Patent Application
20170366518
Portable computing devices (e.g., cellular telephones, smart phones, tablet computers, portable digital assistants (PDAs), portable game consoles, wearable devices, and other battery-powered devices) and other computing devices continue to offer an ever-expanding array of features and services, and provide users with unprecedented levels of access to information, resources, and communications. To keep pace with these service enhancements, such devices have become more powerful and more complex. Portable computing devices now commonly include a system on chip (SoC) comprising a plurality of memory clients embedded on a single substrate (e.g., one or more central processing units (CPUs), a graphics processing unit (GPU), digital signal processors, etc.). The memory clients may read data from and store data in a dynamic random access memory (DRAM) memory system electrically coupled to the SoC via a double data rate (DDR) bus.
Portable computing devices commonly incorporate various types of cryptographic systems for providing secure data communication. Asymmetric cryptography, such as public key cryptography, is widely used in mobile platforms. The most common public key algorithms, named after their respective authors, are RSA (Rivest, Shamir and Adleman) and DH (Diffie & Hellman). Public key cryptography or asymmetric cryptography uses two kinds of keys: a public key that may be disseminated widely; and a private key that is known only to the owner. In a public key encryption system, any person can encrypt a message using the public key of the receiver, but such a message can be decrypted only with the receiver's private key. The strength of a public key cryptography system relies on the degree of difficulty (i.e., computational impracticality) for a properly generated private key to be determined from its corresponding public key. Therefore, the security of public key cryptography relies on complex mathematical equations.
Because of the mathematical complexity, however, it is time consuming to generate the key pairs and to execute these equations on existing mobile platforms. For example, key sizes may range anywhere from 512 bits to 4096 bits, which means the cryptography mathematical operations can involve very large numbers (e.g., 64 bytes to 512 bytes). Furthermore, existing mobile computing devices may yield an undesirable variable performance when generating the key pairs due to changing operational use cases. As known in the art, portable computing devices may adjust power consumption in accordance with operational use cases by varying processor performance (e.g., CPU frequency, bus bandwidth, etc.). For use cases that require higher performance, the CPU frequency and/or bus bandwidth may be increased. To conserve power, the CPU frequency and/or bus bandwidth may be decreased during less workload intensive use cases. Therefore, depending on which use case the system is in when key pair generation is initiated, there can be significant variations in the amount of time required to generate the key pairs using the complex mathematical equations that are common in public key cryptography systems.
Accordingly, there is a need for improved systems and methods for performing cryptography operations on portable computing devices.
Systems, methods, and computer programs are disclosed for accelerating cryptography operations on a portable computing device. One such method comprises receiving a request for a processor on a portable computing device to execute a cryptography algorithm. Prior to executing the cryptography algorithm, a performance of the portable computing device is increased from a current performance setting to an increased performance setting. The processor executes the cryptography algorithm at the increased performance setting. After completion of the cryptography algorithm, the portable computing device is reverted to the current performance setting.
Another embodiment is system for accelerating cryptography operations on a portable computing device. The system comprises a system on chip (SoC) and a cryptography module. The SoC comprises a processing device and a resource power manager for adjusting one or more performance settings of the portable computing device. The cryptography module is stored in a memory and executed by the processing device. The cryptography module is configured to receive a request for the processing device to execute a cryptography algorithm. Prior to executing the cryptography algorithm, the performance of the portable computing device is increased from a current performance setting to an increased performance setting. The cryptography algorithm is executed at the increased performance setting. After completion of the cryptography algorithm, the portable computing device is reverted to the current performance setting.
In the Figures, like reference numerals refer to like parts throughout the various views unless otherwise indicated. For reference numerals with letter character designations such as “102A” or “102B”, the letter character designations may differentiate two like parts or elements present in the same Figure. Letter character designations for reference numerals may be omitted when it is intended that a reference numeral to encompass all parts having the same reference numeral in all Figures.
The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any aspect described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other aspects.
In this description, the term “application” may also include files having executable content, such as: object code, scripts, byte code, markup language files, and patches. In addition, an “application” referred to herein, may also include files that are not executable in nature, such as documents that may need to be opened or other data files that need to be accessed.
The term “content” may also include files having executable content, such as: object code, scripts, byte code, markup language files, and patches. In addition, “content” referred to herein, may also include files that are not executable in nature, such as documents that may need to be opened or other data files that need to be accessed.
As used in this description, the terms “component,” “database,” “module,” “system,” and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device may be a component. One or more components may reside within a process and/or thread of execution, and a component may be localized on one computer and/or distributed between two or more computers. In addition, these components may execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from one component interacting with another component in a local system, distributed system, and/or across a network such as the Internet with other systems by way of the signal).
In this description, the terms “communication device,” “wireless device,” “wireless telephone”, “wireless communication device,” and “wireless handset” are used interchangeably. With the advent of third generation (“3G”) wireless technology and four generation (“4G”), greater bandwidth availability has enabled more portable computing devices with a greater variety of wireless capabilities. Therefore, a portable computing device may include a cellular telephone, a pager, a PDA, a smartphone, a navigation device, a wearable device (e.g., a smart watch), a handheld computer with a wireless connection or link, or any other battery-powered computing device.
As illustrated in
As illustrated in
Referring to
In a default mode of operation, the resource power manager 116 operates in a conventional manner to manage energy efficiency and power consumption of the system 100, according to various use cases, by adjusting one or more performance settings of the system 100 (e.g., CPU frequency, bus bandwidth, etc.). In another mode of operation (referred to as “accelerated cryptography”), the resource power manager 116 cooperates with the cryptography modules 118 to accelerate cryptography operations while operating in the various use cases.
As described below in more detail, accelerated cryptography operations generally involves temporarily interrupting the default mode of operation when the system 100 requests cryptography operations (e.g., key pair generation, encryption, decryption, DSA, etc.) via the cryptography algorithm(s) 120. In response the request to execute a cryptography algorithm, the cryptography modules 118 may interrupt the default mode of operation of the resource power manager 116 before executing one or more of the cryptography algorithm(s) 120. Prior to executing the cryptography operations, the cryptography module 118 may determine the current performance setting(s) associated with the system 100 (e.g., a current CPU frequency, a current bus bandwidth, etc.). A boost performance module 202 may be configured to boost or increase the performance setting(s) and then initiate execution of the cryptography algorithms 120 at the increased performance setting(s). After cryptography operations are executed, a revert performance module 204 may revert the system 100 to the prior performance setting(s) and return the system 100 to the default mode of operation until a subsequent request is received.
It should be appreciated that, depending on the current operational use case of the system 100 when the request is received for the CPU 106 to initiate cryptography operations, the system 100 may be operating at less than the performance setting(s) for optimally executing the software-based cryptography mathematical operations. For example, the CPU frequency and/or the bus bandwidth may be currently set to a lower operational range to accommodate a relatively lower workload use case and/or to conserve system power. If the cryptography algorithms 120 were to be performed at these current “lower” performance setting(s), the system 100 may take longer than desired to execute the computation-intensive demands of the cryptography algorithms 120. This would lead to problematic variable performance of cryptography operations due to the varying operational use cases.
In this regard, prior to initiating cryptography operations, the cryptography module 118 may determine the current performance setting(s). As illustrated in
It should be appreciated that the boost performance module 202 may be configured to instruct the resource power manager 116 (e.g., via the software drivers 205) to increase the performance setting(s) from the current performance setting(s) to one or more increased performance settings. The increased performance setting(s) may be computed by the boost performance module 202 to provide a consistent cryptography algorithm performance (e.g., consistent execution time for encryption, decryption, DSA, key pair generation, etc.) depending on, for example, the key bit size, the strength of the algorithm, etc. The increased performance setting(s) may be computed or otherwise determined based on predefined use cases. For example, in an embodiment, the performance setting(s) may be increased to a maximum setting (e.g., max CPU frequency, a higher bus bandwidth, etc.).
After cryptography operations are executed at the increased performance setting(s) and completed, the revert performance module 204 may access the memory 206 to determine the prior performance setting(s), instruct the resource power manager 116 to revert to the prior performance setting(s), and then return the system 100 to the default mode of operation until another cryptography request is received.
It should be appreciated that the boost and revert instructions initiated by the cryptography module 118 may be implemented in various ways. In an embodiment, the boost and revert instructions may comprise a corresponding vote (i.e., increase or decrease, respectively) via software drivers 205 to a CPU clock controller and/or a bus controller.
Prior to the CPU 106 executing the cryptography algorithms 120, at block 308, the performance of the system 100 is increased. As described above, the cryptography module 118 may instruct the resource power manager 116 to boost system performance by increasing one or more current performance setting(s) associated with the current default mode of operation to one or more increased performance setting(s). At block 310, the CPU 106 may execute the cryptography algorithms 120 at the increased performance setting(s). In this manner, the mathematical operations associated with the cryptography algorithms 120 may be executed without unnecessary delay or unpredictable performance resulting from changing use cases. After cryptography operations are completed, at block 312, the system 100 may be reverted to the prior performance setting(s) and returned to the default mode of operation. In an embodiment, the revert performance module 204 may access the memory 206 to determine the prior performance setting(s) and then instruct the resource power manager 116 to initiate the appropriate revert instructions.
As mentioned above, the system 100 may be incorporated into any desirable computing system.
A display controller 328 and a touch screen controller 330 may be coupled to the CPU 502. In turn, the touch screen display 506 external to the on-chip system 322 may be coupled to the display controller 328 and the touch screen controller 330.
Further, as shown in
As further illustrated in
As depicted in
It should be appreciated that one or more of the method steps described herein may be stored in the memory as computer program instructions, such as the modules described above. These instructions may be executed by any suitable processor in combination or in concert with the corresponding module to perform the methods described herein.
Certain steps in the processes or process flows described in this specification naturally precede others for the invention to function as described. However, the invention is not limited to the order of the steps described if such order or sequence does not alter the functionality of the invention. That is, it is recognized that some steps may performed before, after, or parallel (substantially simultaneously with) other steps without departing from the scope and spirit of the invention. In some instances, certain steps may be omitted or not performed without departing from the invention. Further, words such as “thereafter”, “then”, “next”, etc. are not intended to limit the order of the steps. These words are simply used to guide the reader through the description of the exemplary method.
Additionally, one of ordinary skill in programming is able to write computer code or identify appropriate hardware and/or circuits to implement the disclosed invention without difficulty based on the flow charts and associated description in this specification, for example.
Therefore, disclosure of a particular set of program code instructions or detailed hardware devices is not considered necessary for an adequate understanding of how to make and use the invention. The inventive functionality of the claimed computer implemented processes is explained in more detail in the above description and in conjunction with the Figures which may illustrate various process flows.
In one or more exemplary aspects, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted as one or more instructions or code on a computer-readable medium. Computer-readable media include both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that may be accessed by a computer. By way of example, and not limitation, such computer-readable media may comprise RAM, ROM, EEPROM, NAND flash, NOR flash, M-RAM, P-RAM, R-RAM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that may be used to carry or store desired program code in the form of instructions or data structures and that may be accessed by a computer.
Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (“DSL”), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium.
Disk and disc, as used herein, includes compact disc (“CD”), laser disc, optical disc, digital versatile disc (“DVD”), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
Alternative embodiments will become apparent to one of ordinary skill in the art to which the invention pertains without departing from its spirit and scope. Therefore, although selected aspects have been illustrated and described in detail, it will be understood that various substitutions and alterations may be made therein without departing from the spirit and scope of the present invention, as defined by the following claims.
