Secure data transfer over a network
First Claim
1. A system, comprising:
- a memory;
a memory controller that transfers data received from a network to the memory;
a network interface coupled to the memory controller, the network interface comprising;
a first data moving unit (DMU) that exchanges secure data with a first portion of the network;
a second DMU that exchanges non-secure data with a second portion of the network; and
an embedded processor complex coupled to the memory controller, the embedded processor complex comprising;
a first protocol processor in communication with a first crypto coprocessor and a shared memory; and
a second protocol processor in communication with a second crypto coprocessor and the shared memory;
wherein the first and the second crypto coprocessors each comprise a sequential cascaded plurality of processors, and each of the sequential cascaded plurality of processors comprise;
an input interface in communication with the shared memory and with inputs of first, second and third cascaded processors;
an output interface in communication with the shared memory and with outputs of the first, second and third cascaded processors; and
an output of the first cascaded processor coupled to an input of the second cascaded processor and to an input of the third cascaded processor, and an output of the second cascaded processor coupled to an input of the third cascaded processor; and
wherein the first and second protocol processors in parallel identify information flow of the data in the memory, identify a priority of the identified information flow, retrieve a portion of the data from the memory using the memory controller based on the identified priority, perform security operations on the retrieved portion of the data, store the operated-on portion of the data in the memory using the memory controller, queue data for transfer based on the identified priority and discard portions of data associated with a particular information flow based on the identified priority;
wherein the first cascaded processor in response to an input of uncompressed, non-secure data from the input interface, outputs compressed data to the second cascaded processor and to the third cascaded processor, the second cascaded processor encrypts the compressed data received from the first cascaded processor and outputs the encrypted compressed data to the shared memory via the output interface, and the third processor hashes the compressed data received from the first cascaded processor and outputs a fixed length digest of the compressed data to the shared memory via the output interface; and
wherein the second cascaded processor, in response to an input of secure data from the input interface, decrypts the secure data received from the input interface and outputs the decrypted data to the shared memory via the output interface, and the third processor hashes the secure data input from the input interface and outputs a fixed length digest of the secure data to the shared memory via the output interface; and
wherein the memory controller is further configured to transfer the operated-on portion of the data from the memory to the network, wherein portions of the data having higher priority information flow are retrieved before portions of the data having lower priority information flow based on the identified priority, wherein the priority of information flow is independent of an order in which the data is stored in the memory and any contentions for memory.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are described for secure data transfer over a network. According to an exemplary embodiment a system for secure data transfer over a network includes memory and a memory controller configured to transfer data received from the network to the memory. The system includes a processor, having logic configured to retrieve a portion of the data from the memory using the memory controller. The processor also includes logic configured to perform security operations on the retrieved portion of the data, and logic configured to store the operated-on portion of the data in the memory using the memory controller. The memory controller is further configured to transfer the operated-on portion of the data from the memory to the network.
-
Citations
21 Claims
-
1. A system, comprising:
-
a memory; a memory controller that transfers data received from a network to the memory; a network interface coupled to the memory controller, the network interface comprising; a first data moving unit (DMU) that exchanges secure data with a first portion of the network; a second DMU that exchanges non-secure data with a second portion of the network; and an embedded processor complex coupled to the memory controller, the embedded processor complex comprising; a first protocol processor in communication with a first crypto coprocessor and a shared memory; and a second protocol processor in communication with a second crypto coprocessor and the shared memory; wherein the first and the second crypto coprocessors each comprise a sequential cascaded plurality of processors, and each of the sequential cascaded plurality of processors comprise; an input interface in communication with the shared memory and with inputs of first, second and third cascaded processors; an output interface in communication with the shared memory and with outputs of the first, second and third cascaded processors; and an output of the first cascaded processor coupled to an input of the second cascaded processor and to an input of the third cascaded processor, and an output of the second cascaded processor coupled to an input of the third cascaded processor; and wherein the first and second protocol processors in parallel identify information flow of the data in the memory, identify a priority of the identified information flow, retrieve a portion of the data from the memory using the memory controller based on the identified priority, perform security operations on the retrieved portion of the data, store the operated-on portion of the data in the memory using the memory controller, queue data for transfer based on the identified priority and discard portions of data associated with a particular information flow based on the identified priority; wherein the first cascaded processor in response to an input of uncompressed, non-secure data from the input interface, outputs compressed data to the second cascaded processor and to the third cascaded processor, the second cascaded processor encrypts the compressed data received from the first cascaded processor and outputs the encrypted compressed data to the shared memory via the output interface, and the third processor hashes the compressed data received from the first cascaded processor and outputs a fixed length digest of the compressed data to the shared memory via the output interface; and wherein the second cascaded processor, in response to an input of secure data from the input interface, decrypts the secure data received from the input interface and outputs the decrypted data to the shared memory via the output interface, and the third processor hashes the secure data input from the input interface and outputs a fixed length digest of the secure data to the shared memory via the output interface; and wherein the memory controller is further configured to transfer the operated-on portion of the data from the memory to the network, wherein portions of the data having higher priority information flow are retrieved before portions of the data having lower priority information flow based on the identified priority, wherein the priority of information flow is independent of an order in which the data is stored in the memory and any contentions for memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for secure data transfer over a network, the method comprising:
-
transferring data from the network to memory using a memory controller; identifying information flow of the data in the memory; identifying a priority of the identified information flow; retrieving a portion of the data from the memory based on the identified priority into an embedded processor complex using the memory controller, wherein portions of the data having higher priority information flow are retrieved before portions of the data having lower priority information flow, wherein the priority of information flow is independent of an order in which the data is stored in the memory and any memory contentions; the embedded processor complex performing security operations on the retrieved portion of the data via a sequential cascaded plurality of processors, wherein an input interface is in communication with a shared memory and with inputs of a first, a second and a third cascaded processor;
an output interface is in communication with the shared memory and with outputs of the first, second and third cascaded processors; and
an output of the first cascaded processor is coupled to an input of the second cascaded processor and to an input of the third cascaded processor, and an output of the second cascaded processor is coupled to an input of the third cascaded processor, by;in response to an input of uncompressed, non-secure data, the first cascaded processor outputting compressed data to the second cascaded processor and to the third cascaded processor, the second cascaded processor encrypting the compressed data received from the first cascaded processor and outputting the encrypted compressed data to the shared memory via the output interface, and the third processor hashing the compressed data received from the first cascaded processor and outputting a fixed length digest of the compressed data to the shared memory via the output interface; and in response to an input of secure data, the second cascaded processor decrypting the secure data and outputting the decrypted data to the shared memory via the output interface, and the third processor hashing the secure data input and outputting a fixed length digest of the secure data to the shared memory via the output interface; storing the operated-on portion of the data in the memory using the memory controller; discarding portions of data associated with particular information flow based on the identified memory; queuing the operated-on portion of the data for transfer based on the identified priority; and transferring the operated-on portion of the data from the memory to the network using the memory controller. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer readable storage medium, wherein the medium is not a signal, containing a computer program for secure data transfer over a network, wherein the computer program comprises executable instructions for:
-
transferring data from the network to memory using a memory controller; identifying information flow of the data in the memory; identifying a priority of the identified information flow; retrieving a portion of the data from the memory into an embedded processor complex using the memory controller based on the identified priority; performing security operations on the retrieved portion of the data using the processor;
via a sequential cascaded plurality of processors, wherein an input interface is in communication with a shared memory and with inputs of a first, a second and a third cascaded processor;
an output interface is in communication with the shared memory and with outputs of the first, second and third cascaded processors; and
an output of the first cascaded processor is coupled to an input of the second cascaded processor and to an input of the third cascaded processor, and an output of the second cascaded processor is coupled to an input of the third cascaded processor, by;in response to an input of uncompressed, non-secure data, the first cascaded processor outputting compressed data to the second cascaded processor and to the third cascaded processor, the second cascaded processor encrypting the compressed data received from the first cascaded processor and outputting the encrypted compressed data to the shared memory via the output interface, and the third processor hashing the compressed data received from the first cascaded processor and outputting a fixed length digest of the compressed data to the shared memory via the output interface; and in response to an input of secure data, the second cascaded processor decrypting the secure data and outputting the decrypted data to the shared memory via the output interface, and the third processor hashing the secure data input and outputting a fixed length digest of the secure data to the shared memory via the output interface; storing the operated-on portion of the data in the memory using the memory controller; discarding portions of data associated with particular information flow based on the identified memory; queuing the operated-on portion of the data for transfer based on the identified priority; and transferring the operated-on portion of the data from the memory to the network using the memory controller, wherein operated-on portions of the data having higher priority information flow are transferred before portions of the data having lower priority information flow, wherein the priority does not depend on a location of the operated-on data in the memory and any memory contention. - View Dependent Claims (19, 20, 21)
-
Specification