Trends in the communications market have clearly defined the need for security for both commercial and military markets. As communications systems become more sophisticated with complex communication services and capabilities, it is important to keep information secure. One of the problems with secure communications equipment is providing control of the system while allowing flexibility within the controlling apparatus.
Hardware implementations for controlling secure communications equipment are commonly difficult to design and expensive to manufacture. The manufacture of secure hardware often requires special semiconductor foundries which operate in an expensive, high security environment. Another problem with hardware implementations of secure communications equipment is the difficulty in reconfiguring the hardware. Typical hardware implementations are difficult to reconfigure and reprogram when equipment must perform various functional activities in a non-homogeneous communications environment.
Software implementations which control secure communications equipment are typically not considered as secure as hardware implementations because of the accessibility of the software. Another problem with software implementations is that concurrent processing of multiple programs results in performance loss due to program swapping in a secure operating system.
Typically, in existing secure systems, when a controller for a secure system is implemented as an operating system (OS), performance is degraded and re-establishment of process and data are not assured after a context switch. Additionally, most OSs for secure systems are single threaded programs which sequentially allocate computer resources from one process to another process. Context switching between programs is commonly accomplished by stopping a first process and starting a second process. To achieve adequate processing and security performance when performing a context switch, the OS must balance speed, context separation, and process separation.
Multi-tasking OSs generally provide some assurance that computer resources used by a process do not effect the operation of other programs. Memory management systems implemented in both hardware and software are typically used to isolate programs and data. However, multi-tasking OSs do not typically provide the high assurance process and data separation needed in cryptographic processing systems.
Additionally, OSs generally do not provide any method to verify the re-establishment of the context associated with a process. In cryptographic processing systems, proper re-establishment of the context for a process is essential to system security. When the context for a process is re-established incorrectly, loss or corruption of data and programs may occur thereby compromising the security of the overall system.
Thus, what is needed are an improved cryptographic controller and method suitable for use in cryptographic systems. What is also needed is a cryptographic controller and method which are programmable and capable of performing various and changeable communications functions. What is also needed is a cryptographic controller and method which provide a high security component with limited accessibility. What is also needed is a cryptographic controller and method which rapidly and securely switches programs and context for each data unit processed.