Data transfer efficiency in a cryptography accelerator system

US 20030226018A1
Filed: 05/31/2002
Published: 12/04/2003
Est. Priority Date: 05/31/2002
Status: Active Grant

First Claim

Patent Images

1. A method for transferring data in a cryptography accelerator system, the method comprising:

reading an input message at a cryptography accelerator from a host coupled to the cryptography accelerator and a network device, the input message comprising data and application descriptor information, wherein the cryptography accelerator, the network device, and the host are operable to access a shared system memory;

performing cryptographic operations on the data to derive processed data;

separating the processed data into a plurality of segments;

writing the plurality of segments into a buffer pool associated with the network device, wherein the cryptography accelerator uses the application descriptor information to determine where to write each of the plurality of segments in the buffer pool associated with the network device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are provided for performing authentication and decryption operations in a cryptography accelerator system. Input data passed to a cryptography accelerator from a host such a CPU includes information for a cryptography accelerator to determine where to write the processed data. In one example, processed data is formatted as packet payloads in a network buffer. Checksum information is precalculated and an offset for a header is maintained.

119 Citations

39 Claims

1. A method for transferring data in a cryptography accelerator system, the method comprising:
- reading an input message at a cryptography accelerator from a host coupled to the cryptography accelerator and a network device, the input message comprising data and application descriptor information, wherein the cryptography accelerator, the network device, and the host are operable to access a shared system memory;
  
  performing cryptographic operations on the data to derive processed data;
  
  separating the processed data into a plurality of segments;
  
  writing the plurality of segments into a buffer pool associated with the network device, wherein the cryptography accelerator uses the application descriptor information to determine where to write each of the plurality of segments in the buffer pool associated with the network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the network device is a network card.
  - 3. The method of claim 2, wherein application descriptor information comprises output buffer location information and output buffer offset information.
  - 4. The method of claim 3, wherein application descriptor information comprises output buffer location information and output buffer offset information for the plurality of segments.
  - 5. The method of claim 4, wherein writing the plurality of segments into the buffer pool comprises leaving space before each of the plurality of segments for a plurality of headers.
  - 6. The method of claim 5, wherein writing the plurality of segments into the buffer pool comprises precalculating checksum information so that a host does not need to generate the checksum information.
  - 7. The method of claim 6, wherein the checksum information is partial checksum information used by the host to generate a TCP/IP checksum.
  - 8. The method of claim 2, wherein the plurality of segments correspond to a plurality of payloads in a plurality of network packets.
  - 9. The method of claim 8, wherein the host adds header information to each of the network packets.
  - 10. The method of claim 9, wherein the host is a CPU.
  - 11. The method of claim 10, wherein the plurality of packets are transmitted without the host having to reread the payload.
  - 12. The method of claim 11, wherein the buffer pool is a network buffer.
  - 13. The method of claim 11, wherein the buffer pool is page memory.
  - 14. The method of claim 11, wherein the buffer pool is DMA memory.
  - 15. The method of claim 11, wherein the buffer pool is kernel memory.

16. A system for performing cryptographic operations in a network, the system comprising:
- a system memory including a plurality of buffer pools;
  
  a host coupled to system memory, the host configured to provide data for cryptography processing;
  
  a network device operable to transmit a packet including cryptographically processed data onto the network;
  
  a cryptography accelerator configured to perform cryptography processing to provide processed data, wherein the processed data is written into a buffer pool associated with a network device;
  
  wherein the packet comprises a payload substantially written by the cryptography accelerator and header substantially written by the host.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system of claim 16, wherein the host is a CPU.
  - 18. The system of claim 17, wherein the network device transmits a plurality of packets including cryptographically processed data.
  - 19. The system of claim 18, wherein the network device is a network card.
  - 20. The system of claim 19, wherein the buffer pool associated with the network device is a network buffer.
  - 21. The system of claim 16, wherein the cryptography accelerator is further configured to calculate checksum information.
  - 22. The system of claim 21, wherein the cryptography accelerator is further configured to separate the processed data into a plurality of segments.
  - 23. The system of claim 22, wherein the plurality of segments are written as the payloads of a plurality of packets.

24. A cryptography accelerator configured to receive data from a central processing unit over a system bus, the data including information for determining a plurality of memory locations associated with a network device buffer pool;
- wherein the cryptography accelerator is operable to perform cryptographic processing to derive processed data and is further operable to write segments of the processed data to the plurality of memory locations.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The cryptography accelerator of claim 24, wherein the segments correspond substantially to the payloads of a plurality of TCP/IP packets.
  - 26. The cryptography accelerator of claim 25, wherein the central processing unit writes the headers of the plurality of TCP/IP packets.
  - 27. The cryptography accelerator of claim 26, wherein the network device is a network card.
  - 28. The cryptography accelerator of claim 27, wherein the buffer pool associated with the network device is a network buffer.
  - 29. The cryptography accelerator of claim 24, wherein the cryptography accelerator is further configured to calculate checksum information.
  - 30. The cryptography accelerator of claim 24, wherein the cryptography accelerator is further configured to separate the processed data into a plurality of segments.
  - 31. The cryptography accelerator of claim 24, wherein the information for determining the plurality of memory locations comprises addresses and offsets.

32. An apparatus for transferring data in a cryptography accelerator system, the method comprising:
- means for reading an input message at a cryptography accelerator from a host coupled to the cryptography accelerator and a network device, the input message comprising data and application descriptor information, wherein the cryptography accelerator, the network device, and the host are operable to access a shared system memory;
  
  means for performing cryptographic operations on the data to derive processed data;
  
  means for separating the processed data into a plurality of segments;
  
  means for writing the plurality of segments into a buffer pool associated with the network device, wherein the cryptography accelerator uses the application descriptor information to determine where to write each of the plurality of segments in the buffer pool associated with the network device.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
- - 33. The apparatus of claim 32, wherein the network device is a network card.
  - 34. The apparatus of claim 33, wherein application descriptor information comprises output buffer location information and output buffer offset information.
  - 35. The apparatus of claim 34, wherein application descriptor information comprises output buffer location information and output buffer offset information for the plurality of segments.
  - 36. The apparatus of claim 35, wherein writing the plurality of segments into the buffer pool comprises leaving space before each of the plurality of segments for a plurality of headers.
  - 37. The apparatus of claim 36, wherein writing the plurality of segments into the buffer pool comprises precalculating checksum information so that a host does not need to generate the checksum information.
  - 38. The apparatus of claim 37, wherein the checksum information is partial checksum information used by the host to generate a TCP/IP checksum.
  - 39. The apparatus of claim 33, wherein the plurality of segments correspond to a plurality of payloads in a plurality of network packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark, Tardo, Joseph

Granted Patent

US 7,941,662 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/72   in cryptographic circuits

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

Data transfer efficiency in a cryptography accelerator system

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

119 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Data transfer efficiency in a cryptography accelerator system

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links