Crypto processors are specialized processors that execute cryptographic algorithms within hardware. Functions include such things as accelerating encryption algorithms, enhanced tamper, and intrusion detection, enhanced data, key protection and security enhanced memory access and I/O.
Crypto processors aren’t new. First used in military applications, they came into commercial applications in the mid-1980s when IBM’s 3480 was outfitted with them, and they have been used in ATM and banking applications to secure transactions. In the last 10 or so years, scaled-down versions have been showing up in consumer devices such as smart cards, SIM cards, cellular radios, set-top boxes, automobiles, game consoles, etc.
A crypto processor offers several distinct advantages. First, it can offer strong protection of IP. Second, it offers better protection of key data than simple storage encryption. Third, it offers protection against vulnerability exploits. This is accomplished by integrating the typical security functions, which are in software layers on top of standard processors, into the hardware layers.
They can be integrated into SoCs or FPGAs, depending upon the desired function. They also can be integrated using a hybrid approach, whereby a standard processor is used and dedicated IP other crypto algorithm blocks are implemented in the hardware. And there is a trusted platform module, as well.
For example, there is a type of crypto processor referred to as a double encryption device. This rendition offers the ability to protect both the running programs and the data by encrypting both the data and address locations. It places a security blanket of encryptors and decryptors between the processing elements, data storage, and I/O subsystems. All information is decrypted within the secure blocks of the processor and then encrypted before it is stored in memory or sent to an I/O operation. It has the ability to hardwire the keys. This means they can be “zero-ized” and become virtually invisible to the outside world.
It also contains both secure and unsecure I/O channels. The unsecure channels are used for routine I/O operations and maintenance while the secure channels are used for transaction and sensitive data routing.