Multi-independent level secure (MILS) storage encryption
First Claim
1. A method, comprising:
- receiving, by a first computing device on a first port of a plurality of ports, a data packet, wherein each of the ports corresponds to one of a plurality of security classes including a first security class that corresponds to the first port, and the first computing device comprises a plurality of cryptographic modules, each module configured to encrypt data for a respective one of the security classes, each module comprising a cryptographic engine configured as a systolic-matrix array, and each module further comprising at least one field-programmable gate array (FPGA) programmable to support at least one security protocol;
tagging the data packet using tagging data that identifies the first security class and the first port, wherein tagging the data packet comprises replacing an external tag of the received data packet with an internal tag, wherein a first value in a field of the external tag indicates a protocol associated with the data packet, and wherein the internal tag is obtained by encoding the first value to a second value, the second value having a reduced number of bits as compared to the first value, and the second value replacing the first value in the field;
routing, based on at least one header, the data packet to a first cryptographic module of the plurality of cryptographic modules;
encrypting the data packet using the first cryptographic module; and
storing the encrypted data packet in a first data storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes: receiving, by a first computing device on a first port of a plurality of ports, a data packet, wherein each of the ports corresponds to one of a plurality of security classes, and the first computing device comprises a plurality of cryptographic modules, each module configured to encrypt data for a respective one of the security classes; tagging the data packet, wherein tagging data identifies one of the security classes and the first port; routing, based on at least one header, the data packet to a first cryptographic module of the plurality of cryptographic modules; encrypting the data packet using the first cryptographic module; and storing the encrypted data packet in a first data storage device.
281 Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a first computing device on a first port of a plurality of ports, a data packet, wherein each of the ports corresponds to one of a plurality of security classes including a first security class that corresponds to the first port, and the first computing device comprises a plurality of cryptographic modules, each module configured to encrypt data for a respective one of the security classes, each module comprising a cryptographic engine configured as a systolic-matrix array, and each module further comprising at least one field-programmable gate array (FPGA) programmable to support at least one security protocol; tagging the data packet using tagging data that identifies the first security class and the first port, wherein tagging the data packet comprises replacing an external tag of the received data packet with an internal tag, wherein a first value in a field of the external tag indicates a protocol associated with the data packet, and wherein the internal tag is obtained by encoding the first value to a second value, the second value having a reduced number of bits as compared to the first value, and the second value replacing the first value in the field; routing, based on at least one header, the data packet to a first cryptographic module of the plurality of cryptographic modules; encrypting the data packet using the first cryptographic module; and storing the encrypted data packet in a first data storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 16, 17, 18)
-
-
9. A system, comprising:
-
at least one processor; and memory storing instructions configured to instruct the at least one processor to; receive, on a first port of a plurality of ports, a data packet, wherein each of the ports corresponds to one of a plurality of security classes; tag the data packet using tagging data that identifies a first security class of the security classes, wherein tagging the data packet comprises replacing an external tag of the received data packet with an internal tag, wherein a first value of the external tag indicates a protocol associated with the data packet, and wherein the internal tag is obtained by replacing the first value with a second value obtained by encoding the first value; route the data packet to a first cryptographic module of a plurality of cryptographic modules, wherein each cryptographic module is configured to encrypt data for a respective one of the security classes, each module comprises a cryptographic engine configured as a systolic-matrix array, and each module further comprises at least one field-programmable gate array (FPGA) programmable to support at least one security protocol; and encrypt the data packet using the first cryptographic module. - View Dependent Claims (10, 11, 12, 13, 14, 19, 20)
-
Specification