CN111400700A - Encryption method, device and equipment of switch and computer readable storage medium - Google Patents
Encryption method, device and equipment of switch and computer readable storage medium Download PDFInfo
- Publication number
- CN111400700A CN111400700A CN202010163970.9A CN202010163970A CN111400700A CN 111400700 A CN111400700 A CN 111400700A CN 202010163970 A CN202010163970 A CN 202010163970A CN 111400700 A CN111400700 A CN 111400700A
- Authority
- CN
- China
- Prior art keywords
- switch
- data
- data packet
- encryption
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention discloses an encryption method, an encryption device, equipment and a storage medium of a switch, wherein the method comprises the following steps: after a hardware system of a switch is powered on and started, performing key authentication on a starting program for starting the hardware system so as to start an operating system of the switch after the starting program passes the key authentication; after the operating system is started, a data packet is received through an exchange chip in the exchanger, the data packet is analyzed through an FPGA chip in the exchanger, and the analyzed data is encrypted. The invention realizes that after the hardware system is powered on and started, the key authentication is carried out on the starting program to start the operating system, the data packet is received through the exchange chip, the data packet is analyzed through the FPGA chip, and the analyzed data is encrypted, thereby preventing the program of the switch from being cracked violently, encrypting the data of the switch and improving the safety of the switch.
Description
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to an encryption method, an encryption device, an encryption apparatus, and a computer-readable storage medium for a switch.
Background
At present, a transparent and uniform transmission control protocol is used by an Ethernet switch, and in the transmission control protocol, programs and data of the switch are open, are not encrypted and are not monitored, so that the programs of the switch are cracked violently, and the data of the switch are leaked. Therefore, the security of the current Ethernet switch is low.
Disclosure of Invention
The invention mainly aims to provide an encryption method, an encryption device, encryption equipment and a storage medium of a switch, and aims to solve the technical problem that the existing Ethernet switch is low in safety.
In order to achieve the above object, the present invention provides an encryption method for a switch, the encryption method for a switch comprising the steps of:
after a hardware system of a switch is powered on and started, performing key authentication on a starting program for starting the hardware system so as to start an operating system of the switch after the starting program passes the key authentication;
after the operating system is started, a data packet is received through an exchange chip in the exchanger, the data packet is analyzed through a Field Programmable Gate Array (FPGA) chip in the exchanger, and the analyzed data is encrypted.
Preferably, after the operating system is started, the step of receiving a data packet by a switch chip in the switch, analyzing the data packet by an FPGA chip in the switch, and encrypting the analyzed data includes:
after the operating system is started, receiving a data packet sent by first terminal equipment from an Ethernet data port of the switch through a switching chip in the switch;
and analyzing the data packet through the FPGA chip of the switch to obtain effective data in the data packet, and encrypting the effective data by adopting a preset encryption algorithm.
Preferably, the step of analyzing the data packet by the FPGA chip of the switch to obtain valid data in the data packet, and encrypting the valid data by using a preset encryption algorithm includes:
unpacking the data packet through a data packet format in the FPGA chip to obtain unpacked data;
extracting the unpacked data according to an effective data field preset in the FPGA chip to obtain effective data;
and encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip.
Preferably, after the hardware system of the switch is powered on and started, performing key authentication on a boot program for starting the hardware system, so as to start the operating system of the switch after the boot program passes the key authentication, includes:
after a hardware system of a switch is powered on and started, reading a starting program for starting the hardware system from a flash which is pre-burned on a memory chip of the switch, wherein the starting program is a boot program;
loading the boot program into an internal SRAM of the switch to run so as to start the boot program;
after the boot program is started, reading a key file in an external encryption chip on the switch PCB;
and performing key authentication on the boot key file in the boot program through the key file so as to start the operating system of the switch after the startup program passes the key authentication.
Preferably, the step of performing key authentication on the boot key file in the boot program through the key file to start the operating system of the switch after the boot program passes the key authentication includes:
reading the boot key file into the key file of the encryption chip to carry out key verification to obtain a verification result of key authentication, and verifying whether the verification result passes;
and if the verification result is verified to be passed, starting the operating system of the switch.
Preferably, after the hardware system of the switch is powered on and started, the key authentication is performed on the boot program for starting the hardware system, so that before the step of starting the operating system of the switch after the boot program passes the key authentication, the method further includes:
detecting whether a boot program in a memory chip of the switch is updated;
and if the boot program is detected to be updated, powering on to start a hardware system of the switch.
Preferably, after the step of receiving a data packet by a switch chip in the switch after the operating system is started, analyzing the data packet by an FPGA chip in the switch, and encrypting the analyzed data, the method further includes:
repackaging the encrypted data according to a data packet format in the FPGA chip to obtain a packaged data packet;
and sending the encapsulated data packet to second terminal equipment through an Ethernet data port of the switch so that the second terminal equipment unpacks the encapsulated data packet after receiving the encapsulated data packet, extracts the encrypted data, decrypts the encrypted data and obtains effective data in the encapsulated data packet.
In addition, to achieve the above object, the present invention further provides an encryption apparatus for an exchange, comprising:
the authentication module is used for carrying out key authentication on a starting program for starting the hardware system after the hardware system of the switch is powered on and started so as to start the operating system of the switch after the starting program passes the key authentication;
the receiving module is used for receiving a data packet through a switching chip in the switch after the operating system is started;
the analysis module is used for analyzing the data packet through an FPGA chip in the switch;
and the encryption module is used for encrypting the analyzed data.
In addition, in order to achieve the above object, the present invention further provides an encryption device of a switch, the encryption device of the switch including a memory, a processor, and an encryption program of the switch stored on the memory and running on the processor, the encryption program of the switch implementing the steps of the encryption method of the switch as described above when being completed by the processor.
Further, to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon an encryption program of a switch, which when completed by a processor, implements the steps of the encryption method of the switch as described above.
After the hardware system is powered on and started, the key authentication is carried out on a starting program for starting the hardware system so as to start the operating system, the data packet is received through the exchange chip, the data packet is analyzed through the FPGA chip, and the analyzed data is encrypted. Therefore, in the encryption process of the switch, after the hardware system is powered on and started, the key authentication is carried out on the starting program, the operating system is started only after the starting program passes the key authentication, so that the program of the switch is prevented from being violently cracked, after the operating system is started, the data packet is received through the switching chip, then the data packet is analyzed through the FPGA chip, the analyzed data is encrypted, the leakage of the data of the switch is prevented, the double encryption of the switch is realized, and the safety of the switch is improved.
Drawings
Fig. 1 is a schematic flow chart of a first embodiment of an encryption method of a switch of the present invention;
FIG. 2 is a schematic diagram of a preferred structure of an encryption device of the switch of the present invention;
fig. 3 is a schematic structural diagram of a hardware operating environment according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The present invention provides an encryption method for a switch, and referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of the encryption method for a switch according to the present invention.
While a logical order is shown in the flow chart, in some cases, the steps shown or described may be performed in a different order than shown.
The encryption method of the switch comprises the following steps:
step S10, after the hardware system of the switch is powered on and started, performing key authentication on the startup program that starts the hardware system, so as to start the operating system of the switch after the startup program passes the key authentication.
After a hardware system of the switch is powered on and started, the switch carries out key authentication on a starting program for starting the hardware system through an encryption chip of the switch, and after the starting program passes the key authentication, the switch starts an operating system of the switch.
The hardware system includes a switch chip, a memory chip, an encryption chip, an FPGA (Field programmable gate Array) chip, and the like. The exchange chip is used for receiving a data packet, the storage chip is used for storing a boot program, the encryption chip is used for carrying out key authentication on the boot program, and the FPGA chip is used for analyzing the data packet, extracting data in the data packet, carrying out encryption processing on the analyzed data, carrying out forwarding processing on the encrypted data and the like.
