This invention relates in general to encryption/decryption devices and more specifically to a decryption device capable of handling multiple independent data streams in a time-multiplexed fashion.
As information is increasingly handled in digital formats it becomes ever more important to provide security safeguards for these formats. For example, digital video has very demanding requirements in the need to restrict access. Formats such as the IEEE 1394 Standard for isochronous data transfer, Motion Picture Experts Group (MPEG) standards and high-definition television (HDTV) standards along with access, transfer and processing standards as promulgated by such organizations as Digital Transmission Licensing Administrator (DTLA—see, e.g., www.dtca.com) have imposed performance levels for devices using encryption and decryption on standardized digital formats. Because of the complex nature of encryption and decryption processing, and the extremely high bandwidth requirements of digital video, it is difficult to design circuits that can meet all of the requirements.
FIG. 1A shows a prior art encryption/decryption device.
In FIG. 1A, a data stream, such as an IEEE 1394-compliant data stream 10 is input into the left side of the device's circuitry as “chunks” of 64-bit words. Key 12 can be a variable-length word that is also input into the device as shown in FIG. 1A. The device includes several stages where each stage includes an exclusive or (XOR) 14 function followed by an addition operation 16. This process is repeated for a total of five stages as shown in FIG. 1A. At the end of the fifth stage, the result from adder 18 is looped back to the input of XOR 14.
Each cycle through the five stages completes a “round” through the device. Typically, multiple rounds are required. For example, a device may require ten rounds before either the encryption or decryption function is complete for the respective word.
This design can be referred to as a “circular arrangement” of multiple “processing stages.” Each processing stage, such as 14 and 16, are arranged so that the output of a preceding stage is fed to the input of a succeeding stage. In other words, processing stage 14 performs its XOR operation on a data word and then passes the result to processing stage 16 where an addition is performed. In this case, since the application is an encryption or decryption device, each stage also is provided with the key and each operation is a two-operand operation.
Note that applications other than encryption and decryption may use similar architecture.
It should be apparent that the ten rounds of processing through five stages where each stage includes multiple operations represents many cycles of processing for just a single 64-bit word. Naturally, a video stream is made up of many millions, trillions, or more, words of data that need to be processed in this multi-round manner.
Typically, the encryption process starts and ends at the boundary of a block of data. The block of data is called an “encryption frame.” Processing of a next encryption frame can only commence after completion of processing of a current frame. In other words, it is not possible to interleave the processing of encryption frames. This means that a prior art approach, such as shown in FIG. 1A, does not allow for efficient concurrent processing of multiple data streams.
To further complicate efficient encryption/decryption of streams, it is typical in digital video applications that encryption frames are arbitrarily split into smaller data blocks. These data blocks can then be transferred over a communication link over varying periods of time and with varying intervals between block transmissions. This means that the start and end of an encryption frame of one data stream does not necessarily align with the frame from another stream. For this reason, the circuit of FIG. 1A is dedicated for real-time processing of a single data stream. To handle a second stream, another similar circuit would have to be employed.
FIG. 1B shows a time line where two prior art circuits of FIG. 1A are used.
In FIG. 1B, two input streams are processed as stream A and stream B. Each stream must be independently processed with two separate encryption circuits. The need for two circuits increases the complexity and size of the hardware necessary to process two streams, rather than just a single stream.
Stream A and B have frames divided into multiple blocks denoted as, for example, A0, A1, A2, etc. To complete the encryption/decryption of block A0 into block A0′, block A0 and parts of block A1 are used. If there is a pause in reception of block A1 then the circuit must wait until block A1 is received to complete processing for block A0′.
The uninterruptible and serial processing of the device of FIG. 1A means that it is not possible for the device to process data from stream B when it is currently processing the encryption frame of stream A.
Thus, it is desirable to provide an invention that improves upon the prior art.