CN103400087A - Multi-interface encryption board card - Google Patents
Multi-interface encryption board card Download PDFInfo
- Publication number
- CN103400087A CN103400087A CN2013103445074A CN201310344507A CN103400087A CN 103400087 A CN103400087 A CN 103400087A CN 2013103445074 A CN2013103445074 A CN 2013103445074A CN 201310344507 A CN201310344507 A CN 201310344507A CN 103400087 A CN103400087 A CN 103400087A
- Authority
- CN
- China
- Prior art keywords
- interface
- processor
- data
- memory
- board
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a multi-interface encryption board card, and belongs to the technical field of encryption board cards. The multi-interface encryption board card is high in universality. Three kinds of interfaces, namely the CPCI interface, the USB interface and the RS232 serial interface, are externally reserved to conduct encryption and decryption operations. A user can choose one interface according to an existing interface of a system and the requirements. The encryption and decryption speed of hardware is high due to a selected chip, indexes like the starting time of the existing system are not influenced, and the user can not realize that data have been encrypted.
Description
Technical field
The present invention relates to densifying plate card technique field, be specifically related to a kind of many interface cipherings board.
Background technology
The Weapon Control Equipment of missile fire control system is the important component part of missile fire control system, mainly completes reception and the processing of target indication information, carries out the functions such as emission of routeing, guided missile distribution and control guided missile.These functions are mainly to be completed by the core algorithm on the Weapon Control Equipment computing machine,
In order to strengthen the protection to core algorithm, need by certain measure, core algorithm to be encrypted, meet the anti-requirement of stealing of core technology.
Therefore be necessary to design a kind of encryption board of many interfaces, to meet the encryption and decryption demand of data, make the user to select the corresponding interface of encrypting on board to carry out encryption and decryption according to the interface case on equipment.
Summary of the invention
(1) technical matters that will solve
The technical problem to be solved in the present invention is: how to design a kind of many interface cipherings board, make the user to select the corresponding interface of encrypting on board to carry out encryption and decryption according to the interface case on equipment.
(2) technical scheme
In order to solve the problems of the technologies described above, the invention provides a kind of many interface cipherings board, comprise: first interface conversion chip, the second interface conversion chip, first memory, second memory, the first processor that is connected with first memory with described first interface conversion chip respectively, and the second processor that is connected with second memory with described the second interface conversion chip respectively, and described first memory is connected with second memory, wherein
Described first interface conversion chip has the RS232 serial ports, after for the TTL serial ports level data-switching that will come from described first processor, becoming RS232 serial ports level data, export, perhaps, send to described first processor after will becoming TTL serial ports level data from the RS232 serial ports level data-switching of outside input;
Described first processor has USB interface, after being encrypted from the data of described first interface conversion chip or the USB interface of himself input, be sent to described first memory, after being decrypted, the data that perhaps, will come from described first memory export by described first interface conversion chip or the USB interface of himself;
Described the second interface conversion chip has the CPCI interface, after for the SD interface data that will come from described the second processor, converting the CPCI interface data to, export, perhaps, send to described the second processor after will converting the SD interface data to from the CPCI interface data of outside input;
Described the second processor is sent to described second memory after being encrypted from the data of described the second interface conversion chip input, after being decrypted, the data that perhaps, will come from described second memory export by described the second interface conversion chip.
The real random number generator of the key that uses when preferably, described first processor and the second processor all are built-in with for generated data encryption or data deciphering.
Preferably, described first interface conversion chip is SP3232EEA, and described first processor is TF32A09FA.
Preferably, described first memory comprises NAND FLASH.
Preferably, described the second interface conversion chip is TC6371AF, and described the second processor is CCM3202S.
Preferably, described second memory comprises NAND FLASH.
Preferably, described many interface cipherings board also comprises the first power supply, second source, reset circuit and clock circuit, described the first power supply is connected with described first processor, described second source is connected with described the second processor, described reset circuit is connected with the second processor with described first processor respectively, and described clock circuit is connected with the second processor with described first processor respectively.
Preferably, described clock circuit is brilliant humorous.
(3) beneficial effect
Highly versatile of the present invention, externally reserved 3 kinds of interfaces and carried out the encryption and decryption operation, i.e. CPCI interface, USB interface, RS232 serial line interface, and the user can and need to select wherein a kind of according to the existing interface of system.Selected chip makes hardware enciphering and deciphering speed fast, does not affect the original system indexs such as start-up time, makes the user can't discover data encrypted.
The accompanying drawing explanation
Fig. 1 is the composition frame chart of many interface cipherings board of the embodiment of the present invention;
Fig. 2 is USB in many interface cipherings board of the embodiment of the present invention, RS-232 interface encrypted tunnel composition frame chart;
Fig. 3 is CPCI interface ciphering passage composition frame chart in many interface cipherings board of the embodiment of the present invention;
Fig. 4 is the USB of many interface cipherings board of the embodiment of the present invention, the encryption flow figure of CPCI mode;
Fig. 5 is the USB of many interface cipherings board of the embodiment of the present invention, the deciphering process flow diagram of CPCI mode.
Embodiment
For making purpose of the present invention, content and advantage clearer, below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.
The embodiment of the present invention provides a kind of many interface cipherings board, use this encryption board can complete the encryption and decryption functions of data, and this densifying plate jig has many interfaces, unitized characteristics.This encryption board can be made 6U-CPCI template card.
The encryption board of above-mentioned many interfaces has externally been reserved 3 kinds of interfaces, be USB interface, RS232 serial line interface, CPCI(Compact Peripherical Component Interconnect, compact PCI, for a kind of peripheral hardware interconnect standard) interface, the interface that can choose as required wherein carries out the encryption and decryption operation; Reserved 3 fully independently encryption and decryption data passages, wherein the passage of USB interface, serial ports is adopted on 2 tunnels, and the passage of another 1 road CPCI interface, can carry out the encryption and decryption operation to three computer motherboards simultaneously simultaneously.Passage 1 is to consist of first processor TF32A09FA, first memory, first interface conversion chip, and it communicates by USB interface or RS232 serial ports and host computer; Passage 2 is in full accord with passage 1, and it is copying of passage 1; Passage 3 is to consist of the second processor CCM3202S, the second interface conversion chip and second memory, and it is communicated by letter by cpci bus Interface realization and host computer, and composition frame chart as shown in Figure 1.
The hardware of USB, RS-232 interface encrypted tunnel can be by the humorous realization of crystalline substance by Special safety chip TF32A09FA1, a NAND FLASH3, a SRAM4, a SP3232EEA2, clock circuit 12(), reset circuit 11 and first power supply 5 etc. form, as shown in Figure 2.That processor is selected is TF32A09FA, and it is leitungskern, mainly realizes the generation and the management that add (solution) close computing and key of data.TF32A09FA adopts 32 reduced instruction processors (RISC) structure, opening 32 position datawires, and 26 bit address lines, namely have the addressing space of 64MB.The SRAM of the built-in 20KB of TF32A09FA, wherein 12KB is for system, and 8KB, for the optional FIFO of USB/Wrapper, also can be used as common SRAM and does the buffer memory use in addition; TF32A09FA is the ROM of built-in 64KB also, for the down load application program, includes Bootloader program, encryption stream switch code, keyboard program; TF32A09FA is the NORFLASH of built-in 512KB also, for the storage of program and data.The maximum functional clock is 100MHz, and each read-write only needs a clock period; TF32A09FA is built-in real random number generator (TRNG) also, be used to generating initial key; Adding (solution) close arithmetic unit is the built-in algorithm firmware of TF32A09FA, and the actual measurement processing speed under the clock of 80MHz is 33.9097MB/s.
First memory is comprised of a NAND FLASH and a SRAM, and wherein a NANDFLASH selects the MT29F2G08AADWP-ET chip, and the memory capacity of 256MB is mainly used in the storage of ciphertext; And a SRAM selects the IS61LV25616AL-10TLI chip, is a kind of high-speed asynchronous CMOS static memory, and the memory capacity of 512KB, mainly for the treatment of the middle buffer memory of big data quantity.The first interface conversion chip mainly comprises the switching of interface signal and the coupling of port level, in the design, relate generally to the matching problem of port level, serial ports TTL(Transistor-Transistor Logic for processor chips, transistor-transistor logic) level, select the SP3232EEA chip, realize the coupling of Transistor-Transistor Logic level and host computer RS-232 serial ports level.Adopt the true random number of real random number generator (TRNG) generation in the Special safety chip as the key storage fixed storage space in NOR LASH on sheet that adds (solution) close extraneous input initial key, equally, the key ciphertext after close also is stored in the fixed storage zone on sheet.
The hardware corridor of CPCI interface ciphering mode can be by the humorous realization of crystalline substance by Special safety chip CCM3202S6, the 2nd NAND FLASH8, the 2nd SRAM9, the second interface conversion chip TC6371AF7, clock circuit 12(), reset circuit 11 and second source 10 etc. form, as shown in Figure 3.That processor is selected is CCM3202S, and it is the leitungskern of this treatment channel, mainly realizes the generation and the management that add (solution) close computing and key of data.CCM3202S adopts 32 reduced instruction processors (RISC) structure, opening 32 position datawires, and 20 bit address lines, namely have the addressing space of 1MB.The SRAM of the built-in 48KB of CCM3202S, make buffer memory and use; CCM3202S is the ROM of built-in 10KB also, for the down load application program, includes Bootloader program, encryption stream switch code, keyboard program; The embedded FLASH of the CCM3202S built-in 1280KB of evil, for the storage of upper level applications.Processor working frequency is 32MHz, and each read-write only needs a clock period.CCM3202S is built-in real random number generator (TRNG) also, and be used to generating initial key, the actual measurement speed under 60MHz is 4MBps.Adding (solution) close arithmetic unit is built-in algorithm firmware, has been responsible for the enciphering/deciphering of data and has processed.Storer and USB, RS-232 interface scheme are identical.The second interface conversion chip mainly comprises the switching of interface signal and the coupling of port level, at this programme, partly is mainly concerned with the conversion of interface signal.The external communication interface of the second processor CCM3202S has SD interface, SPI interface, ISO816 interface, IIC etc., from stability, speed equal angles, the coupling system situation, select the SD interface as external communication port again, selects the TC6371AF chip to realize the signaling transfer point of interface signal.Adopt the key of the true random number of real random number generator (TRNG) generation in special encryption chip as the initial key that adds (solution) close external world's input, and key ciphertext and this key are stored in to the fixed storage space in FLASH on sheet in the lump.
Based on above-mentioned 3 kinds of communication interfaces, can realize three's encryption and decryption mode:
Mode one: based on the USB communication interface, ciphertext after the densifying plate card encryption is processed is stored in a local NAND FLASH, when every subsystem is restarted, encrypt board and first carry out local decryption oprerations, then will be expressly in sending into the interim RAM of computer module, carries out in the USB mouth, realized like this static state (during outage) the ciphertext storage of critical data, dynamically (after powering on) expressly operation, expressly disappear after system power failure immediately.
Mode two: based on the cpci bus interface, ciphertext after the densifying plate card encryption is processed is stored in the 2nd local NAND FLASH, when every subsystem is restarted, encrypt board and first carry out local decryption oprerations, then will be expressly in sending into the interim RAM of computer module, carries out the CPCI interface, realized like this static state (during outage) the ciphertext storage of critical data, dynamically (after powering on) expressly operation, expressly disappear after system power failure immediately.
Mode three: based on RS-232 communication interface (baud rate: 9600b/s); encrypting board is that computer module to be protected is carried key; the key of extraneous input initial key is produced by the real random number generator in the Special safety chip on module board; be stored in the fixed storage space in NOR FLASH on sheet; key after encryption is stored in the specific physical zone on module board in the mode of ciphertext; anti-attack ability is strong, and is safe.Encryption and decryption functions is realized by the encryption method in computer module.
The encryption flow of mode one and mode two: USB mouth and CPCI interface ciphering mode by the encryption of data require to be defaulted as write operation, deciphering requires to be defaulted as read operation, namely when computer module execution encryption and decryption data current control is write a program, through CPCI or USB, to encrypting the board transmission, write data command, encrypt board and just start the crypto engine control program, the data that receive are performed encryption processing and be stored in the first or the 2nd NAND FLASH, as shown in Figure 4;
The deciphering flow process of mode one and mode two: when computer module is carried out encryption and decryption data current control reader, through CPCI or USB when encrypting board and send the read data order, encrypt board and just start the decryption engine control program, to carry out decryption processing and send in the interim internal memory in computer module, as shown in Figure 5 through CPCI or USB from the data that read the first or the 2nd NAND FLASH.
It should be noted that, because sensitive data to be protected only needs to carry out cryptographic operation one time, after ciphertext is stored into and encrypts in board, follow-uply when application, all carry out decryption oprerations and get final product.So after the plain text encryption in the mobile memory card that computer module is external, system is given tacit consent to startup decryption engine program in follow-up startup, like this when subsequent applications, when warm boot, with regard to direct decipher operation.
