Methods and apparatus for passing initialization vector information from software to hardware to perform IPsec encryption operation

US 7,826,614 B1
Filed: 04/02/2004
Issued: 11/02/2010
Est. Priority Date: 11/05/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A network interface system for interfacing a host system with a network to provide outgoing data from the host system to the network and to provide incoming data from the network to the host system, the network interface system comprising:

a bus interface system adapted to be coupled with a host bus in the host system and transfer data between the network interface system and the host system;

a media access control system adapted to be coupled with the network and to transfer data between the network interface system and the network;

a memory system coupled with the bus interface system and the media access control system, the memory system being adapted to store incoming and outgoing data being transferred between the network and the host system;

a security system coupled with the memory system, the security system being adapted to selectively encrypt outgoing data and to selectively decrypt incoming data; and

a descriptor management system coupled with the bus interface system and the security system, the descriptor management system being adapted to obtain initialization vector information from the host system and to provide the initialization vector information to the security systemwherein the security system is adapted to employ an initial random data string from the outgoing data to begin encryption before security association information has been retrieved by the security system.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network interface system is presented for interfacing a host system with a network, including a bus interface system, a media access control system, a memory system, a security system, and a descriptor management system, wherein the descriptor management system obtains initialization vector information from the host system and provides the initialization vector information to the security system. A method of encrypting outgoing data in a network interface system is provided, comprising providing initialization vector information from a descriptor to a security system in a network interface system, selectively encrypting or authenticating outgoing data using the security system, and selectively employing an initialization vector from the outgoing data to perform CBC encryption of the outgoing data according to the initialization vector information.

Citations

21 Claims

1. A network interface system for interfacing a host system with a network to provide outgoing data from the host system to the network and to provide incoming data from the network to the host system, the network interface system comprising:
- a bus interface system adapted to be coupled with a host bus in the host system and transfer data between the network interface system and the host system;
  
  a media access control system adapted to be coupled with the network and to transfer data between the network interface system and the network;
  
  a memory system coupled with the bus interface system and the media access control system, the memory system being adapted to store incoming and outgoing data being transferred between the network and the host system;
  
  a security system coupled with the memory system, the security system being adapted to selectively encrypt outgoing data and to selectively decrypt incoming data; and
  
  a descriptor management system coupled with the bus interface system and the security system, the descriptor management system being adapted to obtain initialization vector information from the host system and to provide the initialization vector information to the security systemwherein the security system is adapted to employ an initial random data string from the outgoing data to begin encryption before security association information has been retrieved by the security system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the security system comprises at least one transmit security processor adapted to selectively encrypt or selectively authenticate the outgoing data.
  - 3. The system of claim 2, wherein the initialization vector information indicates whether the outgoing data is to undergo cipher block chaining (CBC) encryption in the security system.
  - 4. The system of claim 3, wherein the at least one transmit security processor selectively employs an initialization vector (IV) comprising the initial random data string from the outgoing data to perform CBC encryption according to the initialization vector information from the descriptor management system.
  - 5. The system of claim 4, wherein the at least one transmit security processor employs the initialization vector (IV) from the outgoing data if the initialization vector information indicates that the outgoing data is to undergo cipher block chaining (CBC) encryption.
  - 6. The system of claim 4, wherein the initialization vector information indicates a length of an initialization vector in the outgoing data.
  - 7. The system of claim 3, wherein the initialization vector information indicates a length of an initialization vector in the outgoing data.
  - 8. The system of claim 1, wherein the initialization vector information indicates whether the outgoing data is to undergo cipher block chaining (CBC) encryption in the security system.
  - 9. The system of claim 8, wherein the security system selectively employs an initialization vector (IV) comprising the initial random data string from the outgoing data to perform CBC encryption according to the initialization vector information, and wherein the security system is adapted to use the initial random data string as a seed value for encrypting the first block of cyphertext before the security association information has been retrieved by the security system.
  - 10. The system of claim 7, wherein the security system selectively employs the initialization vector (IV) comprising the initial random data string used as a seed value for encrypting the first block of cyphertext before the security association information has been retrieved by the security system.
  - 11. The system of claim 9, wherein the initialization vector information indicates a length of an initialization vector in the outgoing data.
  - 12. The system of claim 1, wherein the initialization vector information indicates a length of an initialization vector in the outgoing data.

13. A method of encrypting outgoing data in a network interface system, the method comprising:
- providing initialization vector information from a descriptor to a security system in a network interface system;
  
  selectively encrypting outgoing data according to an initialization vector (IV) comprising an initial random data string from the outgoing data, before security association information has been retrieved by the security system;
  
  selectively encrypting or authenticating outgoing data using the security system; and
  
  selectively employing the initialization vector (IV) from the outgoing data to perform CBC encryption or authentication of the outgoing data according to the initialization vector information.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13, wherein providing the initialization vector information comprises:
    - reading a transmit descriptor from a host system; and
      
      providing initialization vector information from the transmit descriptor to the security system.
  - 15. The method of claim 14, wherein selectively employing an initialization vector from the outgoing data to perform CBC encryption comprises determining from the initialization vector information whether an initialization vector is present in the outgoing data.
  - 16. The method of claim 15, wherein selectively employing an initialization vector from the outgoing data to perform CBC encryption further comprises determining from the initialization vector information a length of an initialization vector in the outgoing data.
  - 17. The method of claim 14, wherein selectively employing an initialization vector from the outgoing data to perform CBC encryption comprises determining from the initialization vector information a length of an initialization vector in the outgoing data.
  - 18. The method of claim 13, wherein selectively employing an initialization vector from the outgoing data to perform CBC encryption comprises determining from the initialization vector information whether an initialization vector is present in the outgoing data.
  - 19. The method of claim 18, wherein selectively employing an initialization vector from the outgoing data to perform CBC encryption further comprises determining from the initialization vector information a length of an initialization vector in the outgoing data.
  - 20. The method of claim 13, wherein selectively employing an initialization vector from the outgoing data to perform CBC encryption comprises determining from the initialization vector information a length of an initialization vector in the outgoing data.
  - 21. The method of claim 13, further comprising employing the initial random data string as a seed value for encrypting the first block of cyphertext before the security association information has been retrieved by the security system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GlobalFoundries, Inc.
Original Assignee
GlobalFoundries, Inc.
Inventors
Dwork, Jeffrey, Kaniz, Marufa
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US10/816,661
Time in Patent Office

2,405 Days
Field of Search

380/37
US Class Current

380/37
CPC Class Codes

H04L 2209/125   Parallelization or pipelini...

H04L 2209/20   Manipulating the length of ...

H04L 63/164   at the network layer

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0643   Hash functions, e.g. MD5, S...

Methods and apparatus for passing initialization vector information from software to hardware to perform IPsec encryption operation

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for passing initialization vector information from software to hardware to perform IPsec encryption operation

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links