By the end of eighties - beginning of nineties the development of Russian microelectronics allowed to develop and produce 32-bit universal microprocessors, which was the decisive factor for a new approach to the creation of data encryption hardware. Instead of a special-purpose computer it was possible now to produce a single-board coder exceeding in technical characteristics. The computing heart of this board is a cryptoprocessor with a microcomputer architecture and RAM volume enough to ensure the encryption algorithm operation.

Standard structure of a cryptoprocessor is shown in Fig.1. The main data processing unit is the operational unit (OU), consisting of RAM for storing the key data, the buffer registers (R1,R2) and the processed data accumulators, arithmetic and logic unit, shifter and the exchange node. Input/output unit provides for combined loading, processed signals output through byte input and output external buses. The control unit ensures the formation of external exchange signals and OU control via decoder according to the microcommands read from ROM. This architecture is typical a BLOOMING series cryptoprocessor. The differences among them are determined by the conditions of their use, as well as by the state of the Russian microelectronics industry.

ANCUD Ltd. Company designs cryptoprocessors and cryptoprocessor-based hardware, the work of the Russian company being organised on the western principles of modern management and marketing. The company design engineers have developed two more criptoprocessors - BLOOMING-2 and BLOOMING-1K.

The development of BLOOMING-2 LSI cryptoprocessor was directed towards the adjusted production of high-scale integration CMOS IC with two-layer metallization and 2.5 mm design topology standards. This LSI had marked superiority over BLOOMING-1 IC due to its electrical parameters, additional special encryption modes, built-in four-key three-level system, greater volume of microcommand matrix ROM for the additional functions and modes based on GOST 28147-89. The development of electric circuit and topology had already been finished by the end of 1992, but the first functioning prototypes were ready only in the middle of 1997 because of slowing down in the development of the technological base brought about by the general economic crisis in the country and insufficient financing. The complications connected with two-layer metallization technology led us to safeguard ourselves - to make a change for a more stable one-metal basic CMOS technology, and in this connection in March of 1994 ANCUD started initiative design work on BLOOMING-1K cryptoprocessor and in December 1995 finished it, producing the first microcircuits.

The advantage of the developed microcircuit was that it exceeded in its functional and speed characteristics BLOOMING-1 cryptoprocessor, which had been used in cryptographic data protection hardware since 1991. The percent of product yield obtained from the very first slice batch was economically well-grounded for the product manufacturing. The analysis of BLOOMING-1K dynamic and static characteristics showed high level of coincidence of the expected calculated parameters of the model with the obtained microcircuit parameters. The study of temperature dependencies confirmed that it could be used in the extended temperature range hardware, covering both commercial and military applications.

BLOOMING-1K cryptoprocessor is 1.03 MByte/s. At the same time the analysis has shown that decreasing the technological design standards to 0.5 mm, using three-layer metallization and as a result increasing the value of clock frequency up to 50-60 MHz and more will lead to the increase of the encryption speed up to 3-5 MByte/s. Existence of complete and well-designed models of cryptoprocessors conforming to the Russian encryption standard gives confidence that reaching a new technological level and considerable increase of speed characteristics is now not a scientific and technical problem, but just a technical operation, which with enough financing can be fulfilled in short time.

The creation of its own special component base built on Russian developments, high technological design level, continuous product improvements allowed ANCUD to take a confident position on the market, surpassing the alternative projects of producing computer security and data protection hardware for Russian computer and financial communication systems.

The main difficulty of Russian computer system protection is that its software and hardware in considerable degree is borrowed from and produced abroad. Certification and attestation of these systems’ components is a very labour-consuming process. While each system is being attested, generally not one but several versions of the system or its separate elements are brought to the market. All computer systems are used data processing which is the main value of the system.

Data protection in the system is made up of: ensuring data integrity, limitation and authorisation of access to information, protection of data from deleting.

Processing data any computer system uses standard and special hardware and software. Application specific system components using cryptographic protection methods provide for information integrity and access authorization. All set of functions carried out by the computer system shall be known in advance and not change during operation.

In other words, the following must be ensured:

• system integrity at the time of loading;

• system integrity during operation.

The system as a whole and its each component shall be attested, it means that: a set of performed functions shall be determined, finitude of this set shall be proved, properties of all functions shall be determined. A data protection system is built upon the operating system (OS) capabilities known to the designer, complete knowledge of all OS capabilities being needed for designing a reliable computer system. At present Russian design engineers have complete knowledge of only one operating system - MS DOS. Therefore it is the use of protected components operating under MS DOS that can guarantee not expensive and efficient network protection.

For other operating systems computer system protection shall be ensured by means of:

• using special certified hardware and software carrying out a number of finite protected operations and playing the role of special security module,
• isolating from criminals unprotected computer environment, its separate part or process.

Russian computer system protection components designed by ANCUD include the following: cryptographic data protection devices, smart card controllers, CRYPTON-VETO unauthorised access protection hardware-software system, electronic signature and encryption programmes, encrypting communication modules, cryptorouters.

The device can also make the software integrity check before OS loading.

The most important features of the board are the following:

• master keys loaded before the OS, which makes their interception impossible;
• cryptographic functions are performed inside the board, which makes their substitution or distortion impossible;
• hardware random-number generator.

SCAT 200 smart card controller is introduced into a cryptographic data protection device or a computer RS 232 interface, its functions are: writing/reading data on/from a smart card, encryption compliant with GOST 28147-89 and DES, storing of secret keys ( CRYPTON-4 board does the same), random-numbers generation, PIN-pad code dialling.

CRYPTON-VETO unauthorised access protection hardware-software system is intended for a PC protection with 386 and higher processor, operating under MS DOS 5.0 and higher, Windows 3.1, Windows 95. The system limits the number of computer individual users and their access rights. The system realisation is based on logical disks “transparent” encryption technologies compliant with GOST 28147-89 algorithm and electronic digital signature compliant with GOST 34.10/11-94. The system’s main hardware component is mass produced CRYPTON-4 board. The system is supposed to have a security system Administrator who manages the interaction among the controlled resources: users, programmes, logical disks, files (discrete and mandatory access), printer, disk drives.

CryptonArcMail programme is intended for protection of the document files transmitted through the circuit. It allows to organise protected data exchange amomg:

• separate users (rooms, individuals, etc.),
• different subdivisions (departments, etc.),
• different administrations (departments), etc.

The system can compress documents, make authorship authentication, it ensures the documents integrity and confidentiality of transmitted data.

CryptonSoft v.1.2. is a PC system for document files protection. CryptonSoft v.1.2. does the encryption of files compliant with GOST 28147-89 (symmetric archive and net methods); electronic digital signing of files; coping, moving, renaming, deleting files directly from the programme shell. Protected interaction between separate computers of both one and several network segments can be organised by means of encrypting communication drivers. The protection can be made stronger by means of cryptorouters, separate devices incorporating a cryptographic data protection device.

ANCUD working under the Government licences does the whole range of work from designing the component base and electronic software and hardware to the mass production and realisation of data protection devices through the arranged cooperation system with other Russian producers.

Hardware and software data protection devices designed by ANCUD realize the encryption and electronic signature algorithms compliant with Russian standards GOST 28147-89 and GOST R 34.10/11-94. The main products of ANCUD have been certified by FAGSI (Federal Agency of Government Communication and Information), by the Presidential Government technical committee, Ministry of communication of the Russian Federation (now- The State committee on communication and informatization). The names of the CRYPTON series devices are ANCUD’s registered trade marks.

The main consumers of ANCUD products are both the state organisations (The Russian Federation Central Bank and its regional divisions, FAPSI, Armed forces ministries and departments), and the commercial structures ( including the major commercial banks - Zberbank, UneximBank, etc.). ANCUD is marketing its products throughout the country - not only in the Moscow region where the state governing organs and the majority of the banking capital are concentrated, but also in more than 60 regions of Russia.