公开(公告)号：US20090119510A1

公开(公告)日：2009-05-07

申请号：US11935783

申请日：2007-11-06

申请人： Men Long ,  Jesse Walker ,  David Durham ,  Marc Millier ,  Karanvir Grewal ,  Prashant Dewan ,  Uday Savagaonkar ,  Steven D. Williams

发明人： Men Long ,  Jesse Walker ,  David Durham ,  Marc Millier ,  Karanvir Grewal ,  Prashant Dewan ,  Uday Savagaonkar ,  Steven D. Williams

IPC分类号： H04L9/32

CPC分类号： H04L63/0428 ,  H04L9/0631 ,  H04L9/3242 ,  H04L63/08 ,  H04L63/1466 ,  H04L63/168 ,  H04L2209/12 ,  H04L2209/38

摘要： End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.

摘要翻译： 公开了客户机与服务器之间的端到端安全性，以及通过组合模式，单程加密和使用两个密钥的认证实现的对中间网络设备的流量可见性。 在各种实施例中，组合加密认证单元包括与密码单元并行耦合的密码单元和认证单元，并且使用加密密钥与密文生成并行地使用认证密钥生成认证标签，其中 认证和加密密钥具有不同的密钥值。 在各种实施例中，密码单元以AES计数器模式运行，并且认证单元以AES-GMAC模式并行操作。使用双键单通组合模式算法使用有限数量的HW门保留网络性能，同时允许 中间设备访问用于解密数据的加密密钥，而不提供该设备损害数据完整性的能力，这在端到端设备之间保留。

公开(公告)号：US20120096270A1

公开(公告)日：2012-04-19

申请号：US13337919

申请日：2011-12-27

申请人： Men Long ,  Jesse Walker ,  David Durham ,  Marc Millier ,  Karavir Grewal ,  Prashant Dewan ,  Uday Savagaonkar ,  Steven D. Williams

发明人： Men Long ,  Jesse Walker ,  David Durham ,  Marc Millier ,  Karavir Grewal ,  Prashant Dewan ,  Uday Savagaonkar ,  Steven D. Williams

IPC分类号： H04L9/32

CPC分类号： H04L63/0428 ,  H04L9/0631 ,  H04L9/3242 ,  H04L63/08 ,  H04L63/1466 ,  H04L63/168 ,  H04L2209/12 ,  H04L2209/38

摘要： End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.

摘要翻译： 公开了客户机与服务器之间的端到端安全性，以及通过组合模式，单程加密和使用两个密钥的认证实现的对中间网络设备的流量可见性。 在各种实施例中，组合加密认证单元包括与密码单元并行耦合的密码单元和认证单元，并且使用加密密钥与密文生成并行地使用认证密钥生成认证标签，其中 认证和加密密钥具有不同的密钥值。 在各种实施例中，密码单元以AES计数器模式运行，并且认证单元以AES-GMAC模式并行操作。使用双键单通组合模式算法使用有限数量的HW门保留网络性能，同时允许 中间设备访问用于解密数据的加密密钥，而不提供该设备损害数据完整性的能力，这在端到端设备之间保留。