CN104426654A - Encryption card encryption and decryption method based on multi-buffer mode - Google Patents
Encryption card encryption and decryption method based on multi-buffer mode Download PDFInfo
- Publication number
- CN104426654A CN104426654A CN201310384168.2A CN201310384168A CN104426654A CN 104426654 A CN104426654 A CN 104426654A CN 201310384168 A CN201310384168 A CN 201310384168A CN 104426654 A CN104426654 A CN 104426654A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- buffering area
- decryption
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an encryption card encryption and decryption method based on a multi-buffer mode. The method comprises the steps that buffer areas, which are identical in length and equal in number, are arranged on a host side and the processor of the encryption card; data to be encrypted and decrypted of the buffer areas of the host side are transmitted to the buffer areas of the processor of the encryption card; the data to be encrypted and decrypted of the buffer areas of the processor of the encryption card are encrypted and decrypted; and the encrypted and decrypted data are transmitted to the buffer areas of the host side by the processor. Time loss of the data to be encrypted and decrypted in the transmission process is reduced, and utilization efficiency of an encryption chip is enhanced so that encryption and decryption speed of the data encryption card is enhanced and the overall performance of the data encryption card is enhanced.
Description
Technical field:
The present invention relates to filed of network information security, more specifically relate to a kind of encipher-decipher method of the encrypted card based on many buffering methods.
Background technology:
Data encryption is the important branch of of the network information security, is the important method ensureing that data are transmitted in information network security.Current encryption method mainly adopts network communication equipment to join the scheme of data encoded card.Data encoded card is connected with main frame by pci interface.Because the encryption and decryption performance of network transfer speeds and data encoded card is closely related, improving data encrypting and deciphering speed, is improve network data transmission speed effective ways.
The method improving data encoded card encryption and decryption performance mainly contains two aspects, one is the encryption and decryption performance improving crypto chip on data encoded card, two is when crypto chip is given, improve data transmission efficiency as far as possible, reduce the time loss of data in bus transfer, improve the utilization ratio of crypto chip.Be limited by the restriction of cryptographic algorithm technical development, crypto chip is given under normal circumstances, cannot by changing more high performance crypto chip.Therefore the performance of data encoded card can only be improved by the utilization ratio improving crypto chip.
Fig. 1 shows data from main frame through PCI to DSP, then realizes encryption and decryption by DSP operator password chip, returns a flow process of main frame finally by pci bus.Wherein the operation of crypto chip is limited by self sequential restriction of crypto chip, improves limited capacity.Therefore the key technology that the transmission time of data in pci bus becomes raising data encoded card performance is reduced.
The design of data encoded card adopts single buffer district mode.Main frame and data encryption Card processor DSP are respectively arranged with a data buffer zone, for exchanges data, as shown in Figure 1.Be encrypted as example with data message, main frame first by the data buffer zone of stored in clear in host computer side, the processor DSP simultaneously on notification data encrypted card.Clear data in host buffer is copied in the buffering area of oneself by DSP, and operator password chip is encrypted clear data, the data cover clear data after encryption.After encryption terminates, DSP transfers data to the data buffer zone of main frame, and ciphertext covers expressly, and notifies that main frame has been encrypted.DSP only takies the part-time of ciphering process to operator password chip.The plenty of time is separately had to be wasted in the transfer of data of pci bus.When data in bus transfer time, crypto chip is work not, wastes the operational capability of crypto chip.Accounting for about 30% of whole encryption times through assessment, if this part time can be saved, being largely increased making the performance of data encoded card.
Summary of the invention:
The object of this invention is to provide a kind of encipher-decipher method of the encrypted card based on many buffering methods, the method increase the performance of data encoded card.
For achieving the above object, the present invention is by the following technical solutions: a kind of encipher-decipher method of the encrypted card based on many buffering methods, said method comprising the steps of:
(1) on the processor of host computer side with encrypted card, the buffering area that length is identical, quantity is equal is opened up;
(2) treat that encryption and decryption data is sent on the buffering area of encrypted card processor by host computer side buffering area;
(3) buffering area of described encrypted card processor will treat that encryption and decryption data carries out encryption and decryption;
(4) data after encryption and decryption are sent in host computer side buffering area by described processor.
