Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

US 7,418,598 B1
Filed: 11/07/2000
Issued: 08/26/2008
Est. Priority Date: 11/09/1999
Status: Expired due to Term

First Claim

Patent Images

1. An encryption circuit for simultaneously processing various encryption algorithms, the encryption circuit adapted to be coupled to a host computer system, the encryption circuit comprising:

an input/output module coupled to the host computer system through a dedicated bus,the input/output module handling data exchanges between the host system and the encryption circuit,the input/output module comprising a microcontroller and a microcontroller control memory, the microcontroller control memory providing storage for program control of the microcontroller;

an encryption module performing data encryption and decryption operations, as well as storage of all sensitive information of the encryption circuit; and

isolation means comprising a dual port memory connected between the input/output module and the encryption module, the isolation means ensuring that the sensitive information stored in the encryption module is inaccessible to the host computer system,the dual port memory enabling parallelism between

1) the data exchanges performed by the input/output module and

2) the data encryption and decryption operations performed by the encryption module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption circuit for simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host system hosted by a computing machine. The circuit comprises an input/output module responsible for the data exchanges between the host system and the circuit via a dedicated bus. An encryption module coupled with the input/output module is in charge of the encryption and decryption operations. Isolation means between the input/output module and the encryption module makes the sensitive information stored in the encryption module inaccessible to the host system and ensures the parallelism of the operations performed by the input/output module and the encryption module. The circuit is supported on a peripheral component interconnect card. The circuit is specifically adapted to provide “hardware” protection of computer servers or stations.

Citations

17 Claims

1. An encryption circuit for simultaneously processing various encryption algorithms, the encryption circuit adapted to be coupled to a host computer system, the encryption circuit comprising:
- an input/output module coupled to the host computer system through a dedicated bus,the input/output module handling data exchanges between the host system and the encryption circuit,the input/output module comprising a microcontroller and a microcontroller control memory, the microcontroller control memory providing storage for program control of the microcontroller;
  
  an encryption module performing data encryption and decryption operations, as well as storage of all sensitive information of the encryption circuit; and
  
  isolation means comprising a dual port memory connected between the input/output module and the encryption module, the isolation means ensuring that the sensitive information stored in the encryption module is inaccessible to the host computer system,the dual port memory enabling parallelism between
  
  1) the data exchanges performed by the input/output module and
  
  2) the data encryption and decryption operations performed by the encryption module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. An encryption circuit as set forth in claim 1, wherein the encryption module comprises:
    - a first encryption sub-module, dedicated to the processing of symmetric encryption algorithms, and being coupled to the first bus of the dual port memory;
      
      a second encryption sub-module, dedicated to the processing of asymmetric encryption algorithms and being coupled to the first bus of the dual-port memory and including a separate internal second bus isolated from the first bus of the dual-port memory; and
      
      a CMOS memory, coupled with the dual-port memory via the first bus of the dual-port memory, the CMOS memory containing the encryption keys accessible during execution of encryption algorithms by the first and second encryption sub-modules and the CMOS memory connected to be reset upon detection of an alarm condition protecting the encryption keys from unauthorized access and use.
  - 3. An encryption circuit according to claim 2, wherein the first encryption sub-module comprises an encryption component coupled to the dual-port memory via the first bus of the memory, the encryption component comprising various encryption automata, respectively dedicated to the processing of symmetric encryption algorithms, and the second encryption sub-module comprises at least two encryption processors, respectively dedicated to the processing of asymmetric encryption algorithms, the encryption processors being coupled to the first bus of the dual-port memory via the internal second bus of the second sub-module and a bus isolator that isolates the second bus from the first bus of the dual-port memory.
  - 4. An encryption circuit according to claim 3, wherein the encryption processors of the encryption module are of the CIP configuration.
  - 5. An encryption circuit according to claim 3, wherein one of the two encryption processors is of the CIP type, and in that the other of the two encryption processors is of the ACE configuration.
  - 6. An encryption circuit according to claim 3, wherein one of the two encryption processors is of the ACE configuration comprising a field programmable gate array (FPGA).
  - 7. An encryption circuit according to claim 6, wherein the encryption component is of the SCE configuration.
  - 8. An encryption circuit according to claim 7, wherein the encryption component comprises a field programmable array (FPGA).
  - 9. An encryption circuit according to claim 8, wherein the second encryption sub-module comprises a flash memory PROM and an SRAM memory coupled to the second internal bus of the sub-module.
  - 10. An encryption circuit according to claim 3, further comprising a CMOS memory containing security keys and security mechanisms that trigger a reset mechanism of the CMOS memory in case of an alarm protecting the encryption keys from unauthorized access and use.
  - 11. An encryption circuit as set forth in claim 3, further including a card supporting the circuit.
  - 12. An encryption circuit as set forth in claim 2, further including a card supporting the circuit.
  - 13. An encryption circuit according to claim 1, wherein the microcontroller comprises:
    - an input/output processor and a PCI interface integrating DMA channels responsible for executing the data transfers between the host computer system and the circuit; and
      
      the memory comprises a flash memory containing the code of the input/output processor and a static random access memory that receives a copy of the contents of the flash memory upon startup of the input/output processor.
  - 14. An encryption circuit according to claim 1, comprising a serial link connected to input basic keys through a secure path independent of the dedicated PCI bus, said link controlled by the encryption module.
  - 15. An encryption circuit according to claim 14, wherein the serial link (SL) allows downloading of proprietary algorithms into the first encryption sub-module.
  - 16. An encryption circuit as set forth in claim 1, further including a card supporting the circuit.

17. An encryption circuit for simultaneously processing various encryption algorithms, the encryption circuit adapted to be coupled to a host computer system, the encryption circuit comprising:
- an input/output module coupled to the host computer system through a dedicated bus which provides direct access by the encryption circuit to the host system,the input/output module handling data exchanges between the host system bus and the encryption circuitthe input/output module comprising a microcontroller and a microcontroller control memory, the microcontroller control memory providing storage for program control of the microcontroller;
  
  an encryption module performing data encryption and decryption operations, as well as storage of all sensitive information of the encryption circuit, the encryption module comprising;
  
  a first encryption sub-module, dedicated to the processing of symmetric encryption algorithms;
  
  a second encryption sub-module, dedicated to the processing of asymmetric encryption algorithms; and
  
  a CMOS memory containing the encryption keys accessible during execution of encryption algorithms by the first and second encryption sub-modules and the CMOS memory connected to be reset upon detection of an alarm condition protecting the encryption keys from unauthorized access and use; and
  
  isolation means comprising a dual port memory connected between the input/output module and the encryption module, the dual port memory being coupled to a first bus which couples to the first encryption sub-module, said second encryption sub-module and a second bus which couples to the input/output module, the isolation means ensuring that the sensitive information stored in the encryption module is inaccessible to the host computer system and is protected from unauthorized access and use, andthe dual port memory enabling a first level of parallelism between
  
  1) the data exchanges performed by the input/output module and
  
  2) the data encryption and decryption operations performed by the encryption module; and
  
  a second level of parallelism by providing access to data of the dual port memory during parallel operation of both first and second encryption sub-modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bull Sas (Atos SE)
Original Assignee
BUH HN Information Systems Incorporated
Inventors
Le Quere, Patrick
Primary Examiner(s)
COLIN, CARL G

Application Number

US09/706,728
Time in Patent Office

2,849 Days
Field of Search

713/200, 713/100, 713/193, 713/194, 713/159, 713/168, 713/185, 235/380, 380/25, 380/44, 380/49, 380/30, 380/266, 380/28
US Class Current

713/193
CPC Class Codes

G06F 21/72 in cryptographic circuits

H04L 9/14 using a plurality of keys o...

Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Architecture of an encryption circuit implementing various types of encryption algorithms simultaneously without a loss of performance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links