SafeNet, The Foundation of Information Security
 
 
 
sample image
   SafeXcel 1841 Security Co-Processor
Customized solutions from world-renowned designers.

SafeXcel 1841 - High-Performance Security Co-Processor

The SafeXcel™-1841 is a highly integrated, high-speed network security co-processor targeted to VPN applications in mid-to high-range network devices and appliances. With the SafeXcel-1841, host processors off-load packet processing and Public Key computations, optimizing overall system performance.

Overview

Designed for the VPN Appliance Market and Optimized for IPSec
With the acceleration of VPN performance in mid-to high-end network devices and appliances as a design focus, the SafeXcel-1841 security co-processor provides powerful and efficient IPSec processing. By accelerating only the critical and processor-intensive security functions, it delivers an excellent value proposition to manufacturers in the VPN appliance market.

The SafeXcel-1841 also accelerates the algorithms used to implement SSL VPNs, allowing for the creation of multi-functional security appliances with a single security co-processor.

Efficient Data, Control, and Management Architecture
The SafeXcel-1841 incorporates separate interfaces for data, control and security association database access, enabling fast packet processing and highly efficient control and security association management systems. The SafeXcel-1841 also incorporates convenient and common hardware interfaces, supporting PCI-X, SPI-3, and S/DRAM memory interface capabilities to ensure easy integration with the widest variety of network and host processors, such as IBM NP4GS3, Intel IXP 2400, and Agere APP5xx.

Broad Platform Support
Full driver support is available immediately for development on most common operating systems, including Windows, Linux and VxWorks. A variety of other operating systems are already supported, and additional OS driver support is delivered on request.

Complete VPN Security Features
The SafeXcel-1841 incorporates a complete suite of security features in hardware, including:

  • IPSec, ESP, and AH transforms
  • Basic encrypt/decrypt and hash operations
  • SSL, TLS, and MPPE cryptographic operations

Core algorithms are supplied in the SafeXcel-1841, along with surrounding protocol handling, including header insertion and stripping. The hardware includes several features unavailable with other competitive chip solutions, including:

  • ESP header insertion/validation, including SPI and replay counter processing
  • Full AH 'mutable bit' processing, including IPv4 options fields and IPv6 extension headers
  • HMAC ICV validation on inbound packets
  • Automatic IV generation and insertion
  • ARC4 key replication, key scheduling, and MPPE-specified key update

Full Suite of Algorithms
The SafeXcel-1841 incorporates all of the necessary algorithms for IPSec and SSL applications:

  • AES, DES, Triple-DES and ARC4 encryption
  • MD-5 and SHA-1 Hashing with HMAC
  • Public Key computations
  • Diffie-Hellman Key Negotiation
    - RSA Encryption & Signatures
    - DSA Signatures
  • Random Number Generation

With the SafeXcel-1841, host processors can off-load the cryptographic computations needed for key management handshaking (i.e. IKE) – which can seriously affect system performance. The Public Key Accelerator in the SafeXcel-1841 typically provides more than 200 times the performance of a 32-bit RISC processor.

Power, Flexibility, and High-Assurance
The SafeXcel-1841 offers design flexibility with a variable-rate public key operations clock, allowing tradeoffs between public key processing speed and power consumption. And as part of SafeNet's commitment to high assurance design, the SafeXcel-1841 chip is complete with FIPS-compliant cryptographic algorithms - allowing our customers to achieve FIPS 140-2 certification for their appliances.

Gigabit Throughput
The SafeXcel-1841 achieves high throughput with fast core processing engines and an integration strategy that removes performance bottlenecks. A hardware-enabled Descriptor Ring, located in on-chip Dual-Port Memory, controls packet movements. This allows asynchronous processing between the Host and the SafeXcel-1841. Descriptor Ring processing also allows multiple packets to be queued for processing. Thus, "starving" of the SafeXcel-1841 is avoided.

An on-chip DMA controller intelligently allocates packet requests among the multiple packet engines. Each packet engine contains dedicated core crypto and hashing engines, allowing independent functions. Each engine also contains its own pair of 2K-byte packet buffers, providing for efficient burst transfers of data.

Two high speed host bus interfaces (PCI-X and SPI-3) support efficient data paths to the chip. As a result, the SafeXcel-1841 design supports full-duplex OC-12 when processing IPSec with the worst case algorithms (Triple-DES and SHA-1) and 1500-byte packets.

Applications

  • Crypto Engine for Internetworking Devices
  • Routers and Switches
  • VPN Gateways
  • Firewalls
  • Server IPSec or SSL accelerator
  • iSCSI Storage Security
  • Workstation Security Module
Related Links
Related Documents
     Company | Site Map | Privacy Statement | Contact Us | Send Feedback | Terms & Conditions of Sale
     © 2009 SafeNet Inc. All rights reserved. | Use of this website signifies your agreement to the Terms of Use.