The Security Protocol Accelerator and Hardware Security Module, SPAcc-HSM, is a unique security engine that provides reliable protection for sensitive data and transactions and can be shared simultaneously with an application processor that requires lower levels of security.
Digital Right Management (DRM) and content protection standards, such as Digital Transmission Content Protection (DTCP) demand robust security schemes to protect sensitive key information from non-authorized use. The SPAcc-HSM provides specialized access control to key management and application processors and ensures that the security boundaries between the two domains are strictly enforced.
- Single engine shared between application and key management domains
- Secure Key module allows the application system to use keys derived in the secure system without visibility to the key data itself
- Separate clock domains for the two control interfaces and the cryptographic core
- Low gate count and small memory footprint
- Configurable traffic paradigm: shared and virtual modes
- Support for all ciphers, hashes and MAC algorithms used in major protocols such as IPSec, WiMAX, Wi-Fi, 3GPP LTE/LTE-A, SRTP, SSL/TLS/DTLS, MACsec, storage
- Built-in scatter/gather DMA capability offloads system CPU
- Increased throughput through parallel hashing and encryption
- Command and status FIFO depth selection offers interrupt coalescence
- IV import feature – permits DMA of IV with associated payload
- Configurable 32- or 64-bit bus interfaces (AMBA AXI/AHB, others)
- QoS capability allows multiple command priority queues for enhanced traffic management capabilities
- AXI4 Low-Power
- The SPAcc-HSM provides specialized access control to key management and application processors and ensures that the security boundaries between the two domains are strictly enforced. The sharing of cryptographic resources between the two processors allows for significant gate count reduction and smaller memory footprint.
- The SPAcc-HSM can be preconfigured to match exactly the system requirements and has two traffic separation paradigms, shared mode - to allow for a more flexible context allocation during run-time, and virtual mode - to significantly simplify the software implementation side, but with context resources fixed between security domains.
- Verilog HDL
- Sample synthesis script & constraints
- Sample simulation script