Method and apparatus to provide inline encryption and decryption for a wireless station via data streaming over a fast network
First Claim
1. In a station of a wireless network, the station coupled to a network device by a network link, the network device including a memory, a method of steaming data over the network link from or to the network device memory during wirelessly transmitting or wirelessly receiving at the station, the method comprising:
- accepting information describing wherefrom to retrieve a data element including at least some of the data for a to-be-wirelessly-transmitted packet in the case of transmitting, or whereto write a data element including at least some of the data from a wirelessly received packet in the case of receiving, the accepted information including information defining a memory location and an amount data in the network device memory for said data element, the accepted information further including, in the case of transmitting, specifying any encrypting to be performed, and in the case of receiving, any decrypting to be performed;
setting up a DMA transfer of said data element for the to-be-wirelessly-transmitted packet in the case of transmitting, or from the wirelessly received packet in the case of receiving, the setting up using the defining information, the setting up including in the case of transmitting, specifying any encrypting to be performed, and in the case of receiving, any decrypting to be performed; and
in the case of transmitting;
converting the defining information to a packet of a first type for transport over the network link;
sending the packet of the first type via the network link to the network device to be interpreted at the network device to set up sending said data element from the memory of the network device according to the defining information, including encrypting the information;
receiving in response to the sending of the packet of the first type, a packet of a second type that includes said data element encrypted as specified;
converting the packet of the second type to said data element; and
incorporating said data element into the packet for transmission,or,in the case of receiving;
extracting said data element from the wirelessly received packet;
converting the defining information and encapsulating said data element into a packet of the second type for transport over the network link for said data element to be written into the memory of the network device; and
sending the packet of a second type to the network device to be interpreted at the network device to cause the encapsulated data to be written into the memory of the network device according to the defining information,such that, in the case of transmitting, the transfer over the network link of said data element for incorporation into a packet for wireless transmission, including any encrypting, occurs in real time during transmit time, or such that in the case of receiving, the transfer of said data element from a wirelessly received packet, including any decrypting, occurs in real time during receive time, andsuch that any encrypting of said data element occurs prior to transferring the packet with said data element over the network link, and such that any decrypting occurs after the transfer of the packet with said data clement over the network link.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time, including encrypting the data element during the streaming in real time prior to the transfer over the network link. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time, including decrypting the data element during the streaming in real time after to the transfer over the network link. The transmitting or receiving is by a station of a wireless network and the streaming is to or from the station from or to a network device coupled to the station by the network link.
69 Citations
43 Claims
-
1. In a station of a wireless network, the station coupled to a network device by a network link, the network device including a memory, a method of steaming data over the network link from or to the network device memory during wirelessly transmitting or wirelessly receiving at the station, the method comprising:
-
accepting information describing wherefrom to retrieve a data element including at least some of the data for a to-be-wirelessly-transmitted packet in the case of transmitting, or whereto write a data element including at least some of the data from a wirelessly received packet in the case of receiving, the accepted information including information defining a memory location and an amount data in the network device memory for said data element, the accepted information further including, in the case of transmitting, specifying any encrypting to be performed, and in the case of receiving, any decrypting to be performed; setting up a DMA transfer of said data element for the to-be-wirelessly-transmitted packet in the case of transmitting, or from the wirelessly received packet in the case of receiving, the setting up using the defining information, the setting up including in the case of transmitting, specifying any encrypting to be performed, and in the case of receiving, any decrypting to be performed; and in the case of transmitting; converting the defining information to a packet of a first type for transport over the network link; sending the packet of the first type via the network link to the network device to be interpreted at the network device to set up sending said data element from the memory of the network device according to the defining information, including encrypting the information; receiving in response to the sending of the packet of the first type, a packet of a second type that includes said data element encrypted as specified; converting the packet of the second type to said data element; and incorporating said data element into the packet for transmission, or, in the case of receiving; extracting said data element from the wirelessly received packet; converting the defining information and encapsulating said data element into a packet of the second type for transport over the network link for said data element to be written into the memory of the network device; and sending the packet of a second type to the network device to be interpreted at the network device to cause the encapsulated data to be written into the memory of the network device according to the defining information, such that, in the case of transmitting, the transfer over the network link of said data element for incorporation into a packet for wireless transmission, including any encrypting, occurs in real time during transmit time, or such that in the case of receiving, the transfer of said data element from a wirelessly received packet, including any decrypting, occurs in real time during receive time, and such that any encrypting of said data element occurs prior to transferring the packet with said data element over the network link, and such that any decrypting occurs after the transfer of the packet with said data clement over the network link. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a network device coupled by a network link to a wireless station of a wireless network, the network device including a memory, a method of streaming data over the network link from or to the network device memory during wirelessly transmitting or during wirelessly receiving at the station, the method comprising:
-
sending information over the network link to the wireless station describing wherefrom to retrieve a data element including at least some of the data for a to-be-wirelessly-transmitted packet in the case of transmitting, or whereto write a data element including at least some of the data from a wirelessly received packet in the case of receiving, the accepted information including information defining a memory location and an amount data in the network device memory for said data element; accepting information describing how to encrypt at least some of the data for the to-be-wirelessly-transmitted packet in the case of transmitting, or how to decrypt at least some of the data from a wirelessly received packet in the case of receiving; and in the case of data for a to-be-transmitted packet; receiving from the wireless station via the network link a packet of the first type, the packet of the first type including information describing wherefrom to retrieve said data element and how to encrypt the data element; retrieving said data element from the memory the retrieving in response to the receiving of a packet of the first type; forming a packet of a second type that includes the retrieved data, including encrypting data as requested; and sending the packet of a second type to the wireless station in response to the receiving, or, in the case of data from a received packet; receiving a packet of a second type from the wireless station encapsulating said data element and including information describing whereto write said data element and how to decrypt said data element; extracting the encapsulated data from the packet of the second type, including decrypting said data element; writing the extracted data into the memory according to information in the received packet of the second type, such that, in the case of transmitting, the transfer of data over the network link for incorporation into a packet for wireless transmission, including any encrypting, occurs in real time during transmit time, or such that in the case of receiving, the transfer of data over the network link from a wirelessly received packet, including any decrypting, occurs in real time during receive time. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus in a wireless station operable in a wireless network, the apparatus comprising:
-
a local memory able to receive information describing a location wherefrom a data element including at least some of the data for a to-be-wirelessly transmitted packet is to be obtained, the location being in a memory of a network device coupled by a network link to the wireless station; a packet/DMA engine coupled to the local memory, the packet DMA engine able to set up a DMA transfer of data for the to-be-wirelessly-transmitted packet, the setting up using the received information in the memory and forming information defining a set of at least one location in the memory of the network device, and defining cryptographic information; and a network interface coupled to the packet/DMA engine, the network interface including a network DMA engine able to accept DMA requests for transfer of data, the network DMA engine able to convert defining information to a packet of a first type and to cause the network interface to send the packet of the first type over a network link to which the network interface is coupled, such that a compatible network device can interpret and retrieve the data defined by the defining information, including interpreting the cryptographic information and encrypting the data accordingly, the network interface further able to recognize and provide the network DMA engine a packet of a second type received over the network link, the packet of the second type including data defined by defining information, the network DMA engine further able to convert the provided packet of the second type to data included therein, such that, in the case that the station is coupled to a first network, and a first packet of the second type is received over the first network from a first network device also coupled to the first network, said receiving of the first packet of the second type being in response to the sending of a first packet of the first type, and said sending of the first packet is as a result of the network DMA engine accepting a first DMA request that defines data to be retrieved from a memory of the first network device and that defined any encrypting to be performed, the network DMA engine responds to the first DMA request with the data defined in the first DMA request, and such that the transfer of data over the first network for incorporation into a packet for wireless transmission can occur in real time during transmit time, including encrypting prior to the transfer over the first network. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
such that, in the case that the station is coupled to the first network and the first network device is also coupled to the first network, a second packet of the second type is sent over the first network to the first network device as a result of the network DMA engine accepting a second DMA request that defines data to be sent to the memory of the first network device, including how to decrypt the data, and such that the transfer of data over the network link from a wirelessly received packet occurs in real time during receive time, with any real time decrypting occurring after transfer over the network link. -
17. An apparatus as recited in claim 15, the apparatus further comprising:
-
a host processor coupled to a host bus subsystem; and a host DMA controller coupled to the host subsystem, wherein the packet/DMA engine is also coupled to the host bus subsystem and able to communicate to the host DMA controller, such that the packer DMA engine'"'"'s setting up a DMA transfer includes the packet DMA engine instructing the host DMA controller to set up the DMA transfer, and such that the network DMA engine appears to the host DMA controller as a memory interface, wherein the local memory is further able to receive information describing a location to where an element of data from a wirelessly received packet is to be stored, the location in the memory of the network device coupled by the network link to the wireless station, wherein the packet/DMA engine using the received information in the local memory is further able to set up a DMA transfer of a data element including at least some of the contents of the wirelessly received packet, wherein the network DMA engine is further able to form a packet of a second type including the data element defined by defining information in a DMA request, and wherein the network interface is further able to send the formed packet of the second type.
-
-
18. An apparatus as recited in claim 17, wherein the packet/DMA engine includes a scatter/gather DMA controller to set up the transfer of a plurality of data elements.
-
19. An apparatus as recited in claim 15, wherein the station is an access point of the wireless network.
-
20. An apparatus as recited in claim 15, wherein the wireless network conforms to one of the IEEE 802.11 standards or derivatives thereof.
-
21. An apparatus as recited in claim 20, wherein the to-be-wirelessly transmitted packet is an 802.11 MAC packet.
-
22. An apparatus as recited in claim 15, wherein the network device is a network switch that includes a memory wherefrom data is streamed during the wireless transmitting.
-
23. An apparatus as recited in claim 22, wherein the network link is a Gigabit Ethernet link or an Ethernet link at least as fast as a Gigabit Ethernet link.
-
-
24. A method of wirelessly transmitting a packet of information, the method comprising:
-
streaming a data element including at least some of the contents of the packet over a network link during transmit time, the streaming including real-time encrypting the data prior to the transfer over the network link; and transmitting the packet of information, wherein the transmitting is by a station of a wireless network and the streaming is to the station from a network device coupled to the station by the network link, and wherein the network device includes a memory wherefrom data is streamed during the wireless transmitting, the method further comprising; forming a DMA request for said data element and encryption information; converting the formed DMA request and the encryption information in a first packet for transport over the network link; sending the first packet to the network device over the network link; receiving a second packet over the network link from the network device, said second packet containing said data element encrypted according to the encryption information; and responding to the formed DMA request with said data element from the second packet, such that the streaming of said data element of the data uses the second packet, and such that the encryption occurs in real time during the streaming. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
such that the forming of the DMA request uses the received information.
-
-
31. A method as recited in claim 24, wherein the network link is a Gigabit Ethernet link or an Ethernet link at least as fast as a Gigabit Ethernet link, and wherein the network device is a network switch, wherein the wireless network is a network conforming to one of the IEEE 802.11 standards or a derivative thereof, and wherein the first and second packets are respectively Ethernet packets of a first type and a second type.
-
32. A method of wirelessly receiving a packet of information, the method comprising:
-
wirelessly receiving a packet of information; streaming a data element including at least some of the contents of the packet over a network link during receive time; and decrypting the data element in real time during the streaming, the decrypting after transfer over the network link, wherein the receiving is by a station of a wireless network and the streaming is from the station to a network device coupled to the station by the network link, and wherein the network device includes a memory whereto data is streamed during the wireless transmitting, the method further comprising; forming a DMA request for writing said data element and encryption information; converting the formed DMA request and the encryption information to a first packet for transport over the network link; sending the first packet to the network device over the network link; encapsulating said data element encrypted according to the encryption information into a second packet for transport over the network link to the network device; and sending the second packet over the network link to the network device for writing into the memory of the network device according to the formed DMA request, such that the streaming of said data element of the data uses the second packet. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
such that the forming of the DMA request uses the received information.
-
-
39. A method as recited in claim 32, wherein the network link is a Gigabit Ethernet link or an Ethernet link at least as fast as a Gigabit Ethernet link, and wherein the network device is a network switch, and wherein the wireless network is a network conforming to one of the IEEE 802.11 standards or a derivative thereof, and wherein the first and second packets are respectively Ethernet packets of a first type and a second type.
-
40. An apparatus to wirelessly transmit a packet of information, the apparatus including:
-
means for wirelessly transmitting a packet of information; and means for streaming a data element, including at least some of the contents of the packet, over a network link during transmit time, wherein the means for streaming includes means for real-time encrypting the data prior to the transfer over the network link, wherein the means for transmitting is in a station of a wireless network, and wherein the means for streaming is for streaming from a network device coupled to the wireless station by the network link, and wherein the network device includes a memory wherefrom data is streamed during the wireless transmitting by the means for transmitting, the apparatus further comprising; means for forming a DMA request for said data element and encryption information; means for converting the formed DMA request and the encryption information to a first packet for transport over the network link; means for sending the first packet to the network device over the network link; means for receiving a second packet over the network link from the network device, said second packet containing said data element encrypted according to the encryption information; and means for responding to the formed DMA request with said data element from the second packet, such that the means for streaming of said data element of the data uses the second packet, and such that the encryption by the means for encrypting occurs in real time during the streaming.
-
-
41. A carrier medium carrying a set of machine readable instructions to instruct a machine to carry out a method of wirelessly transmitting a packet of information, the method including:
-
streaming a data element, including at least some of the contents of the packet, over a network link during transmit time, the streaming including real-time encrypting the data prior to the transfer over the network link; and transmitting the packet of information, wherein the transmitting is in a station of a wireless network, wherein the streaming is from a network device coupled to the wireless station by the network link, and wherein the network device includes a memory wherefrom data is streamed during the wireless transmitting, the method further comprising; forming a DMA request for said data element and encryption information; convening the formed DMA request and the encryption information to a first packet for transport over the network link; sending the firs packet to the network device over the network link; receiving a second packet over the network link from the network device, said second packet containing said data element encrypted according to the encryption information; and responding to the formed DMA request with said data element from the second packet, such that the streaming of said data element of the data uses the second packet, and such that the encryption occurs in real time during the streaming.
-
-
42. An apparatus to wirelessly receive a packet of information, the apparatus including:
-
means for wirelessly receiving a packet of information; and means for streaming a data element, including at least some of the contents of the received packet, over a network link during transmit time; and means for decrypting the data element in real time during the streaming, the decrypting after transfer over the network link, wherein the means for receiving is in a station of a wireless network, wherein the means for streaming is for streaming to a network device coupled to the wireless station by the network link, and wherein the network device includes a memory whereto data is streamed during the wireless transmitting, the method further comprising; means for forming a DMA request for writing said data element and encryption information; means for converting the formed DMA request and the encryption information to a first packet for transport over the network link; means for sending the first packet to the network device over the network link; means for encapsulating said data element encrypted according to the encryption information into a second packet for transport over the network link to the network device; and means for sending the second packet over the network link to the network device for writing into the memory of the network device according to the formed DMA request, such that the means for streaming of said data element of the data uses the second packet.
-
-
43. A carrier medium, carrying a set of machine readable instructions to instruct a machine to carry out a method of wirelessly receiving a packet of information, the method including:
-
streaming a data element, including at least some of the contents of the received packet, over a network link during transmit time; and decrypting the data element in real time during the streaming, the decrypting after transfer over the network link, wherein the receiving is in a station of a wireless network, wherein the streaming is to a network device coupled to the wireless station by the network link, and wherein the network device includes a memory whereto data is streamed during the wireless transmitting, the method further comprising; forming a DMA request for writing said data element and encryption information; converting the formed DMA request and the encryption information to a first packet for transport over the network link; sending the first packet to the network device over the network link; encapsulating said data element encrypted according to the encryption information into a second packet for transport over the network link to the network device; and sending the second packet over the network link to the network device for writing into the memory of the network device according to the formed DMA request, such that the streaming of said data element of the data uses the second packet.
-
Specification