SafeXcel™-5160 Enterprise Security Processor
The Most Cost Effective Security Processor for Gigabit Class SME Appliances

The SafeXcel-5160 is a high-performance enterprise security processor specifically designed for OEMs building security appliances for the Small and Medium Enterprise market. The processor is primarily targeted at VPN gateway appliances with bandwidths of at least OC3/STM-1 rate.

The SafeXcel-5160 integrates an industry-standard 32-bit RISC processor with a unique inline security packet engine and flow processor. The SafeXcel-5160 achieves 310 Mbps IPsec throughput with 64-byte packets, and 600 Mbps IPsec throughput with average-size and larger packets. The SafeXcel-5160 is fully compatible with SafeNet’s SafeXcel-5140 and SafeXcel-5150 Enterprise Security Processors and provides OEMs an easy migration path in building higher-performance appliances.

State-of-the-art security and networking features
The SafeXcel-5160 is a unique product, designed to provide superior security functionality, performance, and cost advantage to the SME market. While the SafeXcel-5160 provides hardware implementations for 3DES, AES, SHA-1, MD5, random number generation, and public-key acceleration, the SafeXcel-5160 also features packet filtering and flow processing, NAT, NAT-T, NAPT, IPsec and Secure Realtime Transport Protocol (SRTP) processing, as well as SHA-256, AES Galois Counter Mode (GCM), AES-XCBC-MAC-96, and Extended Sequence Numbers.

Line-rate small packet throughput
As high bandwidths become more widely available to SMEs, the SafeXcel-5160 processor is precisely delivering the throughput levels this market requires, ranging from 310 Mbps for small packets to 600 Mbps for average-size and larger packets. While existing security-enabled processors can handle large IPsec packets at reasonable data rates, they often perform very poorly when it comes to processing small packets. In contrast, the SafeXcel-5160 chip excels at all packet sizes and maximizes headroom on the embedded processor.

Cost Effectiveness
SMEs are looking for powerful yet economical networking security appliances. With a sub-$80 price tag, the SafeXcel-5160 is the most cost-effective security processor in its performance class – dramatically improving material cost and margins for networking equipment OEMs.

Integration and Time to market
The SafeXcel-5160 chips are pre-integrated with SafeNet’s QuickSec Unified security platform to provide a complete, proven hardware/software security solution. This pre-integration significantly reduces design and integration cycles, resulting in accelerated time to market and reduced project cost for OEMs.

Features
The SafeXcel-5160 provides hardware implementations for 3DES, AES, SHA-1, MD5, random number generation, and public-key acceleration. The enterprise security processor also features packet filtering and flow processing, NAT, NAT-T, NAPT, IPSec and Secure Real-time Transport Protocol (SRTP) processing, as well as SHA-256, AES Galois Counter Mode (GCM), AES-XCBC-MAC-96, and Extended Sequence Numbers.

Power Reduction
Power consumption is a major concern among system designers as it affects total system cost, density, and performance. The SafeXcel-5160 reduces system power requirements in two significant ways: first by replacing a 2-chip solution with a single chip, and second by providing dedicated IPSec packet processing hardware, which is substantially more power-efficient than using a general purpose processor.

Complete Security Solution
The SafeXcel-5160 Enterprise Security Processor is a key component of AuthenTec's fully integrated security solutions for OEMs in telecommunications, SME, SOHO, and Semiconductor markets. AuthenTec products include QuickSec security software, SafeXcel hardware security processors and silicon-proven semiconductor IP.  This complete security platform enables vendors to build complete network security solutions while reducing total cost and time to market.

AuthenTec offers a Software Driver Developer's Kit (DDK) containing:
• Generic platform independent Driver Libraries, header & make files, test code, test applications and example drivers for x86/Linux 2.6.x platforms
• Extensive documentation set
• The DDK facilitates the software developer in easy porting to other platforms and software development
• The DDK supports integration with AuthenTec QuickSec toolkits

Benefits
• Precisely designed for SME applications
• Line rate performance across all packet sizes
• Full data plane offload for IPsec
• Maximized processing headroom on CPU

Features
• Embedded CPU
• ARMv4-compliant 32-bit RISC
• 450 MHz clock frequency
• 32 Kbyte data cache
• 32 Kbyte instruction cache
• Data Plane Security
• IPsec
• SRTP
• DES, 3DES (ECB, CBC)
• AES (ECB, CBC, CTR)
• AES-Galois Counter Mode
• MD5, SHA-1, SHA-256
• HMAC
• AES-XCBC-MAC-96
• Pseudo Random Number Generation
• Control plane security
• True Random Number Generation
• AES-XCBC-MAC-PRF
• Public Key Acceleration
• IPv4, IPv6 support
• 9KB Jumbo frame support
• NAT, NAT-T, NAP-T support in hardware
• Firewall support in hardware
• Timer
• Interrupt controller
• Realtime clock

Performance
• Data plane: full-duplex 155 Mbit/s throughput for 64-byte packets (aggregate throughput 310 Mbit/s)
- Full-duplex 300 Mbit/s throughput for 350-byte and larger packets (aggregate throughput 600 Mbit/s)
• PKA: 96 1024-bit exponentiations/sec, without use of CRT

Interfaces
• PCI-X v1.0b, 66 MHz / 133 MHz, 32-bit / 64-bit, initiator and target mode, Backward-compatible with PCI v2.2 (33 MHz / 66 MHz)
• Flash/SRAM memory
• 32-bit DDR, 150 MHz
• Dual MII/GMII
• 10/100/1000BASE-T MACs
• 802.11Q VLAN tag update/retrieve
• Wake-on-LAN
• UART
• I2C
• 8-pin GPIO
• USB 2.0 On-the-Go

Electrical
• Core voltage: 1.2V
• DDR I/O voltage: 2.5V
• Other I/O voltage: 3.3V / 5V-tolerant
• Power consumption: 2 watts

Package
• 502-pin BGA

Tightly integrated with QuickSec IPSec Toolkit, the 5160 processor offers the best cost advantage in the market today.