Method and apparatus for dual hardware and software cryptography

US 7,120,799 B2
Filed: 12/15/2000
Issued: 10/10/2006
Est. Priority Date: 12/15/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a data processing system for executing cryptographic operations, the method comprising:

responsive to a request to perform a cryptographic operation, dynamically selecting between one of a software process and a hardware process within the data processing system in a single architecture for performing the cryptographic operation based on a policy, to form a selected process; and

performing the cryptographic operation using the selected process, wherein the cryptographic operation is an encryption of data using a key, and wherein the step of performing the cryptographic operation includes converting the key to a form useable by the selected process if the key is in an unusable form by the selected process, wherein the key is a software key and the selected process is the hardware process and the step of converting the key comprises converting the software key into a hardware form useable by the hardware process for performing the cryptographic operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method, apparatus, and computer implemented instructions for executing cryptographic operations. Responsive to a request to perform a cryptographic operation, one (or more) of a software process and a hardware process is selected for performing the cryptographic operation based on a policy which process results with available resources to perform the cryptographic operation to form a selected process. The cryptographic operation is performed using the selected process. Necessary object conversions, which is transparent to the application, is carried out in order to convert objects to usable forms of the selected process(es).

24 Citations

View as Search Results

23 Claims

1. A method in a data processing system for executing cryptographic operations, the method comprising:
- responsive to a request to perform a cryptographic operation, dynamically selecting between one of a software process and a hardware process within the data processing system in a single architecture for performing the cryptographic operation based on a policy, to form a selected process; and
  
  performing the cryptographic operation using the selected process, wherein the cryptographic operation is an encryption of data using a key, and wherein the step of performing the cryptographic operation includes converting the key to a form useable by the selected process if the key is in an unusable form by the selected process, wherein the key is a software key and the selected process is the hardware process and the step of converting the key comprises converting the software key into a hardware form useable by the hardware process for performing the cryptographic operation.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the policy includes selecting the one based on available resources to perform the cryptographic operation.
  - 3. The method of claim 2, wherein the available resources include available processing resources and memory.
  - 4. The method of claim 1, wherein the policy includes selecting the one resulting in a fastest completion of the cryptographic operation.
  - 5. The method of claim 1, wherein the selecting step includes:
    - selecting the one using a preference associated with the request.

6. A method in a data processing system for executing cryptographic operations, the method comprising:
- responsive to a request to perform a cryptographic operation, dynamically selecting between one of a software process and a hardware process within the data processing system in a single architecture for performing the cryptographic operation based on a policy, to form a selected process; and
  
  performing the cryptographic operation using the selected process, wherein the cryptographic operation is an encryption of data using a key, wherein the key is a hardware key and the selected process is the software process and further comprising;
  
  converting the hardware key into a software form useable by the software process for performing the cryptographic operation.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, wherein the policy comprises a set of rules used to minimize available resources consumed in performing the cryptograpluc operation.
  - 8. The method of claim 6, wherein the policy comprises a set of rules used to maximize a speed at which the cryptographic operation is performed.
  - 9. The method of claim 6, wherein the cryptographic operation is one of a message digest and a public-private key encryption.
  - 10. The method of claim 6, wherein the request is received from an application.
  - 11. The method of claim 10, wherein the request is received from the application using an application program interface call made by the application.

12. A data processing system for executing cryptographic operations, the data processing system comprising:
- selecting means for dynamically selecting between one of a software process and a hardware process within the data processing system in a single architecture for performing a cryptographic operation based on a policy, to form a selected process in response to a request to perform the cryptographic operation; and
  
  performing means for performing the cryptographic operation using the selected process, wherein the cryptographic operation is an encryption of data using a key, and wherein the performing means includes converting means for converting the key to a form useable by the selected process if the key is in an unusable form by the selected process, wherein the key is a software key and the selected process is the hardware process and the converting means comprises means for converting the software key into a hardware form useable by the hardware process for performing the cryptographic operation.
- View Dependent Claims (13, 14, 15)
- - 13. The data processing system of claim 12, wherein the policy includes selecting the one based on available resources to perform the cryptographic operation.
  - 14. The data processing system of claim 12, wherein the policy includes selecting the one resulting in a fastest completion of the cryptographic operation.
  - 15. The data processing system of claim 12, wherein the selecting means includes:
    - selecting means for selecting the one using a preference associated with the request.

16. A data processing system for executing cryptographic operations, the data processing system comprising:
- selecting means for dynamically selecting between one of a software process and a hardware process within the data processing system for performing a cryptographic operation based on a policy, to form a selected process in response to a request to perform the cryptographic operation; and
  
  performing means for performing the cryptographic operation using the selected process, wherein the cryptographic operation is an encryption of data using a key, and wherein the performing means includes converting means for converting the key to a form useable by the selected process if the key is in an unusable form by the selected process, wherein the key is a hardware key and the selected process is the software process and the converting means comprises means for converting the hardware key into a software form useable by the software process for performing the cryptographic operation.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The data processing system of claim 16, wherein the policy comprises a set of rules used to minimize available resources consumed in performing the cryptographic operation.
  - 18. The data processing system of claim 16, wherein the policy comprises a set of rules used to maximize a speed at which the cryptographic operation is performed.
  - 19. The data processing system of claim 16, wherein the cryptographic operation is one of a message digest and a public-private key encryption.
  - 20. The data processing system of claim 16, wherein the request is received from an application.
  - 21. The data processing system of claim 20, wherein the request is received from the application using an application program interface call made by the application.

22. A data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus, wherein data is sent and received using the communications unit;
  
  a memory connected to the bus system, wherein a set of instructions are located in the memory; and
  
  a processor unit connected to the bus system, wherein the processor unit executes the set of instructions to (i) dynamically select between one of a software process and a hardware process within the data processing system in a single architecture for performing a cryptographic operation based on a policy, to form a selected process;
  
  (ii) perform the cryptographic operation using the selected process, wherein the cryptographic operation is an encryption of data using a key, wherein the key is a hardware key and the selected process is the software process; and
  
  (iii) convert the hardware key into a software form useable by the software process for performing the cryptographic operation.

23. A data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus, wherein data is sent and received using the communications unit;
  
  a memory connected to the bus system, wherein a set of instructions are located in the memory; and
  
  a processor unit connected to the bus system, wherein the processor unit executes the set of instructions to (i) dynamically select between one of a software process and a hardware process within the data processing system in a single architecture for performing a cryptographic operation based on a policy, to form a selected process;
  
  (ii) perform the cryptographic operation using the selected process, wherein the cryptographic operation is an encryption of data using a key, wherein the key is a software key and the selected process is the hardware process; and
  
  (iii) convert the software key into a hardware form useable by the hardware process for performing the cryptographic operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nadalin, Anthony Joseph, Shrader, Theodore Jack London, Rich, Bruce Arland, Leung, Lok Yan
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Colin, Carl G.

Application Number

US09/738,243
Publication Number

US 20020078348A1
Time in Patent Office

2,125 Days
Field of Search

380/28, 380/286, 380/30, 380/37, 380/49, 709/250
US Class Current

713/189
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

Method and apparatus for dual hardware and software cryptography

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for dual hardware and software cryptography

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links