Virtual Private Networking (VPN) technology has been in use for over twenty years now and Elliptic has developed a broad spectrum of solutions for this market segment. For low performance applications, customers usually choose individual symmetric IP cores and sequence the cores directly by the embedded processor. As the bandwidth requirement increases however, customers must employ engines offering more offload.
Elliptic's most powerful packet processing engines for IPsec are the SPP-230, the CLP-25 and the CLP-30. The SPP-230 security engine is well suited for mobile backhaul applications and it addresses the security, performance and cost needs as operators transition to 4G networks to support the growing mobile data traffic. The CLP-25 is perfect for medium performance gateway applications in the 100-300 Mbps range. The engine has two AMBA/AHB/AXI ports - a master DMA port for packet traffic and a slave port for control and configuration. The DMA has scatter-gather capability to further offload the embedded processor. The CLP-30 is based on the same architecture as the CLP-25 but includes the ability to implement multiple pipelines, multiple DMA ports as well as IPv6 support. The CLP-30 can scale up to the Gbps range. Elliptic has also introduced a cost reduced version of the CLP-25 called the CLP-36 perfect for low cost gateway, access points and even handset applications.
Most applications require IPsec processing in the 50-200 Mbps range and are in cost sensitive markets. Elliptc's CLP-600 Security Protocol Accelerator (SPAcc) IPsec Offload Engine is perfect for this requirement. This engine implements two AMBA/AHB/AXI interfaces as found in the CLP-25, scatter-gather master DMA for packets, sequencing of the cipher/hash operations, interrupt coalescence and has the unique attribute that it can be build time configured with additional cipher/hash options to support other security requirements such as SRTP, SSL, WiMAX and 3GPP. This flexibility has propelled this engine to become Elliptic's most popular VPN solution.
To complement the IPsec product portfolio, Elliptic also offers SSL record processing engines. SSL VPNs have taken market share away from IPsec and as such SoC designers frequently add SSL capability to their VPN solution to cover both markets. The SPP-200 PDU processor is a perfect solution for medium performance gateway applications in the 100-500 Mbps range.
To guide customers in the integration of the hardware IPsec engines into Linux IPsec, Elliptic offers the ESS-03 Linux IPsec Middleware. Licensed as C source code, developers can quickly implement a VPN solution with offload capability then fully optimize the solution based on the final target environment.
Security Protocol Accelerators and Processors
- CLP-30: High Throughput Pipelined IPsec Engine
- CLP-25: IPsec (ESP/AH) Offload Engine
- CLP-36: IPsec/SRTP (ESP/AH) Cost Reduced Offload Engine
- CLP-600: IPsec/SRTP Security Protocol Accelerator
- SPP-200: SSL/TLS/DTLS PDU Processor
- SPP-230: ESP/AH PDU Processor
Ellipsys Cryptography Middleware
- CLP-45: Configurable Lookaside AES Cipher
- CLP-20: High Throughput AES-CCM Core
- CLP-200: Pipelined GCM-AES Core
- CLP-02: DES/3DES Cipher
- CLP-08: High Throughput DES/3DES Core
- CLP-19: Ultra-high Throughput DES/3DES Core
- CLP-04: ARC4 Cipher
- CLP-26: Configurable SHA and MD5 Hash Core
- CLP-100: Flow-Through Hash Core
- CLP-300: RSA and Elliptic Curve Public Key Accelerator
- CLP-27: Compact True Random Number Generator
ETS-020: tVault HDCP 2.2
A proven HDCP-based content protection solution that provides robust security inside Trusted Execution Environments (TEEs) and enforces the protection of sensitive information to ensure that it is stored, processed and accessed only by authorized applications.The solution integrates seamlessly within frameworks such as ARM TrustZone™, where the critical security components are embedded in a trusted and secure OS environment. The non-critical components are executed by the rich OS, such as Android.