Abstract: A method, system, and apparatus for dynamically validating a data encryption operation are disclosed. In one embodiment, a method is provided which comprises decrypting a first sequential data element of a plurality of data elements substantially in parallel with the encryption of a second sequential data element of the plurality, where the first element comprises first data and first encryption validation metadata. In response to the decryption, second encryption validation metadata is generated utilizing the first data. Thereafter, a determination is made whether the first element has been validly encrypted based upon a comparison of the first and second metadata. In other embodiments, an encryption validation indicator may be generated (e.g., to notify a user of a detected encryption error and/or to mark a portion of data for re-encryption), further encryption operations may be suspended, and/or the storage of the first data element may be controlled following such a determination.

Abstract: A method and system for generating ciphertext and message authentication codes utilizing shared hardware are disclosed. According to one embodiment, a method is provided of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware. In the described embodiment, plaintext message data is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules. Thereafter, a first message authentication code (MAC) associated with a first authenticated encryption mode and a second MAC associated with a second authenticated encryption mode are generated. More specifically, the first MAC is generated utilizing the plaintext message data and first authenticated encryption hardware module and ciphertext message data and the second MAC are generated utilizing the plaintext message data and second authenticated encryption hardware module.