The step S10 further includes:
a, after a hardware system of a switch is powered on and started, reading a starting program for starting the hardware system from a flash which is pre-burned on a memory chip of the switch, wherein the starting program is a boot program;
b, loading the boot program into an internal SRAM of the switch to run so as to start the boot program;
c, reading a key file in an external encryption chip on the switch PCB after the boot program is started;
and d, carrying out key authentication on the boot key file in the boot program through the key file so as to start the operating system of the switch after the starting program passes the key authentication.
Specifically, after a hardware system of the switch is powered on and started, the switch reads a start program from a flash Memory (flash Memory register) which is burned in advance in a Memory chip of the switch, the start program is a boot program, and the boot program is loaded into an internal SRAM (Static Random-Access Memory) of the switch to run so as to start the boot program and read a boot key file in the boot program. After the boot program is started, the switch reads a key file in an external cryptographic chip on a PCB (Printed Circuit Board) thereof through I2C (bidirectional two-wire synchronous serial bus), and performs key authentication on code information in the boot key file through the key file in the cryptographic chip, the key authentication being boot key authentication. And after the key authentication of the code information in the boot key file is successfully carried out through the key file in the encryption chip, namely the startup program passes the key authentication, the switch starts the operating system of the switch.
The boot program is a start command of a switch hardware system. A key file refers to secret information used to perform cryptographic applications such as encryption, decryption, integrity verification, and the like. The I2C bus is a bi-directional two-wire synchronous serial bus that requires two wires to transfer information between devices connected to the bus. After the boot key authentication, namely the boot loader bottom key authentication, completes the initialization of the exchange chip and the related hardware, the operating system image or the solidified embedded application program is installed in the memory, then the operating system jumps to the space where the operating system is located, and the operating system is started to run.
It should be noted that, when the hardware system of the switch is started, the switch may preset a key file on the encryption chip, and the operating systems of different switches are different, which does not limit the form of the switch in this embodiment.
In this embodiment, for example, in the information of the key file of the encryption chip, the information for performing key authentication on the boot key file is if the boot program has "3 ° and the verification passes, the code information included in the boot key file of the boot program includes" connect to 3 ° and the like, the switch reads the boot program in the flash memory chip, the boot program runs and starts in the internal SRAM, and then the switch performs ciphertext matching on the boot key file in the boot program and the key file in the encryption chip. And when the key file in the encryption chip is matched with the boot key file in the boot program, namely the key file of the encryption chip is the same as the boot key file in the boot program, the switch starts the operating system of the switch.
Further, the step d includes:
step e, reading the boot key file into the key file of the encryption chip to carry out key verification, obtaining a verification result of key authentication, and verifying whether the verification result passes or not;
and f, if the verification result is verified to be passed, starting the operating system of the switch.
Specifically, the switch reads the boot key file into the key file of the encryption chip to perform key matching verification, obtains a verification result of boot key authentication, verifies the verification result, starts the operating system of the switch if the verification result passes, and locks the operating system of the switch if the verification result does not pass until the verification result passes.
The key matching verification method includes an information comparison verification method, a character comparison verification method, and the like, and the embodiment does not limit the form of the comparison verification method.
In this embodiment, for example, the key matching verification method is a character comparison verification method, a pass character is set to true in the switch, a fail character is set to false, the switch reads a boot key file into a key file of the encryption chip to perform key matching verification, the encryption chip returns a character true to the switch because the key file in the encryption chip is matched with the boot key file, the switch compares the returned character with an internally set character, and then performs verification, and the returned character corresponds to the internally set pass character, so that the switch starts the operating system.
And step S20, after the operating system is started, receiving a data packet through a switch chip in the switch, analyzing the data packet through an FPGA chip in the switch, and encrypting the analyzed data.
After an operating system of the switch is started, the switch receives the data packet through a switching chip of the switch, analyzes the data packet through an FPGA chip of the switch after receiving the data packet, and then re-encrypts the analyzed data.
The step S20 further includes:
step g, after the operating system is started, receiving a data packet sent by first terminal equipment from an Ethernet data port of the switch through a switching chip in the switch;
and h, analyzing the data packet through the FPGA chip of the switch to obtain effective data in the data packet, and encrypting the effective data by adopting a preset encryption algorithm.
Specifically, after the switch operating system is started, the switch receives an incoming data packet sent from the first terminal device through its switch chip from the ethernet data port of the switch. After the data packet is obtained, the switch analyzes the data packet through the FPGA chip to obtain effective data in the data packet, and then the effective data is encrypted again by adopting a preset encryption algorithm.
The first terminal device is a terminal device which sends a data packet to the switch, and may be an external network terminal device or an internal network terminal device. The encryption algorithm is a method for encrypting data, and the encryption algorithms include a chinese-english encryption algorithm, a binary encryption algorithm, a digital-english encryption algorithm, and the like.
Further, the step h further comprises:
step i, unpacking the data packet through a data packet format in the FPGA chip to obtain unpacked data;
step j, extracting the unpacked data according to an effective data field preset in the FPGA chip to obtain effective data;
and k, encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip to obtain encrypted data.
Specifically, the switch unpacks the data packet by an unpacking method of a data packet format in the FPGA chip to obtain unpacked data, extracts the unpacked data according to a preset effective field in the FPGA chip, discards invalid data to obtain effective data, and re-encrypts the effective data by adopting an encryption algorithm preset in the FPGA chip to obtain encrypted data.
The packet format refers to data formats specified according to different protocols, the packet formats are various, the present embodiment does not limit the form of the packet format, the most common packet format is "header + data", in the present embodiment, for example, the preset valid field is "3 onedata", the packet received by the switch has "3 onedata-2020-1 month profit, doc", "ABC-2020-2 month profit, doc", etc., after unpacking, the header is "3 onedata", "ABC", etc., the data corresponding to 3onedata "is" 2020-1 month profit, doc ", the data corresponding to ABC" 2020-2 month profit, doc "is extracted according to the preset limited field, and the data" 2020-1 month profit, doc "is re-encrypted, the data" 2 month profit, doc "is discarded, for example, the ciphertext is" 2021181412050620 ", and the ciphertext is decrypted by the digital encryption algorithm" tuert L ".
Further, the encryption method of the switch further comprises:
step l, detecting whether the boot program in the memory chip of the switch is updated;
and m, if the boot program is detected to be updated, powering on and starting a hardware system of the switch.
Specifically, before a hardware system of the switch is not powered on and started, the switch detects whether a boot program in a memory chip of the switch is updated through an internal system of the switch, when the boot program is detected not to be updated, the switch continues to detect, and when the boot program is detected to be updated, the switch is powered on and starts the hardware system.
It should be noted that there are many methods for detecting an update, for example, according to time, name, suffix, etc., and the present embodiment does not limit the method for detecting an update.
In this embodiment, for example, an original boot program in the memory chip of the switch is "3 onedata-2020.1", and after a period of time, the switch detects that the boot program changes to "3 onedata-2020.1.1", which indicates that the boot program has been updated.
After the hardware system is powered on and started, the key authentication is carried out on a starting program for starting the hardware system so as to start the operating system, the data packet is received through the exchange chip, the data packet is analyzed through the FPGA chip, and the analyzed data is encrypted. Therefore, in the encryption process of the switch, after the hardware system is powered on and started, the key authentication is carried out on the starting program, the operating system is started only after the starting program passes the key authentication, so that the program of the switch is prevented from being violently cracked, after the operating system is started, the data packet is received through the switching chip, then the data packet is analyzed through the FPGA chip, the analyzed data is encrypted, the leakage of the data of the switch is prevented, the double encryption of the switch is realized, and the safety of the switch is improved.
Further, a second embodiment of the encryption method of the switch of the present invention is presented.
The second embodiment of the encryption method of the switch is different from the first embodiment of the encryption method of the switch in that the encryption method of the switch further includes:
step n, repackaging the encrypted data according to the data packet format in the FPGA chip to obtain a packaged data packet;
and step o, the encapsulated data packet is sent to a second terminal device through an Ethernet data port of the switch, so that the second terminal device unpacks the encapsulated data packet after receiving the encapsulated data packet, extracts the encrypted data, decrypts the encrypted data, and obtains effective data in the encapsulated data packet.
Specifically, after the switch encrypts data, the switch re-encapsulates the encrypted data according to a data packet format in the FPGA chip to obtain an encapsulated data packet, and then sends the encapsulated data packet to an ethernet data port of the switch through the FPGA chip, and then sends the encapsulated data packet to the second terminal device through the ethernet data port, so that after the second terminal device receives the encapsulated data packet, the encapsulated data packet is unpacked according to the data packet format to obtain unpacked encapsulated data, then encrypted data in the encapsulated data is provided, and then the encrypted data is decrypted to obtain effective data, and then required data in the effective data is obtained according to user requirements.
The second terminal device is a device for receiving the switch encapsulated data packet, and may be an external network terminal device or an internal network terminal device. The decryption algorithm is a method for decrypting data, and the decryption algorithms include a chinese-english encryption algorithm, a binary encryption algorithm, a digital-english encryption algorithm, and the like.
The switch in the embodiment re-encrypts the data, re-encapsulates the encrypted data, and sends the encapsulated data to the terminal device through a normal ethernet packet format, so that the encapsulated data packet can be transmitted on the public network according to a common data packet format, thereby improving the universality of the encapsulated data packet.
In addition, the present invention also provides an encryption apparatus of a switch, referring to fig. 2, the encryption apparatus of the switch including:
the authentication module 10 is configured to perform key authentication on a boot program for starting a hardware system of a switch after the hardware system is powered on and started, so as to start an operating system of the switch after the boot program passes the key authentication;
a receiving module 20, configured to receive a data packet through a switch chip in the switch after the operating system is started;
the analysis module 30 is configured to analyze the data packet through an FPGA chip in the switch;
and the encryption module 40 is used for encrypting the analyzed data.
Further, the encryption module 40 includes:
the receiving unit is used for receiving a data packet sent by first terminal equipment from an Ethernet data port of the switch through a switching chip in the switch after the operating system is started;
and the encryption unit is used for analyzing the data packet through the FPGA chip of the switch to obtain effective data in the data packet and encrypting the effective data by adopting a preset encryption algorithm.
Further, the encryption unit includes:
the unpacking subunit is used for unpacking the data packet through a data packet format in the FPGA chip to obtain unpacked data;
the extraction subunit is used for extracting the unpacked data according to an effective data field preset in the FPGA chip to obtain effective data;
and the encryption subunit is used for encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip to obtain encrypted data.
Further, the authentication module 10 includes:
the reading unit is used for reading a starting program for starting a hardware system from a flash which is pre-burned on a memory chip of the switch after the hardware system of the switch is powered on and started, wherein the starting program is a boot program;
the loading unit is used for loading the boot program into an internal SRAM of the switch to run so as to start the boot program;
the reading unit is further used for reading a key file in an external encryption chip on the switch PCB after the boot program is started;
and the authentication unit is used for carrying out boot key authentication on the boot key file in the boot program through the key file so as to start the operating system of the switch after the starting program passes the key authentication.
Further, the authentication unit includes:
the verifying subunit is used for reading the boot key file into the key file of the encryption chip to perform key verification to obtain a verification result of key authentication;
a verifying subunit, configured to verify whether the verification result passes;
and the starting sub-unit is used for starting the operating system of the switch if the verification result is verified to be passed.
Further, the encryption apparatus of the switch further includes:
the detection unit is used for detecting whether the boot program in the memory chip of the switch is updated or not;
and the starting unit is used for powering on and starting the hardware system of the switch if the boot program is updated.
Further, the encryption apparatus of the switch further includes:
the packaging module is used for repackaging the encrypted data according to the data packet format in the FPGA chip to obtain a packaged data packet;
and the sending module is used for sending the encapsulated data packet to second terminal equipment through an Ethernet data port of the switch so that the second terminal equipment unpacks the encapsulated data packet after receiving the encapsulated data packet, extracts the encrypted data, decrypts the encrypted data and obtains the effective data in the encapsulated data packet.
The specific implementation of the switch-based encryption apparatus of the present invention is substantially the same as that of each embodiment of the switch-based encryption method, and is not described herein again.
In addition, the invention also provides an encryption device of the switch. As shown in fig. 3, fig. 3 is a schematic structural diagram of a hardware operating environment according to an embodiment of the present invention.
It should be noted that fig. 3 is a schematic structural diagram of a hardware operating environment of an encryption device, which may be a switch.
Fig. 3 is a schematic diagram of a hardware operating environment of an encryption device, which may be a switch.
As shown, the encryption device of the switch may include: a processor 1001, such as a CPU, a memory 1005, a user interface 1003, a network interface 1004, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may comprise a Display screen (Display), an input unit such as a keyboard (board), and the optional user interface 1003 may also comprise a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Optionally, the encryption device of the switch may further include RF (Radio Frequency) circuits, sensors, WiFi modules, and the like.
Those skilled in the art will appreciate that the encryption device configuration of the switch shown in fig. 3 does not constitute a limitation of the encryption device of the switch, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 3, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and an encryption program of a switch. Among them, the operating system is a program that manages and controls the encryption device hardware and software resources of the switch, supports the encryption program of the switch, and the execution of other software or programs.
In the encryption device of the switch shown in the figure, the user interface 1003 is mainly used for the terminal device of the user, so that the user can select valid data on the terminal device according to personal requirements; the network interface 1004 is mainly used for a switch to perform data communication with a terminal device; the processor 1001 may be configured to call the encryption program of the switch stored in the memory 1005 and complete the steps of the control method of the encryption device of the switch as described above.
The specific implementation of the encryption device of the switch of the present invention is basically the same as the embodiments of the encryption method of the switch, and is not described herein again.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where an encryption program of a switch is stored on the computer-readable storage medium, and when the encryption program of the switch is completed by a processor, the steps of the encryption method of the switch are implemented as described above.
The specific implementation of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the encryption method of the switch, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation manner in many cases. Based on such understanding, the technical solution of the present invention may be essentially or partially implemented in the form of software cargo, which is stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling an encryption device of a switch to perform the method according to the embodiments of the present invention.
Claims (10)
1. An encryption method of a switch, characterized in that the encryption method of the switch comprises the following steps:
after a hardware system of a switch is powered on and started, performing key authentication on a starting program for starting the hardware system so as to start an operating system of the switch after the starting program passes the key authentication;
after the operating system is started, a data packet is received through an exchange chip in the exchanger, the data packet is analyzed through a Field Programmable Gate Array (FPGA) chip in the exchanger, and the analyzed data is encrypted.
2. The encryption method for the switch according to claim 1, wherein the step of receiving a packet through a switch chip in the switch after the operating system is started, parsing the packet through an FPGA chip in the switch, and encrypting the parsed data comprises:
after the operating system is started, receiving a data packet sent by first terminal equipment from an Ethernet data port of the switch through a switching chip in the switch;
and analyzing the data packet through the FPGA chip of the switch to obtain effective data in the data packet, and encrypting the effective data by adopting a preset encryption algorithm.
3. The switch encryption method according to claim 2, wherein the step of parsing the data packet by the FPGA chip of the switch to obtain valid data in the data packet and encrypting the valid data by using a preset encryption algorithm comprises:
unpacking the data packet through a data packet format in the FPGA chip to obtain unpacked data;
extracting the unpacked data according to an effective data field preset in the FPGA chip to obtain effective data;
and encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip.
4. The encryption method for a switch according to claim 1, wherein the step of performing key authentication on a boot program for booting a hardware system of the switch after the hardware system is powered on and booted, so as to boot an operating system of the switch after the boot program passes the key authentication, comprises:
after a hardware system of a switch is powered on and started, reading a starting program for starting the hardware system from a flash memory register flash which is pre-burned on a memory chip of the switch, wherein the starting program is a boot program;
loading the boot program into an internal Static Random Access Memory (SRAM) of the switch to run so as to start the boot program;
after the boot program is started, reading a key file in an external encryption chip on the printed circuit board PCB of the switch;
and performing key authentication on the boot key file in the boot program through the key file so as to start the operating system of the switch after the startup program passes the key authentication.
5. The encryption method of the switch according to claim 4, wherein the key-authenticating the boot key file in the boot program by the key file to boot the operating system of the switch after the boot program passes the key authentication comprises:
reading the boot key file into the key file of the encryption chip to carry out key verification to obtain a verification result of key authentication, and verifying whether the verification result passes;
and if the verification result is verified to be passed, starting the operating system of the switch.
6. The encryption method for a switch according to claim 1, wherein, before the step of performing key authentication on a boot program for booting a hardware system of the switch after the hardware system is powered on and booted, so as to boot an operating system of the switch after the boot program passes the key authentication, the encryption method further comprises:
detecting whether a boot program in the memory chip of the switch is updated;
and if the boot program is detected to be updated, powering on to start a hardware system of the switch.
7. The encryption method for the switch according to any one of claims 1 to 6, wherein after the step of receiving a data packet by a switch chip in the switch after the operating system is started, parsing the data packet by an FPGA chip in the switch, and encrypting the parsed data, the encryption method further comprises:
repackaging the encrypted data according to a data packet format in the FPGA chip to obtain a packaged data packet;
and sending the encapsulated data packet to second terminal equipment through an Ethernet data port of the switch so that the second terminal equipment unpacks the encapsulated data packet after receiving the encapsulated data packet, extracts the encrypted data, decrypts the encrypted data and obtains effective data in the encapsulated data packet.
8. An encryption apparatus of a switch, characterized in that the encryption apparatus of the switch comprises:
the authentication module is used for carrying out key authentication on a starting program for starting the hardware system after the hardware system of the switch is powered on and started so as to start the operating system of the switch after the starting program passes the key authentication;
the receiving module is used for receiving a data packet through a switching chip in the switch after the operating system is started;
the analysis module is used for analyzing the data packet through an FPGA chip in the switch;
and the encryption module is used for encrypting the analyzed data.
9. An encryption device of a switch, characterized in that the encryption device of the switch comprises a memory, a processor and an encryption program of the switch stored on the memory and running on the processor, the encryption program of the switch implementing the steps of the encryption method of the switch according to any one of claims 1 to 7 when being completed by the processor.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon an encryption program of a switch, which when completed by a processor implements the steps of the encryption method of the switch according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010163970.9A CN111400700B (en) | 2020-03-10 | 2020-03-10 | Encryption method, device and equipment of switch and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010163970.9A CN111400700B (en) | 2020-03-10 | 2020-03-10 | Encryption method, device and equipment of switch and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111400700A true CN111400700A (en) | 2020-07-10 |
| CN111400700B CN111400700B (en) | 2023-07-21 |
Family
ID=71436187
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010163970.9A Active CN111400700B (en) | 2020-03-10 | 2020-03-10 | Encryption method, device and equipment of switch and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111400700B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113285895A (en) * | 2021-04-28 | 2021-08-20 | 深圳中为思创科技有限公司 | Safe and reliable type high-speed switch |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123507A (en) * | 2007-10-08 | 2008-02-13 | 杭州华三通信技术有限公司 | A protection method and storage device for data information in storage device |
| US20140289537A1 (en) * | 2013-03-20 | 2014-09-25 | Becrypt Limited | Encryption system and method of encrypting a device |
| CN105357218A (en) * | 2015-12-03 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Router with hardware encryption and decryption function and encryption and decryption method of router |
| CN105610738A (en) * | 2016-03-08 | 2016-05-25 | 浪潮集团有限公司 | Two-stage encryption protection method for switch |
| CN205407875U (en) * | 2016-03-08 | 2016-07-27 | 浪潮集团有限公司 | Ethernet switch of chip is encrypted in area |
| CN106933752A (en) * | 2017-03-09 | 2017-07-07 | 西安电子科技大学 | The encryption device and method of a kind of SRAM type FPGA |
| CN109284136A (en) * | 2018-09-12 | 2019-01-29 | 盛科网络(苏州)有限公司 | A kind of method and device realizing switch system and quickly restarting |
| CN110417706A (en) * | 2018-04-27 | 2019-11-05 | 奥维飞越通信有限公司 | A kind of safety communicating method based on interchanger |
-
2020
- 2020-03-10 CN CN202010163970.9A patent/CN111400700B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123507A (en) * | 2007-10-08 | 2008-02-13 | 杭州华三通信技术有限公司 | A protection method and storage device for data information in storage device |
| US20140289537A1 (en) * | 2013-03-20 | 2014-09-25 | Becrypt Limited | Encryption system and method of encrypting a device |
| CN105357218A (en) * | 2015-12-03 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Router with hardware encryption and decryption function and encryption and decryption method of router |
| CN105610738A (en) * | 2016-03-08 | 2016-05-25 | 浪潮集团有限公司 | Two-stage encryption protection method for switch |
| CN205407875U (en) * | 2016-03-08 | 2016-07-27 | 浪潮集团有限公司 | Ethernet switch of chip is encrypted in area |
| CN106933752A (en) * | 2017-03-09 | 2017-07-07 | 西安电子科技大学 | The encryption device and method of a kind of SRAM type FPGA |
| CN110417706A (en) * | 2018-04-27 | 2019-11-05 | 奥维飞越通信有限公司 | A kind of safety communicating method based on interchanger |
| CN109284136A (en) * | 2018-09-12 | 2019-01-29 | 盛科网络(苏州)有限公司 | A kind of method and device realizing switch system and quickly restarting |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113285895A (en) * | 2021-04-28 | 2021-08-20 | 深圳中为思创科技有限公司 | Safe and reliable type high-speed switch |
| CN113285895B (en) * | 2021-04-28 | 2022-05-31 | 深圳中为思创科技有限公司 | Safe and reliable type high-speed switch |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111400700B (en) | 2023-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110492990B (en) | Private key management method, device and system under block chain scene | |
| US8566608B2 (en) | Methods and apparatus for securing keystrokes from being intercepted between the keyboard and a browser | |
| CN100542085C (en) | The system and method for securing executable code | |
| US20140282978A1 (en) | Method and apparatus for secure interaction with a computer service provider | |
| CN109194625B (en) | Client application protection method and device based on cloud server and storage medium | |
| US20090259855A1 (en) | Code Image Personalization For A Computing Device | |
| US20110161667A1 (en) | Trusted graphics rendering for safer browsing on mobile devices | |
| EP2172866A1 (en) | Information processor and tampering verification method | |
| CN105493097A (en) | Protection scheme for remotely-stored data | |
| CN101984575A (en) | Method and device for protecting mobile terminal software | |
| JP2004538584A (en) | Information processing method and system in electronic device, electronic device, and processing block | |
| CN103198037B (en) | Reliable pipe control method and system for IO (input output) equipment | |
| JP2008544710A (en) | Method and apparatus for implementing encryption | |
| US9893882B1 (en) | Apparatus, system, and method for detecting device tampering | |
| CN107818253B (en) | Face template data entry control method and related product | |
| KR101472346B1 (en) | Method for providing encrypted web application, terminal supporting the same, and recording medium thereof | |
| EP3429158A1 (en) | Secure communication method and apparatus for vehicle, vehicle multimedia system, and vehicle | |
| US20130073840A1 (en) | Apparatus and method for generating and managing an encryption key | |
| JP2007249507A (en) | Information leakage prevention method, information leakage prevention system and information terminal | |
| CN111400700B (en) | Encryption method, device and equipment of switch and computer readable storage medium | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN109889334A (en) | Embedded firmware encrypting method, apparatus, wifi equipment and storage medium | |
| CN113360857A (en) | Code starting method and system for software | |
| CN113127844A (en) | Variable access method, device, system, equipment and medium | |
| CN107317925B (en) | Mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |