Abstract: An improved method for communicating with a data encryption device is described. In accordance with this invention, a data encryption device adapted for providing encryption functions such as data encryption and decryption may be controlled with an inventive signalling protocol which provides two-way, symmetrical messaging. Data encryption messages are sent to a data encryption device with a message packet which includes a start of message character, a token field, a token dependent data field, a token delimiter and an end of message character. Once the requested data encryption function is performed, a response message is generated wherein the response message mirrors the request message with the exception that the token dependent data comprises data which was processed in accordance with the requested function. The method of the present invention is also adapted for loading key information in the data encryption device as well as communicating system status information.

Abstract: A data encryption device with a plurality of data encryption boards for encrypting data is provided. In a preferred embodiment, the data encryption device has a monitor processor connected to a parallel bus. Each data encryption board has a parallel port for connection to the parallel bus and a serial port for connection to a host computer. Each data encryption board operates independently of the other data encryption boards. A plurality of data encryption boards may be connected to the bus. In operation, a host computer sends data to a data encryption board. The data encryption board encrypts the data and sends the encrypted data to the host processor. The monitor processor and the data encryption boards are preferably in the same housing unit with a tamper detection mechanism.

Abstract: An apparatus and method for loading a replacement computer program into a data encryption device having a central processing unit and a memory. The central processing unit is responsive to interrupt requests and operatively connected to a communications port. The memory has memory locations, and is partitioned into a data memory space and a program memory space, with the program memory space being read-only. The replacement computer program has a main entry point, and a load address which is the memory location at which the replacement computer program is to be loaded. When the occurence of an interrupt request, indicating a request to load the replacement computer porgram into the memory, is detected, the execution of a loaded computer program at a memory location is interrupted. Control is transferred to an interrupt routine. The replacement computer program is received through the communications port, and stored in the memory. The replacement computer program replaces the loaded computer program.

Abstract: An improved fault tolerant processor arrangement is described. In accordance with this invention, redundant processors are coupled in parallel in a master/slave configuration wherein means are provided for disabling the respective outputs of the processors. The master processor includes means for generating a periodic pulse which is detected by the slave processor. As long as the periodic pulse is detected by the slave processor, the output of the master processor remains enabled and the output of the slave processor is disabled. If the periodic pulse is not detected by the slave processor, the slave processor disables the output of the master processor wherein the output of the slave processor becomes enabled.

Abstract: An improved multi-channel data encryption system is described. The multi-channel data encryption device of the present invention includes a plurality of data of encryption devices in a single unit wherein each of the data encryption devices are adapted for independent operation. The plurality of data encryption devices are coupled with a data bus wherein encryption key information may be programmed in the plurality of data encryption devices through the data bus. The present invention provides a means for assigning the data encryption devices to predefined groups wherein encryption key information may be simultaneously programmed into encryption devices within the assigned groups, thus eliminating the need for individually programming the data encryption devices.

Abstract: An improved method and system for backing-up secure files in a data encryption unit is described. In accordance with the teachings of this invention, encrypted files are read from the memory of a first encryption device and stored in a temporary location. The encrypted files are then re-encrypted under a predefined encryption key and stored in a removable non-volatile memory device. To restore a file, the re-encrypted files are read from the non-volatile memory device, decrypted under the predefined key and stored in the temporary memory location. The recovered files are then loaded into memory of the first device from the temporary memory location. The present invention further includes means for destroying the contents of the non-volatile storage device upon the detection of tampering therewith.

Abstract: An improved fault-tolerant arrangement for use in a multichannel data encryption unit is disclosed. In accordance with the teachings of this invention, a data encryption system includes a plurality of data encryption devices and a host computer and display system wherein a data bus which couples the host computer and data encryption devices includes first and second power supply lines. Each of the respective data encryption devices includes means for automatically deriving power from either of the first or second power supply lines based on the presence of power thereon. Accordingly, fault-tolerant operation is provided wherein the respective data encryption devices continue operating even in the event of the failure of the host computer.