LOW-LATENCY DATA DECRYPTION INTERFACE
First Claim
Patent Images
1. A system for decrypting packets of encrypted data, comprising:
- a buffer device;
a packet validation component;
a decryption engine; and
a packet decoder configured to receive portions of a data packet, buffer received portions of the data packets in the buffer device, and, if the data packet contains encrypted data, pipeline the received portions of the data packets to the decryption engine to begin decryption of the encrypted data prior to receiving remaining portions of a data packet, wherein the packet validation component is configured to check a complete data packet for data transfer errors, and, if the data packet contains encrypted data, notify the decryption engine in response to detecting data transfer errors, and wherein the decryption engine is configured to check decrypted data for security violations, and, in response to receiving notification of detected data transfer errors from the data validation component, disregard any detected security violations.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for reducing the impact of latency associated with decrypting encrypted data are provided. Rather than wait until an entire packet of encrypted data is validated (e.g., by checking for data transfer errors), the encrypted data may be pipelined to a decryption engine as it is received, thus allowing decryption to begin prior to validation. In some cases, the decryption engine may be notified of data transfer errors detected during the validation process, in order to prevent reporting false security violations.
-
Citations
6 Claims
-
1. A system for decrypting packets of encrypted data, comprising:
-
a buffer device; a packet validation component; a decryption engine; and a packet decoder configured to receive portions of a data packet, buffer received portions of the data packets in the buffer device, and, if the data packet contains encrypted data, pipeline the received portions of the data packets to the decryption engine to begin decryption of the encrypted data prior to receiving remaining portions of a data packet, wherein the packet validation component is configured to check a complete data packet for data transfer errors, and, if the data packet contains encrypted data, notify the decryption engine in response to detecting data transfer errors, and wherein the decryption engine is configured to check decrypted data for security violations, and, in response to receiving notification of detected data transfer errors from the data validation component, disregard any detected security violations.
-
-
2. A system on a chip (SOC), comprising:
-
one or more processor cores; a cache for holding data accessed by the one or more processor cores, including a received portion of a first data packet containing at least a portion of a block of encrypted data; a decryption engine; and a packet decoder configured pipeline the received portion of the first data packet to the decryption engine to begin decryption of the encrypted data prior to receiving the complete first data packet and checking the complete first data packet for data transfer errors; and
further configured, after receiving remaining portions of the first data packet, to;check the first data packet for data transfer errors using buffered portions of the encrypted data; check for security violations with the decryption engine after decryption of the block of encrypted data; and disregard any detected security violations in response to detecting data transfer errors. - View Dependent Claims (3, 4, 5, 6)
-
Specification