US20070223688A1 - Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance - Google Patents

Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance Download PDF

Info

Publication number
US20070223688A1
US20070223688A1 US11/802,759 US80275907A US2007223688A1 US 20070223688 A1 US20070223688 A1 US 20070223688A1 US 80275907 A US80275907 A US 80275907A US 2007223688 A1 US2007223688 A1 US 2007223688A1
Authority
US
United States
Prior art keywords
encryption
module
bus
memory
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/802,759
Inventor
Patrick Le Quere
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US11/802,759 priority Critical patent/US20070223688A1/en
Publication of US20070223688A1 publication Critical patent/US20070223688A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present invention applies to the field of encryption, and more particularly, relates to an architecture of an encryption circuit implementing various types of encryption algorithms simultaneously.
  • This architecture is embodied by a circuit supported by a PCI (Peripheral Component Interconnect) card, and makes it possible to implement various encryption algorithms in parallel, without a loss of performance in a machine (server or station). It also plays the role of a vault in which the secret elements (keys and certificates) required for any electronic encryption function are stored.
  • PCI Peripheral Component Interconnect
  • Such a card coupled with a server, constitutes the hardware security element of the server.
  • the object of the invention is specifically to eliminate the aforementioned drawbacks and to meet the market's new demands for security.
  • the subject of the invention is an architecture of an encryption circuit simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host computer system.
  • the circuit comprises:
  • the first advantage of the invention is that it allows fast execution of the principal encryption algorithms with two levels of parallelism, a first parallelism of the operations performed by the input/output module and the encryption module, and a second parallelism in the execution of the various encryption algorithms.
  • Another advantage of the invention is to make invisible to the host system all of the encryption resources made available to the system, and to provide protected storage for secrets such as keys and certificates.
  • the sensitive functions of the card (algorithms and keys) are all located inside the encryption module and are inaccessible from the PCI bus.
  • the invention also has the advantage of enabling hardware and software implementations of various encryption algorithms to coexist without a loss of performance, while guaranteeing the throughputs of each of them.
  • the invention makes it possible, in particular, to implement proprietary algorithms simply by modifying the code of the encryption processors or by loading a new configuration file for the encryption automata of the encryption module.
  • FIGURE represents a block diagram of an architecture according to the invention.
  • the encryption/decryption module will hereinafter be called the “encryption module.”
  • the links between each module are all two-way links unless indicated.
  • the encryption circuit 1 hinges on two main modules:
  • a serial link SL controlled by the encryption module 3 also makes it possible to input the basic keys through a secure path SP independent of the normal functional path (PCI bus), thus meeting the requirement imposed by the FIPS 140 standard.
  • This link SL is connected to the card 1 via a module EPLD 5 , or “Erasable Programmable Logic Device,” coupled between the input/output module 2 and the encryption module 3 , that ensures logical consistency between the modules.
  • the input/output module 2 includes the following elements:
  • the data transfers between the encryption module 3 and the host system HS take place simultaneously with the encryption operations performed by the encryption module 3 , thus making it possible to optimize the overall performance of the card 1 .
  • the flash memory 7 contains the code of the processor of the microcontroller IOP 6 .
  • the processor copies the contents of the flash memory 7 into the SRAM memory 8 ; the code being executed in this memory for better performance.
  • the SRAM memory 8 could also be replaced by an SDRAM (Synchronous Dynamic RAM) memory, which is a fast dynamic memory.
  • SDRAM Serial Dynamic RAM
  • the microcontroller IOP 6 is capable of managing this type of memory without a loss of performance.
  • microcontroller depends primarily on the desired performance objectives as well as the total power consumption of the card supporting the circuit, which is generally limited to 25 W (PCI specification).
  • the dual-port memory DPR 4 provides the isolation between the input/output module 2 and the encryption module 3 , thus making the latter inaccessible to the host system HS.
  • Its storage capacity in the example described is 64 kilobytes. It temporarily stores the data that is to be encrypted or decrypted by the encryption automata of the encryption module 3 .
  • the encryption module 3 includes first and second encryption sub-modules 3 1 and 3 2 , respectively delimited by an enclosing broken line.
  • the first sub-module 3 1 includes an SCE (Symmetric Cipher Engine) component 9 , dedicated to the processing of symmetric encryption algorithms, coupled with the bus of the dual-port memory 4 .
  • SCE Symmetric Cipher Engine
  • the second sub-module 3 2 is dedicated to the processing of asymmetric encryption algorithms.
  • the SCE component 9 and the CMOS memory 11 are directly coupled with the bus of the dual-port memory DPR 4 , while the processors CIP 10 1 and 10 2 and the flash 12 and SRAM 13 memories are coupled with a separate bus isolated from the bus of the dual-port memory DPR 4 by means of a bus isolator 14 , also called a bus “transceiver,” represented in the figure by a block with two opposing arrows.
  • a bus isolator 14 also called a bus “transceiver,” represented in the figure by a block with two opposing arrows.
  • the flash memory PROM 12 located in the bus of the processors CIP 10 1 and 10 2 contains all of the software used by the encryption module 3 .
  • the SRAM memory 13 plays two roles:
  • the processor CIP 10 1 and the processor ACE 10 2 both access the dual-port memory DPR 4 in order to read or write the data to be encrypted, but the processing of the algorithms per se takes place entirely within their own memory space (internal cache and SRAM 13 ) without interfering with the SCE component 9 .
  • the SCE component 9 integrates the various symmetric encryption automata (one automaton per algorithm) of the DES, RC4 or other type, as well as a random number generator, not represented.
  • Each automaton works independently from the others and accesses the dual-port memory DPR 4 in order to read its control block (written by the microcontroller IOP 6 ) and the corresponding data to be processed.
  • the bandwidth of the data bus to this memory must therefore be greater than the sum of the throughputs of each algorithm in order not to limit their performance.
  • the SCE component 9 is produced using a programmable technology that is also known as FPGA, or “Field Programmable Gate Array,” which is a programmable circuit or chip having a high logic gate density, which provides all of the flexibility required to implement new algorithms, including proprietary algorithms, on demand.
  • FPGA Field Programmable Gate Array
  • the configuration data for this component is contained in the flash memory PROM 12 , and is loaded into the SCE component 9 at power up under the control of the processor CIP 10 1 .
  • the processor CIP 10 1 uses given programming software, implements the algorithms not implemented in the SCE component 9 . It also implements asymmetric algorithms of the RSA type with or without the help of the specialized automaton implemented by the processor ACE 10 2 .
  • processors CIP 10 1 and 10 2 are implemented:
  • One of them 10 1 is required for the execution of the of the RSA algorithm; the other 10 2 implements the algorithms not yet supported by the SCE component 9 .
  • processor CIP 10 1 assisted by a processor ACE 10 2 that replaces one of the two processors CIP 10 1 and 10 2 of the first embodiment, and which implements, in programmable logic, the intensive calculation linked to the protocol of the RSA algorithm.
  • This component is produced in programmable FPGA technology.
  • the CMOS memory 11 contains the keys and other secrets of the card 1 . It is backed up by a battery and protected by various known security mechanisms SM 15 which, in case of abnormalities, translate them as an intrusion attempt and erase its contents.
  • Each of the above events triggers an alarm signal that acts on the reset mechanism of the CMOS memory 11 .

