CN108494549A - Cipher key index consulting device, system and method based on FPGA - Google Patents
Cipher key index consulting device, system and method based on FPGA Download PDFInfo
- Publication number
- CN108494549A CN108494549A CN201810161967.6A CN201810161967A CN108494549A CN 108494549 A CN108494549 A CN 108494549A CN 201810161967 A CN201810161967 A CN 201810161967A CN 108494549 A CN108494549 A CN 108494549A
- Authority
- CN
- China
- Prior art keywords
- cipher key
- frame
- key index
- terminal
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The present invention relates to a kind of cipher key index consulting device, systems approaches, belong to the communications field.Method includes:Data packet to be sent is received, the list item that opposite end address in mapping table is IP1 is searched for;It does not search, then creates cipher key index;First frame is sent to terminal 2;The second frame that terminal 2 is sent is obtained, and is stored in ram in slice;The entry status that opposite end address in second frame is IP2 is updated to FIN, while the cipher key index field of 1 corresponding list item of terminal is updated to the cipher key index value in the second frame;Third frame is sent to terminal 2.The device of the invention, system and method can complete the negotiation of required cipher key index in the case where only consuming few network overhead according to the data flow in current network;The flexibility using cipher key index is substantially increased, and is not influenced by network topology, even whole network topology changes, and cipher key index also can dynamic generation again.
Description
Technical field
The present invention relates to point-to-point coded communication technical fields more particularly to a kind of cipher key index based on FPGA to negotiate dress
It sets, system and method.
Background technology
The developing history for making a general survey of cryptography increasingly shows based on key secret the safeguard protection of data rather than calculates
Method maintains secrecy this new feature.Therefore to the management of key and using the emphasis for ensureing data safety is just become, as key management
There are specific considerations in many documents and books, details are not described herein, and also to rest on comparison traditional for the method that key uses
Stage, have enough researching value and room for promotion.
How really main problem using key is cipher key index, i.e. the encryption and decryption for some terminal address data packet,
Surely any group key should be used.Current general method is that the list item that will be made of all addresses and its corresponding cipher key index is pre-
It makes in a full dose mapping table, the major key of list item is terminal address.It can be according to the key of terminal address in encryption and decryption
Index needs key to be used to determine.But there are shortcomings for this method, must be it is to be understood that all terminal when prefabricated first
Address, secondly when the mapping relations of terminal address and cipher key index change, mapping table modification amount is too big.
Tradition using there are prefabricated mapping tables in the method or system of key, reflect by dumb, of high cost and modification in summary
The shortcomings that firing table heavy workload.
Invention content
In view of above-mentioned analysis, the present invention is intended to provide a kind of cipher key index consulting device, system and side based on FPGA
Method, solve the problems, such as the prefabricated mapping table present in the prior art it is dumb, it is of high cost and modification mapping table heavy workload.
The purpose of the present invention is mainly achieved through the following technical solutions:
On the one hand, a kind of cipher key index consulting device based on FPGA, including FPGA1 and CPU1 are provided;It is described
FPGA1 includes ram in slice 1:
FPGA1 when for receiving data packet to be sent, searching for the list item that opposite end address in mapping table is IP2, not searching
Rope arrives, then CPU1 is notified to create cipher key index;It is additionally operable to obtain the second frame that terminal 2 is sent, and is stored in 1 data of ram in slice
Area, and notify CPU1 processing;
CPU1, for executing:
Newly-built cipher key index;
First frame is sent to terminal 2, the first frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1;
When receiving processing notification, the second frame is read, the entry status that opposite end address is IP2 is added or be updated to FIN,
The cipher key index value cipher key index field of the list item being updated to simultaneously in the second frame;
Third frame is sent to terminal 2, the third frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1.
Further, the FPGA1 notifies CPU1 by way of interruption.
Further, the mapping table includes table item index, state, local terminal address, opposite end address and cipher key index field;Institute
Negotiation state of the mode field for indicating cipher key index is stated, FIN indicates to complete, and NEW indicates newly-built, and ACK indicates response.
Further, list item is scanned for searching by Secondary Match algorithm;The mapping table, which uses, has address conflict
Redundancy setting.
Further, the newly-built cipher key index includes:By 1 data field of IP1 and IP2 write-in ram in slice;IP2 is converted into H
Value, the new list item for being NEW in the position addition state that mapping table table item index value is H values.
Second aspect provides a kind of cipher key index machinery of consultation, includes the following steps:
Data packet to be sent is received, the list item that opposite end address in mapping table is IP2 is searched for;
It does not search, then creates cipher key index;
First frame is sent to terminal 2, the first frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1;
The second frame that terminal 2 is sent is obtained, and is preserved;
The second frame is read, the entry status that opposite end address is IP2 is added or is updated to FIN, while by the close of the list item
Key index field is updated to the cipher key index value in the second frame;
Third frame is sent to terminal 2, the third frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1.
Wherein, IP1 and IP2 is respectively the IP address of terminal 1, the IP address of terminal 2.
The third aspect provides a kind of cipher key index consulting device based on FPGA, including FPGA2 and CPU2, FPGA2
Including 2 data field of ram in slice;
FPGA2, the first frame for capturing the transmission of terminal 1, and it is stored in 2 data field of ram in slice;It is additionally operable to capture terminal
The 1 third frame sent, and it is stored in 2 data field of ram in slice;
CPU2, for executing:
First frame is read, the list item that opposite end address is IP1 is searched, the state for adding or updating the list item is ACK, simultaneously will
The cipher key index field of the list item is updated to the cipher key index value in first frame;
The second frame is sent to terminal 1, second frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 2;
Third frame is read, the entry status that opposite end address is IP1 is added or is updated to FIN, while by the close of the list item
Key index field is updated to the cipher key index value in third frame.
Fourth aspect provides a kind of cipher key index machinery of consultation, includes the following steps:
The first frame that terminal 1 is sent is captured, and is preserved;
First frame is read, the list item that opposite end address is IP1 is searched, the state for adding or updating the list item is ACK, simultaneously will
The cipher key index field of the list item is updated to the cipher key index value in first frame;
The second frame is sent to terminal 1, second frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 2;
The third frame that terminal 1 is sent is captured, and is preserved;
Third frame is read, the entry status that opposite end address is IP1 is added or is updated to FIN, while by the close of the list item
Key index field is updated to the cipher key index value in third frame.
5th aspect, provide a kind of both sides' cipher key index negotiating system based on FPGA, include be connected with terminal 1 it is upper
The cipher key index for the above-mentioned third aspect offer stated the cipher key index consulting device of first aspect offer and be connected with terminal 2 is negotiated
Device.
6th aspect, provides a kind of both sides' cipher key index machinery of consultation, including the key that above-mentioned second invention is provided
The cipher key index machinery of consultation of machinery of consultation and the offer of above-mentioned fourth aspect is provided.
Said program has the beneficial effect that:
FPGA1, CPU1 are set at two terminals 1 of communication;FPGA2 and CPU2 is set at terminal 2;In FPGA1
RAM1 is set, RAM2 is set in FPGA2, carrying out network connection by network interface between FPGA1 and FPGA2 realizes that data are sent
Negotiate with cipher key index.It, can be according to the data flow in current network, needed for completion in the case of only consuming few network overhead
Cipher key index negotiation.
The flexibility using cipher key index is not only substantially increased, but also is not influenced by network topology, even entirely
Network topology changes, and cipher key index also can dynamic generation again.
Software and hardware combining, software ancillary hardware.
FPGA and CPU are notified by interrupt mode, are carried out data sharing by ram in slice, are realized the dynamic of cipher key index
Negotiate.
Mapping table is with [opposite end address] for major key.Address conversion determines that the list item quantity of each table is 1024, is less than
The list item quantity of mapping table in traditional design.Address conversion result, that is, table item index value directly passes through index value when accessing list item
Addressing faster than traditional indexed mode avoids plenty of time consumption in logical operation, greatly improves matching efficiency.
Using the Secondary Match algorithm design map table and entry lookup being simple and efficient, with minimum address conflict cost,
Bring the effect of mapping table reduction.
By address conversion function it is found that there is a situation where that multiple address conversion results are identical, only reflected with a table to preserve
The relationship of penetrating is far from being enough, so it is parallel to use the multilist with address conflict redundancy feature when design map table
Method uses altogether four mapping tables, allows up to four conflict addresses, for the identical multiple opposite ends of address conversion result
Location can be individually placed to the H values position of four mapping tables.Simultaneously by judging that the hit count value of list item, periodic cleaning are not lived
Dynamic list item makes mapping table be in the free time as possible, ensures address conflict redundancy feature, solves address conflict issues.
Other features and advantages of the present invention will illustrate in the following description, also, partial become from specification
It obtains it is clear that understand through the implementation of the invention.The purpose of the present invention and other advantages can be by the explanations write
Specifically noted structure is realized and is obtained in book, claims and attached drawing.
Description of the drawings
Attached drawing is only used for showing the purpose of specific embodiment, and is not considered as limitation of the present invention, in entire attached drawing
In, identical reference mark indicates identical component.
Fig. 1 is 1 hardware structure diagram of the embodiment of the present invention;
Fig. 2 is 2 flow chart of the embodiment of the present invention;
Fig. 3 is 3 hardware structure diagram of the embodiment of the present invention;
Fig. 4 is 4 flow chart of the embodiment of the present invention;
Fig. 5 is 5 hardware net structure chart of the embodiment of the present invention;
Fig. 6 is that 6 cipher key index of the embodiment of the present invention negotiates flow chart.
Specific implementation mode
Specifically describing the preferred embodiment of the present invention below in conjunction with the accompanying drawings, wherein attached drawing constitutes the application part, and
It is used to illustrate the principle of the present invention together with embodiments of the present invention.
Cipher key index negotiates to negotiate to complete by two terminals 1 that communicate, terminal 2, the addresses IP of terminal 1, terminal 2
IP address is respectively IP1 and IP2.
Embodiment 1
As shown in Figure 1, the present embodiment is related to communicating the key agreement device at originating end i.e. terminal 1.It is arranged at terminal 1
FPGA1、CPU1;FPGA1 includes ram in slice 1.
FPGA1 when for receiving data packet to be sent, searching for the list item that opposite end address in mapping table is IP2, not searching
Rope arrives, then CPU1 is notified to create cipher key index;It is additionally operable to obtain the second frame that terminal 2 is sent, and is stored in 1 data of ram in slice
Area, and notify CPU1 processing;
CPU1, for executing:After newly-built cipher key index, first frame is sent to terminal 2, the first frame includes terminal 1
Cipher key index value, frame count, IP1 and IP2;When receiving processing notification, the second frame is read, by the list item that opposite end address is IP2
State adds or is updated to FIN, while the cipher key index field of the list item being updated to the cipher key index value in the second frame;It sends
For third frame to terminal 2, the third frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1.
Data sharing is carried out using the FPGA with ram in slice, preferably realizes the cipher key index between terminal 2
Dynamic negotiation.Described device can form data connection with a variety of communication disruptions, not influenced by network topology structure, adaptability
Extensively;Processing, time overhead are small in real time;Power down is lost, and safety is good;Processing is flexible, and autgmentability is strong.
FPGA1 notifies CPU1 by way of interruption.The dynamic real-time of negotiation is realized by interrupt mode communication.
First frame informs opposite end link setup information, the second frame acknowledgment opposite end has responded and the local terminal that comes into force, third frame tell opposite end
Local terminal has come into force and opposite end is made to come into force.
Mapping table and data field in RAM1 are not the same areas.FPGA1 searches for the table that Major key is IP2 from mapping table
Xiang Shi deposits IP2 relevant informations in mapping table.And when needing newly-built cipher key index, the data field storage IP1+IP2 of RAM1 is related
Information.
