Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

Abstract

An encryption circuit for simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host system hosted by a computing machine. The circuit comprises an input / output module responsible for the data exchanges between the host system and the circuit via a dedicated bus. An encryption module coupled with the input / output module is in charge of the encryption and decryption operations. Isolation means between the input / output module and the encryption module makes the sensitive information stored in the encryption module inaccessible to the host system and ensures the parallelism of the operations performed by the input / output module and the encryption module. The circuit is supported on a peripheral component interconnect card. The circuit is specifically adapted to provide “hardware” protection of computer servers or stations.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS [0001] This application is a continuation of application Ser. No. 09 / 706,728, filed Nov. 7, 2000, which claims priority under 35 U.S.C. §119 to French Application No. 9914067, filed Nov. 9, 1999, each of which is hereby incorporated by reference.FIELD OF THE INVENTION [0002] The present invention applies to the field of encryption, and more particularly, relates to an architecture of an encryption circuit implementing various types of encryption algorithms simultaneously. [0003] This architecture is embodied by a circuit supported by a PCI (Peripheral Component Interconnect) card, and makes it possible to implement various encryption algorithms in parallel, without a loss of performance in a machine (server or station). It also plays the role of a vault in which the secret elements (keys and certificates) required for any electronic encryption function are stored. DESCRIPTION OF RELATED ART [0004] The increased need for performance in cryptogr...

AI Technical Summary

Benefits of technology

[0014] The first advantage of the invention is that it allows fast execution of the principal encryption algorithms with two levels of parallelism, a first parallelism of the operations performed by the input / output module and the encryption module, and a second parallelism in the execution of the various encryption algorithms.

[0015] Another advantage of the invention is to make invisible to the host system all of the encryption resources made available to the system, and to provide protected storage for secrets such as keys and certificates. The sensitive functions of the card (algorithms and keys) are all located inside the encryption module and are inaccessible from the PCI bus.

[0016] The invention also has the advantage of enabling hardware and software implementations of various encryption algorithms to coexist without a loss of performance, while guaranteeing the throughputs of each of them.

[0017] It has the further advantage of being scalable by a choice of standard microprocessor and programmable logic technologies, as opposed to more conventional implementations based on specific circuits (ASIC). The invention makes it possible, in particular, to implement proprietary algorithms simply by modifying the code of the encryption processors or by loading a new configuration file for the encryption automata of the encryption module.

Problems solved by technology

There are known implementations of security architectures based on ASIC (Application Specific Integrated Circuit) components, which entail high development costs for a solution that remains inflexible, both on the manufacturer end and on the user end.

Furthermore, there is no architecture existing today that is capable of executing a set of algorithms simultaneously with a guaranteed throughput for each of them.

Images