Method and system for performing asynchronous cryptographic operations

US 8,091,125 B1
Filed: 03/27/2008
Issued: 01/03/2012
Est. Priority Date: 01/14/2002
Status: Active Grant

First Claim

Patent Images

1. A method of performing cryptographic operations, comprising:

receiving, within a thread of execution, a first request for a first cryptographic operation that is at least part of a secure communication protocol handshake that is an SSL handshake;

initiating, within the thread of execution, the first cryptographic operation by communicating with a single cryptographic accelerator;

after initiating the first cryptographic operation, receiving, within the thread of execution, a second request for a second cryptographic operation;

initiating, within the thread of execution, the second cryptographic operation by communicating with the same single cryptographic accelerator; and

receiving an indication that the first cryptographic operation has completed, wherein, the initiation of the second cryptographic operation is performed prior to receiving the indication that the first cryptographic operation has completed, and wherein the second cryptographic operation completes prior to the completion of the first cryptographic operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for performing asynchronous cryptographic operations. A cryptographic toolkit receives requests for cryptographic operations, and initiates the cryptographic operations within a thread of execution. The toolkit detects when the cryptographic operations are complete, retrieves the results, and returns the results to a calling program. The cryptographic operations are performed in an asynchronous manner, without blocking a calling program. The calling program can specify whether the requested operations are to be performed without blocking.

67 Citations

View as Search Results

19 Claims

1. A method of performing cryptographic operations, comprising:
- receiving, within a thread of execution, a first request for a first cryptographic operation that is at least part of a secure communication protocol handshake that is an SSL handshake;
  
  initiating, within the thread of execution, the first cryptographic operation by communicating with a single cryptographic accelerator;
  
  after initiating the first cryptographic operation, receiving, within the thread of execution, a second request for a second cryptographic operation;
  
  initiating, within the thread of execution, the second cryptographic operation by communicating with the same single cryptographic accelerator; and
  
  receiving an indication that the first cryptographic operation has completed, wherein, the initiation of the second cryptographic operation is performed prior to receiving the indication that the first cryptographic operation has completed, and wherein the second cryptographic operation completes prior to the completion of the first cryptographic operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the first cryptographic operation is an SSL operation.
  - 3. The method of claim 1, wherein the first cryptographic operation is at least part of a digital signature operation.
  - 4. The method of claim 1, wherein the cryptographic accelerator is at least partially implemented in hardware.
  - 5. The method of claim 1, wherein the first request is received from a controlling software program and the controlling software program is not blocked from execution by executing the first request.
  - 6. The method of claim 1, further comprising:
    - in response to receiving the first request for the first cryptographic operation, passing an operation identifier to the request sender; and
      
      associating the operation identifier with the first cryptographic operation.
  - 7. The method of claim 1, wherein the first cryptographic operation is at least a portion of one of a set of operations consisting of a cryptographic hashing function, an encryption function, and a decryption function.
  - 8. The method of claim 1, wherein a result of the first cryptographic operation and a result of the second cryptographic operation operates at least in part on different input data, and wherein the single cryptographic accelerator is configured to perform a plurality of different cryptographic operations.

9. A method of performing a plurality of cryptographic operations, comprising:
- receiving, within a single thread of execution, a plurality of requests to perform cryptographic operations wherein at least one of the cryptographic operations is at least a part of a secure communication protocol handshake that is an SSL handshake;
  
  asynchronously initiating, within the thread of execution, each of the cryptographic operations within a same cryptographic accelerator, wherein at least two of the cryptographic operations receive different data upon which to perform at least a portion of the respective cryptographic operations;
  
  associating each of the plurality of requests with a corresponding cryptographic operation;
  
  after initiating each of the cryptographic operations, receiving a result corresponding to each of the plurality of requests; and
  
  passing each result corresponding to each of the plurality of requests, wherein at least one of the cryptographic operations corresponding to at least one of the plurality of requests is initiated within the thread of execution prior to receiving the result of at least one cryptographic operation corresponding to at least one prior received request.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, further comprising receiving at least one specification, the at least one specification specifying whether to block during a processing of each cryptographic operation, and selectively blocking a controlling program based on the at least one specification.
  - 11. The method of claim 9, wherein at least one cryptographic operation is at least one of an SSL operation.

12. A device for performing cryptographic operations in a single thread of execution, comprising:
- a cryptographic accelerator that is configured to perform a plurality of cryptographic operations; and
  
  a processor that is configured and arranged to perform actions, including;
  
  requesting that a first cryptographic operation be performed by a cryptographic accelerator configured to perform a plurality of concurrent cryptographic operations the first cryptographic operation is at least part of secure communication protocol handshake that is an SSL handshake;
  
  specifying that the first cryptographic operation is to be a non-blocking operation;
  
  performing processing operations after requesting that the first cryptographic operation be performed;
  
  requesting a second cryptographic operation after initiating the processing operations for the first cryptographic operation; and
  
  selectively receiving a result of the second cryptographic operation from the cryptographic accelerator prior to receiving a result of the first cryptographic operation.
- View Dependent Claims (13, 14)
- - 13. The device of claim 12, wherein at least one of the first or the second cryptographic operation comprises an SSL operation.
  - 14. The device of claim 12, wherein the first cryptographic operation and the second cryptographic operation are performed on different data inputs.

15. A hardware device for performing cryptographic operations, comprising:
- a central processing unit (CPU) having thereon the following;
  
  a cryptographic application program interface (API) including an interface that receives requests for performing cryptographic operations;
  
  at least one cryptographic component that communicates with a cryptographic accelerator; and
  
  a component configured and arranged to perform a plurality of concurrent requested cryptographic operations using the same cryptographic accelerator within a single thread of execution such that at least a first cryptographic operation finishes before a second cryptographic operation and the second cryptographic operation is initiated before the first cryptographic operation, and wherein at least one of the cryptographic operations is at least a part of a secure communication protocol handshake that is an SSL handshake.
- View Dependent Claims (16)
- - 16. The hardware device of claim 15, wherein the component configured and arranged to perform the plurality of concurrent requested cryptographic operations further performs actions, comprising:
    - receiving, within a thread of execution, a plurality of requests for cryptographic operations, each request having a corresponding cryptographic operation;
      
      initiating, within the thread, the cryptographic operations, so that at least two of the cryptographic operations are performed concurrently, and wherein at least two of the cryptographic operations are performed on different input data;
      
      querying whether each cryptographic operation has completed; and
      
      returning a result for each cryptographic operation.

17. A device having at least one hardware component for performing cryptographic operations, comprising:
- a central processing unit (CPU) having thereon the following;
  
  a cryptographic accelerator that is configured to perform a plurality of different cryptographic operations;
  
  a receiving mechanism that receives cryptographic requests from a controlling program to perform a plurality of cryptographic operations, each cryptographic request having a corresponding cryptographic operation and at least one of the cryptographic operations is at least a part of a secure communication protocol handshake that is an SSL handshake;
  
  an output mechanism that provides cryptographic results of the plurality of cryptographic operations to the controlling program, each result corresponding to one of the cryptographic requests; and
  
  a performance mechanism configured and arranged to perform the plurality of cryptographic operations by communicating with the same cryptographic accelerator, such that the requests are received asynchronously from a single thread, and the results are provided to the single thread, wherein at least one of the cryptographic results is provided in an order that does not correspond to the order in which the cryptographic requests are received.
- View Dependent Claims (18, 19)
- - 18. The device of claim 17, wherein the cryptographic operations include at least one of the cryptographic operations is a signing operation, a verification operation, an encryption operation, or a decryption operation.
  - 19. The device of claim 17, wherein at least two of the plurality of cryptographic operations are performed in part on different input data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
FS Networks Incorporated
Inventors
Hughes, John R., Masters, Richard R., Schmitt, David D.
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US12/057,208
Time in Patent Office

1,377 Days
Field of Search

726/14, 380/52, 380/30, 713/192, 713/189
US Class Current

726/14
CPC Class Codes

G06F 9/4843   by program, e.g. task dispa...

H04L 2209/125   Parallelization or pipelini...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0428   wherein the data content is...

H04L 63/0485   Networking architectures fo...

H04L 63/166   at the transport layer

H04L 9/3249   using RSA or related signat...

Method and system for performing asynchronous cryptographic operations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for performing asynchronous cryptographic operations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links