The invention relates to protection of information communicated over a transport medium such as a network.
With the increasing use of networks and other transport media for communications, security has become an increasing concern. Various security protocols have been utilized to protect data entering or leaving a device that is coupled to a transport medium such as a network (e.g. local area network, wide area network, the Internet). A security protocol may include cryptographic algorithms (including encryption, decryption, and authentication) to maintain the confidentiality of transmitted information as well as authentication of the information origin.
Cryptographic operations typically involve data intensive arithmetic operations that take up substantial amounts of processing in a system. To reduce the load on a main processor in a system in performing cryptographic operations, some systems include a coprocessor to perform some of the data intensive processing. In a conventional coprocessor architecture, a main processor (under control of an application program) loads data to be processed (encrypted, hashed, and so forth) into a system memory, which may be accessed by a coprocessor over a system bus. After processing, the coprocessor may then copy the processed data back to the memory for access by the main processor, which may then transmit the data out onto a transport medium (e.g., a network, telephone line, etc.). This process is inefficient as data is copied twice over the bus into system memory prior to it being transmitted over a transport medium. Similarly, at the receive end, the data also is copied twice to and from a coprocessor before it is decrypted and validated.
Running cryptographic operations in a conventional coprocessor architecture may use up valuable shared systems resources, including the main processor, bus, and system memory, making them unavailable to other devices in a system. This may reduce overall system performance. Thus, a need arises for a technique and apparatus that reduces use of system resources in performing operations associated with a security protocol when communicating information to a transport medium.