Data transfer efficiency in a cryptography accelerator system

US 7,941,662 B2
Filed: 05/31/2002
Issued: 05/10/2011
Est. Priority Date: 05/31/2002
Status: Active Grant

First Claim

Patent Images

1. A method for transferring data in a cryptography accelerator system, the method comprising:

reading an input message at a cryptography accelerator from a host coupled to the cryptography accelerator and a network device, the input message comprising data and application descriptor information, wherein the cryptography accelerator, the network device, and the host are operable to access a plurality of types of shared memory and wherein the application descriptor information identifies an address within a type of shared memory of the plurality of types of shared memory and a format for writing processed data to the type of shared memory associated with the identified address;

performing cryptographic operations on the data to derive processed data;

separating the processed data into a plurality of segments;

directly writing the plurality of segments to the identified address and in the format identified by the application descriptor information in the input message.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are provided for performing authentication and decryption operations in a cryptography accelerator system. Input data passed to a cryptography accelerator from a host such a CPU includes information for a cryptography accelerator to determine where to write the processed data. In one example, processed data is formatted as packet payloads in a network buffer. Checksum information is precalculated and an offset for a header is maintained.

Citations

39 Claims

1. A method for transferring data in a cryptography accelerator system, the method comprising:
- reading an input message at a cryptography accelerator from a host coupled to the cryptography accelerator and a network device, the input message comprising data and application descriptor information, wherein the cryptography accelerator, the network device, and the host are operable to access a plurality of types of shared memory and wherein the application descriptor information identifies an address within a type of shared memory of the plurality of types of shared memory and a format for writing processed data to the type of shared memory associated with the identified address;
  
  performing cryptographic operations on the data to derive processed data;
  
  separating the processed data into a plurality of segments;
  
  directly writing the plurality of segments to the identified address and in the format identified by the application descriptor information in the input message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the network device is a network card.
  - 3. The method of claim 2, wherein application descriptor information comprises output offset information.
  - 4. The method of claim 3, wherein application descriptor information comprises output offset information for each of the plurality of segments, wherein the offset information for a segment indicates the size of a gap prior to the start of the associated segment.
  - 5. The method of claim 4, wherein writing the plurality of segments comprises leaving the gap determined by the corresponding offset information before each of the plurality of segments for a plurality of headers.
  - 6. The method of claim 5, wherein writing the plurality of segments comprises precalculating checksum information so that a host does not need to generate the checksum information.
  - 7. The method of claim 6, wherein the checksum information is partial checksum information used by the host to generate a TCP/IP checksum.
  - 8. The method of claim 2, wherein the plurality of segments correspond to a plurality of payloads in a plurality of network packets.
  - 9. The method of claim 8, wherein the host adds header information to each of the network packets.
  - 10. The method of claim 9, wherein the host is a CPU.
  - 11. The method of claim 10, wherein the plurality of packets are transmitted without the host having to reread the payload.
  - 12. The method of claim 11, wherein the type of shared memory associated with the identified address is a network buffer.
  - 13. The method of claim 11, wherein the type of shared memory associated with the identified address is page memory.
  - 14. The method of claim 11, wherein the type of shared memory associated with the identified address is DMA memory.
  - 15. The method of claim 11, wherein the type of shared memory associated with the identified address is kernel memory.

16. A system for performing cryptographic operations in a network, the system comprising:
- a network device operable to transmit a packet including cryptographically processed data onto the network;
  
  a plurality of types of memory shared among the host, the network device, and a cryptography accelerator;
  
  a host coupled to system memory, the host configured to provide application descriptor information and data for cryptography processing, wherein the application descriptor information provided by the host identifies an address within a type of shared memory of the plurality of types of shared memory and a format for writing processed data to the type of shared memory associated with the identified address;
  
  a cryptography accelerator configured to directly write cryptographically processed data into one of the plurality of types of memory at the identified address and in the format identified by the application descriptor information;
  
