CN107979608A - The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure - Google Patents

The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure Download PDF

Info

Publication number
CN107979608A
CN107979608A CN201711314634.4A CN201711314634A CN107979608A CN 107979608 A CN107979608 A CN 107979608A CN 201711314634 A CN201711314634 A CN 201711314634A CN 107979608 A CN107979608 A CN 107979608A
Authority
CN
China
Prior art keywords
interface
data
encryption
uplink
deciphering
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711314634.4A
Other languages
Chinese (zh)
Other versions
CN107979608B (en
Inventor
周津
付彦淇
王晓璐
何全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Jinhang Computing Technology Research Institute
Original Assignee
Tianjin Jinhang Computing Technology Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Jinhang Computing Technology Research Institute filed Critical Tianjin Jinhang Computing Technology Research Institute
Priority to CN201711314634.4A priority Critical patent/CN107979608B/en
Publication of CN107979608A publication Critical patent/CN107979608A/en
Application granted granted Critical
Publication of CN107979608B publication Critical patent/CN107979608B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the data encrypting and deciphering Transmission system that a kind of interface can configure, including transmission control and dispensing unit, uplink interface, interface gating module, encryption and decryption computing unit, internal data bus and downlink port;The transmission control is connected with uplink interface, interface gating module, encryption and decryption computing unit, internal data bus and downlink port respectively with dispensing unit;The uplink interface includes several different types of interface controllers;The interface gating module is connected by uplink interface with exterior host computer processor;The encryption and decryption computing unit is connected with interface gating module and internal data bus respectively;The downlink port includes several different types of interface controllers;The internal data bus is connected by downlink port with exterior memory device.

