CA2634812A1 - Cryptographic co-processor - Google Patents
Cryptographic co-processor Download PDFInfo
- Publication number
- CA2634812A1 CA2634812A1 CA002634812A CA2634812A CA2634812A1 CA 2634812 A1 CA2634812 A1 CA 2634812A1 CA 002634812 A CA002634812 A CA 002634812A CA 2634812 A CA2634812 A CA 2634812A CA 2634812 A1 CA2634812 A1 CA 2634812A1
- Authority
- CA
- Canada
- Prior art keywords
- data
- memory
- hash
- storing
- plaintext data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims 27
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3877—Concurrent instruction execution, e.g. pipeline or look ahead using a slave processor, e.g. coprocessor
- G06F9/3879—Concurrent instruction execution, e.g. pipeline or look ahead using a slave processor, e.g. coprocessor for non-native instruction execution, e.g. executing a command; for Java instruction set
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/20—Manipulating the length of blocks of bits, e.g. padding or block truncation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/34—Encoding or coding, e.g. Huffman coding or error correction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP) (62), along with a number of high performance cryptographic function elements, as well as a PCI
and PCMCIA
(14) interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator (28).
and PCMCIA
(14) interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator (28).
Claims (27)
1. A method of implementing parallel Internet Protocol Security (1Psec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory and in a hash memory;
loading the fetched context data stored in the registers into an encryption circuit and into a hash circuit;
loading the plaintext data into the encryption circuit and into the hash circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the ciphertext data in the encrypt memory and the hash digest in a register.
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory and in a hash memory;
loading the fetched context data stored in the registers into an encryption circuit and into a hash circuit;
loading the plaintext data into the encryption circuit and into the hash circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the ciphertext data in the encrypt memory and the hash digest in a register.
2. A method as defined in Claim 1, further comprising the step of:
padding the plaintext data stored in the encrypt memory and the plaintext data stored in the hash memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data, encrypting the plaintext data and hashing the plaintext data includes a padded portion of data.
padding the plaintext data stored in the encrypt memory and the plaintext data stored in the hash memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data, encrypting the plaintext data and hashing the plaintext data includes a padded portion of data.
3. A method as defined in Claim 1 or Claim 2, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
4. A method as defined in Claim 3, wherein the ciphertext data stored in the encrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the ciphertext data.
5. A method of implementing parallel Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory and in a hash memory;
loading the fetched context data stored in the registers into a decryption circuit and into a hash circuit;
loading the ciphertext data into the encryption circuit and into the hash circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;
hashing the ciphertext data in the hash circuit to generate a hash digest; and storing the plaintext data in the decrypt memory and the hash digest in a register.
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory and in a hash memory;
loading the fetched context data stored in the registers into a decryption circuit and into a hash circuit;
loading the ciphertext data into the encryption circuit and into the hash circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;
hashing the ciphertext data in the hash circuit to generate a hash digest; and storing the plaintext data in the decrypt memory and the hash digest in a register.
6. A method as defined in Claim 5, further comprising the steps of:
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
7. A method as defined in Claim 5 or Claim 6, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
8. A method as defined in Claim 7, wherein the plaintext data stored in the decrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the plaintext data.
9. A method of implementing pipeline Internet Protocol Security (IPsec) operations simultaneously within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory;
loading the fetched context data stored in the registers into an encryption circuit and into a hash circuit;
loading the plaintext data into the encryption circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
storing the ciphertext data in the encrypt memory and in the hash memory;
loading the ciphertext data stored in the hash memory into the hash circuit;
hashing the ciphertext data in the hash circuit into a hash digest; and storing the hash digest in a register.
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory;
loading the fetched context data stored in the registers into an encryption circuit and into a hash circuit;
loading the plaintext data into the encryption circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
storing the ciphertext data in the encrypt memory and in the hash memory;
loading the ciphertext data stored in the hash memory into the hash circuit;
hashing the ciphertext data in the hash circuit into a hash digest; and storing the hash digest in a register.
10. A method as defined in Claim 9, further comprising the step of:
padding the plaintext data stored in the encrypt memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and encrypting the plaintext data includes a padded portion of data.
padding the plaintext data stored in the encrypt memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and encrypting the plaintext data includes a padded portion of data.
11. A method as defined in Claim 9 or Claim 10, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
12. A method as defined in Claim 11, wherein the ciphertext data stored in the encrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the ciphertext data.
13. A method of implementing pipeline Internet Protocol Security (IPsec) operations simultaneously within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory;
loading the fetched context data stored in the registers into a decryption circuit and into a hash circuit;
loading the ciphertext data into the decryption circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;
storing the plaintext data in the decrypt memory and in the hash memory;
loading the plaintext data into the hash circuit;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory;
loading the fetched context data stored in the registers into a decryption circuit and into a hash circuit;
loading the ciphertext data into the decryption circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;
storing the plaintext data in the decrypt memory and in the hash memory;
loading the plaintext data into the hash circuit;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
14. A method as defined in Claim 13, further comprising the steps of:
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
15. A method as defined in Claim 13 or Claim 14, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
16. A method as defined in Claim 15, wherein the plaintext data stored in the decrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the plaintext data.
17. A method of implementing Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory;
loading the fetched context data stored in the registers into a decryption circuit;
loading the ciphertext data into the decryption circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;
and storing the plaintext data in the decrypt memory.
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory;
loading the fetched context data stored in the registers into a decryption circuit;
loading the ciphertext data into the decryption circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;
and storing the plaintext data in the decrypt memory.
18. A method as defined in Claim 17, further comprising the steps of:
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
19. A method as defined in Claim 17 or Claim 18, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
20. A method as defined in Claim 19, wherein the plaintext data stored in the decrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the plaintext data.
21. A method of implementing Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory;
loading the fetched context data stored in the registers into an encryption circuit;
loading the plaintext data into the encryption circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
and storing the ciphertext data in the encrypt memory.
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory;
loading the fetched context data stored in the registers into an encryption circuit;
loading the plaintext data into the encryption circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
and storing the ciphertext data in the encrypt memory.
22. A method as defined in Claim 21, further comprising the step of:
padding the plaintext data stored in the encrypt memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and encrypting the plaintext data includes a padded portion of data.
padding the plaintext data stored in the encrypt memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and encrypting the plaintext data includes a padded portion of data.
23. A method as defined in Claim 21 or Claim 22, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
24. A method as defined in Claim 23, wherein the ciphertext data stored in the encrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the ciphertext data.
25. A method of implementing Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a hash memory;
loading the fetched context data stored in the registers into a hash circuit;
loading the ciphertext data into the hash circuit;
hashing the ciphertext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a hash memory;
loading the fetched context data stored in the registers into a hash circuit;
loading the ciphertext data into the hash circuit;
hashing the ciphertext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
26. A method of implementing Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in a hash memory;
loading the fetched context data stored in the registers into a hash circuit;
loading the plaintext data into the hash circuit;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in a hash memory;
loading the fetched context data stored in the registers into a hash circuit;
loading the plaintext data into the hash circuit;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
27. A method as defined in Claim 26, further comprising the step of:
padding the plaintext data stored in the hash memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and hashing the plaintext data includes a padded portion of data.
padding the plaintext data stored in the hash memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and hashing the plaintext data includes a padded portion of data.
Applications Claiming Priority (21)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US5908297P | 1997-09-16 | 1997-09-16 | |
US5984697P | 1997-09-16 | 1997-09-16 | |
US5984497P | 1997-09-16 | 1997-09-16 | |
US5984597P | 1997-09-16 | 1997-09-16 | |
US5984197P | 1997-09-16 | 1997-09-16 | |
US5983997P | 1997-09-16 | 1997-09-16 | |
US5984297P | 1997-09-16 | 1997-09-16 | |
US5984097P | 1997-09-16 | 1997-09-16 | |
US5984797P | 1997-09-16 | 1997-09-16 | |
US5984397P | 1997-09-16 | 1997-09-16 | |
US60/059,082 | 1997-09-16 | ||
US60/059,844 | 1997-09-16 | ||
US60/059,839 | 1997-09-16 | ||
US60/059,840 | 1997-09-16 | ||
US60/059,843 | 1997-09-16 | ||
US60/059,847 | 1997-09-16 | ||
US60/059,845 | 1997-09-16 | ||
US60/059,846 | 1997-09-16 | ||
US60/059,841 | 1997-09-16 | ||
US60/059,842 | 1997-09-16 | ||
CA002303297A CA2303297C (en) | 1997-09-16 | 1998-09-16 | Cryptographic co-processor |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002303297A Division CA2303297C (en) | 1997-09-16 | 1998-09-16 | Cryptographic co-processor |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2634812A1 true CA2634812A1 (en) | 1999-03-25 |
CA2634812C CA2634812C (en) | 2010-03-30 |
Family
ID=27580864
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002303297A Expired - Fee Related CA2303297C (en) | 1997-09-16 | 1998-09-16 | Cryptographic co-processor |
CA2634812A Expired - Fee Related CA2634812C (en) | 1997-09-16 | 1998-09-16 | Cryptographic co-processor |
CA2641215A Expired - Fee Related CA2641215C (en) | 1997-09-16 | 1998-09-16 | Cryptographic co-processor |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002303297A Expired - Fee Related CA2303297C (en) | 1997-09-16 | 1998-09-16 | Cryptographic co-processor |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2641215A Expired - Fee Related CA2641215C (en) | 1997-09-16 | 1998-09-16 | Cryptographic co-processor |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1013026A4 (en) |
AU (1) | AU1060999A (en) |
CA (3) | CA2303297C (en) |
WO (1) | WO1999014881A2 (en) |
Families Citing this family (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19752615C1 (en) * | 1997-11-27 | 1999-04-08 | Siemens Nixdorf Inf Syst | Data loading method for basic routines in data processing system |
US6088800A (en) | 1998-02-27 | 2000-07-11 | Mosaid Technologies, Incorporated | Encryption processor with shared memory interconnect |
US6820203B1 (en) * | 1999-04-07 | 2004-11-16 | Sony Corporation | Security unit for use in memory card |
US6708272B1 (en) | 1999-05-20 | 2004-03-16 | Storage Technology Corporation | Information encryption system and method |
GB2353676A (en) * | 1999-08-17 | 2001-02-28 | Hewlett Packard Co | Robust encryption and decryption of packetised data transferred across communications networks |
EP1224533B1 (en) * | 1999-10-20 | 2004-01-02 | AEP Systems Limited | A cryptographic accelerator |
US6928162B1 (en) | 2000-04-07 | 2005-08-09 | International Business Machines Corporation | Method and system for manipulating and telescoping a hash function |
US20020061107A1 (en) | 2000-09-25 | 2002-05-23 | Tham Terry K. | Methods and apparatus for implementing a cryptography engine |
US20020078342A1 (en) | 2000-09-25 | 2002-06-20 | Broadcom Corporation | E-commerce security processor alignment logic |
DE10056989A1 (en) * | 2000-11-17 | 2002-05-23 | Secware Technologies Ag | Application-specific integrated circuit for encoding and decoding data streams has PCMCIA interface connectable to card storing key information |
US7360076B2 (en) | 2001-06-13 | 2008-04-15 | Itt Manufacturing Enterprises, Inc. | Security association data cache and structure |
US7249255B2 (en) | 2001-06-13 | 2007-07-24 | Corrent Corporation | Apparatus and method for a hash processing system using multiple hash storage areas |
US7266703B2 (en) | 2001-06-13 | 2007-09-04 | Itt Manufacturing Enterprises, Inc. | Single-pass cryptographic processor and method |
US7240203B2 (en) * | 2001-07-24 | 2007-07-03 | Cavium Networks, Inc. | Method and apparatus for establishing secure sessions |
US20030093381A1 (en) * | 2001-11-09 | 2003-05-15 | David Hohl | Systems and methods for authorization of data strings |
US7149764B2 (en) | 2002-11-21 | 2006-12-12 | Ip-First, Llc | Random number generator bit string filter |
US7219112B2 (en) | 2001-11-20 | 2007-05-15 | Ip-First, Llc | Microprocessor with instruction translator for translating an instruction for storing random data bytes |
US7136991B2 (en) | 2001-11-20 | 2006-11-14 | Henry G Glenn | Microprocessor including random number generator supporting operating system-independent multitasking operation |
US6871206B2 (en) | 2001-11-20 | 2005-03-22 | Ip-First, Llc | Continuous multi-buffering random number generator |
EP1447740A1 (en) * | 2003-02-11 | 2004-08-18 | IP-First LLC | Microprocessor with selectively available random number generator based on self-test result |
US6965254B2 (en) | 2002-12-10 | 2005-11-15 | Ip-First, Llc | Dynamic logic register |
US7173456B2 (en) | 2002-12-10 | 2007-02-06 | Ip-First, Llc | Dynamic logic return-to-zero latching mechanism |
US7139785B2 (en) | 2003-02-11 | 2006-11-21 | Ip-First, Llc | Apparatus and method for reducing sequential bit correlation in a random number generator |
US8468337B2 (en) | 2004-03-02 | 2013-06-18 | International Business Machines Corporation | Secure data transfer over a network |
US7564976B2 (en) | 2004-03-02 | 2009-07-21 | International Business Machines Corporation | System and method for performing security operations on network data |
US8028164B2 (en) * | 2004-03-19 | 2011-09-27 | Nokia Corporation | Practical and secure storage encryption |
US9652637B2 (en) | 2005-05-23 | 2017-05-16 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Method and system for allowing no code download in a code download scheme |
US9177176B2 (en) * | 2006-02-27 | 2015-11-03 | Broadcom Corporation | Method and system for secure system-on-a-chip architecture for multimedia data processing |
US9904809B2 (en) | 2006-02-27 | 2018-02-27 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Method and system for multi-level security initialization and configuration |
US9860055B2 (en) | 2006-03-22 | 2018-01-02 | Synopsys, Inc. | Flexible architecture for processing of large numbers and method therefor |
US9489318B2 (en) | 2006-06-19 | 2016-11-08 | Broadcom Corporation | Method and system for accessing protected memory |
US9444622B2 (en) * | 2008-09-15 | 2016-09-13 | Hewlett Packard Enterprise Development Lp | Computing platform with system key |
EP2350910B1 (en) | 2008-11-24 | 2018-07-25 | Certicom Corp. | System and method for hardware based security |
EP2452297A4 (en) | 2009-07-10 | 2014-05-28 | Certicom Corp | System and method for managing electronic assets |
WO2011003200A1 (en) * | 2009-07-10 | 2011-01-13 | Certicom Corp. | System and method for performing key injection to devices |
JP5502198B2 (en) | 2009-07-10 | 2014-05-28 | サーティコム コーポレーション | System and method for performing device serialization |
KR101336278B1 (en) | 2012-09-19 | 2013-12-03 | 충북대학교 산학협력단 | Light-weight hash algorithm for data security in wireless sensor networks |
EP3279826A1 (en) * | 2016-08-04 | 2018-02-07 | Nagravision SA | Sequence verification |
US11138132B2 (en) * | 2018-06-20 | 2021-10-05 | Intel Corporation | Technologies for secure I/O with accelerator devices |
US11263316B2 (en) * | 2019-08-20 | 2022-03-01 | Irdeto B.V. | Securing software routines |
US11347875B2 (en) | 2020-01-28 | 2022-05-31 | Intel Corporation | Cryptographic separation of memory on device with use in DMA protection |
JP2023553539A (en) | 2020-12-11 | 2023-12-21 | テザーズ アンリミテッド,インコーポレイテッド | Integrated cryptographic circuits in space applications |
US20240056290A1 (en) * | 2020-12-11 | 2024-02-15 | Nebulon, Inc. | Secure distribution and update of encryption keys in cluster storage |
CN114662082B (en) * | 2022-02-25 | 2023-06-06 | 荣耀终端有限公司 | Access control method of electronic device, readable medium and electronic device |
CN114696996B (en) * | 2022-04-01 | 2024-08-23 | 广州万协通信息技术有限公司 | Hardware device for encrypting and decrypting based on multiple symmetric algorithms and multiple masters |
EP4276633A1 (en) * | 2022-05-13 | 2023-11-15 | Thales Dis France SAS | Secured semiconductor device and method |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3827029A (en) * | 1972-09-25 | 1974-07-30 | Westinghouse Electric Corp | Memory and program protection system for a digital computer system |
US4914697A (en) * | 1988-02-01 | 1990-04-03 | Motorola, Inc. | Cryptographic method and apparatus with electronically redefinable algorithm |
JPH01237785A (en) * | 1988-03-18 | 1989-09-22 | Canon Inc | Electronic equipment |
US4987595A (en) * | 1989-09-11 | 1991-01-22 | Motorola, Inc. | Secure cryptographic processor arrangement |
US5073934A (en) * | 1990-10-24 | 1991-12-17 | International Business Machines Corporation | Method and apparatus for controlling the use of a public key, based on the level of import integrity for the key |
GB2294140B (en) * | 1992-05-29 | 1996-11-27 | Toshiba Kk | Data processing apparatus |
JP3520102B2 (en) * | 1993-12-28 | 2004-04-19 | 株式会社東芝 | Microcomputer |
US5577213A (en) * | 1994-06-03 | 1996-11-19 | At&T Global Information Solutions Company | Multi-device adapter card for computer |
US5557346A (en) * | 1994-08-11 | 1996-09-17 | Trusted Information Systems, Inc. | System and method for key escrow encryption |
US5530753A (en) * | 1994-08-15 | 1996-06-25 | International Business Machines Corporation | Methods and apparatus for secure hardware configuration |
US5721777A (en) * | 1994-12-29 | 1998-02-24 | Lucent Technologies Inc. | Escrow key management system for accessing encrypted data with portable cryptographic modules |
US5764969A (en) * | 1995-02-10 | 1998-06-09 | International Business Machines Corporation | Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization |
IL113259A (en) * | 1995-04-05 | 2001-03-19 | Diversinet Corp | Apparatus and method for safe communication handshake and data transfer |
US5623545A (en) * | 1995-08-31 | 1997-04-22 | National Semiconductor Corporation | Automatic data generation for self-test of cryptographic hash algorithms in personal security devices |
US5631960A (en) * | 1995-08-31 | 1997-05-20 | National Semiconductor Corporation | Autotest of encryption algorithms in embedded secure encryption devices |
CA2242777A1 (en) * | 1996-01-10 | 1997-07-17 | John Griffits | A secure pay-as-you-use system for computer software |
-
1998
- 1998-09-16 AU AU10609/99A patent/AU1060999A/en not_active Abandoned
- 1998-09-16 CA CA002303297A patent/CA2303297C/en not_active Expired - Fee Related
- 1998-09-16 CA CA2634812A patent/CA2634812C/en not_active Expired - Fee Related
- 1998-09-16 EP EP98953170A patent/EP1013026A4/en not_active Withdrawn
- 1998-09-16 WO PCT/US1998/019316 patent/WO1999014881A2/en active Application Filing
- 1998-09-16 CA CA2641215A patent/CA2641215C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
WO1999014881A2 (en) | 1999-03-25 |
EP1013026A2 (en) | 2000-06-28 |
CA2303297A1 (en) | 1999-03-25 |
CA2641215A1 (en) | 1999-03-25 |
EP1013026A4 (en) | 2004-09-08 |
AU1060999A (en) | 1999-04-05 |
CA2303297C (en) | 2008-11-25 |
CA2641215C (en) | 2010-05-25 |
WO1999014881A3 (en) | 1999-07-22 |
CA2634812C (en) | 2010-03-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2634812A1 (en) | Cryptographic co-processor | |
US8213612B2 (en) | Secure software download | |
US6061449A (en) | Secure processor with external memory using block chaining and block re-ordering | |
US7903813B2 (en) | Stream cipher encryption application accelerator and methods thereof | |
JP3747520B2 (en) | Information processing apparatus and information processing method | |
EP1440535B1 (en) | Memory encrytion system and method | |
US6708273B1 (en) | Apparatus and method for implementing IPSEC transforms within an integrated circuit | |
JP4703791B2 (en) | Data re-encryption apparatus and method | |
JP2509790B2 (en) | A computer network that changes the host-to-host encryption key. | |
CN107924448A (en) | The one-way cipher art that hardware is implemented | |
US6189095B1 (en) | Symmetric block cipher using multiple stages with modified type-1 and type-3 feistel networks | |
EP1855476A2 (en) | System and method for trusted data processing | |
JP2003122442A (en) | Wireless data communications method and apparatus for software download system | |
EP2290871A2 (en) | Encryption method and apparatus using composition of ciphers | |
US7362863B2 (en) | DES hardware throughput for short operations | |
AU743775B2 (en) | An apparatus for providing a secure processing environment | |
CN112035860A (en) | File encryption method, terminal, device, equipment and medium | |
CN110138557A (en) | Data processing equipment and data processing method | |
CN110138556A (en) | Data processing equipment and data processing method | |
KR20060110383A (en) | Multi-mode ciphering apparatus for network security processor | |
KR100546777B1 (en) | Apparatus and method for SEED Encryption/Decryption, and F function processor therefor | |
JPS6229333A (en) | System for setting ciphering key | |
JP2004341775A (en) | Data transfer method and data transfer system | |
WO2000019322A1 (en) | Method and apparatus for controlling access to confidential data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20150916 |