Caching DES, PKA, and AES keys

The CCA software for the 4767 keeps copies of recently used DES, PKA, and encrypted (not clear text) AES keys in caches inside the secure module. The keys are stored in a form that has been decrypted and validated, and is ready for use. If the same key is reused in a later CCA request, the 4767 can use the cached copy and avoid the overhead associated with decrypting and validating the key token. In addition, for retained PKA keys, the cache eliminates the overhead of retrieving the key from the internal flash Erasable Programmable Read Only Memory (EPROM) memory.

As a result, applications that reuse a common set of keys can run much faster than those that use different keys for each transaction. Most common applications use a common set of DES keys, PKA private keys, and encrypted AES keys, and the caching is effective in improving throughput. PKA public keys and AES clear keys, which have little processing overhead, are not cached.