Abstract

An encryption circuit for simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host system hosted by a computing machine. The circuit comprises an input/output module responsible for the data exchanges between the host system and the circuit via a dedicated bus. An encryption module coupled with the input/output module is in charge of the encryption and decryption operations. Isolation means between the input/output module and the encryption module makes the sensitive information stored in the encryption module inaccessible to the host system and ensures the parallelism of the operations performed by the input/output module and the encryption module. The circuit is supported on a peripheral component interconnect card. The circuit is specifically adapted to provide “hardware” protection of computer servers or stations.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation of application Ser. No. 09/706,728, filed Nov. 7, 2000, which claims priority under 35 U.S.C. §119 to French Application No. 9914067, filed Nov. 9, 1999, each of which is hereby incorporated by reference.
  • FIELD OF THE INVENTION
  • The present invention applies to the field of encryption, and more particularly, relates to an architecture of an encryption circuit implementing various types of encryption algorithms simultaneously.
  • This architecture is embodied by a circuit supported by a PCI (Peripheral Component Interconnect) card, and makes it possible to implement various encryption algorithms in parallel, without a loss of performance in a machine (server or station). It also plays the role of a vault in which the secret elements (keys and certificates) required for any electronic encryption function are stored.
  • DESCRIPTION OF RELATED ART
  • The increased need for performance in cryptography, combined with the need for inviolability has led the manufacturers of security systems to favor hardware solutions in the form of additional cards.
  • Such a card, coupled with a server, constitutes the hardware security element of the server.
  • There are known implementations of security architectures based on ASIC (Application Specific Integrated Circuit) components, which entail high development costs for a solution that remains inflexible, both on the manufacturer end and on the user end.
  • Furthermore, there is no architecture existing today that is capable of executing a set of algorithms simultaneously with a guaranteed throughput for each of them.
  • SUMMARY OF THE INVENTION
  • The object of the invention is specifically to eliminate the aforementioned drawbacks and to meet the market's new demands for security.
  • To this end, the subject of the invention is an architecture of an encryption circuit simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host computer system.
  • According to the invention, the circuit comprises:
      • an input/output module responsible for the data exchanges between the host system and the circuit via a PCI bus;
      • an encryption module coupled with the input/output module, in charge of the encryption and decryption operations as well as the storage of all of the circuit's sensitive information; and
      • isolation means between the input/output module and the encryption module, for making the sensitive information stored in the encryption module inaccessible to the host system, and for ensuring the parallelism of the operations performed by the input/output module and the encryption module.
  • The first advantage of the invention is that it allows fast execution of the principal encryption algorithms with two levels of parallelism, a first parallelism of the operations performed by the input/output module and the encryption module, and a second parallelism in the execution of the various encryption algorithms.
  • Another advantage of the invention is to make invisible to the host system all of the encryption resources made available to the system, and to provide protected storage for secrets such as keys and certificates. The sensitive functions of the card (algorithms and keys) are all located inside the encryption module and are inaccessible from the PCI bus.
  • The invention also has the advantage of enabling hardware and software implementations of various encryption algorithms to coexist without a loss of performance, while guaranteeing the throughputs of each of them.
  • It has the further advantage of being scalable by a choice of standard microprocessor and programmable logic technologies, as opposed to more conventional implementations based on specific circuits (ASIC). The invention makes it possible, in particular, to implement proprietary algorithms simply by modifying the code of the encryption processors or by loading a new configuration file for the encryption automata of the encryption module.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Other advantages and characteristics of the present invention will emerge through the reading of the following description, given in reference to the attached FIGURE, which represents a block diagram of an architecture according to the invention.
  • DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • For simplicity's sake, the encryption/decryption module will hereinafter be called the “encryption module.”
  • The links between each module are all two-way links unless indicated.
  • The encryption circuit 1 according to the invention hinges on two main modules:
      • an input/output module 2 responsible for the data exchanges between the encryption resources and a host system HS via a PCI bus; and
      • an encryption module 3 in charge of the encryption and decryption operations as well as the storage of the secrets.
  • These two modules 2 and 3, respectively delimited by an enclosing dot-and-dash line, dialogue via a dual-port memory DPR 4 that allows the exchange of data and commands/statuses between the two modules 2 and 3.
  • A serial link SL controlled by the encryption module 3 also makes it possible to input the basic keys through a secure path SP independent of the normal functional path (PCI bus), thus meeting the requirement imposed by the FIPS 140 standard.
  • This link SL is connected to the card 1 via a module EPLD 5, or “Erasable Programmable Logic Device,” coupled between the input/output module 2 and the encryption module 3, that ensures logical consistency between the modules.
  • The input/output module 2 includes the following elements:
      • a microcontroller IOP 6 primarily constituted by a processor 6 1 and by a PCI interface 6 2, integrating DMA (Direct Memory Access) channels. These are channels that are specific, or dedicated, to the processor, through which the data exchanged between the memories passes, and which are coupled with the processor without using the resources of the processor;
      • a flash memory 7, which is a memory that saves the stored data without a power source and whose storage capacity is for example 512 kilobytes; and
      • an SRAM memory 8, from the abbreviation for “Static Random Access Memory” which is a memory that requires a power source in order to save the data stored in the memory, and whose storage capacity is for example 2 Megabytes.
  • The data transfers between the encryption module 3 and the host system HS take place simultaneously with the encryption operations performed by the encryption module 3, thus making it possible to optimize the overall performance of the card 1.
  • The flash memory 7 contains the code of the processor of the microcontroller IOP 6.
  • At startup, the processor copies the contents of the flash memory 7 into the SRAM memory 8; the code being executed in this memory for better performance.
  • The SRAM memory 8 could also be replaced by an SDRAM (Synchronous Dynamic RAM) memory, which is a fast dynamic memory.
  • The microcontroller IOP 6 is capable of managing this type of memory without a loss of performance.
  • The choice of the microcontroller depends primarily on the desired performance objectives as well as the total power consumption of the card supporting the circuit, which is generally limited to 25 W (PCI specification).
  • The dual-port memory DPR 4 provides the isolation between the input/output module 2 and the encryption module 3, thus making the latter inaccessible to the host system HS.
  • Its storage capacity in the example described is 64 kilobytes. It temporarily stores the data that is to be encrypted or decrypted by the encryption automata of the encryption module 3.
  • It is divided into two areas:
      • a control area, for example of 4 kilobytes, in which the microcontroller IOP 6 writes the control blocks to be sent to the automata; and
      • a data area, for example of 60 kilobytes, containing the data to be processed by the automata.
  • The encryption module 3 includes first and second encryption sub-modules 3 1 and 3 2, respectively delimited by an enclosing broken line.
  • The first sub-module 3 1 includes an SCE (Symmetric Cipher Engine) component 9, dedicated to the processing of symmetric encryption algorithms, coupled with the bus of the dual-port memory 4.
  • The second sub-module 3 2 is dedicated to the processing of asymmetric encryption algorithms.
  • It is coupled with the bus of the dual-port memory 4, and includes a separate internal bus isolated from the bus of the dual-port memory 4.
  • It also includes:
      • one or two processors CIP 10 1, 10 2, from the abbreviation for “Cipher Processor”;
      • a processor ACE 10 2, from the abbreviation for “Asymmetric Cipher Processor,” which in a variant of embodiment replaces one of the two cipher processors CIP 10 1, 10 2;
      • a CMOS memory 11, for example with a storage capacity of 256 kilobytes, backed up by a battery;
      • a flash memory PROM 12, from the abbreviation for “Programmable Read-Only Memory,” for example with a storage capacity of 512 kilobytes; and
      • an SRAM memory 13, for example with a storage capacity of 256 kilobytes.
  • As illustrated in the block diagram of the FIGURE, the SCE component 9 and the CMOS memory 11 are directly coupled with the bus of the dual-port memory DPR 4, while the processors CIP 10 1 and 10 2 and the flash 12 and SRAM 13 memories are coupled with a separate bus isolated from the bus of the dual-port memory DPR 4 by means of a bus isolator 14, also called a bus “transceiver,” represented in the figure by a block with two opposing arrows.
  • The flash memory PROM 12 located in the bus of the processors CIP 10 1 and 10 2 contains all of the software used by the encryption module 3.
  • The SRAM memory 13 plays two roles:
      • it enables the fast execution of the code of the processors CIP 10 1 and 10 2; the code is copied into the memory from the flash memory PROM 12 at power up;
      • it also makes it possible to store the data temporarily during the execution of the algorithms.
  • This characteristic of the architecture guarantees the independence of the various encryption automata from one another.
  • The processor CIP 10 1 and the processor ACE 10 2 both access the dual-port memory DPR 4 in order to read or write the data to be encrypted, but the processing of the algorithms per se takes place entirely within their own memory space (internal cache and SRAM 13) without interfering with the SCE component 9.
  • The SCE component 9 integrates the various symmetric encryption automata (one automaton per algorithm) of the DES, RC4 or other type, as well as a random number generator, not represented.
  • Each automaton works independently from the others and accesses the dual-port memory DPR 4 in order to read its control block (written by the microcontroller IOP 6) and the corresponding data to be processed.
  • The parallelism of the processing thus performed makes it possible to guarantee an optimal throughput for each algorithm even when the automata are used simultaneously.
  • The only limitation on the processing is imposed by access to the dual-port memory DPR 4, which is shared by all of the automata.
  • The bandwidth of the data bus to this memory must therefore be greater than the sum of the throughputs of each algorithm in order not to limit their performance.
  • The SCE component 9 is produced using a programmable technology that is also known as FPGA, or “Field Programmable Gate Array,” which is a programmable circuit or chip having a high logic gate density, which provides all of the flexibility required to implement new algorithms, including proprietary algorithms, on demand.
  • The configuration data for this component is contained in the flash memory PROM 12, and is loaded into the SCE component 9 at power up under the control of the processor CIP 10 1.
  • The processor CIP 10 1, using given programming software, implements the algorithms not implemented in the SCE component 9. It also implements asymmetric algorithms of the RSA type with or without the help of the specialized automaton implemented by the processor ACE 10 2.
  • It performs the initialization of the security parameters (keys) via the serial link SL.
  • The utilization of a high-performance processor at this level guarantees optimal performance in the execution of the algorithms as well as great flexibility for the implementation of additional algorithms.
  • As a result of this processor, it is also possible to download proprietary algorithms via the serial link SL.
  • According to a first embodiment, two processors CIP 10 1 and 10 2 are implemented:
  • One of them 10 1 is required for the execution of the of the RSA algorithm; the other 10 2 implements the algorithms not yet supported by the SCE component 9.
  • According to a second embodiment, there is only one processor CIP 10 1 assisted by a processor ACE 10 2 that replaces one of the two processors CIP 10 1 and 10 2 of the first embodiment, and which implements, in programmable logic, the intensive calculation linked to the protocol of the RSA algorithm.
  • All of the required algorithms are implemented in programmable logic in automata of the SCE component 9.
  • This component is produced in programmable FPGA technology.
  • The CMOS memory 11 contains the keys and other secrets of the card 1. It is backed up by a battery and protected by various known security mechanisms SM 15 which, in case of abnormalities, translate them as an intrusion attempt and erase its contents.
  • These abnormalities are for example due to:
      • an abnormal increase or decrease in the temperature;
      • an abnormal increase or decrease in the supply voltage;
      • a disencryption of the card;
      • a physical intrusion attempt (on the card end or the host system end);
      • etc.
  • Each of the above events triggers an alarm signal that acts on the reset mechanism of the CMOS memory 11.
  • While this invention has been described in conjunction with specific embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the preferred embodiments of the invention as set forth herein, are intended to be illustrative, not limiting. Various changes may be made without departing from the true spirit and full scope of the invention as set forth herein and defined in the claims.

Claims (20)

1-14. (canceled)
15. An encryption circuit for simultaneously processing various encryption algorithms, the encryption circuit adapted to be coupled to a host computer system, the encryption circuit comprising:
an input/output module coupled to the host computer system via a dedicated bus, the input/output module handling data exchanges between the host computer system and the encryption circuit via the input/output module and the input/output module comprising a microcontroller and a memory;
an encryption module coupled to the input/output module, said encryption module controlling encryption and decryption operations, as well as storage of all sensitive information of the encryption circuit; and
isolation means operatively connected between the input/output module and the encryption module, the isolation means configured to make the sensitive information stored in the encryption module inaccessible to the host computer system.
16. An encryption circuit according to claim 15, wherein the isolation means comprises a dual-port memory.
17. An encryption circuit according to claim 15, wherein the isolation means comprises a dual-port memory coupled between the input/output module and the encryption module, the dual-port memory is coupled to a first bus and simultaneously handles the exchange of data, commands and statuses between the input/output and encryption modules, and isolation between the input/output and encryption modules.
18. An encryption circuit as set forth in claim 16, wherein the encryption module comprises:
a first encryption sub-module, dedicated to the processing of symmetric encryption algorithms, and being coupled with a first bus of the dual-port memory;
a second encryption sub-module, dedicated to the processing of asymmetric encryption algorithms and being coupled with the first bus of the dual-port memory and including a separate internal second bus isolated from the first bus of the dual-port memory; and
a CMOS memory, coupled with the dual-port memory via the first bus of the dual-port memory, containing the encryption keys.
19. An encryption circuit as set forth in claim 17, wherein the encryption module comprises:
a first encryption sub-module, dedicated to the processing of symmetric encryption algorithms, and being coupled with the first bus of the dual port memory;
a second encryption sub-module, dedicated to the processing of asymmetric encryption algorithms and being coupled with the first bus of the dual-port memory and including a separate internal second bus isolated from the first bus of the dual-port memory; and
a CMOS memory, coupled with the dual-port memory via the first bus of the dual-port memory, containing the encryption keys.
20. An encryption circuit according to claim 18, wherein the first encryption sub-module comprises an encryption component coupled with the dual-port memory via the first bus of the memory, comprising various encryption automata, respectively dedicated to the processing of symmetric encryption algorithms, and in that the second encryption sub-module comprises at least two encryption processors, respectively dedicated to the processing of asymmetric encryption algorithms, coupled with the encryption module via the internal second bus of the second sub-module and a bus isolator that isolates the second bus from the first bus of the dual-port memory.
21. An encryption circuit according to claim 20, wherein the encryption processors of the encryption module are of the CIP configuration.
22. An encryption circuit according to claim 20, wherein one of the two encryption processors is of the CIP type, and in that the other of the two encryption processors is of the ACE configuration.
23. An encryption circuit according to claim 20, wherein one of the two encryption processors is of the ACE configuration comprising a field programmable gate array (FPGA).
24. An encryption circuit according to claim 23, wherein the encryption component is of the SCE configuration.
25. An encryption circuit according to claim 24, wherein the encryption component comprises a field programmable array (FPGA).
26. An encryption circuit according to claim 25, wherein the second encryption sub-module comprises a flash memory PROM and an SRAM memory coupled with the second internal bus of the sub-module.
27. An encryption circuit according to claim 20, further comprising a CMOS memory containing security keys and security mechanisms that trigger a reset mechanism of the CMOS memory in case of an alarm.
28. An encryption circuit according to claim 15, wherein the microcontroller comprises:
an input/output processor and a PCI interface integrating DMA channels responsible for executing the data transfers between the host computer system and the circuit; and
the memory comprises the flash memory containing the code of the input/output processor and a PCI interface integrating DMA channels responsible for executing the data transfers between the host computer system and the circuit;
the flash memory containing the code of the input/output processor; and
the static random access memory that receives a copy of the contents of the flash memory upon startup of the input/output processor.
29. An encryption circuit according to claim 15, comprising a serial link connected to input basic keys through a secure path independent of the dedicated PCI bus, said link controlled by the encryption module.
30. An encryption circuit according to claim 29, wherein the serial link (SL) allows downloading of proprietary algorithms into the first encryption sub-module.
31. An encryption circuit as set forth in claim 15, further including a card supporting the circuit.
32. An encryption circuit as set forth in claim 18, further including a card supporting the circuit.
33. An encryption circuit as set forth in claim 20, further including a card supporting the circuit.
US11/802,759 1999-11-09 2007-05-24 Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance Abandoned US20070223688A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/802,759 US20070223688A1 (en) 1999-11-09 2007-05-24 Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
FR9914067A FR2800952B1 (en) 1999-11-09 1999-11-09 ARCHITECTURE OF AN ENCRYPTION CIRCUIT IMPLEMENTING DIFFERENT TYPES OF ENCRYPTION ALGORITHMS SIMULTANEOUSLY WITHOUT LOSS OF PERFORMANCE
FRFR9914067 1999-11-09
US09/706,728 US7418598B1 (en) 1999-11-09 2000-11-07 Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance
US11/802,759 US20070223688A1 (en) 1999-11-09 2007-05-24 Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/706,728 Continuation US7418598B1 (en) 1999-11-09 2000-11-07 Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

Publications (1)

Publication Number Publication Date
US20070223688A1 true US20070223688A1 (en) 2007-09-27

Family

ID=9551907

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/706,728 Expired - Lifetime US7418598B1 (en) 1999-11-09 2000-11-07 Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance
US11/802,759 Abandoned US20070223688A1 (en) 1999-11-09 2007-05-24 Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/706,728 Expired - Lifetime US7418598B1 (en) 1999-11-09 2000-11-07 Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

Country Status (5)

Country Link
US (2) US7418598B1 (en)
EP (1) EP1100225B1 (en)
JP (1) JP4138225B2 (en)
DE (1) DE60020794T2 (en)
FR (1) FR2800952B1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060117122A1 (en) * 2004-11-04 2006-06-01 Intel Corporation Method and apparatus for conditionally obfuscating bus communications
US7995753B2 (en) * 2005-08-29 2011-08-09 Cisco Technology, Inc. Parallel cipher operations using a single data pass
US20150372816A1 (en) * 2014-06-19 2015-12-24 Samsung Electronics Co., Ltd. Semiconductor devices and methods of protecting data of channels in the same
US10943020B2 (en) * 2016-02-26 2021-03-09 Huawei Technologies Co., Ltd. Data communication system with hierarchical bus encryption system
CN116049910A (en) * 2023-02-01 2023-05-02 广东高云半导体科技股份有限公司 Data encryption system and method

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040042730A (en) * 2002-11-15 2004-05-20 엘지엔시스(주) Network encode apparatus and method
US7937595B1 (en) * 2003-06-27 2011-05-03 Zoran Corporation Integrated encryption/decryption functionality in a digital TV/PVR system-on-chip
US7636857B2 (en) * 2004-05-24 2009-12-22 Interdigital Technology Corporation Data-mover controller with plural registers for supporting ciphering operations
US20070016799A1 (en) * 2005-07-14 2007-01-18 Nokia Corporation DRAM to mass memory interface with security processor
JP5201716B2 (en) * 2007-09-28 2013-06-05 東芝ソリューション株式会社 Cryptographic module distribution system, cryptographic management server device, cryptographic processing device, client device, cryptographic management program, cryptographic processing program, and client program
US8300825B2 (en) 2008-06-30 2012-10-30 Intel Corporation Data encryption and/or decryption by integrated circuit
EP2544116A1 (en) * 2011-07-06 2013-01-09 Gemalto SA Method of managing the loading of data in a secure device
JPWO2014049830A1 (en) * 2012-09-28 2016-08-22 富士通株式会社 Information processing apparatus and semiconductor device
FR3003712B1 (en) * 2013-03-19 2016-08-05 Altis Semiconductor Snc MATERIAL SAFETY MODULE
DE102017213010A1 (en) * 2017-07-28 2019-01-31 Audi Ag Overall device with an authentication arrangement and method for authentication

Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4075691A (en) * 1975-11-06 1978-02-21 Bunker Ramo Corporation Communication control unit
US4488231A (en) * 1980-09-29 1984-12-11 Honeywell Information Systems Inc. Communication multiplexer having dual microprocessors
US4604683A (en) * 1984-12-10 1986-08-05 Advanced Computer Communications Communication controller using multiported random access memory
US4623990A (en) * 1984-10-31 1986-11-18 Advanced Micro Devices, Inc. Dual-port read/write RAM with single array
US4855905A (en) * 1987-04-29 1989-08-08 International Business Machines Corporation Multiprotocol I/O communications controller unit including emulated I/O controllers and tables translation of common commands and device addresses
US4888802A (en) * 1988-06-17 1989-12-19 Ncr Corporation System and method for providing for secure encryptor key management
US5001750A (en) * 1989-03-07 1991-03-19 Aisin Seiki Kabushiki Kaisha Secret communication control apparatus
US5063596A (en) * 1989-02-24 1991-11-05 Miu Automation Corporation Encryption printed circuit board
US5313587A (en) * 1989-05-19 1994-05-17 Hitachi Micro Systems, Inc. Device for simultaneous data input/output and execution support in digital processors
US5333198A (en) * 1993-05-27 1994-07-26 Houlberg Christian L Digital interface circuit
US5586263A (en) * 1989-05-13 1996-12-17 Kabushiki Kaisha Toshiba High speed data communication control device having an uncompetitive bus construction
US5621800A (en) * 1994-11-01 1997-04-15 Motorola, Inc. Integrated circuit that performs multiple communication tasks
US5682027A (en) * 1992-10-26 1997-10-28 Intellect Australia Pty Ltd. System and method for performing transactions and a portable intelligent device therefore
US5805712A (en) * 1994-05-31 1998-09-08 Intel Corporation Apparatus and method for providing secured communications
US5860021A (en) * 1997-04-24 1999-01-12 Klingman; Edwin E. Single chip microcontroller having down-loadable memory organization supporting "shadow" personality, optimized for bi-directional data transfers over a communication channel
US6021201A (en) * 1997-01-07 2000-02-01 Intel Corporation Method and apparatus for integrated ciphering and hashing
US6067407A (en) * 1995-06-30 2000-05-23 Canon Information Systems, Inc. Remote diagnosis of network device over a local area network
US6079008A (en) * 1998-04-03 2000-06-20 Patton Electronics Co. Multiple thread multiple data predictive coded parallel processing system and method
US6088800A (en) * 1998-02-27 2000-07-11 Mosaid Technologies, Incorporated Encryption processor with shared memory interconnect
US6169700B1 (en) * 1999-02-04 2001-01-02 Lucent Technologies, Inc. Wait state generator circuit and method to allow asynchronous, simultaneous access by two processors
US6182104B1 (en) * 1998-07-22 2001-01-30 Motorola, Inc. Circuit and method of modulo multiplication
US6357004B1 (en) * 1997-09-30 2002-03-12 Intel Corporation System and method for ensuring integrity throughout post-processing
US6453397B1 (en) * 1998-12-14 2002-09-17 Nec Corporation Single chip microcomputer internally including a flash memory
US6463637B1 (en) * 2000-07-14 2002-10-15 Safariland Ltd, Inc. Movable belt buckle cover device and protector
US6772270B1 (en) * 2000-02-10 2004-08-03 Vicom Systems, Inc. Multi-port fibre channel controller

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USH1414H (en) * 1991-02-12 1995-02-07 The United States Of America As Represented By The Secretary Of The Navy Nonvolatile memory system for storing a key word and sensing the presence of an external loader device and encryption circuit
US6463537B1 (en) * 1999-01-04 2002-10-08 Codex Technologies, Inc. Modified computer motherboard security and identification system

Patent Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4075691A (en) * 1975-11-06 1978-02-21 Bunker Ramo Corporation Communication control unit
US4488231A (en) * 1980-09-29 1984-12-11 Honeywell Information Systems Inc. Communication multiplexer having dual microprocessors
US4623990A (en) * 1984-10-31 1986-11-18 Advanced Micro Devices, Inc. Dual-port read/write RAM with single array
US4604683A (en) * 1984-12-10 1986-08-05 Advanced Computer Communications Communication controller using multiported random access memory
US4855905A (en) * 1987-04-29 1989-08-08 International Business Machines Corporation Multiprotocol I/O communications controller unit including emulated I/O controllers and tables translation of common commands and device addresses
US4888802A (en) * 1988-06-17 1989-12-19 Ncr Corporation System and method for providing for secure encryptor key management
US5063596A (en) * 1989-02-24 1991-11-05 Miu Automation Corporation Encryption printed circuit board
US5001750A (en) * 1989-03-07 1991-03-19 Aisin Seiki Kabushiki Kaisha Secret communication control apparatus
US5586263A (en) * 1989-05-13 1996-12-17 Kabushiki Kaisha Toshiba High speed data communication control device having an uncompetitive bus construction
US5313587A (en) * 1989-05-19 1994-05-17 Hitachi Micro Systems, Inc. Device for simultaneous data input/output and execution support in digital processors
US5682027A (en) * 1992-10-26 1997-10-28 Intellect Australia Pty Ltd. System and method for performing transactions and a portable intelligent device therefore
US6095412A (en) * 1992-10-26 2000-08-01 Intellect Australia Pty Ltd. Host and user transaction system
US5333198A (en) * 1993-05-27 1994-07-26 Houlberg Christian L Digital interface circuit
US5805712A (en) * 1994-05-31 1998-09-08 Intel Corporation Apparatus and method for providing secured communications
US5621800A (en) * 1994-11-01 1997-04-15 Motorola, Inc. Integrated circuit that performs multiple communication tasks
US6067407A (en) * 1995-06-30 2000-05-23 Canon Information Systems, Inc. Remote diagnosis of network device over a local area network
US6021201A (en) * 1997-01-07 2000-02-01 Intel Corporation Method and apparatus for integrated ciphering and hashing
US5860021A (en) * 1997-04-24 1999-01-12 Klingman; Edwin E. Single chip microcontroller having down-loadable memory organization supporting "shadow" personality, optimized for bi-directional data transfers over a communication channel
US6357004B1 (en) * 1997-09-30 2002-03-12 Intel Corporation System and method for ensuring integrity throughout post-processing
US6088800A (en) * 1998-02-27 2000-07-11 Mosaid Technologies, Incorporated Encryption processor with shared memory interconnect
US6434699B1 (en) * 1998-02-27 2002-08-13 Mosaid Technologies Inc. Encryption processor with shared memory interconnect
US6079008A (en) * 1998-04-03 2000-06-20 Patton Electronics Co. Multiple thread multiple data predictive coded parallel processing system and method
US6182104B1 (en) * 1998-07-22 2001-01-30 Motorola, Inc. Circuit and method of modulo multiplication
US6453397B1 (en) * 1998-12-14 2002-09-17 Nec Corporation Single chip microcomputer internally including a flash memory
US6169700B1 (en) * 1999-02-04 2001-01-02 Lucent Technologies, Inc. Wait state generator circuit and method to allow asynchronous, simultaneous access by two processors
US6772270B1 (en) * 2000-02-10 2004-08-03 Vicom Systems, Inc. Multi-port fibre channel controller
US6463637B1 (en) * 2000-07-14 2002-10-15 Safariland Ltd, Inc. Movable belt buckle cover device and protector

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060117122A1 (en) * 2004-11-04 2006-06-01 Intel Corporation Method and apparatus for conditionally obfuscating bus communications
US7995753B2 (en) * 2005-08-29 2011-08-09 Cisco Technology, Inc. Parallel cipher operations using a single data pass
US20150372816A1 (en) * 2014-06-19 2015-12-24 Samsung Electronics Co., Ltd. Semiconductor devices and methods of protecting data of channels in the same
US10177913B2 (en) * 2014-06-19 2019-01-08 Samsung Electronics Co., Ltd. Semiconductor devices and methods of protecting data of channels in the same
US10943020B2 (en) * 2016-02-26 2021-03-09 Huawei Technologies Co., Ltd. Data communication system with hierarchical bus encryption system
CN116049910A (en) * 2023-02-01 2023-05-02 广东高云半导体科技股份有限公司 Data encryption system and method

Also Published As

Publication number Publication date
DE60020794D1 (en) 2005-07-21
US7418598B1 (en) 2008-08-26
FR2800952B1 (en) 2001-12-07
DE60020794T2 (en) 2006-05-04
JP2001211163A (en) 2001-08-03
EP1100225B1 (en) 2005-06-15
FR2800952A1 (en) 2001-05-11
JP4138225B2 (en) 2008-08-27
EP1100225A1 (en) 2001-05-16

Similar Documents

Publication Publication Date Title
US20070223688A1 (en) Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance
US7089419B2 (en) Control function with multiple security states for facilitating secure operation of an integrated system
US5937063A (en) Secure boot
US8321687B2 (en) High speed cryptographic system with modular architecture
US8838950B2 (en) Security architecture for system on chip
JP4030719B2 (en) Intelligent IC
US7266842B2 (en) Control function implementing selective transparent data authentication within an integrated system
JP5153887B2 (en) Method and apparatus for transfer of secure operating mode access privileges from a processor to a peripheral device
US20080072070A1 (en) Secure virtual RAM
US20080046638A1 (en) Multiprocessor System having an Input/Output (I/O) Bridge Circuit for Transferring Data Between Volatile and Non-Volatile Memory
CA2395645A1 (en) Dual-mode processor
JP2008502039A (en) Security module components
US20050071656A1 (en) Secure processor-based system and method
EP3460709B1 (en) Devices and methods for secured processors
JP2003521034A (en) Microprocessor system and method of operating the same
US4460972A (en) Single chip microcomputer selectively operable in response to instructions stored on the computer chip or in response to instructions stored external to the chip
US7024511B2 (en) Method and apparatus for active memory bus peripheral control utilizing address call sequencing
JP2009296195A (en) Encryption device using fpga with multiple cpu cores
CN115202892B (en) Memory expansion system and memory expansion method of cryptographic coprocessor
US11604651B2 (en) Methods and devices for hardware characterization of computing devices
JP7431791B2 (en) Storage system and data processing method
US20180144137A1 (en) Secure element with shared memories, for a multi-image owner device
JPS6362778B2 (en)
TW202343289A (en) Architecture of system on a chip and associated content protection method
JPH11345221A (en) Multiprocessor system

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION