Methods and apparatus for passing initialization vector information from software to hardware to perform IPsec encryption operation
First Claim
1. A network interface system for interfacing a host system with a network to provide outgoing data from the host system to the network and to provide incoming data from the network to the host system, the network interface system comprising:
- a bus interface system adapted to be coupled with a host bus in the host system and transfer data between the network interface system and the host system;
a media access control system adapted to be coupled with the network and to transfer data between the network interface system and the network;
a memory system coupled with the bus interface system and the media access control system, the memory system being adapted to store incoming and outgoing data being transferred between the network and the host system;
a security system coupled with the memory system, the security system being adapted to selectively encrypt outgoing data and to selectively decrypt incoming data; and
a descriptor management system coupled with the bus interface system and the security system, the descriptor management system being adapted to obtain initialization vector information from the host system and to provide the initialization vector information to the security systemwherein the security system is adapted to employ an initial random data string from the outgoing data to begin encryption before security association information has been retrieved by the security system.
5 Assignments
0 Petitions
Accused Products
Abstract
A network interface system is presented for interfacing a host system with a network, including a bus interface system, a media access control system, a memory system, a security system, and a descriptor management system, wherein the descriptor management system obtains initialization vector information from the host system and provides the initialization vector information to the security system. A method of encrypting outgoing data in a network interface system is provided, comprising providing initialization vector information from a descriptor to a security system in a network interface system, selectively encrypting or authenticating outgoing data using the security system, and selectively employing an initialization vector from the outgoing data to perform CBC encryption of the outgoing data according to the initialization vector information.
-
Citations
21 Claims
-
1. A network interface system for interfacing a host system with a network to provide outgoing data from the host system to the network and to provide incoming data from the network to the host system, the network interface system comprising:
-
a bus interface system adapted to be coupled with a host bus in the host system and transfer data between the network interface system and the host system; a media access control system adapted to be coupled with the network and to transfer data between the network interface system and the network; a memory system coupled with the bus interface system and the media access control system, the memory system being adapted to store incoming and outgoing data being transferred between the network and the host system; a security system coupled with the memory system, the security system being adapted to selectively encrypt outgoing data and to selectively decrypt incoming data; and a descriptor management system coupled with the bus interface system and the security system, the descriptor management system being adapted to obtain initialization vector information from the host system and to provide the initialization vector information to the security system wherein the security system is adapted to employ an initial random data string from the outgoing data to begin encryption before security association information has been retrieved by the security system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of encrypting outgoing data in a network interface system, the method comprising:
-
providing initialization vector information from a descriptor to a security system in a network interface system; selectively encrypting outgoing data according to an initialization vector (IV) comprising an initial random data string from the outgoing data, before security association information has been retrieved by the security system; selectively encrypting or authenticating outgoing data using the security system; and selectively employing the initialization vector (IV) from the outgoing data to perform CBC encryption or authentication of the outgoing data according to the initialization vector information. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification