Interface Security IP

The MACsec IP provides Ethernet Layer 2 Security for port authentication, data confidentiality and data integrity as standardized in IEEE 802.1AE.
It protects components in Ethernet networks especially high-speed Ethernet used in automotive, industrial, cloud, data center, and wireless infrastructure.
The MACsec IP is a fully compliant solution that provides line-rate encryption and supports VLAN-in-Clear.

Small size: Starting at less than 13K ASIC gates, 1.5 Gbps performance at less than 20K gates
Scalability to throughputs of 128 bits per clock with the capability of parallel cores at throughputs of 100 Gbps and above
Supports Galois Counter Mode Encryption and authentication (GCM-AES a.k.a. AES-GCM)
Includes AES-GCM encryption, AES-GCM decryption, key expansion and data interface

The HDCP 2.3 Embedded Security Modules (ESMs) on DisplayPort are autonomous modules that provide designers with a complete and robust transmitter (TX) or receiver (RX) implementation of the HDCP 2.3 content-protection technology over DisplayPort wired connections, including USB Type-C/USB 3.1.
This solution helps designers shorten development cycles and fully meet the stringent compliance and robustness requirements of the DCP LLC licensing authority.

The Helion DVB LSA Scrambler and Descrambler cores implement the Local Scrambling Algorithm as specified to provide MPEG-2 Transport Stream packet security within DVB Content Protection and Copy Management (DVB-CPCM) compliant systems.
Both cores provide all operations required to scramble or descramble MPEG-2 TS packets, including IV generation using either MSC Data Independent (MDI) or MSC Data Dependent (MDD) mode, and payload protection using either AES-CBC or AES-RCBC cipher chaining modes.

Built on the success of Helion's industry proven cryptographic IP cores, the Helion ESP Engine provides hardware acceleration of the key cryptographic algorithms and packet processing required by the IPsec Encapsulating Security Payload (ESP) protocol.
Its modular architecture provides the flexibility to support only those cryptographic algorithms required for a particular application to provide the optimum logic area and performance trade-off.

Message filters are placed in the middle of a TCP / TLS session to scan application data, and discard unwanted messages and security-issue packets, reducing unnecessary traffic without increasing CPU load or latency.
Unlike filters by IP address or port, which scan the data content and discard or pass through packets, DPI (Deep Packet Inspection) and other methods tend to cause CPU processing load and packet processing delays.

Our SSL/TLS engine accelerates and offloads processing for encryption / decryption and authentication in SSL / TLS by combining our TCP offload and crypt engine.
Since the record layer processing is completely hardware offloaded, the user application can overwhelmingly reduce the CPU load which only needs preparing the data to transfer securely.