In recent years, studies are underway on portable terminals and systems that use different communications functions depending on various uses of applications by mounting WLAN functions allowing high-speed data communications in a narrow area on the portable terminals capable of communications in a wide area and complementing communications. In line with the diversification of such communications techniques or applications, there is also a demand for assuring security while maintaining speed enhancement of packet transmission on a network, and the speed enhancement of networks is underway concurrently with standardization of network security standards including IPSEC.
Along with this trend, there is also a growing demand for speed enhancement of encryption/decryption apparatuses that encrypt packets on a network. Therefore, in order to meet the demand for speed enhancement also for small terminals with low CPU processing capacity typified by portable terminals, encryption/decryption apparatuses are making their debut, which are capable of realizing encryption/decryption faster than software processing by causing the encryption/decryption function to be executed on a hardware board.
Patent Document 1 discloses a conventional encryption/decryption apparatus that satisfies such a need. The conventional encryption/decryption apparatus disclosed in the document has a configuration as shown in FIG. 1. In the figure, reference numeral 10 is a main board and 20 is an encryption board. Reference numeral 11 is a packet receiving section that determines processings such as encryption, relay or discarding of the received packet, 13 is an encryption board control section that controls encryption 20 that performs encryption/decryption processing, 24 is a hardware encryption engine that performs actual encryption/decryption processing and 14 is a software encryption engine. Furthermore, reference numeral 12 is an encryption logic determining section that determines whether to perform the encryption/decryption processing by hardware or software and 15 is a packet transmitting section that transmits packets to a network.
Upon receiving a packet, packet receiving section 11 carefully examines its content, and, when encryption or decryption is necessary, transfers the packet to encryption logic determining section 12. Encryption logic determining section 12, having received the packet, determines whether to perform encryption/decryption processing by hardware or perform encryption/decryption processing by software for the packet, based on the encryption/decryption length of the packet (i.e. packet size). More specifically, a packet having a short encryption/decryption length is processed in software encryption engine 14 and a packet having a long encryption/decryption length is processed in hardware encryption engine 24. When encryption/decryption is finished, a packet which has been encrypted or decrypted is transferred to packet transmitting section 15, and transmitted outside from packet transmitting section 15.
As described above, the conventional encryption/decryption apparatus processes a packet that has a long encryption/decryption length and that therefore requires a long time for encryption/decryption processing, by hardware which allows high-speed processing, and processes a packet that has a short encryption/decryption length and that therefore requires a small amount of encryption/decryption processing and produces little difference in processing time between hardware and software, by software which is slower in processing than hardware, thereby realizing more efficient encryption/decryption processing on the whole.
Patent Document 1: Japanese Patent Application Laid-Open No. 2003-69555