SYSTEM-ON-CHIP DATA SECURITY APPLIANCE AND METHODS OF OPERATING THE SAME

摘要

System-on-chip data security appliance (“SoC-DSA”) and methods of operating the same. In one embodiment, the SoC-DSA includes data security mechanisms enclosed within a protected boundary of a single chip. In some embodiments, isolation and access control features are hidden within an on-chip field-programmable gate array (“FPGA”). The isolation and access control features can be implemented such that they are not visible to or alterable by software executing on the processing cores of the SoC-DSA, which provides for continued data security even in the presence of software exploitation, such as a malicious implant, that otherwise compromises data security in software-only systems. The SoC-DSA can be used to enhance data security in existing data security devices and protocols, such as high assurance guards (“HAG”) and can be used to create new types of security devices, such as devices enforce alternative human data interactions (“HDI”) models.

主权项

1. A system-on-chip data security appliance (SoC-DSA) comprising:
a single-chip device defining a protected boundary co-incident with a boundary of the single-chip device; a first communication interface; a second communication interface; an electronic processor located within the protected boundary; a cryptographic component located within the protected boundary; a data transfer control component located within the protection boundary; and memory located within the protected boundary, the memory storing data, wherein the electronic processor is configured to perform at least one of encrypting and decrypting data appearing on the first communication interface using the cryptographic component and subsequently perform, based on data stored in the memory, at least one of dropping, modifying, and transferring the data to the second communication interface using the data transfer control component.