Claims:1. A method, comprising:
(i) receiving, by a network device, one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more neighboring hosts and one or more connected network devices;
(ii) caching, by said network device, one or more entries from said one or more LLDP frames in a LLDP cache to obtain a set of cached entries;
(iii) receiving, by said network device, an incoming Address Resolution Protocol (ARP) frame;
(iv) extracting, by said network device, one or more entries from said incoming ARP frame to obtain a set of extracted entries;
(v) performing a comparison of said set of extracted entries with at least one of (i) a set of blacklisted entries previously stored in a blacklisted cache, and (ii) said set of cached entries stored in said LLDP cache; and
(vi) determining a spoofing attack based on said comparison.

2. The method of claim 1, wherein said set of cached entries comprises specific information extracted from at least one of a type, length and value present in said one or more LLDP frames.

3. The method of claim 1, wherein performing a comparison comprises determining an inconsistency between said set of extracted entries with said set of cached entries previously stored entry in said LLDP cache.

4. The method of claim 1, wherein determining a spoofing attack based on said comparison comprises at least one of detecting an ARP spoofing and refraining from poisoning of an ARP Cache.

5. The method of claim 1, further comprising periodically updating said LLDP cache upon receipt of one or more LLDP frames and repeating the steps (iii) to (vi).

6. The processor implemented method of claim 3, wherein when said inconsistency is determined, said method comprises
blacklisting, by said network device, said set of extracted entries to obtain a set of blacklisted entries, and discarding said incoming ARP frame; and
storing said set of blacklisted entries in a blacklist cache.

7. A network device, comprising:
a memory storing instructions;
a Link Layer Discovery Protocol (LLDP) cache; and
a hardware processor, wherein said network device configured by said instructions to:
(i) receive one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more neighboring hosts and one or more connected network devices,
(ii) cache one or more entries from said one or more LLDP frames in a LLDP cache to obtain a set of cached entries,
(iii) receive an incoming Address Resolution Protocol (ARP) frame,
(iv) extract one or more entries from said incoming ARP frame to obtain a set of extracted entries,
(v) perform a comparison of said set of extracted entries with at least one of (i) a set of blacklisted entries previously stored in a blacklisted cache and (ii) said set of cached entries stored in said LLDP cache, and
(vi) determine a spoofing attack based on said comparison.

8. The network device of claim 7, wherein said set of cached entries comprises specific information extracted from at least one of a type, length and value present in said one or more LLDP frames.

9. The network device of claim 7, wherein said comparison is perform to determine an inconsistency between said set of extracted entries with said set of cached entries previously stored entry in said LLDP cache.

10. The network device of claim 7, wherein when said spoofing attack is determined, said network device is further configured to detect an ARP spoofing and refrain from poisoning of an ARP Cache.

11. The network device of claim 7, wherein said network device is further configured to periodically update said LLDP cache upon receipt of one or more LLDP frames and repeat (iii) to (vi).

12. The network device of claim 9, wherein when said inconsistency is determined, said network device is further configured to:
blacklist said set of extracted entries to obtain a set of blacklisted entries,
discard said incoming ARP frame, and
store said set of blacklisted entries in a blacklist cache. , Description:
FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION
(See Section 10 and Rule 13)

Title of invention:
SYSTEMS AND METHODS FOR DETERMINING AND PREVENTING ADDRESS RESOLUTION PROTOCOL (ARP) SPOOFING AND ARP CACHE POISONING ATTACKS IN NETWORK DEVICES

Applicant:
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India

The following specification particularly describes the embodiments and the manner in which it is to be performed.
TECHNICAL FIELD
[0001] The embodiments herein generally relate to information security, and, more particularly, to systems and methods for determining and preventing address resolution protocol (ARP) spoofing and ARP cache poisoning attacks in network devices.

