CN109726569A - One kind plus/two channel decision system of DecryptDecryption Dynamic data exchange and its application - Google Patents
One kind plus/two channel decision system of DecryptDecryption Dynamic data exchange and its application Download PDFInfo
- Publication number
- CN109726569A CN109726569A CN201811584364.3A CN201811584364A CN109726569A CN 109726569 A CN109726569 A CN 109726569A CN 201811584364 A CN201811584364 A CN 201811584364A CN 109726569 A CN109726569 A CN 109726569A
- Authority
- CN
- China
- Prior art keywords
- algorithm process
- process chip
- decryptdecryption
- chip
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses one kind plus/two channel decision system of DecryptDecryption Dynamic data exchange and its applications, the system includes embeded processor, protocol processing chip, the first algorithm process chip and the second algorithm process chip, embeded processor respectively with protocol processing chip, the first algorithm process chip, the second algorithm process chip is two-way is electrically connected, for carrying out tactful configuration and key management to protocol processing chip and carrying out cipher key configuration to the first algorithm process chip and the second algorithm process chip;Protocol processing chip respectively with the first algorithm process chip, the second algorithm process chip is two-way is electrically connected, for by data packet from protocol processing chip be sent to the first algorithm process chip, carry out in the second algorithm process chip encrypting/DecryptDecryption operation after return.The present invention greatly reduces the probability due to carrying out operation operation result error that may be present using single channel algorithm process chip, avoids the risk that the error of cryptographic calculation result causes data of magnetic disk array that can not restore.
Description
Technical field
The invention belongs to computer information safety technique fields, and in particular to one kind plus/two channel of DecryptDecryption Dynamic data exchange are sentenced
Certainly system and its application.
Background technique
With the universal of computer application, the development of internet and movable storage device, the raising of terminal intelligent degree is deposited
The increase of capacity is stored up, people increasingly like saving some private datas in the terminal in the form of a file.In order to protect use
The privacy at family, i.e., the safety of file stored in guarantee terminal, the processing such as being encrypted, decrypted to file seems increasingly important.
How to effectively realize file and carry out unified security storage, centralized management and use, is just faced at present at electronic document tight
High challenge.
Data in existing network transmission add/DecryptDecryption method be using plus/DecryptDecryption algorithm and plus/DecryptDecryption key pair
Target data carries out plus/DecryptDecryption, data receiver receive this add/DecryptDecryption data after by plus/the algorithm of DecryptDecryption and plus/DecryptDecryption
The key pair data be decrypted or encrypt, to achieve the purpose that transmitting network data, the characteristics of such way be as
Fruit is that identical clear data just has an identical ciphertext data, but add/error of DecryptDecryption operation result when, be easy to cause disk
Array data can not restore.
Summary of the invention
In order to solve the above-mentioned technical problems, the present invention provides one kind plus/two channel decision system of DecryptDecryption Dynamic data exchange and
It is applied.
In order to achieve the above object, technical scheme is as follows:
The present invention provides a kind of plus/two channel decision system of DecryptDecryption Dynamic data exchange, including embeded processor, protocol processes core
Piece, the first algorithm process chip and the second algorithm process chip, the embeded processor respectively with protocol processing chip, first
Algorithm process chip, the second two-way electrical connection of algorithm process chip, for carrying out tactful configuration and key to protocol processing chip
It manages and cipher key configuration is carried out to the first algorithm process chip and the second algorithm process chip;
The protocol processing chip respectively with the first algorithm process chip, the second algorithm process chip is two-way is electrically connected, for will
Data packet is sent to the first algorithm process chip from protocol processing chip, carries out in the second algorithm process chip encrypting/DecryptDecryption fortune
It is returned after calculation.
As a preferred option, the embeded processor runs built-in Linux operating system.
As a preferred option, the protocol processing chip is integrated with encrypted component and DecryptDecryption component, the encrypted component
FC interface, FC protocol resolution module, SM4 algorithmic dispatching mould have been sequentially connected electrically by input terminal to output end with DecryptDecryption component
Block plus/two channel judging module of DecryptDecryption Dynamic data exchange, FC protocol encapsulation module and FC interface, the encrypted component and DecryptDecryption
The SM4 algorithmic dispatching module of component respectively with key management module is two-way is electrically connected, the key management module and the first algorithm
Handle chip, the second two-way electrical connection of algorithm process chip.
As a preferred option, the first algorithm process chip, be integrated with respectively in the second algorithm process chip it is more
A algorithm processing module.
As a preferred option, the present invention also provides a kind of independent two channel decision methods of encryption data, including following step
It is rapid:
S1, application server side clear data packet by the input of the FC interface of protocol processing chip after, progress FC agreement first
Then parsing is sent to the first algorithm process chip, the second calculation simultaneously by SM4 algorithmic dispatching module by key management module
Method is handled in chip;
S2, the first algorithm process chip, the second algorithm process chip add data packet by respective algorithm processing module
Close operation, and by ciphertext return to protocol processing chip plus/two channel judging module of DecryptDecryption Dynamic data exchange;
S3, protocol processing chip plus/two channel judging module of DecryptDecryption Dynamic data exchange receive after two-way ciphertext successively to each ratio
Special position is compared, if all bits of two-way ciphertext are all identical, send FC package module for ciphertext and carries out data
Package-restructuring sends storage array side for ciphertext finally by FC interface;If it is not identical that two-way is sealed with any bit,
Ciphertext is abandoned.
As a preferred option, the present invention also provides a kind of two channel decision methods of DecryptDecryption Dynamic data exchange, including following step
It is rapid:
S1, storage array side ciphertext data packet by the input of the FC interface of protocol processing chip after, progress FC agreement solution first
Then analysis is sent to the first algorithm process chip, the second algorithm by key management module by SM4 algorithmic dispatching module simultaneously
It handles in chip;
S2, the first algorithm process chip, the second algorithm process chip take off data packet by respective algorithm processing module
Close operation, and by return in plain text protocol processing chip (FPGA0) plus/two channel judging module of DecryptDecryption Dynamic data exchange;
S3, protocol processing chip plus/two channel judging module of DecryptDecryption Dynamic data exchange receive after two-way plaintext successively to each ratio
Special position is compared, if all bits of two-way plaintext are all identical, will be sent to the progress of FC protocol encapsulation module in plain text
Data package-restructuring will be sent to application server side finally by FC interface in plain text;If two-way has any bit not in plain text
It is identical, then plaintext is abandoned.
The invention has the following advantages: the present invention is using the independent high speed algorithm chip of two-way to be added/DecryptDecryption number
Add/DecryptDecryption processing according to synchronizing, the operation result of two-way algorithm chip feeds back to protocol processing chip and be compared simultaneously to be sentenced
Certainly, only just determine that operation result is effective, otherwise determines fortune when operation result of the two-way algorithm chip to same data is consistent
It is invalid to calculate result.The present invention is greatly reduced due to carrying out operation operation result that may be present using single channel algorithm process chip
The probability of error avoids the risk that the error of cryptographic calculation result causes data of magnetic disk array that can not restore.
Detailed description of the invention
Fig. 1 is of the invention a kind of plus/two channel decision system of DecryptDecryption Dynamic data exchange structure principle chart.
Specific embodiment
The preferred embodiment that the invention will now be described in detail with reference to the accompanying drawings.
In order to reach the purpose of the present invention, as shown in Figure 1, providing one kind in one of embodiment of the invention
Add/two channel decision system of DecryptDecryption Dynamic data exchange, including embeded processor, protocol processing chip FPGA0, the first algorithm process
Chip FPGA1 and the second algorithm process chip FPGA2, the embeded processor respectively with protocol processing chip FPGA0, first
Algorithm process chip FPGA1, the second two-way electrical connection of algorithm process chip FPGA2, for being carried out to protocol processing chip FPGA0
Strategy configuration carries out key with key management and to the first algorithm process chip FPGA1 and the second algorithm process chip FPGA2
Configuration;
The protocol processing chip FPGA0 is bis- with the first algorithm process chip FPGA1, the second algorithm process chip FPGA2 respectively
To electrical connection, for sending the first algorithm process chip FPGA1, the second algorithm from protocol processing chip FPGA0 for data packet
Encrypt in processing chip FPGA2/DecryptDecryption operation after return.
The present embodiment is synchronized using the independent high speed algorithm chip of two-way to be added/DecryptDecryption data plus the processing of/DecryptDecryption,
Feed back to protocol processing chip is compared judgement to the operation result of two-way algorithm chip simultaneously, only when two-way algorithm chip pair
Just determine that operation result is effective, otherwise determines that operation result is invalid when the operation result of same data is consistent.
Specifically, the embeded processor runs built-in Linux operating system.
Specifically, the protocol processing chip FPGA0 is integrated with encrypted component and DecryptDecryption component, the encrypted component and de-
Seal assembly by input terminal to output end be sequentially connected electrically FC interface, FC protocol resolution module, SM4 algorithmic dispatching module, plus/
Two channel judging module of DecryptDecryption Dynamic data exchange, FC protocol encapsulation module and FC interface, the encrypted component and DecryptDecryption component
SM4 algorithmic dispatching module respectively with key management module is two-way is electrically connected, the key management module and the first algorithm process core
Piece FPGA1, the second two-way electrical connection of algorithm process chip FPGA2.
Specifically, it is integrated with respectively in the first algorithm process chip FPGA1, the second algorithm process chip FPGA2
Polyalgorithm processing module can simultaneously carry out identical data packet plus/DecryptDecryption is handled.
In order to further optimize implementation result of the invention, in another embodiment of the invention, aforementioned interior
On the basis of appearance, the present invention also provides a kind of independent two channel decision methods of encryption data, comprising the following steps:
S1, application server side clear data packet by the input of the FC interface of protocol processing chip FPGA0 after, progress FC first
Then protocol analysis is sent to the first algorithm process chip by key management module by SM4 algorithmic dispatching module simultaneously
In FPGA1, the second algorithm process chip FPGA2;
S2, the first algorithm process chip FPGA1, the second algorithm process chip FPGA2 pass through respective algorithm processing module logarithm
According to packet carry out cryptographic calculation, and by ciphertext return to protocol processing chip FPGA0 plus/two channel of DecryptDecryption Dynamic data exchange adjudicate mould
Block;
S3, protocol processing chip FPGA0's plus/two channel judging module of DecryptDecryption Dynamic data exchange receive after two-way ciphertext successively to every
A bit is compared, if all bits of two-way ciphertext are all identical, send FC package module for ciphertext and carries out
Data package-restructuring sends storage array side for ciphertext finally by FC interface;If two-way is sealed with any bit not phase
Together, then ciphertext is abandoned.
The present embodiment is greatly reduced by the independent two channels judgement to encryption data due to using single channel algorithm process
Chip carries out the probability of operation operation result error that may be present, and substantially avoided the error of cryptographic calculation result leads to disk battle array
The risk that column data can not restore.
In order to further optimize implementation result of the invention, in another embodiment of the invention, aforementioned interior
On the basis of appearance, the present invention also provides a kind of two channel decision methods of DecryptDecryption Dynamic data exchange, comprising the following steps:
S1, storage array side ciphertext data packet by the input of the FC interface of protocol processing chip FPGA0 after, progress FC association first
Then view parsing is sent to the first algorithm process chip by key management module by SM4 algorithmic dispatching module simultaneously
In FPGA1, the second algorithm process chip FPGA2;
S2, the first algorithm process chip FPGA1, the second algorithm process chip FPGA2 pass through respective algorithm processing module logarithm
According to packet carry out DecryptDecryption operation, and will return in plain text protocol processing chip FPGA0 plus/two channel of DecryptDecryption Dynamic data exchange judgement mould
Block;
S3, protocol processing chip FPGA0's plus/two channel judging module of DecryptDecryption Dynamic data exchange receive after two-way plaintext successively to every
A bit is compared, if all bits of two-way plaintext are all identical, will be sent to FC protocol encapsulation module in plain text
Data package-restructuring is carried out, application server side will be sent in plain text finally by FC interface;If two-way has any bit in plain text
Position is not identical, then abandons plaintext.
The present embodiment is greatly reduced by the independent two channels judgement to DecryptDecryption data due to using single channel algorithm process
Chip carries out the probability of operation operation result error that may be present, and substantially avoided the error of DecryptDecryption operation result causes to read magnetic
The risk of disk array error in data.
Added using independent two channel datas of pure hardware realization/DecryptDecryption operation and compared currently, being had no in storage field of encryption
As a result technical application.Storage plus/DecryptDecryption algorithm are carried out data as unit of sector and add/DecryptDecryption operation, and the size of sector is 512
Byte, add/bright (close) the literary size of DecryptDecryption algorithm input/output is also 512 bytes.Under normal circumstances data plus/DecryptDecryption at
It should be correct for managing result.When data plus the processing of/DecryptDecryption it is abnormal when, single channel algorithm can not carry out correction judgement, independent
Two channel decision mechanisms can be by comparing discarding abnormal data packet and being handled again.When there is n-bit data in data packet
Add/DecryptDecryption processing it is abnormal when, the probability of error can be reduced to original (N-n) using independent two channel decision mechanisms!/
(N!), wherein N=512*8=4096, n≤N.
In the present invention, the word that the expressions such as " connection ", " connected ", " company ", " connecing ", " electrical connection " are electrical connected, such as nothing
It illustrates, then it represents that direct or indirect electric connection.
What has been described above is only a preferred embodiment of the present invention, it is noted that for those of ordinary skill in the art
For, without departing from the concept of the premise of the invention, various modifications and improvements can be made, these belong to the present invention
Protection scope.
Claims (6)
1. one kind plus/two channel decision system of DecryptDecryption Dynamic data exchange, which is characterized in that including embeded processor, protocol processes
Chip (FPGA0), the first algorithm process chip (FPGA1) and the second algorithm process chip (FPGA2), the embeded processor
It is two-way with protocol processing chip (FPGA0), the first algorithm process chip (FPGA1), the second algorithm process chip (FPGA2) respectively
Electrical connection, for carrying out strategy configuration and key management to protocol processing chip (FPGA0) and to the first algorithm process chip
(FPGA1) and the second algorithm process chip (FPGA2) carries out cipher key configuration;
The protocol processing chip (FPGA0) respectively with the first algorithm process chip (FPGA1), the second algorithm process chip
(FPGA2) two-way electrical connection, for sending the first algorithm process chip from protocol processing chip (FPGA0) for data packet
(FPGA1), carry out encrypting in the second algorithm process chip (FPGA2)/DecryptDecryption operation after return.
2. according to claim 1 plus/two channel decision system of DecryptDecryption Dynamic data exchange, which is characterized in that described embedded
Processor runs built-in Linux operating system.
3. according to claim 1 plus/two channel decision system of DecryptDecryption Dynamic data exchange, which is characterized in that at the agreement
Reason chip (FPGA0) is integrated with encrypted component and DecryptDecryption component, and the encrypted component and DecryptDecryption component are by input terminal to output end
It has been sequentially connected electrically FC interface, FC protocol resolution module, SM4 algorithmic dispatching module plus the judgement of/two channel of DecryptDecryption Dynamic data exchange
The SM4 algorithmic dispatching module of module, FC protocol encapsulation module and FC interface, the encrypted component and DecryptDecryption component respectively with
The two-way electrical connection of key management module, the key management module and the first algorithm process chip (FPGA1), the second algorithm process
Chip (FPGA2) two-way electrical connection.
4. according to claim 1 plus/two channel decision system of DecryptDecryption Dynamic data exchange, which is characterized in that described first calculates
It is integrated with polyalgorithm processing module respectively in method processing chip (FPGA1), the second algorithm process chip (FPGA2).
5. a kind of independent two channel decision methods of encryption data, which comprises the following steps:
S1, application server side clear data packet by the FC interface of protocol processing chip (FPGA0) input after, carry out first
Then FC protocol analysis is sent to the first algorithm process chip by key management module by SM4 algorithmic dispatching module simultaneously
(FPGA1), in the second algorithm process chip (FPGA2);
S2, the first algorithm process chip (FPGA1), the second algorithm process chip (FPGA2) pass through respective algorithm processing module
To data packet carry out cryptographic calculation, and by ciphertext return to protocol processing chip (FPGA0) plus/two channel of DecryptDecryption Dynamic data exchange
Judging module;
S3, protocol processing chip (FPGA0) plus/two channel judging module of DecryptDecryption Dynamic data exchange receive it is successively right after two-way ciphertext
Each bit is compared, if all bits of two-way ciphertext are all identical, by ciphertext be sent to FC package module into
Row data package-restructuring sends storage array side for ciphertext finally by FC interface;If two-way is sealed with any bit not
It is identical, then ciphertext is abandoned.
6. a kind of two channel decision method of DecryptDecryption Dynamic data exchange, which comprises the following steps:
S1, storage array side ciphertext data packet by the FC interface of protocol processing chip (FPGA0) input after, progress FC first
Then protocol analysis is sent to the first algorithm process chip by key management module by SM4 algorithmic dispatching module simultaneously
(FPGA1), in the second algorithm process chip (FPGA2);
S2, the first algorithm process chip (FPGA1), the second algorithm process chip (FPGA2) pass through respective algorithm processing module
To data packet carry out DecryptDecryption operation, and by return in plain text protocol processing chip (FPGA0) plus/two channel of DecryptDecryption Dynamic data exchange
Judging module;
S3, protocol processing chip (FPGA0) plus/two channel judging module of DecryptDecryption Dynamic data exchange receive it is successively right after two-way plaintext
Each bit is compared, if all bits of two-way plaintext are all identical, will be sent to FC protocol encapsulation mould in plain text
Block carries out data package-restructuring, will be sent to application server side in plain text finally by FC interface;If two-way has any ratio in plain text
Special position is not identical, then abandons plaintext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811584364.3A CN109726569A (en) | 2018-12-24 | 2018-12-24 | One kind plus/two channel decision system of DecryptDecryption Dynamic data exchange and its application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811584364.3A CN109726569A (en) | 2018-12-24 | 2018-12-24 | One kind plus/two channel decision system of DecryptDecryption Dynamic data exchange and its application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109726569A true CN109726569A (en) | 2019-05-07 |
Family
ID=66297037
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811584364.3A Pending CN109726569A (en) | 2018-12-24 | 2018-12-24 | One kind plus/two channel decision system of DecryptDecryption Dynamic data exchange and its application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109726569A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113468563A (en) * | 2021-06-24 | 2021-10-01 | 曙光信息产业股份有限公司 | Virtual machine data encryption method and device, computer equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640785B (en) * | 2008-07-30 | 2011-08-17 | 航天信息股份有限公司 | Encrypting/decrypting system and encrypting/decrypting method for interactive network television |
| JP5013288B2 (en) * | 2007-02-28 | 2012-08-29 | シャープ株式会社 | Content distribution system, content distribution method, terminal device, target device, and reference device |
| CN206759484U (en) * | 2017-05-18 | 2017-12-15 | 无锡市同威科技有限公司 | FC stores security gateway |
-
2018
- 2018-12-24 CN CN201811584364.3A patent/CN109726569A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5013288B2 (en) * | 2007-02-28 | 2012-08-29 | シャープ株式会社 | Content distribution system, content distribution method, terminal device, target device, and reference device |
| CN101640785B (en) * | 2008-07-30 | 2011-08-17 | 航天信息股份有限公司 | Encrypting/decrypting system and encrypting/decrypting method for interactive network television |
| CN206759484U (en) * | 2017-05-18 | 2017-12-15 | 无锡市同威科技有限公司 | FC stores security gateway |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113468563A (en) * | 2021-06-24 | 2021-10-01 | 曙光信息产业股份有限公司 | Virtual machine data encryption method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11263352B2 (en) | Security plugin for a system-on-a-chip platform | |
| US7290134B2 (en) | Encapsulation mechanism for packet processing | |
| JP3917679B2 (en) | High bandwidth cryptographic system with low bandwidth cryptographic module | |
| CN107171811B (en) | Lightweight RFID security authentication method based on Present algorithm | |
| CN109274647B (en) | Distributed trusted memory exchange method and system | |
| US6983382B1 (en) | Method and circuit to accelerate secure socket layer (SSL) process | |
| CN106603539B (en) | Anti-desynchronization lightweight RFID bidirectional authentication method based on time factor | |
| CN109726569A (en) | One kind plus/two channel decision system of DecryptDecryption Dynamic data exchange and its application | |
| EP2558946B1 (en) | Method and system for cryptographic processing core | |
| CN115909560A (en) | Data encryption method, data decryption method and door lock system | |
| US11700243B2 (en) | Method and system for asynchronous side channel cipher renegotiation | |
| CN106973048A (en) | A kind of method that intelligent hardware devices data are safely and fast stored on publicly-owned cloud service platform | |
| CN106790242A (en) | A kind of communication means, communication equipment, computer-readable recording medium and storage control | |
| CN113645616A (en) | Ultra-lightweight encryption method suitable for WBAN data real-time encryption transmission | |
| CN110932843A (en) | Data communication encryption method for embedded system | |
| US8359466B2 (en) | Security association prefetch for security protcol processing | |
| JPH0677954A (en) | Apparatus and method for processing of code provided with arbitrary selective status encoding | |
| CN111431706A (en) | Method, system and equipment for improving SM4 algorithm speed by using FPGA logic | |
| CN113726507B (en) | Data transmission method, system, device and storage medium | |
| CN109905213A (en) | Data safe transmission method and node device | |
| CN114040366B (en) | Bluetooth connection encryption method with high network communication security | |
| US11936635B2 (en) | Method, electronic device, and program product implemented at an edge switch for data encryption | |
| KR102206553B1 (en) | Communication terminal, communication system, and managing method for secure data of the same | |
| CN110138811B (en) | Encryption method for data transmission of Internet of things | |
| WO2021136072A1 (en) | Communication method and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190507 |