  wherein the packet comprises a payload substantially written by the cryptography accelerator and header substantially written by the host.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system of claim 16, wherein the host is a CPU.
  - 18. The system of claim 17, wherein the network device transmits a plurality of packets including cryptographically processed data.
  - 19. The system of claim 18, wherein the network device is a network card.
  - 20. The system of claim 19, wherein the type of shared memory associated with the identified address is a network buffer.
  - 21. The system of claim 16, wherein the cryptography accelerator is further configured to calculate checksum information.
  - 22. The system of claim 21, wherein the cryptography accelerator is further configured to separate the processed data into a plurality of segments.
  - 23. The system of claim 22, wherein the plurality of segments are written as the payloads of a plurality of packets.

24. A cryptography accelerator configured to receive application descriptor information and data from a central processing unit over a system bus, the application descriptor information identifying an address within a type of shared memory of the plurality of types of shared memory and a format for writing processed data to the identified type of shared memory associated with the identified address;
- wherein the cryptography accelerator is operable to perform cryptographic processing to derive processed data and is further operable to directly write segments of the processed data to the identified address and in a format identified by the received application descriptor information.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The cryptography accelerator of claim 24, wherein the segments correspond substantially to the payloads of a plurality of TCP/IP packets.
  - 26. The cryptography accelerator of claim 25, wherein the central processing unit writes the headers of the plurality of TCP/IP packets.
  - 27. The cryptography accelerator of claim 26, wherein the network device is a network card.
  - 28. The cryptography accelerator of claim 27, wherein the type of shared memory associated with the identified address is a network buffer.
  - 29. The cryptography accelerator of claim 24, wherein the cryptography accelerator is further configured to calculate checksum information.
  - 30. The cryptography accelerator of claim 24, wherein the cryptography accelerator is further configured to separate the processed data into a plurality of segments.
  - 31. The cryptography accelerator of claim 24, wherein the application descriptor information includes information for determining a plurality of memory locations to write the processed data.

32. An apparatus for transferring data in a cryptography accelerator system, the method comprising:
- means for reading an input message at a cryptography accelerator from a host coupled to the cryptography accelerator and a network device, the input message comprising data and application descriptor information, wherein the cryptography accelerator, the network device, and the host are operable to access a plurality of types of shared memory and wherein the application descriptor information identifies an address within a type of shared memory of the plurality of types of shared memory and a format for writing processed data to the type of shared memory associated with the identified address;
  
  means for performing cryptographic operations on the data to derive processed data;
  
  means for separating the processed data into a plurality of segments;
  
  means for directly writing the plurality of segments to the identified address and in a format identified by the application descriptor information.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
- - 33. The apparatus of claim 32, wherein the network device is a network card.
  - 34. The apparatus of claim 33, wherein application descriptor information comprises output offset information.
  - 35. The apparatus of claim 34, wherein application descriptor information comprises output offset information for each of the plurality of segments, wherein the offset information for a segment indicates the size of a gap prior to the start of the associated segment.
  - 36. The apparatus of claim 35, wherein writing the plurality of segments comprises leaving the gap determined by the corresponding offset information before each of the plurality of segments for a plurality of headers.
  - 37. The apparatus of claim 36, wherein writing the plurality of segments comprises precalculating checksum information so that a host does not need to generate the checksum information.
  - 38. The apparatus of claim 37, wherein the checksum information is partial checksum information used by the host to generate a TCP/IP checksum.
  - 39. The apparatus of claim 33, wherein the plurality of segments correspond to a plurality of payloads in a plurality of network packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Tardo, Joseph, Buer, Mark
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US10/161,475
Publication Number

US 20030226018A1
Time in Patent Office

3,266 Days
Field of Search

380/255
US Class Current

713/168
CPC Class Codes

G06F 21/72   in cryptographic circuits

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

Data transfer efficiency in a cryptography accelerator system

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Data transfer efficiency in a cryptography accelerator system

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links