BACKGROUND
[0002] Information or data security in communication networks is of utmost importance. Address Resolution Protocol (ARP) spoofing is done by malicious attackers to intercept, modify or stop information in transit. Several attempts have been made to secure the communication networks and as well as information being sent across these networks. However, these attempts fail to be efficient and foolproof. The existing methods to prevent ARP spoofing have the drawbacks of requiring changes to the network stack, having static MAC entries resulting in a non-scalable solution, passive detection technique which has time lag between learning address mappings and subsequent attack detection. For example, existing ARP spoofing detection techniques involve storing incorrect information which allows illegitimate users to gain unauthorized access to sensitive information. This also paves way to other attacks for example, Denial-Of-Service Attack which utilizes ARP Spoofing techniques to associate multiple IP Address with a single MAC address thereby overloading targets with traffic destined for multiple destinations. On the other hand, session hijacking uses ARP Spoofing to steal session identifiers (IDs) thereby allowing unauthorized accesses to private systems and sensitive information. Man-in-the-Middle attacks leverages ARP spoofing technique for intercepting and modifying the information in transit.

SUMMARY
[0003] The following presents a simplified summary of some embodiments of the disclosure in order to provide a basic understanding of the embodiments. This summary is not an extensive overview of the embodiments. It is not intended to identify key/critical elements of the embodiments or to delineate the scope of the embodiments. Its sole purpose is to present some embodiments in a simplified form as a prelude to the more detailed description that is presented below. In view of the foregoing, an embodiment herein provides systems and methods for determining and preventing address resolution protocol (ARP) spoofing and ARP cache poisoning attacks in network devices.
[0004] In one embodiment, a method is provided. The method comprising: (i) receiving, by a network device, one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more neighboring hosts and one or more connected network devices; (ii) caching, by the network device, one or more entries from the one or more LLDP frames in a LLDP cache to obtain a set of cached entries. In an embodiment the set of cached entries comprises specific information extracted from at least one of a type, length and value present in the one or more LLDP frames. The method further comprises (iii) receiving, by the network device, an incoming Address Resolution Protocol (ARP) frame; (iv) extracting, by the network device, one or more entries from the incoming ARP frame to obtain a set of extracted entries; (v) performing a comparison of the set of extracted entries with at least one of (i) a set of blacklisted entries previously stored in a blacklisted cache, and (ii) the set of cached entries stored in the LLDP cache; and (vi) determining a spoofing attack based on the comparison. In an embodiment, the step of performing a comparison comprises determining an inconsistency between the set of extracted entries with the set of cached entries previously stored entry in the LLDP cache. In an embodiment, the step of determining a spoofing attack based on the comparison comprises at least one of detecting an ARP spoofing and refraining from poisoning of an ARP Cache. The method may further comprise periodically updating the LLDP cache upon receipt of one or more LLDP frames and repeating the steps (iii) to (vi).
[0005] In an embodiment, when the inconsistency is determined, the method may comprise blacklisting, by the network device, the set of extracted entries to obtain a set of blacklisted entries, and discarding the incoming ARP frame, and storing the set of blacklisted entries in a blacklist cache.
[0006] In another embodiment, a network device is provided. The network device comprising: a memory storing instructions; a Link Layer Discovery Protocol (LLDP) cache; and a hardware processor, wherein the network device is configured by the instructions to: (i) receive one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more neighboring hosts and one or more connected network devices, (ii) cache one or more entries from the one or more LLDP frames in the LLDP cache to obtain a set of cached entries. In an embodiment, the set of cached entries comprises specific information extracted from at least one of a type, length and value present in the one or more LLDP frames. The network device is further configured by the instructions to (iii) receive an incoming Address Resolution Protocol (ARP) frame, (iv) extract one or more entries from the incoming ARP frame to obtain a set of extracted entries, (v) perform a comparison of the set of extracted entries with at least one of (i) a set of blacklisted entries previously stored in a blacklisted cache and (ii) the set of cached entries stored in the LLDP cache, and (vi) determine a spoofing attack based on the comparison. In an embodiment, the comparison is perform to determine an inconsistency between the set of extracted entries with the set of cached entries previously stored entry in the LLDP cache.
[0007] In an embodiment, when the spoofing attack is determined, the network device is further configured by the instructions to detect an ARP spoofing and refrain from poisoning of an ARP Cache in the network device. In an embodiment, the network device is further configured to periodically update the LLDP cache upon receipt of one or more LLDP frames and repeat (iii) to (vi).
[0008] In an embodiment, when the inconsistency is determined, the network device is further configured to: blacklist the set of extracted entries to obtain a set of blacklisted entries, discard the incoming ARP frame, and store the set of blacklisted entries in a blacklist cache.
[0009] In yet another embodiment, one or more non-transitory machine readable information storage mediums comprising one or more instructions which when executed by one or more network devices causes: (i) receiving one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more neighboring hosts and one or more connected network devices; (ii) caching one or more entries from the one or more LLDP frames in a LLDP cache to obtain a set of cached entries. In an embodiment the set of cached entries comprises specific information extracted from at least one of a type, length and value present in the one or more LLDP frames. The instructions further cause (iii) receiving an incoming Address Resolution Protocol (ARP) frame; (iv) extracting one or more entries from the incoming ARP frame to obtain a set of extracted entries; (v) performing a comparison of the set of extracted entries with at least one of (i) a set of blacklisted entries previously stored in a blacklisted cache, and (ii) the set of cached entries stored in the LLDP cache; and (vi) determining a spoofing attack based on the comparison.
[0010] In an embodiment, the step of performing a comparison comprises determining an inconsistency between the set of extracted entries with the set of cached entries previously stored entry in the LLDP cache. In an embodiment, the step of determining a spoofing attack based on the comparison comprises at least one of detecting an ARP spoofing and refraining from poisoning of an ARP Cache. The method may further comprise periodically updating the LLDP cache upon receipt of one or more LLDP frames and repeating the steps (iii) to (vi).
[0011] In an embodiment, when the inconsistency is determined, the instructions may comprise blacklisting, by the network device, the set of extracted entries to obtain a set of blacklisted entries, and discarding the incoming ARP frame, and storing the set of blacklisted entries in a blacklist cache.
[0012] It should be appreciated by those skilled in the art that any block diagram herein represent conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computing device or processor, whether or not such computing device or processor is explicitly shown.

BRIEF DESCRIPTION OF THE DRAWINGS
[0013] The embodiments herein will be better understood from the following detailed description with reference to the drawings, in which:
[0014] FIG. 1 is a block diagram of a system for determining and preventing spoofing attacks in network devices according to an embodiment of the present disclosure; and
[0015] FIG. 2 is a flow diagram illustrating a method of determining spoofing attacks and preventing ARP spoofing or poisoning of ARP cache in one or more networks using the system of FIG. 1 according to an embodiment of the present disclosure.

DETAILED DESCRIPTION OF EMBODIMENTS
[0016] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0017] The words “comprising,” “having,” “containing,” and “including,” and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items.
[0018] It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise. Although any systems and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present disclosure, the preferred, systems and methods are now described.
[0019] Some embodiments of this disclosure, illustrating all its features, will now be discussed in detail. The disclosed embodiments are merely exemplary of the disclosure, which may be embodied in various forms.
[0020] Before setting forth the detailed explanation, it is noted that all of the discussion below, regardless of the particular implementation being described, is exemplary in nature, rather than limiting.
[0021] Referring now to the drawings, and more particularly to FIGS. 1 through 2, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments and these embodiments are described in the context of the following exemplary system and/or method.
[0022] FIG. 1 is a block diagram of a system 100 for determining and preventing spoofing attacks in network devices according to an embodiment of the present disclosure. The system 100 comprises a memory 102, a hardware processor 104, and an input/output (I/O) interface 106. Although the exemplary block diagram and the associated description refers to a memory and a hardware processor, it may be understood that one or more memory units and one or more hardware processors may be comprised in the system 100. The memory 102 further includes one or more functional modules 108. The memory 102, the hardware processor 104, the input/output (I/O) interface 106, and/or the modules 108 may be coupled by a system bus or a similar mechanism.
[0023] The memory 102, may store instructions, any number of pieces of information, and data, used by a computer system, for example the system 100 to implement the functions of the system 100. The memory 102 may include for example, volatile memory and/or non-volatile memory. Examples of volatile memory may include, but are not limited to volatile random access memory (RAM). The non-volatile memory may additionally or alternatively comprise an electrically erasable programmable read only memory (EEPROM), flash memory, hard drive, or the like. Some examples of the volatile memory includes, but are not limited to, random access memory, dynamic random access memory, static random access memory, and the like. Some example of the non-volatile memory includes, but are not limited to, hard disks, magnetic tapes, optical disks, programmable read only memory, erasable programmable read only memory, electrically erasable programmable read only memory, flash memory, and the like. The memory 102 may be configured to store information, data, instructions or the like for enabling the system 100 to carry out various functions in accordance with various example embodiments.
[0024] Additionally or alternatively, the memory 102 may be configured to store instructions which when executed by the hardware processor 104 causes the system 100 to behave in a manner as described in various embodiments. The memory 102 stores the functional modules and information, for example, information (e.g., cached entries or information present in LLDP frames, and extracted entries from an ARP frame) received through the one or more networks (not shown in FIG. 1).
[0025] The hardware processor 104 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Further, the hardware processor 104 may comprise a multi-core architecture. Among other capabilities, the hardware processor 104 is configured to fetch and execute computer-readable instructions or modules stored in the memory 102. The hardware processor 104 may include circuitry implementing, among others, audio and logic functions associated with the communication. For example, the hardware processor 104 may include, but are not limited to, one or more digital signal processors (DSPs), one or more microprocessor, one or more special-purpose computer chips, one or more field-programmable gate arrays (FPGAs), one or more application-specific integrated circuits (ASICs), one or more computer(s), various analog to digital converters, digital to analog converters, and/or other support circuits.
[0026] The hardware processor 104 thus may also include the functionality to encode messages and/or data or information. The hardware processor 104 may include, among others a clock, an arithmetic logic unit (ALU) and logic gates configured to support operation of the hardware processor 104. Further, the hardware processor 104 may include functionality to execute one or more software programs, which may be stored in the memory 102 or otherwise accessible to the hardware processor 104.
[0027] FIG. 2, with reference to FIG. 1, is a flow diagram illustrating a method of determining spoofing attacks and preventing ARP spoofing or poisoning of ARP cache in one or more networks using the system 100 according to an embodiment of the present disclosure. The steps of the method of the present disclosure will now be explained with reference to the components of the system 100 as depicted in FIG. 1. The system 100 is configured by the instructions stored in the memory 102. The system 100 when configured by the instructions determines spoofing attacks and prevents poisoning of ARP cache as described hereinafter. In an embodiment, the system 100 is a network device. At step 202, the system 100 (e.g., a network device) receives one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more neighboring hosts and one or more connected network devices. In an embodiment, the system 100 receives one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more neighboring hosts. In another embodiment, the system 100 receives one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more connected network devices. The system 100 or the network device may be interchangeably user herein. In an embodiment, the one or more neighboring hosts and the one or more connected network devices comprise, but are not limited to, a computer system, a switch, a router, and the like. The one or more networks may comprise, but are not limited to, enterprise networks, data centers, communication networks, and the like. At step 204, the network device 100 caches one or more entries from the one or more LLDP frames in a LLDP cache to obtain a set of cached entries. More specifically, information present in the LLDP TLVs are cached. In an embodiment, the set of cached entries may comprise specific information extracted from at least one of a type, length and value present in the one or more LLDP frames. Below are illustrative examples of entries that are cached periodically and (e.g., information present in the one or more LLDP frames being cached) stored in a LLDP cache:
MAC ADDRESS IP ADDRESS
01: 01: 01: 01: 01: 01 1.1.1.1
Incoming IP Address and MAC address contents
02: 02: 02: 02: 02: 02 2.2.2.2
Compared IP address and MAC Contents
01: 01: 01: 01: 01: 01 1.1.1.1
MAC Address IP Address
01: 01: 01: 01: 01: 01 1.1.1.1
02: 02: 02: 02: 02: 02 2.2.2.2
Incoming IP Address and MAC address contents
03: 03: 03: 03: 03: 03: 3.3.3.3
Compared IP Address and MAC Address Contents
01: 01: 01: 01: 01: 01 1.1.1.1
02: 02: 02: 02: 02: 02 2.2.2.2
MAC Address IP Address
01: 01: 01: 01: 01: 01 1.1.1.1
02: 02: 02: 02: 02: 02 2.2.2.2
03: 03: 03: 03: 03: 03: 3.3.3.3

[0028] At step 206, the network device 100 receives an incoming Address Resolution Protocol (ARP) frame. The network device 100 is configured to receive more than one LLDP frames and ARP frames. At step 208, the network device 100 extracts one or more entries from the incoming ARP frame to obtain a set of extracted entries. At step 210, the network device 100 performs a comparison of the set of extracted entries with at least one of (i) a set of blacklisted entries previously stored in a blacklisted cache, and (ii) the set of cached entries stored in the LLDP cache. In an embodiment, the network device 100 first performs the comparison of the set of extracted entries with the set of blacklisted entries previously stored in the blacklisted cache. If the set of extracted entries are found to be blacklisted, then the set of extracted entries from the incoming ARP frame are blacklisted and the incoming ARP frame is discarded. Since the comparison between the set of extracted entries with the set of blacklisted entries had resulted in blacklisting of the set of extracted entries, the network device 100 may not necessarily perform a comparison of the set of extracted entries with the set of cached entries stored in the LLDP cache. In an embodiment, the information present in the incoming gratuitous ARP request is compared with the cached entries in LLDP frame stored in the LLDP cache built earlier. If there is an inconsistency then the entry is blacklisted and added to the blacklist cache. Subsequent unsolicited ARP replies and the gratuitous ARP requests will be checked with this blacklist cache. In an embodiment, the network device 100 performs the comparison by determining an inconsistency between the set of extracted entries with the set of cached entries previously stored entry in the LLDP cache. At step 212, the network device 100 determines a spoofing attack based on the comparison. In an embodiment, the step of determining a spoofing attack based on the comparison comprises at least one of detecting an ARP spoofing and refraining from poisoning of an ARP Cache. The network device 100 periodically updates the LLDP cache upon receipt of one or more LLDP frames and repeating the steps 206 till 212. These LLDP frames are also referred as LLDP data units LLDPU that are sent periodically by the network devices from each of their interfaces. Each LLDPDU contains a sequence of type-length value (TLV) structures. These TLVs contain various information for example, but are not limited to, Chassis identifier, Port identifier, and the like, which can be used for spoofing detection, and preventing cache poisoning thereof. In an embodiment when an inconsistency is determined the network device 100 blacklists the set of extracted entries to obtain a set of blacklisted entries, discards the incoming ARP frame, and stores the set of blacklisted entries in a blacklist cache.
[0029] Below are illustrative examples depicting comparison of entries that are cached periodically and (e.g., information present in the one or more LLDP frames being cached) stored in a LLDP cache with one or more extracted entries (or extracted information from incoming ARP frames):
Incoming IP Address and MAC Address contents
11:22:33:44:55:66 10.20.30.40
Compared IP Address and MAC Address contents
01: 01: 01: 01: 01: 01 1.1.1.1
02: 02: 02: 02: 02: 02 2.2.2.2
03: 03: 03: 03: 03: 03 3.3.3.3
10:10:10:10:10:10 10.10.10.10
11:22:33:44:55:66 10.20.30.40
11:22:33:44:55:66 | 11:22:33:44:55:66
ARP entry present in ARP Cache
Frame is an ARP frame
Incoming IP Address and MAC address contents
00:11:22:33:44:55 10.20.30.40
Compared IP Address and MAC Address contents
MAC Address IP Address
01: 01: 01: 01: 01: 01 1.1.1.1
02: 02: 02: 02: 02: 02 2.2.2.2
03: 03: 03: 03: 03: 03 3.3.3.3
10:10:10:10:10:10 10.10.10.10
11:22:33:44:55:66 10.20.30.40
00:11:22:33:44:55:66 | 11:22:33:44:55:66
Blacklist entry will be rejected.
Frame is an ARP frame.

[0030] Conventional systems and methods perform detection using a passive approach, and monitor the ARP traffic to determine for inconsistencies in the IP Address to Ethernet address mapping. The main drawback of this passive approach is the time lag between learning and detecting spoofing. This sometimes leads to the attack being discovered long after it has been orchestrated. The embodiments of the present disclosure enable the system 100 mitigate ARP Spoofing and ARP Cache poisoning using LLDP (Link Layer Discovery protocol) for detection and prevention of both ARP Spoofing and ARP Cache poisoning. The system 100 receives LLDP frames that are exchanged between the neighboring hosts and network devices, which are further cached in a LLDP cache, thus enabling the system 100 to store information intact with the latest configuration changes. LLDP information is sent in Ethernet frames by the network devices at periodic intervals as TLV (type-length value) structures in the LLDPDU (LLDP Data Unit). The system 100 parses the incoming frames only if they are ARP or LLDP frames. If an entry is already present for this IP Address in the LLDP Cache, and if there is an inconsistency between the entries in the LLDP cache and the information extracted from the incoming ARP frame, end users are alerted with a message that an ARP spoofing attack was detected and prevented which were underway.
[0031] The embodiments of the present disclosure enable the system 100 to be implemented with no additional software, configuration changes, to be built on existing protocols with no sophisticated detection tools required for detecting and preventing ARP Spoofing, thus making it cost effective. The system 100 further filters spoofed attacks at the data plane thereby significantly increasing performance of the system 100. The embodiments of the present disclosure ensures that there is no intervention of the control plane as seen in existing ARP spoofing detection and prevention techniques. The embodiments of the present disclosure use LLDP which is a vendor neutral link layer protocol in the IP (Internet protocol) suite, which makes the system 100 interoperable. This protocol is used by network devices to advertise their identity, capabilities and neighbors in networks for example, but is not limited to, a Local Area Network (e.g., enterprise LAN), large campus networks, and the like. Further, the embodiments of the present disclosure enable the system 100 to check subsequent unsolicited ARP replies and gratuitous ARP requests with a blacklisted cache (stored in the system 100) to prevent spoofing attacks. The proposed system 100 and method performed by the system 100 are proven as feasible for preventing unicast flooding and ARP broadcast storms that consume a significant portion of network bandwidth and lead to network congestion.
[0032] The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the subject matter embodiments is defined by the claims and may include other modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
[0033] It is, however to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein; such computer-readable storage means contain program-code means for implementation of one or more steps of the method, when the program runs on a server or mobile device or any suitable programmable device. The hardware device can be any kind of device which can be programmed including e.g. any kind of computer like a server or a personal computer, or the like, or any combination thereof. The device may also include means which could be e.g. hardware means like e.g. an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a combination of hardware and software means, e.g. an ASIC and an FPGA, or at least one microprocessor and at least one memory with software modules located therein. Thus, the means can include both hardware means and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means. Alternatively, the embodiments may be implemented on different hardware devices, e.g. using a plurality of CPUs.
[0034] The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various modules described herein may be implemented in other modules or combinations of other modules. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[0035] The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W), BLU-RAY, and DVD.
[0036] A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
[0037] Input/output (I/O) devices (including but not limited to keyboards, displays, pointing devices, etc.) can be coupled to the system either directly or through intervening I/O controllers. Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.
[0038] A representative hardware environment for practicing the embodiments may include a hardware configuration of an information handling/computer system in accordance with the embodiments herein. The system herein comprises at least one processor or central processing unit (CPU). The CPUs are interconnected via system bus to various devices such as a random access memory (RAM), read-only memory (ROM), and an input/output (I/O) adapter. The I/O adapter can connect to peripheral devices, such as disk units and tape drives, or other program storage devices that are readable by the system. The system can read the inventive instructions on the program storage devices and follow these instructions to execute the methodology of the embodiments herein.
[0039] The system further includes a user interface adapter that connects a keyboard, mouse, speaker, microphone, and/or other user interface devices such as a touch screen device (not shown) to the bus to gather user input. Additionally, a communication adapter connects the bus to a data processing network, and a display adapter connects the bus to a display device which may be embodied as an output device such as a monitor, printer, or transmitter, for example.
[0040] The preceding description has been presented with reference to various embodiments. Persons having ordinary skill in the art and technology to which this application pertains will appreciate that alterations and changes in the described structures and methods of operation can be practiced without meaningfully departing from the principle, spirit and scope.