Packet-parallel high performance cryptography systems and methods
First Claim
1. A cryptographic system, comprising:
- a plurality of input buffers configured to temporarily store a plurality of packets, each of the packets including one or more data blocks;
a plurality of cryptographic sub-units associated with the input buffers, each of the sub-units being configured to perform a cryptographic operation on the data blocks from the associated input buffer to form transformed blocks;
a scheduler configured to assign each of the packets to one of the sub-units, as an assigned sub-unit, based on an amount of data stored in the associated input buffer; and
a reassembler configured to;
receive the transformed blocks from the assigned sub-units;
reassemble the packets from the transformed blocks to form reassembled packets, andoutput the reassembled packets in a same order in which the packets arrived at the scheduler.
9 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic system (500) includes cryptographic sub-units (510) and associated input buffers (520) connected to a scheduler (530) and a reassembler (540). The scheduler (530) receives packets, where each of the packets includes one or more data blocks, and assigns each of the packets to one of the sub-units (510). The input buffers (520) temporarily store the packets from the scheduler (530). Each of the sub-units (510) performs a cryptographic operation on the data blocks from the associated input buffer (520) to form transformed blocks. The reassembler (540) receives the transformed blocks from the sub-units (510), reassembles the packets from the transformed blocks, and outputs the reassembled packets in a same order in which the packets were received by the scheduler (530).
25 Citations
22 Claims
-
1. A cryptographic system, comprising:
-
a plurality of input buffers configured to temporarily store a plurality of packets, each of the packets including one or more data blocks; a plurality of cryptographic sub-units associated with the input buffers, each of the sub-units being configured to perform a cryptographic operation on the data blocks from the associated input buffer to form transformed blocks; a scheduler configured to assign each of the packets to one of the sub-units, as an assigned sub-unit, based on an amount of data stored in the associated input buffer; and a reassembler configured to; receive the transformed blocks from the assigned sub-units; reassemble the packets from the transformed blocks to form reassembled packets, and output the reassembled packets in a same order in which the packets arrived at the scheduler. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A cryptographic system, comprising:
-
means for receiving a plurality of packets, each of the packets including one or more data blocks; means for assigning each of the packets to one of a plurality of input buffers based on an amount of data stored in the input buffer; means for performing a cryptographic operation on the data blocks from each of the input buffers to form transformed blocks; means for reassembling the packets from the transformed blocks to form reassembled packets; and means for outputting the reassembled packets in a same order in which the packets were received.
-
-
12. A cryptographic method, comprising:
-
receiving a plurality of packets, each of the packets including one or more data blocks; assigning each of the packets to one of a plurality of input buffers, as an assigned input buffer, based on an amount of data stored in the input buffer; storing the data blocks in the assigned input buffers; performing a cryptographic operation on the data blocks from each of the input buffers to form transformed blocks; reassembling the packets from the transformed blocks to form reassembled packets; and outputting the reassembled packets in a same order in which the packets were received. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A network device, comprising:
-
a plurality of input ports configured to receive a plurality of packets; a plurality of output ports configured to transmit the packets; and a packet processing system configured to transmit the packets from the input ports to the output ports, the packet processing system comprising; a plurality of input buffers configured to temporarily store the packets, each of the packets including one or more data blocks, a plurality of cryptographic sub-units associated with the input buffers, each of the sub-units being configured to perform a cryptographic operation on the data blocks from the associated input buffer to form transformed blocks, a scheduler configured to assign each of the packets to one of the sub-units based on an amount of data stored in the associated input buffer, and a reassembler configured to; receive the transformed blocks from the sub-units, reassemble the packets from the transformed blocks, and output the reassembled packets in a same order in which the packets arrived at the scheduler.
-
Specification