Security Processing Engines, Circuits and Systems and Adaptive Processes and Other Processes
First Claim
Patent Images
1. An electronic circuit comprising:
- one or more programmable control-plane engines operable to process packet header information and form at least one command;
one or more programmable data-plane engines selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command; and
a programmable host processor coupled to such a data-plane engine and such a control-plane engine.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic circuit (200) includes one or more programmable control-plane engines (410, 460) operable to process packet header information and form at least one command, one or more programmable data-plane engines (310, 320, 370) selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command, and a programmable host processor (100) coupled to such a data-plane engine (310) and such a control-plane engine (410). Other processors, circuits, devices and systems and processes for their operation and manufacture are disclosed.
-
Citations
45 Claims
-
1. An electronic circuit comprising:
-
one or more programmable control-plane engines operable to process packet header information and form at least one command; one or more programmable data-plane engines selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command; and a programmable host processor coupled to such a data-plane engine and such a control-plane engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A security context cache module for use with a host processor and an external memory, said module comprising:
-
a local cache memory; a local processor coupled with said local cache memory; an ingress circuit having an input for ingress of a packet stream including an ingress packet having a security context pointer; and an auto-fetch circuit responsive to such ingress packet and operable to automatically fetch a security context from the external memory to said local cache memory using the security context pointer, and to associate the security context in said local cache memory with the packet stream, said auto-fetch circuit operable for multiple such packet streams and ingress packets, whereby to allow simultaneous security connections. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A streaming interface for packet data, comprising:
-
a buffer circuit for a packet stream including a packet having an associated request field for thread identification, said buffer circuit operable to provide a ready signal indicating that said buffer circuit currently has at least a predetermined amount of space to accept data; and a data transfer circuit responsive to the request for thread identification to transfer data to a particular target thread, said data transfer circuit including a control circuit responsive to the ready signal, and responsive to a start-of-packet indicator and an end-of-packet indicator and a drop-packet indicator, and further responsive to a multi-bit thread identification of a thread that is currently occupying the buffer circuit. - View Dependent Claims (28, 29)
-
-
30. A control method for packet processing, the control method comprising:
-
host-loading a first storage area with a context including control data and processing instructions for processing at least part of a packet; supplying a stream of packets including a particular packet to a packet processing subsystem, the particular packet including a pointer to a context in the first storage area; operating the packet processing subsystem to access the context from the first storage area for use in the packet processing subsystem in accordance with the pointer; and processing the stream of packets in the packet processing subsystem in accordance with the control data and processing instructions in the context. - View Dependent Claims (31, 32, 33)
-
-
34. An electronic method of processing packets, the method comprising:
-
providing a set of accelerator engines and at least one separate control engine; receiving packets from a stream using an electronic interface; electronically chunking the packets into chunks in a memory, the chunks being generally shorter than their packets and at least one of the chunks having associated control information; operating the separate control engine in response to the control information to electronically generate and store a sequence of engine identifications representing a pipelined process by selected ones of said accelerator engines one after another according to the sequence; and coupling and operating the accelerator engines responsive to the stored sequence of engine identifications so that a first accelerator engine having the first engine identification in the sequence processes a series of the chunks to produce resulting chunks, and a second accelerator engine having the second engine identification in the sequence processes the resulting chunks from the first accelerator engine beginning substantially as soon as the first of the resulting chunks comes from the first accelerator engine, whereby the stream of packets is pipeline-processed. - View Dependent Claims (35, 36)
-
-
37. A packet interface circuit comprising:
-
a control circuit operable to receive packets each having a header and a payload, some of the packets representing a first stream, and some others of the packets representing a second stream, the control circuit operable to assign thread identifications identifying each such stream; a memory; and a chunking circuit operable, when a given such packet has a payload exceeding a predetermined length, to store chunks in said memory so that the chunks have the predetermined length or less, and said chunking circuit operable to load chunk control information into said memory, the control information indicating start of packet (SOP), middle of packet (MOP), and end of packet (EOP), depending on the position in the payload of data in a given stored chunk. - View Dependent Claims (38)
-
-
39. A communication method for control communication between processors, the communication method comprising:
-
electronically breaking ingress packets into smaller chunks, one of the chunks for a packet being a start-of-packet chunk having associated control information; operating one or more programmable control-plane engines to process such a start of packet chunk and form at least one command to organize a set of data plane engines into a particular pipeline topology; and selectively operating the data-plane engines programmably to process the chunks in accordance with the command, whereby to effectuate at least one of a plurality of packet processing modes. - View Dependent Claims (40, 41)
-
-
42. An electronic buffering circuit comprising:
-
at least three processors each having inputs and outputs and identified by respective engine identifications, and at least one of said processors operable to generate particular engine identifications of at least two of said processors; a plurality of buffers at least equal in number to the plurality of processors; and a selection circuit responsive to controls based on the engine identifications of said processors for any-order interconnection of a selected processor-buffer-processor topology. - View Dependent Claims (43, 44)
-
-
45. A packet-processing electronic subsystem comprising:
-
a first data interface for first streaming data; a second data interface for second streaming data; a scheduler circuit coupled to said first and second data interfaces and including a packet memory; a security context cache module coupled for input from, and output to, said scheduler circuit, said security context cache module including a cache controller and a cache storage for at least one security context; a packet header processing module coupled for input from, and output to, said scheduler circuit; an authentication module coupled for input from, and output to, said scheduler circuit; and an encryption module coupled for input from, and output to, said scheduler circuit and said encryption module including control circuitry and encryption accelerators responsive to a security context in said security context cache module to operate said encryption module and said authentication module as specified by said security context and said packet header processing module.
-
Specification