SafeNet, The Foundation of Information Security
 
 
Language: English English Japanese Chinese Chinese Spanish Portuguese
sample image
SafeXel - 1842
Customized solutions from world-renowned designers.

SafeXcel 1842 - High-Performance Security Co-Processor

The SafeXcel™-1842 is a highly integrated, high speed network security co-processor targeted to VPN applications in mid-to high-range network devices and appliances. With the SafeXcel-1842, host processors off-load packet processing and Public Key computations, thus optimizing overall system performance.

Overview

Designed for the VPN Appliance Market and Optimized for IPSec
With the acceleration of VPN performance in mid-to high-end network devices and appliances as a design focus, the SafeXcel-1842 security co-processor provides powerful and efficient IPSec processing. By accelerating only the critical and processor-intensive security functions, it delivers an excellent value proposition for manufacturers in the VPN appliance market.

The SafeXcel-1842 also accelerates the algorithms used to implement SSL VPNs, allowing for the creation of multi-functional security appliances with a single security co-processor.

Efficient Data, Control, and Management Architecture
The SafeXcel-1842 incorporates separate interfaces for data, control and security association (SA) database access, enabling fast packet processing and highly efficient control of SA management systems. It also incorporates convenient and common hardware interfaces, supporting PCI-X, SPI-3, and S/DRAM memory interface capabilities to ensure easy integration with the widest variety of network and host processors, such as IBM NP4GS3, Intel IXP 2400, and Agere APP5xx.

Complete VPN Security Features
The SafeXcel-1842 incorporates a complete suite of security features in hardware, including:

  • IPSec, ESP, and AH transforms
  • Basic encrypt/decrypt and hash operations
  • SSL, TLS, and MPPE cryptographic operations

Core algorithms are supplied in the SafeXcel-1842, along with the surrounding protocol handling, including header insertion and stripping. The hardware includes several features unavailable with other competitive chip solutions including:

  • ESP header insertion/validation, including SPI and replay counter processing
  • Full AH 'mutable bit' processing, including IPv4 options fields and IPv6 extension headers
  • HMAC ICV validation on inbound packets
  • Automatic IV generation and insertion
  • ARC4 key replication, key scheduling, and MPPE-specified key update

Power, Flexibility and High Assurance
The SafeXcel-1842 offers design flexibility with a variable-rate public key operations clock that allows trade-offs between public key processing speed and power consumption. As part of SafeNet's commitment to high assurance design, the SafeXcel-1842 chip is outfitted with FIPS compliant cryptographic algorithms - allowing our customers to achieve FIPS 140-2 certification for their appliances.

Gigabit Throughput
The SafeXcel-1842 achieves high throughput with fast core processing engines and an integration strategy carefully designed to remove performance bottlenecks. A hardware-enabled Descriptor Ring, located in the on-chip Dual-Port Memory, controls packet movements. This allows asynchronous processing between the Host and the SafeXcel-1842. Descriptor Ring processing allows multiple packets to be queued for processing, thus avoiding "starving" of the SafeXcel-1842.

An on-chip DMA controller intelligently allocates the packet requests among the multiple packet engines. Each packet engine contains dedicated core crypto and hashing engines, allowing them to work independently. Each engine also contains its own pair of 2K-byte packet buffers, providing efficient burst transfers of data.

Two high-speed host bus interfaces (PCI-X and SPI-3) support efficient data paths to the chip. As a result the SafeXcel-1842 design supports full-duplex OC-24 when processing IPSec with the worst case algorithms (Triple-DES and SHA-1) and 1500-byte packets.

Security Software Toolkits

QuickSec Toolkit
Customers deploying the SafeXcel-1842 can reduce development time by licensing SafeNet's proven QuickSec Toolkit. Unique in the security market, the QuickSec seamlessly interfaces with any SafeXcel security processor and configures for any combination of host processor and operating system. Capable of taking full advantage of the features in the SafeXcel-1842, QuickSec also provides a rich suite of commands for IKE and key management features while transparently providing a path for future upgrades of software and hardware.

The QuickSec Toolkit leverages SafeNet’s track record and experience in developing IPSec / IKE / X.509 solutions to the leading vendors in the industry. It provides application-specific, high-value network access features, allowing quick time to market with guaranteed and proven interoperability.

The QuickSec Toolkit implements the following for Access Networks:

  • IPSec security layer functionality:
    - IPSec packet layer
    - IKE authentication protocol
    - X.509 certificate based authentication
  • TCP/IP firewall
Arrow Contact Us
Request Information
Technical Support
General Contact
Find a Partner
 
Related Links
Related Documents
     Company | Site Map | Privacy Statement | Contact Us | Send Feedback | Terms & Conditions of Sale
     © 2008 SafeNet Inc. All rights reserved. | Use of this website signifies your agreement to the Terms of Use.