Security communication packet processing apparatus and the method thereof
First Claim
1. A security communication packet processing apparatus that performs at least one of encryption processing, decryption processing and authentication processing on an inputted packet so as to construct a processed packet corresponding to the inputted packet, said security communication packet processing apparatus comprising:
- a control unit operable to divide the inputted packet into data blocks each having a B1 bit length, and sequentially output the data blocks obtained by the division, the B1 bit length being a unit of a data block on which one of the encryption processing and the decryption processing is performed;
at least one encryption processing unit operable to perform one of the encryption processing and the decryption processing on the data blocks outputted from said control unit;
at least one authentication processing unit operable to perform the authentication processing on data blocks each having a B2 bit length, and output an authentication value indicating the result of the authentication processing, the B2 bit length being a unit of a data block on which the authentication processing is performed and being n times the data block unit having the B1 bit length;
at least one data block accumulation unit operable to accumulate the data blocks each having the B1 bit length on which the encryption processing has been performed by said at least one encryption processing unit, and, when the number of accumulated encrypted data blocks each having the B1 bit length reaches n, output the data block having the B2 bit length made up of the n data blocks each having the B1 bit length, to said at least one authentication processing unit; and
a packet construction unit operable to receive the encrypted or decrypted data blocks from said at least one encryption processing unit, receive the authentication value from said at least one authentication processing unit, and reconstruct, according to a predetermined format, a processed packet corresponding to the inputted packet by using the received data blocks and the authentication value;
wherein when the inputted packet is a packet which requires both encryption processing and authentication processing, the encryption processing of the data block having the B1 bit length by said at least one encryption processing unit and the authentication processing of the data block having the B2 bit length by said at least one authentication processing unit are performed in parallel;
said at least one encryption processing unit is operable to generate encrypted data blocks by performing, one by one, the encryption processing on the data blocks each having the B1 bit length outputted, one by one, from said control unit, and output, one by one, the generated encrypted data blocks to said at least one data block accumulation unit and said packet construction unit;
said at least one data block accumulation unit is operable to accumulate the encrypted data blocks which have been outputted from said at least one encryption processing unit, and when the number of accumulated encrypted data blocks each having the B1 bit length reaches n, output the data block having the B2 bit length made up of the n encrypted data blocks each having the B1 bit length, to said at least one authentication processing unit;
said at least one authentication processing unit is operable to update an intermediate value obtained in the middle of generating the authentication value when said authentication processing unit receives the data block having the B2 bit length from said data block accumulation unit, using the data block having the B2 bit length, and output the intermediate value as the authentication value when said authentication processing unit updates the intermediate value using the at least one data block having the B2 bit length corresponding to the inputted packet; and
said packet construction unit is operable to (i) receive, from said at least one encryption processing unit, and accumulate, one by one, the encrypted data blocks corresponding to the data blocks obtained by dividing the inputted packet, (ii) receive the authentication value from said at least one authentication processing unit, and (iii) reconstruct the processed packet by using a set of the accumulated encrypted data blocks and the authentication value.
2 Assignments
0 Petitions
Accused Products
Abstract
A security communication packet processing apparatus (100) comprises an encryption processing unit (102) that performs encryption processing and decryption processing in a data block unit of B1 bits, an authentication processing unit (104) that performs authentication processing in a data block unit of B2(=n×B1) bits in parallel to the encryption processing or the decryption processing in the encryption processing unit (102) and outputs an authentication value, a data block accumulation unit (103) that accumulates the data blocks from the encryption processing unit (102) and outputs the data blocks to the authentication processing unit (104) when the accumulated amount of the data blocks reaches B2 bits, a packet construction unit (105) that reconstructs a packet with the data blocks from the encryption processing unit (102) and the authentication value from the authentication processing unit (104), and an encryption and authentication processing control unit (101) that divides the inputted packet into the data blocks of B1 bits and outputs the data blocks sequentially to the encryption processing unit.
-
Citations
22 Claims
-
1. A security communication packet processing apparatus that performs at least one of encryption processing, decryption processing and authentication processing on an inputted packet so as to construct a processed packet corresponding to the inputted packet, said security communication packet processing apparatus comprising:
-
a control unit operable to divide the inputted packet into data blocks each having a B1 bit length, and sequentially output the data blocks obtained by the division, the B1 bit length being a unit of a data block on which one of the encryption processing and the decryption processing is performed; at least one encryption processing unit operable to perform one of the encryption processing and the decryption processing on the data blocks outputted from said control unit; at least one authentication processing unit operable to perform the authentication processing on data blocks each having a B2 bit length, and output an authentication value indicating the result of the authentication processing, the B2 bit length being a unit of a data block on which the authentication processing is performed and being n times the data block unit having the B1 bit length; at least one data block accumulation unit operable to accumulate the data blocks each having the B1 bit length on which the encryption processing has been performed by said at least one encryption processing unit, and, when the number of accumulated encrypted data blocks each having the B1 bit length reaches n, output the data block having the B2 bit length made up of the n data blocks each having the B1 bit length, to said at least one authentication processing unit; and a packet construction unit operable to receive the encrypted or decrypted data blocks from said at least one encryption processing unit, receive the authentication value from said at least one authentication processing unit, and reconstruct, according to a predetermined format, a processed packet corresponding to the inputted packet by using the received data blocks and the authentication value; wherein when the inputted packet is a packet which requires both encryption processing and authentication processing, the encryption processing of the data block having the B1 bit length by said at least one encryption processing unit and the authentication processing of the data block having the B2 bit length by said at least one authentication processing unit are performed in parallel; said at least one encryption processing unit is operable to generate encrypted data blocks by performing, one by one, the encryption processing on the data blocks each having the B1 bit length outputted, one by one, from said control unit, and output, one by one, the generated encrypted data blocks to said at least one data block accumulation unit and said packet construction unit; said at least one data block accumulation unit is operable to accumulate the encrypted data blocks which have been outputted from said at least one encryption processing unit, and when the number of accumulated encrypted data blocks each having the B1 bit length reaches n, output the data block having the B2 bit length made up of the n encrypted data blocks each having the B1 bit length, to said at least one authentication processing unit; said at least one authentication processing unit is operable to update an intermediate value obtained in the middle of generating the authentication value when said authentication processing unit receives the data block having the B2 bit length from said data block accumulation unit, using the data block having the B2 bit length, and output the intermediate value as the authentication value when said authentication processing unit updates the intermediate value using the at least one data block having the B2 bit length corresponding to the inputted packet; and said packet construction unit is operable to (i) receive, from said at least one encryption processing unit, and accumulate, one by one, the encrypted data blocks corresponding to the data blocks obtained by dividing the inputted packet, (ii) receive the authentication value from said at least one authentication processing unit, and (iii) reconstruct the processed packet by using a set of the accumulated encrypted data blocks and the authentication value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20, 21, 22)
-
-
18. A security communication packet processing method for performing at least one of encryption processing, decryption processing and authentication processing on an inputted packet so as to construct a processed packet corresponding to the inputted packet, said security communication packet processing method comprising:
-
dividing the inputted packet into data blocks each having a B1 bit length, and sequentially outputting the data blocks obtained by said dividing, the B1 bit length being a unit of a data block on which one of the encryption processing and the decryption processing is performed; performing the encryption processing or the decryption processing on the data blocks outputted in said outputting; performing the authentication processing on data blocks each having a B2 bit length, and outputting an authentication value indicating the result of the authentication processing, the B2 bit length being a unit of a data block on which the authentication processing is performed and being n times the data block having the B1 bit length; accumulating the data blocks each having the B1 bit length on which the encryption processing has been performed in said performing of the encryption processing, and when the number of accumulated encrypted data blocks each having the B1 bit length reaches n, outputting the data block having the B2 bit length made up of the n data blocks each having the B1 bit length so that the data block the having the B2 bit length is processed in said performing of the authentication processing; receiving the data blocks encrypted or decrypted in said performing of the encryption processing or said performing of the decryption processing, receiving the authentication value outputted in said outputting of the authentication value, and reconstructing, according to a predetermined format, a processed packet corresponding to the inputted packet by using the received data blocks and the authentication value, wherein; when the inputted packet is a packet which requires both encryption processing and authentication processing, the encryption processing of the data block having the B1 bit length performed in said performing of the encryption processing and the authentication processing of the data block having the B2 bit length performed in said performing of the authentication processing are performed in parallel in said performing of the encryption processing, encrypted data blocks are generated by performing, one by one, the encryption processing on the data blocks each having the B1 bit length outputted one by one in said outputting of the data blocks, and the generated encrypted data blocks are outputted one by one so that the data blocks are processed in both of i) said accumulating of the data blocks each having the B1 bit length and outputting of the data block having the B2 bit length, and ii) said reconstructing of the processed packet; in said accumulating of the data blocks each having the B1 bit length and outputting of the data block having the B2 bit length, the encrypted data blocks which have been outputted in said performing of the encryption processing are accumulated, and when the number of accumulated encrypted data blocks each having the B1 bit length reaches n, the data block having B2 the bit length made up of the n encrypted data blocks each having the B1 bit length is outputted so that the data block having the B2 bit length is processed in said performing of the authentication processing; in said performing of the authentication processing, an intermediate value obtained in the middle of generating the authentication value is updated using the data block having the B2 bit length, when the data block having the B2 bit length accumulated in said accumulating is received, and the intermediate value is outputted as the authentication value when the intermediate value is updated using the at least one data block having the B2 bit length corresponding to the inputted packet; and in said reconstructing, (i) the encrypted data blocks obtained in said performing of the encryption processing and corresponding to the data blocks obtained by dividing the inputted packet are received and accumulated one by one, (ii) the authentication value generated in said generating of the authentication value is received, and (iii) the processed packet is reconstructed by using a set of the accumulated encrypted data blocks and the authentication value. - View Dependent Claims (19)
-
Specification