CN111400700B - Encryption method, device and equipment of switch and computer readable storage medium - Google Patents
Encryption method, device and equipment of switch and computer readable storage medium Download PDFInfo
- Publication number
- CN111400700B CN111400700B CN202010163970.9A CN202010163970A CN111400700B CN 111400700 B CN111400700 B CN 111400700B CN 202010163970 A CN202010163970 A CN 202010163970A CN 111400700 B CN111400700 B CN 111400700B
- Authority
- CN
- China
- Prior art keywords
- switch
- data
- data packet
- encryption
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention discloses an encryption method, a device, equipment and a storage medium of a switch, wherein the method comprises the following steps: after a hardware system of a switch is electrified and started, key authentication is carried out on a starting program for starting the hardware system, so that an operating system of the switch is started after the starting program passes the key authentication; after the operating system is started, the data packet is received through a switching chip in the switch, the data packet is analyzed through an FPGA chip in the switch, and the analyzed data is encrypted. After the hardware system is electrified and started, the key authentication is carried out on the starting program to start the operating system, the data packet is received through the exchange chip, the data packet is analyzed through the FPGA chip, and the analyzed data is encrypted, so that the switch program is prevented from being cracked by violence, the switch data is encrypted, and the safety of the switch is improved.
Description
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to an encryption method, apparatus, device and computer readable storage medium for an exchange.
Background
At present, an ethernet switch uses a transparent and unified transmission control protocol, in which the program and data of the switch are both open, without encryption and monitoring, so that the program of the switch is cracked by violence and the data of the switch is revealed. As is clear from this, the security of the existing ethernet switch is low.
Disclosure of Invention
The invention mainly aims to provide an encryption method, device and equipment of a switch and a storage medium, and aims to solve the technical problem of low security of the existing Ethernet switch.
In order to achieve the above object, the present invention provides an encryption method for a switch, the encryption method for a switch comprising the steps of:
after a hardware system of a switch is electrified and started, key authentication is carried out on a starting program for starting the hardware system, so that an operating system of the switch is started after the starting program passes the key authentication;
after the operating system is started, a data packet is received through a switching chip in the switch, the data packet is analyzed through a Field Programmable Gate Array (FPGA) chip in the switch, and the analyzed data is encrypted.
Preferably, after the operating system is started, the step of receiving a data packet through a switch chip in the switch, analyzing the data packet through an FPGA chip in the switch, and encrypting the analyzed data includes:
after the operating system is started, receiving a data packet sent by a first terminal device from an Ethernet data port of the switch through a switching chip in the switch;
analyzing the data packet through the FPGA chip of the switch to obtain effective data in the data packet, and encrypting the effective data by adopting a preset encryption algorithm.
Preferably, the step of analyzing the data packet by the FPGA chip of the switch to obtain effective data in the data packet and encrypting the effective data by using a preset encryption algorithm includes:
unpacking the data packet according to a data packet format in the FPGA chip to obtain unpacked data;
extracting the unpacking data according to a valid data field preset in the FPGA chip to obtain valid data;
and encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip.
Preferably, after the hardware system of the switch is powered on and started, the step of performing key authentication on a startup procedure for starting the hardware system to start an operating system of the switch after the startup procedure passes the key authentication includes:
after a hardware system of a switch is powered on and started, reading a starting program for starting the hardware system from a flash which is burnt in advance by a storage chip of the switch, wherein the starting program is a boot program;
loading the boot program into an internal SRAM of the switch for running so as to start the boot program;
after the boot program is started, a key file in an external encryption chip on the switch PCB is read;
and carrying out key authentication on the boot key file in the boot program through the key file so as to start the operating system of the switch after the starting program passes the key authentication.
Preferably, the step of performing key authentication on a boot key file in the boot program through the key file to start an operating system of the switch after the start program passes the key authentication includes:
reading the boot key file into the key file of the encryption chip for key verification to obtain a key authentication verification result, and verifying whether the verification result passes or not;
and if the verification result is verified to be passed, starting an operating system of the switch.
Preferably, after the hardware system of the switch is powered on and started, the key authentication is performed on a start program for starting the hardware system, so that before the step of starting the operating system of the switch after the start program passes the key authentication, the method further comprises:
detecting whether a boot program in a storage chip of the switch is updated or not;
if the boot program is detected to be updated, powering on a hardware system of the switch.
Preferably, after the step of starting the operating system, receiving a data packet through a switch chip in the switch, analyzing the data packet through an FPGA chip in the switch, and encrypting the analyzed data, the method further includes:
repackaging the encrypted data according to a data packet format in the FPGA chip to obtain an encapsulated data packet;
and sending the encapsulated data packet to a second terminal device through an Ethernet data port of the switch, so that the second terminal device can unpack the encapsulated data packet after receiving the encapsulated data packet, extract the encrypted data, and decrypt the encrypted data to obtain the effective data in the encapsulated data packet.
In addition, in order to achieve the above object, the present invention also provides an encryption device of a switch, including:
the authentication module is used for carrying out key authentication on a starting program for starting the hardware system after the hardware system of the switch is electrified and started so as to start an operating system of the switch after the starting program passes the key authentication;
the receiving module is used for receiving the data packet through a switching chip in the switch after the operating system is started;
the analysis module is used for analyzing the data packet through an FPGA chip in the switch;
and the encryption module is used for encrypting the analyzed data.
In addition, in order to achieve the above object, the present invention also provides an encryption device of a switch, the encryption device of the switch including a memory, a processor, and an encryption program of the switch stored on the memory and running on the processor, the encryption program of the switch implementing the steps of the encryption method of the switch as described above when completed by the processor.
In addition, in order to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon an encryption program of a switch, which when completed by a processor, implements the steps of the encryption method of a switch as described above.
After the hardware system is powered on and started, the key authentication is carried out on a starting program for starting the hardware system so as to start the operating system, the data packet is received through the exchange chip, the data packet is analyzed through the FPGA chip, and the analyzed data is encrypted. Therefore, in the encryption process of the switch, after the hardware system is electrified and started, the key authentication is carried out on the starting program, and the operating system is started only after the starting program passes the key authentication, so that the switch program is prevented from being cracked violently, after the operating system is started, the data packet is received through the switching chip, then the data packet is analyzed through the FPGA chip, the analyzed data is encrypted, the leakage of the switch data is prevented, the double encryption of the switch is realized, and the safety of the switch is improved.
Drawings
FIG. 1 is a flow chart of a first embodiment of an encryption method of a switch of the present invention;
FIG. 2 is a schematic diagram of a preferred configuration of an encryption device of the switch of the present invention;
FIG. 3 is a schematic diagram of a hardware operating environment according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of an encryption method of an exchange according to the present invention.
The embodiments of the present invention provide embodiments of encryption methods for switches, it should be noted that although a logical order is shown in the flowchart, the steps shown or described may be accomplished in a different order than that shown or described herein under certain data.
The encryption method of the switch comprises the following steps:
step S10, after the hardware system of the switch is powered on and started, key authentication is carried out on a starting program for starting the hardware system, so that the operating system of the switch is started after the starting program passes the key authentication.
After the hardware system of the switch is powered on and started, the switch performs key authentication on a starting program for starting the hardware system through an encryption chip of the switch, and after the starting program passes the key authentication, the switch starts an operating system of the switch.
The hardware system comprises a switching chip, a storage chip, an encryption chip, an FPGA (Field Programmable Gate Array ) chip and the like. The exchange chip is used for receiving the data packet, the storage chip is used for storing boot (start command) program, the encryption chip is used for authenticating the key of the boot program, the FPGA chip is used for analyzing the data packet and extracting data in the data packet, encrypting the analyzed data, forwarding the encrypted data and the like.
The step S10 further includes:
step a, after a hardware system of a switch is powered on and started, reading a starting program for starting the hardware system from a flash which is burnt in advance by a storage chip of the switch, wherein the starting program is a boot program;
step b, loading the boot program into an internal SRAM of the switch for running so as to start the boot program;
step c, after the boot program is started, reading a key file in an external encryption chip on the switch PCB;
and d, carrying out key authentication on the boot key file in the boot program through the key file so as to start the operating system of the switch after the starting program passes the key authentication.
Specifically, after the hardware system of the switch is powered on and started, the switch reads a starting program from a flash (flash Memory register) which is burned in advance by a Memory chip of the switch, the starting program is a boot program, and the boot program is loaded into an internal SRAM (Static Random-Access Memory) of the switch to run so as to start the boot program, and a boot key file in the boot program is read. After boot program starts, the switch reads the key file in the external encryption chip on its PCB (Printed Circuit Board ) through I2C (bidirectional two-wire synchronous serial bus), and performs key authentication on the code information in the boot key file through the key file in the encryption chip, where the key authentication is boot key authentication. After the key authentication of the code information in the boot key file is successful through the key file in the encryption chip, namely after the starting program passes the key authentication, the switch starts the operating system of the switch.
The boot program is a starting command of a hardware system of the switch. The key file refers to secret information used to complete cryptographic applications such as encryption, decryption, integrity verification, etc. The I2C bus is a bi-directional two-wire synchronous serial bus that requires two wires to transfer information between devices connected to the bus. boot key authentication, namely bootloader bottom key authentication, loads an operating system image or a solidified embedded application program into a memory after the bootloader bottom key authentication completes initialization of the exchange chip and related hardware, and then jumps to a space where an operating system is located to start the operating system to run.
It should be noted that, when the hardware system of the switch is started, the switch may preset a key file in the encryption chip, and the operating systems of different switches are different, so the embodiment does not limit the form of the switch.
In this embodiment, for example, in the information of the key file of the encryption chip, the information of performing key authentication on the boot key file is if the boot program has "3onedata", certification passed, the code information included in the boot key file of the boot program is "connect to 3onedata", and the like, the switch reads the boot program in the flash of the storage chip, the boot program is started in the internal SRAM, and then the switch performs ciphertext matching on the boot key file in the boot program and the key file in the encryption chip. When the key file in the encryption chip is matched with the boot key file in the boot program, namely, the key file of the encryption chip is identical with the boot key file in the boot program, the switch starts the operating system of the switch.
Further, the step d includes:
step e, reading the boot key file into the key file of the encryption chip for key verification to obtain a key authentication verification result, and verifying whether the verification result passes or not;
and f, if the verification result is verified to be passed, starting an operating system of the switch.
Specifically, the switch reads the boot key file into the key file of the encryption chip for key matching verification, and obtains a verification result of boot key authentication, then the switch verifies the verification result, if the verification result passes, the switch starts the operating system thereof, and if the verification result does not pass, the switch locks the operating system thereof until the verification result passes.
The key matching verification method includes an information comparison verification method, a character comparison verification method and the like, and the embodiment is not limited to the form of the comparison verification method.
In this embodiment, for example, the key matching verification method is a character comparison verification method, a passing character is set as true in the switch, a key file is read into a key file of an encryption chip by the switch to perform key matching verification, the key file in the encryption chip is matched with the key file, the encryption chip returns the character true to the switch, the switch compares the returned character with an internally set character and then performs verification, and the returned character corresponds to the internally set character, so that the switch starts an operating system.
Step S20, after the operating system is started, receiving a data packet through a switch chip in the switch, analyzing the data packet through an FPGA chip in the switch, and encrypting the analyzed data.
After the operating system of the switch is started, the switch receives the data packet through the switch chip, after the data packet is received, the FPGA chip analyzes the data packet, and then re-encrypts the analyzed data.
The step S20 further includes:
step g, after the operating system is started, receiving a data packet sent by a first terminal device from an Ethernet data port of the switch through a switch chip in the switch;
and h, analyzing the data packet through the FPGA chip of the switch to obtain effective data in the data packet, and encrypting the effective data by adopting a preset encryption algorithm.
Specifically, after the switch operating system is started, the switch receives, through its switch chip, a data packet sent from the first terminal device from the ethernet data port of the switch. After the data packet is obtained, the exchanger analyzes the data packet through the FPGA chip to obtain effective data in the data packet, and then the effective data is re-encrypted by adopting a preset encryption algorithm.
The first terminal device is a terminal device for sending a data packet to the switch, and can be an external network terminal device or an internal network terminal device. The encryption algorithm is a method for encrypting data, and there are many encryption algorithms including a Chinese-English encryption algorithm, a binary encryption algorithm, a digital English encryption algorithm, etc., and the embodiment does not limit the form of the encryption algorithm.
Further, the step h further includes:
step i, unpacking the data packet through a data packet format in the FPGA chip to obtain unpacked data;
step j, extracting the unpacking data according to a valid data field preset in the FPGA chip to obtain valid data;
and step k, encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip to obtain encrypted data.
Specifically, the switch unpacks the data packet through an unpacking method of a data packet format in the FPGA chip to obtain unpacked data, extracts the unpacked data according to a preset effective field in the FPGA chip, discards invalid data to obtain effective data, and re-encrypts the effective data by adopting an encryption algorithm preset in the FPGA chip to obtain encrypted data.
Wherein the valid data and the invalid data are set according to individual needs. The data packet format refers to a data format specified according to different protocols, and there are many data packet formats, and the data packet format is not limited to the form of the data packet format in this embodiment, and is most commonly used as "frame header+data". In this embodiment, for example, the preset valid field is "3onedata", the data packet received by the switch has "3 onedata-1 month profit. Doc" in 2020 "," ABC-2020 2 month profit. Doc ", and so on, after unpacking, the frame header is obtained as"3onedata "," ABC ", and so on, the data corresponding to" 3onedata "is" 2020 1 month profit. Doc ", the data corresponding to" ABC "is" 2020 2 month profit. Doc ", and then the data" 2020 1 month profit. Doc "is extracted and re-encrypted according to the preset valid field, and the data" 2020 2 month profit. Doc "is discarded. This embodiment is described. For example, the ciphertext is "20 21 18 14 12 05 06 20", and the ciphertext is "TURE LERT" after being decrypted by the digital English encryption algorithm.
Further, the encryption method of the switch further comprises the following steps:
step l, detecting whether boot programs in a storage chip of the switch are updated or not;
and m, if the boot program is detected to be updated, powering on to start the hardware system of the switch.
Specifically, before the hardware system of the switch is not powered on and started, the switch detects whether the boot program in the memory chip of the switch is updated through the internal system of the switch, and when the boot program is detected to be not updated, the switch continues to detect, and when the boot program is detected to be updated, the switch is powered on and started to start the hardware system of the switch.
It should be noted that there are many methods for detecting the update, for example, according to time, name, suffix, etc., and the present embodiment does not limit the method for detecting the update.
In this embodiment, for example, an original boot program in a memory chip of the switch is "3onedata-2020.1", and after a period of time, the switch detects that the boot program is changed to "3onedata-2020.1.1", which indicates that the boot program has been updated.
After the hardware system is powered on and started, the key authentication is carried out on a starting program for starting the hardware system so as to start the operating system, the data packet is received through the exchange chip, the data packet is analyzed through the FPGA chip, and the analyzed data is encrypted. Therefore, in the encryption process of the switch, after the hardware system is electrified and started, the key authentication is carried out on the starting program, and the operating system is started only after the starting program passes the key authentication, so that the switch program is prevented from being cracked violently, after the operating system is started, the data packet is received through the switching chip, then the data packet is analyzed through the FPGA chip, the analyzed data is encrypted, the leakage of the switch data is prevented, the double encryption of the switch is realized, and the safety of the switch is improved.
Further, a second embodiment of the encryption method of the switch of the present invention is presented.
The second embodiment of the encryption method of the switch is different from the first embodiment of the encryption method of the switch in that the encryption method of the switch further includes:
step n, re-packaging the encrypted data according to a data packet format in the FPGA chip to obtain a packaged data packet;
and step o, the encapsulated data packet is sent to a second terminal device through an Ethernet data port of the switch, so that the second terminal device unpacks the encapsulated data packet after receiving the encapsulated data packet, extracts the encrypted data, and decrypts the encrypted data to obtain the effective data in the encapsulated data packet.
Specifically, after the switch encrypts the data, the switch repackages the encrypted data according to a data packet format in the FPGA chip to obtain an encapsulated data packet, then sends the encapsulated data packet to an Ethernet data port of the switch through the FPGA chip, and then sends the encapsulated data packet to the second terminal device through the Ethernet data port, so that the second terminal device can unpack the encapsulated data packet according to the data packet format after receiving the encapsulated data packet to obtain unpacked data, then proposes the encrypted data in the encapsulated data, then decrypts the encrypted data to obtain effective data, and then obtains the required data in the effective data according to the user requirement.
The second terminal device refers to a device for receiving the switch package data packet, and may be an external network terminal device or an internal network terminal device. The decryption algorithm is a method for decrypting data, and there are many decryption algorithms, including a Chinese-English encryption algorithm, a binary encryption algorithm, a digital English encryption algorithm, etc., and the embodiment does not limit the form of the decryption algorithm.
After the data is re-encrypted, the switch in the embodiment re-encapsulates the encrypted data, and sends the encapsulated data to the terminal device through the normal Ethernet data packet format, so that the encapsulated data packet can be transmitted on the public network according to the common data packet format, thereby improving the universality of the encapsulated data packet.
In addition, the present invention also provides an encryption device of a switch, referring to fig. 2, the encryption device of the switch includes:
an authentication module 10, configured to perform key authentication on a startup procedure for starting a hardware system of a switch after the hardware system of the switch is powered on and started, so as to start an operating system of the switch after the startup procedure passes the key authentication;
a receiving module 20, configured to receive a data packet through a switch chip in the switch after the operating system is started;
the parsing module 30 is configured to parse the data packet through an FPGA chip in the switch;
and an encryption module 40, configured to encrypt the parsed data.
Further, the encryption module 40 includes:
the receiving unit is used for receiving the data packet sent by the first terminal device from the Ethernet data port of the switch through the switch chip in the switch after the operating system is started;
and the encryption unit is used for analyzing the data packet through the FPGA chip of the switch to obtain effective data in the data packet, and encrypting the effective data by adopting a preset encryption algorithm.
Further, the encryption unit includes:
the unpacking subunit is used for unpacking the data packet according to the data packet format in the FPGA chip to obtain unpacked data;
the extraction subunit is used for extracting the unpacking data according to the valid data field preset in the FPGA chip to obtain valid data;
and the encryption subunit is used for encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip to obtain encrypted data.
Further, the authentication module 10 includes:
the reading unit is used for reading a starting program for starting the hardware system from a flash which is burnt in advance by the storage chip of the switch after the hardware system of the switch is electrified and started, wherein the starting program is a boot program;
the loading unit is used for loading the boot program into an internal SRAM of the switch for running so as to start the boot program;
the reading unit is also used for reading a key file in an external encryption chip on the switch PCB after the boot program is started;
and the authentication unit is used for carrying out boot key authentication on the boot key file in the boot program through the key file so as to start the operating system of the switch after the starting program passes the key authentication.
Further, the authentication unit includes:
the verification subunit is used for reading the boot key file into the key file of the encryption chip to carry out key verification to obtain a key authentication verification result;
a verification subunit for verifying whether the test result passes;
and the promoter unit is used for starting the operating system of the switch if the verification result is verified to be passed.
Further, the encryption device of the switch further includes:
the detection unit is used for detecting whether the boot program in the switch storage chip is updated or not;
and the starting unit is used for powering on and starting the hardware system of the switch if the boot program is updated.
Further, the encryption device of the switch further includes:
the packaging module is used for re-packaging the encrypted data according to the data packet format in the FPGA chip to obtain a packaged data packet;
and the sending module is used for sending the encapsulated data packet to a second terminal device through an Ethernet data port of the switch, so that the second terminal device can unpack the encapsulated data packet after receiving the encapsulated data packet, extract the encrypted data and decrypt the encrypted data to obtain the effective data in the encapsulated data packet.
The specific implementation manner of the switch-based encryption device of the present invention is basically the same as that of each embodiment of the switch-based encryption method, and will not be described herein.
In addition, the invention also provides an encryption device of the switch. As shown in fig. 3, fig. 3 is a schematic structural diagram of a hardware running environment according to an embodiment of the present invention.
It should be noted that fig. 3 is a schematic structural diagram of a hardware running environment of the encryption device of the switch.
Fig. 3 is a schematic structural diagram of a hardware running environment of the encryption device of the switch.
As shown, the encryption device of the switch may include: a processor 1001, such as a CPU, memory 1005, user interface 1003, network interface 1004, communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a keyboard (board), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Optionally, the encryption device of the switch may further include an RF (Radio Frequency) circuit, a sensor, a WiFi module, and the like.
It will be appreciated by those skilled in the art that the encryption device structure of the switch shown in fig. 3 does not constitute a limitation on the encryption device of the switch, and may include more or fewer components than shown, or may combine certain components, or may be a different arrangement of components.
As shown in fig. 3, an operating system, a network communication module, a user interface module, and an encryption program of the switch may be included in a memory 1005 as one type of computer storage medium. The operating system is a program for managing and controlling the hardware and software resources of the encryption equipment of the switch, and supports the encryption program of the switch and other software or running of the program.
In the encryption device of the switch shown in the figure, the user interface 1003 is mainly used for the terminal device of the user, so that the user can select valid data according to personal requirements on the terminal device; the network interface 1004 is mainly used for a switch to communicate data with terminal equipment; the processor 1001 may be configured to call an encryption program of the switch stored in the memory 1005 and complete the steps of the control method of the encryption device of the switch as described above.
The specific implementation manner of the encryption device of the switch is basically the same as that of each embodiment of the encryption method of the switch, and is not repeated here.
In addition, the embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores an encryption program of the switch, and the encryption program of the switch realizes the steps of the encryption method of the switch when being completed by a processor.
The specific implementation manner of the computer readable storage medium of the present invention is basically the same as the above-mentioned encryption method embodiments of the switch, and will not be described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above embodiment method may be implemented by means of software plus necessary general hardware platform, or of course by means of hardware, but the former is a preferred embodiment under many data. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of software goods stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising several instructions for causing an encryption device of a switch to perform the method according to the embodiments of the present invention.
Claims (6)
1. A method of encrypting a switch, the method comprising the steps of:
after a hardware system of a switch is powered on and started, reading a starting program for starting the hardware system from a flash memory register flash which is burnt in advance by a storage chip of the switch, wherein the starting program is a boot program;
loading the boot program into an SRAM (static random access memory) of the switch for running so as to start the boot program;
after the boot program is started, reading a key file in an external encryption chip on the switch Printed Circuit Board (PCB);
performing key authentication on a boot key file in the boot program through the key file so as to start an operating system of the switch after the starting program passes the key authentication;
after the operating system is started, receiving a data packet sent by a first terminal device from an Ethernet data port of the switch through a switching chip in the switch;
unpacking the data packet according to a data packet format in a Field Programmable Gate Array (FPGA) chip in the switch to obtain unpacked data;
extracting the unpacking data according to a valid data field preset in the FPGA chip to obtain valid data;
encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip;
repackaging the encrypted data according to a data packet format in the FPGA chip to obtain an encapsulated data packet;
and sending the encapsulated data packet to a second terminal device through an Ethernet data port of the switch, so that the second terminal device can unpack the encapsulated data packet after receiving the encapsulated data packet, extract the encrypted data, and decrypt the encrypted data to obtain the effective data in the encapsulated data packet.
2. The encryption method of the switch according to claim 1, wherein the step of performing key authentication on the boot key file in the boot program by the key file to start the operating system of the switch after the start program passes the key authentication includes:
reading the boot key file into the key file of the encryption chip for key verification to obtain a key authentication verification result, and verifying whether the verification result passes or not;
and if the verification result is verified to be passed, starting an operating system of the switch.
3. The encryption method of the switch according to claim 1, wherein after the hardware system of the switch is powered on and started, a starting program for starting the hardware system is read from a flash memory register flash which is burned in advance by a memory chip of the switch, and before the step of starting the starting program into a boot program, the method further comprises:
detecting whether a boot program in a storage chip of the switch is updated or not;
if the boot program is detected to be updated, powering on a hardware system of the switch.
4. An encryption device of a switch, characterized in that the encryption device of the switch comprises:
the authentication module is used for reading a starting program for starting the hardware system from a flash memory register flash which is burnt in advance by a storage chip of the switch after the hardware system of the switch is electrified and started, wherein the starting program is a boot program; loading the boot program into an SRAM (static random access memory) of the switch for running so as to start the boot program; after the boot program is started, reading a key file in an external encryption chip on the switch Printed Circuit Board (PCB); performing key authentication on a boot key file in the boot program through the key file so as to start an operating system of the switch after the starting program passes the key authentication;
the receiving module is used for receiving the data packet sent by the first terminal device from the Ethernet data port of the switch through the switch chip in the switch after the operating system is started;
the analysis module is used for unpacking the data packet according to the data packet format in the Field Programmable Gate Array (FPGA) chip in the switch to obtain unpacked data; extracting the unpacking data according to a valid data field preset in the FPGA chip to obtain valid data;
the encryption module is used for encrypting the effective data by adopting an encryption algorithm preset in the FPGA chip;
the encryption module is also used for re-packaging the encrypted data according to a data packet format in the FPGA chip to obtain a packaged data packet; and sending the encapsulated data packet to a second terminal device through an Ethernet data port of the switch, so that the second terminal device can unpack the encapsulated data packet after receiving the encapsulated data packet, extract the encrypted data, and decrypt the encrypted data to obtain the effective data in the encapsulated data packet.
5. An encryption device of a switch, characterized in that the encryption device of the switch comprises a memory, a processor and an encryption program of the switch stored on the memory and running on the processor, which encryption program of the switch, when completed by the processor, implements the steps of the encryption method of the switch according to any one of claims 1 to 3.
6. A computer-readable storage medium, on which an encryption program of a switch is stored, which when completed by a processor implements the steps of the encryption method of the switch according to any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010163970.9A CN111400700B (en) | 2020-03-10 | 2020-03-10 | Encryption method, device and equipment of switch and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010163970.9A CN111400700B (en) | 2020-03-10 | 2020-03-10 | Encryption method, device and equipment of switch and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111400700A CN111400700A (en) | 2020-07-10 |
| CN111400700B true CN111400700B (en) | 2023-07-21 |
Family
ID=71436187
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010163970.9A Active CN111400700B (en) | 2020-03-10 | 2020-03-10 | Encryption method, device and equipment of switch and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111400700B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113285895B (en) * | 2021-04-28 | 2022-05-31 | 深圳中为思创科技有限公司 | Safe and reliable type high-speed switch |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123507A (en) * | 2007-10-08 | 2008-02-13 | 杭州华三通信技术有限公司 | A protection method and storage device for data information in storage device |
| CN105357218A (en) * | 2015-12-03 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Router with hardware encryption and decryption function and encryption and decryption method of router |
| CN105610738A (en) * | 2016-03-08 | 2016-05-25 | 浪潮集团有限公司 | Two-stage encryption protection method for switch |
| CN205407875U (en) * | 2016-03-08 | 2016-07-27 | 浪潮集团有限公司 | Ethernet switch of chip is encrypted in area |
| CN106933752A (en) * | 2017-03-09 | 2017-07-07 | 西安电子科技大学 | The encryption device and method of a kind of SRAM type FPGA |
| CN109284136A (en) * | 2018-09-12 | 2019-01-29 | 盛科网络(苏州)有限公司 | A kind of method and device realizing switch system and quickly restarting |
| CN110417706A (en) * | 2018-04-27 | 2019-11-05 | 奥维飞越通信有限公司 | A kind of safety communicating method based on interchanger |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9779245B2 (en) * | 2013-03-20 | 2017-10-03 | Becrypt Limited | System, method, and device having an encrypted operating system |
-
2020
- 2020-03-10 CN CN202010163970.9A patent/CN111400700B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123507A (en) * | 2007-10-08 | 2008-02-13 | 杭州华三通信技术有限公司 | A protection method and storage device for data information in storage device |
| CN105357218A (en) * | 2015-12-03 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Router with hardware encryption and decryption function and encryption and decryption method of router |
| CN105610738A (en) * | 2016-03-08 | 2016-05-25 | 浪潮集团有限公司 | Two-stage encryption protection method for switch |
| CN205407875U (en) * | 2016-03-08 | 2016-07-27 | 浪潮集团有限公司 | Ethernet switch of chip is encrypted in area |
| CN106933752A (en) * | 2017-03-09 | 2017-07-07 | 西安电子科技大学 | The encryption device and method of a kind of SRAM type FPGA |
| CN110417706A (en) * | 2018-04-27 | 2019-11-05 | 奥维飞越通信有限公司 | A kind of safety communicating method based on interchanger |
| CN109284136A (en) * | 2018-09-12 | 2019-01-29 | 盛科网络(苏州)有限公司 | A kind of method and device realizing switch system and quickly restarting |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111400700A (en) | 2020-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100542085C (en) | The system and method for securing executable code | |
| EP2348442B1 (en) | Trusted graphics rendering for safer browsing on mobile devices | |
| US8150039B2 (en) | Single security model in booting a computing device | |
| CN111709038B (en) | File encryption and decryption method, distributed storage system, device and storage medium | |
| KR101460811B1 (en) | Bi-processor architecture for secure systems | |
| US8566608B2 (en) | Methods and apparatus for securing keystrokes from being intercepted between the keyboard and a browser | |
| KR100611628B1 (en) | A method for processing information in an electronic device, a system, an electronic device and a processing block | |
| US9413754B2 (en) | Authenticator device facilitating file security | |
| US7987374B2 (en) | Security chip | |
| US20140282978A1 (en) | Method and apparatus for secure interaction with a computer service provider | |
| US20090259855A1 (en) | Code Image Personalization For A Computing Device | |
| US20120290837A1 (en) | Method and system for secured management of online XML document services through structure-preserving asymmetric encryption | |
| CN105493097A (en) | Protection scheme for remotely-stored data | |
| WO2009051623A2 (en) | System and method for providing a multifunction computer security usb token device | |
| CN101984575A (en) | Method and device for protecting mobile terminal software | |
| JP2008544710A (en) | Method and apparatus for implementing encryption | |
| US9893882B1 (en) | Apparatus, system, and method for detecting device tampering | |
| KR101472346B1 (en) | Method for providing encrypted web application, terminal supporting the same, and recording medium thereof | |
| WO2011023051A1 (en) | Data encryption method, data decryption method and mobile terminal | |
| US8737622B2 (en) | Method for importing rights object and rights issuer | |
| CN111400700B (en) | Encryption method, device and equipment of switch and computer readable storage medium | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN109960935B (en) | Method, device and storage medium for determining trusted state of TPM (trusted platform Module) | |
| CN109889334A (en) | Embedded firmware encrypting method, apparatus, wifi equipment and storage medium | |
| CN112069535B (en) | Dual-system safety intelligent terminal architecture based on access partition physical isolation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |