CN109286492A - Encription algorithms approved by the State Password Administration Committee Office security video data exchange card and exchange method based on FPGA and DSP - Google Patents
Encription algorithms approved by the State Password Administration Committee Office security video data exchange card and exchange method based on FPGA and DSP Download PDFInfo
- Publication number
- CN109286492A CN109286492A CN201811247572.4A CN201811247572A CN109286492A CN 109286492 A CN109286492 A CN 109286492A CN 201811247572 A CN201811247572 A CN 201811247572A CN 109286492 A CN109286492 A CN 109286492A
- Authority
- CN
- China
- Prior art keywords
- dsp
- fpga
- interface
- data
- fpga chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000005540 biological transmission Effects 0.000 claims abstract description 45
- 230000002093 peripheral effect Effects 0.000 claims abstract description 42
- 230000003287 optical effect Effects 0.000 claims abstract description 37
- 238000005516 engineering process Methods 0.000 claims abstract description 35
- 238000006243 chemical reaction Methods 0.000 claims abstract description 14
- 239000013307 optical fiber Substances 0.000 claims description 22
- 238000004891 communication Methods 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 18
- 238000012544 monitoring process Methods 0.000 claims description 13
- 239000013078 crystal Substances 0.000 claims description 7
- 238000001914 filtration Methods 0.000 claims description 5
- 238000013461 design Methods 0.000 abstract description 26
- 238000007726 management method Methods 0.000 abstract description 21
- 230000008901 benefit Effects 0.000 abstract description 13
- 238000013497 data interchange Methods 0.000 abstract description 10
- 238000002955 isolation Methods 0.000 abstract description 8
- 239000000835 fiber Substances 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 22
- 238000011161 development Methods 0.000 description 8
- 239000000203 mixture Substances 0.000 description 7
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000011664 signaling Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000006855 networking Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000005611 electricity Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 238000007792 addition Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 2
- 230000008054 signal transmission Effects 0.000 description 2
- 244000163122 Curcuma domestica Species 0.000 description 1
- 235000003392 Curcuma domestica Nutrition 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 235000003373 curcuma longa Nutrition 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 239000003814 drug Substances 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 239000003292 glue Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000003647 oxidation Effects 0.000 description 1
- 238000007254 oxidation reaction Methods 0.000 description 1
- 150000003071 polychlorinated biphenyls Chemical class 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 235000013976 turmeric Nutrition 0.000 description 1
- 238000003466 welding Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4408—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP and exchange methods.It solves the problems such as prior art design is not reasonable.Including PCB circuit board, PCB circuit board is equipped with clock and generates and management module and power supply conversion and management module, PCB circuit board is equipped with fpga chip, FPGA peripheral circuit is connected on fpga chip, PCB circuit board is equipped with several 10,000,000,000 optical interfaces of SFP+ and at least one PCI-E bus interface, fpga chip is connected at least two dsp processors, and DSP peripheral circuit is connected on dsp processor.Advantage is: the present invention organically combines FPGA, DSP, DMA, 10,000,000,000 fibre optic data transmissions, DSP national secret algorithm, support security video stream and a variety of key technologies of data interchange format on a security video data exchange card, make in the domination set of switching card, structure is simple, transmission efficiently, data format is compatible, file extent is good, data exchange safety is reliable, the existing one-way optical gate of support, the features such as isolation gap system function.
Description
Technical field
The invention belongs to technical field of network equipment, more particularly, to a kind of encription algorithms approved by the State Password Administration Committee Office safety based on FPGA and DSP
Video data switching card and exchange method.
Background technique
In recent years, especially in private network (such as Police Computer Network) in order to realize that associated services interconnect, accomplish intranet
A variety of data safeties such as video flowing, video signaling between network and other multiple external networks exchange transmission, reinforce information resources
Shared and comprehensive application ability, while guaranteeing the highly safe of data exchange and own net, it is widely used in band physical isolation
The data exchange server of gateway.Various network harms are tackled using technology of network isolation.It is adopted between gateway and swap server
With TCP/IP communication, gateway inside can carry out a series of safe handlings such as anti-virus, intrusion detection to data.Computer network
It is fast-developing to having been achieved for huge success at present.Especially in the application of the network technologies such as e-commerce, E-Government and
It promotes and brings great convenience to people's lives, be also social creativity great riches.But at the same time, network also gives people
Bring various security threats, such as: data theft, data tampering, network attack, especially some important networks
After being attacked, serious harm can be generated to society, brought about great losses to country.In order to avoid network attack causes information to let out
The loss such as dew, more and more government departments, business unit start to protect oneself using various network security tools, equipment
Network.
The connection of the data exchange servers such as video and network at present generallys use network interface card, and the performance height of network interface card is for net
Most important for network communication, with the continuous development of mechanics of communication, server and its network interface card performance are also constantly being promoted.But face
Big data quantity exchange, high concurrent constantly increased etc. is applied, existing TCP/IP software and hardware architecture and lacking using high CPU consumption
Point causes the server application speed of service slow, and data exchange is increasingly prominent the problem of transmission efficiency is low.Specifically, currently
The method that the data exchanges such as our domestic main across a network videos use has following a few classes substantially: a, by middleware progress across
The data exchanges such as network video.B, data exchange is carried out by database itself tool, database broker.C, it is carried out using file
Data exchange.The network interface of above method for interchanging data, the transmission of equipment room data mainly uses network interface card, and transport protocol is general
Using ICP/IP protocol.
For example, the data exchange systems such as across a network video are mainly by outer net swap server, isolation gap, Intranet exchange clothes
Business device composition (such as Fig. 1).Swap server and internal-external network connection type, isolation gap and swap server connection type are main
Using network interface card, transport protocol uses ICP/IP protocol, and isolation gap mainly uses ASIC network control chip to carry out data transmission
Control.The network interface card used in data exchange system, the main hardware realizing computer and being communicated on network, itself is not
Have the function of encryption, parallel computation, user data storage, security video data and particular file format transmission etc..Wan Zhaoguang
The functional block diagram of fibre web card such as Fig. 2.
Classical data transmission between the data exchange servers such as traditional video or between gateway, such as Fig. 1, server
Caching of the data of transmission through application layer software → operating system ICP/IP protocol stack caching → driving layer caching → network interface card
Caching, finally by network transmission to receiving end server, receiving end can just be sent out after then passing through the parsing layer by layer of opposite direction
The data that sending end is sent.Application layer in the network architecture, transport layer, network layer data transmission will consume largely
Cpu resource.
Such as: outer net swap server sends data to gateway.Its kernel receives first after gateway server receives data
And packet header is parsed, it determines that data belong to its application program A, is then wake up application program A, subsequent application program A is executed
System is called to kernel, and last replicate data is cached in the caching that application program A is provided from kernel oneself.This process meaning
Taste most of network communications must at least be replicated twice in the main memory bus of system, one time host network card places data into
The caching that kernel provides, another secondary kernel move the data into the caching of application program, and computer has to carry out during this
Multiple context switchings lead to data exchange processing inefficiency, and controllability is poor.
In above-mentioned Ethernet data switching technology, network data interface mainly uses network interface card, and based on ICP/IP protocol into
Row communication.Following disadvantage can be generally exposed in the application.1, efficiency of transmission problem: when network traffic flow is higher, especially
Be reach several gigabits so that 10,000,000,000 flow when, unit time domestic demand processing data volume it is more, the high CPU of ICP/IP protocol stack
The characteristics of resource consumption, can make server system high cpu load occur, and server process speed and data exchange is caused to pass
Defeated efficiency substantially reduces.Currently in order to improving the efficiency of data exchange, common method mainly improves system hardware performance, adopts
With the server and the network equipment of higher performance, but cost is to carry out a degree of transformation to system, for some large sizes
For system, cost is very huge.2, Information Security problem: the method for our current domestic main data exchanges
Still there are some security risks: data exchange A, being carried out using middleware, due to the port opened on gateway and middleware
Software message format, which is all that industry is well known, disclosed, very easy, to be attacked.B, using database itself tool, database
It is almost percentage using database protocol other than there is above-mentioned Middle-ware if agency carries out data exchange
Hundred do not encrypt, so being it is not recommended that using this mode in key network system and sensitive data exchange.C, file is utilized
Carry out data exchange, compared to the above several ways it is more comparatively safe, but using file progress data exchange, it is also necessary to it is mating its
Because file itself is used as data transmission media, or there is the possibility attacked in its security means, especially can in file
Virus or wooden horse can be mingled with.D, it in the recent period, is taken the lead GB35114 national standard (" the public safety video monitoring of formulation by the Ministry of Public Security
Networked information safety specifications ") passed through, i.e., it will implement.This is domestic and international first about video monitoring networking information
The pure technology class standard of secure context.And the conventional video data exchange system of early-stage development does not meet the friendship of security video data also
Change the requirement of transmission.3, scalability, poor controllability: in the video data exchange system of the prior art, swap server and net
Privately owned communications protocol and interface are generally used between lock, swap server and database server.So different brands equipment,
Software can not achieve rapid abutting joint, simultaneously because agreement, interface difference are big and the plenty of time is needed to carry out compatible modification and debugging.
In view of the shortcomings of the prior art, a kind of new technology, new method is needed to reduce the data exchanges such as video to server
The consumption of cpu resource improves data exchanges efficiency, compatibility and the good scalabilities such as video, develops a kind of safer
Data exchange ways realize security data exchange, ensure user under presently most safe mode, realize heterogeneous networks or
The data exchanges such as the video between different security domains.To optimize, solve the problems of available data exchange method.Therefore,
Designing a kind of switching card that data exchange laser propagation effect is good seems particularly necessary and urgent.
Summary of the invention
Regarding the issue above, the present invention provides a kind of hardware structure is simple, the base of data exchange effect is improved
In the encription algorithms approved by the State Password Administration Committee Office security video data exchange card of FPGA and DSP.
Another object of the present invention is to realize that safer data are handed in view of the above-mentioned problems, provide a kind of easy to implement
Change the encription algorithms approved by the State Password Administration Committee Office secure data exchange method based on FPGA and DSP of mode.
In order to achieve the above objectives, present invention employs following technical proposals: based on the encription algorithms approved by the State Password Administration Committee Office safety of FPGA and DSP
Video data switching card, including PCB circuit board, the PCB circuit board are equipped with clock and generate and management module and power supply
Conversion and management module, the PCB circuit board are equipped with fpga chip, and the periphery FPGA electricity is connected on the fpga chip
Road, the PCB circuit board be equipped with several 10,000,000,000 optical interfaces of SFP+ being connected respectively with fpga chip and at least one with
The connected PCI-E bus interface of fpga chip, the fpga chip are connected at least two dsp processors, at the DSP
DSP peripheral circuit is connected on reason device.
The present invention is used to substitute the common network interface card in original scheme, gives full play to advantage, the DSP of fpga chip parallel processing
The characteristics of being suitble to parallel encryption algorithm, file format compatibility, supports GB35114 at the data safety guarantee of special circuit
Etc. safety standards video flowing etc., improve Ethernet data swap server working efficiency, substantially reduce data exchange to service
The consumption of device cpu resource.On the other hand, encryption, the decryption of data are swapped, using FPGA, DMA, DSP national secret algorithm with big
The big security performance for improving data exchange.May be selected whether double-encryption is carried out to data such as videos, to meet different demands.This
The exchange transmission of the signaling datas such as SIP, PSIP, GB28181, GB35114 is supported in invention, support H.264, H.263, MP4, SVAV
The exchange transmission of equal format videos stream.To realize the exchange transmission of newest security video Monitor-Networking information.It is propped up in the present invention
The peculiar file format for holding use mainly has, XML, i.e. extensible markup language, the data interchange format of JSON lightweight, XML
All it is data interchange format with JSON, is suitble to the shared and interaction of data between different application systems.Compared to traditional data exchange
For, interface compatibility and scalability are stronger, simultaneously because in turn ensuring number using technologies such as FPGA, DMA, DSP encryptions
According to the safety of exchange.The fpga chip used in this scheme has the advantage of parallel processing, and operation is efficient, using FPGA structure
The board of design belongs to special circuit, and the safety of data exchange can be improved.Under the premise of realizing identical function, structure
Simply, highly reliable and have higher flexibility and arithmetic speed.With the network interface card that is used in current system or other dedicated
Chip solution is different, while FPGA has high-speed parallel processing advantage, also has stronger flexibility and scalability, can basis
It needs from now on, to FPGA Direct Programming, carries out function modification, increase and updating operation.DMA, this technology are used in this scheme
A large amount of interrupt loads of CPU are needed not rely on, the transmitting terminal application software data to be sent of security data exchange pass through private
There is the memory headroom of interface write-in DMA, FPGA reads data transmission by DMA directly from memory.DMA technology provides calculating
The direct access method of machine memory, without regard to the protocol stack layer by layer of the ICP/IP protocol of its operating system.This method has
The feature of low cpu busy percentage, low latency, to realize the high-throughput of data switching networks.DSP skill is used in this scheme
Art, make full use of DSP Digital Signal Processing is strong, algorithm is strong, it is parallel the advantages such as execute, opposite other devices are from processing speed, spirit
Active aspect is more suitable for realizing various national secret algorithms.Highly reliable, high performance serial SRIO interface is used between FPGA, is supported
DMA transfer, multicast communication, multi tate selection, single channel rate is up to 5Gbps.
In the above-mentioned encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP, on the fpga chip
Be connected with four groups of 10,000,000,000 optical interfaces of SFP+, and each group of 10,000,000,000 optical interface of SFP+ respectively with the optical fiber that is arranged in PCB circuit board
It connects indicator light and optical fiber rate indicator light is corresponding.
In the above-mentioned encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP, the periphery the FPGA electricity
Road includes the Flash memory module being connected respectively with fpga chip, EEPROM memory module, sdram memory module group, board temperature
Spend monitoring module, debugging interface, reseting module, serial port module, expansion I/O interface, information indicator lamp groups, parameter setting switching group
And FPGA program encryption module.
In the above-mentioned encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP, the fpga chip connects
Two groups of dsp processors are connected to, and the dsp processor passes through SRIO interface and IIC/SPI interface and fpga chip respectively
It is connected.
In the above-mentioned encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP, the DSP peripheral circuit
Including the DSP peripheral information indicator lamp groups being connected respectively with dsp processor, the periphery DSP EEPROM memory module, DSP are arranged in
Module occurs for peripheral Flash memory module, the periphery DSP sdram memory module, the periphery DSP true random number, the debugging of the periphery DSP connects
Mouth and the periphery DSP reseting module.
In the above-mentioned encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP, the clock generate and
Management module includes crystal oscillator, multipath clock generator and peripheral components;The power supply conversion and management module include
Voltage-dropping type DC/DC converter and low pressure difference linear voltage regulator.
In the above-mentioned encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP, in the PCB circuit board
Equipped with the power supply indicator being connected with power supply conversion and management module and the micro USB interface being connected with dsp processor.
In the above-mentioned encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP, the PCI-E bus is connect
Mouth is using PCI-E Gen2X8 and the above interface or PCI-E Gen3X4 and the above interface.
The state based on FPGA and DSP of the above-mentioned encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP is close
Encryption safe method for interchanging data is as described below:
Based on the encription algorithms approved by the State Password Administration Committee Office secure data exchange method of FPGA and DSP, comprising the following steps:
S1, data are sent: fpga chip reads application layer from server memory through PCI-E bus interface using DMA technology
Then the data that need to be sent return to FPGA by 10,000,000,000 optical interface of SFP+ of board after dsp processor encrypts and are sent to net
On network;
S2, data receiver: fpga chip receives the data for carrying out automatic network from 10,000,000,000 optical interface of SFP+, according to the finger of application layer
It enables after carrying out data filtering, the control that single-direction and dual-direction communicates, is passed through after dsp processor is decrypted to the data for receiving and requiring are met
The PCI-E bus interface of fpga chip is write in the memory of server using DMA technology, is passed through for server application privately owned
Interface is read.
In the above-mentioned encription algorithms approved by the State Password Administration Committee Office secure data exchange method based on FPGA and DSP, at the DSP in step S 1
Reason device encryption includes: that fpga chip obtains the data for needing encrypted transmission by PCI-E bus interface, and confirms the number for meeting transmission
It is sent to dsp processor according to through SRIO interface, dsp processor carries out data packet using published encription algorithms approved by the State Password Administration Committee Office algorithm, key
Parallel encryption, be sent to fpga chip after completing encryption and transmitted through 10,000,000,000 optical interface of SFP+ to target network;In step
Dsp processor decryption in S2 includes: decryption aspect, and the data that fpga chip is received by 10,000,000,000 optical interface of SFP+ are confirmed
After meeting transmission requirement, dsp processor is sent to by SRIO interface, dsp processor passes through acquired in certification before data exchange
Key be decrypted data, and the data after decryption are issued into fpga chip through SRIO interface, fpga chip is total by PCI-E
Line interface is transmitted to the application program of server using DMA method.It is settable not right for data, switching cards such as the videos that has encrypted
Data carry out double-encryption, directly carry out high speed forward by FPGA.
Compared with prior art, based on the encription algorithms approved by the State Password Administration Committee Office security video data exchange card of FPGA and DSP and exchange side
The advantages of method is: the present invention realizes the thinking of particular data file format transmission mode, originality using special circuit algorithm
By FPGA, DSP, DMA, 10,000,000,000 fibre optic data transmissions, DSP national secret algorithm, support security video stream and data interchange format it is more
Kind key technology organically combines on a security video data exchange card, and FPGA is as its main operational processor, sufficiently
It is handled using its hardware concurrent, the efficient advantage of operation, in conjunction with the characteristics of DMA high speed, ultralow delay, extremely low CPU usage, and
It is embedded in DSP encryption card technique, supports national secret algorithm.Support security video stream, video signaling and XML, JSON data exchange lattice
Then formula carries out the high-speed transfer of one-way or bi-directional data by 10,000,000,000 optical fiber interfaces, can support completely existing one-way optical gate and
The function of isolation gap, and more fully function and higher efficiency and security performance are provided.By using this in switching card
A little methods make in the domination set of switching card, structure is simple, transmission is efficient, data format is compatible, file extent is good, data are handed over
Change the features such as safe and reliable.Accomplish the compatibility and scalability of data interchange format, and does not lose good security performance.
It can be suitble to the shared and interaction of data between different application systems using the switching card of the method.Compared to traditional data
For exchange, interface compatibility and scalability are stronger, simultaneously because in turn ensuring number using technologies such as FPGA, DMA, encryptions
According to the safety of exchange.So the efficiency of data exchange can not only be improved using this switching card in application system, application is promoted
The processing capacity of server CPU in system, also while ensuring information security property, make switching card have higher flexibility and
Reliability.
In switching card, unidirectional, both-way communication the control to exchange data is may be implemented in FPGA.Using hard inside FPGA
Part circuit realizes hardware isolated, and can be filtered to data packet, analytic function, can reach network interface card in legacy data exchange system
With one-way optical gate, the function of isolation gap, so security video data exchange card completely can be same under suitable application scenarios
When replace network interface card in original video data exchange system and optical gate or gateway equipment, reduce system cost and deployment be difficult
Degree.The invention method belongs to dedicated development circuit, and can modify extension according to functional requirement, and use in conventional data exchange
Network interface card be then general part, the modifications and extensions of function can not be carried out, some registers can only be passed through and carry out limited setting choosing
It selects.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of traditional across a network data exchange system;
Fig. 2 is the functional block diagram of traditional 10,000,000,000 optical fiber network interface cards in the present invention;
Fig. 3 is the structural block diagram in the present invention;
In figure, PCB circuit board 1,10,000,000,000 optical interface 11 of SFP+, optical fiber connection indicator light 111, optical fiber rate indicator light 112,
PCI-E bus interface 12, SRIO interface 13, IIC/SPI interface 14, power supply indicator 15, micro usb 16, clock produce
Raw and management module 2, crystal oscillator 21, multipath clock generator 22, peripheral components 23, power supply conversion and management module 3, drop
Die mould DC/DC converter 31, low pressure difference linear voltage regulator 32, fpga chip 4, FPGA peripheral circuit 5, Flash memory module 51,
EEPROM memory module 52, sdram memory module group 53, board temperature monitoring module 54, debugging interface 55, reseting module 56,
Serial port module 57, expansion I/O interface 58, information indicator lamp groups 59, parameter setting switching group 591, FPGA program encryption module
592, dsp processor 6, DSP peripheral circuit 7, DSP peripheral information indicator lamp groups 71, the periphery DSP EEPROM memory module 72, DSP
Module 75, the periphery DSP occur for peripheral Flash memory module 73, the periphery DSP sdram memory module 74, the periphery DSP true random number
Debugging interface 76, the periphery DSP reseting module 77.
Specific embodiment
The present invention will be further described in detail with reference to the accompanying drawings and detailed description.
As shown in figure 3, based on the encription algorithms approved by the State Password Administration Committee Office security video data exchange card of FPGA and DSP, including PCB circuit board 1,
PCB circuit board 1 is important electronic component as electronic component and the carrier of electrical connection, and the PCB that the present invention designs is full
The application of sufficient super large-scale integration and miniaturized device is designed using the more laminated PCBs of high density, for High-frequency differential signals
(such as 10G, PCI-E) and single-ended signal (SDRAM) are the power and quality for ensuring signal transmission, do hinder to two class signals respectively
Anti- matched design.To improve component patch welding quality, improving signal transmission quality and pad oxidation resistance, design is used
Turmeric technique.PCB circuit board 1 is equipped with clock and generates and management module 2 and power supply conversion and management module 3, it is preferable that this
In clock generate and management module 2 include crystal oscillator 21, multipath clock generator 22 and peripheral components 23;Design is by frequency
Crystal oscillator, multipath clock generator and the peripheral components composition that rate stability is good, temperature frequency difference is small, thus module generates
All clock signals needed for FPGA and DSP.The clock of low frequency crystal oscillator can be converted into height by multipath clock generator 22
Frequency clock, and the configuration of multiple-channel output and output clock frequency is supported to generate required different clocks, switch multiple-working mode.
The power supply conversion and management module 3 include voltage-dropping type DC/DC converter 31 and low pressure difference linear voltage regulator 32, using decompression
Type DC/DC (DC power supply conversion) and LDO (low pressure difference linear voltage regulator) conversion circuit by the+12V of input ,+3.3V step by step
It is converted into all kinds of DC power supplies needed for board.And it is supplied to motherboard power supply LED indicating circuit, FPGA radiator fan interface circuit
Electricity.Wherein, PCB circuit board 1 here is equipped with fpga chip 4, is connected with FPGA peripheral circuit 5, PCB line on fpga chip 4
Road plate 1 is equipped with several 10,000,000,000 optical interfaces 11 of SFP+ being connected respectively with fpga chip 4 and at least one and 4 phase of fpga chip
PCI-E bus interface 12 even, fpga chip 4 are connected at least two dsp processors 6, are connected with outside DSP on dsp processor 6
Enclose circuit 7.
Here PCB circuit board 1 is equipped with the power supply indicator 15 being connected with power supply conversion and management module 3, for referring to
Show whether switching card has power supply.PCI-E or external power source interface power supply are driven into LED light after partial pressure, current limliting.With
And micro usb 16, the USB designed for connection management person's permission are equipped, such as: U-shield.Realization interacts visit with key
It asks, completes authentication and cryptography management function, such as: destruction, the backup of key.
Wherein, PCI-E bus interface 12 here uses PCI-E Gen2 interface or PCI-E Gen3 interface.Using
Gen2.0 or Gen3.0 standard design, according to the requirement of the total rate of optical interface, PCI-E interface bit wide be designed as Gen2.0 be X8 and
More than,
Gen3.0 is X4 or more.This interface is docked by golden finger with server PCI-E slot position, application program transmission,
Received data, management configuration data will be interacted by this interface and switching card.In addition the power supply of switching card is also by this
Interface provides.
The present invention is used to substitute the common network interface card in original scheme, gives full play to advantage, the DSP of fpga chip parallel processing
The characteristics of being suitble to parallel encryption algorithm, file format compatibility, supports GB35114 at the data safety guarantee of special circuit
Etc. safety standards video flowing etc., improve Ethernet data swap server working efficiency, substantially reduce data exchange to service
The consumption of device cpu resource.On the other hand, encryption, the decryption of data are swapped, using FPGA, DMA, DSP national secret algorithm with big
The big security performance for improving data exchange.May be selected whether double-encryption is carried out to data such as videos, to meet different demands.This
The exchange transmission of the signaling datas such as SIP, PSIP, GB28181, GB35114 is supported in invention, support H.264, H.263, MP4, SVAV
The exchange transmission of equal format videos stream.To realize the exchange transmission of newest security video Monitor-Networking information.It is propped up in the present invention
The peculiar file format for holding use mainly has, XML, i.e. extensible markup language, the data interchange format of JSON lightweight, XML
All it is data interchange format with JSON, is suitble to the shared and interaction of data between different application systems.
Wherein, FPGA is the abbreviation of field programmable gate array, and the application field of FPGA is initially the communications field, but close
Year, with the development of information industry and microelectric technique, FPGA technology has become most popular one of the technology of information industry, answers
With range throughout multiple hot topics such as aerospace, broadcast, communication, medical treatment, security protection, automotive electronics, measurement test, consumer markets
Field.And with the development of the progress of technique and technology, to more, wider application field extension.FPGA main advantage is
Programmable flexibility is high, short compared to the development cycle for customization ASIC, parallel efficiency calculation height etc..
DSP is the abbreviation of Digital Signal Processing, and with the rapid development of the communication technology, DSP has become signal and information
The highly important technology of process field.The various features of DSP make it be particularly suitable for realizing the algorithm of digital signal.Communication neck now
Many products are all maintained close ties with DSP in domain, such as: GSM, CDMA, Modem, videophone, image procossing, data encryption etc.,
It is also all widely used in fields such as instrument and meter, Electromechanical Control, military affairs, medicine simultaneously.DSP technical characterstic is such as: a) supporting simultaneously
Row operation;B) operation is efficient, and a multiplication and addition can be completed in single command cycle;C) program and data space is separated, can be same
When access instruction and data;D) there is quick RAM in piece, improve reading and writing data speed;E) hardware supported multibus Harvard knot
Structure supports pile line operation, the operations such as fetching, decoding and execution that can improve data-handling capacity with Overlapped Execution.F) have
Independent hardware multiplier greatly improves the speed of signal processing algorithm.
DMA is the abbreviation of direct memory access (DMA) technology.When with DMA transfer data, High Speed I/O device and memory it
Between, the data transmission channel of high speed is directly opened up, CPU does not need directly to participate in data exchange, but special by one kind of DMA
Logic glue, that is, dma controller is responsible for management, can greatly improve the speed of I/O interface using DMA technology.
Wherein, 10,000,000,000 optical fiber data transferring technology: with desktop PC machine and server network connection constantly to quickly with
Too net and gigabit Ethernet upgrading, cause demand of the communication apparatus such as data center server to bandwidth higher and higher, these are all
Promote the fast development of 10,000,000,000 optical fiber data transferring technologies, the market share constantly expands.However due to high cost, at present
There is no the sprawlings rapidly on the market as prediction for the application of 10000000000 optical fiber.In this context, a kind of new light transmitting-receiving
Device scheme is shown one's talent.Have high port density, low cost SFP+ optical module appearance can be provided for enterprise customer than with
Toward the higher ten thousand mbit ethernets solution of technology cost performance.
National secret algorithm is the series of algorithms that State Commercial Cryptography Administration formulates standard, is mainly used for the interior of concerning security matters content and sensibility
Portion's information, administrative affair information, economic information etc. encrypt.Such as: for enterprise's entrance guard management, enterprises it is each
Transmission encryption, the storage encryption of class sensitive information, prevent illegal third party from obtaining the information content, it can also be used to which various safety are recognized
Card, Web bank, digital signature etc..National secret algorithm includes symmetric encipherment algorithm, elliptic curve rivest, shamir, adelman, hash
Algorithm.Specifically include SM1 (algorithm is underground), SM2, SM3, SM4, SM7 (algorithm is underground), SM9 etc..
National standard GB35114:GB35114-2017 " requirement of public safety video monitoring networking information security technology ", it is specified that
The technical requirements of public safety field video monitoring networking video information and control signaling information safety protection, including public peace
The skills such as the interconnection architecture of full video monitoring networking information safety system, certificate and secret key requirement, basic function requirement, performance requirement
Art requirement.Suitable for the security solution design of public safety field video monitoring system, system detection, examination and therewith
Relevant equipment research and development and detection.GB35114 is great to promotion video monitoring information security implications.
For data interchange format: XML and JSON is current popular data interchange format, XML possess it is cross-platform,
Across language, easily the advantage extended, JSON are then a kind of lightweight data interchange formats, are easy to read and write, be also easy to simultaneously
Machine parsing and generation.
For traditional data exchange, interface compatibility and scalability are stronger, simultaneously because using FPGA,
The technologies such as DMA, DSP encryption in turn ensure the safety of data exchange.The fpga chip used in this scheme has parallel processing
Advantage, operation is efficient, using FPGA structure design board belong to special circuit, the safety of data exchange can be improved.
Under the premise of realizing identical function, structure is simple, it is highly reliable and have higher flexibility and arithmetic speed.With mesh
The network interface card used in preceding system or other special chip schemes are different, while FPGA has high-speed parallel processing advantage, also have
There is stronger flexibility and scalability, function modification, increase and liter can be carried out to FPGA Direct Programming according to needs from now on
Grade operation.DMA is used in this scheme, this technology needs not rely on a large amount of interrupt loads of CPU, the transmitting terminal of security data exchange
The memory headroom of DMA is written by privately owned interface for application software data to be sent, and FPGA is directly read from memory by DMA
Access is according to transmission.DMA technology provides the direct access method of calculator memory, and the TCP/IP without regard to its operating system is assisted
The protocol stack layer by layer of view.This method has the feature of low cpu busy percentage, low latency, to realize the height of data switching networks
Handling capacity.DSP technology is used in this scheme, makes full use of the advantages such as DSP Digital Signal Processing is strong, algorithm is strong, parallel execution,
Opposite other devices are more suitable for realizing various national secret algorithms in terms of processing speed, flexibility.Using highly reliable, high between FPGA
The serial SRIO interface of performance supports DMA transfer, multicast communication, and multi tate selection, single channel rate is up to 5Gbps.
Wherein, it the major function that fpga chip 4 is realized under the cooperation of peripheral hardware: is received for 10,000,000,000 optical fiber interface data of SFP+
Hair, the hardware controls of data sheet both-way communication, data filtering, cooperation dsp processor carry out the transmission of data encryption, PCI-E number
According to transmission, realize the functions such as DMA function, Memory control, memory read/write, the instruction of board information.The high-speed interface of FPGA has
On the one hand full duplex communication function reads the data that application layer need to be sent from server memory through PCI-E using DMA technology, so
It is sent on network after being encrypted by dsp processor by the optical port of board.On the other hand, FPGA carrys out automatic network from optical port reception
Data, according to application layer instruction carry out data filtering, single-direction and dual-direction communication control after, to meet receive require data pass through
The PCI-E interface through FPGA is write in the memory of book server using DMA technology after crossing DSP decryption, for server application
It is read by privately owned interface.
Preferably, four groups of SFP+, 10,000,000,000 optical interface 11, and each group of SFP+ are connected on the fpga chip 4 in the present embodiment
10000000000 optical interfaces 11 connect 112 phase of indicator light 111 and optical fiber rate indicator light with the optical fiber being arranged in PCB circuit board 1 respectively
It is corresponding.Here 4 groups of 10,000,000,000 optical interfaces of SFP+ and indicator light: for installing 10,000,000,000 optical module of SFP+, and it is outer by optical fiber connection
Portion's target device, to realize the function of network communication.Each 10,000,000,000 optical interface 11 of SFP+ is corresponding with 1 optical fiber connection indicator light
With 1 optical fiber rate indicator light.Whether optical fiber connection indicator light 111 is used to indicate optical port sending and receiving link connection normal, is always on table
Show normally, not working indicates abnormal.Optical fiber rate indicator light 112 is used to indicate the rate of optical fiber real-time Transmission, is always on expression rate
More than or equal to 9Gbps, flashing indicates rate in 9Gbps hereinafter, not working indicates that no data transmits.
Wherein, FPGA peripheral circuit 5 here include be connected respectively with fpga chip 4 Flash memory module 51,
EEPROM memory module 52, sdram memory module group 53, board temperature monitoring module 54, debugging interface 55, reseting module 56,
Serial port module 57, expansion I/O interface 58, information indicator lamp groups 59, parameter setting switching group 591 and FPGA program encryption module
592。
Here Flash memory module 51: the configuration code designed for storing FPGA, at most of FPGA
Reason device be based on SRAM structure, be by and after the data in sram cell will lose after a power failure, therefore switching card powers on
Correct data are automatically loaded into the SRAM of FPGA by configuration circuit, and FPGA processor can operate normally after the completion of configuration.
EEPROM memory module 52: design is used for using the eeprom chip and peripheral components of I IC or SPI interface composition
Store the data such as switching card software and hardware version, unique sequence numbers, running parameter.
Sdram memory module group 53: design is made of devices such as multiple groups memory chips, for caching the number for receiving, sending
According to the requirement according to rate and FPGA to data processing is different, and design is using different capabilities and the memory of rate.
Board temperature monitoring module 54: design is made of the chip temperature and peripheral components of digital interface, is realized to exchange
The acquisition of card real time temperature, FPGA read temperature value by hardware interface, can be made according to the setting of user to specific temperature
Reaction, such as adjustment switching card radiating fan rotation speed, reduction transmission and processing speed, alarm.
Debugging interface 55: design is made of the jtag interface and peripheral components of standard, and computer connection emulator is set by this
Meter interface can be realized to functions such as FPGA processor on-line debugging, emulation, configuration file downloadings.
Reseting module 56: design is made of reset button and peripheral components, in case of constant power for switching card, weight
New starting FPGA operation.
Serial port module 57: design is drawn after the I/O mouth of FPGA is isolated, and is obtained switching card by this interface for user and is opened
Dynamic information, parameter information, Debugging message etc..
Expansion I/O interface 58: discrete I/O mouthfuls of FPGA after being isolated, are drawn out on unified interface, as standby by design
With design interface, it is mainly used for extension and is used with external module progress I/O communication.
Board information indicator lamp groups 59: designing multiple LED lights, including 1 FPGA normal program operation instruction flashing,
Multiple running LEDs.Such as: corresponding LED light is lighted when the problems such as receiving a large amount of erroneous packets, transmission abnormality.
Parameter setting switching group 591: being made of multi-position switch, is mainly used for all kinds of clock frequencies of selection supply FPGA,
The effects of board hardware address is set.
FPGA program encryption module 592: design is by " Secure Hash Algorithm " memory (abbreviation encryption chip) and peripheral device
Part composition.The main intellectual property protection for realizing FPGA program, prevents the illegal copies of code.It is required before FPGA life's work
It completes to identify (instruction question and answer) with the identity of encryption chip, could be operated normally by rear user's design function.
Further, fpga chip 4 here is connected with two groups of dsp processors 6, and dsp processor 6 passes through SRIO respectively
Interface 13 and IIC/SPI interface 14 are connected with fpga chip 4.Two groups of 6 functions of dsp processor are similar, below as unit of 1 group
It is illustrated.For dsp processor under the cooperation of peripheral hardware, the Encrypt and Decrypt function of exchange data is realized in design.Encryption aspect, FPGA
The data for needing encrypted transmission are obtained by PCI-E interface, and confirm that the data for meeting transmission are sent to DSP, DSP through SRIO interface
The parallel encryption that data packet is carried out using published encription algorithms approved by the State Password Administration Committee Office algorithm, key, is sent to FPGA through SFP+ after completing encryption
10000000000 optical ports are transmitted to target network.Decryption aspect, the data that FPGA is received by 10,000,000,000 optical fiber interface of SFP+ are confirmed
After meeting transmission requirement, DSP is sent to by SRIO interface, DSP is solved by authenticating acquired key before data exchange
Ciphertext data, and the data after decryption are issued into FPGA through SRIO interface, FPGA is then passed through PCI-E interface and is transmitted to using DMA method
The application program of server.For data such as the videos that has encrypted, switching card is settable not to carry out double-encryption to data, directly
High speed forward is carried out by FPGA.
Preferably, DSP peripheral circuit 7 here includes that the DSP peripheral information being connected respectively with dsp processor 6 is arranged in
Indicator lamp groups 71, the periphery DSP EEPROM memory module 72, the periphery DSP Flash memory module 73, the periphery DSP sdram memory mould
Module 75, the periphery DSP debugging interface 76 and the periphery DSP reseting module 77 occur for block 74, the periphery DSP true random number.
Here multiple LED lights, including 1 DSP normal program operation DSP peripheral information indicator lamp groups 71: are designed
Instruction flashing, multiple running LEDs.Such as: corresponding LED indication is lighted when the problems such as receiving a large amount of erroneous packets, key
Lamp.The periphery DSP EEPROM memory module 72: design is used using the eeprom chip and peripheral components of IIC or SPI interface composition
In data such as storage key, software versions.The periphery DSP Flash memory module 73: design uses NOR or NAND Flash chip
Add peripheral components to form, is mainly used for storing the starting code of DSP.The periphery DSP sdram memory module 74: design uses memory
Chip adds peripheral components to form, and is mainly used for the caching that data packet is received, sent.Module 75 occurs for the periphery DSP true random number: setting
Meter adds peripheral components to form using physical noise source chip, for generating true random number sequence, uses for key generation procedure.
The periphery DSP debugging interface 76: design is made of the jtag interface and peripheral components of standard, and computer connects emulator and designed by this
Interface can be realized to functions such as dsp processor on-line debugging, emulation, program downloadings.The periphery DSP reseting module 77: design is by multiple
Position button and peripheral components composition in case of constant power for switching card restart dsp operation.
The encription algorithms approved by the State Password Administration Committee Office security video method for interchanging data based on FPGA and DSP in the present embodiment, comprising the following steps:
S1, data are sent: fpga chip 4 reads application layer from server memory through PCI-E bus interface 12 using DMA technology and needs to send
Data, then return to FPGA after the encryption of dsp processor 6 and network be sent to by 10,000,000,000 optical interface 11 of SFP+ of board
On;S2, data receiver: fpga chip 4 receives the data for carrying out automatic network from 10,000,000,000 optical interface 11 of SFP+, according to the instruction of application layer
After carrying out data filtering, the control that single-direction and dual-direction communicates, passed through after the decryption of dsp processor 6 to the data for receiving and requiring are met
The PCI-E bus interface 12 of fpga chip 4 is write in the memory of server using DMA technology, is passed through for server application
Privately owned interface is read.
The encryption of dsp processor 6 in step sl includes: that fpga chip 4 needs to encrypt by the acquisition of PCI-E bus interface 12
The data of transmission, and confirm that the data for meeting transmission are sent to dsp processor 6 through SRIO interface 13, dsp processor 6 is using
Disclosed encription algorithms approved by the State Password Administration Committee Office algorithm, key carry out the parallel encryption of data packet, are sent to fpga chip 4 through SFP+ ten thousand after completing encryption
Million optical interfaces 11 are transmitted to target network;The decryption of dsp processor 6 in step s 2 includes: decryption aspect, fpga chip
4 data received by 10,000,000,000 optical interface 11 of SFP+, it is confirmed meet transmission requirement after, DSP is sent to by SRIO interface 13
Processor 6, dsp processor 6, which passes through, to be authenticated acquired key before data exchange and is decrypted data, and by the data after decryption
Fpga chip 4 is issued through SRIO interface 13, fpga chip 4 is transmitted to server using DMA method by PCI-E bus interface 12
Application program.For data such as the videos that has encrypted, switching card is settable not to carry out double-encryption to data, directly by FPGA into
Row high speed forward.
Specific embodiment described herein is only an example for the spirit of the invention.The neck of technology belonging to the present invention
The technical staff in domain can make various modifications or additions to the described embodiments or replace by a similar method
In generation, however, it does not deviate from the spirit of the invention or beyond the scope of the appended claims.
Although PCB circuit board 1,10,000,000,000 optical interface 11 of SFP+, optical fiber connection indicator light 111, light is used more herein
Fine rate indicator light 112, PCI-E bus interface 12, SRIO interface 13, IIC/SPI interface 14, power supply indicator 15, micro
Usb 16, clock generates and management module 2, crystal oscillator 21, multipath clock generator 22, peripheral components 23, power supply turn
Change with management module 3, voltage-dropping type DC/DC converter 31, low pressure difference linear voltage regulator 32, fpga chip 4, FPGA peripheral circuit 5,
Flash memory module 51, EEPROM memory module 52, sdram memory module group 53, board temperature monitoring module 54, debugging connect
Mouthfuls 55, reseting module 56, serial port module 57, expansion I/O interface 58, information indicator lamp groups 59, parameter setting switching group 591,
FPGA program encryption module 592, dsp processor 6, DSP peripheral circuit 7, DSP peripheral information indicator lamp groups 71, the periphery DSP
EEPROM memory module 72, the periphery DSP Flash memory module 73, the periphery DSP sdram memory module 74, the periphery DSP are truly random
The terms such as module 75, the periphery DSP debugging interface 76, the periphery DSP reseting module 77 occur for number, but are not precluded and use other terms
A possibility that.The use of these items is only for be more convenient to describe and explain essence of the invention;It is construed as appointing
The additional limitation of what one kind is disagreed with spirit of that invention.
Claims (10)
1. a kind of encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP, including PCB circuit board (1), feature exists
In the PCB circuit board (1) is equipped with clock and generates and management module (2) and power supply conversion and management module (3), institute
The PCB circuit board (1) stated is equipped with fpga chip (4), is connected with FPGA peripheral circuit (5), institute on the fpga chip (4)
The PCB circuit board (1) stated is equipped with several 10,000,000,000 optical interfaces of SFP+ (11) and at least one being connected respectively with fpga chip (4)
A PCI-E bus interface (12) being connected with fpga chip (4), the fpga chip (4) are connected at least two DSP processing
Device (6) is connected with DSP peripheral circuit (7) on the dsp processor (6).
2. the encription algorithms approved by the State Password Administration Committee Office security video data exchange card according to claim 1 based on FPGA and DSP, feature exist
In being connected with four groups of 10,000,000,000 optical interfaces of SFP+ (11), and each group of 10,000,000,000 optical interface of SFP+ (11) on the fpga chip (4)
Indicator light (111) is connected with the optical fiber being arranged on PCB circuit board (1) respectively and optical fiber rate indicator light (112) is corresponding.
3. the encription algorithms approved by the State Password Administration Committee Office security video data exchange card according to claim 2 based on FPGA and DSP, feature exist
It include that the Flash memory module (51) being connected respectively with fpga chip (4), EEPROM are deposited in, the FPGA peripheral circuit (5)
Store up module (52), sdram memory module group (53), board temperature monitoring module (54), debugging interface (55), reseting module
(56), serial port module (57), expansion I/O interface (58), information indicator lamp groups (59), parameter setting switching group (591) and
FPGA program encryption module (592).
4. the encription algorithms approved by the State Password Administration Committee Office security video data exchange card according to claim 1 or 2 or 3 based on FPGA and DSP, special
Sign is that the fpga chip (4) is connected with two groups of dsp processors (6), and the dsp processor (6) passes through respectively
SRIO interface (13) and IIC/SPI interface (14) are connected with fpga chip (4).
5. the encription algorithms approved by the State Password Administration Committee Office security video data exchange card according to claim 4 based on FPGA and DSP, feature exist
In the DSP peripheral circuit (7) includes being arranged in the DSP peripheral information indicator lamp groups being connected respectively with dsp processor (6)
(71), the periphery DSP EEPROM memory module (72), the periphery DSP Flash memory module (73), the periphery DSP sdram memory module
(74), module (75), the periphery DSP debugging interface (76) and the periphery DSP reseting module (77) occur for the periphery DSP true random number.
6. the encription algorithms approved by the State Password Administration Committee Office security video data exchange card according to claim 1 based on FPGA and DSP, feature exist
In the clock generates and management module (2) include crystal oscillator (21), multipath clock generator (22) and peripheral components
(23);The power supply conversion and management module (3) include voltage-dropping type DC/DC converter (31) and low pressure difference linear voltage regulator
(32)。
7. the encription algorithms approved by the State Password Administration Committee Office security video data exchange card according to claim 6 based on FPGA and DSP, feature exist
In, the PCB circuit board (1) be equipped with the power supply indicator (15) being connected with power supply conversion and management module (3) and with
The connected micro USB interface (16) of dsp processor (6).
8. the encription algorithms approved by the State Password Administration Committee Office security video data exchange card according to claim 1 based on FPGA and DSP, feature exist
In the PCI-E bus interface (12) uses PCI-E Gen2X8 interface or PCI-E Gen3X4 interface.
9. a kind of encription algorithms approved by the State Password Administration Committee Office security video data described in any one of -8 based on FPGA and DSP according to claim 1
The encription algorithms approved by the State Password Administration Committee Office security video method for interchanging data based on FPGA and DSP of switching card, which is characterized in that this method includes following
Step:
S1, data are sent: fpga chip (4) is read from server memory through PCI-E bus interface (12) using DMA technology and is applied
Then the data that layer need to be sent return to FPGA after dsp processor (6) encryption and pass through 10,000,000,000 optical interface of SFP+ of board
(11) it is sent on network;
S2, data receiver: fpga chip (4) receives the data for carrying out automatic network from 10,000,000,000 optical interface of SFP+ (11), according to application layer
Instruction carry out data filtering, single-direction and dual-direction communication control after, to meet receive require data by dsp processor (6) solution
PCI-E bus interface (12) after close through fpga chip (4) is write in the memory of server using DMA technology, is answered for server
It is read with program by privately owned interface.
10. the encription algorithms approved by the State Password Administration Committee Office security video method for interchanging data according to claim 9 based on FPGA and DSP, feature
It is, dsp processor (6) encryption in step sl includes: that fpga chip (4) are needed by PCI-E bus interface (12) acquisition
The data of encrypted transmission, and confirm that the data for meeting transmission are sent to dsp processor (6), dsp processor through SRIO interface (13)
(6) parallel encryption that data packet is carried out using published encription algorithms approved by the State Password Administration Committee Office algorithm, key, is sent to fpga chip after completing encryption
(4) it is transmitted through 10,000,000,000 optical interface of SFP+ (11) to target network;Dsp processor (6) decryption in step s 2 includes: solution
Close aspect, fpga chip (4) pass through the data that receive of 10,000,000,000 optical interface of SFP+ (11), it is confirmed meet transmission requirement after, pass through
SRIO interface (13) is sent to dsp processor (6), and dsp processor (6) authenticates acquired key progress before passing through data exchange
Ciphertext data, and the data after decryption are issued fpga chip (4) through SRIO interface (13), fpga chip (4) is total by PCI-E
Line interface (12) is transmitted to the application program of server using DMA method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811247572.4A CN109286492A (en) | 2018-10-25 | 2018-10-25 | Encription algorithms approved by the State Password Administration Committee Office security video data exchange card and exchange method based on FPGA and DSP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811247572.4A CN109286492A (en) | 2018-10-25 | 2018-10-25 | Encription algorithms approved by the State Password Administration Committee Office security video data exchange card and exchange method based on FPGA and DSP |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109286492A true CN109286492A (en) | 2019-01-29 |
Family
ID=65178414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811247572.4A Pending CN109286492A (en) | 2018-10-25 | 2018-10-25 | Encription algorithms approved by the State Password Administration Committee Office security video data exchange card and exchange method based on FPGA and DSP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109286492A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110166240A (en) * | 2019-06-25 | 2019-08-23 | 南方电网科学研究院有限责任公司 | Network isolation password board card |
| CN110233740A (en) * | 2019-07-17 | 2019-09-13 | 上海创远仪器技术股份有限公司 | High-speed data switching card device and corresponding method based on FPGA |
| CN111327356A (en) * | 2020-02-26 | 2020-06-23 | 航天恒星科技有限公司 | Demodulation device |
| CN111897262A (en) * | 2020-07-30 | 2020-11-06 | 电子科技大学 | Parallel signal acquisition and processing system based on multiple DSP |
| CN112367310A (en) * | 2020-10-28 | 2021-02-12 | 北京计算机技术及应用研究所 | SRIO bus encryption transmission device based on FPGA |
| CN112866206A (en) * | 2020-12-31 | 2021-05-28 | 北京天融信网络安全技术有限公司 | Unidirectional data transmission method and device |
| CN113067800A (en) * | 2021-03-03 | 2021-07-02 | 江苏仕邦信息安全有限公司 | One-way isolation optical gate device |
| CN113094762A (en) * | 2021-04-30 | 2021-07-09 | 北京数盾信息科技有限公司 | Data processing method and device and signature verification server |
| CN114766086A (en) * | 2019-12-19 | 2022-07-19 | 西门子交通有限责任公司 | Transmission device for transmitting data |
| CN115484219A (en) * | 2022-08-23 | 2022-12-16 | 中国电子科技集团公司第十研究所 | Method, equipment and medium for avoiding port association of domestic SRIO (serial-to-input/output) switching chip |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101527823A (en) * | 2009-04-10 | 2009-09-09 | 南京大学 | Network video monitoring system based on FPGA chaotic encryption |
| US20100098252A1 (en) * | 2004-11-05 | 2010-04-22 | Nucrypt, Inc. | System and method for data transmission over arbitrary media using physical encryption |
| CN101901156A (en) * | 2010-07-26 | 2010-12-01 | 四川九洲电器集团有限责任公司 | Method and system for dynamically loading processor application programs |
| CN102347896A (en) * | 2011-07-14 | 2012-02-08 | 广州海格通信集团股份有限公司 | Ethernet-based platform for loading FPGA (Field Programmable Gate Array) and DSP (Digital Signal Processor) and implementation method thereof |
| CN202150855U (en) * | 2009-06-18 | 2012-02-22 | 深圳粤和通科技有限公司 | SONET/SDH (Synchronous Optical Network/ Synchronous Digital Hierarchy) interface device |
| CN104980267A (en) * | 2014-04-08 | 2015-10-14 | 常州隽通电子技术有限公司 | Quantum secret communication system controller |
| CN106100739A (en) * | 2016-07-29 | 2016-11-09 | 四川赛狄信息技术有限公司 | A kind of optical fiber interface plate system |
| CN206962832U (en) * | 2017-06-26 | 2018-02-02 | 杭州创谐信息技术股份有限公司 | Network data auditing system based on FPGA high-performance capture cards |
| US20180213669A1 (en) * | 2015-07-10 | 2018-07-26 | Prasad Lalathuputhanpura KOCHUKUNJU | Micro data center (mdc) in a box system and method thereof |
| KR101897270B1 (en) * | 2018-05-14 | 2018-09-10 | 주식회사 경림이앤지 | Block encryption and description system of IP based CCTV camera video and audio data |
| CN209151178U (en) * | 2018-10-25 | 2019-07-23 | 北京中科富星信息技术有限公司 | Encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP |
-
2018
- 2018-10-25 CN CN201811247572.4A patent/CN109286492A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100098252A1 (en) * | 2004-11-05 | 2010-04-22 | Nucrypt, Inc. | System and method for data transmission over arbitrary media using physical encryption |
| CN101527823A (en) * | 2009-04-10 | 2009-09-09 | 南京大学 | Network video monitoring system based on FPGA chaotic encryption |
| CN202150855U (en) * | 2009-06-18 | 2012-02-22 | 深圳粤和通科技有限公司 | SONET/SDH (Synchronous Optical Network/ Synchronous Digital Hierarchy) interface device |
| CN101901156A (en) * | 2010-07-26 | 2010-12-01 | 四川九洲电器集团有限责任公司 | Method and system for dynamically loading processor application programs |
| CN102347896A (en) * | 2011-07-14 | 2012-02-08 | 广州海格通信集团股份有限公司 | Ethernet-based platform for loading FPGA (Field Programmable Gate Array) and DSP (Digital Signal Processor) and implementation method thereof |
| CN104980267A (en) * | 2014-04-08 | 2015-10-14 | 常州隽通电子技术有限公司 | Quantum secret communication system controller |
| US20180213669A1 (en) * | 2015-07-10 | 2018-07-26 | Prasad Lalathuputhanpura KOCHUKUNJU | Micro data center (mdc) in a box system and method thereof |
| CN106100739A (en) * | 2016-07-29 | 2016-11-09 | 四川赛狄信息技术有限公司 | A kind of optical fiber interface plate system |
| CN206962832U (en) * | 2017-06-26 | 2018-02-02 | 杭州创谐信息技术股份有限公司 | Network data auditing system based on FPGA high-performance capture cards |
| KR101897270B1 (en) * | 2018-05-14 | 2018-09-10 | 주식회사 경림이앤지 | Block encryption and description system of IP based CCTV camera video and audio data |
| CN209151178U (en) * | 2018-10-25 | 2019-07-23 | 北京中科富星信息技术有限公司 | Encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110166240A (en) * | 2019-06-25 | 2019-08-23 | 南方电网科学研究院有限责任公司 | Network isolation password board card |
| CN110166240B (en) * | 2019-06-25 | 2024-05-03 | 南方电网科学研究院有限责任公司 | Network isolation password board card |
| CN110233740A (en) * | 2019-07-17 | 2019-09-13 | 上海创远仪器技术股份有限公司 | High-speed data switching card device and corresponding method based on FPGA |
| CN114766086A (en) * | 2019-12-19 | 2022-07-19 | 西门子交通有限责任公司 | Transmission device for transmitting data |
| CN111327356A (en) * | 2020-02-26 | 2020-06-23 | 航天恒星科技有限公司 | Demodulation device |
| CN111327356B (en) * | 2020-02-26 | 2022-08-09 | 航天恒星科技有限公司 | Demodulation device |
| CN111897262A (en) * | 2020-07-30 | 2020-11-06 | 电子科技大学 | Parallel signal acquisition and processing system based on multiple DSP |
| CN111897262B (en) * | 2020-07-30 | 2023-08-11 | 电子科技大学 | Data processing method of parallel signal acquisition processing system based on multiple DSPs |
| CN112367310A (en) * | 2020-10-28 | 2021-02-12 | 北京计算机技术及应用研究所 | SRIO bus encryption transmission device based on FPGA |
| CN112866206A (en) * | 2020-12-31 | 2021-05-28 | 北京天融信网络安全技术有限公司 | Unidirectional data transmission method and device |
| CN113067800A (en) * | 2021-03-03 | 2021-07-02 | 江苏仕邦信息安全有限公司 | One-way isolation optical gate device |
| CN113094762A (en) * | 2021-04-30 | 2021-07-09 | 北京数盾信息科技有限公司 | Data processing method and device and signature verification server |
| CN115484219A (en) * | 2022-08-23 | 2022-12-16 | 中国电子科技集团公司第十研究所 | Method, equipment and medium for avoiding port association of domestic SRIO (serial-to-input/output) switching chip |
| CN115484219B (en) * | 2022-08-23 | 2023-06-27 | 中国电子科技集团公司第十研究所 | Method, equipment and medium for avoiding port association of domestic SRIO exchange chip |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109286492A (en) | Encription algorithms approved by the State Password Administration Committee Office security video data exchange card and exchange method based on FPGA and DSP | |
| EP4196946A1 (en) | Transferring cryptocurrency from a remote limited access wallet | |
| DE102019129622A1 (en) | EXTENDABLE INTEGRITY-PROTECTED CONNECTION FOR SECURE ACCELERATOR COMMUNICATION | |
| CN109274647B (en) | Distributed trusted memory exchange method and system | |
| CN110414244A (en) | Encrypted card, electronic equipment and cryptographic services method | |
| CN105681281B (en) | Encryption device based on embedded OS | |
| CN110601830B (en) | Key management method, device, equipment and storage medium based on block chain | |
| CN108768669A (en) | Based on ASIC trusted remote memory switching cards and its method for interchanging data | |
| WO2024140258A1 (en) | Blockchain-based transaction supervision method, system and apparatus, and electronic device | |
| Liu et al. | BCmaster: A compatible framework for comprehensively analyzing and monitoring blockchain systems in IoT | |
| CN109976230A (en) | A kind of Internet of Things smart machine | |
| Lu et al. | Network data security sharing system based on blockchain | |
| CN101777979B (en) | Operating method and system for intelligent key device | |
| CN201051744Y (en) | A secure encryption network card device | |
| CN101515853B (en) | Information terminal and information safety device thereof | |
| Lei et al. | Research and design of cryptography cloud framework | |
| CN111431933A (en) | Settlement method and device based on block chain | |
| CN209151178U (en) | Encription algorithms approved by the State Password Administration Committee Office security video data exchange card based on FPGA and DSP | |
| WO2014135046A1 (en) | Secure information interaction device | |
| CN103095458A (en) | Device and method of data communication by storing digital certificate private key | |
| CN207869401U (en) | A kind of safety-type power grid private radio communication module of wisdom based on linux system | |
| CN201993768U (en) | Encryption card with network interfaces | |
| CN110046946A (en) | Electronic certificate management equipment and system | |
| CN117319516B (en) | Multi-protocol conversion protocol processing method and device, electronic equipment and medium | |
| CN214174879U (en) | Network security architecture for new safety partition of power plant Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |