The ICE-IP-63 (EIP-63) is a scalable high-performance, multi-channel cryptographic engine that offers AES-GCM operations as well as AES-CTR and GMAC on bulk data. Its flexible data path is suitable to scale from 100 Gbps to 2.4 Tbps to provide a tailored engine with minimal area for your application. The FIFO-like data interface makes it possible to perform frame processing for many different protocols, including MACsec, IPsec, and OTN security. The time-sliced processing architecture makes it possible to alternate data processing for different channels or tunnels simultaneously. Block switching can be done with a granularity of a single clock cycle. The engine is also designed to support FIPS vector processing.
The ICE-IP-63 is designed to support multiple use cases, including:
ICE-IP-63 is a packet-processing engine and contains input/output packet interfaces and interfaces intended for supplying key material.
Before cryptographic packet processing can start, the Host CPU must transfer the key material to the engine. The packet processing mode (bypass, encryption, authentication, direction, IV) is provided on a per packet basis.
After processing, the ICE-IP-63 engine outputs the result packet as well as ICV (if authentication is enabled).
The external system is responsible for the following items:
The ICE-IP-63 engine detects the following data path exceptions:
The ICE-IP-63 engine is ready for FIPS certification. This can be done by providing the FIPS CAVP validation vectors through the packet interface and performing the required transformations.
The following transformations are supported:
The ICE-IP-63 engine has a scalable number of processing pipes and channels. It is available in different configurations, suitable for different applications to meet different gate count and throughput objectives. Available configurations scale from:
File encryption, file system encryption and full disk encryption (FDE) are methods offered by the industry to allow users to protect their data stored on non-volatile storage devices, such as Solid State Disks (SSD). The main feature of FDE is to protect stored system and user date from unauthorized reading, writing, alteration, moving or rolling back. However, extended security features are key to securing FDE implementation.
Frame Processing Modes
Low Latency with Zero Variation
Control Plane Interface
External Memory interface