`of following cells which need to go through this particular Action
`Processor. Each Action Processor performs a particular policy
`enforcement. In addition to this, it is capable of reading the required
`action spec based on the AP pointer on the packet Service Header.
`Each Action Processor may also have an input and output FIFO to
`buffer the cells.
`“Each cell is routed to the next Action Processor based on the Packet
`Service Header and Cell Service Header. The cell routing is
`preferably distributed to each Action Processor, instead of being
`centralized to a cell routing unit. This distributed approach allows
`for adding and removing policies much more easily. Upon
`completion of all policy enforcement for a particular packet, the
`packet scheduler copies that packet to external packet memory The
`Packet Input/[O]utput module is then notified and transmits the
`packet to the network.”.”
`
`Ex. __ (’859 Provisional), 11:
`“The Packet Service Header includes a number of pairs of AP ID
`and AP Pointers. An AP ID uniquely defines an Action Processor,
`and the AP pointer points to the Action Spec required to enforce
`such policy. An example of an action processor is a DES engine
`
`EX 1048 Page 11
`
`
`
`which needs a 56-bit or 112-bit key to do the encryption or
`decryption. The policy cache can be modified if network
`requirements changes. In addition to that, the order of different
`policy enforcement can also be programmed to achieve different
`application requirements.”
`
`Ex. __ (’859 Provisional), 3:
`“The found action spec is then passed to a[n] action processor for
`policy enforcement.”
`
`Ex. __ (’859 Provisional), 9:
`
`
`
`EX 1048 Page 12
`
`
`
`
`Ex. __ (’859 Provisional), 6:
`
`[1.5] on-chip packet buffer circuitry to temporarily hold the
`packets during policy enforcement; and
`
`
`
`Ex. __ (’859 Provisional), 11:
`“The Policy Enforcement Module includes a Packet Scheduler, an
`On Chip packet Buffer(s), and several Action Processors. The
`Packet Scheduler copies packets from external packet memory to On
`Chip Packet Buffer. After copying the packets to the Packet Buffer,
`packets are fragmented into 64 bytes cells.”
`
`Ex. __ (’859 Provisional), 11:
`“It is preferable to have the On Chip Packet Buffer because it allows
`Action Processors very low latency and high bandwidth access to
`the packets as compared with external Packet Memory. In case the
`
`EX 1048 Page 13
`
`
`
`next Action Processor is busy for a cell, the On Chip Packet Buffer
`serves as temporary storage for that cell. This prevent the blocking
`of following cells which need to go through this particular Action
`Processor. Each Action Processor performs a particular policy
`enforcement.”
`
`Ex. __ (’859 Provisional), 10:
`“Packet Service Header: 12-byte Packet Service Header is stored
`in the On Chip Packet Buffers. One Packet Service Header is
`generated per incoming packet.”
`
`Ex. __ (’859 Provisional), 10:
`“Pkt #: Relative Packet number to ensure packet ordering. Pkt # is
`given when copied to
`On Chip Packet Buffer., 00>01>10>11>00”
`
`Ex. __ (’859 Provisional), 9:
`
`EX 1048 Page 14
`
`
`
`[1.6] a plurality of action processors, each action processor
`performing a particular policy enforcement on a cell and
`routing the cell to a next one of the action processors.
`
`
`
`Ex. __ (’859 Provisional), 4:
`“Action Processor
`Action Processor is the component that executes the action based
`upon the action spec.”
`
`Ex. __ (’859 Provisional), 6:
`“The policy engine has a built-in Stream Classifier and multiple of
`special purpose Action Processors. The stream classifier works in
`concert with the application’s flow classifier to accelerate the
`classification process. The action processors are specialized in
`executing specific action specs at the wire speed. Each of the action
`
`EX 1048 Page 15
`
`
`
`processors can be enabled or disabled on a per stream basis. The
`policy engine uses a data structure called Policy Cache to keep track
`of all the active streams and the action specs associated with the
`streams. The policy cache is created on the fly by the policy engine
`and they are referenced by the stream classifier and the action
`processors for acceleration of action execution. This data structure
`can be managed and controlled by the application through the policy
`engine API.”
`
`Ex. __ (’859 Provisional), 11:
`“The Packet Service Header indicates what policies need to be
`enforced, in what order, and it is software programmable. The
`Packet Service Header includes a number of pairs of AP ID and AP
`Pointers. An AP ID uniquely defines an Action Processor, and the
`AP pointer points to the Action Spec required to enforce such
`policy. An example of an action processor is a DES engine which
`needs a 56-bit or 112-bit key to do the encryption or decryption. The
`policy cache can be modified if network requirements changes. In
`addition to that, the order of different policy enforcement can also be
`programmed to achieve different application requirements.
`“The Policy Enforcement Module includes a Packet Scheduler, an
`On Chip packet Buffer(s), and several Action Processors. The
`Packet Scheduler copies packets from external packet memory to On
`Chip Packet Buffer. After copying the packets to the Packet Buffer,
`packets are fragmented into 64 bytes cells. An 8-bit Cell Service
`Header is added to the beginning of each 64-byte cell. The Cell
`Service Header has a packet Number to uniquely identify a packet in
`the Policy Enforcement Module pipeline and a Start and Stop bit to
`indicate the first and last cell of a packet. A Next AP field, together
`with the AP IDs in the Packet Service Header, tells the Policy
`Enforcement Module where is the next destination Action Processor
`of each cell.
`
`EX 1048 Page 16
`
`
`
`“It is preferable to have the On Chip Packet Buffer because it allows
`Action Processors very low latency and high bandwidth access to
`the packets as compared with external Packet Memory. In case the
`next Action Processor is busy for a cell, the On Chip Packet Buffer
`serves as temporary storage for that cell. This prevent the blocking
`of following cells which need to go through this particular Action
`Processor. Each Action Processor performs a particular policy
`enforcement. In addition to this, it is capable of reading the required
`action spec based on the AP pointer on the packet Service Header.
`Each Action Processor may also have an input and output FIFO to
`buffer the cells.
`“Each cell is routed to the next Action Processor based on the Packet
`Service Header and Cell Service Header. The cell routing is
`preferably distributed to each Action Processor, instead of being
`centralized to a cell routing unit. This distributed approach allows
`for adding and removing policies much more easily. Upon
`completion of all policy enforcement for a particular packet, the
`packet scheduler copies that packet to external packet memory. The
`Packet Input/[O]utput module is then notified and transmits the
`packet to the network.”
`
`Ex. __ (’859 Provisional), 10:
`“AP x ID: The #x Action Processor ID.
`“AP x Ptr: A pointer to Action Processor’s action spec (e.g. DES
`key) of the #x
`“Cell Service Header: For the purpose of creating deep pipeline to
`maximize the policy engine performance. Packets are fragmented
`into fixed-sized cells. One-byte Cell Service Header is attached to
`each cell and travel along with cells to the Action Processors….
`“Next AP: Next Action Processor to perform on the cell. “0000”
`indicates completion of all action processing.”
`
`EX 1048 Page 17
`
`
`
`
`Ex. __ (’859 Provisional), 2:
`“The application can speed up the overall system performance by
`turning on the appropriate acceleration functions (action processors)
`on the policy engine.”
`
`Ex. __ (’859 Provisional), 3:
`“When a packet arrives, a flow classifier typically classifies the
`packet and finds a action spec according to some predefined
`matching criteria. The found action spec is then passed to a action
`processor for policy enforcement. The process of flow classification
`and action processing may repeat for many iterations as multiple
`policies are activated at the same time as shown in the Fig 2. For
`example, a VPN (virtual private network) application may comprise
`Firewall Policy, IPSEC Policy, IPCOMP (IP compression) policy,
`NAT (Network Address Translation) Policy, QoS (Quantity of
`Service)policy, Monitoring Policy, L2TP/PPTP (L2 Tunnel
`Protocol/Point To Point Tunnel Protocol) Tunnel Policy, and so on.”
`
`Ex. __ (’859 Provisional), 7:
`“The action specs activate the corresponding action processors to
`execute the actions for the specified stream.”
`
`Ex. __ (’859 Provisional), 4:
`“The flow classifiers may also differ per action processor for
`performance optimization.”
`
`Ex. __ (’859 Provisional), 3:
`
`EX 1048 Page 18
`
`
`
`
`Ex. __ (’859 Provisional), 7:
`
`
`
`
`Ex. __ (’859 Provisional), 9:
`
`
`
`EX 1048 Page 19
`
`
`
`Processot A
`
`Pol-1y Enforcement
`Module
`
`Strum Clamification
`Modalc
`
`Packet
`Inpuvmxpnl
`Module
`
`Packet
`Scheduler
`
`0n Chip
`Packet Bunk”
`
`Anion
`
`
`
`
`
`EX 1048 Page 20
`
`EX 1048 Page 20
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
