Multi-level independent security architecture

摘要

A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.

主权项

1. A system, comprising:
a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes a first data packet having a first classification level, the first data packet comprises a tag that identifies one of the levels of security classification, and the security device comprises a plurality of cryptographic modules, each cryptographic module dedicated to perform security processing for only one of the different levels of security classification, and each cryptographic module comprising at least one processor configured to perform the security processing; a multiplexer configured to route the first data packet from one of the data input ports to one of the cryptographic modules based on the tag, the multiplexer comprising at least one field-programmable gate array programmable to support different interface protocols; at least one memory to store a plurality of key sets; a key manager configured to select, via the at least one memory, a first set of keys from the plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data packet; and a common encrypted data storage, coupled to receive the encrypted first data packet from the security device for storage.