System and method for encrypting data using a plurality of processors

US 20050071651A1
Filed: 09/25/2003
Published: 03/31/2005
Est. Priority Date: 09/25/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for processing encryption requests, said method comprising:

sending, in a computer system having a plurality of processors that share a common memory wherein at least two of the processors are dislike, an encryption request from a first processor to a second processor;

receiving, at the second processor, the encryption request;

reading data from the common memory into a local memory corresponding to the second processor, wherein the reading is performed by the second processor and wherein the second processor'"'"'s local memory is not shared with the first processor;

executing, at the second processor, an encryption process corresponding to the request, the encryption process adapted to transform the data; and

writing the transformed data from the second processor to the common memory.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided to dedicate one or more processors in a multiprocessing system to performing encryption functions. When the system initializes, one of the synergistic processing unit (SPU) processors is configured to run in a secure mode wherein the local memory included with the dedicated SPU is not shared with the other processors. One or more encryption keys are stored in the local memory during initialization. During initialization, the SPUs receive nonvolatile data, such as the encryption keys, from nonvolatile register space. This information is made available to the SPU during initialization before the SPUs local storage might be mapped to a common memory map. In one embodiment, the mapping is performed by another processing unit (PU) that maps the shared SPUs'"'"' local storage to a common memory map.

98 Citations

View as Search Results

30 Claims

1. A computer-implemented method for processing encryption requests, said method comprising:
- sending, in a computer system having a plurality of processors that share a common memory wherein at least two of the processors are dislike, an encryption request from a first processor to a second processor;
  
  receiving, at the second processor, the encryption request;
  
  reading data from the common memory into a local memory corresponding to the second processor, wherein the reading is performed by the second processor and wherein the second processor'"'"'s local memory is not shared with the first processor;
  
  executing, at the second processor, an encryption process corresponding to the request, the encryption process adapted to transform the data; and
  
  writing the transformed data from the second processor to the common memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as described in claim 1 further comprising:
    - reading, at the second processor, one or more special nonvolatile registers, the special registers including one or more encryption keys; and
      
      using one or more of the encryption keys in the encryption process.
  - 3. The method as described in claim 1 wherein the sending further comprises writing the request to a mailbox that corresponds to the second processor and the receiving further comprises checking the second processor'"'"'s mailbox from the second processor.
  - 4. The method as described in claim 1 further comprising:
    - identifying an input data area in the common memory from which the data is read and an output buffer area to which the transformed data is written.
  - 5. The method as described in claim 1 further comprising:
    - initializing the second processor prior to receiving the request, the initializing further including;
      
      reading, from the common memory, initialization software code to be executed on the second processor; and
      
      authenticating the initialization software code.
  - 6. The method as described in claim 5 wherein the authenticating is performed by a routine stored in a nonvolatile memory and wherein the executing of the encryption process is only performed if the initialization software code is successfully authenticated.
  - 7. The method as described in claim 6 further comprising:
    - reading, at the second processor, one or more special nonvolatile registers, the special nonvolatile registers including one or more encryption keys, after the initialization software code is successfully authenticated; and
      
      restricting access to the special nonvolatile registers from outside of the second processor.
  - 8. The method as described in claim 1 wherein the reading and writing steps are performed using DMA operations.
  - 9. The method as described in claim 1 further comprising:
    - identifying the encryption process and an encryption algorithm from a plurality of encryption processes and encryption algorithms based upon the encryption request; and
      
      loading encryption software code corresponding to the identified encryption process and the encryption algorithm, the loading performed by reading the encryption software code from the common memory to the second processor'"'"'s local memory.
  - 10. The method as described in claim 1 wherein the encryption process is selected from the group consisting of a decryption function, an encryption function, and an authentication function.

11. An information handling system comprising:
- a plurality of heterogeneous processors;
  
  a common memory shared by the plurality of heterogeneous processors;
  
  a first processor selected from the plurality of processors that sends an encryption request to a second processor, the second processor also being selected from the plurality of processors;
  
  a local memory corresponding to the second processor, wherein the second processor'"'"'s local memory is not shared with other processors included in the plurality of processors; and
  
  an encryption process running in the second processor, the encryption process effective to;
  
  read data associated with the encryption request from the common memory to the second processor'"'"'s local memory;
  
  transform the data based on the encryption request; and
  
  write the transformed data from the second processor'"'"'s local memory to the common memory.
- View Dependent Claims (12, 14, 15, 16, 17, 18, 19, 20)
- - 12. The information handling system as described in claim 11 further comprising software code effective to:
    - read, at the second processor, one or more special nonvolatile registers, the special registers including one or more encryption keys; and
      
      use one or more of the encryption keys in the encryption process.
  - 14. The information handling system as described in claim 11 further comprising software code effective to:
    - identify an input data area in the common memory from which the data is read and an output buffer area to which the transformed data is written.
  - 15. The information handling system as described in claim 11 further comprising software code effective to:
    - initialize the second processor prior to receiving the request, the initializing further including;
      
      read, from the common memory, initialization software code to be executed on the second processor; and
      
      authenticate the initialization software code.
  - 16. The information handling system as described in claim 15 wherein the software code effective to authenticate the initialization software code is performed by a routine stored in a nonvolatile memory, wherein the encryption process is only performed if the initialization software code is successfully authenticated.
  - 17. The information handling system as described in claim 16 further comprising software code effective to:
    - read, at the second processor, one or more special nonvolatile registers, the special nonvolatile registers including one or more encryption keys, after the initialization software code is successfully authenticated; and
      
      restrict access to the special nonvolatile registers from outside of the second processor.
  - 18. The information handling system as described in claim 11 further comprising:
    - a DMA controller associated with each of the plurality of processors, wherein the second processor reads from and writes to the common memory using DMA operations performed by the second processor'"'"'s DMA controller.
  - 19. The information handling system as described in claim 11 further comprising software code effective to:
    - identify the encryption process and an encryption algorithm from a plurality of encryption processes and encryption algorithms based upon the encryption request; and
      
      load encryption software code corresponding to the identified encryption process and the encryption algorithm, the load performed by reading the encryption software code from the common memory to the second processor'"'"'s local memory.
  - 20. The information handling system as described in claim 11 wherein the encryption process is selected from the group consisting of a decryption function, an encryption function, and an authentication function.

13. The information handling system as described in claim wherein the sending of the encryption request further comprises software code effective to:
- write the encryption request to a mailbox that corresponds to the second processor; and
  
  read, from the second processor, the encryption request from second processor'"'"'s mailbox.

21. A computer program product stored on a computer operable media for processing encryption requests, said computer program product comprising:
- means for sending, in a computer system having a plurality of processors that share a common memory wherein at least two of the processors are dislike, an encryption request from a first processor to a second processor;
  
  means for receiving, at the second processor, the encryption request;
  
  means for reading data from the common memory into a local memory corresponding to the second processor, wherein the means for reading is performed by the second processor and wherein the second processor'"'"'s local memory is not shared with the first processor;
  
  means for executing, at the second processor, an encryption process corresponding to the request, the encryption process adapted to transform the data; and
  
  means for writing the transformed data from the second processor to the common memory.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer program product as described in claim 21 further comprising:
    - means for reading, at the second processor, one or more special nonvolatile registers, the special registers including one or more encryption keys; and
      
      means for using one or more of the encryption keys in the encryption process.
  - 23. The computer program product as described in claim 21 wherein the means for sending further comprises means for writing the request to a mailbox that corresponds to the second processor and the means for receiving further comprises means for checking the second processor'"'"'s mailbox from the second processor.
  - 24. The computer program product as described in claim 21 further comprising:
    - means for identifying an input data area in the common memory from which the data is read and an output buffer area to which the transformed data is written.
  - 25. The computer program product as described in claim 21 further comprising:
    - means for initializing the second processor prior to receiving the request, the initializing further including;
      
      means for reading, from the common memory, initialization software code to be executed on the second processor; and
      
      means for authenticating the initialization software code.
  - 26. The computer program product as described in claim 25 wherein the means for authenticating is performed by a routine stored in a nonvolatile memory and wherein the means for executing of the encryption process is only performed if the initialization software code is successfully authenticated.
  - 27. The computer program product as described in claim 26 further comprising:
    - means for reading, at the second processor, one or more special nonvolatile registers, the special nonvolatile registers including one or more encryption keys, the means for reading performed after the initialization software code is successfully authenticated; and
      
      means for restricting access to the special nonvolatile registers from outside of the second processor.
  - 28. The computer program product as described in claim 21 wherein the means for reading and means for writing steps performed using DMA operations.
  - 29. The computer program product as described in claim 21 further comprising:
    - means for identifying the encryption process and an encryption algorithm from a plurality of encryption processes and encryption algorithms based upon the encryption request; and
      
      means for loading encryption software code corresponding to the identified encryption process and the encryption algorithm, the means for loading performed by reading the encryption software code from the common memory to the second processor'"'"'s local memory.
  - 30. The computer program product as described in claim 21 wherein the encryption process is selected from the group consisting of a decryption function, an encryption function, and an authentication function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation, Sony Interactive Entertainment Inc. (Sony Group Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Hofstee, Harm Peter, Day, Michael Norman, Aguilar, Maximino Jr., Craft, David

Granted Patent

US 7,475,257 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6236   between heterogeneous systems

H04L 2209/125   Parallelization or pipelini...

H04L 9/0894   Escrow, recovery or storing...

System and method for encrypting data using a plurality of processors

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

System and method for encrypting data using a plurality of processors

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others