System-on-chip data security appliance encryption device and methods of operating the same
First Claim
1. A system-on-chip data security appliance encryption device (SoC-DSA ED) comprising:
- a single-chip device defining a protected boundary co-incident with a boundary of the single-chip device;
a plurality of communication interfaces;
an electronic processor located within the protected boundary;
a data transfer control component located within the protection boundary;
memory located within the protected boundary, the memory storing data, encryption keys, hash values, and a network configuration table;
an encryption component located within the protection boundary,wherein the electronic processor is configured to store a set of configuration data in the network configuration table for each of the plurality of communication interfaces and associate each of the plurality of communication interfaces with a set of configuration data stored in the network configuration table to define a communication channel for each of the plurality of communication interfaces, wherein the set of configuration data for at least one of the plurality of communication interfaces includes addresses associated with the at least one of the plurality of communication interfaces;
wherein the electronic processor is configured to allow two-way transfer of data between each of the communication interfaces using the data transfer control component based on data stored in the memory;
wherein data appearing on at least one of the plurality of communication interfaces is always encrypted using the encryption component within the protection boundary.
1 Assignment
0 Petitions
Accused Products
Abstract
System-on-chip data security appliance (“SoC-DSA”) and methods of operating the same. In one embodiment, the SoC-DSA includes data security mechanisms enclosed within a protected boundary of a single chip. In some embodiments, isolation and access control features are hidden within an on-chip field-programmable gate array (“FPGA”). The isolation and access control features can be implemented such that they are not visible to or alterable by software executing on the processing cores of the SoC-DSA, which provides for continued data security even in the presence of software exploitation, such as a malicious implant, that otherwise compromises data security in software-only systems. The SoC-DSA can be used to enhance data security in existing data security devices and protocols, such as high assurance guards (“HAG”) and can be used to create new types of security devices, such as devices enforce alternative human data interactions (“HDI”) models.
65 Citations
28 Claims
-
1. A system-on-chip data security appliance encryption device (SoC-DSA ED) comprising:
-
a single-chip device defining a protected boundary co-incident with a boundary of the single-chip device; a plurality of communication interfaces; an electronic processor located within the protected boundary; a data transfer control component located within the protection boundary; memory located within the protected boundary, the memory storing data, encryption keys, hash values, and a network configuration table; an encryption component located within the protection boundary, wherein the electronic processor is configured to store a set of configuration data in the network configuration table for each of the plurality of communication interfaces and associate each of the plurality of communication interfaces with a set of configuration data stored in the network configuration table to define a communication channel for each of the plurality of communication interfaces, wherein the set of configuration data for at least one of the plurality of communication interfaces includes addresses associated with the at least one of the plurality of communication interfaces; wherein the electronic processor is configured to allow two-way transfer of data between each of the communication interfaces using the data transfer control component based on data stored in the memory; wherein data appearing on at least one of the plurality of communication interfaces is always encrypted using the encryption component within the protection boundary. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A system comprising:
-
a plurality of system-on-chip data security appliance encryption devices (SoC-DSA EDs), each of the plurality of SoC-DSA EDs including a single-chip device defining a protected boundary co-incident with a boundary of a chip included in the single-chip device and a communication interface; and an intermediate network infrastructure connecting the plurality of SoC-DSA EDs through the communication interface of each of the plurality of SoC-DSA EDs. - View Dependent Claims (27, 28)
-
Specification