It should be noted that mapping table includes table item index, state, local terminal address, opposite end address and cipher key index field;
As shown in table 1, mapping table primary fields explanation is as shown in table 2.
1 mapping table structure of table
| Table item index | State | Local terminal address | Opposite end address | Cipher key index | Hit count |
| 0 | 0 | 0 | 0 | 0 | |
| 1 | 0 | 0 | 0 | 0 | |
| …… | …… | …… | …… | …… | |
| 102 | FIN | 16842757 | 16842852 | 16 | 2308 |
| …… | …… | …… | …… | …… | |
| 1023 | 0 | 0 | 0 | 0 |
2 mapping table explanation of field of table
Following manner realization can be used in newly-built cipher key index:By 1 data field of IP1 and IP2 write-in ram in slice;IP2 is turned
H values are changed to, the new list item for being NEW in the position addition state that mapping table table item index value is H values.
It following address conversion functions may be used will state IP2 and be converted to H values:
H (IP2)=IP2.1+IP2.2+IP2.3+IP2.4
Wherein, H (IP2) is H values after conversion, and IP2.1, IP2.2, IP2.3, IP2.4 correspond to ten system of IP2 address points point respectively
Four bytes value.
Mapping table is with [opposite end address] for major key.Address conversion determines that the list item quantity of each table is 1024, is less than
The list item quantity of mapping table in traditional design.Address conversion result, that is, table item index value directly passes through index value when accessing list item
Addressing faster than traditional indexed mode avoids plenty of time consumption in logical operation, greatly improves matching efficiency.
Illustratively, IP2=1.1.0.100 (No.16842852), then H (IP2)=1+1+0+100=102.
Optionally, list item is scanned for searching by Secondary Match algorithm.Using the Secondary Match algorithm being simple and efficient
It searches list item to be simple and efficient, with minimum address conflict cost, brings the effect of mapping table reduction.
Mapping table uses the redundancy with address conflict to be arranged, using multilist parallel mode.
By address conversion function it is found that there is a situation where that multiple address conversion results are identical, only reflected with a table to preserve
The relationship of penetrating is far from being enough, can be when design map table using with address conflict redundancy to solve collision problem
The multilist parallel mode of function has well solved the collision problem caused by list item search.
Illustratively, four mapping tables can be used in the present embodiment, allow up to four conflict addresses, for address conversion knot
The identical multiple opposite end addresses of fruit, can be individually placed to the H values position of four mapping tables.
It can also be by judging that the hit count value of list item, the inactive list item of periodic cleaning make mapping table be in as possible
Free time ensures address conflict redundancy feature, better settling address conflict problem.
Embodiment 2
As shown in Fig. 2, the present embodiment is related to communicating the cryptographic key negotiation method implemented at transmitting terminal i.e. terminal 1.
Include the following steps:
Step S201, data packet to be sent is received, the list item that opposite end address in mapping table is IP2 is searched for;
Step S202, it does not search, then creates cipher key index;Otherwise, terminate.
Step S203, first frame is sent to terminal 2, and the first frame includes the cipher key index value of terminal 1, frame count, IP1
And IP2;
Step S204, the second frame that terminal 2 is sent is obtained, and is preserved;
Step S205, the second frame is read, the entry status that opposite end address is IP2 is added or is updated to FIN, while should
The cipher key index field of list item is updated to the cipher key index value in the second frame;
Step S206, third frame is sent to terminal 2, and the third frame includes the cipher key index value of terminal 1, frame count, IP1
And IP2.
The present embodiment uses identical principle with embodiment 1, and something in common can be used for reference mutually, and can realize identical
Technique effect.
Embodiment 3
The present embodiment is related to the key agreement device at communication receiver i.e. terminal 2.FPGA2 and CPU2 is set at terminal 2,
FPGA2 includes 2 data field of ram in slice.
Specifically,
FPGA2, the first frame for capturing the transmission of terminal 1, and it is stored in 2 data field of ram in slice;It is additionally operable to capture terminal
The 1 third frame sent, and it is stored in 2 data field of ram in slice;
CPU2, for executing:
First frame is read, the list item that opposite end address is IP1 is searched, the state for adding or updating the list item is ACK, simultaneously will
The cipher key index field of the list item is updated to the cipher key index value in first frame;
The second frame is sent to terminal 1, second frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 2;
Third frame is read, the entry status that opposite end address is IP1 is added or is updated to FIN, while by the close of the list item
Key index field is updated to the cipher key index value in third frame.
The present embodiment system realizes to dynamic realtime and negotiates with the cipher key index of terminal 1, not by network topology change
It influences, flexibility is high, wide adaptability;Processing, time overhead are small in real time;Power down is lost, and safety is good;Processing is flexible, autgmentability
By force.
Embodiment 4
As shown in figure 4, the present embodiment is related to communicating cipher key index machinery of consultation at transmitting side terminal 2, include the following steps:
The first frame that S401, capture terminal 1 are sent, and preserve;
S402, first frame being read, searches the list item that opposite end address is IP1, the state for adding or updating the list item is ACK,
The cipher key index value cipher key index field of the list item being updated to simultaneously in first frame;
S403, send the second frame to terminal 1, second frame include the cipher key index value of terminal 2, frame count, IP1 and
IP2;
The third frame that S404, capture terminal 1 are sent, and preserve;
S405, third frame is read, the entry status that opposite end address is IP1 is added or is updated to FIN, while by the list item
Cipher key index field be updated to the cipher key index value in third frame.
The present embodiment is based on identical principle with embodiment 3, can use for reference mutually between each other, and can reach identical effect
Fruit.
Embodiment 5
The present embodiment illustrates to complete cipher key index negotiating system with communicating pair interaction.
Its hardware architecture being based on is as shown in figure 5, include 3 both sides' system of embodiment 1 and embodiment.Terminal 1
Place's setting FPGA1, CPU1;FPGA1 includes ram in slice 1;FPGA2, CPU2 are set at terminal 2;FPGA2 includes ram in slice 2;
FPGA1 and FPGA2 uses network interconnection;It can be wireless, wired multiple network connection type, not repeat one by one herein.
The present embodiment system carries out data sharing using the FPGA with ram in slice, preferably realizes cipher key index
Dynamic negotiation realizes the real-time of negotiation by interrupt mode communication.Between the system connection and communicating pair, not by net
The influence of network topological structure, wide adaptability.
Embodiment 6
The present embodiment illustrates the method for completing cipher key index negotiation with communicating pair interaction.
Specific steps are as shown in fig. 6, include the following steps:
Step S601:When 1 data packet to be sent of terminal passes through FPGA1, FPGA1 searches for opposite end address and is in the mapping table
The list item of IP2 does not search such as, then enters step 602 newly-built cipher key index by interrupt notification CPU1, and by transmitting terminal, connect
The data fields RAM1 of IP address IP1, the IP2 write-in FPGA1 of receiving end;It such as searches, then terminates to negotiate;
Step S602:CPU1 reads the IP1 and IP2 of the data fields RAM1, IP2 is converted to H values, in the H values position of mapping table
Set the new list item that addition state is NEW.
Step S603:Information including the cipher key index value of oneself, frame count, IP1 and IP2 is formed first by CPU1
Frame is sent.
Step S604:FPGA2 captures the first frame that passes through, be saved in the data field of RAM2 and by interrupt notification CPU2 at
Reason.
Step S605:CPU2 from the data fields RAM2 read first frame, search opposite end address be IP1 list item, addition or more
The state of new list item is ACK, while the cipher key index field of list item being updated to the cipher key index value in first frame.
Step S606:CPU2 will include the information composition second including the cipher key index value of oneself, frame count, IP1 and IP2
Frame is sent to terminal 1.
Step S607:FPGA1 captures the second frame for passing through, be saved in the data field of RAM1 and by interrupt notification CPU1 at
Reason.
Step S608:CPU1 reads the second frame from the data fields RAM1, searches the list item that opposite end address is IP2, updates list item
State be FIN, while the cipher key index field of list item being updated to the cipher key index value in the second frame.
Step S609:CPU1 will form third comprising the information including the cipher key index value of oneself, frame count, IP1 and IP2
Frame is sent to terminal 2.
Step S610:FPGA2 captures the third frame that passes through, be saved in the data field of RAM2 and by interrupt notification CPU2 at
Reason.
Step S611:CPU2 reads third frame from the data fields RAM2, searches the list item that opposite end address is IP1, updates list item
State be FIN, while the cipher key index field of list item being updated to the cipher key index value in third frame.
So far both sides' key agreement is completed.
By negotiating three times, both sides all establish the address of opposite end and the mapping relations of cipher key index.Not only greatly improve
It using the flexibility of cipher key index, and is not influenced by network topology, even whole network topology changes, key
Index also can dynamic generation again.
Mapping table is with [opposite end address] for major key.Address conversion determines that the list item quantity of each table is 1024, is less than
The list item quantity of mapping table in traditional design.Address conversion result, that is, table item index value directly passes through index value when accessing list item
Addressing faster than traditional indexed mode avoids plenty of time consumption in logical operation, greatly improves matching efficiency.
It should be noted that between above-described embodiment, same or similar place can be used for reference mutually.
It will be understood by those skilled in the art that realizing all or part of flow of above-described embodiment method, meter can be passed through
Calculation machine program is completed to instruct relevant hardware, and the program can be stored in computer readable storage medium.Wherein, institute
It is disk, CD, read-only memory or random access memory etc. to state computer readable storage medium.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
Any one skilled in the art in the technical scope disclosed by the present invention, the change or replacement that can be readily occurred in,
It should be covered by the protection scope of the present invention.
Claims (10)
1. a kind of cipher key index consulting device based on FPGA, which is characterized in that including FPGA1 and CPU1;The FPGA1 includes
Ram in slice 1:
FPGA1, for when receiving the data packet to be sent of the transmission of terminal 1, searching for the table that opposite end address in mapping table is IP2
, it does not search, then CPU1 is notified to create cipher key index;It is additionally operable to obtain the second frame that terminal 2 is sent, and notifies at CPU1
Reason;
RAM1, for preserving the mapping table and second frame;
CPU1, for executing following flows:
Newly-built cipher key index;
First frame is sent to terminal 2, the first frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1;
After receiving processing notification, the second frame is read, the entry status that opposite end address is IP2 is added or is updated to FIN, simultaneously
The cipher key index value cipher key index field of the list item being updated in the second frame;
Third frame is sent to terminal 2, the third frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1.
2. cipher key index consulting device according to claim 1, which is characterized in that the FPGA1 is by way of interruption
CPU1 is notified to create cipher key index or processing.
3. cipher key index consulting device according to claim 1, which is characterized in that the mapping table include table item index,
State, local terminal address, opposite end address and cipher key index field;The mode field is used to indicate the negotiation state of cipher key index,
FIN indicates to complete, and NEW indicates newly-built, and ACK indicates response.
4. the cipher key index consulting device according to one of claim 1-3, which is characterized in that pass through Secondary Match algorithm pair
List item scans for searching;The mapping table uses the redundancy with address conflict to be arranged.
5. the cipher key index consulting device according to one of claim 1-3, which is characterized in that
The newly-built cipher key index includes:By 1 data field of IP1 and IP2 write-in ram in slice;IP2 is converted into H values, in mapping table
Table item index value is the new list item that the position addition state of H values is NEW.
6. a kind of cipher key index machinery of consultation, which is characterized in that include the following steps:
The data packet to be sent of the transmission of terminal 1 is received, the list item that opposite end address in mapping table is IP2 is searched for;
It does not search, then creates cipher key index;
First frame is sent to terminal 2, the first frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1;
The second frame that terminal 2 is sent is obtained, and is preserved;
The second frame is read, the entry status that opposite end address is IP2 is added or is updated to FIN, while by the key rope of the list item
Draw the cipher key index value being updated in the second frame;
Third frame is sent to terminal 2, the third frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 1.
7. a kind of cipher key index consulting device based on FPGA, which is characterized in that including FPGA2 and CPU2, FPGA2 include in piece
RAM2;
FPGA2, the first frame for capturing the transmission of terminal 1, and it is stored in the data fields RAM2;It is additionally operable to what capture terminal 1 was sent
Third frame, and it is stored in the data fields RAM2;
CPU2, for executing:
First frame is read, the list item that opposite end address is IP1 is searched, the state added or update the list item is ACK, while by the table
The cipher key index field of item is updated to the cipher key index value in first frame;
The second frame is sent to terminal 1, second frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 2;
Third frame is read, the entry status that opposite end address is IP1 is added or is updated to FIN, while by the key rope of the list item
Draw the cipher key index value that field is updated in third frame.
8. a kind of cipher key index machinery of consultation, which is characterized in that include the following steps:
The first frame that terminal 1 is sent is captured, and is preserved;
First frame is read, the list item that opposite end address is IP1 is searched, the state added or update the list item is ACK, while by the table
The cipher key index field of item is updated to the cipher key index value in first frame;
The second frame is sent to terminal 1, second frame includes cipher key index value, frame count, IP1 and the IP2 of terminal 2;
The third frame that terminal 1 is sent is captured, and is preserved;
Third frame is read, the entry status that opposite end address is IP1 is added or is updated to FIN, while by the key rope of the list item
Draw the cipher key index value that field is updated in third frame.
9. a kind of both sides' cipher key index negotiating system based on FPGA, it is characterised in that:Include being connected with terminal 1 as right is wanted
The cipher key index consulting device as claimed in claim 7 sought the cipher key index consulting device described in 1-5 and be connected with terminal 2.
10. a kind of both sides' cipher key index machinery of consultation, it is characterised in that:Including the cipher key index negotiation side described in claim 6
Method and cipher key index machinery of consultation as claimed in claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810161967.6A CN108494549B (en) | 2018-02-27 | 2018-02-27 | Key index negotiation device, system and method based on FPGA |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810161967.6A CN108494549B (en) | 2018-02-27 | 2018-02-27 | Key index negotiation device, system and method based on FPGA |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108494549A true CN108494549A (en) | 2018-09-04 |
| CN108494549B CN108494549B (en) | 2020-10-02 |
Family
ID=63340886
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810161967.6A Active CN108494549B (en) | 2018-02-27 | 2018-02-27 | Key index negotiation device, system and method based on FPGA |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108494549B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060256815A1 (en) * | 1999-06-15 | 2006-11-16 | Ssh Communications Security Ltd | Method and arrangement for providing security through network address translations using tunneling and compensations |
| CN101183934A (en) * | 2007-10-23 | 2008-05-21 | 中兴通讯股份有限公司 | Cipher key updating method in passive optical network |
| CN101267295A (en) * | 2006-10-06 | 2008-09-17 | 美国博通公司 | Method and system for processing information in safety communication system |
| CN102195776A (en) * | 2006-10-06 | 2011-09-21 | 美国博通公司 | Method and system for processing information in a safety communication system |
| US20140067772A1 (en) * | 2012-08-31 | 2014-03-06 | Nokia Corporation | Methods, apparatuses and computer program products for achieving eventual consistency between a key value store and a text index |
| US8874866B1 (en) * | 2010-01-25 | 2014-10-28 | Altera Corporation | Memory access system |
| CN104702508A (en) * | 2015-03-24 | 2015-06-10 | 深圳中兴网信科技有限公司 | Method and system for dynamically updating table items |
| CN105450392A (en) * | 2015-12-04 | 2016-03-30 | 四川九洲电器集团有限责任公司 | Method and device for determining key pair and data processing method |
| US20160182463A1 (en) * | 2014-12-23 | 2016-06-23 | Chandra Sekhar Suram | Secure communication device and method |
-
2018
- 2018-02-27 CN CN201810161967.6A patent/CN108494549B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060256815A1 (en) * | 1999-06-15 | 2006-11-16 | Ssh Communications Security Ltd | Method and arrangement for providing security through network address translations using tunneling and compensations |
| CN101267295A (en) * | 2006-10-06 | 2008-09-17 | 美国博通公司 | Method and system for processing information in safety communication system |
| CN102195776A (en) * | 2006-10-06 | 2011-09-21 | 美国博通公司 | Method and system for processing information in a safety communication system |
| CN101183934A (en) * | 2007-10-23 | 2008-05-21 | 中兴通讯股份有限公司 | Cipher key updating method in passive optical network |
| US8874866B1 (en) * | 2010-01-25 | 2014-10-28 | Altera Corporation | Memory access system |
| US20140067772A1 (en) * | 2012-08-31 | 2014-03-06 | Nokia Corporation | Methods, apparatuses and computer program products for achieving eventual consistency between a key value store and a text index |
| US20160182463A1 (en) * | 2014-12-23 | 2016-06-23 | Chandra Sekhar Suram | Secure communication device and method |
| CN104702508A (en) * | 2015-03-24 | 2015-06-10 | 深圳中兴网信科技有限公司 | Method and system for dynamically updating table items |
| CN105450392A (en) * | 2015-12-04 | 2016-03-30 | 四川九洲电器集团有限责任公司 | Method and device for determining key pair and data processing method |
Non-Patent Citations (1)
| Title |
|---|
| 王震等: "基于身份的移动互联网高效认证密钥协商协议", 《通信学报》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108494549B (en) | 2020-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2366108C2 (en) | Metaspace: intermediate communication software for partially connected free-structure peer mobile communication networks | |
| CN110059055B (en) | File storage and reading method and device based on distributed private cloud | |
| CN102281180A (en) | Virtual network interface card (NIC) communication device applied in mutual communication of terminals in different local area networks | |
| CN101316230A (en) | Virtual network connection system, apparatus and medium | |
| CN112965824A (en) | Message forwarding method and device, storage medium and electronic equipment | |
| CN104486327B (en) | Communication means and client between the page and long connection server | |
| CN104486589A (en) | Assess method and device of GVRP-based video monitoring system | |
| CN105812257B (en) | Business chain route management system and its application method | |
| CN109474713B (en) | Message forwarding method and device | |
| CN115914402B (en) | Method, device, equipment and storage medium for determining computing power resource node | |
| CN104038507A (en) | Protocol conversion wireless gateway with content as center and communication method thereof | |
| CN109088957B (en) | NAT rule management method, device and equipment | |
| CN104486229A (en) | Method and equipment for realizing VPN message forwarding | |
| CN105991755B (en) | Service message distribution method and device | |
| CN104333842B (en) | A kind of smart machine program resource sharing method and its system based on WIFI | |
| CN102201996B (en) | Method and equipment for forwarding message in network address translation (NAT) environment | |
| CN110012107B (en) | Data communication method, equipment, device, system and storage medium | |
| CN107948104A (en) | The method and switching equipment that message forwards in a kind of network address translation environment | |
| Borrego et al. | Softwarecast: A code-based delivery manycast scheme in heterogeneous and opportunistic ad hoc networks | |
| CN105052106A (en) | Methods and systems for receiving and transmitting internet protocol (ip) data packets | |
| MXPA06001530A (en) | Routing hints. | |
| CN110784489B (en) | Secure communication system and method thereof | |
| CN105357332B (en) | A kind of method for network address translation and device | |
| CN108494549A (en) | Cipher key index consulting device, system and method based on FPGA | |
| CN100479457C (en) | Implementation method for transferring data in virtual private network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |