Packet Processor
First Claim
Patent Images
1. A packet processor comprising:
- a control unit having a data input;
at least one encryption processor;
a first authentication processor;
a second authentication processor;
a local data bus, independent of the data input to the control unit, coupling the control unit to each of the encryption and authentication processors; and
a second data bus from the encryption processor to each authentication processor, including a data bus from the first authentication processor to the second authentication processorwherein the control unit is configured to control the at least one encryption processor and the first and second authentication processors such that a first set of data and a second set of data sent from the at least one encryption processor to the first authentication processor and the second authentication processor, respectively, are processed by the first authentication processor and the second authentication processor while the at least one encryption processor processes a third set of data, andwherein the at least one encryption processor, the first authentication processor and the second authentication processor are coupled to the local data bus independent of each other and independent of the control unit.
12 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and article of manufacture for a computer implemented packet processor. The packet processor processes packets in parallel. In particular, the packet processor performs a combination of encryption and authentication on data packets. The encryption and authentication processing of a second data packet may begin before the encryption and authorization processes of a first data packet have completed.
-
Citations
40 Claims
-
1. A packet processor comprising:
-
a control unit having a data input; at least one encryption processor; a first authentication processor; a second authentication processor; a local data bus, independent of the data input to the control unit, coupling the control unit to each of the encryption and authentication processors; and a second data bus from the encryption processor to each authentication processor, including a data bus from the first authentication processor to the second authentication processor wherein the control unit is configured to control the at least one encryption processor and the first and second authentication processors such that a first set of data and a second set of data sent from the at least one encryption processor to the first authentication processor and the second authentication processor, respectively, are processed by the first authentication processor and the second authentication processor while the at least one encryption processor processes a third set of data, and wherein the at least one encryption processor, the first authentication processor and the second authentication processor are coupled to the local data bus independent of each other and independent of the control unit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of processing data packets comprising:
-
coupling a control unit to a first data bus; receiving first and second data packets in the control unit from the first data bus; coupling a plurality of processors to a second data bus independent of each other and independent of the control unit; providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor; providing data of the first data packet from the control unit to said at least one encryption processor, over the second data bus the at least one encryption processor encrypting and decrypting the first data packet; processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor; communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor for further processing; and providing data from the second data packet to said at least one encryption processor and processing the data from the second data packet in the at least one encryption processor while said at least one authentication processor further processes the output data for the first data packet. - View Dependent Claims (9, 10)
-
-
11. A method of processing data packets comprising:
-
coupling a control unit to a first data bus; receiving first and second data packets in the control unit from the first data bus; coupling a plurality of processors to a second data bus independent of each other and independent of the control unit; providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor; providing data of the first data packet from the control unit to said at least one encryption processor, over the second data bus; processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor; communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor for further processing; and providing data from the second data packet to said at least one encryption processor and processing the data from the second data packet in the at least one encryption processor while said at least one authentication processor further processes the output data for the first data packet; wherein said at least one authentication processor comprises a first and second authentication processors.
-
-
12. A method of processing data in a computer, the method comprising the steps of:
-
coupling an encryption processor and at least one authentication processor to a data bus independent of each other; performing encryption on a first data packet within the encryption processor; and
after completion of the encryption of the first data packet,performing authentication of the first data packet within the at least one authentication processor connected to the encryption processor by the data bus, and performing encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of processing data in a computer, the method comprising the steps of:
-
coupling an encryption processor and at least one authentication processor to a data bus independent of each other; performing encryption on a first data packet within the encryption processor; and after completion of the encryption of the first data packet, performing authentication of the first data packet within the at least one authentication processor connected to the encryption processor by the data bus, and performing encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet; wherein the authentication is a first authentication, further comprising the step of performing a second authentication on the first data packet of data; wherein the first authentication appends data to the encrypted first data packet; and wherein the second authentication is performed on the encrypted first data packet and the appended data.
-
-
18. A method of processing data, the method comprising the steps of:
-
coupling an encryption processing module and a first authentication processing module to a data bus independent of each other; encrypting a first data packet with the encryption processing module; authenticating the encrypted first data packet with the first authentication processing module; encrypting a second data packet with the encryption processing module while authenticating the first data packet with the first authentication processing module connected to the encryption processing module by the data bus; and authenticating the second data packet with the first authentication processing module.
-
-
19. An apparatus for processing data, comprising:
-
a computer having a data storage device connected thereto, wherein the data storage device stores data; one or more computer programs, performed by the computer, for performing encryption on a first data packet within an encryption processor, and, after completion of the encryption of the first data packet, performing authentication of the first data packet in at least one authentication processor connected to the encryption processor by a data bus, and performing encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet, wherein the encryption processor and the at least one authentication processor are coupled to the local data bus independent of each other. - View Dependent Claims (20, 21, 22, 23)
-
-
24. An apparatus for processing data, comprising:
-
a computer having a data storage device connected thereto, wherein the data storage device stores data; one or more computer programs, performed by the computer, for performing encryption on a first data packet within an encryption processor, and, after completion of the encryption of the first data packet, performing authentication of the first data packet in at least one authentication processor connected to the encryption processor by a data bus, and performing encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet, wherein the encryption processor and the at least one authentication processor are coupled to the local data bus independent of each other; wherein the authentication is a first authentication, further comprising means for performing a second authentication on the first data packet of data; wherein the first authentication appends data to the encrypted first data packet; and wherein the second authentication is performed on the encrypted first data packet and the appended data.
-
-
25. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform method steps for processing data, the method comprising the steps of:
-
performing encryption on a first data packet with an encryption processor; and after completion of the encryption of the first data packet, performing authentication of the first data packet in at least one authentication processor connected to the encryption processor by a data bus, and performing encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet, wherein the encryption processor and the at least one authentication processor are coupled to the data bus independent of each other. - View Dependent Claims (26, 27, 28, 29)
-
-
30. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform method steps for processing data, the method comprising the steps of:
-
performing encryption on a first data packet with an encryption processor; and after completion of the encryption of the first data packet, performing authentication of the first data packet in at least one authentication processor connected to the encryption processor by a data bus, and performing encryption of a second data packet within the encryption processor prior to completion of authentication of the first data packet; wherein the encryption processor and the at least one authentication processor are coupled to the data bus independent of each other; wherein the authentication is a first authentication, further comprising the step of performing a second authentication on the first data packet of data; wherein the first authentication appends data to the encrypted first data packet; and wherein the second authentication is performed on the encrypted first data packet and the appended data.
-
-
31. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform method steps for processing data, the method comprising the steps of:
-
encrypting a first data packet with an encryption processor; authenticating the encrypted first data packet with a first authentication processor connected to the encryption processor by a data bus; encrypting a second data packet with the encryption processor while authenticating the first data packet with the first authentication processor; and authenticating the second data packet with the first authentication processor, wherein the encryption processor and the first authentication processor are coupled to the data bus independent of each other.
-
-
32. A method of processing data packets comprising:
-
coupling a control unit to a first data bus; coupling a plurality of processors to a second data bus independent of each other and independent of the control unit; receiving a first data packet in the control unit from the first data bus; providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor; providing data of the first data packet from the control unit to multiple processors, over the second data bus; processing said data from the first data packet with said multiple processors in parallel. - View Dependent Claims (33)
-
-
34. A method of processing data packets comprising:
-
coupling a control unit to a first data bus; receiving first and second data packets in the control unit from the first data bus; coupling a plurality of processors to a second data bus independent of each other and independent of the control unit; providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor; providing data of the first data packet from the control unit to said at least one encryption processor, over the second data bus; processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor; communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor for further processing; and providing data from the second data packet to said at least one encryption processor and processing the data from the second data packet in the at least one encryption processor while said at least one authentication processor further processes the output data for the first data packet; wherein said at least one authentication processor performs an integrity check of said output data; and wherein said at least one authentication processor comprises an HMAC core.
-
-
35. A method of processing data packets comprising:
-
coupling a control unit to a first data bus; receiving first and second data packets in the control unit from the first data bus; coupling a plurality of processors to a second data bus independent of each other and independent of the control unit; providing the plurality of processors in data communication with the control unit over the second data bus, independent of the first data bus, said processors including at least one encryption processor and at least one authentication processor; providing data of the first data packet from the control unit to said at least one encryption processor, over the second data bus; processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor; communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor for further processing; and providing data from the second data packet to said at least one encryption processor and processing the data from the second data packet in the at least one encryption processor while said at least one authentication processor further processes the output data for the first data packet; wherein said at least one authentication processor performs an integrity check of said output data; and wherein said integrity check is performed using HMAC-key hashing.
-
-
36. A method of processing data packets comprising:
-
coupling a control unit to a first data bus; receiving first and second data packets in the control unit from the first data bus; providing a plurality of processors in data communication with the control unit over a first local data bus, independent of the first data bus, the plurality of processors being coupled to the first local data bus independent of each other and independent of the control unit, said processors including at least one encryption processor and at least one authentication processor, the at least one authentication processor being coupled to the at least one encryption processor by a second local data bus separate from the first data bus and the first local data bus; providing data of the first data packet from the control unit to said at least one encryption processor, over the first local data bus; processing said data from the first data packet with said at least one encryption processor to provide output data for the first data packet from said at least one encryption processor; communicating said output data for the first data packet from said at least one encryption processor to said at least one authentication processor via the second local data bus for further processing; and providing data from the second data packet to said at least one encryption processor for processing by the at least one encryption processor, while said at least one authentication processor further processes the output data for the first data packet.
-
-
37. A packet processor apparatus for connection to a computer through a processor bus, the packet processor system comprising:
-
a controller having means for connection to the processor bus for communicating data of data packets to or from the processor bus; a plurality of hardware processor devices, each capable of processing data simultaneous with the processing of data by at least one other of said hardware processor devices; a local bus connecting the controller to the plurality of processor devices for communication of instructions from the controller to each hardware processor, wherein said instructions include instructions for processing data from a first data packet in a first one of the plurality of hardware processor devices and processing output from the first hardware processor device with a second one of the hardware processor devices, while data from a second packet is processed by the first hardware processor device, wherein the plurality of hardware processor devices are coupled to the local bus independent of each other and independent of the controller. - View Dependent Claims (38, 39)
-
-
40. A packet processor apparatus for connection to a computer that operates on data from data packets communicated over a processor bus, wherein cryptographic and authentication functions are performed on the data packets prior to or after operation on the packet data by the computer, the packet processor comprising:
-
a controller having means for connection to the processor bus for communicating data of data packets to or from the processor bus; at least one encryption processor device; at least one authentication processor device; a local bus connecting the controller to the encryption processor device and the authentication processor devices for communication of control instructions; and wherein said controller is configured to provide control instructions for processing data from a first packet in the at least one encryption processor devices and processing output from the at least one encryption processor device with the at least one authentication processor device, while data from a second packet is processed by the at least one encryption processor device, and wherein the at least one encryption processor device and the at least one authentication processor device are coupled to the local bus independent of each other and independent of the controller.
-
Specification