EP1016310A1 - Systeme cryptographique pour systeme public de communications en mode de transfert asynchrone (atm)/mode de transmission en reseau optique synchrone (sonet) avec recherche de circuit virtuel et chiffrement et dechiffrement de donnees pipeline - Google Patents
Systeme cryptographique pour systeme public de communications en mode de transfert asynchrone (atm)/mode de transmission en reseau optique synchrone (sonet) avec recherche de circuit virtuel et chiffrement et dechiffrement de donnees pipelineInfo
- Publication number
- EP1016310A1 EP1016310A1 EP98950622A EP98950622A EP1016310A1 EP 1016310 A1 EP1016310 A1 EP 1016310A1 EP 98950622 A EP98950622 A EP 98950622A EP 98950622 A EP98950622 A EP 98950622A EP 1016310 A1 EP1016310 A1 EP 1016310A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- virtual circuit
- cryptographic
- atm
- encryption
- payload
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/04—Selecting arrangements for multiplex systems for time-division multiplexing
- H04Q11/0428—Integrated services digital network, i.e. systems for transmission of different types of digitised signals, e.g. speech, data, telecentral, television signals
- H04Q11/0478—Provisions for broadband connections
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
- H04L12/56—Packet switching systems
- H04L12/5601—Transfer mode dependent, e.g. ATM
- H04L2012/5672—Multiplexing, e.g. coding, scrambling
- H04L2012/5673—Coding or scrambling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
- H04L12/56—Packet switching systems
- H04L12/5601—Transfer mode dependent, e.g. ATM
- H04L2012/5687—Security aspects
Definitions
- the present invention relates to the field of cryptographic communication. More particularly, the present mvention relates to methods and apparatus for transparent security on cell bused switched networks such as Asynchronous Transfer Mode (ATM) carried on a digital public switched telephone network.
- ATM Asynchronous Transfer Mode
- Information transmitted by business, individuals and institutions over public, local, and wide area networks often represents valuable confidential information, such as trade secret data, patentable inventions or copyrightable software.
- Information transmitted over a non-secure network can be intercepted by third parties and be the subject of theft or tampering. It is desirable to provide a security system to encrypt such information as a precaution against third party access
- a non-secure communication system may have a security system overlay
- analog audio scrambling devices which attach to a telephone connection at each end, are available for scrambling telephone conversations over standard telephone systems.
- Encryption systems for data are also known, such as those used to encrypt satellite transmitted data.
- a typical secu ⁇ ty system comprises a pair of cryptographic units and a management system, which includes a key management system for exchanging cryptographic keys between a pair of cryptographic units.
- Each cryptographic (crypto) unit is located between a secure host or local area network and the non-secure public network.
- a calling party is coupled through a first cryptographic unit (crypto unit) to the non- secure network.
- a second crypto unit is placed at the far end between the non-secure network and the called party.
- the first and second crypto units encrypt information before transmission over the non-secure network and decrypt information after reception from the non-secure network between the called and calling parties.
- a cryptographic overlay provides secure communications between the calling and called parties over a non-
- Public networks use several types of standard forms of signaling protocol.
- voice, video and data traffic are transmitted using industry standard asynchronous transfer mode (ATM) and synchronous optical network (SONET) protocols.
- ATM asynchronous transfer mode
- SONET synchronous optical network
- Public wide area networks are now available using standard communications protocols provided by common earners, such as the local telephone companies.
- Favorable pnces for such standardized public communication services are due to the economy of scale resulting from extremely large numbers of connections and high levels of traffic.
- a private wide area network is not inherently any more secure than a public network because the private network provided by the telephone companies merely ensures that no one else is sharing the private resource.
- the use of a private network does not prevent wiretapping (either authorized or unauthorized) any more than a public network because a private network is still accessible to an attacker.
- wiretapping either authorized or unauthorized
- one of the consequences of the emerging ATM network technology standards is that the price-performance ratio of standardized commercial service providers using ATM/SONET technology is more cost effective compared with private wide area networks.
- a pair of crypto units are placed at the respective near and far boundaries of a public ATM/SONET system between the untrusted public network and a pair of secure hosts or private LANs.
- the crypto unit replaces the cleartext transmitted packets with encrypted text, decrypts the received encrypted packets, and manages all keys between sender and receiver so that the crypto units are transparent to the users.
- Encrypting data packets makes communication over the public networks more secure against unauthorized access to information by a hostile third party.
- a virtual circuit (VC) is an apparent connection through the public network, which gives the impression to the user of a continuous end to end connection.
- the key agile cryptographic overlay system of the present invention is able to handle plural independent VCs between different senders and receivers, and unique cryptographic keys for each VC.
- Key update provides additional security by providing the means to change keys for a VC while it is active. Algorithm agility avoids the need for different types of crypto units by providing a plurality of encryption algorithms in one crypto unit.
- a VC number is passed along with each encrypted packet as cleartext in a header field from the transmitting side to the receiving side.
- the VC number is assigned as part of the link level protocol in the ATM system.
- the VC number at the transmitting side is the same VC number from one ATM cell to the next ATM cell corresponding to the same virtual circuit.
- the VC number is the same from one ATM cell to the next ATM cell corresponding to the same virtual circuit.
- the VC number at the transmitting side is, in the general case, not the same as the VC number at the receiving side.
- a pair of VC numbers is associated with each virtual circuit, and the pair of VC numbers does not change for the duration of a given virtual circuit connection.
- cryptographic state information is stored corresponding to a given virtual circuit.
- the cryptographic state information includes keys and initial vectors, which allows the crypto unit to pick up the encryption/decryption process where it left off since the reception of the last received/transmitted packet for the same virtual circuit.
- cryptographic state information is retrieved from memory and used to encrypt an outgoing ATM cell payload.
- the same cryptographic information is retrieved from memory and used to decrypt the incoming ATM cell payload.
- a single crypto unit has the cryptographic agility to handle a large number of multiple virtual circuits, with limited lifetime keys, using either single DES or triple DES.
- Plural virtual circuits, each with distinct cryptographic state information, are processed m real time.
- a VC lookup circuit retrieves the previously saved cryptographic state information relating to the current ATM packet.
- the retrieved cryptographic state information is used to prepare an encryption/decryption engine to process the next packet.
- the incoming ATM data packet contains a VC number representing the virtual circuit to which it belongs.
- the task of the VC lookup circuit is to retrieve the cryptographic state information from memory corresponding to the VC number of the incoming ATM data packet.
- Implementing a VC lookup circuit is a problem. On one hand, if the system provides for only a small number of VCs, a VC lookup circuit can readily be implemented, even entirely in software. However, providing for only a small number of possible virtual circuits limits the capacity of the network to support traffic growth.
- the cryptographic state information for the 65,535 possible virtual circuits is stored m a 28 bit memory address space.
- the address range of 2 28 is greater than 256 million addresses.
- the VC lookup implementation attempts to find the specific cryptographic state information associated with one of 65536 supported VCs given the VC number space is 256 million possible values.
- the available time interval to find the cryptographic state information associated with a packet is based on the speed of packet framing, or 2.8 microseconds in the case of ATM/SONET at OC-3c rates. In such case, the VC lookup circuit completes its search 2.8 microseconds or less including the time to use the cryptographic state information to place the crypto unit in a condition to receive the next ATM data packet.
- a special binary search method is implemented.
- an ordered list of active virtual circuits is created and stored in a small, fast static RAM memory.
- the VC list is stored in order of VC number.
- the ordered VC list requires reordering and updating of the list whenever a new VC is opened.
- To lookup a VC the list in RAM memory is accessed at the midpoint, and the contents compared to the incoming VC. The address at the midpoint of the RAM memory is presented to the RAM memory; the output is the VC number at that address. If the VC returned by the RAM memory is greater than the VC of the received cell, the next address presented to the RAM memory is at the 1/4 position in the RAM memory.
- the next address presented to the RAM memory is at the 3/4 position.
- the search cycles 16 times, where for each cycle the VC returned by the RAM memory is compared against the VC of the received cell, and the address presented to the RAM memory is adjusted up or down by 1/2 the remaining unsearched address space.
- the search of the ordered list is completed in 16 cycles for 65,536 (65K) active VCs. If the cell has an entry in the VC lookup table, an index (address) to the state is returned. The retrieved index is used to get the cryptographic state information from an exact position in a larger DRAM memory space.
- the cryptographic state information provides cryptographic keys and initialization information for the DES processing engine.
- the available time interval for the DES processing engine to encrypt or decrypt an ATM data packet, in time to be ready for the upcoming ATM data packet is based on the speed of packet framing, or 2.8 microseconds for OC- 3c. In such case, it is desirable that the DES complete its encryption or decryption in 2.8 microseconds or less, including the time to place the DES processing engine in a condition to receive the next ATM data packet.
- GaAs gallium arsenide
- the cryptographic unit of the present invention uses slower, less expensive DES chips in a pipelined (data flow) DES engine with multiple FIFOs.
- the pipelined DES architecture permits the use of slower DES chips, which are less expensive to buy and to use m a DES processing engine.
- a plurality of pipelined tnple DES circuits and a plurality of FIFOs are used to store and process incoming ATM data packets in a round robm fashion.
- Each FIFO and pipelined DES circuit works in parallel to complete tnple DES encryption or decryption in a multiple of ATM packet frames.
- the parallel arrangement of the present invention allows slower DES chips to perform DES encryption or decryption at an aggregate speed fast enough to keep up with the speed of the incoming ATM cells.
- Figure 1 is a block diagram of a communication system utilizing a cryptographic unit in accordance with the present invention.
- Figure 2 is a block diagram of a cryptographic unit in accordance with the present mvention.
- Figure 3 is a block diagram illustrating the interface of the present mvention to the public switched network.
- FIG. 4 is a block diagram of a virtual circuit (VC) lookup apparatus in accordance with the present mvention.
- Figure 5 is a flow chart of a VC lookup method in accordance with the present invention
- Figure 6 is a block diagram illustrating Counter Mode used in conjunction with the present invention.
- Figure 7 is a block diagram of the state memory circuit on the encryption side m accordance with the present invention.
- Figure 8 is a block diagram of a pipelined triple DES circuit in accordance with the present mvention.
- Figure 9 is a timing diagram illustrating the staggered timing of data and key loads for the pipelined tnple DES circuit of Figure 8.
- Figure 10 is a block diagram overview of crypto unit using two pipelined tnple DES circuits.
- Figure 11 is an embodiment of the encryption controller, 706, 718 of figure 8 configured to use a pipelined tnple DES encryption/decryption engine with either Electronic Code Book (ECB) or Counter Mode.
- EBC Electronic Code Book
- Figure 12 is a timing diagram illustrating the data input output for the triple DES encryption circuit of Figure 11.
- the present security system provides protection at the boundary between each of the distnaded components of a secure network and the non-secure network.
- Figure 1 shows a network 22 with the present security system overlay 21 implementing security at a plurality of endpomts. As equipment is added to the system to create a new endpomt, additional equipment is added at the endpomt as a secunty mechanism to secure the new endpomt of the expanded network.
- Hosts 10, 28, are devices which serve as the endpomts of ATM connections. Hosts are usually computers, though the architecture of the security system or crypto unit supports the attachment of other kinds of ATM devices.
- Secure hosts 10, 28, as well as secure private LAN 26 and secure ATM terminal 14 are the entities for which security services are provided by crypto units 14, 24, and 16 respectively.
- Non-secure hosts 18 are those devices that exist outside the domain of the security system.
- the security system in conjunction with a certificate authority 20, will enforce access control for host communication across the untrusted network 22.
- Connection establishment requests from a host are intercepted and interpreted, and the requested connection checked against an access control list. If the requested connection is allowed, then the connection establishment message is passed on to the network. Otherwise, the message is dropped and a reply sent to the host indicating the connection could not be established.
- a similar action takes place when a party is added to an existing point-to-multrpomt connection.
- the secunty management system holds secunty policy information such as access control lists and conducts audit functions.
- the managers of the secunty system develop various rules about which hosts may access other hosts and resources. Information about access control is contained in the management system and is distnubbed to the crypto units 16, 14, 24 for enforcement.
- a connection release request is received, the resources associated with the call that are reserved m the secunty system are released at the same time that the channel is released.
- Management functions include monitoring system status and performance, modifications to security policy parameters and access control data, and downloading and statistically analyzing audit data.
- Management functions include monitoring system status and performance, modifications to security policy parameters and access control data, and downloading and statistically analyzing audit data.
- For small groups of crypto units managed by a single organization or company it may be possible to undertake these system management functions locally.
- system structure is provided to remotely perform these functions over the network in a secure manner that does not result in opportunities for system compromise.
- Key management is a critical cryptographic function. Key management functions include generation and distribution of keys. The primary responsibility for key management is distributed to the crypto units. Security policy provides for a unique key for each connection and limited key lifetimes. Consequently, a unique key is negotiated for each secure point-to-point or point-to- multipoint session over the untrusted network. The system design supports policy based setting of key lifetimes, which may be shorter than the holding time of at least some connections, resulting in dynamic key updates during established sessions. CRYPTO UNIT
- a crypto unit is a device that serves as the interface between a trusted ATM host or network and an untrusted ATM network.
- a prime system objective is that crypto units are transparent enough to be merely minor delays in most situations.
- Crypto units provide the mechanism for intercepting connection management messages and taking actions based on the message contents, the originating host, the destination host, and the security policy. Once a connection is established, data is passed between end hosts by way of one or more crypto units. In accordance with security policy guidelines, data within a given connection may or may not be encrypted for privacy during transit of the untrusted network. For secure calls, a crypto unit at the destination will receive and decrypt the data and pass the plain text data on to the destination.
- a crypto unit also is capable of proving its identity to other system elements. To establish its identity, each crypto unit has a crypto unique ID value established in a registration process. Registration is performed in a trusted environment and results in a public key certificate that establishes an association between the crypto ID and its public key. Additionally, for secure key management communications crypto units will need the capability to send and receive messages encoded under another cryptographic method. Communication between crypto for key management uses a small bandwidth, and a more computationally intensive algorithm.
- the crypto unit is placed between a trusted (private) network and untrusted (public) networks.
- the crypto unit is transparent to the user.
- Hardware latency for encryption and decryption of cells is less than 20 ⁇ s.
- the security system operates in the following sequence: 1.) When a user requests a virtual circuit, the system crypto unit intercepts the call processing signaling messages from the user. 2.) The security system then sets up a virtual circuit (VC) between encryption units. This setup involves both network setup and the exchange of keys between crypto units. Once the virtual circuit is setup between crypto units, it is extended to the end-user.
- VC virtual circuit
- the security system accepts ATM cells for the virtual circuit.
- the payload of each cell is encrypted using triple DES and a unique key (session key) for this VC.
- the payload of the ATM cell is 48 bytes, divided into 6 blocks, each having 64 bits (8 bytes) per block.
- the cell payload of the VC is decrypted and clear-text data is passed to the destination.
- the security system allows the session key to be changed at any time.
- Each security system handles in hardware the encryption requirements for up to 65,535 unique virtual circuits, with each virtual circuit having a unique encryption key.
- the security system uses triple DES encryption techniques for encrypting the data (112-bit key encryption on 64-bit blocks) .
- the system supports triple DES Electronic Code Book Encryption (ECB) and ATM Forum specified Counter.
- EBC Electronic Code Book Encryption
- the hardware on the crypto unit board allows the system to intercept or generate signaling messages and crypto-to-crypto messages.
- FIG. 2 illustrates the operation and data flow of the ATM crypto unit.
- the SONET OC-3c ATM interface 200, 238 receives ATM traffic on OC-3c SONET links.
- the interface on the trusted side 201 may be multimode fiber or single mode fiber while the interface on the untrusted side 239 will usually be single mode fiber (but it can be multimode).
- this circuit performs SONET clock recovery, performs line, section, and path overhead processing, and extracts the ATM cells from the SONET payload.
- ATM cells received on the trusted side 201 are passed to a VC lookup table 202.
- the VC lookup circuit compares the virtual circuit identifier (VCI) of each cell with the list of active VCs, using all 28-bits of VPI/VCI address space for the search.
- VCI virtual circuit identifier
- the output of the VC lookup table 202 is an index and a set of flags associated with that VC.
- the index indicates which of the 65,535 active virtual circuits corresponds to the received cell.
- the flags indicate if the cell is to be passed to the crypto host via the receive FIFO or sent to the encryption circuit. Other flag information includes type of encryption, valid index, and clear text. If a cell arrives whose VC is not in the list of active virtual circuits, the cell is discarded.
- the VC lookup table 202 uses a binary search technique to improve processing time. There is a time constraint that each encrypted ATM cell must be processed before the next ATM cell arrives. Accordingly, techniques to speed up operation are important.
- the binary search technique for VC lookup is discussed further m conjunction with figures 4 and 5.
- Signaling messages and crypto-to-crypto messages are intercepted after the VC lookup table circuit and passed to the host via the receive FIFO 204. All active virtual circuits are passed to the cell multiplexer 206. For simplicity of design, all received virtual circuit information is treated alike; non-active virtual circuits are discarded later.
- the receive FIFO 204 is 4Kbytes deep and is accessed by the host. The host can also insert data into the traffic stream by wntmg data to the transmit FIFO 205 (which is also 4Kbytes deep).
- An ATM cell multiplexer 206 will pass all active virtual circuits When an idle (or unassigned or non-active VC) cell is received, the cell multiplexer 206 may insert a cell from the transmit FIFO 205.
- the encryption circuit 210 uses the index associated with the VC to access a state memory table 216.
- the state memory table 216 contains the encryption keys for that VC, State Vector for Counter Mode and some dynamic flags. The keys for that VC are loaded into the triple DES circuit 210.
- the cryptographic state information retrieved from memory table 216 allows the crypto unit to pick up the encryption/decryption process where it left off since the reception of the last received/transmitted packet for the same virtual circuit. All dynamic information (data that changes on a per cell basis) is held m the state memory table. All static information (data that changes only when a VC is setup or taken down) is held as part of the VC lookup table.
- the triple DES encryption circuit 210 performs three different types of encryption based on flags retrieved from the VC lookup circuit 202: 1) No encryption - data passed as clear text; 2) Electronic code book; and 3) Counter Mode.
- VCs using Counter Mode require periodic synchronization.
- synchronization is used as a means of restonng crypto units to known states of operation. The required rates of synchronization events are related to transmission efficiency.
- the encryption circuit 210 passes the ATM cell header transparently and encrypts the payload of the ATM cell. Since each VC has a different key, the keys are loaded dynamically into the triple DES circuit 210. Each cell time, the key (if single DES) or keys (if tnple DES) for the next cell are loaded into the tnple DES circuit prior to the arnval of the cell data.
- the tnple DES circuit 210 is pipelined to allow the use of slower, less expensive DES chips. The pipelined DES encryptor (or decryptor) is discussed in further detail in conjunction with Figures 9-12.
- the encrypted data is then passed to a second FIFO/multiplexer circuit 218, 219, 212.
- This circuit allows encrypted cells to be extracted and passed to the host. This feature allows the board to do small amounts of hardware accelerated encryption for the host.
- the transmit FIFO allows the host to insert cells into the outgoing data stream.
- the SONET ATM interface 214 on the public side 239 transmits the ATM cells over SONET at OC-3c rates over single-mode or multimode fiber.
- the decrypt circuit (220 through 238) is nearly identical to the transmit circuit with the exception that the triple DES circuit 226 is set for VCs using ECB. Crypto-to-crypto messages are received either before or after the decryption using receive FIFOs 234, 222.
- Call setup messages back to the user are transmitted by writing the data to the transmit FIFO 223 on the trusted side of the decryptor.
- the decrypt circuit 226 allows hardware acceleration of decryption using the transmit FIFO 235 and cell multiplexer 232 on the cipher text side 239 of the decryptor 226 and the receive FIFO 222 on the clear text side 201.
- FIG. 3 illustrates the operation and data flow of the ATM crypto unit.
- the untrusted side 302, 303, 304, 306 network interface is 155.08Mbps single mode fiber (which can be alternatively configured as multimode fiber).
- the trusted side 308, 310, 312, 314 network interface is 155.08Mbps multimode or single mode fiber.
- the receive side of the SONET interface performs opto-electronic conversion, clock recovery, SONET framing and cell formatting.
- the transmit side of the SONET interface formats cells into SONET frames, and performs opto-electronic conversion.
- the opto-electronic receivers 302, 308 and transmitter 303, 310 circuits receive and transmit data as differential PECL signals.
- the HPCDX1155B transceiver module is used, for multimode fiber the HFBR-5205T transceiver module is used, both available from Hewlett Packard Company, Palo Alto, California.
- These modules are pin-for-pin compatible and fit in the industry standard 1X9 form factor, allowing flexible use with either the single mode transceiver or the multimode transceiver.
- the clock recovery circuit 304, 312 is the Cypress CY7B951 clock recovery circuit. This device recovers clock from the received data and outputs the clock and data to the ATM interface chip.
- the ATM interface circuit 306, 314 consists of the PM5345 SUM SATURN Interface device from PMC-Sierra of Vancouver, British Columbia, Canada, which implements the SONET processing and ATM mapping functions for 155 Mbps ATM networks.
- the SUNI device has an 8- bit processor interface that is accessible to the host via the host interface circuit.
- the receive ATM interface internal to device 306, 314 consists of an ATM cell FIFO.
- the internal ATM FIFO provides a cell present signal.
- the interface to the SUNI formats the ATM cell into a 64 byte cell by pre-padding the cell with an 11-byte crypto unit header.
- the crypto unit formatting circuit extracts the cell on a 23 MHz system clock. This clock is slightly faster than the cell rate for a full OC-3c synchronous payload envelope (including SONET frame slippage). This means that periodically the cell FIFO will be empty.
- the crypto unit interface When the cell FIFO is empty, the crypto unit interface inserts an unassigned cell into the cell stream.
- the crypto unit formatting circuit removes the 11 -byte crypto unit header, checks if the cell is valid (described below), and if so, inserts the cell into the transmit side
- This interface is a FIFO, so cell data is written into the FIFO on a 23MHz clock.
- the device If an invalid cell is present, it is discarded prior to insertion into the data stream. If the ATM FIFO on the SUNI is empty, the device inserts an IDLE cell into the outgoing data stream.
- the transmit side timing for both the trusted and untrusted side may be slaved to the receive side timing on the untrusted side of the network to ensure proper distribution of SONET clock timing.
- the crypto unit is plugged into the untrusted (public) network.
- the cryptographic system is compnsed of custom cell encryption hardware (a crypto unit) and key management software, both operating within an embedded computer.
- the embedded computer is a Sun SS20 or Sun Ultra 140, running Solans 2.5.1 or higher.
- the encryption system supports ATM cells over SONET at OC-3c rates, and is adaptable to support ATM over T3 and Tl interfaces. Each crypto unit supports full duplex encryption.
- each crypto unit In order to operate at ATM/SONET speeds, each crypto unit must store the ATM cell, look up cryptographic state information for the VC, and initialize a DES encryptor (for transmit) or a DES decryptor (for receive) to be ready for active use before the cell payload arnves. At the same time, while processing an ATM cell, triple DES encryption and tnple DES decryption is performed at the same time.
- the crypto unit supports up to 65,535 simultaneous virtual circuits.
- the VC lookup circuit
- FIG. 4 is a block diagram of a VC lookup circuit. Consecutive ATM cells arrive every 2.8 microseconds for OC-3c rates (705 nanoseconds for OC-12c rates). The cell is buffered m a memory (416 of figure 4), while the header which contains the VC number is copied into a comparator circuit 402. The function of the VC lookup circuit is to find an index corresponding to the VC number. The index is a pointer to a memory location in DRAM that contains the state of the encryption or decryption process since the last cell corresponding to the same VC.
- the problem in retrieving the index arises because the VC space for ATM cells is very large (namely 2 28 or 268,435,456 entries). It is necessary to find the state data associated with each VC in a small amount of time (less than 2.8 microseconds for OC-3c and less than 705 nanoseconds for OC-12c).
- the present VC lookup arrangement supports a very large number of active concurrent VCs (65,536).
- the VC lookup arrangement is scaleable to support substantially more VCs, wherein support for more VCs does not require a substantial increment in the time to search for the state data, or impose any limits to the size of the search space.
- Solutions to the VC lookup problem include content addressable memories (CAM), or a restriction on the VC space, or both.
- Current technology in CAMs limits the number of active VCs for use in a CAM to less than 4096 active circuits.
- a transparent security device cannot restrict the VC space and remain transparent.
- Yet another solution is an exhaustive linear search, which is unacceptably slow and does not scale well.
- a third approach is a complete lookup table of 2 28 possible entries.
- the preferred solution in the present invention is to prepare an ordered list of VCs in advance, and use a binary search to traverse the previously ordered list of VCs. The following steps are performed by the hardware each cell time (2.8 microseconds for OC-3c). 1.) The hardware receives the ATM cell and stores the VC of that cell. 2.) The address at the midpoint of the RAM is presented to the RAM; the output is the VC number at that address.
- the next address presented to the RAM is at the 1/4 position in the RAM. If the VC returned by the RAM is less than or equal to the VC of the received cell, the next address presented to the RAM is at the 3/4 position. 4.) The search cycles 16 times where each cycle the VC returned by the RAM is compared against the VC of the received cell, and the address presented to the RAM is adjusted up or down by 1/2 the remaining unsearched address space.
- the search is complete in 16 cycles for 65,535 active VCs.
- the search cycle may be truncated by exiting after detecting equality between the VC of the received cell and the VC returned by the RAM memory.
- the search logic is simplified by using a regular 16 cycle search regardless of whether equality is detected during one of the 16 cycles of the search. If the cell has an entry in the VC lookup table, the index to the state is returned. The retrieved index is used to get the cryptographic state information from an exact position in a larger DRAM memory. If the cell is not present in the VC lookup table, a NULL index is returned. Cells with NULL indexes do not have state information available in the larger DRAM memory. NULL cells are eventually discarded by the SONET OC-3c ATM transmit I/F circuit (214/220 in figure 2).
- FIG. 4 A block diagram of the VC lookup circuit is shown in figures 4 and 5.
- the index is stored in static RAM, 408 or 410 in the form of an ordered list.
- the list is m the order of the VC numbers.
- the VC lookup circuit performs a binary search of VCs stored in the ordered list.
- Figure 4 has two static RAMs 408 and 410.
- One RAM is used as the active RAM.
- a new ordered list is generated to account for the new index number assignment
- the new ordered list is stored m the other RAM.
- the RAMs are swapped in response to an input signal on control line 413, which operates multiplexers 404, 406, 412 and 414 to switch either Ram 408 or RAM 410 as the active RAM.
- the input VC from the cell header is one input to comparator 402.
- the other input is the VC stored m the selected one of the static RAMs 408 or 410.
- a binary search of 65,535 entries m the table stored in RAM memories 408 or 410 takes a maximum of 16 operations of three 44 nanosecond clock cycles each (48 clock cycles). Once a match is achieved, the 16-bit index associated with the VC, along with some flags, is placed in the header of the ATM cell.
- the address used to start the binary search cycle is 0x8000.
- the next cycle of the address presented to the RAM is either OxCOOO or 0x4000.
- the third cycle the address is any one of OxEOOO, OxAOOO, 0x6000, or 0x2000, and so on until after 16 cycles, every possible memory location will have been checked.
- the process is illustrated in block form m figure 5.
- the received VC is stored in a register 510.
- the stored VC in the fast RAM 516 is compared to the received VC m register 510 m comparator 512.
- a next address is calculated 514, and so on for 16 cycles.
- the full 16 cycle search is carried out, even if the stored VC in RAM 516 at any address is equal 515 to the received VC in register 510. Instead of terminating the search, equality is determined after all 16 cycles, simplifying the design of the VC lookup search logic.
- the host regenerates the entire list to reflect the new order resulting from the addition or deletion.
- the ordered list of active VCs is duplicated in two memones .
- One list available to the host in memory 408 or 410 and the duplicate list is available in memory 410 or 408, for binary searches.
- Control line 413 operates multiplexers 404, 406, 412 and 414 so as to select one of RAM 408 or 410 for active use m binary searches (vial multiplexer 414) and the other for host access to reorder the stored list (via multiplexer 412).
- the index is an arbitrary (non-zero) 16-bit value that is used to reference the key and state data in the DRAM memory. Index zero is not used for an active VC.
- the index zero is reserved for operation on invalid cells.
- the flags indicate the following information:
- OAM cells Operation, Administrative and Maintenance
- OAM cells Prior to encryption/decryption. If this bit is set, then OAM cells are extracted from the data stream and sent to the host prior to passing through the encryption circuit.
- Extract all cells after encryption/decryption This bit is set if the cell is to be extracted from the data stream and sent to the host after passing through the encryption circuit.
- Counter Mode This bit is set if the encryption method is Counter Mode and is clear if the encryption method is Electronic Code Book or clear text.
- AAL type For Counter Mode, the encryption process is slightly different for AAL1 and
- AAL3/4, and AAL5. The following table illustrates the use of these bits.
- AAL5 11 9 CBC: Cipher Block Chaining, reserved for future use.
- Receive 204, 219, 222, 234 and transmit 205, 218, 223, 235 FIFOs and cell multiplexer circuits are provided on both sides of the encryption/decryption circuit.
- the purpose of the circuits is to extract cells from the ATM stream passing them to the host via a FIFO, and to insert ATM cells into the stream, from the host via a FIFO.
- the receive FIFO is 4Kbytes deep. When a cell arrives with the "Extract VC" flag bit set, the 64-byte cell is written into the receive FIFO. Downstream from the receive FIFO is the cell multiplexer circuit. If a cell has been extracted, the multiplexer circuit will change the valid bit to invalid and change the index to the invalid index.
- the cell multiplexer circuit will wait until a cell arrives with an invalid flag bit set and overwrite that cell with the first cell in the transmit FIFO. It is in this circuit that the crypto unit takes advantage of the fact that the internal cell stream is slightly faster than the cell stream on the ATM link. Thus even if the link is fully occupied, the host can still insert cells into the data stream prior to encryption/decryption and then extract them after encryption/decryption. The higher internal clock allows hardware acceleration of data encryption functions necessary for crypto-to- crypto communication. If the host attempts to insert data for transmission into a completely full ATM stream, the SUNI may discard a cell at random. The total bandwidth available in excess of the ATM data stream is about 2.1Mbps.
- the Counter Mode State Vector is a 64 bit non-repeating initial vector (IV) used in Counter Mode to create the key stream.
- IV initial vector
- the cell count is a 32 bit count of the number of cells that have passed through the encryption/decryption circuit associated the current VC. The cell count value is incremented for each cell of this VC.
- Active key bank flag Indicates whether the active keys or the alternate keys are to be used for encryption. This key is changed whenever a change occurs in the bank field of any Changeover Cells. (SKC cells are special OAM cells used to synchronize Counter Mode and change key banks.) 5.) Two alternate DES keys, for triple DES. The alternate DES keys replace the active keys when a new key event occurs.
- the State Memory circuit buffers the cell and extracts the index (derived in the VC lookup circuit). The index is used as the address to the state memory.
- the state memory circuit from the memory the DES keys, Counter Mode State Vector, cell count and flags as follows: Description Size (bytes)
- Figure 7 illustrates the operation of the state memory circuit on the encryption side.
- the state memory circuit buffers 502 the input cell and using the VC lookup technique described with regard to figures 4 and 5 above, extracts the index 512.
- the index 512 is used as the address to the state memory 514.
- the state memory circuit reads from the state DRAM memory 514 the DES keys (active and standby), the Counter Mode State Vector, a cell count (number of cells for this VC) and flags.
- the Counter Mode State Vector is updated 520, the cell count is incremented 522 and, if a new key event occurs, the flags are updated.
- the Counter Mode State Vector, keys for encryption, flags (the formatted key data 518) and the ATM cell data 502 are then multiplexed together and alternately stored in one of two FIFOs 508, 510 which go to independent triple DES circuits.
- the output of the cell data buffer 502 which is alternately loaded into FIFO A cell data (508 in figure 7) or FIFO B cell data (510 in figure 7) goes to the pipelined triple DES circuit shown in figure 8.
- FIFO A, 508, and FIFO B, 510, in figure 7 are represented in figure 8 as IN FIFO A, 702 and IN FIFO B, 704, respectively.
- data from the re-formatter circuit 518 is alternately loaded into the two FIFOs 508, 510.
- the first cell goes into FLFO A, the second cell into FIFO B, the third cell into FIFO A, the fourth cell into FIFO B, etc.
- the pipelined DES circuit is discussed further in conjunction with figures 10 and 12 below.
- the heart of the encryption system is the triple DES processing engine.
- the chip used in the triple DES processing engine is the VM009B DES Data Ciphering processor from VLSI Corporation. There are other chips both experimental and commercially available that do encryption.
- the disadvantage of the VM009B DES chip is that the maximum data rate is a little more than 1/2 the OC-3c cell rate.
- processor pipelining speeds up a calculation by using multiple processing processors in series. The result from one processing processor is fed into the input of the next processing processor. Parallel processing speeds up calculations by duplicating whole processing pipelines where each processing pipeline works on different data.
- the parallel and serial arrangement of DES chips is determined by the specific process of the encryption engine, the resulting processor pipeline latency and the ATM cell rate.
- the time to do an encryption process is determined by the processor pipeline latency (i.e., the time between when data enters the first processing engine until the time the results leave the last processing engine).
- the number of pipelines is determined by the speed of the individual encryption chip. For the OC-3c rate and using triple DES encryption, the individual encryption chip could accept at half the line rate. Therefore, two pipelines were required.
- the data is partitioned across two banks of devices. To do triple DES encryption, three devices per bank are needed.
- Each crypto unit requires 12 VM009B DES chips to do bi-directional full speed triple DES, ECB or encryption.
- 8 encryption pipelines using three DES chips are required.
- the encryption delay is one element of system latency.
- the overall latency is 17 microseconds accounted for as follows:
- FIG. 8 is a block diagram of the triple DES encryption/decryption circuit.
- the cell data to be encrypted or decrypted is loaded alternately into FIFO A (702) and FIFO B (704).
- One parallel arm of the triple DES pipeline circuit comprises 3 DES chips, 708, 710, 712 in series, an encryption controller 706, and an output FIFO A (714) .
- a second parallel arm of the triple DES pipeline circuit comprises 3 DES chips, 720, 722, 723 in series, an encryption controller 718, and an output FIFO B (716).
- the encryption controllers 706, 718 are implemented as state machines. After a complete cell is stored in one of the input FIFOs 702, 704, the respective encryption controller 706, 718 performs a series of pipeline loads into one or more of the DES chips and/or the output FIFO.
- the staggered timing (a processor pipeline) of data and key loads is illustrated in figure 9.
- the first of the triple DES keys (key 1) is loaded into device A (708 or 720). Thereafter, device A encrypts/decrypts block 1 (later followed by blocks 2 through 6 in succession). While block 1 is being encrypted/decrypted in device A, the second of the triple DES keys (key 2) is loaded in device B. While block 2 is being encrypted/decrypted in device B, the third of the triple DES keys (key 3) is loaded in device C. Then device C (712 or 723) completes the encryption/decryption of block 1.
- tnple DES encrypted/decrypted data cells are stored in the respective output FIFO (714 or 716).
- the crypto system header and ATM header Prior to the data being available on the output of the third device the crypto system header and ATM header is wntten into the output FIFO.
- the encryption circuitry In order to encrypt/decrypt a cell m the 5.6 ⁇ s window (two cell times) the encryption circuitry is run with a faster clock than is the rest of the crypto unit circuit. Most of the crypto unit circuitry runs on a 23MHz clock; however, the encryption circuit runs on a 33 MHz clock. There is a gap between block 6 and the next key. That gap is the small amount of "extra" time discussed above. At the above clock rate it takes about 5.55 ⁇ s for key and data to be processed by the first encryption chip.
- Figure 10 is a block diagram overview of the pipelined triple DES encryption/decryption circuit. Alternate cell data is directed to one of two parallel paths, either through one tnple DES pipeline 750 or the other parallel tnple DES pipeline 752.
- the encryption/decryption devices operate in senal, as descnbed above. However, all encryption/decryption devices also operate in parallel as well as serial. For example, while the second device is encrypting/decrypting block 1, the first device is encryptmg/decryptmg block 2.
- a single chip performs all three DES operations. That is, the output of the chip (the first encryption) is used as the input to the same chip to do the next DES operation (a decryption), and the output of the same chip is used to do the last DES operation (an encryption).
- a three stage DES pipeline uses three encryptor/decryptors, which concurrently operate on different stages of the encryption/decryption process within the same ATM cell, and on different stages of the encryption/decryption process between consecutive ATM cells simultaneously.
- Counter Mode for ATM cell encryption is an alternate approach to encryption that uses a method similar to the output feedback mode descnbed in Schneier, B., "Applied Cryptography” second edition, published by John Wiley & Son Inc., New York, NY 1996. Counter Mode is described in the Phase I ATM Security Specification Draft, ATM Forum, BTD-SECURITY-01.03, July 1997, as a proposed encryption standard for ATM.
- the advantage of Counter Mode over ECB is that it ensures that identical clear text will be encrypted as different cipher text.
- Counter Mode also has the advantage over CBC m that it can be parallelized such that it will run at a higher data rate than is currently available with CBC.
- Counter Mode has an advantage over both ECB and CBC in that one bit errors m the received cipher text only cause one bit errors in the clear text.
- a 1 bit error causes a 1 block, (i.e., 64 bit) error extension
- a 1 bit error causes a 2 block, (i.e., a 128 bit) error extension.
- the disadvantage of Counter Mode is that cell loss can result in loss of cryptographic synchronization (i.e., all remaining cells are garbled until resynchronized)
- Counter Mode works by generating a pseudo random pattern (called a key stream), and combining the clear text and the key stream in an exclusive OR operation.
- the key stream is generated by starting with a State Vector, and encrypting the State Vector using DES (single or triple) to form the key stream.
- DES single or triple
- the encryption/decryption keys are exchanged between the transmitting end and the receiving end as before.
- the key stream is independently generated using the encryption keys and State Vector.
- the clear text is regenerated by combining the received cipher text and the locally generated key stream m an exclusive OR operation.
- FIG. 6 is a block diagram illustrating Counter Mode.
- the Counter Mode process steps are: 1.) Generate a non-repeating clear-text pattern called a State Vector, 2.) Encrypt the State Vector (SV) with DES (single or triple) to create the key stream,
- SV State Vector
- DES single or triple
- the SV and Key are extracted from the State memory 652.
- the SV (not the cell) is encrypted using single or tnple DES in the encryption circuit 656.
- the SV is modified for each block using the segment number to ensure that each block has a different SV number (the cell is 6 DES blocks long).
- the SV is updated 650 and restored in the DRAM memory 652 so that the new SV will be available for the next ATM cell of the particular VC.
- the SV, ATM cell, and the encryption keys are sent to one of the encryption pipelines 656 where the SV value is encrypted.
- the updating of the SV ensures that each cell of a particular VC is combined with a unique SV.
- the series of SV values after being encrypted, form a unique pseudo-random number to XOR 658 with the clear text 654.
- the payload of each cell is exclusive ORed with the encrypted SV to produce the cipher text.
- the first byte is left in the clear.
- the first byte contains the sequence number which is used as part of the SV.
- the SV and Key are extracted from the State memory 662.
- the SV is updated 660 and restored in the State memory 662 so that a new SV will be available for the next cell of the particular VC .
- the SV, ATM cell, and the encryption Keys are sent to one of the encryption pipelines 664, where the SV value is then encrypted.
- DES encryption is used both for transmit and receive processes.
- the encrypted SV forms a unique pseudo-random number to XOR 666 with the received cipher text to reconstruct the clear text output.
- the SV used on the receive side must be the same as that used on the transmit side.
- the SV contains several fields: 1.) Jump number (35 bits) 2.) Sequence number (4 bits) 3.) Segment number (3 bits)
- the linear shift register is a 21 bit pseudo random sequence with 2 21 -1 values.
- the linear feedback shift register ensures that the SV for each cell is unique.
- the SV is modified by changing the linear feedback shift register by one position.
- the linear feedback shift register is updated one position for every cell.
- the linear feedback shift register is updated every time the sequence number cycles.
- the jump number is used to ensure re-sequencmg of SV values in the event of cell loss. In order to ensure synchronization, and to make sure the linear feedback shift register does not cycle (overflow), the jump number is incremented periodically.
- the linear feedback shift register resets to a known value when the jump number is incremented.
- the jump number is incremented when a SESSION KEY CHANGEOVER (SKC) cell is sent from the transmitter to the receiver, and also when the end of message is received for AAL5 packets.
- SSC SESSION KEY CHANGEOVER
- the I/R bit identifies the initiator (the calling party) or responder (the called party). The purpose of the I R bit is to ensure that a different SV is used for duplex connections which use the same encryption key for transmit and receive.
- the sequence number is extracted from the first byte of the ATM cell.
- AALl the sequence number cycles for 0 to 7; for AAL 3/4 the sequence cycle number cycles for 0 to 15. Since the LFSR is updated only when the sequence number in the ATM cell cycles, the use of the sequence number as part of the SV reduces the likelihood of loss of encryption synchronization in the event of cell loss for AALl and AAL3/4 type connections.
- a connection using AALl will require a burst loss of more than 7 cells before encryption sync is lost.
- AAL3/4 would require a burst loss of more than 15 cells.
- Figure 11 is a more detailed embodiment of the block diagram of a pipelined triple DES encryption/decryption engine of figure 8, configured to be used with either ECB or Counter Mode.
- Each pipeline comprises an input FIFO 1102, 1104, an encryption controller 1150, 1152, a bypass FIFO 1130, 1140, an output FIFO 1114, 1116, first, second and third DES chips 1108,
- Respective output FIFOs 1114, 1116 (which are analogous to 714 and 716 in figure 8) hold the output of each encryption pipeline.
- Each encryption controller further contains respective multiplexers 1134 or 1144 to select the appropriate output to respective output
- FIFOs 1114 or 1116 Since both pipeline A and pipeline B operate in a similar fashion, the operation of pipeline A is described below.
- the pipeline input 1103 is either key and State Vector data (for Counter Mode) or ATM cell data (for ECB mode).
- Three single DES chips 1108, 1110, and 1112 perform triple DES encryption decryption on either the State Vector (for Counter Mode) or on cell data (for ECB).
- the middle DES chip 1110 alone is used.
- the encryption controller 1150 contains a state machine that will do a series of pipeline loads into one or more of the DES chips 1108, 1110, 1112 and/or the output FIFO 1114 when it has a complete cell in the input FIFO 1102. In operation, there are three modes: clear text, Counter Mode and ECB mode.
- cell data bypasses the encryption pipeline in FIFO 1130, and is selected by multiplexer 1134 for output to FIFO A, 1114.
- cell data is coupled to the input of DES chip 1108 (for triple DES) or the input of DES chip 1110 (for single DES).
- key and State Vector data is coupled to the input of DES chip 1108 (triple DES) or to the input of DES chip 1110 (single DES).
- the encrypted SV is XORed 1132 with clear text (for encryption). In the case of decryption, the encrypted SV is XORed 1132 with cipher text.
- multiplexer 1134 selects the output DES chip 1112 to go to output FIFO A, 1114. Also for Counter Mode, multiplexer 1134 selects the output of exclusive OR circuit 1132 to go to output FIFO 1114, while for ECB mode, multiplexer 1134 selects the output of DES chip 1112 to go to output FIFO A, 1114.
- the output of each of the encryption/decryption circuits goes to the SONET transmit circuit where it is multiplexed together into a single stream.
- the two cipher (or clear) text data streams are multiplexed together by alternating between reading from OUT FIFO A, 1114 and OUT FIFO B, 1116.
- the encryption/decryption circuitry In order to encrypt/decrypt a single cell of data (6 DES blocks) in the 5.6 ⁇ s window (two cell times) the encryption/decryption circuitry is run faster than the rest of the security system. While most of the security system runs on a 23 MHz clock, the encryption/decryption circuitry is run on a 33 MHz clock. The faster clock provides about 468 ns per cell extra time.
- the timing of data through the encryption/decryption pipeline of figure 11 is shown in figure 12.
- the first key, key 1 is loaded into the first chip before the arrival of Block 1 of clear text.
- the encryption controller loads the second key, key 2, in the second chip.
- the encrypted output of the first chip is sent to the input of the second chip.
- the encryption controller loads the third key, key 3, into the third chip.
- the encrypted output of the second chip is fed into the input of the third chip.
- the DES chips are continuously processing data, so long as there are ATM cells to process.
- the first chip starts encrypting the next block of data from the next ATM cell as soon as it is ready to accept more inputs.
- the input 1210 to the first DES chip is the first DES key, key 1, followed by the 5 blocks of clear text from the ATM payload, Block 1 through Block 6.
- the output 1216 of the first DES chip is 5 blocks of singly ciphered text.
- the second DES key, key 2 is input to the second chip, followed by the output 1218 of the first DES chip.
- the output 1220 of the second DES chip is 5 blocks of doubly ciphered text.
- the third DES key, key 3, is input to the third chip, followed by the output 1222 of the second DES chip.
- the final output 1224 of the third DES chip is 5 blocks of triply ciphered text.
- the processing of the next cell 1214 begins before the processing of the current input cell 1210 is completed to form the output 1224 of the current cell.
- a single DES chip is capable of performing a sequential triple DES operation, by using the output of each DES operation as the input to the same chip for the next DES operation.
- three separate DES encryption/decryption devices are operated in a serial pipeline, with plural serial pipelines in parallel (750, 752 in figure 10).
- the encrypted output 1209 corresponding to the previous cell is followed by the encrypted output 1224 corresponding to the current cell 1210, which is followed by the encrypted output (not shown) corresponding to the next cell 1214.
- the triple DES process for 1 ATM cell requires 2 ATM cell times, or about 5.6 ⁇ s, the use of two pipelines in parallel brings the average processing time to within the time frame of a single ATM cell.
- the host interface consists of an 8 bit SBUS slave interface.
- the host interface breaks up the access into four 8-bit accesses before issuing an acknowledgment. While this slows down SBUS slave cycles slightly, it saves considerably in the size of data movement and the amount of hardware necessary for host access.
- An 8-bit internal interface and SBUS slave interface is adequate for the amount of data movement across the bus, i.e., for updating internal tables and registers and for reading and writing the data FIFO.
- the highest bandwidth demands are for the extraction and insertion FIFOs.
- the maximum data transfer rate between the extraction FIFO and the host is expected to be no more than 100K bits per second (assuming 100 connection attempts per second and Q.2931 messages).
- the maximum (realizable) data rate is about 4 MBytes/second using slave mode access. Therefore, there is plenty of bandwidth for data movement, without using a faster bus or DVMA access.
- This memory is a single port DRAM memory where access is scheduled. Reads and writes to this memory must occur only at certain times.
- the access mechanism is by means of a buffer register. To write into memory, the host writes the address and data to the buffer register. Then, during the scheduled times that host accesses are allowed, the data is written into the DRAM. Consecutive writes need to be separated by about 2 ⁇ s.
- the host performs two reads, the first is a dummy read where the address to be read is loaded into the buffer register, and then followed (about 1 ⁇ s later) by a second read. Once the scheduled host access time occurs for a read, the content of the memory location is loaded into the buffer register. On the second read, the content of the register is returned to the host.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
La présente invention concerne un système de communications qui utilise des unités cryptographiques d'émission et de réception assurant une sécurité transparente à des réseaux de communications numériques en mode de transfert asynchrone. Chaque unité cryptographique est placée entre le réseau hors sécurité et un hôte d'accès sûr ou un réseau local (LAN). L'unité cryptographique remplace le paquet en texte clair par un texte chiffré et gère toutes les clés entre l'émetteur et le récepteur de manière à être transparente à l'utilisateur. Plusieurs circuits virtuels, chacun comprenant des informations d'état cryptographique différentes, sont traités en temps réel. Le temps de traitement cryptographique d'un paquet est réduit en classant une liste de circuits virtuels actifs et en utilisant une recherche binaire pour rechercher les informations d'état cryptographique de chaque circuit virtuel. En outre, le triple chiffrement et déchiffrement d'une norme de chiffrement de données (DES) est mis en oeuvre dans une architecture de flux de données pipeline à l'aide de plusieurs mémoires FIFO (premier entré-premier sorti) afin d'assurer une agilité de clé algorithmique permettant des opérations DES simples et triples à l'aide de la même unité cryptographique.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US149422 | 1993-11-09 | ||
US5887597P | 1997-09-15 | 1997-09-15 | |
US58875P | 1997-09-15 | ||
US14942298A | 1998-09-08 | 1998-09-08 | |
PCT/US1998/019096 WO1999014979A1 (fr) | 1997-09-15 | 1998-09-14 | Systeme cryptographique pour systeme public de communications en mode de transfert asynchrone (atm)/mode de transmission en reseau optique synchrone (sonet) avec recherche de circuit virtuel et chiffrement et dechiffrement de donnees pipeline |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1016310A1 true EP1016310A1 (fr) | 2000-07-05 |
Family
ID=26738117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP98950622A Withdrawn EP1016310A1 (fr) | 1997-09-15 | 1998-09-14 | Systeme cryptographique pour systeme public de communications en mode de transfert asynchrone (atm)/mode de transmission en reseau optique synchrone (sonet) avec recherche de circuit virtuel et chiffrement et dechiffrement de donnees pipeline |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1016310A1 (fr) |
AU (1) | AU9661698A (fr) |
WO (1) | WO1999014979A1 (fr) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7003114B1 (en) | 2000-01-20 | 2006-02-21 | Qualcomm Incorporated | Method and apparatus for achieving crypto-synchronization in a packet data communication system |
US8904270B2 (en) | 2006-11-29 | 2014-12-02 | Omtool Ltd. | Methods and apparatus for enterprise document distribution |
WO2003039094A2 (fr) * | 2001-10-29 | 2003-05-08 | Omtool, Ltd | Procedes et appareil de communication securisee d'un message |
US8726015B2 (en) | 2001-10-29 | 2014-05-13 | Omtool, Ltd. | Methods and apparatus for secure content routing |
US8291224B2 (en) | 2005-03-30 | 2012-10-16 | Wells Fargo Bank, N.A. | Distributed cryptographic management for computer systems |
US9954848B1 (en) | 2014-04-04 | 2018-04-24 | Wells Fargo Bank, N.A. | Central cryptographic management for computer systems |
CN113626839B (zh) * | 2021-03-31 | 2024-09-10 | 中汽创智科技有限公司 | 一种基于多线程并发处理的加解密引擎系统、方法及汽车 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5473696A (en) * | 1993-11-05 | 1995-12-05 | At&T Corp. | Method and apparatus for combined encryption and scrambling of information on a shared medium network |
NL9400428A (nl) * | 1994-03-18 | 1995-11-01 | Nederland Ptt | Inrichting voor het cryptografisch bewerken van datapakketten, alsmede werkwijze voor het genereren van cryptografische bewerkingsdata. |
US5796836A (en) * | 1995-04-17 | 1998-08-18 | Secure Computing Corporation | Scalable key agile cryptography |
-
1998
- 1998-09-14 EP EP98950622A patent/EP1016310A1/fr not_active Withdrawn
- 1998-09-14 WO PCT/US1998/019096 patent/WO1999014979A1/fr not_active Application Discontinuation
- 1998-09-14 AU AU96616/98A patent/AU9661698A/en not_active Abandoned
Non-Patent Citations (1)
Title |
---|
See references of WO9914979A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO1999014979A1 (fr) | 1999-03-25 |
AU9661698A (en) | 1999-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5796836A (en) | Scalable key agile cryptography | |
US5473696A (en) | Method and apparatus for combined encryption and scrambling of information on a shared medium network | |
US5809147A (en) | Device for cryptographically processing data packets and method of generating cryptographic processing data | |
US5870479A (en) | Device for processing data packets | |
KR20030078873A (ko) | 패킷 암호화 시스템 및 방법 | |
EA010611B1 (ru) | Способ (варианты) и устройство для криптографической обработки данных (варианты) | |
McHenry et al. | An FPGA-based coprocessor for ATM firewalls | |
JPH07226734A (ja) | 共有媒体受動光網上でのトラヒック挙動の秘密のための方法及び装置 | |
JP2862141B2 (ja) | 慣用暗号を用いた識別番号ベース鍵管理装置 | |
Chuang | Securing ATM networks | |
US6775274B1 (en) | Circuit and method for providing secure communication over data communication interconnects | |
WO1999014979A1 (fr) | Systeme cryptographique pour systeme public de communications en mode de transfert asynchrone (atm)/mode de transmission en reseau optique synchrone (sonet) avec recherche de circuit virtuel et chiffrement et dechiffrement de donnees pipeline | |
Tarman et al. | Algorithm-agile encryption in ATM networks | |
Stevenson et al. | Design of a key agile cryptographic system for OC-12c rate ATM | |
Pierson et al. | Context-agile encryption for high speed communication networks | |
EP0862823B1 (fr) | Gestion de cles de cryptage | |
Haskins | Securing asynchronous transfer mode networks. | |
Ramaswamy | Traffic flow confidentiality security service in OSI computer network architecture | |
Varadharajan et al. | Security issues in asynchronous transfer mode | |
Forne et al. | An integrated solution for secure communications over B-ISDN | |
Tarman et al. | Final report for the robustness-agile asynchronous transfer mode (ATM) encryption laboratory directed research and development project | |
Carlson | OPNET performance simulation of Network Security Services | |
Nake | An Overview of Network Architecture and Security Framework of Asynchronous Transfer Mode | |
Varadharajan et al. | Security for ATM networks | |
Forné et al. | The Cripto project architecture: a Spanish experience in broadband networks security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20000411 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20020403 |