公开(公告)号：US08200988B2

公开(公告)日：2012-06-12

申请号：US09922041

申请日：2001-08-03

申请人： Larry H. Gass ,  Chad W. Mercer ,  David A. Schollmeyer

发明人： Larry H. Gass ,  Chad W. Mercer ,  David A. Schollmeyer

IPC分类号： G06F12/14 ,  H04L9/00

CPC分类号： G06F21/572

摘要： A portion of a firmware program may be automatically upgraded during power on of a processor-based system. A firmware upgrade file signed by a private key is authenticated using a public key accessible to the firmware program. The authentication and upgrade is performed automatically. Interrupted upgrades are anticipated and resolved by the firmware program. The public key is duplicated and is itself upgradable, in case the private key changes. The firmware program may be locked to prevent both viewing and unauthorized upgrades of the public keys or other parts of the firmware program.

摘要翻译： 在基于处理器的系统的上电期间，固件程序的一部分可以被自动升级。 由私钥签名的固件升级文件使用固件程序可访问的公钥进行身份验证。 自动执行认证和升级。 中断升级预计将由固件程序解决。 公钥是重复的，并且本身可升级，以防私钥更改。 固件程序可能被锁定，以防止查看和未经授权的升级公钥或固件程序的其他部分。

公开(公告)号：US07958098B2

公开(公告)日：2011-06-07

申请号：US12558188

申请日：2009-09-11

申请人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

发明人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

IPC分类号： G06F17/30

CPC分类号： H04L63/0485 ,  H04L63/164 ,  Y10S707/99939 ,  Y10S707/99952

摘要： An apparatus and method for updating security association database entries in a system having multiple security channels by selectively granting access to the entries by a plurality of the multiple security channels that may need to update the same entry using a first-come, first-served scheme. The apparatus includes a controller circuit that functions to carry out the method which, for each of the multiple security channels, includes determining whether another of the security channels has a higher priority to access a particular security association database entry. If no other channel has a higher priority, then the channel requesting access to the entry retrieves it from its address location, modifies it, and writes the modified entry back to its address location. The controller prevents other channels from simultaneously, or substantially simultaneously, retrieving and modifying the same entry.

摘要翻译： 一种用于在具有多个安全通道的系统中更新安全关联数据库条目的装置和方法，其通过选择性地授予多个安全通道对条目的访问，所述多个安全通道可能需要使用先来先服务方案来更新相同条目 。 该装置包括控制器电路，其用于执行对于每个多个安全信道包括确定另一个安全信道是否具有访问特定安全关联数据库条目的较高优先级的方法。 如果没有其他信道具有较高的优先权，则请求访问该条目的信道从其地址位置检索它，修改它，并将修改的条目写回其地址位置。 控制器防止其他通道同时或基本上同时检索和修改相同的条目。

公开(公告)号：US07496748B2

公开(公告)日：2009-02-24

申请号：US09911149

申请日：2001-07-23

申请人： Chad W. Mercer ,  Lee P. Noehring

发明人： Chad W. Mercer ,  Lee P. Noehring

IPC分类号： H04L9/00

CPC分类号： H04L63/0485 ,  H04L63/061 ,  H04L63/164

摘要： A method for establishing a secure communication channel for information flow between two or more computers communicating via an interconnected computer network, and a system for implementing the method, in response to receiving a security association data structure from one of the computers. The received security association data structure is stored in a memory region having a specific memory address value, and the specific memory address value is assigned as the security parameter index value associated with the received inbound security association data structure. Additionally, a method of processing information received over a previously established secure communication channel, and a system for implementing the method, in response to receiving a data packet that includes an encrypted data portion, and a header portion that includes a security parameter index value. A memory region is located using the security parameter index value as an address pointer. The encrypted data portion of the received data packet is then processed based on a security association data structure stored in the located memory region.

摘要翻译： 响应于从所述计算机之一接收安全关联数据结构，建立用于经由互连计算机网络通信的两台或多台计算机之间的信息流的安全通信信道的方法和用于实现所述方法的系统。 接收到的安全关联数据结构存储在具有特定存储器地址值的存储器区域中，并且将特定存储器地址值分配为与接收的入站安全关联数据结构相关联的安全参数索引值。 此外，响应于接收到包括加密数据部分的数据分组，以及包括安全参数索引值的报头部分，处理通过先前建立的安全通信信道接收的信息的方法以及用于实现该方法的系统。 使用安全参数索引值作为地址指针定位存储器区域。 然后，基于存储在所定位的存储区域中的安全关联数据结构来处理所接收的数据分组的加密数据部分。

公开(公告)号：US07613699B2

公开(公告)日：2009-11-03

申请号：US09921677

申请日：2001-08-03

申请人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

发明人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

IPC分类号： G06F17/30

CPC分类号： H04L63/0485 ,  H04L63/164 ,  Y10S707/99939 ,  Y10S707/99952

摘要： An apparatus and method for updating security association database entries in a system having multiple security channels by selectively granting access to the entries by a plurality of the multiple security channels that may need to update the same entry using a first-come, first-served scheme. The apparatus includes a controller circuit that functions to carry out the method which, for each of the multiple security channels, includes determining whether another of the security channels has a higher priority to access a particular security association database entry. If no other channel has a higher priority, then the channel requesting access to the entry retrieves it from its address location, modifies it, and writes the modified entry back to its address location. The controller prevents other channels from simultaneously, or substantially simultaneously, retrieving and modifying the same entry.

摘要翻译： 一种用于在具有多个安全通道的系统中更新安全关联数据库条目的装置和方法，其通过选择性地授予多个安全通道对条目的访问，所述多个安全通道可能需要使用先来先服务方案来更新相同条目 。 该装置包括控制器电路，其用于执行对于每个多个安全信道包括确定另一个安全信道是否具有访问特定安全关联数据库条目的较高优先级的方法。 如果没有其他信道具有较高的优先权，则请求访问该条目的信道从其地址位置检索它，修改它，并将修改的条目写回其地址位置。 控制器防止其他通道同时或基本上同时检索和修改相同的条目。

公开(公告)号：US20110119305A1

公开(公告)日：2011-05-19

申请号：US13004778

申请日：2011-01-11

申请人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

发明人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

IPC分类号： G06F17/30

CPC分类号： H04L63/0485 ,  H04L63/164 ,  Y10S707/99939 ,  Y10S707/99952

摘要： An apparatus and method for updating security association database entries in a system having multiple security channels by selectively granting access to the entries by a plurality of the multiple security channels that may need to update the same entry using a first-come, first-served scheme. The apparatus includes a controller circuit that functions to carry out the method which, for each of the multiple security channels, includes determining whether another of the security channels has a higher priority to access a particular security association database entry. If no other channel has a higher priority, then the channel requesting access to the entry retrieves it from its address location, modifies it, and writes the modified entry back to its address location. The controller prevents other channels from simultaneously, or substantially simultaneously, retrieving and modifying the same entry.

摘要翻译： 一种用于在具有多个安全通道的系统中更新安全关联数据库条目的装置和方法，其通过选择性地授予多个安全通道对条目的访问，所述多个安全通道可能需要使用先来先服务方案来更新相同条目 。 该装置包括控制器电路，其用于执行对于每个多个安全信道包括确定另一个安全信道是否具有访问特定安全关联数据库条目的较高优先级的方法。 如果没有其他信道具有较高的优先权，则请求访问该条目的信道从其地址位置检索它，修改它，并将修改的条目写回其地址位置。 控制器防止其他通道同时或基本上同时检索和修改相同的条目。

公开(公告)号：US07411631B1

公开(公告)日：2008-08-12

申请号：US09583432

申请日：2000-05-31

申请人： Aniruddha P. Joshi ,  Chad W. Mercer ,  Jenny M. Wohletz

发明人： Aniruddha P. Joshi ,  Chad W. Mercer ,  Jenny M. Wohletz

IPC分类号： H04N5/44 ,  H04N5/63

CPC分类号： H04N5/63 ,  G06F1/3203

摘要： A processor-based system may be operated in an effectively “always on” condition. The system may transition from a lower power consumption state to a higher power consumption state in response to the first operation of a power button. In response to a second operation of the power button, the system transitions from the higher power consumption state to the lower power consumption state. However, unless the system is unplugged, the system remains in a power consuming state even when the power button is repeatedly operated.

摘要翻译： 基于处理器的系统可以有效地“始终处于”状态运行。 响应于电源按钮的第一操作，系统可以从较低功耗状态转换到较高功耗状态。 响应于电源按钮的第二操作，系统从较高功耗状态转换到较低功耗状态。 然而，除非系统被拔掉，即使电源按钮被重复操作，系统仍然处于耗电状态。

公开(公告)号：US08433691B2

公开(公告)日：2013-04-30

申请号：US13004778

申请日：2011-01-11

申请人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

发明人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

IPC分类号： G06F17/30

CPC分类号： H04L63/0485 ,  H04L63/164 ,  Y10S707/99939 ,  Y10S707/99952

摘要： An apparatus and method for updating security association database entries in a system having multiple security channels by selectively granting access to the entries by a plurality of the multiple security channels that may need to update the same entry using a first-come, first-served scheme. The apparatus includes a controller circuit that functions to carry out the method which, for each of the multiple security channels, includes determining whether another of the security channels has a higher priority to access a particular security association database entry. If no other channel has a higher priority, then the channel requesting access to the entry retrieves it from its address location, modifies it, and writes the modified entry back to its address location. The controller prevents other channels from simultaneously, or substantially simultaneously, retrieving and modifying the same entry.

公开(公告)号：US20100088288A1

公开(公告)日：2010-04-08

申请号：US12558188

申请日：2009-09-11

申请人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

发明人： Lee P. Noehring ,  Chad W. Mercer ,  Steve J. Brown

IPC分类号： G06F17/30

CPC分类号： H04L63/0485 ,  H04L63/164 ,  Y10S707/99939 ,  Y10S707/99952

摘要： An apparatus and method for updating security association database entries in a system having multiple security channels by selectively granting access to the entries by a plurality of the multiple security channels that may need to update the same entry using a first-come, first-served scheme. The apparatus includes a controller circuit that functions to carry out the method which, for each of the multiple security channels, includes determining whether another of the security channels has a higher priority to access a particular security association database entry. If no other channel has a higher priority, then the channel requesting access to the entry retrieves it from its address location, modifies it, and writes the modified entry back to its address location. The controller prevents other channels from simultaneously, or substantially simultaneously, retrieving and modifying the same entry.

摘要翻译： 一种用于在具有多个安全通道的系统中更新安全关联数据库条目的装置和方法，其通过选择性地授予多个安全通道对条目的访问，所述多个安全通道可能需要使用先来先服务方案来更新相同条目 。 该装置包括控制器电路，其用于执行对于每个多个安全信道包括确定另一个安全信道是否具有访问特定安全关联数据库条目的较高优先级的方法。 如果没有其他信道具有较高的优先权，则请求访问该条目的信道从其地址位置检索它，修改它，并将修改的条目写回其地址位置。 控制器防止其他通道同时或基本上同时检索和修改相同的条目。

公开(公告)号：US07194766B2

公开(公告)日：2007-03-20

申请号：US09880701

申请日：2001-06-13

申请人： Lee P. Noehring ,  Chad W. Mercer ,  David Cassetti ,  Michael Privett ,  Satish Anand

发明人： Lee P. Noehring ,  Chad W. Mercer ,  David Cassetti ,  Michael Privett ,  Satish Anand

IPC分类号： G06F9/00

CPC分类号： H04L63/0485 ,  H04L29/06 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/10 ,  H04L63/164 ,  H04L63/20 ,  H04L69/04 ,  H04L69/12 ,  H04L69/22

摘要： A packet processing system is embodied on an ASIC is optimized for processing IPSec security protocol packets in a hardware configuration. Embedded RISC processors operate with hardware support modules providing for IPSec packet processing at OC24 data rates and greater. IPSec packets are received through a streaming interface and buffered in an external memory. When the entire packet is in external memory, portions are buffered in a local memory for crypto-processing. As portions of the packets complete processing, the portions are buffered to an output portion of the external memory associated with the channel. When an entire packet competes processing, portions are buffered to a local memory for streaming. The hardware accordingly reduces the involvement of the RISC processors and significantly increases channel throughput providing for high-speed IPSec packet processing.

摘要翻译： 分组处理系统体现在ASIC上，经过优化，用于处理硬件配置中的IPSec安全协议数据包。 嵌入式RISC处理器采用硬件支持模块，以OC24数据速率和更高的速度提供IPSec数据包处理。 IPSec数据包通过流接口接收并缓存在外部存储器中。 当整个数据包在外部存储器中时，部分缓冲在本地存储器中用于加密处理。 随着分组的一部分完成处理，这些部分被缓冲到与该信道相关联的外部存储器的输出部分。 当整个分组竞争处理时，部分被缓冲到本地存储器以进行流传输。 因此硬件相应地减少了RISC处理器的参与，并显着增加了提供高速IPSec数据包处理的信道吞吐量。