Methods and apparatus for accelerating secure session processing
First Claim
Patent Images
1. A method for establishing a secure communications channel between a first entity and a second entity, comprising:
- (a) receiving a first message from the first entity, wherein the first message includes a first set of security parameters;
(b) transmitting a second message to the first entity, wherein the second message includes a second set of security parameters;
(c) receiving a negotiation key from the first entity in response to the second message;
(d) issuing a function call to a cryptographic processing module, wherein the function call includes the first set of security parameters, the second set of security parameters, and the negotiation key, wherein the function call causes the cryptographic processing module to generate a master key and a set of server session keys;
(e) receiving the set of server session keys from the cryptographic processing module; and
(f) engaging in secure communications with the first entity using the server session keys.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.
-
Citations
19 Claims
-
1. A method for establishing a secure communications channel between a first entity and a second entity, comprising:
-
(a) receiving a first message from the first entity, wherein the first message includes a first set of security parameters; (b) transmitting a second message to the first entity, wherein the second message includes a second set of security parameters; (c) receiving a negotiation key from the first entity in response to the second message; (d) issuing a function call to a cryptographic processing module, wherein the function call includes the first set of security parameters, the second set of security parameters, and the negotiation key, wherein the function call causes the cryptographic processing module to generate a master key and a set of server session keys; (e) receiving the set of server session keys from the cryptographic processing module; and (f) engaging in secure communications with the first entity using the server session keys. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for establishing a secure communications channel between a first entity and a second entity, comprising:
-
(a) transmitting a first message to the second entity, wherein the first message includes a first set of security parameters; (b) receiving a second message from the second entity, wherein the second message includes a second set of security parameters; (c) generating a negotiation key using at least a portion of the second set of security parameters; (d) transmitting the negotiation key from the first entity in response to the second message; (e) issuing a function call to a cryptographic processing module, the function call including the first set of security parameters, the second set of security parameters, and the negotiation key, wherein the function call causes the cryptographic processing module to generate a master key and a set of client session keys; (f) receiving the set of client session keys from the cryptographic processing module; and (g) engaging in secure communications with the second entity using the client session keys. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for establishing a security communications channel with an entity, comprising:
-
a cryptographic processing module configured to generate a master key and a set of session keys in response to receipt of a key generation function call; and a central processing unit coupled to the cryptographic processing module, wherein the central processing unit is configured to; receive a set of messages from the entity, wherein the set of messages includes a set of security parameters, and issue the key generation function call to the cryptographic processing module. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification