×

Secure data transfer over a network

  • US 8,468,337 B2
  • Filed: 03/02/2004
  • Issued: 06/18/2013
  • Est. Priority Date: 03/02/2004
  • Status: Expired due to Fees
First Claim
Patent Images

1. A system, comprising:

  • a memory;

    a memory controller that transfers data received from a network to the memory;

    a network interface coupled to the memory controller, the network interface comprising;

    a first data moving unit (DMU) that exchanges secure data with a first portion of the network;

    a second DMU that exchanges non-secure data with a second portion of the network; and

    an embedded processor complex coupled to the memory controller, the embedded processor complex comprising;

    a first protocol processor in communication with a first crypto coprocessor and a shared memory; and

    a second protocol processor in communication with a second crypto coprocessor and the shared memory;

    wherein the first and the second crypto coprocessors each comprise a sequential cascaded plurality of processors, and each of the sequential cascaded plurality of processors comprise;

    an input interface in communication with the shared memory and with inputs of first, second and third cascaded processors;

    an output interface in communication with the shared memory and with outputs of the first, second and third cascaded processors; and

    an output of the first cascaded processor coupled to an input of the second cascaded processor and to an input of the third cascaded processor, and an output of the second cascaded processor coupled to an input of the third cascaded processor; and

    wherein the first and second protocol processors in parallel identify information flow of the data in the memory, identify a priority of the identified information flow, retrieve a portion of the data from the memory using the memory controller based on the identified priority, perform security operations on the retrieved portion of the data, store the operated-on portion of the data in the memory using the memory controller, queue data for transfer based on the identified priority and discard portions of data associated with a particular information flow based on the identified priority;

    wherein the first cascaded processor in response to an input of uncompressed, non-secure data from the input interface, outputs compressed data to the second cascaded processor and to the third cascaded processor, the second cascaded processor encrypts the compressed data received from the first cascaded processor and outputs the encrypted compressed data to the shared memory via the output interface, and the third processor hashes the compressed data received from the first cascaded processor and outputs a fixed length digest of the compressed data to the shared memory via the output interface; and

    wherein the second cascaded processor, in response to an input of secure data from the input interface, decrypts the secure data received from the input interface and outputs the decrypted data to the shared memory via the output interface, and the third processor hashes the secure data input from the input interface and outputs a fixed length digest of the secure data to the shared memory via the output interface; and

    wherein the memory controller is further configured to transfer the operated-on portion of the data from the memory to the network, wherein portions of the data having higher priority information flow are retrieved before portions of the data having lower priority information flow based on the identified priority, wherein the priority of information flow is independent of an order in which the data is stored in the memory and any contentions for memory.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×