38 results about "Cryptographic accelerator" patented technology

Methods and apparatus are provided for creating a secure zone having multiple servers connected to a resource virtualization switch through I / O bus interfaces, such as PCI Express or PCI-AS. Servers connected to the resource virtualization switch using I / O bus interfaces share access to one or more virtualized cryptographic accelerators associated with the resource virtualization switch. Applications on a server or system images running on hypervisor inside server can use cryptographic accelerators associated with the resource virtualization switch as though the resources were included in the server itself. Connections between multiple servers and the resource virtualization switch are secure non-broadcast connections. Data provided to a resource virtualization switch can be cryptographically processed using one or more shared and virtualized cryptographic accelerators.

Provided is an architecture for a cryptography accelerator chip that allows significant performance improvements over previous prior art designs. In various embodiments, the architecture enables parallel processing of packets through a plurality of cryptography engines and includes a classification engine configured to efficiently process encryption / decryption of data packets. Cryptography acceleration chips in accordance may be incorporated on network line cards or service modules and used in applications as diverse as connecting a single computer to a WAN, to large corporate networks, to networks servicing wide geographic areas (e.g., cities). The present invention provides improved performance over the prior art designs, with much reduced local memory requirements, in some cases requiring no additional external memory. In some embodiments, the present invention enables sustained full duplex Gigabit rate security processing of IPSec protocol data packets.

Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.

For use in a system-on-a-chip (SoC) having a secure execution environment (SEE) containing secure memory, a cryptographic accelerator, a method of performing cryptography therewith and an SoC incorporating the cryptographic accelerator or the method. In one embodiment, the cryptographic accelerator includes: (1) a key register located within the SEE and coupled to the secure memory to receive a cryptographic key therefrom and (2) data input and output registers located outside of the SEE and coupled to the key register to allow the cryptographic key to be applied to input data arriving via the data input register to yield output data via the data output register.

A cryptographic accelerator (1) has a host interface (2) for interfacing with a host sending cryptographic requests and receiving results. A CPU (3) manages the internal logical unit in an exponentiation sub-system (7) having modulator exponentiators (30). The exponentiators (30) are chained together up to a maximum of four, in a block (20). There are ten blocks (20). A scheduler uses control registers and an input buffer to perform the scheduling control.

Methods and apparatus are provided for performing authentication and decryption operations in a cryptography accelerator system. Input data passed to a cryptography accelerator from a host such a CPU includes information for a cryptography accelerator to determine where to write the processed data. In one example, processed data is formatted as packet payloads in a network buffer. Checksum information is precalculated and an offset for a header is maintained.

Methods and apparatus are provided for a cryptography accelerator to efficiently perform authentication and encryption operations. A data sequence is received at a cryptography accelerator. An encrypted authentication code and an encrypted data sequence is provided efficiently upon performing single pass authentication and encryption operations on the data sequence.

Methods and apparatus are provided for making function calls to various cryptography accelerators. An application program interface abstraction layer coupled to a cryptography accelerator receives generic function calls from designer configured software and performs operations such as security association management, policy management, packet processing, cryptography accelerator configuration, and key commit management. Upon receiving a generic function call, the abstraction layer performs processing to make a chip specific function call or update abstraction layer management information associated with the generic function call.

A system for encrypting and decrypting data formed of a number of bytes using the ARCFOUR encryption algorithm is disclosed. The system includes a system bus and an encryption accelerator arranged to execute the encryption algorithm coupled to the system bus. A system memory coupled to the system bus arranged to store a secret key array associated with the data and a central processing unit coupled to the system bus wherein encryption accelerator uses substantially no central processing unit resources to execute the encryption algorithm.

Methods and apparatus are provided for implementing a cryptography accelerator for performing operations such as hash operations. The cryptography accelerator recognizes characteristics associated with input data and retrieves an instruction set for processing the input data. The instruction set is used to configure or control components such as MD5 and SHA-1 hash cores, XOR components, memory, etc. By providing a cryptography accelerator with access to multiple instruction sets, a variety of hash operations can be performed in a configurable cryptographic accelerator.

A security architecture in which a security module is integrated in a client machine, wherein the client machine includes a local host that is untrusted. The security module performs encryption and decryption algorithms, authentication, and public key processing. The security module also includes separate key caches for key encryption keys and application keys. A security module can also interface a cryptographic accelerator through an application key cache. The security module can authorize a public key and an associated key server. That public key can subsequently be used to authorize additional key servers. Any of the authorized key servers can use their public keys to authorize the public keys of additional key servers. Secure authenticated communications can then transpire between the client and any of these key servers. Such a connection is created by a secure handshake process that takes place between the client and the key server. A time value can be sent from the key server to the client, allowing for secure revocation of keys. In addition, secure configuration messages can be sent to the security module.

Embodiments of the invention provide a system for encrypting web session data which may include a session management module adapted to receive data from a web application module and provide a token that represents the data in encrypted form to the web application, wherein the web application is adapted to use the token to represent the data. The system may also include a tokenizer module communicably coupled to the session management module, wherein the tokenizer module is adapted to receive the data and generate the token. Further, the system may include a database communicably coupled to the session management module, wherein the database is adapted to receive the token and the data, associate the token with the data, and store the token and the data.

Methods and apparatus are provided for handling data at a cryptography accelerator output interface. A shared resource such as a shared output buffer is provided at the cryptography accelerator output interface having multiple output ports. The output interface shared resource can be allocated amongst the various output ports based on characteristics and requirements of the various input ports. References to data in the shared resource allow processing and ordering of data following processing by cryptographic processing cores.

Disclosed is a security key device for cloud services. The security key device includes an interface unit that provides an interface with the user terminal, a storage unit that stores an encrypted user file, and an encryption / decryption conversion support controller that encrypts, when a file to be uploaded to a cloud server is received from the user terminal, the received file and stores the encrypted file in the storage unit to transmit the encrypted file to the user terminal, and stores, when an encrypted file downloaded from the cloud server is received from the user terminal, the received encrypted file in the storage unit and decrypts the encrypted file to transmit the decrypted file to the user terminal. Even when a cloud server is hacked, individual and company's important data cannot be opened, encryption / decryption is processed in a hardware encryption accelerator, and therefore it is possible to prevent leakage of an encryption key even when a personal PC is hacked, thereby significantly improving security compared to the related art.