Low-latency data decryption interface
First Claim
Patent Images
1. A system on a chip (SOC), comprising:
- one or more processor cores;
a cache for holding data accessed by the one or more processor cores, including a received portion of a first data packet containing at least a portion of a block of encrypted data;
a decryption engine; and
a packet decoder configured to pipeline the received portion of the first data packet to the decryption engine to begin decryption of the encrypted data prior to receiving the complete first data packet and checking the complete first data packet for data transfer errors; and
further configured, after receiving remaining portions of the first data packet, to;
check the first data packet for data transfer errors using buffered portions of the encrypted data;
check for security violations with the decryption engine after decryption of the block of encrypted data; and
disregard any detected security violations in response to detecting data transfer errors.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for reducing the impact of latency associated with decrypting encrypted data are provided. Rather than wait until an entire packet of encrypted data is validated (e.g., by checking for data transfer errors), the encrypted data may be pipelined to a decryption engine as it is received, thus allowing decryption to begin prior to validation. In some cases, the decryption engine may be notified of data transfer errors detected during the validation process, in order to prevent reporting false security violations.
77 Citations
5 Claims
-
1. A system on a chip (SOC), comprising:
-
one or more processor cores; a cache for holding data accessed by the one or more processor cores, including a received portion of a first data packet containing at least a portion of a block of encrypted data; a decryption engine; and a packet decoder configured to pipeline the received portion of the first data packet to the decryption engine to begin decryption of the encrypted data prior to receiving the complete first data packet and checking the complete first data packet for data transfer errors; and
further configured, after receiving remaining portions of the first data packet, to;check the first data packet for data transfer errors using buffered portions of the encrypted data; check for security violations with the decryption engine after decryption of the block of encrypted data; and disregard any detected security violations in response to detecting data transfer errors.
-
-
2. A system on a chip (SOC), comprising:
-
one or more processor cores; a cache for holding data accessed by the one or more processor cores, including a received portion of a first data packet containing at least a portion of a block of encrypted data; a decryption engine; and a packet decoder configured to pipeline the received portion of the first data packet to the decryption engine to begin decryption of the encrypted data prior to receiving the complete first data packet and checking the complete first data packet for data transfer errors; and
further configured, after receiving remaining portions of the first data packet, to;check the first data packet for data transfer errors using buffered portions of the encrypted data; check for security violations with the decryption engine after decryption of the block of encrypted data; disregard any detected security violations in response to detecting data transfer errors; and notify the decryption engine in response to detecting data transfer errors.
-
-
3. A system on a chip (SOC), comprising:
-
one or more processor cores; a cache for holding data accessed by the one or more processor cores, including a received portion of a first data packet containing at least a portion of a block of encrypted data; a decryption engine; and a packet decoder configured to pipeline the received portion of the first data packet to the decryption engine to begin decryption of the encrypted data prior to receiving the complete first data packet and checking the complete first data packet for data transfer errors; and
further configured, after receiving remaining portions of the first data packet, to;check the first data packet for data transfer errors using buffered portions of the encrypted data; check for security violations with the decryption engine after decryption of the block of encrypted data; disregard any detected security violations in response to detecting data transfer errors; and buffer received portions of a second data packet containing non-encrypted data prior to completion of decryption of the encrypted data contained in the first data packet. - View Dependent Claims (4, 5)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsPivonia, Gilad, Drehmel, Robert A., Kuesel, Jamie R., Beukema, Bruce L., Hall, William E., Shearer, Robert A.
-
Primary Examiner(s)CERVETTI, DAVID GARCIA
-
Application NumberUS12/142,007Publication NumberTime in Patent Office1,258 DaysField of Search713/181, 380/210US Class Current713/181CPC Class CodesG06F 21/72 in cryptographic circuitsH04L 2209/125 Parallelization or pipelini...H04L 63/123 received data contents, e.g...H04L 9/06 the encryption apparatus us...
