CN107979608A - The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure - Google Patents
The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure Download PDFInfo
- Publication number
- CN107979608A CN107979608A CN201711314634.4A CN201711314634A CN107979608A CN 107979608 A CN107979608 A CN 107979608A CN 201711314634 A CN201711314634 A CN 201711314634A CN 107979608 A CN107979608 A CN 107979608A
- Authority
- CN
- China
- Prior art keywords
- interface
- data
- encryption
- uplink
- deciphering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses the data encrypting and deciphering Transmission system that a kind of interface can configure, including transmission control and dispensing unit, uplink interface, interface gating module, encryption and decryption computing unit, internal data bus and downlink port;The transmission control is connected with uplink interface, interface gating module, encryption and decryption computing unit, internal data bus and downlink port respectively with dispensing unit;The uplink interface includes several different types of interface controllers;The interface gating module is connected by uplink interface with exterior host computer processor;The encryption and decryption computing unit is connected with interface gating module and internal data bus respectively;The downlink port includes several different types of interface controllers;The internal data bus is connected by downlink port with exterior memory device.
Description
Technical field
The invention belongs to field of data encryption, is specifically data encrypting and deciphering Transmission system and transmission that a kind of interface can configure
Method.
Background technology
In industrial computer system, in order to handle different data with signal, it is necessary to including embedded type CPU, FPGA, DSP very
Coordinate jointly to various processors such as general desktop CPU and realize systemic-function.These processors are required for plug-in memory device, with
Load and use for program after the power is turned on.
Current loading procedure is often with stored in clear, so in the transmitting procedure of loading data, there is by
Unauthorized personnel obtains, changes, the possibility of attack, it is therefore desirable to adds certain safeguard measure.Meanwhile data are different
Connected between processor by bus, during being transmitted and interacting, it is also possible to visited in bus transfer passage
Survey, intercept and capture, cause the leakage of data, therefore be also required to be protected.
Data risk during above application is caused by mainly due to plaintext transmission is used, therefore most basic protection
Mode is that data encryption technology is introduced in transmission channel, by transmission data by being converted to ciphertext in plain text, prevents unauthorized access number
It is believed that breath.
The content of the invention
In view of the deficiencies of the prior art, the technical problem that the present invention intends to solve is to provide the data that a kind of interface can configure
Encryption and decryption Transmission system and transmission method.
The flexible structure of this method, can compatible different transmission interfaces and agreement, realize the symmetric cryptography of transmitted in both directions with
Function is decrypted, the influence to original transmission channel is reduced, realizes the safeguard protection of data transfer.
The present invention solves the problems, such as that the technical solution of the systems technology is to provide the data encrypting and deciphering that a kind of interface can configure
Transmission system, it is characterised in that the system include transmission control with dispensing unit, uplink interface, interface gating module, plus
Decrypt computing unit, internal data bus and downlink port;It is described transmission control with dispensing unit respectively with uplink
Interface, interface gating module, encryption and decryption computing unit, internal data bus are connected with downlink port;The uplink
Interface includes several different types of interface controllers;The interface gating module is upper by uplink interface and outside
Machine processor connects;The encryption and decryption computing unit is connected with interface gating module and internal data bus respectively;The downlink
Coffret includes several different types of interface controllers;The internal data bus passes through downlink port and outside
Memory device connection.
The technical solution that the present invention solves the method technical problem is to provide the data encrypting and deciphering that a kind of interface can configure
Transmission method, it is characterised in that this method uses the data encrypting and deciphering Transmission system that the interface can configure, and specifically includes following
Step:
(1) after system electrification starts, transmission control carries out initial configuration, channel selecting with dispensing unit to modules
Which kind of interface configuration determines the use of and establishes transmission channel, and enciphering and deciphering algorithm configuration determines the Encryption Algorithm standard used and key letter
Breath;
(2) data transfer is proceeded by:If downlink transfer is encrypted, then uplink interface data and assisted
View parsing, is converted into internal active traffic in plain text, carried out in encryption and decryption computing unit data encryption calculating processing formed it is close
Text, interface protocol data sending is converted into memory device using downlink port;
If uplink is decrypted, then data are received by downlink port and carry out protocol analysis, be converted into effectively
Data flow ciphertext, data deciphering calculating is carried out in encryption and decryption computing unit and is reverted in plain text, utilizes uplink interface to convert
Exterior host computer processor is given for interface protocol data sending.
