Method and apparatus for out of order writing of status fields for receive IPsec processing
First Claim
Patent Images
1. A network interface system for interfacing a host system with a network to provide outgoing data from the host system to the network and to provide incoming data from the network to the host system, the network interface system comprising:
- a bus interface system operably coupled with a host bus in the host system, the bus interface system being adapted to transfer data between the network interface system and the host system;
a media access control system operably coupled with the network, the media access control system being adapted to transfer data between the network interface system and the network;
a security system adapted to selectively encrypt outgoing data and to selectively decrypt incoming data from the network; and
a memory system, comprising first and second memories, the first memory being coupled with the media access control system and the security system and storing data from the network prior to security processing, the second memory being coupled to the security system and the bus interface system and storing data processed by the security system prior to transfer to the host system;
wherein the security system comprises an input control system that controls data flow from the first memory into the security processing system, a core module that performs security processing on data received from the input control system, and an output control system that controls data flow from the security system to the second memory system;
wherein the core module of the security system simultaneously decrypt and authenticate a packet payload for out-of-order writing of packet data to the output control system and wherein the output control system assembles the out-of-order data in correct order within the second memory; and
wherein the output control system receive at least a part of a decrypted payload of a subsequent packet before a status word of a preceding packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Network interface systems are disclosed comprising a bus interface system, a media access control system, a memory system, a security system for selectively encrypting outgoing data and decrypting incoming data, where the network interface system may be fabricated as a single integrated circuit chip. Systems and methods are disclosed wherein out-of-order writing is used to improve throughput for the security system on the receive end.
75 Citations
19 Claims
-
1. A network interface system for interfacing a host system with a network to provide outgoing data from the host system to the network and to provide incoming data from the network to the host system, the network interface system comprising:
-
a bus interface system operably coupled with a host bus in the host system, the bus interface system being adapted to transfer data between the network interface system and the host system; a media access control system operably coupled with the network, the media access control system being adapted to transfer data between the network interface system and the network; a security system adapted to selectively encrypt outgoing data and to selectively decrypt incoming data from the network; and a memory system, comprising first and second memories, the first memory being coupled with the media access control system and the security system and storing data from the network prior to security processing, the second memory being coupled to the security system and the bus interface system and storing data processed by the security system prior to transfer to the host system; wherein the security system comprises an input control system that controls data flow from the first memory into the security processing system, a core module that performs security processing on data received from the input control system, and an output control system that controls data flow from the security system to the second memory system; wherein the core module of the security system simultaneously decrypt and authenticate a packet payload for out-of-order writing of packet data to the output control system and wherein the output control system assembles the out-of-order data in correct order within the second memory; and wherein the output control system receive at least a part of a decrypted payload of a subsequent packet before a status word of a preceding packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network interface system for interfacing a host system with a network to provide outgoing data from the host system to the network and to provide incoming data from the network to the host system, the network interface system comprising:
-
a bus interface system operably coupled with a host bus in the host system, the bus interface system being adapted to transfer data between the network interface system and the host system; a media access control system operably coupled with the network, the media access control system being adapted to transfer data between the network interface system and the network; a security system adapted to selectively decrypt and authenticate incoming data from the network; and a memory system, comprising first and second memories, the first memory being coupled with the media access control system and the security system and storing data from the network prior to security processing, the second memory being coupled to the security system and the bus interface system and storing data processed by the security system prior to transfer to the host system; wherein the security system begin writing decrypted data for a subsequent packet to the second memory while completing authentication for a current packet; and a core module decrypt completely the subsequent packet prior to authenticating the current packet. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification