Login »
CLP-610: Security Protocol Accelerator - HSM
The Security Protocol Accelerator and Hardware Security Module, SPAcc-HSM, is a unique security engine that provides reliable protection for sensitive data and transactions and can be shared simultaneously with an application processor that requires lower levels of security.
Digital Right Management (DRM) and content protection standards, such as Digital Transmission Content Protection (DTCP) demand robust security schemes to protect sensitive key information from non-authorized use. The SPAcc-HSM provides specialized access control to key management and application processors and ensures that the security boundaries between the two domains are strictly enforced.
The sharing of cryptographic resources between the two processors allows for significant gate count reduction and smaller memory footprint.
Most security protocols require computationally intensive confidentiality and authentication algorithms to be applied to the data. Content providers require secure key storage to protect valuable data or premium content. The SPAcc-HSM fulfills these requirements by providing a framework that includes a shared programmable sequencer, Secure Key module, Secure DMA engine, and cryptographic/hashing resources.
These resources handle a high variety of protocols, such as 3GPP/LTE/LTE-A, MACsec, IPsec, SSL/TLS/DTLS, SRTP, WiMAX, WiFi, disk and tape storage and content protection.
- Features
- Single engine shared between application and key management domains
- Secure Key module allows the application system to use keys derived in the secure system without visibility to the key data itself
- Separate clock domains for the two control interfaces and the cryptographic core
- Low gate count and small memory footprint
- Configurable traffic paradigm
- Shared mode
- Virtual mode
- Support for all ciphers, hashes and MAC algorithms used in major protocols such as IPsec, WiMAX, Wi-Fi, 3GPP LTE/LTE-A, SRTP, SSL/TLS/DTLS, MACsec, storage
- Cipher algorithms: AES, DES/3DES, ARC4 [RC4], MULTI2, KASUMI, SNOW 3G, ZUC
- Cipher modes: ECB, CBC, CTR, OFB, CFB, f8, XTS, UEA1, UEA2, 128-EEA1, 128-EEA2, 128-EEA3
- Authenticated Encryption with Associated Data (AEAD) modes: CCM, GCM
- Hash/MAC algorithms: MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256, AES-XCBC-MAC, AES-CMAC, KASUMI-f9, KASUMI-UIA1, SNOW-3G-UIA2, SNOW-3G-128-EIA1, AES-128-EIA2, ZUC-128-EIA3, CRC-32-IEEE802.3
- Hash modes: raw hash, SSLMAC, HMAC
- Other modes: GSM A5/3, ECSD A5/3 and GEA3 keystream generation
- Increased throughput through parallel hashing and encryption
- Command and status FIFO depth selection offers interrupt coalescence
- Configurable 32- or 64-bit bus interfaces
- AMBA AXI4
- Low-Power
- AMBA AHB
- Lower level of interfacing available
- AMBA AXI4
- Benefits
- Silicon proven
- Highly integrated
- SoC/ASIC developers and embedded system OEMs benefit from
- Reduced time to market
- Reduced risk
- Highly tuned solutions for performance, power and size
- IP developed by industry experts through a structured and rigorous development and verification program
- Applications
- Networking/VPN
- MACsec (802.1 AE)
- IPsec
- VoIP/SIP gateways
- SSL/TLS/DTLS
- SRTP
- Wireless
- WiFi (802.11)
- WiMAX (802.16)
- 3GPP, LTE, LTE-A
- Femtocells
- Base stations
- DRM & Content protection
- DTCP
- HDCP 2.0
- DRM
- WMDRM
- OMA
- Storage (1619.1, 1619.2)
- Printers
- Others
- Contact Elliptic for more information
- Networking/VPN
- Downloads
- Product Brief: CLP-610: Security Protocol Accelerator - HSM
Featured Products
CLP-630: Multi-Packet Manager Security EngineA highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.
