CN109726598A - Embedded-type security encryption chip based on Cloud Server - Google Patents
Embedded-type security encryption chip based on Cloud Server Download PDFInfo
- Publication number
- CN109726598A CN109726598A CN201811505792.2A CN201811505792A CN109726598A CN 109726598 A CN109726598 A CN 109726598A CN 201811505792 A CN201811505792 A CN 201811505792A CN 109726598 A CN109726598 A CN 109726598A
- Authority
- CN
- China
- Prior art keywords
- module
- cloud server
- interface
- embedded
- security encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of embedded-type security encryption chip based on Cloud Server, including being integrated in internal CPU, SM2 rivest, shamir, adelman module, SM3 hash algorithm module, SM4 symmetric encipherment algorithm module, RSA rivest, shamir, adelman module, SHA hash algorithm module, AES symmetric encipherment algorithm module, real random number generator, physics unclonable function module and peripheral interface module;External harmoniousness has PCI-E interface, and PCI-E interface connects on-chip bus by PCI Bridge, and security encryption chip is inserted into Cloud Server by PCI-E interface.Digital signature sign test of the present invention and encryption/decryption speed are fast, key is unclonable, complexity that is highly-safe, can greatly reducing key management, reduce system resources consumption, reduce power consumption, quick and convenient can directly call by PCI-E interface insertion Cloud Server, with safe API, user in the case where having no need to change server hardware framework.
Description
Technical field
The present invention relates to data safety field of encryption, in particular to a kind of embedded-type security based on Cloud Server encrypts core
Piece.
Background technique
Internet of Things is the network system for being connected to people, object and server.It is to extend and extend based on the internet
Network.In recent years, with the popularization of intelligent terminals and the fast development of information technology, artificial intelligence, it is based on Internet of Things skill
The smart machine of art gradually comes into people's lives, and intelligent lamp, intelligent sound are even more to be seen everywhere.In the near future, will
Have tens billion of intelligent node access internets.However, the network that Internet of Things is huge as one, the safety faced are chosen
War is even more that should not be underestimated.Highly-safe, strong real-time and safety chip low in energy consumption can play crucial in information security field
Effect.
In traditional data encrypting and deciphering and digital signature technology, the transmission of file is normally limited to bipartite ring
Border, terminal etc. influence, and user, which needs terminal encryption equipment, just can be carried out data encrypting and deciphering and user's signature, and maintenance cost is high.
And in the security service that existing Cloud Server provides beyond the clouds, realize encryption and decryption and digital signature be mostly software realization or
External encryption equipment realizes that the safety approach universal security of software realization is low, and arithmetic speed is slow, and encryption equipment realizes integrated level not
It is high.The safety of system is mainly reflected in the safety of key, and key is stored in non-volatile storage in the prior art
In, it is easy to it is invaded, safety is not high.If key management can be more and more difficult in the case where there are many client's amount,
Maintenance cost is high, and it is more to occupy resource.
Summary of the invention
The technical problem to be solved in the present invention is that in view of the above drawbacks of the prior art, a kind of digital signature is provided and is tested
It signs and encryption/decryption speed is fast, key is unclonable, complexity, reduction system highly-safe, that can greatly reduce key management provide
Source consumption reduces power consumption, is directly inserted into cloud service by PCI-E interface in the case where having no need to change server hardware framework
Device, with safe API, user can quick and convenient calling the embedded-type security encryption chip based on Cloud Server.
The technical solution adopted by the present invention to solve the technical problems is: constructing a kind of embedded peace based on Cloud Server
Full encryption chip, it is symmetrical including being integrated in internal CPU, SM2 rivest, shamir, adelman module, SM3 hash algorithm module, SM4
It is enciphering algorithm module, RSA rivest, shamir, adelman module, SHA hash algorithm module, AES symmetric encipherment algorithm module, truly random
Number generator, physics unclonable function module and peripheral interface module, the CPU by on-chip bus respectively with the SM2
Rivest, shamir, adelman module, SM3 hash algorithm module, SM4 symmetric encipherment algorithm module, RSA rivest, shamir, adelman module,
SHA hash algorithm module, AES symmetric encipherment algorithm module, real random number generator, physics unclonable function module and periphery
Interface module connection;The external harmoniousness of the embedded-type security encryption chip based on Cloud Server has PCI-E interface, described
PCI-E interface connects the on-chip bus by PCI Bridge, and the embedded-type security encryption chip based on Cloud Server passes through institute
It states in PCI-E interface insertion Cloud Server, the Cloud Server is connect with cloud platform, and the cloud platform is connect with api interface.
