CA2634812A1 - Cryptographic co-processor - Google Patents

Cryptographic co-processor Download PDF

Info

Publication number
CA2634812A1
CA2634812A1 CA002634812A CA2634812A CA2634812A1 CA 2634812 A1 CA2634812 A1 CA 2634812A1 CA 002634812 A CA002634812 A CA 002634812A CA 2634812 A CA2634812 A CA 2634812A CA 2634812 A1 CA2634812 A1 CA 2634812A1
Authority
CA
Canada
Prior art keywords
data
memory
hash
storing
plaintext data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002634812A
Other languages
French (fr)
Other versions
CA2634812C (en
Inventor
Michael M. Kaplan
Robert Walker Doud
Bronislav Kavsan
Timothy Ober
Peter Reed
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS CPL USA Inc
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2634812A1 publication Critical patent/CA2634812A1/en
Application granted granted Critical
Publication of CA2634812C publication Critical patent/CA2634812C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3877Concurrent instruction execution, e.g. pipeline or look ahead using a slave processor, e.g. coprocessor
    • G06F9/3879Concurrent instruction execution, e.g. pipeline or look ahead using a slave processor, e.g. coprocessor for non-native instruction execution, e.g. executing a command; for Java instruction set
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/20Manipulating the length of blocks of bits, e.g. padding or block truncation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/34Encoding or coding, e.g. Huffman coding or error correction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP) (62), along with a number of high performance cryptographic function elements, as well as a PCI
and PCMCIA
(14) interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator (28).

Claims (27)

1. A method of implementing parallel Internet Protocol Security (1Psec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory and in a hash memory;
loading the fetched context data stored in the registers into an encryption circuit and into a hash circuit;
loading the plaintext data into the encryption circuit and into the hash circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the ciphertext data in the encrypt memory and the hash digest in a register.
2. A method as defined in Claim 1, further comprising the step of:
padding the plaintext data stored in the encrypt memory and the plaintext data stored in the hash memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data, encrypting the plaintext data and hashing the plaintext data includes a padded portion of data.
3. A method as defined in Claim 1 or Claim 2, further comprising the steps of:

creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
4. A method as defined in Claim 3, wherein the ciphertext data stored in the encrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the ciphertext data.
5. A method of implementing parallel Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:

initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory and in a hash memory;
loading the fetched context data stored in the registers into a decryption circuit and into a hash circuit;
loading the ciphertext data into the encryption circuit and into the hash circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;
hashing the ciphertext data in the hash circuit to generate a hash digest; and storing the plaintext data in the decrypt memory and the hash digest in a register.
6. A method as defined in Claim 5, further comprising the steps of:
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
7. A method as defined in Claim 5 or Claim 6, further comprising the steps of:

creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
8. A method as defined in Claim 7, wherein the plaintext data stored in the decrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the plaintext data.
9. A method of implementing pipeline Internet Protocol Security (IPsec) operations simultaneously within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory;
loading the fetched context data stored in the registers into an encryption circuit and into a hash circuit;

loading the plaintext data into the encryption circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
storing the ciphertext data in the encrypt memory and in the hash memory;
loading the ciphertext data stored in the hash memory into the hash circuit;
hashing the ciphertext data in the hash circuit into a hash digest; and storing the hash digest in a register.
10. A method as defined in Claim 9, further comprising the step of:
padding the plaintext data stored in the encrypt memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and encrypting the plaintext data includes a padded portion of data.
11. A method as defined in Claim 9 or Claim 10, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
12. A method as defined in Claim 11, wherein the ciphertext data stored in the encrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the ciphertext data.
13. A method of implementing pipeline Internet Protocol Security (IPsec) operations simultaneously within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory;
loading the fetched context data stored in the registers into a decryption circuit and into a hash circuit;
loading the ciphertext data into the decryption circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;

storing the plaintext data in the decrypt memory and in the hash memory;
loading the plaintext data into the hash circuit;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
14. A method as defined in Claim 13, further comprising the steps of:
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
15. A method as defined in Claim 13 or Claim 14, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
16. A method as defined in Claim 15, wherein the plaintext data stored in the decrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the plaintext data.
17. A method of implementing Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a decrypt memory;
loading the fetched context data stored in the registers into a decryption circuit;
loading the ciphertext data into the decryption circuit;
decrypting the ciphertext data in the decryption circuit to generate plaintext data;
and storing the plaintext data in the decrypt memory.
18. A method as defined in Claim 17, further comprising the steps of:
verifying pad bytes for correct pad properties; and discarding a padded portion of data from the plaintext data.
19. A method as defined in Claim 17 or Claim 18, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the plaintext data stored in the decrypt memory; and storing the initialization vector in a register.
20. A method as defined in Claim 19, wherein the plaintext data stored in the decrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the plaintext data.
21. A method of implementing Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;
fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in an encrypt memory;
loading the fetched context data stored in the registers into an encryption circuit;
loading the plaintext data into the encryption circuit;
encrypting the plaintext data in the encryption circuit to generate ciphertext data;
and storing the ciphertext data in the encrypt memory.
22. A method as defined in Claim 21, further comprising the step of:
padding the plaintext data stored in the encrypt memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and encrypting the plaintext data includes a padded portion of data.
23. A method as defined in Claim 21 or Claim 22, further comprising the steps of:
creating an initialization vector (IV) using a predetermined number of bytes of the ciphertext data stored in the encrypt memory; and storing the initialization vector in a register.
24. A method as defined in Claim 23, wherein the ciphertext data stored in the encrypt memory includes a last portion having eight bytes, and wherein the initialization vector includes the eight bytes of the last portion of the ciphertext data.
25. A method of implementing Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;

fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing ciphertext data in a hash memory;
loading the fetched context data stored in the registers into a hash circuit;
loading the ciphertext data into the hash circuit;

hashing the ciphertext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
26. A method of implementing Internet Protocol Security (IPsec) operations within an integrated circuit comprising the steps of:
initializing configuration and status registers;

fetching context data from memory containing security associations;
storing the fetched context data in registers;
storing plaintext data in a hash memory;

loading the fetched context data stored in the registers into a hash circuit;
loading the plaintext data into the hash circuit;
hashing the plaintext data in the hash circuit to generate a hash digest; and storing the hash digest in a register.
27. A method as defined in Claim 26, further comprising the step of:
padding the plaintext data stored in the hash memory to generate padded plaintext data, wherein the plaintext data used in the steps of loading the plaintext data and hashing the plaintext data includes a padded portion of data.
CA2634812A 1997-09-16 1998-09-16 Cryptographic co-processor Expired - Fee Related CA2634812C (en)

Applications Claiming Priority (21)

Application Number Priority Date Filing Date Title
US5908297P 1997-09-16 1997-09-16
US5984697P 1997-09-16 1997-09-16
US5984497P 1997-09-16 1997-09-16
US5984597P 1997-09-16 1997-09-16
US5984197P 1997-09-16 1997-09-16
US5983997P 1997-09-16 1997-09-16
US5984297P 1997-09-16 1997-09-16
US5984097P 1997-09-16 1997-09-16
US5984797P 1997-09-16 1997-09-16
US5984397P 1997-09-16 1997-09-16
US60/059,082 1997-09-16
US60/059,844 1997-09-16
US60/059,839 1997-09-16
US60/059,840 1997-09-16
US60/059,843 1997-09-16
US60/059,847 1997-09-16
US60/059,845 1997-09-16
US60/059,846 1997-09-16
US60/059,841 1997-09-16
US60/059,842 1997-09-16
CA002303297A CA2303297C (en) 1997-09-16 1998-09-16 Cryptographic co-processor

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CA002303297A Division CA2303297C (en) 1997-09-16 1998-09-16 Cryptographic co-processor

Publications (2)

Publication Number Publication Date
CA2634812A1 true CA2634812A1 (en) 1999-03-25
CA2634812C CA2634812C (en) 2010-03-30

Family

ID=27580864

Family Applications (3)

Application Number Title Priority Date Filing Date
CA002303297A Expired - Fee Related CA2303297C (en) 1997-09-16 1998-09-16 Cryptographic co-processor
CA2634812A Expired - Fee Related CA2634812C (en) 1997-09-16 1998-09-16 Cryptographic co-processor
CA2641215A Expired - Fee Related CA2641215C (en) 1997-09-16 1998-09-16 Cryptographic co-processor

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CA002303297A Expired - Fee Related CA2303297C (en) 1997-09-16 1998-09-16 Cryptographic co-processor

Family Applications After (1)

Application Number Title Priority Date Filing Date
CA2641215A Expired - Fee Related CA2641215C (en) 1997-09-16 1998-09-16 Cryptographic co-processor

Country Status (4)

Country Link
EP (1) EP1013026A4 (en)
AU (1) AU1060999A (en)
CA (3) CA2303297C (en)
WO (1) WO1999014881A2 (en)

Families Citing this family (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19752615C1 (en) * 1997-11-27 1999-04-08 Siemens Nixdorf Inf Syst Data loading method for basic routines in data processing system
US6088800A (en) 1998-02-27 2000-07-11 Mosaid Technologies, Incorporated Encryption processor with shared memory interconnect
US6820203B1 (en) * 1999-04-07 2004-11-16 Sony Corporation Security unit for use in memory card
US6708272B1 (en) 1999-05-20 2004-03-16 Storage Technology Corporation Information encryption system and method
GB2353676A (en) * 1999-08-17 2001-02-28 Hewlett Packard Co Robust encryption and decryption of packetised data transferred across communications networks
EP1224533B1 (en) * 1999-10-20 2004-01-02 AEP Systems Limited A cryptographic accelerator
US6928162B1 (en) 2000-04-07 2005-08-09 International Business Machines Corporation Method and system for manipulating and telescoping a hash function
US20020061107A1 (en) 2000-09-25 2002-05-23 Tham Terry K. Methods and apparatus for implementing a cryptography engine
US20020078342A1 (en) 2000-09-25 2002-06-20 Broadcom Corporation E-commerce security processor alignment logic
DE10056989A1 (en) * 2000-11-17 2002-05-23 Secware Technologies Ag Application-specific integrated circuit for encoding and decoding data streams has PCMCIA interface connectable to card storing key information
US7360076B2 (en) 2001-06-13 2008-04-15 Itt Manufacturing Enterprises, Inc. Security association data cache and structure
US7249255B2 (en) 2001-06-13 2007-07-24 Corrent Corporation Apparatus and method for a hash processing system using multiple hash storage areas
US7266703B2 (en) 2001-06-13 2007-09-04 Itt Manufacturing Enterprises, Inc. Single-pass cryptographic processor and method
US7240203B2 (en) * 2001-07-24 2007-07-03 Cavium Networks, Inc. Method and apparatus for establishing secure sessions
US20030093381A1 (en) * 2001-11-09 2003-05-15 David Hohl Systems and methods for authorization of data strings
US7149764B2 (en) 2002-11-21 2006-12-12 Ip-First, Llc Random number generator bit string filter
US7219112B2 (en) 2001-11-20 2007-05-15 Ip-First, Llc Microprocessor with instruction translator for translating an instruction for storing random data bytes
US7136991B2 (en) 2001-11-20 2006-11-14 Henry G Glenn Microprocessor including random number generator supporting operating system-independent multitasking operation
US6871206B2 (en) 2001-11-20 2005-03-22 Ip-First, Llc Continuous multi-buffering random number generator
EP1447740A1 (en) * 2003-02-11 2004-08-18 IP-First LLC Microprocessor with selectively available random number generator based on self-test result
US6965254B2 (en) 2002-12-10 2005-11-15 Ip-First, Llc Dynamic logic register
US7173456B2 (en) 2002-12-10 2007-02-06 Ip-First, Llc Dynamic logic return-to-zero latching mechanism
US7139785B2 (en) 2003-02-11 2006-11-21 Ip-First, Llc Apparatus and method for reducing sequential bit correlation in a random number generator
US8468337B2 (en) 2004-03-02 2013-06-18 International Business Machines Corporation Secure data transfer over a network
US7564976B2 (en) 2004-03-02 2009-07-21 International Business Machines Corporation System and method for performing security operations on network data
US8028164B2 (en) * 2004-03-19 2011-09-27 Nokia Corporation Practical and secure storage encryption
US9652637B2 (en) 2005-05-23 2017-05-16 Avago Technologies General Ip (Singapore) Pte. Ltd. Method and system for allowing no code download in a code download scheme
US9177176B2 (en) * 2006-02-27 2015-11-03 Broadcom Corporation Method and system for secure system-on-a-chip architecture for multimedia data processing
US9904809B2 (en) 2006-02-27 2018-02-27 Avago Technologies General Ip (Singapore) Pte. Ltd. Method and system for multi-level security initialization and configuration
US9860055B2 (en) 2006-03-22 2018-01-02 Synopsys, Inc. Flexible architecture for processing of large numbers and method therefor
US9489318B2 (en) 2006-06-19 2016-11-08 Broadcom Corporation Method and system for accessing protected memory
US9444622B2 (en) * 2008-09-15 2016-09-13 Hewlett Packard Enterprise Development Lp Computing platform with system key
EP2350910B1 (en) 2008-11-24 2018-07-25 Certicom Corp. System and method for hardware based security
EP2452297A4 (en) 2009-07-10 2014-05-28 Certicom Corp System and method for managing electronic assets
WO2011003200A1 (en) * 2009-07-10 2011-01-13 Certicom Corp. System and method for performing key injection to devices
JP5502198B2 (en) 2009-07-10 2014-05-28 サーティコム コーポレーション System and method for performing device serialization
KR101336278B1 (en) 2012-09-19 2013-12-03 충북대학교 산학협력단 Light-weight hash algorithm for data security in wireless sensor networks
EP3279826A1 (en) * 2016-08-04 2018-02-07 Nagravision SA Sequence verification
US11138132B2 (en) * 2018-06-20 2021-10-05 Intel Corporation Technologies for secure I/O with accelerator devices
US11263316B2 (en) * 2019-08-20 2022-03-01 Irdeto B.V. Securing software routines
US11347875B2 (en) 2020-01-28 2022-05-31 Intel Corporation Cryptographic separation of memory on device with use in DMA protection
JP2023553539A (en) 2020-12-11 2023-12-21 テザーズ アンリミテッド,インコーポレイテッド Integrated cryptographic circuits in space applications
US20240056290A1 (en) * 2020-12-11 2024-02-15 Nebulon, Inc. Secure distribution and update of encryption keys in cluster storage
CN114662082B (en) * 2022-02-25 2023-06-06 荣耀终端有限公司 Access control method of electronic device, readable medium and electronic device
CN114696996B (en) * 2022-04-01 2024-08-23 广州万协通信息技术有限公司 Hardware device for encrypting and decrypting based on multiple symmetric algorithms and multiple masters
EP4276633A1 (en) * 2022-05-13 2023-11-15 Thales Dis France SAS Secured semiconductor device and method

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3827029A (en) * 1972-09-25 1974-07-30 Westinghouse Electric Corp Memory and program protection system for a digital computer system
US4914697A (en) * 1988-02-01 1990-04-03 Motorola, Inc. Cryptographic method and apparatus with electronically redefinable algorithm
JPH01237785A (en) * 1988-03-18 1989-09-22 Canon Inc Electronic equipment
US4987595A (en) * 1989-09-11 1991-01-22 Motorola, Inc. Secure cryptographic processor arrangement
US5073934A (en) * 1990-10-24 1991-12-17 International Business Machines Corporation Method and apparatus for controlling the use of a public key, based on the level of import integrity for the key
GB2294140B (en) * 1992-05-29 1996-11-27 Toshiba Kk Data processing apparatus
JP3520102B2 (en) * 1993-12-28 2004-04-19 株式会社東芝 Microcomputer
US5577213A (en) * 1994-06-03 1996-11-19 At&T Global Information Solutions Company Multi-device adapter card for computer
US5557346A (en) * 1994-08-11 1996-09-17 Trusted Information Systems, Inc. System and method for key escrow encryption
US5530753A (en) * 1994-08-15 1996-06-25 International Business Machines Corporation Methods and apparatus for secure hardware configuration
US5721777A (en) * 1994-12-29 1998-02-24 Lucent Technologies Inc. Escrow key management system for accessing encrypted data with portable cryptographic modules
US5764969A (en) * 1995-02-10 1998-06-09 International Business Machines Corporation Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization
IL113259A (en) * 1995-04-05 2001-03-19 Diversinet Corp Apparatus and method for safe communication handshake and data transfer
US5623545A (en) * 1995-08-31 1997-04-22 National Semiconductor Corporation Automatic data generation for self-test of cryptographic hash algorithms in personal security devices
US5631960A (en) * 1995-08-31 1997-05-20 National Semiconductor Corporation Autotest of encryption algorithms in embedded secure encryption devices
CA2242777A1 (en) * 1996-01-10 1997-07-17 John Griffits A secure pay-as-you-use system for computer software

Also Published As

Publication number Publication date
WO1999014881A2 (en) 1999-03-25
EP1013026A2 (en) 2000-06-28
CA2303297A1 (en) 1999-03-25
CA2641215A1 (en) 1999-03-25
EP1013026A4 (en) 2004-09-08
AU1060999A (en) 1999-04-05
CA2303297C (en) 2008-11-25
CA2641215C (en) 2010-05-25
WO1999014881A3 (en) 1999-07-22
CA2634812C (en) 2010-03-30

Similar Documents

Publication Publication Date Title
CA2634812A1 (en) Cryptographic co-processor
US8213612B2 (en) Secure software download
US6061449A (en) Secure processor with external memory using block chaining and block re-ordering
US7903813B2 (en) Stream cipher encryption application accelerator and methods thereof
JP3747520B2 (en) Information processing apparatus and information processing method
EP1440535B1 (en) Memory encrytion system and method
US6708273B1 (en) Apparatus and method for implementing IPSEC transforms within an integrated circuit
JP4703791B2 (en) Data re-encryption apparatus and method
JP2509790B2 (en) A computer network that changes the host-to-host encryption key.
CN107924448A (en) The one-way cipher art that hardware is implemented
US6189095B1 (en) Symmetric block cipher using multiple stages with modified type-1 and type-3 feistel networks
EP1855476A2 (en) System and method for trusted data processing
JP2003122442A (en) Wireless data communications method and apparatus for software download system
EP2290871A2 (en) Encryption method and apparatus using composition of ciphers
US7362863B2 (en) DES hardware throughput for short operations
AU743775B2 (en) An apparatus for providing a secure processing environment
CN112035860A (en) File encryption method, terminal, device, equipment and medium
CN110138557A (en) Data processing equipment and data processing method
CN110138556A (en) Data processing equipment and data processing method
KR20060110383A (en) Multi-mode ciphering apparatus for network security processor
KR100546777B1 (en) Apparatus and method for SEED Encryption/Decryption, and F function processor therefor
JPS6229333A (en) System for setting ciphering key
JP2004341775A (en) Data transfer method and data transfer system
WO2000019322A1 (en) Method and apparatus for controlling access to confidential data

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20150916