SafeNet, The Foundation of Information Security
 
 
 
sample image
Blank
   SafeXcel 1741 Security Co-Processor
Blank
Customized solutions from world-renowned designers.

SafeXcel 1741 - Security Co-Processor

The SafeXcel™-1741 - another member of SafeNet’s widely deployed family of embedded encryption solutions - is a highly integrated VPN security co-processor optimized for very cost-sensitive designs.

Overview

The SafeXcel™-1741 is designed specifically to accelerate IPSec and incorporates security engines for the following operations:

  • IPSec ESP and AH transforms
  • Basic encrypt/decrypt and hash operations
  • Public Key operations
  • Random Number Generation operations

An evolution from the SafeXcel-1140, the SafeXcel-1741 includes new features such as:

  • Advanced Encryption Standard (AES) algorithm
  • 5V tolerant I/O
  • Allowance of a small on-chip SA cache
  • Supports 66MHz PCI bus
  • Hardware endian swapper

Basic algorithms are supplied in the SafeXcel-1741, along with surrounding protocol handling, including header addition, and stripping. The SafeXcel-1741 implements security features in hardware that are unavailable with any other chip solution in its price range, such as:

  • ESP and AH header insertion and validation, including SPI and replay counter processing
  • Full AH 'mutable bit' processing, including IPv4 option and IPv6 extension headers
  • HMAC ICV validation on inbound packets
  • Automatic IV generation and insertion

These features provide the maximum off-load for the host processor so that it can dedicate more of its resources to its primary functions such as routing or firewall filtering.

Cost-Effective Acceleration
The SafeXcel-1741 provides the optimum price-performance point for low to mid-range systems. By accelerating only the critical and processor-intensive security functions, it provides an excellent value proposition.

Full Suite of Algorithms
The SafeNet SafeXcel-1741 incorporates the necessary algorithms for VPN applications:

  • DES, Triple-DES, and AES encryption
  • MD5 and SHA-1 Hashing with HMAC
  • Public Key computations:
    - Diffie-Hellman Key Negotiation
    - RSA Encryption and Signatures
    - DSA Signatures
  • Random Number Generation

With the SafeXcel-1741 installed, host processors can off-load not only VPN packet transforms, but also the cryptographic computations needed for key management handshaking (i.e. IKE) which seriously affect system performance. The public key processor in the SafeXcel-1741 will typically provide more than 20 times the performance of a 32-bit RISC processor.

Efficient Security Processing
The SafeXcel-1741 truly offloads the host processor, freeing it to execute its networking functions and leaving room for future feature growth. The system integration features in the SafeXcel-1741 have been carefully designed to remove performance bottlenecks. By performing virtually all of the security protocol steps on-chip, multiple bus movements are avoided and operations may be pipelined to minimize latency.

A simple command descriptor is used to control packet processing. With the PCI host interface, the SafeXcel-1741 can perform master PCI bus transactions to autonomously move packets through the Packet Engine.

When processing IPSec with the worst-case algorithms (3DES and SHA-1), the SafeXcel-1741 supports 320 Mbps of throughput. This is more than adequate for SOHO routers, xDSL modems, cable modems and similar applications.

Applications

  • Low and middle-end cryptographic engines
    Internetworking devices (routers, switches, etc.)
  • Residential gateways
  • xDSL modems
  • Cable modems
  • Wireless access points
  • Firewalls
Related Links
Related Documents
     Company | Site Map | Privacy Statement | Contact Us | Send Feedback | Terms & Conditions of Sale
     © 2009 SafeNet Inc. All rights reserved. | Use of this website signifies your agreement to the Terms of Use.