It further include program storage and quiet in the embedded-type security encryption chip of the present invention based on Cloud Server
State random access memory, described program memory and Static RAM pass through the on-chip bus and connect with the CPU.
In the embedded-type security encryption chip of the present invention based on Cloud Server, the peripheral interface module is at least
Including SPI interface, IIC interface, GPIO interface, UART interface and I/O interface.
It is multiple described based on Cloud Server in the embedded-type security encryption chip of the present invention based on Cloud Server
Embedded-type security encryption chip connect with the PCI-E interface by PCI-E task distributor.
In the embedded-type security encryption chip of the present invention based on Cloud Server, the CPU is using 32 insertions
Formula processor directly accesses each module by the on-chip bus, carries out scheme control, reading data, random number to each module
Generation, key pair generate and realize digital signature sign test and encryption and decryption, and the CPU is by controlling the peripheral interface module and core
The control and communication of piece external equipment.
In the embedded-type security encryption chip of the present invention based on Cloud Server, the physics unclonable function
Module is for generating private key;The real random number generator for generation system encryption and decryption and sign sign test when it is required truly random
Number, or for generating private key;The real random number generator is by one high entropy true random source, a post-processing and on-line testing
Module composition.
In the embedded-type security encryption chip of the present invention based on Cloud Server, the SM2 asymmetric encryption is calculated
Method module adds for realizing the mould of finite field, mould subtracts, modular multiplication and modular inversion, and the point in curve domain adds, times point and multi point arithmetic;
The RSA rivest, shamir, adelman module is for realizing basic operation library.
In the embedded-type security encryption chip of the present invention based on Cloud Server, the SM3 hash algorithm module
With SHA hash algorithm module for realizing SM2 rivest, shamir, adelman module and RSA rivest, shamir, adelman module signature sign test
The generation of Hash Value in the process, the SM3 hash algorithm module and SHA hash algorithm module are using controller and data path point
From design method, the executive process of the controller charge control circuit, and associated control signal is provided, the data path
For realizing the hash function of the SM3 hash algorithm module and SHA hash algorithm module, the Hash Value of generation is for sign test of signing
It uses.
In the embedded-type security encryption chip of the present invention based on Cloud Server, the SM4 symmetric encipherment algorithm
Module and AES symmetric encipherment algorithm module are made of wheel code key control generation module and enciphering/deciphering module, and the wheel code key is raw
It is the realization logic of code key expansion algorithm at module, for carrying out logical operation to code key, generates wheel code key, be stored in inside
In register;The enciphering/deciphering module is used to carry out logical process to data, obtains corresponding output data.
In the embedded-type security encryption chip of the present invention based on Cloud Server, the api interface includes encryption
API, decryption API, signature API, sign test API and key pair generate API.
Implement the embedded-type security encryption chip of the invention based on Cloud Server, has the advantages that due to packet
Include be integrated in internal CPU, SM2 rivest, shamir, adelman module, SM3 hash algorithm module, SM4 symmetric encipherment algorithm module,
RSA rivest, shamir, adelman module, SHA hash algorithm module, AES symmetric encipherment algorithm module, real random number generator, physics
Unclonable function module and peripheral interface module can prevent key from stealing using PUF technology, while become key management
Very simple, the random letter of the real random number generator of use for random number needed for generation system, in traditional computer
Number be generated according to certain algorithm simulation, as a result, determine, be visible, this random number is not random, is pseudorandom
Number, so safety is not high, and real random number generator is to rely on physical random number generator, passes through physical process next life
At random number, there is absolute fairness, should the external harmoniousness of embedded-type security encryption chip based on Cloud Server have
PCI-E interface, it is very convenient, and cloud does not need to carry out key management, saves quite a few resource, should be taken based on cloud
The embedded-type security encryption chip of business device is inserted into Cloud Server by PCI-E interface, and Cloud Server is connect with cloud platform, Yun Ping
Platform is connect with api interface, for the user of client, only the api interface of cloud platform need to be called to can be realized required for user
Security function, therefore of the invention digital signature sign test and encryption/decryption speed are fast, key is unclonable, it is highly-safe, can pole
The big complexity for reducing key management reduces system resources consumption, reduces power consumption, having no need to change server hardware framework
In the case of Cloud Server is directly inserted by PCI-E interface, there is safe API, user quick and convenient can call.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is that the present invention is based on the structural schematic diagrams in embedded-type security encryption chip one embodiment of Cloud Server;
Fig. 2 is the external harmoniousness PCI-E interface of the embedded-type security encryption chip based on Cloud Server in the embodiment
Schematic diagram;
Fig. 3 is that the embedded-type security encryption chip based on Cloud Server docks progress number with cloud platform in the embodiment
The flow diagram of signature and encryption and decryption.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
It, should the insertion based on Cloud Server in the embedded-type security encryption chip embodiment the present invention is based on Cloud Server
The structural schematic diagram of formula security encryption chip is as shown in Figure 1, Fig. 2 is that the embedded-type security based on Cloud Server adds in the present embodiment
The schematic diagram of the external harmoniousness PCI-E interface of close chip;Fig. 3 is the embedded-type security encryption in the present embodiment based on Cloud Server
Chip docks the flow diagram being digitally signed with encryption and decryption with cloud platform.
In Fig. 1, being somebody's turn to do the embedded-type security encryption chip based on Cloud Server, (referred to as safety encrypts core in the present embodiment
Piece) it include being integrated in internal CPU1, SM2 rivest, shamir, adelman module 2, SM3 hash algorithm module 3, SM4 symmetric cryptography to calculate
Method module 4, RSA rivest, shamir, adelman module 5, SHA hash algorithm module 6, AES symmetric encipherment algorithm module 7, true random number
Generator 8 (i.e. TRNG), physics unclonable function module 9 and peripheral interface module 10, CPU1 by on-chip bus respectively with
M2 rivest, shamir, adelman module 2, SM3 hash algorithm module 3, SM4 symmetric encipherment algorithm module 4, RSA rivest, shamir, adelman
Module 5, SHA hash algorithm module 6, AES symmetric encipherment algorithm module 7, real random number generator 8, physics unclonable function
Module 9 and peripheral interface module 10 connect.
System is analyzed by carrying out performance and occupation condition to pure software algorithm, will occupy that resource is big, arithmetic speed
Slow module hardware realization, speed higher on requirement on flexibility influence little module software realization.SM2 is asymmetric to be added
Close algoritic module 2, SM3 hash algorithm module 3, SM4 symmetric encipherment algorithm module 4, RSA rivest, shamir, adelman module 5, SHA
Hash algorithm module 6 and AES symmetric encipherment algorithm module 7 are hardware modules, are used to realize bottom cryptographic calculation, system is also wrapped
Real random number generator 8 and physics unclonable function module 9 are included, the main generation for realizing random number and key.System software
Main signature sign test and encryption and decryption functions by calling each hardware resource blocks to complete system, realize system hardware and software scheduling and
Control, to control and manage entire security system.
Currently, a series of commercial cipher algorithms have been proposed for ensuring information security in China, the present invention is by the close calculation of state
Method (corresponding SM2 rivest, shamir, adelman module 2, SM3 hash algorithm module 3, SM4 symmetric encipherment algorithm module 4) and international calculation
Method (corresponding RSA rivest, shamir, adelman module 5, SHA hash algorithm module 6 and AES symmetric encipherment algorithm module 7) is integrated into this
The inside of embedded-type security encryption chip based on Cloud Server can be realized encrypting and decrypting, the signature sign test, key pair of data
The security functions such as generation have very strong versatility.
The outside of the embedded-type security encryption chip based on Cloud Server passes through PCI-E interface 11 and Cloud Server pair
It connects, user's api interface packaged by calling system, hardware system can be automatically performed function required for user in cloud platform
Energy demand, and result is fed back into user by suitable communication protocol, complete the data interaction with client.The present invention is not
Under the premise of influencing chip arithmetic speed, maximized optimization system structure keeps the flexibility of system higher, versatility is stronger.
The external harmoniousness of the embedded-type security encryption chip based on Cloud Server has PCI-E interface 11, PCI-E interface 11
On-chip bus is connected by PCI Bridge 12, PCI-E interface 11 should be passed through based on the embedded-type security encryption chip of Cloud Server and be inserted into
In Cloud Server, Cloud Server is connect with cloud platform, and cloud platform is connect with api interface.By this based on the embedded of Cloud Server
Security encryption chip is applied on Cloud Server, this can be based on cloud service by the PCI-E interface 11 integrated by chip exterior
The embedded-type security encryption chip of device is directly inserted on Cloud Server, and provides application programming interface in Cloud Server
(API), for client, any place may be implemented in line generation digital signature, signature verification and encryption and decryption function at any time
Energy.Meanwhile key management does not need storage private key for user, need to only store the ID number of user as excitation, by physics can not gram
Grand function (PUF) directly generates unique corresponding private key for user, has non-reproduction, uniqueness, stability, immune intrusive mood
The characteristic of attack.
In the present embodiment, above-mentioned peripheral interface module 10 includes at least SPI interface, IIC interface, GPIO interface, UART and connects
Mouth and I/O interface etc..
In the present embodiment, should embedded-type security encryption chip based on Cloud Server further include program storage 13 (i.e.
FLASH) and Static RAM 14 (i.e. SRAM), program storage 13 and Static RAM 14 pass through on-chip bus
It is connect with CPU1.Program storage 13 is used for storing initial data and program code, and Static RAM 14 is for storing
The ephemeral data being currently running.
In the present embodiment, which uses 32 embeded processors, directly each module is accessed by on-chip bus, to each
Module carries out scheme control, reading data, generating random number, key pair and generates and realize digital signature sign test and encryption and decryption, CPU
Pass through control peripheral interface module 10 (SPI interface, IIC interface, GPIO interface, UART interface and I/O interface) and chip exterior
The control and communication of equipment.
Physics unclonable function module 9 is used to generate private key, and fabrication error when realization is based on chip manufacturing is right
Unique output can be generated in an excitation.System is assigned a device id to each client automatically, and by this
Input signal of the device id as physics unclonable function module 9 controls physics unclonable function mould by CPU1
The operating mode of block 9 simultaneously reads private key of the unique output key of generation as user, and calls SM2 rivest, shamir, adelman mould
Private key is carried out public key generation by dot product module in block 2, and public key is finally sent to client.
In the present embodiment, real random number generator 8 for generation system encryption and decryption and sign sign test when it is required truly random
Number, the generation of private key also can choose the realization of real random number generator 8.Real random number generator 8 by one high entropy true random source,
One post-processing and on-line testing module composition.According to different configurations, this true random number based on RO (ring oscillator)
The random number of complete uncertainty can be generated in generator 8, can be used for high safety application field.Real random number generator 8 is not required to
Input signal is wanted, direct configuration control register selects corresponding mode starting, can obtain from output register at random
Number.
In the present embodiment, SM2 rivest, shamir, adelman module 2 adds for realizing the mould of finite field, mould subtracts, modular multiplication and mould are inverse
Operation, the point in curve domain adds, times point and multi point arithmetic;And point multiplication operation can call basic point processing and modular arithmetic module,
And realize digital signature and encryption and decryption is to call corresponding register to manipulate basic processing unit by on-chip bus interface
Module and the specific secrecy process of realization.
In the present embodiment, RSA rivest, shamir, adelman module 5 mainly realizes basic operation libraries several greatly, including add, subtract,
Multiplication and division, modulo operation etc., wherein realizing data encrypting and deciphering and signature sign test most importantly modular multiplication and Montgomery Algorithm.Together
Sample realizes corresponding function of keeping secret by carrying out data interaction with on-chip bus and CPU1.Then add since its key length the long
It is slower to decrypt speed, therefore RSA rivest, shamir, adelman module 5 applies in general to the less situation of encryption data amount.
In the present embodiment, SM3 hash algorithm module 3 and SHA hash algorithm module 6 are for realizing the calculation of SM2 asymmetric encryption
The generation of Hash Value, 3 He of SM3 hash algorithm module during method module 2 and the signature sign test of RSA rivest, shamir, adelman module 5
The design method that SHA hash algorithm module 6 is separated using controller and data path, wherein controller is mainly responsible for control electricity
The executive process on road, and associated control signal is provided, data path is for realizing SM3 hash algorithm module 3 and SHA hash algorithm
The Hash Value of the hash function of module 6, generation is used for signature sign test.
In the present embodiment, SM4 symmetric encipherment algorithm module 4 and AES symmetric encipherment algorithm module 7 are by wheel code key control life
It is formed at module and enciphering/deciphering module, wherein wheel code key generation module is the realization logic of code key expansion algorithm, for secret
Key carries out logical operation, generates wheel code key, is stored in internal register;Enciphering/deciphering module is used to carry out logic to data
Processing, obtains corresponding output data.CPU1 is not decrypted symmetric key and unencryption or by controlling corresponding register
Data are input in SM4 symmetric encipherment algorithm module 4 or AES symmetric encipherment algorithm module 7, directly read operation to operation completion
As a result.
In Fig. 2, it is somebody's turn to do the embedded-type security encryption chip (security encryption chip i.e. in figure) based on Cloud Server and passes through
PCI-E task distributor is connect with PCI-E interface, forms the security module for being integrated with PCI-E interface, should be based on cloud service
The embedded-type security encryption chip of device is directly inserted into Cloud Server, provides secure cryptographic algorithm and safety for Cloud Server
Authentication function, wherein PCI-E task distributor can assign a task to any security encryption chip, and support multitask simultaneously
Encryption and decryption or signature sign test operation are carried out, makes that the operational efficiency of system is higher, flexibility is stronger.
In Fig. 3, security encryption chip may be implemented and docked with Cloud Server, user calls api interface real by cloud platform
Existing various encryption and decryption and signature sign test function, api interface include cryptographic API, decryption API, signature API, sign test API and key pair
Generate API.
User generates key pair if necessary, and the ID of user is inputted by logging in cloud platform, this ID is generated as key pair
The input of API, the i.e. excitation as physics unclonable function module 9, starting physics unclonable function module 9 generate the use
The dot product module that the private key is sent to SM2 rivest, shamir, adelman module 2 is carried out public key generation by family unique private, generation
Key pair generates API by key pair and returns to user.
Encryption and decryption of the user if necessary to carry out asymmetric arithmetic, data use public key encryption, are then generated by previous step
Public key directly as the key of SM2 rivest, shamir, adelman module 2 or RSA rivest, shamir, adelman module 5 input.If needed
Carry out private key decryption, then equally only need user input User ID, system can Auto-matching generate the unique private key of user again into
Row decryption.According to SM4 symmetric encipherment algorithm module 4 or the symmetric cryptography mode of AES symmetric encipherment algorithm module 7, then system
Only a symmetric key need to be generated by physics unclonable function module 9.Signature using private key signature, test by public key
Label are consistent with the implementation of asymmetric encryption and decryption, and user does not need to save key, and ID generation is directly inputted when needs
It calls, does not need to carry out key management.User need to only call corresponding API to realize required function, and output result can be straight
It connects and is shown in cloud platform or client is sent to by communications protocol.
In short, the present invention relates to the embedded information security encryption chips and its guarantor in a kind of integrated circuit and cloud platform field
Decryption method, based on Cloud Server, the close SM2/SM3/SM4 algorithm of state, world RSA/SHA/AES algorithm, physics unclonable function,
Real random number generator, Peripheral Component Interconnect interfacing (PCI-E), digital signature, encryption and decryption technology and low-power consumption 32
The embedded information security encryption chip of microprocessor (CPU1), and directly connect with Cloud Server by PCI-E interface 11, it is real
Encryption and decryption and signature sign test technology of the existing terminal to cloud.Digital signature sign test of the invention and encryption/decryption speed be fast, key not
It can clone, is highly-safe, complexity that key management can be greatly reduced, reduce system resources consumption, reduce power consumption, do not needing
Change in the case where server hardware framework Cloud Server is directly inserted by PCI-E interface, can be with safe API, user
Quick and convenient calling.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of embedded-type security encryption chip based on Cloud Server, which is characterized in that including being integrated in internal CPU, SM2
Rivest, shamir, adelman module, SM3 hash algorithm module, SM4 symmetric encipherment algorithm module, RSA rivest, shamir, adelman module,
SHA hash algorithm module, AES symmetric encipherment algorithm module, real random number generator, physics unclonable function module and periphery
Interface module, the CPU by on-chip bus respectively with the SM2 rivest, shamir, adelman module, SM3 hash algorithm module,
SM4 symmetric encipherment algorithm module, RSA rivest, shamir, adelman module, SHA hash algorithm module, AES symmetric encipherment algorithm mould
Block, real random number generator, physics unclonable function module are connected with peripheral interface module;It is described based on the embedding of Cloud Server
The external harmoniousness for entering formula security encryption chip has PCI-E interface, and the PCI-E interface connects the on-chip bus by PCI Bridge,
The embedded-type security encryption chip based on Cloud Server is inserted into Cloud Server by the PCI-E interface, the cloud clothes
Business device is connect with cloud platform, and the cloud platform is connect with api interface.
2. the embedded-type security encryption chip according to claim 1 based on Cloud Server, which is characterized in that further include journey
Sequence memory and Static RAM, described program memory and Static RAM pass through the on-chip bus and institute
State CPU connection.
3. the embedded-type security encryption chip according to claim 2 based on Cloud Server, which is characterized in that the periphery
Interface module includes at least SPI interface, IIC interface, GPIO interface, UART interface and I/O interface.
4. the embedded-type security encryption chip according to claim 3 based on Cloud Server, which is characterized in that multiple described
Embedded-type security encryption chip based on Cloud Server is connect by PCI-E task distributor with the PCI-E interface.
5. the embedded-type security encryption chip according to any one of claims 1 to 4 based on Cloud Server, feature exist
In the CPU uses 32 embeded processors, directly accesses each module by the on-chip bus, carries out mould to each module
Formula control, reading data, generating random number, key pair generate and realize that digital signature sign test and encryption and decryption, the CPU pass through control
Make the control and communication of the peripheral interface module Yu chip exterior equipment.
6. the embedded-type security encryption chip according to any one of claims 1 to 4 based on Cloud Server, feature exist
In the physics unclonable function module is for generating private key;The real random number generator is used for generation system encryption and decryption
And required true random number when signature sign test, or for generating private key;The real random number generator by a high entropy very with
Machine source, a post-processing and on-line testing module composition.
7. the embedded-type security encryption chip according to any one of claims 1 to 4 based on Cloud Server, feature exist
In the SM2 rivest, shamir, adelman module adds for realizing the mould of finite field, mould subtracts, modular multiplication and modular inversion, curve domain
Point plus, times point and multi point arithmetic;The RSA rivest, shamir, adelman module is for realizing basic operation library.
8. the embedded-type security encryption chip according to any one of claims 1 to 4 based on Cloud Server, feature exist
In the SM3 hash algorithm module and SHA hash algorithm module are non-right for realizing SM2 rivest, shamir, adelman module and RSA
The generation of Hash Value, the SM3 hash algorithm module and SHA hash algorithm module during title enciphering algorithm module signature sign test
The design method separated using controller and data path, the executive process of the controller charge control circuit, and phase is provided
Close control signal, the data path for realizing the SM3 hash algorithm module and SHA hash algorithm module hash function
Can, the Hash Value of generation is used for signature sign test.
9. the embedded-type security encryption chip according to any one of claims 1 to 4 based on Cloud Server, feature exist
In the SM4 symmetric encipherment algorithm module and AES symmetric encipherment algorithm module are by wheel code key control generation module and plus/solution
Close module composition, the wheel code key generation module is the realization logic of code key expansion algorithm, for carrying out logical operation to code key,
Wheel code key is generated, is stored in internal register;The enciphering/deciphering module is used to carry out logical process to data, obtains phase
The output data answered.
10. the embedded-type security encryption chip according to any one of claims 1 to 4 based on Cloud Server, feature
It is, the api interface includes that cryptographic API, decryption API, signature API, sign test API and key pair generate API.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811505792.2A CN109726598A (en) | 2018-12-10 | 2018-12-10 | Embedded-type security encryption chip based on Cloud Server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811505792.2A CN109726598A (en) | 2018-12-10 | 2018-12-10 | Embedded-type security encryption chip based on Cloud Server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109726598A true CN109726598A (en) | 2019-05-07 |
Family
ID=66294835
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811505792.2A Pending CN109726598A (en) | 2018-12-10 | 2018-12-10 | Embedded-type security encryption chip based on Cloud Server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109726598A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430178A (en) * | 2019-07-26 | 2019-11-08 | 西安交通大学 | A kind of safety chip protected for network safety system and the network safety system using the chip |
| CN110851112A (en) * | 2019-11-06 | 2020-02-28 | 成都卫士通信息产业股份有限公司 | Random bit generation method and device, electronic equipment and storage medium |
| CN110943830A (en) * | 2019-11-08 | 2020-03-31 | 深圳市东进技术股份有限公司 | Cipher machine |
| CN111163108A (en) * | 2020-02-04 | 2020-05-15 | 国网江苏省电力有限公司南京供电分公司 | Electric power Internet of things security terminal chip composite encryption system and method |
| CN111740844A (en) * | 2020-06-24 | 2020-10-02 | 上海缔安科技股份有限公司 | SSL communication method and device based on hardware cryptographic algorithm |
| CN112491856A (en) * | 2020-11-20 | 2021-03-12 | 福州大学 | Safe and movable digital microfluidic biochip network system and control method |
| CN112650990A (en) * | 2019-10-10 | 2021-04-13 | 百度(美国)有限责任公司 | Method and system for signing artificial intelligence watermark using query |
| CN113420309A (en) * | 2021-07-01 | 2021-09-21 | 广东工业大学 | Lightweight data protection system based on state cryptographic algorithm |
| CN113438087A (en) * | 2021-06-24 | 2021-09-24 | 深圳市风云实业有限公司 | System mirror image signature verification method based on state cryptographic algorithm under UBOOT |
| CN113489590A (en) * | 2021-07-20 | 2021-10-08 | 山东方寸微电子科技有限公司 | 4G industrial control module with encryption and decryption functions and data transmission equipment |
| CN113572613A (en) * | 2021-07-28 | 2021-10-29 | 罗克佳华(重庆)科技有限公司 | Message protection system and message protection method |
| CN114143413A (en) * | 2021-11-26 | 2022-03-04 | 佛山芯珠微电子有限公司 | Image data PUF (physical unclonable function) security encryption system and encryption method |
| CN114254574A (en) * | 2021-12-08 | 2022-03-29 | 南方电网数字电网研究院有限公司 | Security chip design method and device |
| CN115208567A (en) * | 2022-08-15 | 2022-10-18 | 三未信安科技股份有限公司 | System and method for realizing trusted computing module based on cloud cipher machine |
| CN116226940A (en) * | 2022-12-08 | 2023-06-06 | 广州万协通信息技术有限公司 | PCIE-based data security processing method and data security processing system |
| CN116226940B (en) * | 2022-12-08 | 2024-04-26 | 广州万协通信息技术有限公司 | PCIE-based data security processing method and data security processing system |
-
2018
- 2018-12-10 CN CN201811505792.2A patent/CN109726598A/en active Pending
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430178A (en) * | 2019-07-26 | 2019-11-08 | 西安交通大学 | A kind of safety chip protected for network safety system and the network safety system using the chip |
| CN112650990A (en) * | 2019-10-10 | 2021-04-13 | 百度(美国)有限责任公司 | Method and system for signing artificial intelligence watermark using query |
| CN110851112A (en) * | 2019-11-06 | 2020-02-28 | 成都卫士通信息产业股份有限公司 | Random bit generation method and device, electronic equipment and storage medium |
| CN110943830A (en) * | 2019-11-08 | 2020-03-31 | 深圳市东进技术股份有限公司 | Cipher machine |
| CN111163108A (en) * | 2020-02-04 | 2020-05-15 | 国网江苏省电力有限公司南京供电分公司 | Electric power Internet of things security terminal chip composite encryption system and method |
| CN111740844A (en) * | 2020-06-24 | 2020-10-02 | 上海缔安科技股份有限公司 | SSL communication method and device based on hardware cryptographic algorithm |
| CN112491856A (en) * | 2020-11-20 | 2021-03-12 | 福州大学 | Safe and movable digital microfluidic biochip network system and control method |
| CN112491856B (en) * | 2020-11-20 | 2022-08-02 | 福州大学 | Safe and movable digital microfluidic biochip network system and control method |
| CN113438087A (en) * | 2021-06-24 | 2021-09-24 | 深圳市风云实业有限公司 | System mirror image signature verification method based on state cryptographic algorithm under UBOOT |
| CN113420309B (en) * | 2021-07-01 | 2022-05-17 | 广东工业大学 | Lightweight data protection system based on state cryptographic algorithm |
| CN113420309A (en) * | 2021-07-01 | 2021-09-21 | 广东工业大学 | Lightweight data protection system based on state cryptographic algorithm |
| CN113489590A (en) * | 2021-07-20 | 2021-10-08 | 山东方寸微电子科技有限公司 | 4G industrial control module with encryption and decryption functions and data transmission equipment |
| CN113572613A (en) * | 2021-07-28 | 2021-10-29 | 罗克佳华(重庆)科技有限公司 | Message protection system and message protection method |
| CN114143413A (en) * | 2021-11-26 | 2022-03-04 | 佛山芯珠微电子有限公司 | Image data PUF (physical unclonable function) security encryption system and encryption method |
| CN114143413B (en) * | 2021-11-26 | 2023-11-03 | 佛山芯珠微电子有限公司 | Image data PUF (physical unclonable function) secure encryption system and encryption method |
| CN114254574A (en) * | 2021-12-08 | 2022-03-29 | 南方电网数字电网研究院有限公司 | Security chip design method and device |
| CN114254574B (en) * | 2021-12-08 | 2024-03-26 | 南方电网数字电网研究院有限公司 | Security chip design method and device |
| CN115208567A (en) * | 2022-08-15 | 2022-10-18 | 三未信安科技股份有限公司 | System and method for realizing trusted computing module based on cloud cipher machine |
| CN115208567B (en) * | 2022-08-15 | 2024-04-09 | 三未信安科技股份有限公司 | System and method for realizing trusted computing module based on cloud crypto machine |
| CN116226940A (en) * | 2022-12-08 | 2023-06-06 | 广州万协通信息技术有限公司 | PCIE-based data security processing method and data security processing system |
| CN116226940B (en) * | 2022-12-08 | 2024-04-26 | 广州万协通信息技术有限公司 | PCIE-based data security processing method and data security processing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109726598A (en) | Embedded-type security encryption chip based on Cloud Server | |
| US20220138349A1 (en) | Cryptographic architecture for cryptographic permutation | |
| Güneysu et al. | Cryptanalysis with COPACOBANA | |
| Zhou et al. | Security and privacy for the industrial internet of things: An overview of approaches to safeguarding endpoints | |
| CN108345806B (en) | Hardware encryption card and encryption method | |
| US8681976B2 (en) | System and method for device dependent and rate limited key generation | |
| US7000110B1 (en) | One-way function generation method, one-way function value generation device, proving device, authentication method, and authentication device | |
| CN109818745A (en) | Internet of Things information security chip | |
| Zheng et al. | The software/hardware co-design and implementation of SM2/3/4 encryption/decryption and digital signature system | |
| CN106027261B (en) | FPGA-based L UKS authentication chip circuit and password recovery method thereof | |
| JP6533553B2 (en) | Encryption / decryption device and power analysis protection method therefor | |
| CN112152782A (en) | Post-quantum public key signature operation for reconfigurable circuit devices | |
| CN112152787A (en) | Message index aware multi-hash accelerator for hash-based signature and verification of post-quantum cryptography security | |
| CN111722831A (en) | Encryption system and implementation method thereof | |
| CN109934001A (en) | A kind of data ciphering method based on normal cloud model | |
| CN112765642A (en) | Data processing method, data processing apparatus, electronic device, and medium | |
| CN114124364A (en) | Key security processing method, device, equipment and computer readable storage medium | |
| WO2023107776A1 (en) | Efficient hybridization of classical and post-quantum signatures | |
| Nabil et al. | Design and implementation of pipelined and parallel AES encryption systems using FPGA | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN108933651B (en) | Secure communication system and secure communication method based on SOC | |
| CN110213050A (en) | Key generation method, device and storage medium | |
| Will et al. | Secure FPGA as a service—towards secure data processing by physicalizing the cloud | |
| CN113572613A (en) | Message protection system and message protection method | |
| Mühlbach et al. | Secure communication in microcomputer bus systems for embedded devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |