Packet Processor

US 6,983,366 B1
Filed: 02/14/2000
Issued: 01/03/2006
Est. Priority Date: 02/14/2000
Status: Expired due to Term

First Claim

Patent Images

1. A packet processor comprising:

a control unit having a data input;

at least one encryption processor;

a first authentication processor;

a second authentication processor;

a local data bus, independent of the data input to the control unit, coupling the control unit to each of the encryption and authentication processors; and

a second data bus from the encryption processor to each authentication processor, including a data bus from the first authentication processor to the second authentication processorwherein the control unit is configured to control the at least one encryption processor and the first and second authentication processors such that a first set of data and a second set of data sent from the at least one encryption processor to the first authentication processor and the second authentication processor, respectively, are processed by the first authentication processor and the second authentication processor while the at least one encryption processor processes a third set of data, andwherein the at least one encryption processor, the first authentication processor and the second authentication processor are coupled to the local data bus independent of each other and independent of the control unit.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and article of manufacture for a computer implemented packet processor. The packet processor processes packets in parallel. In particular, the packet processor performs a combination of encryption and authentication on data packets. The encryption and authentication processing of a second data packet may begin before the encryption and authorization processes of a first data packet have completed.

Citations

40 Claims

1. A packet processor comprising:
- a control unit having a data input;
  
  at least one encryption processor;
  
  a first authentication processor;
  
  a second authentication processor;
  
  a local data bus, independent of the data input to the control unit, coupling the control unit to each of the encryption and authentication processors; and
  
  a second data bus from the encryption processor to each authentication processor, including a data bus from the first authentication processor to the second authentication processorwherein the control unit is configured to control the at least one encryption processor and the first and second authentication processors such that a first set of data and a second set of data sent from the at least one encryption processor to the first authentication processor and the second authentication processor, respectively, are processed by the first authentication processor and the second authentication processor while the at least one encryption processor processes a third set of data, andwherein the at least one encryption processor, the first authentication processor and the second authentication processor are coupled to the local data bus independent of each other and independent of the control unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A packet processor as recited in claim 1, wherein said data input of the control unit is coupled to a processor bus, and wherein each of said encryption and authentication processors comprises a data input coupled to the processor bus.
  - 3. A packet processor as recited in claim 1, wherein said data input of the control unit is coupled to a processor bus and each of said encryption and authentication processors comprises a data input to the processor bus and means for reading and writing data on the processor bus.
  - 4. A packet processor as recited in claim 1, wherein said second data bus comprises a daisy-chain connection between the encryption and authentication processors.
  - 5. A packet processor as recited in claim 1, wherein the at least one encryption processor, the first authentication processor and the second authentication processor are configured to control the local data bus independently of the control unit.
  - 6. A packet processor as recited in claim 1, wherein only the encryption processor is active.
  - 7. A packet processor as recited in claim 1, wherein only the encryption processor and the first authentication processor are active.

8. A method of processing data packets comprising:
- coupling a control unit to a first data bus;
  
  receiving first and second data packets in the control unit from the first data bus;
  
  coupling a plurality of processors to a second data bus independent of each other and independent of the control unit;
  
  providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor;
  
  providing data of the first data packet from the control unit to said at least one encryption processor, over the second data bus the at least one encryption processor encrypting and decrypting the first data packet;
  
  processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor;
  
  communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor for further processing; and
  
  providing data from the second data packet to said at least one encryption processor and processing the data from the second data packet in the at least one encryption processor while said at least one authentication processor further processes the output data for the first data packet.
- View Dependent Claims (9, 10)
- - 9. A method as recited in claim 8, wherein said step of communicating the output data comprises communicating said output data over a daisy-chain connection between said processors.
  - 10. A method as recited in claim 8, wherein said at least one authentication processor performs an integrity check of said output data.

11. A method of processing data packets comprising:
- coupling a control unit to a first data bus;
  
  receiving first and second data packets in the control unit from the first data bus;
  
  coupling a plurality of processors to a second data bus independent of each other and independent of the control unit;
  
  providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor;
  
  providing data of the first data packet from the control unit to said at least one encryption processor, over the second data bus;
  
  processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor;
  
  communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor for further processing; and
  
  providing data from the second data packet to said at least one encryption processor and processing the data from the second data packet in the at least one encryption processor while said at least one authentication processor further processes the output data for the first data packet;
  
  wherein said at least one authentication processor comprises a first and second authentication processors.

12. A method of processing data in a computer, the method comprising the steps of:
- coupling an encryption processor and at least one authentication processor to a data bus independent of each other;
  
  performing encryption on a first data packet within the encryption processor; and
  
  after completion of the encryption of the first data packet,performing authentication of the first data packet within the at least one authentication processor connected to the encryption processor by the data bus, andperforming encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the authentication is a first authentication, further comprising the step of performing a second authentication on the first data packet of data.
  - 14. The method of claim 13, wherein the first authentication is performed on the encrypted first data packet.
  - 15. The method of claim 13, wherein the first authentication appends data to the encrypted first data packet.
  - 16. The method of claim 13, further comprising the step of performing the encryption of the second data packet after beginning the second authentication of the first data packet.

17. A method of processing data in a computer, the method comprising the steps of:
- coupling an encryption processor and at least one authentication processor to a data bus independent of each other;
  
  performing encryption on a first data packet within the encryption processor;
  
  and after completion of the encryption of the first data packet,performing authentication of the first data packet within the at least one authentication processor connected to the encryption processor by the data bus, andperforming encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet;
  
  wherein the authentication is a first authentication, further comprising the step of performing a second authentication on the first data packet of data;
  
  wherein the first authentication appends data to the encrypted first data packet; and
  
  wherein the second authentication is performed on the encrypted first data packet and the appended data.

18. A method of processing data, the method comprising the steps of:
- coupling an encryption processing module and a first authentication processing module to a data bus independent of each other;
  
  encrypting a first data packet with the encryption processing module;
  
  authenticating the encrypted first data packet with the first authentication processing module;
  
  encrypting a second data packet with the encryption processing module while authenticating the first data packet with the first authentication processing module connected to the encryption processing module by the data bus; and
  
  authenticating the second data packet with the first authentication processing module.

19. An apparatus for processing data, comprising:
- a computer having a data storage device connected thereto, wherein the data storage device stores data;
  
  one or more computer programs, performed by the computer, for performing encryption on a first data packet within an encryption processor, and, after completion of the encryption of the first data packet, performing authentication of the first data packet in at least one authentication processor connected to the encryption processor by a data bus, and performing encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet,wherein the encryption processor and the at least one authentication processor are coupled to the local data bus independent of each other.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The apparatus of claim 19, wherein the authentication is a first authentication, further comprising means for performing a second authentication on the first data packet of data.
  - 21. The apparatus of claim 20, wherein the first authentication is performed on the encrypted first data packet.
  - 22. The apparatus of claim 20, wherein the first authentication appends data to the encrypted first data packet.
  - 23. The apparatus of claim 20, further comprising the means for performing the encryption of the second data packet after beginning the second authentication of the first data packet.

24. An apparatus for processing data, comprising:
- a computer having a data storage device connected thereto, wherein the data storage device stores data;
  
  one or more computer programs, performed by the computer, for performing encryption on a first data packet within an encryption processor, and, after completion of the encryption of the first data packet, performing authentication of the first data packet in at least one authentication processor connected to the encryption processor by a data bus, and performing encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet,wherein the encryption processor and the at least one authentication processor are coupled to the local data bus independent of each other;
  
  wherein the authentication is a first authentication, further comprising means for performing a second authentication on the first data packet of data;
  
  wherein the first authentication appends data to the encrypted first data packet; and
  
  wherein the second authentication is performed on the encrypted first data packet and the appended data.

25. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform method steps for processing data, the method comprising the steps of:
- performing encryption on a first data packet with an encryption processor; and
  
  after completion of the encryption of the first data packet,performing authentication of the first data packet in at least one authentication processor connected to the encryption processor by a data bus, andperforming encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet,wherein the encryption processor and the at least one authentication processor are coupled to the data bus independent of each other.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The article of manufacture of claim 25, wherein the authentication is a first authentication, further comprising the step of performing a second authentication on the first data packet of data.
  - 27. The article of manufacture of claim 26, wherein the first authentication is performed on the encrypted first data packet.
  - 28. The article of manufacture of claim 26, wherein the first authentication appends data to the encrypted first data packet.
  - 29. The article of manufacture of claim 26, further comprising the step of performing the encryption of the second data packet after beginning the second authentication of the first data packet.

30. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform method steps for processing data, the method comprising the steps of:
- performing encryption on a first data packet with an encryption processor; and
  
  after completion of the encryption of the first data packet,performing authentication of the first data packet in at least one authentication processor connected to the encryption processor by a data bus, andperforming encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet;
  
  wherein the encryption processor and the at least one authentication processor are coupled to the data bus independent of each other;
  
  wherein the authentication is a first authentication, further comprising the step of performing a second authentication on the first data packet of data;
  
  wherein the first authentication appends data to the encrypted first data packet; and
  
  wherein the second authentication is performed on the encrypted first data packet and the appended data.

31. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform method steps for processing data, the method comprising the steps of:
- encrypting a first data packet with an encryption processor;
  
  authenticating the encrypted first data packet with a first authentication processor connected to the encryption processor by a data bus;
  
  encrypting a second data packet with the encryption processor while authenticating the first data packet with the first authentication processor; and
  
  authenticating the second data packet with the first authentication processor,wherein the encryption processor and the first authentication processor are coupled to the data bus independent of each other.

32. A method of processing data packets comprising:
- coupling a control unit to a first data bus;
  
  coupling a plurality of processors to a second data bus independent of each other and independent of the control unit;
  
  receiving a first data packet in the control unit from the first data bus;
  
  providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor;
  
  providing data of the first data packet from the control unit to multiple processors, over the second data bus;
  
  processing said data from the first data packet with said multiple processors in parallel.
- View Dependent Claims (33)
- - 33. A method as recited in claim 32, wherein said plurality of processors comprises at least one encryption processor and a plurality of authentication processors.

34. A method of processing data packets comprising:
- coupling a control unit to a first data bus;
  
  receiving first and second data packets in the control unit from the first data bus;
  
  coupling a plurality of processors to a second data bus independent of each other and independent of the control unit;
  
  providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor;
  
  providing data of the first data packet from the control unit to said at least one encryption processor, over the second data bus;
  
  processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor;
  
  communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor for further processing; and
  
  providing data from the second data packet to said at least one encryption processor and processing the data from the second data packet in the at least one encryption processor while said at least one authentication processor further processes the output data for the first data packet;
  
  wherein said at least one authentication processor performs an integrity check of said output data; and
  
  wherein said at least one authentication processor comprises an HMAC core.

35. A method of processing data packets comprising:
- coupling a control unit to a first data bus;
  
  receiving first and second data packets in the control unit from the first data bus;
  
  coupling a plurality of processors to a second data bus independent of each other and independent of the control unit;
  
  providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor;
  
  providing data of the first data packet from the control unit to said at least one encryption processor, over the second data bus;
  
  processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor;
  
  communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor for further processing; and
  
  providing data from the second data packet to said at least one encryption processor and processing the data from the second data packet in the at least one encryption processor while said at least one authentication processor further processes the output data for the first data packet;
  
  wherein said at least one authentication processor performs an integrity check of said output data; and
  
  wherein said integrity check is performed using HMAC-key hashing.

36. A method of processing data packets comprising:
- coupling a control unit to a first data bus;
  
  receiving first and second data packets in the control unit from the first data bus;
  
  providing a plurality of processors in data communication with the control unit over a first local data bus, independent of the first data bus, the plurality of processors being coupled to the first local data bus independent of each other and independent of the control unit, said processors including at least one encryption processor and at least one authentication processor, the at least one authentication processor being coupled to the at least one encryption processor by a second local data bus separate from the first data bus and the first local data bus;
  
  providing data of the first data packet from the control unit to said at least one encryption processor, over the first local data bus;
  
  processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor;
  
  communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor via the second local data bus for further processing; and
  
  providing data from the second data packet to said at least one encryption processor for processing by the at least one encryption processor, while said at least one authentication processor further processes the output data for the first data packet.

37. A packet processor apparatus for connection to a computer through a processor bus, the packet processor system comprising:
- a controller having means for connection to the processor bus for communicating data of data packets to or from the processor bus;
  
  a plurality of hardware processor devices, each capable of processing data simultaneous with the processing of data by at least one other of said hardware processor devices;
  
  a local bus connecting the controller to the plurality of processor devices for communication of instructions from the controller to each hardware processor, wherein said instructions include instructions for processing data from a first data packet in a first one of the plurality of hardware processor devices and processing output from the first hardware processor device with a second one of the hardware processor devices, while data from a second packet is processed by the first hardware processor device,wherein the plurality of hardware processor devices are coupled to the local bus independent of each other and independent of the controller.
- View Dependent Claims (38, 39)
- - 38. A packet processor apparatus as recited in claim 37, wherein the plurality of processor hardware devices comprise at least one encryption processor and at least one authentication processor.
  - 39. A packet processor apparatus as recited in claim 37, wherein the first hardware processor device comprises an encryption processor device and wherein the second hardware processor device comprises an authentication processor device.

40. A packet processor apparatus for connection to a computer that operates on data from data packets communicated over a processor bus, wherein cryptographic and authentication functions are performed on the data packets prior to or after operation on the packet data by the computer, the packet processor comprising:
- a controller having means for connection to the processor bus for communicating data of data packets to or from the processor bus;
  
  at least one encryption processor device;
  
  at least one authentication processor device;
  
  a local bus connecting the controller to the encryption processor device and the authentication processor devices for communication of control instructions; and
  
  wherein said controller is configured to provide control instructions for processing data from a first packet in the at least one encryption processor devices and processing output from the at least one encryption processor device with the at least one authentication processor device, while data from a second packet is processed by the at least one encryption processor device, andwherein the at least one encryption processor device and the at least one authentication processor device are coupled to the local bus independent of each other and independent of the controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ravens Acquisition Corporation
Original Assignee
SafeNet Incorporated (Thales SA)
Inventors
Huynh, Dung Le, Brouwer, Roger J.
Primary Examiner(s)
Song, Hosuk

Application Number

US09/503,282
Time in Patent Office

2,150 Days
Field of Search

713153-156, 713159-160, 713168-170, 713200-201, 713/189, 713/194, 705/65, 705/67, 370/394, 370/395.1, 370/395.32
US Class Current

713/168
CPC Class Codes

H04L 2209/04   Masking or blinding

H04L 2209/125   Parallelization or pipelini...

H04L 63/0442   wherein the sending and rec...

H04L 63/0485   Networking architectures fo...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 63/164   at the network layer

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/50   using hash chains, e.g. blo...

Packet Processor

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Packet Processor

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links