Validating tracked portions of received sensor data using computer cryptographic processing
US-2022038288-A1 · Feb 3, 2022 · US
Method, electronic device, and program product implemented at an edge switch for data encryption
US11936635B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11936635-B2 |
| Application number | US-202117321720-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 17, 2021 |
| Priority date | Apr 23, 2021 |
| Publication date | Mar 19, 2024 |
| Grant date | Mar 19, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the present disclosure provide a method, an electronic device, and a program product implemented at an edge switch for data encryption. For example, the present disclosure provides a data encryption method implemented at an edge switch. The method may include receiving encryption and decryption information for an encryption operation or a decryption operation from a source device. In addition, the method may include encrypting a data packet received from the source device based on encryption information in the encryption and decryption information to generate an encrypted data packet. The method may further include sending the encrypted data packet to a target device indicated by the data packet. The embodiments of the present disclosure can reduce the computing loads of Internet of Things (IoT) devices, clouds, and servers while ensuring encryption performance, and can also reduce the time delay caused by encryption and decryption operations.
First claim
Opening claim text (preview).
What is claimed is: 1. A data encryption method implemented at an edge switch, comprising: receiving an encryption and/or decryption service request from a source device; determining whether or not the edge switch can perform at least one of an encryption operation and a decryption operation in accordance with the encryption and/or decryption service request received from the source device; responsive to determining that the edge switch can perform at least one of the encryption operation and the decryption operation in accordance with the encryption and/or decryption service request, sending a corresponding encryption and/or decryption service response to the source device; receiving encryption and/or decryption information for the encryption operation and/or the decryption operation from the source device, in response to the encryption and/or decryption service response from the edge switch, the encryption and/or decryption information comprising a key, a lookup table and one or more network addresses of one or more target devices; receiving a data packet from the source device; encrypting the data packet received from the source device based on encryption information in the encryption and/or decryption information to generate an encrypted data packet; and sending the encrypted data packet to a target device indicated by the data packet, utilizing a corresponding one of the one or more network addresses previously supplied by the source device as part of the encryption and/or decryption information; wherein the source device is an Internet of Things (IoT) device, the target device is a server, and the edge switch is disposed in proximity to the IoT device; wherein the edge switch comprises (i) a programmable switch configured to perform the encryption operation and/or the decryption operation for each of a plurality of communications between the IoT device and the server, and (ii) at least one register for storing one or more results of the encryption operation and/or the decryption operation; and wherein encrypting the data packet comprises: acquiring at least one of the key and the lookup table from the encryption and/or decryption information; and performing encryption on the data packet based on the at least one of the key and the lookup table. 2. The method according to claim 1 , wherein the programmable switch comprises a programmable switch chip and encrypting the data packet comprises: encrypting the data packet by using the programmable switch chip in the programmable switch. 3. The method according to claim 2 , wherein the data packet is an ingress data packet and encrypting the data packet by using the programmable switch chip comprises: receiving the ingress data packet in the programmable switch chip; dividing the ingress data packet into a plurality of data blocks; encrypting a first data block of the plurality of data blocks in a given ingress session by using the programmable switch chip; storing the encryption result in the register; ejecting the encrypted first data block in an egress session; repeating the encrypting, storing and ejecting steps until the plurality of data blocks are encrypted; and combining the corresponding encrypted data blocks to generate the encrypted data packet. 4. The method according to claim 1 , further comprising: receiving another encrypted data packet from the target device; decrypting the other encrypted data packet based on decryption information in the encryption and/or decryption information to generate a decrypted data packet; and sending the decrypted data packet to the source device. 5. The method according to claim 1 , further comprising: dividing the data packet into a plurality of data blocks; and encrypting and/or decrypting plurality of data blocks in a pipelined manner over a plurality of ingress sessions and a plurality of egress sessions utilizing the at least one register. 6. An electronic device, comprising: a processor; and a memory coupled to the processor and having instructions stored therein, wherein the instructions, when executed by the processor, cause the electronic device to perform actions in an edge switch, the actions comprising: receiving an encryption and/or decryption service request from a source device; determining whether or not the edge switch can perform at least one of an encryption operation and a decryption operation in accordance with the encryption and/or decryption service request received from the source device; responsive to determining that the edge switch can perform at least one of the encryption operation and the decryption operation in accordance with the encryption and/or decryption service request, sending a corresponding encryption and/or decryption service response to the source device; receiving encryption and/or decryption information for the encryption operation and/or the decryption operation from the source device, in response to the encryption and/or decryption service response from the edge switch, the encryption and/or decryption information comprising a key, a lookup table and one or more network addresses of one or more target devices; receiving a data packet from the source device; encrypting the data packet received from the source device based on encryption information in the encryption and/or decryption information to generate an encrypted data packet; and sending the encrypted data packet to a target device indicated by the data packet, utilizing a corresponding one of the one or more network addresses previously supplied by the source device as part of the encryption and/or decryption information; wherein the source device is an Internet of Things (IoT) device, the target device is a server, and the edge switch is disposed in proximity to the IoT device; wherein the edge switch comprises (i) a programmable switch configured to perform the encryption operation and/or the decryption operation for each of a plurality of communications between the IoT device and the server, and (ii) at least one register for storing one or more results of the encryption operation and/or the decryption operation; and wherein encrypting the data packet comprises: acquiring at least one of the key and the lookup table from the encryption and/or decryption information; and performing encryption on the data packet based on the at least one of the key and the lookup table. 7. The electronic device according to claim 6 , wherein the programmable switch comprises a programmable switch chip and encrypting the data packet comprises: encrypting the data packet by using the programmable switch chip in the programmable switch. 8. The electronic device according to claim 7 , wherein the data packet is an ingress data packet and encrypting the data packet by using the programmable switch chip comprises: receiving the ingress data packet in the programmable switch chip; dividing the ingress data packet into a plurality of data blocks; encrypting a first data block of the plurality of data blocks in a given ingress session by using the programmable switch chip; storing the encryption result in the register; ejecting the encrypted first data block in an egress session; repeating the encrypting, storing and ejecting steps until the plurality of data blocks are encrypted; and combining the corresponding encrypted data blocks to generate the encrypted data packet. 9. The electronic device according to claim 6 , wherein the actions further comprise: receiving another encrypted data packet from the target device; decrypting the other encrypted data packet based on decryption information in the encryption and/or decryption information to generate a decrypted data packet; and sending the d
Assignees
Inventors
Classifications
- H04L63/0485Primary
Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up · CPC title
- H04L63/0471Primary
applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding · CPC title
by using a location-limited connection, e.g. near-field communication or limited proximity of entities · CPC title
the source of the received data · CPC title
using an encryption or decryption engine integrated in transmitted data · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11936635B2 cover?
- Embodiments of the present disclosure provide a method, an electronic device, and a program product implemented at an edge switch for data encryption. For example, the present disclosure provides a data encryption method implemented at an edge switch. The method may include receiving encryption and decryption information for an encryption operation or a decryption operation from a source device…
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0485. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 19 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).