The encipher-decipher method of a kind of encrypted card based on many buffering methods provided by the invention, described step treats that encryption and decryption data divides into groups according to buffer length in (2), and described main frame will treat that encryption and decryption data leaves in host computer side buffering area in order successively; The length of described buffering area sets according to actual conditions.
By described, the encipher-decipher method of a kind of encrypted card based on many buffering methods provided by the invention, treats that encryption and decryption data is sent in the buffering area of described encrypted card processor by DMA burst data load mode, and to mark its buffering area be pending.
The encipher-decipher method of another preferred a kind of encrypted card based on many buffering methods provided by the invention, take out and treat encryption and decryption data in described step (3) in processor buffering area, by treat encryption and decryption data deliver to encrypted card control encryption chip carry out encryption and decryption process, after described encryption chip process completes, described processor is by the data retrieval after encryption and decryption, preserve in the buffer, and to mark this buffering area be processed.
The encipher-decipher method of a preferred a kind of encrypted card based on many buffering methods more provided by the invention, in described step (4), after data after encryption and decryption are sent to host computer side buffering area from its buffering area by described processor, be empty by the buffering area of described processor; Described processor takes data away by interrupt mode notice main frame.
The encipher-decipher method of another preferably a kind of encrypted card based on many buffering methods provided by the invention, described main frame, when fetching data in its buffering area, side, to be treated new in the buffering area that encryption and decryption data adds its side sky to and to notify that described processor fetches data.
The encipher-decipher method of another preferably a kind of encrypted card based on many buffering methods provided by the invention, described processor extraction until encryption and decryption data time, taken away by DMA burst data load mode and treat that the data of encryption and decryption are added in the buffering area of described processor sky in described host computer side buffering area.
The encipher-decipher method of another preferably a kind of encrypted card based on many buffering methods provided by the invention, described processor is dsp chip, and described dsp chip carries pci interface main-machine communication by it.
The encipher-decipher method of another preferably a kind of encrypted card based on many buffering methods provided by the invention, the external FLASH chip of described DSP and RAM random asccess memory chip, described DSP controls public key cryptography algorithm chip and true random number maker by CPLD.
Owing to have employed technique scheme, the beneficial effect that the present invention obtains is:
1, the present invention is mainly used in utilizing multiple buffer mode, reduces and treats the time loss of encryption and decryption data in transmitting procedure, improves the utilization ratio of encryption chip, thus improves the encryption/decryption speed of data encoded card;
2, keep having be-encrypted data to wait in DSP buffering area in the present invention always, make encryption chip be in the state of operating at full capacity always, thus improve the performance of data encoded card;
3, do not take dsp processor disposal ability between DMA transmission period in the present invention, DSP may be used for controlling crypto chip and carries out encryption and decryption; Due to the time less that startup and the interrupt response of DMA transmission take, therefore most disposal abilities of DSP may be used to control crypto chip encryption and decryption, therefore almost can ignore the transmission time of data on main frame and encrypted card.
Accompanying drawing explanation
Fig. 1 is encryption and decryption data schematic flow sheet;
Fig. 2 is many buffering methods data flow diagram of the present invention;
Fig. 3 is the hardware principle schematic diagram of data encoded card of the present invention;
Fig. 4 is host schedules workflow schematic diagram.
Embodiment
Below in conjunction with embodiment, the invention will be described in further detail.
Embodiment 1:
As in Figure 2-4, the encipher-decipher method of the invention of this example is:
The processor of host computer side with encrypted card is opened up the buffering area that length is identical, quantity is equal;
Treat that encryption and decryption data divides into groups according to the buffer length of host computer side, decrypt data packets to be added first leaves in the buffering area of host computer side by described main frame in order successively; The length of described buffering area sets according to actual conditions, and host computer side described in the present embodiment adopts four buffering areas, and each buffering area is isometric.
Treat that encryption and decryption data is sent in the buffering area of the processor of described encrypted card by DMA burst data load mode by described, and to mark this buffering area be pending.Take out from described encrypted card processor and treat encryption and decryption data in a buffering area, by treat encryption and decryption data deliver to encrypted card control encryption chip carry out encryption and decryption process, after described encryption chip process completes, described processor is by the data retrieval after encryption and decryption, be kept in the buffering area on its processor, and to mark this buffering area be processed.
Data after encryption and decryption will be sent to the buffering area of main frame by described processor from its buffering area, after being sent completely, be empty by the buffering area of described processor, described processor is processed by interrupt mode notice host data, takes data by main frame away from its buffering area.
Because host computer side in the present embodiment has four buffering areas, main frame can data after at every turn getting encryption and decryption time check all buffering areas have be not free, once there be buffering area to be empty, just adding new pending data enters from host computer side buffering area, until all there are pending data all host computer side buffering areas, and the processor on notification data encrypted card fetches data.
Described processor is when fetching data, as long as find that its buffering area is for time empty, just by DMA burst data load mode take away described host computer side new treat that the data of encryption and decryption are added in the buffering area of described processor sky, until the buffer full on processor.
Described processor is dsp chip, and described dsp chip carries pci interface main-machine communication by it.
The external FLASH chip of described DSP and RAM random asccess memory chip, described DSP controls other chips such as public key cryptography algorithm chip, true random number maker by CPLD.
Data in host buffer are fetched with regard to utilizing dma mode by the present invention, because add DMA transmission to read in data subprogram in interrupt response program, as long as therefore main frame has need new data, and the buffering area that encrypted card is available free, then data preferentially can be read in buffering area by DSP, be carved with new data and can be used for crypto chip computing when ensureing.
Main frame mainly comprises main frame to the scheduling process of data encoded card and stores data to host buffer, and encrypted card reads data from main frame, and encrypted card controls crypto chip and processes data, and the data after process are returned to main frame by encrypted card.The scheduling process of main frame is as shown in Figure 4:
Main program enters an endless loop program after completing initialization, cyclic program has judged whether that data need to read in buffering area, whether have that data need encryption, whether buffering area has data needs to write out successively.
If there are data to need to read in buffering area, enter corresponding processing program, start DMA transmission and read data in host computer side buffering area from main frame.
Meeting Trigger processor DSP interrupt program after DMA transmission reading ED, in interrupt routine, in decision processor DSP buffering area, whether data can be read in again in available free region, if had, continue to start DMA transmission, until four buffering areas that in the present embodiment, processor DSP is all are full, there are abundant data like this in this buffering area and have carried out encryption and decryption for crypto chip.
When in processor DSP buffering area existing read in pending data time, main program enters data encrypting and deciphering subprogram, and dsp processor controls crypto chip and carries out encryption and decryption computing.
Computing completes, and whether decision processor DSP buffering area has data to need to be writen to host computer side buffering area, if having and now the dma controller free time time, then enter DMA transmission write out data subprogram.
After the data write out are taken away by main frame, by interrupt mode notification processor DSP.Processor DSP is emptying buffer in interrupt response program.
The present embodiment it should be noted that: the cryptographic algorithm that crypto chip adopts is symmetric encipherment algorithm.This cryptographic algorithm adopts feeding one group of clear data, then reads the mode deal with data of one group of clear data (or first send into encrypt data, then read the data after deciphering).
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit, although with reference to above-described embodiment to invention has been detailed description, those of ordinary skill in the field are to be understood that: still can modify to the specific embodiment of the present invention or equivalent replacement, and not departing from any amendment of spirit and scope of the invention or equivalent replacement, it all should be encompassed in the middle of this right.
Claims (9)
1. based on an encipher-decipher method for the encrypted card of many buffering methods, it is characterized in that: said method comprising the steps of:
(1) on the processor of host computer side with encrypted card, the buffering area that length is identical, quantity is equal is opened up;
(2) treat that encryption and decryption data is sent on the buffering area of encrypted card processor by host computer side buffering area;
(3) buffering area of described encrypted card processor will treat that encryption and decryption data carries out encryption and decryption;
(4) data after encryption and decryption are sent in host computer side buffering area by described processor.
2. the encipher-decipher method of a kind of encrypted card based on many buffering methods as claimed in claim 1, it is characterized in that: described step treats that encryption and decryption data divides into groups according to buffer length in (2), described main frame will treat that encryption and decryption data leaves in host computer side buffering area in order successively; The length of described buffering area sets according to actual conditions.
3. the encipher-decipher method of a kind of encrypted card based on many buffering methods as claimed in claim 2, it is characterized in that: treat that encryption and decryption data is sent in the buffering area of described encrypted card processor by DMA burst data load mode by described, and to mark its buffering area be pending.
4. the encipher-decipher method of a kind of encrypted card based on many buffering methods as claimed in claim 1, it is characterized in that: take out and treat encryption and decryption data in described step (3) in processor buffering area, by treat encryption and decryption data deliver to encrypted card control encryption chip carry out encryption and decryption process, after described encryption chip process completes, described processor is by the data retrieval after encryption and decryption, preserve in the buffer, and to mark this buffering area be processed.
5. the encipher-decipher method of a kind of encrypted card based on many buffering methods as claimed in claim 1, it is characterized in that: in described step (4), after data after encryption and decryption are sent to host computer side buffering area from its buffering area by described processor, be empty by the buffering area of described processor; Described processor takes data away by interrupt mode notice main frame.
6. the encipher-decipher method of a kind of encrypted card based on many buffering methods as claimed in claim 5, it is characterized in that: described main frame, when fetching data in its buffering area, side, to be treated new in the buffering area that encryption and decryption data adds its side sky to and to notify that described processor fetches data.
7. the encipher-decipher method of a kind of encrypted card based on many buffering methods as claimed in claim 4, it is characterized in that: described processor extraction until encryption and decryption data time, taken away by DMA burst data load mode and treat that the data of encryption and decryption are added in the buffering area of described processor sky in described host computer side buffering area.
8. the encipher-decipher method of a kind of encrypted card based on many buffering methods as claimed in claim 1, is characterized in that: described processor is dsp chip, and described dsp chip carries pci interface main-machine communication by it.
9. the encipher-decipher method of a kind of encrypted card based on many buffering methods as claimed in claim 8, it is characterized in that: the external FLASH chip of described DSP and RAM random asccess memory chip, described DSP controls public key cryptography algorithm chip and true random number maker by CPLD.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310384168.2A CN104426654A (en) | 2013-08-29 | 2013-08-29 | Encryption card encryption and decryption method based on multi-buffer mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310384168.2A CN104426654A (en) | 2013-08-29 | 2013-08-29 | Encryption card encryption and decryption method based on multi-buffer mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104426654A true CN104426654A (en) | 2015-03-18 |
Family
ID=52974682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310384168.2A Pending CN104426654A (en) | 2013-08-29 | 2013-08-29 | Encryption card encryption and decryption method based on multi-buffer mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104426654A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105207816A (en) * | 2015-09-16 | 2015-12-30 | 国网智能电网研究院 | Software scheduling method for multi-buffer parallel encryption |
| CN106020779A (en) * | 2016-05-16 | 2016-10-12 | 北京三未信安科技发展有限公司 | Data processing method of PCI (Peripheral Component Interconnect) cipher card data, PCI cipher card, host and system |
| CN106549869A (en) * | 2015-09-21 | 2017-03-29 | 北京信威通信技术股份有限公司 | Data package processing method and device |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6412069B1 (en) * | 1997-09-16 | 2002-06-25 | Safenet, Inc. | Extending crytographic services to the kernel space of a computer operating system |
| CN101290569A (en) * | 2008-05-06 | 2008-10-22 | 国网南京自动化研究院 | Method for parallel data processing adopting multi- password chip |
| CN102970142A (en) * | 2012-12-11 | 2013-03-13 | 成都卫士通信息产业股份有限公司 | Method and system for concurrently encrypting and decrypting virtual private network (VPN) equipment in multi-encryption-card environment |
-
2013
- 2013-08-29 CN CN201310384168.2A patent/CN104426654A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6412069B1 (en) * | 1997-09-16 | 2002-06-25 | Safenet, Inc. | Extending crytographic services to the kernel space of a computer operating system |
| CN101290569A (en) * | 2008-05-06 | 2008-10-22 | 国网南京自动化研究院 | Method for parallel data processing adopting multi- password chip |
| CN102970142A (en) * | 2012-12-11 | 2013-03-13 | 成都卫士通信息产业股份有限公司 | Method and system for concurrently encrypting and decrypting virtual private network (VPN) equipment in multi-encryption-card environment |
Non-Patent Citations (1)
| Title |
|---|
| 谭小刚: "PCI JM2000数据加密卡设计", 《中国优秀硕士学位论文全文数据库(电子期刊) 信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105207816A (en) * | 2015-09-16 | 2015-12-30 | 国网智能电网研究院 | Software scheduling method for multi-buffer parallel encryption |
| CN106549869A (en) * | 2015-09-21 | 2017-03-29 | 北京信威通信技术股份有限公司 | Data package processing method and device |
| CN106020779A (en) * | 2016-05-16 | 2016-10-12 | 北京三未信安科技发展有限公司 | Data processing method of PCI (Peripheral Component Interconnect) cipher card data, PCI cipher card, host and system |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN106682521B (en) * | 2016-11-28 | 2020-02-07 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106301774B (en) | Safety chip, its encryption key generation method and encryption method | |
| CN102196425B (en) | Quantum-key-distribution-network-based mobile encryption system and communication method thereof | |
| CN101782956B (en) | Method and device for protecting data on basis of AES real-time encryption | |
| CN109145568A (en) | A kind of full algorithm cipher card and its encryption method based on PCI-E interface | |
| US20180205541A1 (en) | Multiple encrypting method and system for encrypting a file and/or a protocol | |
| US20140164793A1 (en) | Cryptographic information association to memory regions | |
| CN104219234B (en) | A kind of method of cloud storage personal data safety | |
| CN101290569A (en) | Method for parallel data processing adopting multi- password chip | |
| CN107256363A (en) | A kind of high-speed encryption and decryption device being made up of encryption/decryption module array | |
| CN108011716A (en) | A kind of encryption apparatus and implementation method | |
| CN109067523A (en) | A kind of data ciphering method of encrypted card | |
| CN108898033A (en) | A kind of data encrypting and deciphering system based on FPGA | |
| Alkalbani et al. | Comparison between RSA hardware and software implementation for WSNs security schemes | |
| CN102737270A (en) | Security co-processor of bank smart card chip based on domestic algorithms | |
| CN104426654A (en) | Encryption card encryption and decryption method based on multi-buffer mode | |
| CN105207816A (en) | Software scheduling method for multi-buffer parallel encryption | |
| CN102081713A (en) | Office system for preventing data from being divulged | |
| CN109344664A (en) | A kind of cipher card and its encryption method that based on FPGA data are carried out with algorithm process | |
| US9043933B2 (en) | Method of processing data to enable external storage thereof with minimized risk of information leakage | |
| CN105515757B (en) | Security information exchange device based on credible performing environment | |
| CN101515853B (en) | Information terminal and information safety device thereof | |
| CN107979608B (en) | Interface-configurable data encryption and decryption transmission system and transmission method | |
| CN103902932B (en) | Method for encryption through data encryption and decryption device for USB storage devices | |
| CN103873245B (en) | Dummy machine system data ciphering method and equipment | |
| CN103777918A (en) | Hardware accelerator |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160406 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: State Grid Smart Grid Institute Applicant after: State Grid Sichuan Electric Power Corporation Applicant after: State Grid Jibei Electric Power Company Limited Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute Applicant before: State Grid Sichuan Electric Power Corporation Applicant before: State Grid Jibei Electric Power Company Limited |
|
| CB02 | Change of applicant information |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Applicant after: State Grid Sichuan Electric Power Corporation Applicant after: State Grid Jibei Electric Power Company Limited Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute Applicant before: State Grid Smart Grid Institute Applicant before: State Grid Sichuan Electric Power Corporation Applicant before: State Grid Jibei Electric Power Company Limited |
|
| COR | Change of bibliographic data | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150318 |
|
| RJ01 | Rejection of invention patent application after publication |