Compared with prior art, beneficial effect of the present invention is:
(1) encryption method of the method for the present invention is simple in structure, and resource occupation is few, can support FPGA or chip design etc.
Different implementations.
(2) support the data transfer of a variety of peripheral bus interfaces, and can be configured according to the actual requirements, flexibility
It is high.
(3) present invention can realize data penetration transmission, host computer processor and memory device be influenced smaller.
(4) Standard internal data/address bus interconnection structure is used, can be supported with fast integration standard interface controller module
Encryption and decryption handles or as Universal peripheral interface.
Brief description of the drawings
Fig. 1 is the overall knot of the data encrypting and deciphering Transmission system that interface of the present invention can configure and a kind of embodiment of transmission method
Structure schematic block diagram;
Fig. 2 is the overall structure of the data encrypting and deciphering Transmission system that interface of the present invention can configure and transmission method embodiment 1
Schematic block diagram.
Embodiment
The specific embodiment of the present invention is given below.Specific embodiment is only used for that the present invention is further described, unlimited
The application scope of the claims processed.
The data encrypting and deciphering Transmission system (abbreviation system, referring to Fig. 1) that can configure the present invention provides a kind of interface, it is special
Sign is that the system calculates list including transmission control and dispensing unit 1, uplink interface 2, interface gating module 3, encryption and decryption
Member 4, internal data bus 5 and downlink port 6;It is described transmission control with dispensing unit 1 respectively with uplink interface 2,
Interface gating module 3, encryption and decryption computing unit 4, internal data bus 5 and downlink port 6 connect;The uplink connects
Mouth 2 includes several different types of interface controllers, can be specifically pci interface, EMIF interfaces, UART interface, EMC interfaces
Deng interface type;The interface gating module 3 is connected by uplink interface 2 with exterior host computer processor;Described plus solution
Close computing unit 4 is connected with interface gating module 3 and internal data bus 5 respectively;The downlink port 6 includes several
Different types of interface controller, can be specifically the interface types such as pci interface, EMIF interfaces, UART interface, EMC interfaces;Institute
Internal data bus 5 is stated to be connected with exterior memory device by downlink port 6;
The transmission control performs user program with dispensing unit 1, each function module is connected by controlling bus, to module
Function carries out configuration and operating status control.
The inside of uplink interface 2 includes the interface controller of multiple and different types, can correspond to different outsides
Host computer processor carries out the data transfer of different agreement, is changed between peripheral bus and internal active traffic.
The interface gating module 3 is according to transmission control and the configuration information of dispensing unit 1, from uplink interface 2
Effective data flow all the way is selected in multichannel interface it is sent to encryption and decryption computing unit 3 (downlink) or receives stream compression and issues
Row coffret 2 (uplink).
The encryption and decryption computing unit 4 realizes packet symmetric encipherment algorithm, and downlink encryption and uplink solution are carried out to data stream
Close calculating, corresponding conversion is carried out by the plaintext of interface gating module 3 and the ciphertext of internal data bus 5.In addition also may be selected not
Data encrypting and deciphering processing is carried out, only completes data penetration transmission.
The internal data bus 5 is using interconnection bus agreement on standard film, you can is calculated for connecting special encryption and decryption
Unit, can also connect system architecture on standard film, realize the multiplexing of downlink port.
The downlink port 6 is used to connect external memory device, is converted to data again using interface controller
Corresponding standard external bus protocol, realizes the downlink transfer of data.Interface controller therein can be with uplink interface
It is consistent, to realize data encrypting and deciphering transparent transmission function;Different protocol standards can also be used according to the actual requirements.
Invention also provides the data encrypting and deciphering transmission method that a kind of interface can configure, it is characterised in that this method base
In the data encrypting and deciphering Transmission system that the interface can configure, following steps are specifically included:
(1) after system electrification starts, transmission control carries out modules initial configuration, passage choosing with dispensing unit 1
Select configuration and determine the use of which kind of interface establishes transmission channel, enciphering and deciphering algorithm configuration determines Encryption Algorithm standard and the key used
Information;
(2) data transfer is proceeded by:If downlink transfer is encrypted, then uplink interface 2 receives data and carries out
Protocol analysis, is converted into internal active traffic in plain text, and data encryption calculating processing is carried out in encryption and decryption computing unit 4 and is formed
Ciphertext, interface protocol data sending is converted into memory device using downlink port 6;
If uplink is decrypted, then data are received by downlink port 6 and carry out protocol analysis, be converted into effectively
Data flow ciphertext, data deciphering is carried out in encryption and decryption computing unit 4 calculates to revert in plain text, utilize 2 turns of uplink interface
Interface protocol data sending is turned to exterior host computer processor.
Embodiment 1
The exterior host computer processor is using X 86 processor, TI dsp processors, FPGA processor;
The uplink interface 2 is using pci interface, EMIF interfaces and UART interface;
The interface gating module 3 uses MUX;
The encryption and decryption computing unit 4 uses SM4 enciphering algorithm modules;
The internal data bus 5 uses AMBA buses;
The downlink port 6 uses EMC interfaces and UART interface;
The memory device uses UART and NOR Flash memory chips;
The data encrypting and deciphering Transmission system that a kind of interface can configure, the system using FPGA as realizing platform, inside it
Integrated pci interface, EMIF interfaces, UART interface, EMC interfaces, SM4 Encryption Algorithm, AMBA buses, MUX multiple selector and
ARM CPU processors.
FPGA can use the Zynq series of X C7Z045 chips of Xilinx companies.The chip has programmable logic cells
Available for realizing interface controller and Encryption Algorithm function, while embedded ARM process kernels are as transmission control and configuration feature,
Internal module data transfer is realized with reference to high-performance AMBA bus architectures.
Pci interface is used for uplink connection X 86 processor, and downlink connects NOR Flash memory chips by EMC interfaces.Shape
It can be used for X 86 processor during accesses memory device into data transmission channel, protection be encrypted to accessing data.
EMIF interfaces are used for uplink connection TI dsp processors, and downlink is stored again by EMC interfaces connection NOR Flash
Chip.Form data transmission channel and can be used for dsp processor during accesses memory device, add to accessing data
Privacy protection.
UART interface is used for uplink connection FPGA processor, and downlink forms data penetration transmission passage again by UART interface,
Data can be encrypted with protection during UART bus transfers.
The present invention does not address part and is suitable for the prior art.
Claims (2)
1. the data encrypting and deciphering Transmission system that a kind of interface can configure, it is characterised in that it is single with configuration that the system includes transmission control
Member, uplink interface, interface gating module, encryption and decryption computing unit, internal data bus and downlink port;The biography
It is defeated control with dispensing unit respectively with uplink interface, interface gating module, encryption and decryption computing unit, internal data bus and
Downlink port connects;The uplink interface includes several different types of interface controllers;The interface gating
Module is connected by uplink interface with exterior host computer processor;The encryption and decryption computing unit gates mould with interface respectively
Block is connected with internal data bus;The downlink port includes several different types of interface controllers;The inside
Data/address bus is connected by downlink port with exterior memory device.
2. the data encrypting and deciphering transmission method that a kind of interface can configure, it is characterised in that this method uses to be connect described in claim 1
The configurable data encrypting and deciphering Transmission system of mouth, specifically includes following steps:
(1)After system electrification starts, transmission control carries out modules initial configuration, channel selecting configuration with dispensing unit
Determine the use of which kind of interface establishes transmission channel, enciphering and deciphering algorithm configuration determines Encryption Algorithm standard and the key information used;
(2)Proceed by data transfer:If downlink transfer is encrypted, then uplink interface data and agreement solution is carried out
Analysis, is converted into internal active traffic in plain text, and data encryption is carried out in encryption and decryption computing unit and calculates processing formation ciphertext, profit
Interface protocol data sending is converted into memory device with downlink port;
If uplink is decrypted, then data are received by downlink port and carry out protocol analysis, be converted into valid data
Ciphertext is flowed, data deciphering calculating is carried out in encryption and decryption computing unit and is reverted in plain text, is converted into and connect using uplink interface
Mouth protocol data is sent to exterior host computer processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711314634.4A CN107979608B (en) | 2017-12-09 | 2017-12-09 | Interface-configurable data encryption and decryption transmission system and transmission method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711314634.4A CN107979608B (en) | 2017-12-09 | 2017-12-09 | Interface-configurable data encryption and decryption transmission system and transmission method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107979608A true CN107979608A (en) | 2018-05-01 |
CN107979608B CN107979608B (en) | 2021-02-12 |
Family
ID=62010039
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711314634.4A Active CN107979608B (en) | 2017-12-09 | 2017-12-09 | Interface-configurable data encryption and decryption transmission system and transmission method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107979608B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112187722A (en) * | 2020-09-02 | 2021-01-05 | 博依特(广州)工业互联网有限公司 | Safety isolation system based on FPGA |
CN112711925A (en) * | 2021-02-10 | 2021-04-27 | 西南电子技术研究所(中国电子科技集团公司第十研究所) | Method for designing virtualization EMIF bus DSP software |
CN112860275A (en) * | 2021-01-26 | 2021-05-28 | 北京自动化控制设备研究所 | Software and hardware cooperative encryption circuit and method for embedded computer |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103258172A (en) * | 2012-06-13 | 2013-08-21 | 福建睿矽微电子科技有限公司 | Off-chip Nor Flash bus interface hardware encryption device |
CN104391813A (en) * | 2014-10-23 | 2015-03-04 | 山东维固信息科技股份有限公司 | SOC (system-on-chip) chip for embedded data security system |
US20160342815A1 (en) * | 2014-02-15 | 2016-11-24 | Micron Technology, Inc. | Multi-Function, Modular System for Network Security, Secure Communication, and Malware Protection |
CN106681945A (en) * | 2016-11-24 | 2017-05-17 | 天津津航计算技术研究所 | Solid state hard disk with multiple protocol interfaces |
-
2017
- 2017-12-09 CN CN201711314634.4A patent/CN107979608B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103258172A (en) * | 2012-06-13 | 2013-08-21 | 福建睿矽微电子科技有限公司 | Off-chip Nor Flash bus interface hardware encryption device |
US20160342815A1 (en) * | 2014-02-15 | 2016-11-24 | Micron Technology, Inc. | Multi-Function, Modular System for Network Security, Secure Communication, and Malware Protection |
CN104391813A (en) * | 2014-10-23 | 2015-03-04 | 山东维固信息科技股份有限公司 | SOC (system-on-chip) chip for embedded data security system |
CN106681945A (en) * | 2016-11-24 | 2017-05-17 | 天津津航计算技术研究所 | Solid state hard disk with multiple protocol interfaces |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112187722A (en) * | 2020-09-02 | 2021-01-05 | 博依特(广州)工业互联网有限公司 | Safety isolation system based on FPGA |
CN112860275A (en) * | 2021-01-26 | 2021-05-28 | 北京自动化控制设备研究所 | Software and hardware cooperative encryption circuit and method for embedded computer |
CN112711925A (en) * | 2021-02-10 | 2021-04-27 | 西南电子技术研究所(中国电子科技集团公司第十研究所) | Method for designing virtualization EMIF bus DSP software |
Also Published As
Publication number | Publication date |
---|---|
CN107979608B (en) | 2021-02-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110618947A (en) | Techniques for secure I/O with memory encryption engine | |
US20090259857A1 (en) | System and Method for Efficient Security Domain Translation and Data Transfer | |
US20160364343A1 (en) | Systems and methods for data encryption | |
US10943020B2 (en) | Data communication system with hierarchical bus encryption system | |
CN108075882A (en) | Cipher card and its encipher-decipher method | |
EP3803672B1 (en) | Memory-efficient hardware cryptographic engine | |
CN107979608A (en) | The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure | |
WO2022132184A1 (en) | System, method and apparatus for total storage encryption | |
CN103716166A (en) | Self-adaptation hybrid encryption method and device and encryption communication system | |
US20230071723A1 (en) | Technologies for establishing secure channel between i/o subsystem and trusted application for secure i/o data transfer | |
CN109344664A (en) | A kind of cipher card and its encryption method that based on FPGA data are carried out with algorithm process | |
US20180191491A1 (en) | Techniques for cipher system conversion | |
CN107832248A (en) | A kind of data ferry-boat module and its data processing method with encryption and decryption functions | |
CN112948840A (en) | Access control device and processor comprising same | |
CN101515853B (en) | Information terminal and information safety device thereof | |
CN106453258B (en) | High-speed data encryption and decryption system | |
CN201051744Y (en) | A secure encryption network card device | |
CN106899545B (en) | A kind of system and method for terminal security communication | |
CN103701589A (en) | Information transmission method and device based on virtual desktop system and relevant equipment | |
CN109040147A (en) | A kind of method and system of the encryption and decryption based on TEE+SE | |
KR101881117B1 (en) | Security gateway that implements multiple communication cryptographic operation parallelism | |
CN115348363A (en) | Encryption/decryption chip, method, equipment and medium based on state cryptographic algorithm | |
CN201479145U (en) | Enciphering deciphering adapter | |
CN102314563A (en) | Computer hardware system structure | |
CN110012014A (en) | A kind of encipher-decipher method, system, device and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |