CN109325356A - A kind of encryption card architecture - Google Patents
A kind of encryption card architecture Download PDFInfo
- Publication number
- CN109325356A CN109325356A CN201810850407.1A CN201810850407A CN109325356A CN 109325356 A CN109325356 A CN 109325356A CN 201810850407 A CN201810850407 A CN 201810850407A CN 109325356 A CN109325356 A CN 109325356A
- Authority
- CN
- China
- Prior art keywords
- encryption
- module
- decryption
- task
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of encryption card architectures, including interface module, control module, data encrypting and deciphering module and memory module, wherein the interface module uses standard interface, for carrying out data communication with host;Multiple storage units are set in the memory module;The data encrypting and deciphering module is used to carry out encryption/decryption to being distributed for task according to the control instruction of control module and the task after encrypted/decryption is stored in corresponding storage unit;The control module is used to distribute to received task the data encrypting and deciphering module and is sent to host to the data information of the corresponding storage unit of reading after the acquisition assignment instructions of host feedback task completion message and receiving host after the completion of task encryption/decryption.
Description
Technical field
The present invention relates to technical field of data security more particularly to a kind of encryption card architectures.
Background technique
Hardware security module (Hardware Secure Module, HSM) has been got over as a kind of important encryption equipment
To be more widely applied in the fields such as government, finance, communication, national defence.Due to being related to the protection and safety of sensitive information, use
Hardware security module to storage medium encrypt it is particularly important, can to avoid when storing device losses important or private information let out
It is close.There is the implementation of hardware security module on China and the international at present, is able to achieve RSA, elliptic curve/SM2, SM4 etc. and adds
Close algorithm supports the multiple interfaces such as PCI/PCI-X, PCI-E/mini PCI-E.In the prior art, hardware security module is usually adopted
With encrypted card realize in data Encrypt and Decrypt operation, at present encrypted card be by special chip (usually FPGA, FPGA turn
ASIC it) realizes, needs with customized non-standard dedicated api interface, the application due to existing product based on the end PC is all with certainly
Definition, off-gauge API, lead to the operating system to each application, will in addition provide original part driving.In different computers
Under operating system, special driving is needed to service for it, this exploitation to software can expend huge manpower, practical
The compatibility of upper software is to promote this kind of product, maximum problem.
Meanwhile encrypted card usually only has single encryption function in the prior art, directly returns and adds after the completion of encryption
Ciphertext data, host needs to monitor encrypted state in real time, to greatly occupy host resource.
Therefore in view of the drawbacks of the prior art, it is really necessary to propose a kind of technical solution to solve skill of the existing technology
Art problem.
Summary of the invention
In view of this, being solved it is necessory to provide a kind of hardware security device using the communication interface and agreement of standard
Prior art systems compatibility and driving problems;Memory and encryption device are combined simultaneously, host is referred to by storing control
It enables and informing mechanism realizes that encryption and decryption operation greatly improves at host without waiting encryption and decryption task to complete in real time
Manage efficiency;And the operation of high-speed data encryption and decryption is realized by the way that multiple data encrypting and deciphering modules and a variety of enciphering and deciphering algorithms are arranged.
In order to overcome the drawbacks of the prior art, technical scheme is as follows:
A kind of encryption card architecture, including interface module, control module, data encrypting and deciphering module and memory module, wherein institute
Interface module is stated using standard interface, for carrying out data communication with host;Multiple storage units are set in the memory module;
The data encrypting and deciphering module is used to carry out encryption/decryption simultaneously to being distributed for task according to the control instruction of control module
Task after encrypted/decryption is stored in corresponding storage unit;The control module is for distributing to received task
The data encrypting and deciphering module simultaneously completes message to host feedback task after the completion of task encryption/decryption and receives master
The data information that corresponding storage unit is read after the acquisition assignment instructions of machine is sent to host.
Multiple data encrypting and deciphering modules, each data encrypting and deciphering module tool is arranged in encrypted card as a preferred technical solution,
There is unique identifying number and distributes corresponding storage unit to store the task after encryption/decryption.
Setting information table in the control module as a preferred technical solution, the control module monitored data add solution
Close module updates information table and controls the operation of the encrypted card according to the information table;The information table is compiled including at least task
Number, module number, action type, status information and storage address information, the mission number is that each received task is set
The unique identifying number set;The module number is that the mark of the data encrypting and deciphering module of encryption/decryption is carried out to the task
Number;The action type is that data encrypting and deciphering module carries out cryptographic operation or decryption oprerations to the task;The status information is
The working condition of data encrypting and deciphering module;The storage address information is to store the task to carry out data after encryption/decryption
The address information of information.
Multiple encryption algorithms are set in the data encrypting and deciphering module as a preferred technical solution, according to the control
The control instruction of module selects corresponding Encryption Algorithm.
The data encrypting and deciphering module further comprises MCU, randomizer, algorithm as a preferred technical solution,
Storage unit and encryption and decryption processing unit, the algorithm storage unit is for storing Encryption Algorithm;The encryption and decryption processing unit
For loading corresponding Encryption Algorithm according to the instruction of MCU and executing encryption/decryption;The randomizer is for producing
The raw key for being used for the Encryption Algorithm;The MCU and the randomizer, algorithm storage unit and encryption and decryption processing are single
Member, for controlling the work of the data encrypting and deciphering module.
The Encryption Algorithm stored in the algorithm storage unit as a preferred technical solution, includes AES-128/256,
SM2, SM3, SM4, RSA, 3DES and SHA.
As a preferred technical solution, the interface module be PCIe, SATA, USB, SAS, IEEE1394, SD, eMMC or
Any one of SPI interface.
It is logical to carry out data for the transport protocol between the interface module and host using agreement as a preferred technical solution,
Letter.
The data encrypting and deciphering module uses the S686 main control chip of Hua Lanwei company as a preferred technical solution,.
The store instruction that the control module receiving host is sent as a preferred technical solution, the control module will
The encryption and decryption instruction that a kind of encryption mode is resolved to the write operation of particular address, based on being parsed to the read operation of particular address
Machine obtains assignment instructions.
Compared with prior art, the present invention solves prior art systems compatibility using the communication interface and agreement of standard
Property and driving problems, can accomplish good compatibility, in user's use, marketing, number in different operating system
There is very big advantage according to encryption and decryption processing and system monitoring etc.;Memory and encryption device are combined simultaneously, it is main
Machine realizes encryption and decryption operation by control store instruction and informing mechanism, and host waits encryption and decryption task to complete without real-time,
Greatly improve host process efficiency;And high speed is realized by the way that multiple data encrypting and deciphering modules and a variety of enciphering and deciphering algorithms are arranged
Data encrypting and deciphering operation.
Detailed description of the invention
Fig. 1 is the functional block diagram of present invention encryption card architecture.
Fig. 2 is the functional block diagram of data encrypting and deciphering module in the present invention.
Fig. 3 is the flow diagram of data processing method in the present invention.
Following specific embodiment will further illustrate the present invention in conjunction with above-mentioned attached drawing.
Specific embodiment
Technical solution provided by the invention is described further below with reference to attached drawing.
Since prior art encrypted card product is all to lead to the operation system to each application with customized, off-gauge API
In addition system will provide original part driving, this exploitation to software can expend huge manpower, the actually compatibility of software,
It is big to make this kind of product promote difficulty.
Referring to Fig. 1, it show a kind of functional block diagram for encrypting card architecture of the present invention, including interface module, control module, number
According to encryption/decryption module and memory module, wherein interface module uses standard interface, for carrying out data communication with host, preferably
Ground, any one of interface module PCIe, SATA, USB, SAS, IEEE1394, SD, eMMC or SPI interface.Due to using logical
Standard interface, while encryption and decryption operation is realized using the control instruction (Data Transport Protocol) of agreement, without installation
Driver can realize plug and play under different operating system.
Multiple storage units are arranged in memory module in data encrypting and deciphering module and memory module ingenious combination by the present invention;
Data encrypting and deciphering module is used to carry out encryption/decryption to being distributed for task according to the control instruction of control module and will be through
Task after encryption/decryption is stored in corresponding storage unit;Meanwhile control module is also connected with memory module, Neng Gouzhi
Connect the data information read in memory module.By adopting the above technical scheme, the encryption and decryption operation of encrypted card is fully enclosed in interior
Portion, for external host, encrypted card is equivalent to common external a generic storage equipment, such as USB flash disk, hard disk etc., even
There can be drive, have the attribute of the normal hard disk such as storage size, only under normal read-write operation, which also has
For data encrypting and deciphering function.Under framework of the present invention, data encryption operation is equivalent to, encrypted card is written into be-encrypted data, together
When host transmission task after can handle other operations, without waiting;Cryptographic operation is completed, and encrypted card sends notification instruction and informs
The cryptographic operation of host corresponding task is completed, and host obtains the data information for being stored in appropriate address by reading instruction again, is completed
Primary encryption/decryption oprerations.
Control module is the core of the encryption card architecture, for controlling the operation of encrypted card;Wherein, control module is by connecing
The task that mouth mold block receiving host is sent, distributes to data encrypting and deciphering module for received task;Control module monitoring data adds
The state of deciphering module, control module completes message to host feedback task to allow master after the completion of task encryption/decryption
Machine is obtained in time through encryption and decryption treated task;Further, it is read after the acquisition assignment instructions of control module receiving host
The data information of corresponding storage unit is simultaneously sent to host.
Further, multiple data encrypting and deciphering modules are arranged in encrypted card, and each data encrypting and deciphering module has unique identification
Number and distribute corresponding storage unit to store the task after encryption/decryption.To greatly improve Data Concurrent processing capacity
It is stronger.
In a preferred embodiment, setting information table in control module, the control module monitored data encryption and decryption
Module updates information table and controls the operation of the encrypted card according to the information table;Information table includes at least mission number, mould
Block number, action type, status information and storage address information, mission number are unique mark of each received task setting
Knowledge number;Module number is the identification number that the data encrypting and deciphering module of encryption/decryption is carried out to the task;Action type is number
Cryptographic operation or decryption oprerations are carried out to the task according to encryption/decryption module;Status information is the work shape of data encrypting and deciphering process
State;Storage address information is the address information for storing the task and carrying out data information after encryption/decryption.Specifically, control
After the task that module receiving host is sent, establishes an I/O task and determine corresponding mission number, completed in I/O task specified
After operation, host can just be fed back accordingly;After establishing I/O task, control module distributes an idle data encrypting and deciphering
Module simultaneously obtains its module number, while listening for data encrypting and deciphering module execution encryption/decryption to update information table,
In, status information includes at least busy, idle, ready and done, wherein state, which is set to busy, indicates data encrypting and deciphering module
Carrying out data processing;State, which is set to idle, indicates that data encrypting and deciphering resume module completes task, can undertake new task;
Task has been stored to corresponding storage unit after state is set to ready expression encryption/decryption;State is set to done and indicates
Corresponding data are had read from storage unit, then the memory space can be released.It therefore, can be clear by above- mentioned information table
The address space shape of the process status for knowing any one task of Chu, the working condition of data encrypting and deciphering module and memory module
State, so that the encryption and decryption of carry out task be facilitated to handle.
In a kind of preferred embodiments, the order of Data Transport Protocol has stack function, to solve read write command
Out-of-order response problem, IO queue is managed operational order, realizes concurrent data encrypting and deciphering processing.Add for each
Decryption oprerations, because the data length of encryption and decryption and enciphering and deciphering algorithm are different, the duration of processing is also different, every time encryption and decryption point
It being handled with one hardware encryption card of network, after the completion of waiting processing, is there is the stack-protocol of storage, notice system task is completed,
Finally the data after process encryption and decryption are sent.Therefore, when being written and read every time, encrypted card can all establish one
A I/O task just can feed back accordingly host after I/O task completes read-write operation.
In a kind of preferred embodiments, by the control instruction of agreement by action type and specific memory address space
Binding, that is, memory space address is carried out particular division, the write operation of a specified address and length data can be taken as
A kind of encryption and decryption order of encryption mode can notify the read operation carried out to this address after encryption and decryption is disposed automatically, read
The data taken are then the data after encryption and decryption is disposed.
In a kind of preferred embodiments, multiple encryption algorithms are set in data encrypting and deciphering module, according to control module
Control instruction select corresponding Encryption Algorithm.Preferably, before carrying out data encrypting and deciphering operation, configuration-direct pair is first passed through
Data encrypting and deciphering module is configured to select specific Encryption Algorithm.Wherein, Encryption Algorithm includes AES-128/256, SM2,
SM3, SM4, RSA, 3DES, SHA etc..
In the present invention, each data encrypting and deciphering module binds corresponding storage unit, it is preferable that storage unit is according to matching
It sets instruction to dynamically distribute, namely calculates required storage sky according to specific encryption and decryption tupe and task data length gauge
Between, it determines write-in data or reads the initial position of data, the data to encryption and decryption are written by this position, are finally read from this position
Data of encryption and decryption out, complete the processing of an encryption and decryption, to realize dynamic allocation storage unit.
In a kind of preferred embodiments, the store instruction that control module receiving host is sent, control module will be to specific
The write operation of address resolves to a kind of encryption and decryption instruction of encryption mode, obtains host is resolved to the read operation of particular address
Assignment instructions.Wherein, address mapping table is saved in control module, records the initial address of each storage unit, space size, right
Therefore the data encrypting and deciphering module and its encryption and decryption type answered will be resolved to a kind of add to the write operation of some storage unit
The encryption and decryption order of close mode (being arranged by configuration-direct).For example 0x100000 starts as 001 number encryption/decryption module
Cryptographic operation, 0x200000 start as the decryption oprerations of 001 number encryption/decryption module.And the length address is subjected to equal portions and is drawn
Point, such as 0x800 (2K) can be set by the length of each storage unit reservation process data, then just having 128 plus solution
Close unit, then each 2K corresponds to a data encryption/decryption module from 0x100000 to 0x13ffff, and 0x140000 is arrived
0x1fffff is then reserved to the more processing units of this encryption and decryption.It is of course also possible to more for a data encryption/decryption module distribution
A storage unit.Corresponding encryption and decryption address writes data and then starts encryption and decryption processing, will obtain having added solution from this address reading later
Close data.For example, control instruction is the storage unit for being 0x100000 by data information writing address, then control module will count
It is believed that breath is sent to 001 number encryption/decryption module and starts cryptographic operation, after cryptographic operation, the data information of encryption is deposited
Store up the storage unit for being 0x100000 in address;Equally, to the storage unit for being 0x200000 by data information writing address, then
Data information is sent to 001 number encryption/decryption module and starts decryption oprerations by control module, the data information memory of encryption
The storage unit for being 0x200000 in address.
In a kind of preferred embodiments, storage unit is integrated in data encrypting and deciphering module, and control unit passes through address
Mapping table manages each storage unit.
In a kind of preferred embodiments, storage unit uses EMMC or Flash storage device.
In a kind of preferred embodiments, data encrypting and deciphering module uses the S686 main control chip of Hua Lanwei company.To
Pressure can be shared for control module while carrying out data encrypting and deciphering processing, reduce the consumption and occupancy of its resource.S686
Built-in hardware encryption module supports AES-128/256, SM2, SM3, and SM4, RSA, the multiple encryption algorithms such as 3DES, SHA can
While guaranteeing that the quick encryption and decryption of data is handled, do not cause damages to the read-write transmission performance of data.Built-in random number hair
Raw device can be carried out driving by firmware in piece and generate random number, guarantee the truly random property that key generates.S686 compatible to SD 1.0,
The agreements such as SD2.0, SD3.0 and EMMC3.3, EMMC4.0, EMMC5.0 carry out memory management using 32 embedded type CPUs, and prop up
Multichannel memory management is held, the quick processing for carrying out data and read-write operation are helped.
Referring to fig. 2, it is shown the functional block diagram of data encrypting and deciphering module of the present invention, further comprises MCU, random number generation
Device, algorithm storage unit and encryption and decryption processing unit, the algorithm storage unit is for storing Encryption Algorithm;At the encryption and decryption
Reason unit is used to load corresponding Encryption Algorithm according to the instruction of MCU and executes encryption/decryption;The randomizer
For generating the key for being used for the Encryption Algorithm;The MCU and the randomizer, algorithm storage unit and encryption and decryption
Processing unit, for controlling the work of the data encrypting and deciphering module.
Referring to Fig. 3, it show a kind of flow chart of the data processing method of encrypted card of the present invention, comprising the following steps:
Step S1: encryption/task of decryption that receiving host is sent;
Step S2: by encryption/task of decryption to be processed distribute to idle state data encrypting and deciphering module and encryption/
Directly task after processing is stored to the corresponding storage unit of data encrypting and deciphering module after the completion of decryption oprerations;The number
There is unique identifying number according to encryption/decryption module;
Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;
Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to master
Machine.
Wherein, in step sl, encryption/task of decryption that receiving host is sent is the write command to appropriate address space.
In the step S3, information table is updated after the completion of encryption/decryption and is disappeared to host feedback task completion
Breath includes that the task corresponds to access unit address information.
In step s 4, it is the reading instruction to appropriate address space that receiving host was sent, which obtains assignment instructions,.
By adopting the above technical scheme, memory and encryption device are combined, host is by control store instruction and leads to
Know that mechanism realizes encryption and decryption operation, host greatly improves host process efficiency without waiting encryption and decryption task to complete in real time.It is right
For external host, encrypted card is equivalent to common external a generic storage equipment, such as USB flash disk, hard disk etc., it might even be possible to have
Drive has the attribute of the normal hard disk such as storage size, and unlike the prior art, the present invention is in normal read-write operation
Under, it has been also equipped with data encrypting and deciphering function.Under framework of the present invention, data encryption operation is equivalent to and adds be-encrypted data write-in
Close card, while other operations can be handled after host transmission task, without waiting;Cryptographic operation is completed, and encrypted card sends notice
Instruction informs that the cryptographic operation of host corresponding task is completed, and host obtains the data letter for being stored in appropriate address by reading instruction again
Breath completes primary encryption/decryption oprerations.
In a preferred embodiment, in step S3, information table and basis are updated by monitored data encryption/decryption module
The operation of the information table control encrypted card;The information table includes at least mission number, module number, action type, state
Information and storage address information, the mission number are the unique identifying number of each received task setting;The module is compiled
Number for the task carry out encryption/decryption data encrypting and deciphering module identification number;The action type is that data add solution
Close module carries out cryptographic operation or decryption oprerations to the task;The status information is the working condition of data encrypting and deciphering module;
The storage address information is the address information for storing the task and carrying out data information after encryption/decryption.
In above-mentioned technical proposal, multiple storage units are arranged in each data encrypting and deciphering module, and each storage unit is for depositing
Store up an encryption and decryption task.After each encryption and decryption task has been handled, store into one of storage unit;Task stores it
Afterwards, data encrypting and deciphering module can handle next encryption and decryption task;Meanwhile control module directly reads storage unit
It writes, is completely independent to host feedback data and data encrypting and deciphering process, thus greatly high treatment effeciency.In addition, by setting
The state for setting the read-write of storage flag mark data, task has been stored to phase after state, which is set to ready, indicates encryption/decryption
The storage unit answered;State is set to done expression and has read corresponding data from storage unit, then the memory space can
To be released;Greatly improve storage space utilization.
In a preferred embodiment, further include the steps that the configuration-direct of receiving host, configuration-direct is for configuring
The encryption/decryption parameter of data encrypting and deciphering module;The encryption/decryption parameter includes at least encryption algorithm type, is AES-128/256,
Any one of SM2, SM3, SM4, RSA, 3DES or SHA.Meanwhile configuration-direct further includes the data length of waiting task,
Data encrypting and deciphering module redistributes access unit address space according to configuration-direct.For example, current crypto task size is
2K, the length after using SM2 Encryption Algorithm to handle then carry out memory space using the space 4K as basic storage unit for 4K
It redistributes.By adopting the above technical scheme, setting Encryption Algorithm can be required according to user and be arranged according to actual needs optimal
Storage unit.
The above description of the embodiment is only used to help understand the method for the present invention and its core ideas.It should be pointed out that pair
For those skilled in the art, without departing from the principle of the present invention, the present invention can also be carried out
Some improvements and modifications, these improvements and modifications also fall within the scope of protection of the claims of the present invention.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of encryption card architecture, which is characterized in that including interface module, control module, data encrypting and deciphering module and storage mould
Block, wherein the interface module uses standard interface, for carrying out data communication with host;It is arranged in the memory module more
A storage unit;The data encrypting and deciphering module is for adding being distributed for task according to the control instruction of control module
Task after encrypted/decryption is simultaneously stored in corresponding storage unit by close/decryption oprerations;The control module will be for that will receive
Task distribute to the data encrypting and deciphering module and task encryption/decryption completion after to host feedback task completion disappear
The data information that corresponding storage unit is read after the acquisition assignment instructions of breath and receiving host is sent to host.
2. encryption card architecture according to claim 1, which is characterized in that multiple data encrypting and deciphering modules are arranged in encrypted card,
Each data encrypting and deciphering module has unique identifying number and distributes corresponding storage unit to store the task after encryption/decryption.
3. encryption card architecture according to claim 1 or 2, which is characterized in that setting information table in the control module, institute
Control module monitored data encryption/decryption module is stated to update information table and control the operation of the encrypted card according to the information table;Institute
Information table is stated including at least mission number, module number, action type, status information and storage address information, the task is compiled
Number for each received task setting unique identifying number;The module number is to carry out encryption/decryption to the task
Data encrypting and deciphering module identification number;The action type is that data encrypting and deciphering module carries out cryptographic operation or solution to the task
Close operation;The status information is the working condition of data encrypting and deciphering module;The storage address information be store the task into
The address information of data information after row encryption/decryption.
4. encryption card architecture according to claim 3, which is characterized in that a variety of add is arranged in the data encrypting and deciphering module
Close algorithm selects corresponding Encryption Algorithm according to the control instruction of the control module.
5. encryption card architecture according to claim 4, which is characterized in that the data encrypting and deciphering module further comprises
MCU, randomizer, algorithm storage unit and encryption and decryption processing unit, the algorithm storage unit are calculated for storing encryption
Method;The encryption and decryption processing unit is used to load corresponding Encryption Algorithm according to the instruction of MCU and executes encryption/decryption;
The randomizer is used to generate the key for the Encryption Algorithm;The MCU and the randomizer, algorithm
Storage unit and encryption and decryption processing unit, for controlling the work of the data encrypting and deciphering module.
6. encryption card architecture according to claim 5, which is characterized in that the encryption stored in the algorithm storage unit is calculated
Method includes AES-128/256, SM2, SM3, SM4, RSA, 3DES and SHA.
7. encryption card architecture according to claim 3, which is characterized in that the interface module be PCIe, SATA, USB,
Any one of SAS, IEEE1394, SD, eMMC or SPI interface.
8. encryption card architecture according to claim 3, which is characterized in that using agreement between the interface module and host
Transport protocol carry out data communication.
9. encryption card architecture according to claim 3, which is characterized in that the data encrypting and deciphering module is using the micro- public affairs of magnificent billows
The S686 main control chip of department.
10. encryption card architecture according to claim 8, which is characterized in that the control module receiving host was sent deposits
Storage instruction, the control module instruct the encryption and decryption that a kind of encryption mode is resolved to the write operation of particular address, will be to spy
The read operation for determining address resolves to host and obtains assignment instructions.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810850407.1A CN109325356A (en) | 2018-07-28 | 2018-07-28 | A kind of encryption card architecture |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810850407.1A CN109325356A (en) | 2018-07-28 | 2018-07-28 | A kind of encryption card architecture |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109325356A true CN109325356A (en) | 2019-02-12 |
Family
ID=65264392
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810850407.1A Pending CN109325356A (en) | 2018-07-28 | 2018-07-28 | A kind of encryption card architecture |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109325356A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110012014A (en) * | 2019-04-08 | 2019-07-12 | 山东渔翁信息技术股份有限公司 | A kind of encipher-decipher method, system, device and medium |
CN110084054A (en) * | 2019-05-08 | 2019-08-02 | 深圳豪杰创新电子有限公司 | A kind of data privacy device, method, electronic equipment and storage medium |
CN113721983A (en) * | 2021-08-19 | 2021-11-30 | 支付宝(杭州)信息技术有限公司 | External memory, method for providing password service and business processing equipment |
CN113742753A (en) * | 2021-09-15 | 2021-12-03 | 北京宏思电子技术有限责任公司 | Data stream encryption and decryption method, electronic equipment and chip system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340279A (en) * | 2008-07-09 | 2009-01-07 | 深圳市金蝶移动互联技术有限公司 | Method, system and apparatus for data ciphering and deciphering |
CN106302514A (en) * | 2016-09-06 | 2017-01-04 | 苏州协鑫集成科技工业应用研究院有限公司 | The dynamic encrypting method of memory card and decryption method and device thereof |
CN107256363A (en) * | 2017-06-13 | 2017-10-17 | 杭州华澜微电子股份有限公司 | A kind of high-speed encryption and decryption device being made up of encryption/decryption module array |
-
2018
- 2018-07-28 CN CN201810850407.1A patent/CN109325356A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340279A (en) * | 2008-07-09 | 2009-01-07 | 深圳市金蝶移动互联技术有限公司 | Method, system and apparatus for data ciphering and deciphering |
CN106302514A (en) * | 2016-09-06 | 2017-01-04 | 苏州协鑫集成科技工业应用研究院有限公司 | The dynamic encrypting method of memory card and decryption method and device thereof |
CN107256363A (en) * | 2017-06-13 | 2017-10-17 | 杭州华澜微电子股份有限公司 | A kind of high-speed encryption and decryption device being made up of encryption/decryption module array |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110012014A (en) * | 2019-04-08 | 2019-07-12 | 山东渔翁信息技术股份有限公司 | A kind of encipher-decipher method, system, device and medium |
CN110084054A (en) * | 2019-05-08 | 2019-08-02 | 深圳豪杰创新电子有限公司 | A kind of data privacy device, method, electronic equipment and storage medium |
CN113721983A (en) * | 2021-08-19 | 2021-11-30 | 支付宝(杭州)信息技术有限公司 | External memory, method for providing password service and business processing equipment |
WO2023020234A1 (en) * | 2021-08-19 | 2023-02-23 | 支付宝(杭州)信息技术有限公司 | External memory, method for providing password service, and service processing device |
CN113742753A (en) * | 2021-09-15 | 2021-12-03 | 北京宏思电子技术有限责任公司 | Data stream encryption and decryption method, electronic equipment and chip system |
CN113742753B (en) * | 2021-09-15 | 2023-09-29 | 北京宏思电子技术有限责任公司 | Data stream encryption and decryption method, electronic equipment and chip system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109067523A (en) | A kind of data ciphering method of encrypted card | |
CN109325356A (en) | A kind of encryption card architecture | |
CN109104275A (en) | A kind of HSM equipment | |
US8321659B2 (en) | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data transfer controlling apparatus | |
CN107256363B (en) | High-speed encryption and decryption device composed of encryption and decryption module array | |
US20120124380A1 (en) | Usb composite device and method therefor | |
CN107092835B (en) | Computer data encryption device and method for virtual storage disk | |
CN102930212B (en) | For the anti-leakage of data method of office system | |
CN112052483B (en) | Data communication system and method of password card | |
CN103903042A (en) | Data flow encryption SD card | |
CN114297114B (en) | Encryption card, data interaction method and device thereof and computer readable storage medium | |
CN112035900B (en) | High-performance password card and communication method thereof | |
CN110765501A (en) | Encrypted USB flash disk | |
CN115237843B (en) | Trusted computing system and method | |
CN106845254A (en) | A kind of encrypted data transmission line for computer | |
CN110765467A (en) | Encrypted solid state disk | |
CN106899545A (en) | A kind of system and method for terminal security communication | |
CN109711208B (en) | USB interface equipment data encryption conversion device and working method thereof | |
CN105468983A (en) | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface | |
CN102930229B (en) | Office system for improving data security | |
CN110765498A (en) | Encryption computer | |
CN205158335U (en) | PIC series singlechip serial ports burns record system | |
CN110765468A (en) | Encryption card | |
WO2020082811A1 (en) | Storage method and apparatus having hidden partition, and host device | |
CN110765500A (en) | Data processing method of encrypted solid state disk |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190212 |