CN106534136A - PCI-E password card - Google Patents
PCI-E password card Download PDFInfo
- Publication number
- CN106534136A CN106534136A CN201611033685.5A CN201611033685A CN106534136A CN 106534136 A CN106534136 A CN 106534136A CN 201611033685 A CN201611033685 A CN 201611033685A CN 106534136 A CN106534136 A CN 106534136A
- Authority
- CN
- China
- Prior art keywords
- chip
- key
- state
- pci
- close algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a PCI-E password card. When an operator logs in the password card, a security chip synchronizes a stored key to an FPGA chip. Then, when the FPGA chip receives an operation instruction of an upper computer to indicate a domestic password algorithm chip to perform key operation, the domestic password algorithm chip directly obtains a key from the FPGA chip to perform the key operation, so that the key operation speed is improved. Meanwhile, in the PCI-E password card disclosed by the invention, the security chip manages the operation authority of the operator, thereby guaranteeing the reliability of the PCI-E password card.
Description
Technical field
The application is related to field of information security technology, more particularly, it relates to a kind of PCI-E cipher cards.
Background technology
With the continuous development of computer networking technology, the network information security has become asking for network user's common concern
Topic.On the one hand the root of Network Information Security Problem comes the safety defect of automatic network itself, the such as dangerous and industry of procotol
That what is is engaged in is dangerous, is on the other hand human factor, and such as mismanagement causes the attack of hacker.
Password product of the PCI-E cipher cards as a software and hardware combining, can effectively ensure the security of the network information,
It is widely used in field of information security technology.
General PCI-E cipher cards need to use key, including public key or private key when some algorithm computings are done, and calculate
Method chip can just do corresponding computing after must obtaining key.But existing PCI-E cipher cards are generally carrying out key computing
When key is obtained from key management unit by fpga chip, its transmission time can be long, can so affect arithmetic speed.
The content of the invention
In view of this, the application provides a kind of PCE-I cipher cards, to improve the key arithmetic speed of PCE-I cipher cards.
To achieve these goals, it is proposed that scheme it is as follows:
A kind of PCI-E cipher cards, the PCI-E cipher cards at least include:The close algorithm core of safety chip, fpga chip and state
Piece;
Wherein, the safety chip is used to obtaining the operating right of operator, and the operating right is sent to described
Fpga chip, and when operator logs in the PCI-E cipher cards, by the key synchronization for prestoring to the fpga chip;
The fpga chip is used for the operational order for receiving host computer transmission, and the type according to the operational order and institute
The operational data that operating right determines key algorithm is stated, the key and the operational data are sent into algorithm core close to the state
Piece;
The close algorithm chip of the state is used to carry out key computing based on the key and the operational data, and computing is tied
Fruit is sent to host computer.
Preferably, it is characterised in that also include:The card reader being connected with the safety chip, for read operation person's
Operating right.
Preferably, the fpga chip includes:Two-port RAM and state machine;
The two-port RAM is connected with the close algorithm chip of the safety chip and the state respectively, for storing the peace
The key that full chip sends, and when the close algorithm chip of the state carries out key computing, the password is sent to institute
State the close algorithm chip of state;
The state machine is connected with the state close algorithm chip, for receiving the operational order that the host computer sends
And the computing complement mark position of the close algorithm chip feedback of the state.
Preferably, the close algorithm chip of the state is the close algorithm chip of SM2 states.
Understand via above-mentioned technical proposal, a kind of PCI-E cipher cards of disclosure.When operator logs in the cipher card
When, safety chip is by the key synchronization for storing to fpga chip.Further, when fpga chip receives the operational order of host computer to refer to
When showing that the close algorithm chip of state carries out key computing, the close algorithm chip of state directly from FGPA chips can obtain key and carry out key fortune
Calculate, improve key arithmetic speed.Meanwhile, safety chip is managed to the operating right of operating personnel in the present invention, is protected
The reliability of PCI-E cipher cards is demonstrate,proved.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can be with basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 shows that one embodiment of the invention discloses a kind of structural representation of PCI-E cipher cards;
Fig. 2 has gone out a kind of structural representation of PCI-E cipher cards disclosed in another embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
Show that one embodiment of the invention discloses a kind of structural representation of PCI-E cipher cards referring to Fig. 1.
As shown in Figure 1, the PCI-E cipher cards at least include:The close algorithm chip of safety chip 1, fpga chip 2 and state 3.
Wherein, the safety chip 1 is connected with the fpga chip 2, for obtaining the operating right of operator, and should
Operating right is sent to fpga chip 2.The safety chip 1 is additionally operable to when operator logs in the PCI-E cipher cards simultaneously, will be pre-
The key synchronization deposited is into fpga chip 2.
After fpga chip receives the operational order that host computer sends, fpga chip 2 according to the type of the operational order and
The operating right obtained from safety chip 2, it is determined that participating in the operational data of key algorithm.When the operational order shows that key is calculated
When method is SM2 key algorithms, fpga chip 2 sends key and operational data into the close algorithm chip of the state 3.
The close algorithm chip 3 of the state receives key and the operational data that fpga chip 2 sends, and is based on the key and institute
Stating operational data carries out key computing, after the close algorithm chip of state completes computing, can send computing complement mark position to fpga chip
2, fpga chip 2 can notify host computer by MSI interrupt mode, and operation result is passed through DMA transfer to host computer.
As seen from the above embodiment, PCI-E cipher cards disclosed in the present application are when operator logs in the cipher card, safe core
Piece is by the key synchronization for storing to fpga chip.Further, when fpga chip receives the operational order of host computer to indicate the close calculation of state
When method chip carries out key computing, the close algorithm chip of state directly from FGPA chips can obtain key and carry out key computing, improve
Key arithmetic speed.Meanwhile, safety chip is managed to the operating right of operating personnel in the present invention, it is ensured that PCI-
The reliability of E cipher cards.
A kind of structural representation of PCI-E cipher cards disclosed in another embodiment of the present invention is shown referring to Fig. 2.
In the present embodiment, the cipher card includes:The close algorithm chip 3 of safety chip 1, fpga chip 2, state and card reader
4。
Optionally, fpga chip includes in the present embodiment:Two-port RAM 21 and state machine 22.
Card reader 4 is connected with safety chip 1, for when operating personnel log in the cipher card from the register of operator
The operating right of read operation person, and the operating right for reading is sent into safety chip 2.
Further, safety chip 2 sends into fpga chip 2 and the operating right and the key that prestores by the operating right
Send to fpga chip 2.Wherein, cache in the two-port RAM that key is sent into fpga chip 2 by safety chip 2.
Further, the state machine 22 of fpga chip 2 receives the operational order that host computer sends, and according to the operational order
Type and the operating right obtained from safety chip 2, it is determined that participating in the operational data of key algorithm.When the operational order shows
When key algorithm is SM2 key algorithms, fpga chip 2 sends key and operational data into the close algorithm chip of the state 3.Its
In, the close algorithm chip 3 of the state is the close algorithm chip of SM2 states.
The close algorithm chip 3 of the state receives key and the operational data that fpga chip 2 sends, and is based on the key and institute
Stating operational data carries out key computing, after the close algorithm chip of state completes computing, can send computing complement mark position to fpga chip 2
State machine, fpga chip 2 can notify host computer by MSI interrupt mode, and operation result by DMA transfer to upper
Machine.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation are made a distinction with another entity or operation, and are not necessarily required or implied these entities or operation
Between there is any this actual relation or order.And, term " including ", "comprising" or its any other variant are anticipated
Covering including for nonexcludability, so that a series of process, method, article or equipment including key elements not only includes that
A little key elements, but also including other key elements being not expressly set out, or also include for this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element for being limited by sentence "including a ...", does not arrange
Except also there is other identical element in including the process of the key element, method, article or equipment.
In this specification, each embodiment is described by the way of progressive, and what each embodiment was stressed is and other
The difference of embodiment, between each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or using the present invention.
Various modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized without departing from the spirit or scope of the present invention in other embodiments.Therefore, the present invention
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The most wide scope for causing.
Claims (4)
1. a kind of PCI-E cipher cards, it is characterised in that the PCI-E cipher cards at least include:Safety chip, fpga chip and
The close algorithm chip of state;
Wherein, the safety chip is used for the operating right for obtaining operator, and the operating right is sent to the FPGA
Chip, and when operator logs in the PCI-E cipher cards, by the key synchronization for prestoring to the fpga chip;
The fpga chip is used for the operational order for receiving host computer transmission, and the type according to the operational order and the behaviour
The operational data of key algorithm is determined as authority, the key and the operational data are sent into algorithm chip close to the state;
The close algorithm chip of the state is used to carry out key computing based on the key and the operational data, and operation result is sent out
Deliver to host computer.
2. PCI-E cipher cards according to claim 1, it is characterised in that also include:The reading being connected with the safety chip
Card device, for the operating right of read operation person.
3. PCI-E cipher cards according to claim 1, it is characterised in that the fpga chip includes:Two-port RAM with
And state machine;
The two-port RAM is connected with the close algorithm chip of the safety chip and the state respectively, for storing the safe core
The key that piece sends, and when the close algorithm chip of the state carries out key computing, the password is sent to the state
Close algorithm chip;
The state machine is connected with the state close algorithm chip, for receive the operational order that the host computer sends and
The computing complement mark position of the close algorithm chip feedback of the state.
4. PCI-E cipher cards according to claim 1, it is characterised in that the close algorithm chip of the state is the close algorithm of SM2 states
Chip.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611033685.5A CN106534136A (en) | 2016-11-22 | 2016-11-22 | PCI-E password card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611033685.5A CN106534136A (en) | 2016-11-22 | 2016-11-22 | PCI-E password card |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106534136A true CN106534136A (en) | 2017-03-22 |
Family
ID=58356500
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611033685.5A Pending CN106534136A (en) | 2016-11-22 | 2016-11-22 | PCI-E password card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106534136A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107612682A (en) * | 2017-09-25 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of data processing method based on SHA512 algorithms, apparatus and system |
CN107612681A (en) * | 2017-09-25 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of data processing method based on SM3 algorithms, apparatus and system |
CN108345806A (en) * | 2017-12-14 | 2018-07-31 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | A kind of hardware encryption card and encryption method |
CN118153025A (en) * | 2023-12-26 | 2024-06-07 | 中金金融认证中心有限公司 | PCI-E interface password card design method and PCI-E interface password card |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103237021A (en) * | 2013-04-08 | 2013-08-07 | 浪潮集团有限公司 | FPGA-chip-based (field programmable gate array chip-based) PCI-E (peripheral component interconnect-express) high-speed cipher card |
CN203930840U (en) * | 2013-10-31 | 2014-11-05 | 中国大唐集团财务有限公司 | A kind of hardware encryption card |
CN105162808A (en) * | 2015-10-19 | 2015-12-16 | 成都卫士通信息产业股份有限公司 | Safety login method based on domestic cryptographic algorithm |
CN105337731A (en) * | 2015-11-24 | 2016-02-17 | 北京三未信安科技发展有限公司 | Improvement of code equipment and data synchronizing method and system after improvement |
CN106022080A (en) * | 2016-06-30 | 2016-10-12 | 北京三未信安科技发展有限公司 | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card |
-
2016
- 2016-11-22 CN CN201611033685.5A patent/CN106534136A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103237021A (en) * | 2013-04-08 | 2013-08-07 | 浪潮集团有限公司 | FPGA-chip-based (field programmable gate array chip-based) PCI-E (peripheral component interconnect-express) high-speed cipher card |
CN203930840U (en) * | 2013-10-31 | 2014-11-05 | 中国大唐集团财务有限公司 | A kind of hardware encryption card |
CN105162808A (en) * | 2015-10-19 | 2015-12-16 | 成都卫士通信息产业股份有限公司 | Safety login method based on domestic cryptographic algorithm |
CN105337731A (en) * | 2015-11-24 | 2016-02-17 | 北京三未信安科技发展有限公司 | Improvement of code equipment and data synchronizing method and system after improvement |
CN106022080A (en) * | 2016-06-30 | 2016-10-12 | 北京三未信安科技发展有限公司 | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107612682A (en) * | 2017-09-25 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of data processing method based on SHA512 algorithms, apparatus and system |
CN107612681A (en) * | 2017-09-25 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of data processing method based on SM3 algorithms, apparatus and system |
CN108345806A (en) * | 2017-12-14 | 2018-07-31 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | A kind of hardware encryption card and encryption method |
CN108345806B (en) * | 2017-12-14 | 2020-07-07 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Hardware encryption card and encryption method |
CN118153025A (en) * | 2023-12-26 | 2024-06-07 | 中金金融认证中心有限公司 | PCI-E interface password card design method and PCI-E interface password card |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106534136A (en) | PCI-E password card | |
CN103888251B (en) | A kind of method of virtual machine credible security in cloud environment | |
CN101997834B (en) | Device for supporting high-performance safety protocol | |
CN107294709A (en) | A kind of block chain data processing method, apparatus and system | |
CN108885665A (en) | System and method for decrypting the network flow in virtualized environment | |
CN105592107A (en) | Device and method for safely collecting industrial process data on basis of FPGA | |
CN104756077B (en) | The security system time reports | |
CN105791207A (en) | network security method and network security service system | |
CN107873096A (en) | The protection of sensitive chat data | |
CN103984536B (en) | I/O request number systems and its method in a kind of cloud computing platform | |
JP2003512649A (en) | Cryptographic accelerator | |
CN107391232A (en) | A kind of system level chip SOC and SOC systems | |
WO2006071892A3 (en) | Computerized system for developing weight-loss plan | |
CN104573591B (en) | A kind of secure readers and its method of work | |
CN109302501A (en) | A kind of industrial control data storage method based on block chain technology, apparatus and system | |
CN106529221A (en) | FPGA program copying prevention method and PCI-E password card | |
CN108667598A (en) | For realizing the device and method and security key exchange method of security key exchange | |
Renardi et al. | Securing electronic medical record in near field communication using advanced encryption standard (AES) | |
CN109547450A (en) | Method, apparatus, electronic equipment and the computer media in operational safety execution domain | |
CN105321121A (en) | Power cloud platform based power utilization information acquisition system | |
CN107944230A (en) | A kind of universal method of software activation verification | |
CN101533504A (en) | Electric medical affairs system and device | |
CN104809411A (en) | Medical image authentication preservation method based on data integrity checking and restoration | |
CN115118751B (en) | Blockchain-based supervision system, method, equipment and medium | |
US10380335B1 (en) | Systems and methods for providing security to a host endpoint device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170322 |
|
RJ01 | Rejection of invention patent application after publication |