Claims
- 1. A programmable security processor for efficient execution of security protocols, wherein the instruction set of the processor is enhanced to contain at least one instruction that is used to improve the efficiency of a public-key cryptographic algorithm, and at least one instruction that is used to improve the efficiency of a private-key cryptographic algorithm.
- 2. The processor of claim 1 wherein the instruction set also contains at least one instruction that is used to improve the efficiency of a message authentication algorithm.
- 3. The processor of claim 1 wherein the instruction set also contains at least one instruction that is used to improve the efficiency of random number generation.
- 4. The processor of claim 1 wherein the instruction set also contains at least one instruction that is used to improve the efficiency of portions of a security protocol other than the cryptographic algorithms, which may include packet processing functions.
- 5. The processor of claim 1 wherein said instructions are implemented as functional units within the processor.
- 6. The processor of claim 1 wherein the said functional units are integrated as part of the processor's pipeline.
- 7. The processor of claim 1 wherein, in addition to the said instructions, at least one co-processor is used to accelerate security protocol computations.
- 8. The processor of claim 1 wherein, in addition to the said instructions, at least one peripheral unit connected to the processor bus or system bus is used to accelerate security protocol computations.
- 9. The processor of claim 1 wherein specific instructions are used for each cryptographic algorithm.
- 10. A layered software library for efficient execution of security protocols that consists of a basic operations layer, a complex operations layer, and a cryptographic algorithms layer.
- 11. The software library of claim 10 wherein a the specific structure of the software library is provided.
- 12. A security processing platform consisting of a programmable security processor and a layered software library wherein at least one of the functions in the software library invokes a security-specific instruction of the programmable processor.
- 13. An electronic system optimized for efficient security processing that comprises of at least one host processor and at least one programmable security processor.
- 14. The system of claim 13 wherein the security protocol processing functionality is divided between a host processor and a security processor so that the said security processor executes portions of a security protocol other than the cryptographic algorithms, which may include packet processing functions.
- 15. An electronic system optimized for efficient security processing that comprises of at least one host processor and at least one security processor, wherein at least two distinct allocations of security protocol functionality between a host processor and a security processor exist.
- 16. The electronic system of claim 15 wherein the said distinct allocations of security protocol functionality are fixed statically.
- 17. The electronic system of claim 15 wherein the said distinct allocations of security protocol functionality are varied dynamically during system execution.
- 18. The electronic system of claim 15 wherein the time intervals at which each allocation of security protocol functionality is used are determined statically.
- 19. The electronic system of claim 15 wherein the time intervals at which each allocation of security protocol functionality is used are determined dynamically during system execution.
- 20. The electronic system of claim 15 wherein a security processor is enhanced for efficiently interleaving the processing of multiple data streams.
- 21. The electronic system of claim 20 wherein said enhancement is performed by storing identification and context information for each data stream in the security processor.
- 22. The electronic system of claim 15 wherein the allocation of security protocol functionality is different for at least two data streams.
- 23. The electronic system of claim 15 wherein at least two different allocations of security protocol functionality are used for at least one data stream.
- 24. An electronic system containing at least one programmable security processor, wherein a dedicated memory is attached to a programmable security processor.
- 25. The system of claim 24 wherein a portion of said dedicated memory can be accessed only by the said programmable security processor.
- 26. A method of designing an efficient hardware and software architecture for security processing, comprising of algorithm exploration to optimize the software architecture and selection of custom instructions that augment a programmable processor in order to optimize the hardware architecture.
- 27. The method of claim 26 wherein algorithm exploration is performed through native simulation of the source code of each candidate algorithm while using performance macro-models to estimate performance.
- 28. The method of claim 26 wherein custom instruction selection is performed by constructing a function call graph representation of the software, formulating custom instruction candidates for selected functions in the call graph, and performing a global custom instruction selection to determine the final set of custom instructions.
- 29. The method of claim 28 wherein the said formulation of custom instruction candidates is used to generated area vs. delay curves for the selected functions.
- 30. The method of claim 28 wherein the said global custom instruction selection is performed by propagating area vs. delay curves upwards to the root of the call graph and choosing the final custom instructions based on the area vs. delay curve for the root.
I.A. RELATED APPLICATIONS
[0001] This application claims priority from co-pending U.S. Provisional Patent Application Serial No. 60/325,189 filed Sep. 28, 2001; No. 60/342,748 filed Dec. 28, 2001 and No. 60/361,276 filed Mar. 4, 2002, the disclosures of each of which applications are incorporated herein by reference.
Provisional Applications (3)
|
Number |
Date |
Country |
|
60325189 |
Sep 2001 |
US |
|
60342748 |
Dec 2001 |
US |
|
60361276 |
Mar 2002 |
US |