Aiming to accelerate virtual private networks, chipmaker Hi/fn is shipping an encryption processor that combines compression, encryption, and authentication on a single chip.
The security chip, called 7711 Encryption Processor, is designed for routers and other networking equipment to compress and encrypt data without using the device's main processor, thus improving performance and keeping data moving faster.
Ascend Communications is already using the new chip, which was available in test quantities in October, in its Max 6000 remote-access concentrator. 3Com is adding the 7711 processor to its NetBuilder router as an add-on dual processing engine (DPE) to give companies virtual private network capabilities and better performance on their existing networks.
Using a separate chip to compress and encrypt data lets a device handle more concurrent sessions and provide VPN capabilities.
"Our chip increases throughput and the fastest encryption available," said Steve High, Hi/fn's director of marketing communications. "Instead of running on the main CPU of the router, encryption and compression are done on our chip. That allows performance to keep up."
Other chips can encrypt or compress data and can be used in a multichip set or as a hardware/software combination, in part because encryption algorithms run faster on a chip than in software. Atalla, for example, a unit of Tandem/Compaq, offers an encrypt/decrypt chip designed for handling Internet card payments using the Secure Electronic Transactions (SET) protocol.
But putting those functions on a single chip results in higher performance, which is important for companies leasing high-speed T1 or T3 lines that want to get the full use of the bandwidth. Otherwise that bandwidth is reduced because a router can't keep up when it's both compressing and encrypting data. Hi/fn is targeting routers, other network devices, and VPNs as applications for its chips.
Larry Howard, vice president and analyst at Infonetics Research noted that a commonly used encryption algorithm, Triple-DES, requires 50 to 100 times more processing power than straight IP routing. For that reason, he said, hardware-based VPN solutions provide a critical performance advantage.
Hi/fn's 7711 combines seven compression, encryption, and authentication algorithm engines on a single chip: Lempel-Ziv-Stac (LZS) and Microsoft Point-to-Point Compression (MPPC); DES, Triple-DES, and RC4 encryption; and SHA and MD5 authentication. It also supports the IPSec, SSL/TLS, PPP, and PPTP networking protocols.
A free 7711 reference design kit is available for manufacturers of routers, switches, remote access concentrators, and other network equipment to integrate the chip into their products. The 7711 costs $58 in quantities of 10,000, comes in a 144-pin TQFP package, and is pin-compatible with Hi/fn's 9711 compression coprocessor. It operates on a 3-V supply with a typical power dissipation of 0.5 W, and all input and output pins are 5-V tolerant.