DIGITAL-ENCRYPTION HARDWARE ACCELERATOR
First Claim
1. A method of encrypting or decrypting the message comprising a predetermined number of data blocks of predetermined length in accordance with a data encryption standard comprising:
- sequentially processing the data blocks in a first data processing channel for performing encryption or decryption, in accordance with the standard, of the data blocks, data block-by-data block;
sequentially receiving in a second processing channel the encrypted or decrypted data blocks, data block-by-data block, from the first data processing channel and computing a message authentication code for an entire predetermined length message on a data block-by-data block calculation wherein the results of the first and second data processing channels are used to encrypt or decrypt the message.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic device for encrypting and decrypting data blocks of a message having n data blocks in accordance with the data encryption standard (DES) has a first data processing channel having a first processing stage for performing encryption and decryption of data blocks of a predefined length, and a second data processing channel having a second processing stage for performing encryption and decryption of data blocks. The electronic device also has a control stage (FSM) for controlling the first processing stage and the second processing stage, so as to perform an encryption or decryption step with the second processing stage on an encrypted/decrypted data block output from the first processing stage, and to control the second processing stage to compute a message authentication code over the encrypted or decrypted message received from the first processing stage block-by-block.
14 Citations
20 Claims
-
1. A method of encrypting or decrypting the message comprising a predetermined number of data blocks of predetermined length in accordance with a data encryption standard comprising:
-
sequentially processing the data blocks in a first data processing channel for performing encryption or decryption, in accordance with the standard, of the data blocks, data block-by-data block; sequentially receiving in a second processing channel the encrypted or decrypted data blocks, data block-by-data block, from the first data processing channel and computing a message authentication code for an entire predetermined length message on a data block-by-data block calculation wherein the results of the first and second data processing channels are used to encrypt or decrypt the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus comprising:
-
a memory that is configured to store data; and an cryptographic engine that is configured to load the data only once so as to generate a cryptographic result and to calculate a message authentication code (MAC) from the data, wherein the cryptographic engine includes; a first channel having; a first key register; a first data buffer having a first size, wherein the first data buffer is configured to store at least a portion of the data; a first interface circuit that is coupled to the first data buffer and the first key register; and a first cryptographic core that coupled to the first interface circuit; a second channel having; a second key register; a second data buffer having a second size, wherein the first data buffer is configured to store at least a portion of the data, and wherein the second size is at least twice as large as the first size; a second interface circuit that is coupled to the first data buffer and the second key register; and a second cryptographic core that coupled to the first interface circuit, wherein first and second cryptographic cores are configured to generate the cryptographic result and the MAC substantially in parallel; and a controller that is coupled to the first and second channels and that is configured to control the sequencing for the first and second cryptographic cores. - View Dependent Claims (14, 15, 16)
-
-
17. A method of encrypting data comprising:
-
writing a Send Sequence Counter to MAC channel; writing a first data block to encryption channel; starting a DES core when the eight data byte is written to the encryption channel; writing a Data header into MAC channel; reading first encryption results from data automatically written to the MAC channel; writing second, third, . . . , nth data block into encryption channel and read the results after each operation; initiating one MAC operation manually after the last data block has been read; configuring an MAC channel to perform triple DES encryption; writing epilog and necessary padding into the MAC channel; starting the last MAC operation; and reading a cryptographic signature from the MAC channel. - View Dependent Claims (18)
-
-
19. A method for encrypting a message having n data blocks, the method comprising:
- encrypting a data block in a first processing stage in accordance with a single-DES or triple-DES operation, passing the encrypted data block to a second processing stage, and encrypting the encrypted data block in the second processing stage in accordance with a single-DES or triple-DES operation, wherein the first encrypting step performs data encryption on each block and the second encrypting step performs computation of a message authentication code over the encrypted message block-by-block.
-
20. A method for decrypting a message having n encrypted data blocks and a message authentication code, the method comprising:
- decrypting a data block in a first processing stage in accordance with a single-DES or triple-DES operation, passing the decrypted data block to a second processing stage, decrypting the decrypted data block in the second processing stage in accordance with a single-DES or triple-DES operation, wherein the first decrypting step performs data decryption on each block and the second decrypting step retrieves the message authentication code from n blocks.
Specification