The encryption and decryption flow process of mode three: computer module obtains key by serial ports from the encryption board and carries out the encryption and decryption operation.Ciphertext after encryption is stored on the CF card of computer main frame panel, in the interim internal memory of the stored in clear after deciphering in computer module.Under this mode, encrypt board and only play the effect that key is provided for computer module.
As can be seen from the above embodiments, advantage of the present invention is:
1. highly versatile of the present invention, externally reserved 3 kinds of interfaces and carried out the encryption and decryption operation, i.e. CPCI interface, USB interface, RS232 serial line interface, and the user can and need to select wherein a kind of according to the existing interface of system.
2. on verification makes mistakes the basis of retransmission mechanism, increased standby manner of decryption, when USB mouth or CPCI mouth communication failure, during Decryption failures, automatically started the serial ports manner of decryption, the assurance system can normally start, and reliability is high.
3. adopt the module board card to carry out hardware encipher, portable high, the modular design of system after being convenient to.
4. hardware enciphering and deciphering speed is fast, does not affect the original system indexs such as start-up time, makes the user can't discover data encrypted.
5. the encipherment scheme flow process that realizes of this board is simple, if data need to encrypt, only need to after encrypting, be stored in system image, application program, library file in the electric board of encrypting board and both can.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the technology of the present invention principle; can also make some improvement and distortion, these improvement and distortion also should be considered as protection scope of the present invention.
Claims (8)
1. interface ciphering board more than a kind, it is characterized in that, comprise: first interface conversion chip, the second interface conversion chip, first memory, second memory, the first processor that is connected with first memory with described first interface conversion chip respectively, and the second processor that is connected with second memory with described the second interface conversion chip respectively, and described first memory is connected with second memory, wherein
Described first interface conversion chip has the RS232 serial ports, after for the TTL serial ports level data-switching that will come from described first processor, becoming RS232 serial ports level data, export, perhaps, send to described first processor after will becoming TTL serial ports level data from the RS232 serial ports level data-switching of outside input;
Described first processor has USB interface, after being encrypted from the data of described first interface conversion chip or the USB interface of himself input, be sent to described first memory, after being decrypted, the data that perhaps, will come from described first memory export by described first interface conversion chip or the USB interface of himself;
Described the second interface conversion chip has the CPCI interface, after for the SD interface data that will come from described the second processor, converting the CPCI interface data to, export, perhaps, send to described the second processor after will converting the SD interface data to from the CPCI interface data of outside input;
Described the second processor is sent to described second memory after being encrypted from the data of described the second interface conversion chip input, after being decrypted, the data that perhaps, will come from described second memory export by described the second interface conversion chip.
2. many interface cipherings board as claimed in claim 1, is characterized in that, the real random number generator of the key that described first processor and the second processor use while all being built-in with for generated data encryption or data deciphering.
3. many interface cipherings board as claimed in claim 1, is characterized in that, described first interface conversion chip is SP3232EEA, and described first processor is TF32A09FA.
4. many interface cipherings board as claimed in claim 1 is characterized in that described first memory comprises NAND FLASH.
5. many interface cipherings board as claimed in claim 1, is characterized in that, described the second interface conversion chip is TC6371AF, and described the second processor is CCM3202S.
6. many interface cipherings board as claimed in claim 1 is characterized in that described second memory comprises NAND FLASH.
7. many interface cipherings board as described as any one in claim 1~6, it is characterized in that, described many interface cipherings board also comprises the first power supply, second source, reset circuit and clock circuit, described the first power supply is connected with described first processor, described second source is connected with described the second processor, and described reset circuit is connected with the second processor with described first processor respectively, and described clock circuit is connected with the second processor with described first processor respectively.
8. many interface cipherings board as claimed in claim 7, is characterized in that, described clock circuit is brilliant humorous.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103445074A CN103400087A (en) | 2013-08-08 | 2013-08-08 | Multi-interface encryption board card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103445074A CN103400087A (en) | 2013-08-08 | 2013-08-08 | Multi-interface encryption board card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103400087A true CN103400087A (en) | 2013-11-20 |
Family
ID=49563708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103445074A Pending CN103400087A (en) | 2013-08-08 | 2013-08-08 | Multi-interface encryption board card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103400087A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106961323A (en) * | 2017-05-18 | 2017-07-18 | 桀安信息安全技术(上海)有限公司 | A kind of secret key decryption board, device, system and processing method |
| CN109460680A (en) * | 2018-10-30 | 2019-03-12 | 天津津航计算技术研究所 | A kind of hardware enciphering and deciphering implementation method and hardware encryption board based on pci bus |
| CN110135200A (en) * | 2019-05-15 | 2019-08-16 | 长春鸿达光电子与生物统计识别技术有限公司 | The encrypting module of integrated SM4 algorithm and both-end port communications |
| CN110929298A (en) * | 2019-11-20 | 2020-03-27 | 天津津航计算技术研究所 | Multi-interface LRM encryption board card |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080010663A1 (en) * | 2003-08-03 | 2008-01-10 | Xingjun Wang | Universal Bidirectional Serial Data Transport Interface and Its Data Transport Method |
| CN201247464Y (en) * | 2008-04-02 | 2009-05-27 | 西北工业大学 | Data encrypt device for ATA genus memory apparatus of USB interface |
| CN101714917A (en) * | 2009-08-24 | 2010-05-26 | 黑龙江大学 | Chaotic key-based data encryption transmission card |
-
2013
- 2013-08-08 CN CN2013103445074A patent/CN103400087A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080010663A1 (en) * | 2003-08-03 | 2008-01-10 | Xingjun Wang | Universal Bidirectional Serial Data Transport Interface and Its Data Transport Method |
| CN201247464Y (en) * | 2008-04-02 | 2009-05-27 | 西北工业大学 | Data encrypt device for ATA genus memory apparatus of USB interface |
| CN101714917A (en) * | 2009-08-24 | 2010-05-26 | 黑龙江大学 | Chaotic key-based data encryption transmission card |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106961323A (en) * | 2017-05-18 | 2017-07-18 | 桀安信息安全技术(上海)有限公司 | A kind of secret key decryption board, device, system and processing method |
| CN109460680A (en) * | 2018-10-30 | 2019-03-12 | 天津津航计算技术研究所 | A kind of hardware enciphering and deciphering implementation method and hardware encryption board based on pci bus |
| CN110135200A (en) * | 2019-05-15 | 2019-08-16 | 长春鸿达光电子与生物统计识别技术有限公司 | The encrypting module of integrated SM4 algorithm and both-end port communications |
| CN110929298A (en) * | 2019-11-20 | 2020-03-27 | 天津津航计算技术研究所 | Multi-interface LRM encryption board card |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101975027B1 (en) | System on chip, operation method thereof, and devices having the same | |
| CN101551784B (en) | Method and device for encrypting data in ATA memory device with USB interface | |
| CN201054140Y (en) | Information security control chip | |
| CN108345806A (en) | A kind of hardware encryption card and encryption method | |
| CN101908112B (en) | Test method and system of security chip | |
| CN112329038B (en) | Data encryption control system and chip based on USB interface | |
| WO2006131069A1 (en) | A separate encryption/decryption equipment for plentiful data and a implementing method thereof | |
| CN101321065B (en) | USB data safety transmission technique with double-factor identity validation function | |
| CN102693385A (en) | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof | |
| CN103400087A (en) | Multi-interface encryption board card | |
| CN106991061A (en) | A kind of SATA hard disc crypto module and its method of work | |
| CN101561888B (en) | Real-time encryption SD card and high-speed encryption/decryption method | |
| CN101996285B (en) | Electronic equipment | |
| US10169616B1 (en) | Cryptographic processing of data and instructions stored off-chip | |
| CN103077362B (en) | There is the GPIO IP kernel of security mechanism | |
| KR101070766B1 (en) | Usb composite apparatus with memory function and hardware security module | |
| CN102110066B (en) | Tax-control encryption card control method | |
| CN101950345B (en) | Hardware decryption-based high-reliability terminal equipment and working method thereof | |
| CN202600714U (en) | Embedded terminal based on SD (Secure Digital) trusted computing module | |
| CN104657288A (en) | SPI (Serial Peripheral Interface) FLASH encryption interface and method for reading and writing encryption data | |
| CN214122946U (en) | High-speed national cryptographic algorithm password card based on FPGA | |
| CN201247464Y (en) | Data encrypt device for ATA genus memory apparatus of USB interface | |
| CN103839012A (en) | Flash encrypted storage device | |
| CN201804336U (en) | Intelligence password key system | |
| CN102377567A (en) | Intelligent key system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131120 |