CN106534136A - PCI-E password card - Google Patents

PCI-E password card Download PDF

Info

Publication number
CN106534136A
CN106534136A CN201611033685.5A CN201611033685A CN106534136A CN 106534136 A CN106534136 A CN 106534136A CN 201611033685 A CN201611033685 A CN 201611033685A CN 106534136 A CN106534136 A CN 106534136A
Authority
CN
China
Prior art keywords
chip
key
state
pci
close algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611033685.5A
Other languages
Chinese (zh)
Inventor
单德鹏
林峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ZHONGJINGUOXIN TECHNOLOGY Co Ltd
Original Assignee
BEIJING ZHONGJINGUOXIN TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ZHONGJINGUOXIN TECHNOLOGY Co Ltd filed Critical BEIJING ZHONGJINGUOXIN TECHNOLOGY Co Ltd
Priority to CN201611033685.5A priority Critical patent/CN106534136A/en
Publication of CN106534136A publication Critical patent/CN106534136A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a PCI-E password card. When an operator logs in the password card, a security chip synchronizes a stored key to an FPGA chip. Then, when the FPGA chip receives an operation instruction of an upper computer to indicate a domestic password algorithm chip to perform key operation, the domestic password algorithm chip directly obtains a key from the FPGA chip to perform the key operation, so that the key operation speed is improved. Meanwhile, in the PCI-E password card disclosed by the invention, the security chip manages the operation authority of the operator, thereby guaranteeing the reliability of the PCI-E password card.

Description

A kind of PCI-E cipher cards
Technical field
The application is related to field of information security technology, more particularly, it relates to a kind of PCI-E cipher cards.
Background technology
With the continuous development of computer networking technology, the network information security has become asking for network user's common concern Topic.On the one hand the root of Network Information Security Problem comes the safety defect of automatic network itself, the such as dangerous and industry of procotol That what is is engaged in is dangerous, is on the other hand human factor, and such as mismanagement causes the attack of hacker.
Password product of the PCI-E cipher cards as a software and hardware combining, can effectively ensure the security of the network information, It is widely used in field of information security technology.
General PCI-E cipher cards need to use key, including public key or private key when some algorithm computings are done, and calculate Method chip can just do corresponding computing after must obtaining key.But existing PCI-E cipher cards are generally carrying out key computing When key is obtained from key management unit by fpga chip, its transmission time can be long, can so affect arithmetic speed.
The content of the invention
In view of this, the application provides a kind of PCE-I cipher cards, to improve the key arithmetic speed of PCE-I cipher cards.
To achieve these goals, it is proposed that scheme it is as follows:
A kind of PCI-E cipher cards, the PCI-E cipher cards at least include:The close algorithm core of safety chip, fpga chip and state Piece;
Wherein, the safety chip is used to obtaining the operating right of operator, and the operating right is sent to described Fpga chip, and when operator logs in the PCI-E cipher cards, by the key synchronization for prestoring to the fpga chip;
The fpga chip is used for the operational order for receiving host computer transmission, and the type according to the operational order and institute The operational data that operating right determines key algorithm is stated, the key and the operational data are sent into algorithm core close to the state Piece;
The close algorithm chip of the state is used to carry out key computing based on the key and the operational data, and computing is tied Fruit is sent to host computer.
Preferably, it is characterised in that also include:The card reader being connected with the safety chip, for read operation person's Operating right.
Preferably, the fpga chip includes:Two-port RAM and state machine;
The two-port RAM is connected with the close algorithm chip of the safety chip and the state respectively, for storing the peace The key that full chip sends, and when the close algorithm chip of the state carries out key computing, the password is sent to institute State the close algorithm chip of state;
The state machine is connected with the state close algorithm chip, for receiving the operational order that the host computer sends And the computing complement mark position of the close algorithm chip feedback of the state.
Preferably, the close algorithm chip of the state is the close algorithm chip of SM2 states.
Understand via above-mentioned technical proposal, a kind of PCI-E cipher cards of disclosure.When operator logs in the cipher card When, safety chip is by the key synchronization for storing to fpga chip.Further, when fpga chip receives the operational order of host computer to refer to When showing that the close algorithm chip of state carries out key computing, the close algorithm chip of state directly from FGPA chips can obtain key and carry out key fortune Calculate, improve key arithmetic speed.Meanwhile, safety chip is managed to the operating right of operating personnel in the present invention, is protected The reliability of PCI-E cipher cards is demonstrate,proved.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing Accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can be with basis The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 shows that one embodiment of the invention discloses a kind of structural representation of PCI-E cipher cards;
Fig. 2 has gone out a kind of structural representation of PCI-E cipher cards disclosed in another embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
Show that one embodiment of the invention discloses a kind of structural representation of PCI-E cipher cards referring to Fig. 1.
As shown in Figure 1, the PCI-E cipher cards at least include:The close algorithm chip of safety chip 1, fpga chip 2 and state 3.
Wherein, the safety chip 1 is connected with the fpga chip 2, for obtaining the operating right of operator, and should Operating right is sent to fpga chip 2.The safety chip 1 is additionally operable to when operator logs in the PCI-E cipher cards simultaneously, will be pre- The key synchronization deposited is into fpga chip 2.
After fpga chip receives the operational order that host computer sends, fpga chip 2 according to the type of the operational order and The operating right obtained from safety chip 2, it is determined that participating in the operational data of key algorithm.When the operational order shows that key is calculated When method is SM2 key algorithms, fpga chip 2 sends key and operational data into the close algorithm chip of the state 3.
The close algorithm chip 3 of the state receives key and the operational data that fpga chip 2 sends, and is based on the key and institute Stating operational data carries out key computing, after the close algorithm chip of state completes computing, can send computing complement mark position to fpga chip 2, fpga chip 2 can notify host computer by MSI interrupt mode, and operation result is passed through DMA transfer to host computer.
As seen from the above embodiment, PCI-E cipher cards disclosed in the present application are when operator logs in the cipher card, safe core Piece is by the key synchronization for storing to fpga chip.Further, when fpga chip receives the operational order of host computer to indicate the close calculation of state When method chip carries out key computing, the close algorithm chip of state directly from FGPA chips can obtain key and carry out key computing, improve Key arithmetic speed.Meanwhile, safety chip is managed to the operating right of operating personnel in the present invention, it is ensured that PCI- The reliability of E cipher cards.
A kind of structural representation of PCI-E cipher cards disclosed in another embodiment of the present invention is shown referring to Fig. 2.
In the present embodiment, the cipher card includes:The close algorithm chip 3 of safety chip 1, fpga chip 2, state and card reader 4。
Optionally, fpga chip includes in the present embodiment:Two-port RAM 21 and state machine 22.
Card reader 4 is connected with safety chip 1, for when operating personnel log in the cipher card from the register of operator The operating right of read operation person, and the operating right for reading is sent into safety chip 2.
Further, safety chip 2 sends into fpga chip 2 and the operating right and the key that prestores by the operating right Send to fpga chip 2.Wherein, cache in the two-port RAM that key is sent into fpga chip 2 by safety chip 2.
Further, the state machine 22 of fpga chip 2 receives the operational order that host computer sends, and according to the operational order Type and the operating right obtained from safety chip 2, it is determined that participating in the operational data of key algorithm.When the operational order shows When key algorithm is SM2 key algorithms, fpga chip 2 sends key and operational data into the close algorithm chip of the state 3.Its In, the close algorithm chip 3 of the state is the close algorithm chip of SM2 states.
The close algorithm chip 3 of the state receives key and the operational data that fpga chip 2 sends, and is based on the key and institute Stating operational data carries out key computing, after the close algorithm chip of state completes computing, can send computing complement mark position to fpga chip 2 State machine, fpga chip 2 can notify host computer by MSI interrupt mode, and operation result by DMA transfer to upper Machine.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by One entity or operation are made a distinction with another entity or operation, and are not necessarily required or implied these entities or operation Between there is any this actual relation or order.And, term " including ", "comprising" or its any other variant are anticipated Covering including for nonexcludability, so that a series of process, method, article or equipment including key elements not only includes that A little key elements, but also including other key elements being not expressly set out, or also include for this process, method, article or The intrinsic key element of equipment.In the absence of more restrictions, the key element for being limited by sentence "including a ...", does not arrange Except also there is other identical element in including the process of the key element, method, article or equipment.
In this specification, each embodiment is described by the way of progressive, and what each embodiment was stressed is and other The difference of embodiment, between each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or using the present invention. Various modifications to these embodiments will be apparent for those skilled in the art, as defined herein General Principle can be realized without departing from the spirit or scope of the present invention in other embodiments.Therefore, the present invention The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one The most wide scope for causing.

Claims (4)

1. a kind of PCI-E cipher cards, it is characterised in that the PCI-E cipher cards at least include:Safety chip, fpga chip and The close algorithm chip of state;
Wherein, the safety chip is used for the operating right for obtaining operator, and the operating right is sent to the FPGA Chip, and when operator logs in the PCI-E cipher cards, by the key synchronization for prestoring to the fpga chip;
The fpga chip is used for the operational order for receiving host computer transmission, and the type according to the operational order and the behaviour The operational data of key algorithm is determined as authority, the key and the operational data are sent into algorithm chip close to the state;
The close algorithm chip of the state is used to carry out key computing based on the key and the operational data, and operation result is sent out Deliver to host computer.
2. PCI-E cipher cards according to claim 1, it is characterised in that also include:The reading being connected with the safety chip Card device, for the operating right of read operation person.
3. PCI-E cipher cards according to claim 1, it is characterised in that the fpga chip includes:Two-port RAM with And state machine;
The two-port RAM is connected with the close algorithm chip of the safety chip and the state respectively, for storing the safe core The key that piece sends, and when the close algorithm chip of the state carries out key computing, the password is sent to the state Close algorithm chip;
The state machine is connected with the state close algorithm chip, for receive the operational order that the host computer sends and The computing complement mark position of the close algorithm chip feedback of the state.
4. PCI-E cipher cards according to claim 1, it is characterised in that the close algorithm chip of the state is the close algorithm of SM2 states Chip.
CN201611033685.5A 2016-11-22 2016-11-22 PCI-E password card Pending CN106534136A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611033685.5A CN106534136A (en) 2016-11-22 2016-11-22 PCI-E password card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611033685.5A CN106534136A (en) 2016-11-22 2016-11-22 PCI-E password card

Publications (1)

Publication Number Publication Date
CN106534136A true CN106534136A (en) 2017-03-22

Family

ID=58356500

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611033685.5A Pending CN106534136A (en) 2016-11-22 2016-11-22 PCI-E password card

Country Status (1)

Country Link
CN (1) CN106534136A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107612682A (en) * 2017-09-25 2018-01-19 郑州云海信息技术有限公司 A kind of data processing method based on SHA512 algorithms, apparatus and system
CN107612681A (en) * 2017-09-25 2018-01-19 郑州云海信息技术有限公司 A kind of data processing method based on SM3 algorithms, apparatus and system
CN108345806A (en) * 2017-12-14 2018-07-31 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) A kind of hardware encryption card and encryption method
CN118153025A (en) * 2023-12-26 2024-06-07 中金金融认证中心有限公司 PCI-E interface password card design method and PCI-E interface password card

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103237021A (en) * 2013-04-08 2013-08-07 浪潮集团有限公司 FPGA-chip-based (field programmable gate array chip-based) PCI-E (peripheral component interconnect-express) high-speed cipher card
CN203930840U (en) * 2013-10-31 2014-11-05 中国大唐集团财务有限公司 A kind of hardware encryption card
CN105162808A (en) * 2015-10-19 2015-12-16 成都卫士通信息产业股份有限公司 Safety login method based on domestic cryptographic algorithm
CN105337731A (en) * 2015-11-24 2016-02-17 北京三未信安科技发展有限公司 Improvement of code equipment and data synchronizing method and system after improvement
CN106022080A (en) * 2016-06-30 2016-10-12 北京三未信安科技发展有限公司 Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103237021A (en) * 2013-04-08 2013-08-07 浪潮集团有限公司 FPGA-chip-based (field programmable gate array chip-based) PCI-E (peripheral component interconnect-express) high-speed cipher card
CN203930840U (en) * 2013-10-31 2014-11-05 中国大唐集团财务有限公司 A kind of hardware encryption card
CN105162808A (en) * 2015-10-19 2015-12-16 成都卫士通信息产业股份有限公司 Safety login method based on domestic cryptographic algorithm
CN105337731A (en) * 2015-11-24 2016-02-17 北京三未信安科技发展有限公司 Improvement of code equipment and data synchronizing method and system after improvement
CN106022080A (en) * 2016-06-30 2016-10-12 北京三未信安科技发展有限公司 Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107612682A (en) * 2017-09-25 2018-01-19 郑州云海信息技术有限公司 A kind of data processing method based on SHA512 algorithms, apparatus and system
CN107612681A (en) * 2017-09-25 2018-01-19 郑州云海信息技术有限公司 A kind of data processing method based on SM3 algorithms, apparatus and system
CN108345806A (en) * 2017-12-14 2018-07-31 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) A kind of hardware encryption card and encryption method
CN108345806B (en) * 2017-12-14 2020-07-07 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Hardware encryption card and encryption method
CN118153025A (en) * 2023-12-26 2024-06-07 中金金融认证中心有限公司 PCI-E interface password card design method and PCI-E interface password card

Similar Documents

Publication Publication Date Title
CN106534136A (en) PCI-E password card
CN103888251B (en) A kind of method of virtual machine credible security in cloud environment
CN101997834B (en) Device for supporting high-performance safety protocol
CN107294709A (en) A kind of block chain data processing method, apparatus and system
CN108885665A (en) System and method for decrypting the network flow in virtualized environment
CN105592107A (en) Device and method for safely collecting industrial process data on basis of FPGA
CN104756077B (en) The security system time reports
CN105791207A (en) network security method and network security service system
CN107873096A (en) The protection of sensitive chat data
CN103984536B (en) I/O request number systems and its method in a kind of cloud computing platform
JP2003512649A (en) Cryptographic accelerator
CN107391232A (en) A kind of system level chip SOC and SOC systems
WO2006071892A3 (en) Computerized system for developing weight-loss plan
CN104573591B (en) A kind of secure readers and its method of work
CN109302501A (en) A kind of industrial control data storage method based on block chain technology, apparatus and system
CN106529221A (en) FPGA program copying prevention method and PCI-E password card
CN108667598A (en) For realizing the device and method and security key exchange method of security key exchange
Renardi et al. Securing electronic medical record in near field communication using advanced encryption standard (AES)
CN109547450A (en) Method, apparatus, electronic equipment and the computer media in operational safety execution domain
CN105321121A (en) Power cloud platform based power utilization information acquisition system
CN107944230A (en) A kind of universal method of software activation verification
CN101533504A (en) Electric medical affairs system and device
CN104809411A (en) Medical image authentication preservation method based on data integrity checking and restoration
CN115118751B (en) Blockchain-based supervision system, method, equipment and medium
US10380335B1 (en) Systems and methods for providing security to a host endpoint device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170322

RJ01 Rejection of invention patent application after publication