CN107086906A - A kind of Serdes transmitters - Google Patents
A kind of Serdes transmitters Download PDFInfo
- Publication number
- CN107086906A CN107086906A CN201710271034.8A CN201710271034A CN107086906A CN 107086906 A CN107086906 A CN 107086906A CN 201710271034 A CN201710271034 A CN 201710271034A CN 107086906 A CN107086906 A CN 107086906A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption device
- message
- serdes
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012423 maintenance Methods 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 11
- 230000001131 transforming effect Effects 0.000 abstract description 5
- 230000004927 fusion Effects 0.000 abstract description 4
- 239000004575 stone Substances 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 11
- 230000007246 mechanism Effects 0.000 description 9
- 238000000034 method Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of Serdes transmitters, including:Data encryption device, and the deserializer being connected with data encryption device;Data encryption device, for message to be encrypted under the cooperation of data link layer, and the message of encryption is sent to deserializer.It can be seen that, in this programme, encryption device is added on traditional Serdes architecture basics, the encryption device can coordinate the data safety algorithm of safety chain layer and security protocol layer, fusion is realized in reinforced physical layer;And, according to the data safety algorithm architecture design of balance safety chain layer and security protocol layer, rationally computing resource will be utilized for future, increase safe class ensures that the realization of advanced security algorithm system design lays the first stone, universal network route exchange device overall performance will not be influenceed simultaneously so that exchanging transforming network of data centre security is greatly reinforced.
Description
Technical field
Security technology area is passed the present invention relates to the high-speed secure physics number of plies, is sent out more specifically to a kind of Serdes
Send device.
Background technology
With the fast development of exchanging transforming network of data centre chip technology, on the one hand, the data transmitted in internet
Bandwidth is increasing.On the other hand, various applications are continually changing and developed in exchange network, and present network node is non-
Chang Duo, they are by special High speed network connection, it is necessary to provide the user more multiple securities mechanism service and preferably peace
Full guard quality, this require to provide High speed network extra safe Intranet mechanism realize distinguish outer net service and
Function.At present, information security is often to be built on Internet even affairs processing layer and application in our home equipments
Layer software realizes that these security mechanisms lack the basis of bottom, it is impossible to detect the danger of safe bottom-up information, therefore non-real complete
Whole Information Security Mechanism.
Therefore, the security of exchange network link how is improved, is that user improves more preferable safeguard protection quality, is ability
The problem of field technique personnel need to solve.
The content of the invention
It is an object of the invention to provide a kind of Serdes transmitters, to realize the security for improving exchange network link,
More preferable safeguard protection quality is improved for user.
To achieve the above object, the embodiments of the invention provide following technical scheme:
A kind of Serdes transmitters, including:
Data encryption device, and the deserializer being connected with the data encryption device;
The data encryption device, for message to be encrypted under the cooperation of data link layer, and by the report of encryption
Text is sent to the deserializer.
Optionally, the data encryption device includes:
For type of message to be identified, and send to the Port Multiplier of corresponding encryption equipment;
One end is connected with the Port Multiplier, the common encryption device that the other end is connected with the deserializer;It is described common
Encryption equipment is used to common message is encrypted;
One end is connected with the Port Multiplier, the superencipherment device that the other end is connected with the deserializer;It is described senior
Encryption equipment is used to key message is encrypted.
Optionally, by SDN control planes, to the common encryption device and/or superencipherment in the data encryption device
Device carries out key management and control maintenance.
Optionally, the common encryption device is DES/3DES encryption equipments.
Optionally, the superencipherment device is AES encryption device.
A kind of physical chip, including any one Serdes transmitters.
A kind of network switch, including above-mentioned physical chip.
By above scheme, a kind of Serdes transmitters provided in an embodiment of the present invention, including:Data encryption is filled
Put, and the deserializer being connected with the data encryption device;The data encryption device, in data link layer
Message is encrypted under cooperation, and the message of encryption is sent to the deserializer.Serdes is that high-speed digital transmission is in
The technology of the bottom, is also the chief component of orlop ESB in physical layer, and Technology On Data Encryption needs structure based on this
Security mechanism is built, really the safety of information could be ensured in data transfer, exchange process;Therefore in this programme, in tradition
Encryption device is added on Serdes architecture basics, the encryption device can coordinate the data of safety chain layer and security protocol layer
Security algorithm, fusion is realized in reinforced physical layer;Also, pacified according to the data of balance safety chain layer and security protocol layer
Full algorithm architecture design, is rationally to utilize computing resource future, increase safe class ensures the design of advanced security algorithm system
Realization is laid the first stone, while universal network route exchange device overall performance will not be influenceed so that exchanging transforming network of data centre is pacified
Full property is greatly reinforced.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of Serdes transmitter architectures schematic diagram disclosed in the embodiment of the present invention;
Fig. 2 is another Serdes transmitter architectures schematic diagram disclosed in the embodiment of the present invention;
Fig. 3 is a kind of Serdes transmitter functions structural representation disclosed in the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
The embodiment of the invention discloses a kind of Serdes transmitters, to realize the security for improving exchange network link, it is
User improves more preferable safeguard protection quality.
Referring to Fig. 1, a kind of Serdes transmitters provided in an embodiment of the present invention, including:
Data encryption device 100, and the deserializer 200 being connected with the data encryption device;
The data encryption device 200, for message to be encrypted under the cooperation of data link layer, and by encryption
Message is sent to the deserializer.
Specifically, data link layer coordinates data encryption device to message encryption, transmitted to upper strata original is specifically included
Key clear data carries out special encryption package, CRC detections, response, the configurable realization initialization of link layer etc. is received, to ensure
Each link is complete to be transmitted to data.
Specifically, almost all of high-speed interface is all based on High Speed Serial Serdes Technology designs at present, Serdes is high
Fast number passes the technology in the bottom, is also the chief component of orlop ESB in physical layer, Technology On Data Encryption need with
Security mechanism is built based on this, really the safety of information could be ensured in data transfer, exchange process;Therefore, in we
In case, traditional general serdes designs are different from, are optimization data center network route switching interface upper strata in the design
Resource consumption, adds in physical layer signal processing and realizes the less data encryption device of cost, therefore coordinates safety chain layer
With the data safety algorithm of security protocol layer, fusion is realized in reinforced physical layer;According to balance safety chain layer and safety
The data safety algorithm architecture design of protocol layer, is rationally to utilize the advanced securitys such as computing resource increase safe class guarantee in future
Algorithm system design realization lays the first stone, while universal network route exchange device overall performance will not be influenceed, based on safety
Serdes designs reinforced physical layer or even route switching array node chip so that exchanging transforming network of data centre security is significantly
Strengthen.
It is another Serdes transmitters provided in an embodiment of the present invention referring to Fig. 2, including:
Data encryption device 100, and the deserializer 200 being connected with the data encryption device;
The data encryption device 100 includes:
For type of message to be identified, and send to the Port Multiplier 101 of corresponding encryption equipment;
One end is connected with the Port Multiplier 101, the common encryption device 102 that the other end is connected with the deserializer 200;
The common encryption device 102 is used to common message is encrypted;
One end is connected with the Port Multiplier 101, the superencipherment device 103 that the other end is connected with the deserializer 200;
The superencipherment device 103 is used to key message is encrypted;
The data encryption device 200, for message to be encrypted under the cooperation of data link layer, and by encryption
Message is sent to the deserializer.Wherein, the common encryption device is DES/3DES encryption equipments;The superencipherment device is
AES encryption device.
Specifically, referring to Fig. 3, a kind of Serdes transmitter functions structural representation provided for the present embodiment, in this reality
Apply in example, in order to carry out classification encryption to the message of different importance levels, in the present embodiment, distinguish different by MUX Port Multipliers
The message of type, type of message includes common message and key message, and key message encryption grade is higher than general data message;Its
In, common message mainly completes the functions such as encryption by DES/3DES encryption equipments in the case where secure data link layer coordinates, secret
Key message mainly completes the functions such as encryption by AES encryption device in the case where secure data link layer coordinates, and specifically includes safety
Key control, interrupt processing management, upper-layer protocol aided algorithm etc..
Based on above-described embodiment, in the present embodiment, common encryption device in the data encryption device and/or it is senior plus
Close device, key management and control maintenance is carried out by SDN control planes.
Specifically, due to only being easy to be cracked by a re-encryption, therefore in the present embodiment, can be according to SDN controls
The cyclically-varying of encryption and decryption mechanism in itself is carried out under plane.Data center's SDN control planes have been responsible for security mechanism order ginseng
Number generation, such as generation perform encryption parameter, to realize that the key to encryption equipment is periodically updated.Also, data center
The network route switching framework that the High Speed Serial that the Serdes transmitters of this programme can be used to build for the network switch is realized, passes through
Special SDN security control planes realize network route switching node control chip and its safe and secret interior network, security isolation
While information, the interconnection performance for improving route switching chip is in 10Gbps- to per passage (lane) Serdes linear speeds
27Gbps, and line rate is substantially unaffected.
On the basis of above-described embodiment, the invention provides in a kind of physical chip, including above-mentioned any embodiment
Serdes transmitters.
On the basis of above-described embodiment, the invention provides a kind of network switch, including the thing in above-described embodiment
Manage layer chip.
A kind of Serdes transmitters provided in an embodiment of the present invention, including:Data encryption device, and add with the data
The connected deserializer of close device;The data encryption device, for being added under the cooperation of data link layer to message
It is close, and the message of encryption is sent to the deserializer.Serdes transmitters are the technologies that high-speed digital transmission is in the bottom,
It is also the chief component of orlop ESB in physical layer, Technology On Data Encryption needs to build security mechanism based on this,
Really the safety of information can be ensured in data transfer, exchange process;Therefore in this programme, in traditional Serdes structure base
Encryption device is added on plinth, the encryption device can coordinate the data safety algorithm of safety chain layer and security protocol layer, fusion
Realized in reinforced physical layer;Also, set according to the data safety algorithm framework of balance safety chain layer and security protocol layer
Meter, is rationally to utilize computing resource future, increase safe class ensures that the realization of advanced security algorithm system design lays the first stone,
Universal network route exchange device overall performance will not be influenceed simultaneously so that exchanging transforming network of data centre security is greatly reinforced.
The embodiment of each in this specification is described by the way of progressive, and what each embodiment was stressed is and other
Between the difference of embodiment, each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or using the present invention.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The most wide scope caused.
Claims (7)
1. a kind of Serdes transmitters, it is characterised in that including:
Data encryption device, and the deserializer being connected with the data encryption device;
The data encryption device, sends out for message to be encrypted under the cooperation of data link layer, and by the message of encryption
Deliver to the deserializer.
2. Serdes transmitters according to claim 1, it is characterised in that the data encryption device includes:
For type of message to be identified, and send to the Port Multiplier of corresponding encryption equipment;
One end is connected with the Port Multiplier, the common encryption device that the other end is connected with the deserializer;The common encryption
Device is used to common message is encrypted;
One end is connected with the Port Multiplier, the superencipherment device that the other end is connected with the deserializer;The superencipherment
Device is used to key message is encrypted.
3. Serdes transmitters according to claim 1 or 2, it is characterised in that common in the data encryption device
Encryption equipment and/or superencipherment device, key management and control maintenance is carried out by SDN control planes.
4. Serdes transmitters according to claim 3, it is characterised in that the common encryption device is encrypted for DES/3DES
Device.
5. Serdes transmitters according to claim 4, it is characterised in that the superencipherment device is AES encryption device.
6. a kind of physical chip, it is characterised in that sent including the Serdes as described in any one in claim 1-5
Device.
7. a kind of network switch, it is characterised in that including physical chip as claimed in claim 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710271034.8A CN107086906A (en) | 2017-04-24 | 2017-04-24 | A kind of Serdes transmitters |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710271034.8A CN107086906A (en) | 2017-04-24 | 2017-04-24 | A kind of Serdes transmitters |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107086906A true CN107086906A (en) | 2017-08-22 |
Family
ID=59613055
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710271034.8A Pending CN107086906A (en) | 2017-04-24 | 2017-04-24 | A kind of Serdes transmitters |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107086906A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6775274B1 (en) * | 2000-01-27 | 2004-08-10 | International Business Machines Corporation | Circuit and method for providing secure communication over data communication interconnects |
CN101330342A (en) * | 2008-07-30 | 2008-12-24 | 中兴通讯股份有限公司 | Method for implementing time synchronization protocol using port mirror and apparatus thereof |
CN104767828A (en) * | 2015-04-24 | 2015-07-08 | 福州瑞芯微电子有限公司 | Inter-chip high-speed interconnection link layer design method and system |
CN204904266U (en) * | 2015-08-17 | 2015-12-23 | 北京立华莱康平台科技有限公司 | Encryption device |
CN105959648A (en) * | 2016-06-23 | 2016-09-21 | 浙江宇视科技有限公司 | Encryption method and device, and video monitoring system |
-
2017
- 2017-04-24 CN CN201710271034.8A patent/CN107086906A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6775274B1 (en) * | 2000-01-27 | 2004-08-10 | International Business Machines Corporation | Circuit and method for providing secure communication over data communication interconnects |
CN101330342A (en) * | 2008-07-30 | 2008-12-24 | 中兴通讯股份有限公司 | Method for implementing time synchronization protocol using port mirror and apparatus thereof |
CN104767828A (en) * | 2015-04-24 | 2015-07-08 | 福州瑞芯微电子有限公司 | Inter-chip high-speed interconnection link layer design method and system |
CN204904266U (en) * | 2015-08-17 | 2015-12-23 | 北京立华莱康平台科技有限公司 | Encryption device |
CN105959648A (en) * | 2016-06-23 | 2016-09-21 | 浙江宇视科技有限公司 | Encryption method and device, and video monitoring system |
Non-Patent Citations (1)
Title |
---|
马锡昆: "40nm工艺下一种应用于SerDes的发送器设计", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Aljawarneh et al. | A resource-efficient encryption algorithm for multimedia big data | |
CN105230036B (en) | Physical layer and virtualization physical layer suitable for EHF contactless communication | |
CN107453868B (en) | A kind of safe and efficient quantum key method of servicing | |
CN106209739B (en) | Cloud storage method and system | |
CN106022080B (en) | A kind of data ciphering method based on the cipher card of PCIe interface and the cipher card | |
CN103475464B (en) | A kind of power special quantum encryption gateway system | |
CN105592107B (en) | A kind of safe harvester of industrial process data based on FPGA and method | |
CN106656999A (en) | Secure transmission authentication method and device of IoT (Internet of Things) terminal equipment | |
CN107896223A (en) | A kind of data processing method and system, data collecting system and data receiving system | |
CN103716166A (en) | Self-adaptation hybrid encryption method and device and encryption communication system | |
CN108123793A (en) | SPI communication device based on APB buses | |
EP3713147B1 (en) | Railway signal security encryption method and system | |
CN109257347A (en) | Communication means and relevant apparatus, storage medium suitable for data interaction between bank | |
CN104361489B (en) | A kind of mark system and method for sensitive information | |
CN107832248A (en) | A kind of data ferry-boat module and its data processing method with encryption and decryption functions | |
CN106506141A (en) | A kind of DCS data ciphering methods based on FPGA | |
CN102932345B (en) | A kind of information transferring method, Apparatus and system | |
CN105681253A (en) | Data encryption transmission method, equipment and gateway in centralized network | |
CN101179470A (en) | Dual-protocol based VPN implementing method | |
CN109150829A (en) | Software definition cloud network trust data distribution method, readable storage medium storing program for executing and terminal | |
CN107086906A (en) | A kind of Serdes transmitters | |
CN104954136A (en) | Network security encryption device under cloud computing environment | |
CN108055268A (en) | A kind of method based on PCIe link data penetration transmission encryption and decryption | |
CN107979608A (en) | The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure | |
CN107493287A (en) | Industry control network data security system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170822 |