公开(公告)号：US20110153985A1

公开(公告)日：2011-06-23

申请号：US12645869

申请日：2009-12-23

申请人： Ashoke Saha ,  Rajesh Joshi ,  Tushar Kanekar

发明人： Ashoke Saha ,  Rajesh Joshi ,  Tushar Kanekar

IPC分类号： G06F15/76 ,  G06F9/02

CPC分类号： G06F21/602 ,  H04L63/0485 ,  H04L63/166 ,  H04L69/12

摘要： The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation.

摘要翻译： 本发明涉及用于在多核系统中分布式操作多个加密卡的系统和方法。 在各种实施例中，向多核处理系统运行的多个分组处理引擎分配了提供加密/解密资源的多个密码卡。 一个或多个加密卡可以配置有多个硬件或软件队列。 可以将多个队列分配给多个分组处理引擎，使得多个分组处理引擎共享具有多个队列的加密卡的加密服务。 在一些实施例中，所有加密卡配置有分配给配置用于加密操作的多个分组处理引擎的多个队列。

公开(公告)号：US08675674B2

公开(公告)日：2014-03-18

申请号：US12645869

申请日：2009-12-23

申请人： Ashoke Saha ,  Rajesh Joshi ,  Tushar Kanekar

发明人： Ashoke Saha ,  Rajesh Joshi ,  Tushar Kanekar

IPC分类号： H04L12/28

CPC分类号： G06F21/602 ,  H04L63/0485 ,  H04L63/166 ,  H04L69/12

摘要： The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation.

摘要翻译： 本发明涉及用于在多核系统中分布式操作多个加密卡的系统和方法。 在各种实施例中，向多核处理系统运行的多个分组处理引擎分配了提供加密/解密资源的多个密码卡。 一个或多个加密卡可以配置有多个硬件或软件队列。 可以将多个队列分配给多个分组处理引擎，使得多个分组处理引擎共享具有多个队列的加密卡的加密服务。 在一些实施例中，所有加密卡配置有分配给配置用于加密操作的多个分组处理引擎的多个队列。

公开(公告)号：US08181019B2

公开(公告)日：2012-05-15

申请号：US12489331

申请日：2009-06-22

申请人： Ashoke Saha ,  Christofer Edstrom ,  Tushar Kanekar

发明人： Ashoke Saha ,  Christofer Edstrom ,  Tushar Kanekar

IPC分类号： H04L29/06 ,  H04L9/32 ,  G06F7/04

CPC分类号： H04L63/0823 ,  H04L9/3268 ,  H04L63/166

摘要： The present invention is directed towards systems and methods for maintaining Certificate Revocation Lists (CRLs) for client access in a multi-core system. A first core may generate a secondary CRL corresponding to a master CRL maintained by the first core. The CRLs may identify certificates to revoke. The first core can store the secondary CRL to a memory element accessible by the cores. A second core may receive a request to validate a certificate. The second core can provisionally determine, via access to the secondary CRL, whether the certificate is revoked. The second core may also determine not to revoke the certificate. Responsive to the determination, the second core may request the first core to validate the certificate. The first core can determine whether to revoke the certificate based on the master CRL. The first core may send a message to the second core based on the determination.

摘要翻译： 本发明涉及用于在多核系统中维护用于客户端访问的证书吊销列表（CRL）的系统和方法。 第一核心可以产生对应于由第一核心维护的主CRL的次级CRL。 CRL可以识别要撤销的证书。 第一个核心可以将次级CRL存储到可由内核访问的内存元素。 第二个核心可能会收到验证证书的请求。 第二个核心可以通过访问次级CRL临时确定证书是否被撤销。 第二核心也可能决定不撤销证书。 响应确定，第二个核心可能要求第一个核心验证证书。 第一个核心可以确定是否根据主CRL撤销证书。 基于确定，第一核心可以向第二核心发送消息。

公开(公告)号：US20100325429A1

公开(公告)日：2010-12-23

申请号：US12489331

申请日：2009-06-22

申请人： Ashoke Saha ,  Christofer Edstrom ,  Tushar Kanekar

发明人： Ashoke Saha ,  Christofer Edstrom ,  Tushar Kanekar

IPC分类号： H04L9/00

CPC分类号： H04L63/0823 ,  H04L9/3268 ,  H04L63/166

摘要： The present invention is directed towards systems and methods for maintaining Certificate Revocation Lists (CRLs) for client access in a multi-core system. A first core may generate a secondary CRL corresponding to a master CRL maintained by the first core. The CRLs may identify certificates to revoke. The first core can store the secondary CRL to a memory element accessible by the cores. A second core may receive a request to validate a certificate. The second core can provisionally determine, via access to the secondary CRL, whether the certificate is revoked. The second core may also determine not to revoke the certificate. Responsive to the determination, the second core may request the first core to validate the certificate. The first core can determine whether to revoke the certificate based on the master CRL. The first core may send a message to the second core based on the determination.

摘要翻译： 本发明涉及用于在多核系统中维护用于客户端访问的证书吊销列表（CRL）的系统和方法。 第一核心可以产生对应于由第一核心维护的主CRL的次级CRL。 CRL可以识别要撤销的证书。 第一个核心可以将次级CRL存储到可由内核访问的内存元素。 第二个核心可能会收到验证证书的请求。 第二个核心可以通过访问次级CRL临时确定证书是否被撤销。 第二核心也可能决定不撤销证书。 响应确定，第二个核心可能要求第一个核心验证证书。 第一个核心可以确定是否根据主CRL撤销证书。 基于确定，第一核心可以向第二核心发送消息。