Data security system and method
First Claim
1. A data security system for performing a cryptographic process on data represented by bits, the cryptographic process comprising a predetermined repetitive sequence of steps which include bit manipulation operations comprising permutations of bits and substitutions of bits and logical operations, the system comprising a microprocessor;
- a programmable hardware device connected to the microprocessor, the programmable hardware device comprising a plurality of elements connectable together under program control in different configurations of elements for performing different functions, the elements being connected to perform said bit manipulation and logical operations of said cryptographic processes;
program means within the microprocessor for moving data to and from the hardware device and for controlling the hardware device to repetitively perform said bit manipulation and logical operations in accordance with said predetermined sequence of steps so as to perform said cryptographic process; and
means for loading configuration information into the hardware device from the microprocessor upon start-up of the system to connect the elements to perform said operations.
3 Assignments
0 Petitions
Accused Products
Abstract
A data security system and method for providing a cryptographic process such as the Data Encryption Standard comprises a microprocessor having a programmable hardware element such as a field programmable gate array interfaced to the processor bus. The predetermined ordered sequence of operations which form the cryptographic process are parsed into hardware-centric operations such as bit manipulations, table look-ups and logic operations which are efficiently performed in hardware, and into software-centric operations such as data processing and state machine control. Hardware-centric operations are performed in the programmable hardware device, and overall control of the system is performed under microprocessor control.
274 Citations
20 Claims
-
1. A data security system for performing a cryptographic process on data represented by bits, the cryptographic process comprising a predetermined repetitive sequence of steps which include bit manipulation operations comprising permutations of bits and substitutions of bits and logical operations, the system comprising a microprocessor;
- a programmable hardware device connected to the microprocessor, the programmable hardware device comprising a plurality of elements connectable together under program control in different configurations of elements for performing different functions, the elements being connected to perform said bit manipulation and logical operations of said cryptographic processes;
program means within the microprocessor for moving data to and from the hardware device and for controlling the hardware device to repetitively perform said bit manipulation and logical operations in accordance with said predetermined sequence of steps so as to perform said cryptographic process; and
means for loading configuration information into the hardware device from the microprocessor upon start-up of the system to connect the elements to perform said operations. - View Dependent Claims (2, 3, 4, 5, 6)
- a programmable hardware device connected to the microprocessor, the programmable hardware device comprising a plurality of elements connectable together under program control in different configurations of elements for performing different functions, the elements being connected to perform said bit manipulation and logical operations of said cryptographic processes;
-
7. A data security system for performing a cryptographic process on data represented by bits, the cryptographic process comprising a predetermined sequence of repetitive operations including bit manipulation operations involving movements of different ones of said bits relative to other ones of said bits, and a plurality of data processing and control operations, the system comprising a microprocessor having a bus;
- a programmable hardware element connected to the microprocessor by the bus, the programmable hardware element comprising a plurality of functional elements connectable together by the microprocessor in different configurations to perform predetermined functions;
first program means within the microprocessor for controlling data movement to and from the programmable hardware element over said bus; and
second program means for configuring the programmable hardware element such that said programmable hardware element performs said bit manipulation operations and the microprocessor performs said data processing and control operations. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- a programmable hardware element connected to the microprocessor by the bus, the programmable hardware element comprising a plurality of functional elements connectable together by the microprocessor in different configurations to perform predetermined functions;
-
16. A method of performing a cryptographic process on data represented by bits in a system comprising a microprocessor and a programmable hardware device having a plurality of elements which are connectable together under program control by the microprocessor to perform predetermined functions, the cryptographic process comprising a predetermined sequence of repetitive operations including bit manipulation operations involving movement of different ones of said bits relative to other ones of said bits and a plurality of different data processing and control operations, the method comprising configuring the elements of the programmable hardware device using the microprocessor to perform said bit manipulation operations;
- controlling, using said microprocessor, data flow to and from said programmable hardware device; and
controlling the programmable hardware device to perform said predetermined repetitive sequence of steps for a predetermined number of iterations in order to perform said cryptographic process, wherein data flow to and from said programmable hardware device is in blocks comprising multiple bits, and wherein said method comprises performing in said programmable hardware device steps comprising permutating bits of a block of data to rearrange the order of the bits;
dividing the permutated bits into first and second portions;
expanding the first portion to increase a number of bits in such portion;
combining the expanded first portion with a sub key from the microprocessor to produce a combined block of data;
converting the combined block into a block having a smaller number of bits;
permutating the bits in the smaller block; and
combining the permutated bits with the second portion of the block to produce a new first portion. - View Dependent Claims (17, 18)
- controlling, using said microprocessor, data flow to and from said programmable hardware device; and
-
19. A data security system for performing a cryptographic process on data represented by bits, the cryptographic process comprising a predetermined repetitive sequence of steps which include bit manipulation operations comprising permutations of bits and substitutions of bits and logical operations on groups of bits, the system comprising a microprocessor;
- a hardware device connected to the microprocessor by a first bus over which data is provided to and from said hardware device, the hardware device comprising a plurality of elements connected to perform said bit manipulation and logical operations of said cryptographic processes;
a memory connected to said first bus;
means connected to a second bus connected to the microprocessor for inputting and outputting data;
means for controlling the inputting and outputting means for the input and output of data to the memory and from the memory to the hardware device; and
program means within the microprocessor for moving data to and from the hardware device and for controlling the hardware device to repetitively perform said bit manipulation and logical operations in accordance with said predetermined sequence of steps so as to perform said cryptographic process.
- a hardware device connected to the microprocessor by a first bus over which data is provided to and from said hardware device, the hardware device comprising a plurality of elements connected to perform said bit manipulation and logical operations of said cryptographic processes;
-
20. A system comprising multiple data security systems for performing a cryptographic process on data represented by bits, the cryptographic process comprising a predetermined repetitive sequence of steps which include bit manipulation operations comprising permutations of bits and substitutions of bits and logical operations on groups of bits, each data security system comprising a microprocessor;
- a hardware device connected to the microprocessor, the hardware device comprising a plurality of elements connected to perform said bit manipulation and logical operations of said cryptographic processes; and
program means within the microprocessor for moving data to and from the hardware device and for controlling the hardware device to repetitively perform said bit manipulation and logical operations in accordance with said predetermined sequence of steps so as to perform said cryptographic process; and
the system further comprising a control microprocessor connected to respective ones of the microprocessors of said data security systems for controlling said microprocessors;
means for performing public key operations to generate session keys for respective ones of said data security systems; and
means for supplying the session keys to the data security systems to afford simultaneous data security microprocessing operations.
- a hardware device connected to the microprocessor, the hardware device comprising a plurality of elements connected to perform said bit manipulation and logical operations of said cryptographic processes; and
Specification