Data encryption interface for reducing encrypt latency impact on standard traffic

US 20060047975A1
Filed: 09/02/2004
Published: 03/02/2006
Est. Priority Date: 09/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method of reducing the impact of latency associated with encrypting secure data on storing non-secure data in memory, comprising:

receiving first data to be stored in memory;

if the first data is secure, routing the first data to an encryption engine for encryption prior to storing the first data in memory; and

if the first data is not secure, routing the first data to memory bypassing the encryption engine, regardless of whether the encryption engine is encrypting data received prior to the first data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus that may be utilized in systems to reduce the impact of latency associated with encrypting data on non-encrypted data are provided. Secure and non-secure data may be routed independently. Thus, non-secure data may be forwarded on (e.g., to targeted write buffers), without waiting for previously sent secure data to be encrypted. As a result, non-secure data may be made available for subsequent processing much earlier than in conventional systems utilizing a common data path for both secure and non-secure data.

31 Citations

View as Search Results

20 Claims

1. A method of reducing the impact of latency associated with encrypting secure data on storing non-secure data in memory, comprising:
- receiving first data to be stored in memory;
  
  if the first data is secure, routing the first data to an encryption engine for encryption prior to storing the first data in memory; and
  
  if the first data is not secure, routing the first data to memory bypassing the encryption engine, regardless of whether the encryption engine is encrypting data received prior to the first data.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the first data is secure and the method further comprises:
    - receiving second data to be stored after receiving the first data;
      
      determining the second data is non-secure;
      
      routing the second data to memory; and
      
      subsequently receiving the first data back from the encryption engine in an encrypted form.
  - 3. The method of claim 2, wherein the first data is secure and the method further comprises:
    - receiving third data to be stored after receiving the second data;
      
      determining the third data is non-secure; and
      
      routing the third data to memory prior to receiving the first data back from the encryption engine in an encrypted format.
  - 4. The method of claim 1, further comprising determining if the first data is secure if a first store address corresponding to the first data is in a predetermined address range reserved for secure data.

5. A method of reducing the impact of latency associated with encrypting secure data on storing non-secure data in memory, comprising:
- receiving secure data contained in a first one or more instructions to be stored in memory;
  
  routing the secure data to an encryption engine for encryption;
  
  subsequent to receiving the secure data, receiving non-secure data contained in a second one or more instructions to be stored in memory; and
  
  prior to receiving the secure data back from the encryption engine in encrypted form, routing the non-secure data to memory, bypassing the encryption engine.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5, wherein routing the non-secure data to memory comprises routing the non-secure data to a write buffer.
  - 7. The method of claim 6, further comprising:
    - receiving the secure data back from the encryption engine in encrypted form; and
      
      routing the secure data, in encrypted form, to the write buffer.
  - 8. The method of claim 7, further comprising:
    - determining if the write buffer is available to receive the secure data; and
      
      if not, routing the secure data, in encrypted form, to a hold buffer prior to routing the secure data, in encrypted form, to the write buffer.
  - 9. The method of claim 8, further comprising:
    - determining if the write buffer is available to receive the non-secure data; and
      
      if not, routing the non-secure data to the hold buffer prior to routing the non-secure data to memory.

10. A system for decrypting packets of encrypted data, comprising:
- a buffer device;
  
  an encryption engine;
  
  a first data path through the encryption engine for secure data to be encrypted prior to storage in memory;
  
  a second data path around the encryption engine for non-secure data to be stored in memory unencrypted; and
  
  data flow control circuitry configured to receive first data to be stored in memory, route the first data to the first data path if the first data is secure, and route the first data to the second data path if the first data is not secure.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein:
    - the first data is secure data; and
      
      the data flow control circuitry is configured to route non-secure second data, received subsequent to the first data, to the second data path prior to the first data exiting the encryption engine, in encrypted form.
  - 12. The system of claim 10, wherein the first and second data paths merge at one or more write buffers.
  - 13. The system of claim 12, further comprising a hold buffer for selectively receiving data from the encryption engine prior to the one or more write buffers.
  - 14. The system of claim 13, wherein the data flow control circuitry further comprises one or more multiplexors for selectively routing data from the hold buffer to the one or more write buffers.
  - 15. The system of claim 13, wherein the first and second data paths each have a branch to the hold buffer.

16. A system on a chip (SOC), comprising:
- one or more processor cores;
  
  an encryption engine;
  
  one or more write buffers; and
  
  data flow control circuitry configured to route secure data involved in a first store instruction to the one or more write buffers through a first data path through the encryption engine, and to route non-secure data involved in a second store instruction issued subsequent to the first store instruction to the one or more write buffers through a second data path bypassing the encryption engine, wherein the non-secure data arrives at the one or more write buffers prior to the secure data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The SOC of claim 16, wherein the data flow control circuitry is configured to determine data contained in a store instruction is secure based on an address contained in the store instruction.
  - 18. The SOC of claim 16, further comprising a hold buffer for receiving secure data, in encrypted form, from the encryption engine.
  - 19. The SOC of claim 18, wherein the data flow control circuitry comprises one or more multiplexors to selectively route secure data, in encrypted form, from the encryption engine to the one or more write buffers or the hold buffer, based on availability of the one or more write buffers.
  - 20. The SOC of claim 18, wherein the data flow control circuitry comprises one or more multiplexors to selectively route non-secure data to the hold buffer, based on availability of the one or more write buffers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kuesel, Jamie R., Beukema, Bruce L., Shearer, Robert A.

Granted Patent

US 7,496,753 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/72 in cryptographic circuits

H04L 9/00 Cryptographic mechanisms or...

Data encryption interface for reducing encrypt latency impact on standard traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data encryption interface for reducing encrypt latency impact on standard traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links