Shared key encryption is a popular and effective method for securing communications between two parties. In such systems, a cryptographically unique “key” is used by both parties to encrypt and decrypt the data being communicated between them. In a packet-based communication, this may involve a transmitter encrypting each frame with the security key prior to sending the frame to the receiver. A common contemporary example is an IEEE 802.11-based wireless local area network (WLAN) operating under a security protocol such as Wi-Fi protected access II (WPA2.) For example, an access point (AP) may maintain an individual security key for each session with each station (STA) in its basic service set (BSS.) Likewise, a STA may be associated with more than one BSS, requiring the STA to maintain an individual security key for each session with each AP. Although the situation may exist in any form of communication whether wired or wireless, particularly in the wireless context a communications device may receive multiple streams of encrypted information concurrently, with each stream requiring an individual security key to properly decrypt.
Under conventional implementations, a communications device may not have access to advance knowledge regarding which security key to apply without involvement of upper logical layers of the device's receiver. However, it may also be desirable to minimize the involvement of the upper logical layers during decryption in order to improve performance. As will be appreciated, a decryption module implemented in hardware in one of the lower logical layers of the communications device, such as the media access control (MAC) layer may provide considerable advantages in efficiency in comparison to a decryption process implemented in the software of the upper logical layers. For example, a hardware based decryption module may consume less power while still operating more quickly. However, as discussed above, the communications device may not be configured to resolve the source of each stream of encrypted information in the lower logical layers.
As a result, the communications device may be configured to maintain a single security key in a hardware-based decryption module, allowing the hardware to correctly decrypt information from the single source associated with that security key in an efficient manner. Encrypted information from other sources may not be decrypted correctly by the hardware, requiring that the communications device be configured to decrypt information from other sources using a software based decryption module implemented in one or more of the upper logical layers of the communications device. Although the software may have sufficient flexibility to correctly decrypt steams of information from multiple sources, performance suffers as compared to hardware-based decryption. If the processor operating the software based decryption module is not very powerful or is subject to competing demands, it may not be possible to decrypt the communications at acceptable speeds.
In view of such conditions, it would be desirable to provide a communications device that offers improved decryption of information streams from multiple sources. Further, it would be desirable to provide a communications device that increases the amount of decryption performed using a hardware based module as compared to the amount performed using a software based module. This invention accomplishes these and other goals.