1. Field of the Invention
This invention relates in general to computer-implemented systems for processing packets, and, in particular, to performing encryption and authentication in parallel while processing packets.
2. Description of Related Art
In the last decade, the use of computers in both the home and office have become widespread. These computers provide a high level of functionality to many people.
Additionally, the computers are typically connected to other computers via a network, such as the Internet and the World Wide Web (also known as “WWW” or the “Web”). Therefore, users are transmitting computer data between computers with increasing frequency. However, the growing use of computers to transmit data has resulted in extensive unauthorized use and copying of data while the data is stored on the computer or being transmitted between computers, costing owners of the data substantial revenue.
Moreover, with the fast growing popularity of the Internet and the World Wide Web (also known as “WWW” or the “Web”), there is also a fast growing demand for improved security of data. One technique for protecting data is by encrypting the data prior to transmitting the data. Cryptography involves transforming data into an unreadable format that can be deciphered with a “key” and transformed into a readable format. Cryptography may be used to protect various types of information, such as e-mail messages and personal information (e.g., bank account numbers). Another technique for protecting data is authentication. Authentication involves determining whether the source of particular data is a valid source. Authentication may involve using passwords or user names. This information may be appended to the data being transmitted so that the receiving computer can authenticate the data as coming from an appropriate transmitting computer.
Various forms of cryptographic units or modules have been developed for providing encryption and/or decryption functions. In addition, various forms of authentication units or modules have been developed for providing authentication functions. A combination of cryptographic and authentication units may be used, for example, to append authentication information to data before or after encryption. This authenticated and encrypted data may then be transmitted from a first computer to a second computer. The second computer uses the authentication information to determine whether the source of the data is a valid source, and also decrypts the data for processing.
If encryption and authentication are implemented in a single unit; then one packet must be encrypted and authenticated before the next packet is encrypted and authenticated. This continues until each packet is processed. One problem with this technique is that each packet to be encrypted must wait until the previous packet was both encrypted and authenticated.
On the other hand, if encryption and authentication are implemented in separate, independent design units, then the second packet need only wait until the required individual resource (rather than the combined encryption/authentication unit) becomes available. For instance, the second packet need only wait until the first packet has been encrypted and passed to the authentication unit. Once the first packet is passed to the authentication unit, the second packet may be provided to the encryption unit and encryption of the second packet may begin while authentication of the first packet proceeds. Thus, the system need not wait until the first packet is completely encrypted and authenticated before beginning encryption of the second package. However, the use of independent encryption and authentication units can result in significantly more communication traffic and congestion on the internal or external communication buses, as data is transferred between memory and each of the independent units. Such congestion can increase processing latency and reduce throughput. The congestion problem increases as the number of authentication units and encryption units increases.
There is a need in the art for more efficient processing of packets to provide security in data storage and transmission.