Cryptographic equipment implementing red/black communication modes

摘要

The described technology relates to cryptographic equipment which includes an input interface, a red module, a cryptographic module, a black module, and an output interface. The cryptographic module includes a cryptographic unit, which interacts with the red module and with the black module, and a management device, which interacts with the input interface and with either the red module or the black module, but not with both simultaneously. The cryptographic unit and the management device are physically and logically separate from one another and independent, and have an identical protection mechanism capable of protecting the integrity of the management device so as to detect any attempt at tampering.

主权项

1. Cryptographic equipment, comprising:
a first input interface configured to interact with the cryptographic equipment and share sensitive or non-sensitive information sequentially; a red host domain configured to process sensitive information; a cryptographic domain connected to the red host domain by a first upstream internal link and configured to apply cryptographic functions; a black host domain connected to the cryptographic domain by a first downstream internal link and configured to process non-sensitive information; an output interface connected to the black host domain by a first interface link and intended to manage information sharing from the cryptographic equipment; and a second input interface connected to the red host domain, wherein the first input interface is configured to form a first secured connection with the output interface, wherein the second input interface is configured to form a second secured connection with the output interface, wherein the first and second secured connections are different and are arranged in parallel, wherein the cryptographic domain includes:
a cryptographic unit comprising a cryptographic processing circuit which interacts with the red host domain through the first upstream internal link, and with the black host domain through the first downstream internal link, and wherein the cryptographic processing circuit is configured to process the sensitive information using the cryptographic functions, anda management device comprising a management processor configured to interact with the first input interface through at least one second interface link and with either the red host domain through a second upstream internal link, or the black host domain through a second downstream internal link, but not with both simultaneously, wherein the management processor is further configured to orient the sensitive information between the first input interface and the second upstream internal link, or the non-sensitive information between the first input interface and the second downstream internal link, without the non-sensitive information passing through the red host domain, wherein the cryptographic unit and the management device are physically and logically separate from one another and independent, wherein the cryptographic unit and the management device include identical protective housings configured to: i) protect the integrity of the management device and ii) detect any tampering attempt, and wherein the management device further comprises:
a bidirectional switch simultaneously connected to the second upstream internal link, the second downstream internal link, and at least one second interface link, the bidirectional switch being configured to link the first input interface either to the red host domain or to the black host domain, but not both simultaneously, anda bidirectional switch controller connected simultaneously to:
the bidirectional switch, andthe first input interface, wherein the bidirectional switch controller is configured to: i) receive a selection instruction for controlling the bidirectional switch according to a selected operating mode, and ii) inform the user of the current operating mode.