Description

The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure
Technical field
The invention belongs to field of data encryption, is specifically data encrypting and deciphering Transmission system and transmission that a kind of interface can configure Method.
Background technology
In industrial computer system, in order to handle different data with signal, it is necessary to including embedded type CPU, FPGA, DSP very Coordinate jointly to various processors such as general desktop CPU and realize systemic-function.These processors are required for plug-in memory device, with Load and use for program after the power is turned on.
Current loading procedure is often with stored in clear, so in the transmitting procedure of loading data, there is by Unauthorized personnel obtains, changes, the possibility of attack, it is therefore desirable to adds certain safeguard measure.Meanwhile data are different Connected between processor by bus, during being transmitted and interacting, it is also possible to visited in bus transfer passage Survey, intercept and capture, cause the leakage of data, therefore be also required to be protected.
Data risk during above application is caused by mainly due to plaintext transmission is used, therefore most basic protection Mode is that data encryption technology is introduced in transmission channel, by transmission data by being converted to ciphertext in plain text, prevents unauthorized access number It is believed that breath.
The content of the invention
In view of the deficiencies of the prior art, the technical problem that the present invention intends to solve is to provide the data that a kind of interface can configure Encryption and decryption Transmission system and transmission method.
The flexible structure of this method, can compatible different transmission interfaces and agreement, realize the symmetric cryptography of transmitted in both directions with Function is decrypted, the influence to original transmission channel is reduced, realizes the safeguard protection of data transfer.
The present invention solves the problems, such as that the technical solution of the systems technology is to provide the data encrypting and deciphering that a kind of interface can configure Transmission system, it is characterised in that the system include transmission control with dispensing unit, uplink interface, interface gating module, plus Decrypt computing unit, internal data bus and downlink port;It is described transmission control with dispensing unit respectively with uplink Interface, interface gating module, encryption and decryption computing unit, internal data bus are connected with downlink port;The uplink Interface includes several different types of interface controllers;The interface gating module is upper by uplink interface and outside Machine processor connects;The encryption and decryption computing unit is connected with interface gating module and internal data bus respectively;The downlink Coffret includes several different types of interface controllers;The internal data bus passes through downlink port and outside Memory device connection.
The technical solution that the present invention solves the method technical problem is to provide the data encrypting and deciphering that a kind of interface can configure Transmission method, it is characterised in that this method uses the data encrypting and deciphering Transmission system that the interface can configure, and specifically includes following Step:
(1) after system electrification starts, transmission control carries out initial configuration, channel selecting with dispensing unit to modules Which kind of interface configuration determines the use of and establishes transmission channel, and enciphering and deciphering algorithm configuration determines the Encryption Algorithm standard used and key letter Breath;
(2) data transfer is proceeded by:If downlink transfer is encrypted, then uplink interface data and assisted View parsing, is converted into internal active traffic in plain text, carried out in encryption and decryption computing unit data encryption calculating processing formed it is close Text, interface protocol data sending is converted into memory device using downlink port;
If uplink is decrypted, then data are received by downlink port and carry out protocol analysis, be converted into effectively Data flow ciphertext, data deciphering calculating is carried out in encryption and decryption computing unit and is reverted in plain text, utilizes uplink interface to convert Exterior host computer processor is given for interface protocol data sending.
Compared with prior art, beneficial effect of the present invention is:
(1) encryption method of the method for the present invention is simple in structure, and resource occupation is few, can support FPGA or chip design etc. Different implementations.
(2) support the data transfer of a variety of peripheral bus interfaces, and can be configured according to the actual requirements, flexibility It is high.
(3) present invention can realize data penetration transmission, host computer processor and memory device be influenced smaller.
(4) Standard internal data/address bus interconnection structure is used, can be supported with fast integration standard interface controller module Encryption and decryption handles or as Universal peripheral interface.
Brief description of the drawings
Fig. 1 is the overall knot of the data encrypting and deciphering Transmission system that interface of the present invention can configure and a kind of embodiment of transmission method Structure schematic block diagram;
Fig. 2 is the overall structure of the data encrypting and deciphering Transmission system that interface of the present invention can configure and transmission method embodiment 1 Schematic block diagram.
Embodiment
The specific embodiment of the present invention is given below.Specific embodiment is only used for that the present invention is further described, unlimited The application scope of the claims processed.
The data encrypting and deciphering Transmission system (abbreviation system, referring to Fig. 1) that can configure the present invention provides a kind of interface, it is special Sign is that the system calculates list including transmission control and dispensing unit 1, uplink interface 2, interface gating module 3, encryption and decryption Member 4, internal data bus 5 and downlink port 6;It is described transmission control with dispensing unit 1 respectively with uplink interface 2, Interface gating module 3, encryption and decryption computing unit 4, internal data bus 5 and downlink port 6 connect;The uplink connects Mouth 2 includes several different types of interface controllers, can be specifically pci interface, EMIF interfaces, UART interface, EMC interfaces Deng interface type;The interface gating module 3 is connected by uplink interface 2 with exterior host computer processor;Described plus solution Close computing unit 4 is connected with interface gating module 3 and internal data bus 5 respectively;The downlink port 6 includes several Different types of interface controller, can be specifically the interface types such as pci interface, EMIF interfaces, UART interface, EMC interfaces;Institute Internal data bus 5 is stated to be connected with exterior memory device by downlink port 6;
The transmission control performs user program with dispensing unit 1, each function module is connected by controlling bus, to module Function carries out configuration and operating status control.
The inside of uplink interface 2 includes the interface controller of multiple and different types, can correspond to different outsides Host computer processor carries out the data transfer of different agreement, is changed between peripheral bus and internal active traffic.
The interface gating module 3 is according to transmission control and the configuration information of dispensing unit 1, from uplink interface 2 Effective data flow all the way is selected in multichannel interface it is sent to encryption and decryption computing unit 3 (downlink) or receives stream compression and issues Row coffret 2 (uplink).
The encryption and decryption computing unit 4 realizes packet symmetric encipherment algorithm, and downlink encryption and uplink solution are carried out to data stream Close calculating, corresponding conversion is carried out by the plaintext of interface gating module 3 and the ciphertext of internal data bus 5.In addition also may be selected not Data encrypting and deciphering processing is carried out, only completes data penetration transmission.
The internal data bus 5 is using interconnection bus agreement on standard film, you can is calculated for connecting special encryption and decryption Unit, can also connect system architecture on standard film, realize the multiplexing of downlink port.
The downlink port 6 is used to connect external memory device, is converted to data again using interface controller Corresponding standard external bus protocol, realizes the downlink transfer of data.Interface controller therein can be with uplink interface It is consistent, to realize data encrypting and deciphering transparent transmission function;Different protocol standards can also be used according to the actual requirements.
Invention also provides the data encrypting and deciphering transmission method that a kind of interface can configure, it is characterised in that this method base In the data encrypting and deciphering Transmission system that the interface can configure, following steps are specifically included:
(1) after system electrification starts, transmission control carries out modules initial configuration, passage choosing with dispensing unit 1 Select configuration and determine the use of which kind of interface establishes transmission channel, enciphering and deciphering algorithm configuration determines Encryption Algorithm standard and the key used Information;
(2) data transfer is proceeded by:If downlink transfer is encrypted, then uplink interface 2 receives data and carries out Protocol analysis, is converted into internal active traffic in plain text, and data encryption calculating processing is carried out in encryption and decryption computing unit 4 and is formed Ciphertext, interface protocol data sending is converted into memory device using downlink port 6;
If uplink is decrypted, then data are received by downlink port 6 and carry out protocol analysis, be converted into effectively Data flow ciphertext, data deciphering is carried out in encryption and decryption computing unit 4 calculates to revert in plain text, utilize 2 turns of uplink interface Interface protocol data sending is turned to exterior host computer processor.
Embodiment 1
The exterior host computer processor is using X 86 processor, TI dsp processors, FPGA processor;
The uplink interface 2 is using pci interface, EMIF interfaces and UART interface;
The interface gating module 3 uses MUX;
The encryption and decryption computing unit 4 uses SM4 enciphering algorithm modules;
The internal data bus 5 uses AMBA buses;
The downlink port 6 uses EMC interfaces and UART interface;
The memory device uses UART and NOR Flash memory chips;
The data encrypting and deciphering Transmission system that a kind of interface can configure, the system using FPGA as realizing platform, inside it Integrated pci interface, EMIF interfaces, UART interface, EMC interfaces, SM4 Encryption Algorithm, AMBA buses, MUX multiple selector and ARM CPU processors.
FPGA can use the Zynq series of X C7Z045 chips of Xilinx companies.The chip has programmable logic cells Available for realizing interface controller and Encryption Algorithm function, while embedded ARM process kernels are as transmission control and configuration feature, Internal module data transfer is realized with reference to high-performance AMBA bus architectures.
Pci interface is used for uplink connection X 86 processor, and downlink connects NOR Flash memory chips by EMC interfaces.Shape It can be used for X 86 processor during accesses memory device into data transmission channel, protection be encrypted to accessing data.
EMIF interfaces are used for uplink connection TI dsp processors, and downlink is stored again by EMC interfaces connection NOR Flash Chip.Form data transmission channel and can be used for dsp processor during accesses memory device, add to accessing data Privacy protection.
UART interface is used for uplink connection FPGA processor, and downlink forms data penetration transmission passage again by UART interface, Data can be encrypted with protection during UART bus transfers.
The present invention does not address part and is suitable for the prior art.

Claims (2)

1. the data encrypting and deciphering Transmission system that a kind of interface can configure, it is characterised in that it is single with configuration that the system includes transmission control Member, uplink interface, interface gating module, encryption and decryption computing unit, internal data bus and downlink port;The biography It is defeated control with dispensing unit respectively with uplink interface, interface gating module, encryption and decryption computing unit, internal data bus and Downlink port connects;The uplink interface includes several different types of interface controllers;The interface gating Module is connected by uplink interface with exterior host computer processor;The encryption and decryption computing unit gates mould with interface respectively Block is connected with internal data bus;The downlink port includes several different types of interface controllers;The inside Data/address bus is connected by downlink port with exterior memory device.
2. the data encrypting and deciphering transmission method that a kind of interface can configure, it is characterised in that this method uses to be connect described in claim 1 The configurable data encrypting and deciphering Transmission system of mouth, specifically includes following steps:
(1)After system electrification starts, transmission control carries out modules initial configuration, channel selecting configuration with dispensing unit Determine the use of which kind of interface establishes transmission channel, enciphering and deciphering algorithm configuration determines Encryption Algorithm standard and the key information used;
(2)Proceed by data transfer:If downlink transfer is encrypted, then uplink interface data and agreement solution is carried out Analysis, is converted into internal active traffic in plain text, and data encryption is carried out in encryption and decryption computing unit and calculates processing formation ciphertext, profit Interface protocol data sending is converted into memory device with downlink port;
If uplink is decrypted, then data are received by downlink port and carry out protocol analysis, be converted into valid data Ciphertext is flowed, data deciphering calculating is carried out in encryption and decryption computing unit and is reverted in plain text, is converted into and connect using uplink interface Mouth protocol data is sent to exterior host computer processor.
CN201711314634.4A 2017-12-09 2017-12-09 Interface-configurable data encryption and decryption transmission system and transmission method Active CN107979608B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711314634.4A CN107979608B (en) 2017-12-09 2017-12-09 Interface-configurable data encryption and decryption transmission system and transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711314634.4A CN107979608B (en) 2017-12-09 2017-12-09 Interface-configurable data encryption and decryption transmission system and transmission method

Publications (2)

Publication Number Publication Date
CN107979608A true CN107979608A (en) 2018-05-01
CN107979608B CN107979608B (en) 2021-02-12

Family

ID=62010039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711314634.4A Active CN107979608B (en) 2017-12-09 2017-12-09 Interface-configurable data encryption and decryption transmission system and transmission method

Country Status (1)

Country Link
CN (1) CN107979608B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187722A (en) * 2020-09-02 2021-01-05 博依特(广州)工业互联网有限公司 Safety isolation system based on FPGA
CN112711925A (en) * 2021-02-10 2021-04-27 西南电子技术研究所(中国电子科技集团公司第十研究所) Method for designing virtualization EMIF bus DSP software
CN112860275A (en) * 2021-01-26 2021-05-28 北京自动化控制设备研究所 Software and hardware cooperative encryption circuit and method for embedded computer

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103258172A (en) * 2012-06-13 2013-08-21 福建睿矽微电子科技有限公司 Off-chip Nor Flash bus interface hardware encryption device
CN104391813A (en) * 2014-10-23 2015-03-04 山东维固信息科技股份有限公司 SOC (system-on-chip) chip for embedded data security system
US20160342815A1 (en) * 2014-02-15 2016-11-24 Micron Technology, Inc. Multi-Function, Modular System for Network Security, Secure Communication, and Malware Protection
CN106681945A (en) * 2016-11-24 2017-05-17 天津津航计算技术研究所 Solid state hard disk with multiple protocol interfaces

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103258172A (en) * 2012-06-13 2013-08-21 福建睿矽微电子科技有限公司 Off-chip Nor Flash bus interface hardware encryption device
US20160342815A1 (en) * 2014-02-15 2016-11-24 Micron Technology, Inc. Multi-Function, Modular System for Network Security, Secure Communication, and Malware Protection
CN104391813A (en) * 2014-10-23 2015-03-04 山东维固信息科技股份有限公司 SOC (system-on-chip) chip for embedded data security system
CN106681945A (en) * 2016-11-24 2017-05-17 天津津航计算技术研究所 Solid state hard disk with multiple protocol interfaces

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187722A (en) * 2020-09-02 2021-01-05 博依特(广州)工业互联网有限公司 Safety isolation system based on FPGA
CN112860275A (en) * 2021-01-26 2021-05-28 北京自动化控制设备研究所 Software and hardware cooperative encryption circuit and method for embedded computer
CN112711925A (en) * 2021-02-10 2021-04-27 西南电子技术研究所(中国电子科技集团公司第十研究所) Method for designing virtualization EMIF bus DSP software

Also Published As

Publication number Publication date
CN107979608B (en) 2021-02-12

Similar Documents

Publication Publication Date Title
CN110618947A (en) Techniques for secure I/O with memory encryption engine
US20090259857A1 (en) System and Method for Efficient Security Domain Translation and Data Transfer
US20160364343A1 (en) Systems and methods for data encryption
US10943020B2 (en) Data communication system with hierarchical bus encryption system
CN108075882A (en) Cipher card and its encipher-decipher method
EP3803672B1 (en) Memory-efficient hardware cryptographic engine
CN107979608A (en) The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure
WO2022132184A1 (en) System, method and apparatus for total storage encryption
CN103716166A (en) Self-adaptation hybrid encryption method and device and encryption communication system
US20230071723A1 (en) Technologies for establishing secure channel between i/o subsystem and trusted application for secure i/o data transfer
CN109344664A (en) A kind of cipher card and its encryption method that based on FPGA data are carried out with algorithm process
US20180191491A1 (en) Techniques for cipher system conversion
CN107832248A (en) A kind of data ferry-boat module and its data processing method with encryption and decryption functions
CN112948840A (en) Access control device and processor comprising same
CN101515853B (en) Information terminal and information safety device thereof
CN106453258B (en) High-speed data encryption and decryption system
CN201051744Y (en) A secure encryption network card device
CN106899545B (en) A kind of system and method for terminal security communication
CN103701589A (en) Information transmission method and device based on virtual desktop system and relevant equipment
CN109040147A (en) A kind of method and system of the encryption and decryption based on TEE+SE
KR101881117B1 (en) Security gateway that implements multiple communication cryptographic operation parallelism
CN115348363A (en) Encryption/decryption chip, method, equipment and medium based on state cryptographic algorithm
CN201479145U (en) Enciphering deciphering adapter
CN102314563A (en) Computer hardware system structure
CN110012014A (en) A kind of encipher-decipher method, system, device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant