SAN MATEO, Calif. Two companies unveiled encryption processors at the RSA Conference in San Francisco this week. The Hifn Intelligent Packet Processor from Hifn Inc. integrates packet-processing capability into the company's previously released 7851 chip, and startup Corrent Corp. brought out its first products, the Packet Armor and Socket Armor chip families for handling IPSec and SSL at 1-Gbit/second speeds, with OC-48 (2.5-Gbit/s) and OC-192 (10-Gbit/s) support on the horizon.
Some companies that offer security processors concentrate on raw performance and speed up the complex mathematics used in encryption and decryption. But both Hifn and Corrent emphasized that a security processor has to go further by actually manipulating packets, relieving that function from a network processor or other packet-processing engine.
"There are a lot of holes in there that, if yo u don't get the software quite right, can cause stalls in your system," said Russell Dietz, chief technical officer of Hifn (Los Gatos, Calif.).
The new products from both companies combine encryption and key exchange onto a single chip.
Hifn's 7814 and 7854 chips add public-key encryption capabilities to the packet manipulation that was available on the 7851. The 7814 is the slower of the two, handling IPSec at 200 Mbits/s, while the 7854 can run IPSec at 500 Mbits/s.
The chips also can handle compression, which can bring the processing speeds up to 500 and 700 Mbits/s, respectively. In addition, Dietz noted that four 7854 devices could be cascaded to provide a 2-Gbit/s processor suitable for full-duplex OC-12 (622 Mbit/s) systems.
Separately, Corrent discussed details of two upcoming product families, neither of which is due to ship for several months.
The Socket Armor family, which targets Secure Socket Layer encryption, includes a streaming encryption engine that can operate at speeds from OC-3 (155 Mbits/s) to 1 Gbit/s, and a modulo engine used for creating keys for the RSA algorithm. The two devices will be integrated onto one chip but will also be available separately.
Corrent's other product family, Packet Armor, targets streaming IPSec encryption at speeds of OC-48c (2.5 Gbit/s) full-duplex or OC-192 (10 Gbit/s) half-duplex. Corrent will also offer a version of the chip that integrates the modulo engine, targeting speeds of 1 Gbit/s and lower.
In higher-speed systems, security chips such as Hifn's and Corrent's tend to be located alongside a packet-processing chip such as a network processor. Eventually, executives of both companies say, security will be an in-line function, intercepting all data before it reaches the network processor.
"This generation, everybody's comfortable with the sidecar [approach]. Next generation, we'll go right in-line, right after the PHY [physical-layer device]," said Richard Takahashi, chief executive of Corrent Corp. (Tempe, Ariz.).
The in-line approach is being studied by a few early adopters, however. "We have a customer today that's using [Intel Corp.'s] IXP1200s to do classification, and then right after that is us," Dietz said.
Hifn is sampling the 7814 and 7854 at prices of $130 and $175, respectively, in quantities of 10,000.
Corrent expect to begin sampling chips in the fourth quarter, with volume shipments by early 2002. Prices will range from $250 to $350 each in quantities of 1,000.