CN114244620A - Board card network access verification method and device and board card control center - Google Patents
Board card network access verification method and device and board card control center Download PDFInfo
- Publication number
- CN114244620A CN114244620A CN202111595196.XA CN202111595196A CN114244620A CN 114244620 A CN114244620 A CN 114244620A CN 202111595196 A CN202111595196 A CN 202111595196A CN 114244620 A CN114244620 A CN 114244620A
- Authority
- CN
- China
- Prior art keywords
- information
- board card
- verification
- character string
- network access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The invention provides a method and a device for verifying a card-in-network and a card control center, which relate to the technical field of information processing and comprise the steps of obtaining first information, wherein the first information is network access request information sent by a card, the first information comprises ID information, hardware drive version information and function code information of the card, the function code information comprises at least two serial numbers, and each serial number corresponds to one card and can execute a calculation function; and responding to the first information, performing network access authentication on the board card, and sending network access permission to the board card if the authentication is passed. According to the method and the device, when the board card is started, the board card reads ID information, hardware drive version information and function code information in the flash and sends the ID information, the hardware drive version information and the function code information to the board card control center, and the whole computing system is protected from being mixed into an illegal board card which is a board card for stealing data through network access verification of the board card. Thereby achieving the purpose of protecting the calculation data.
Description
Technical Field
The invention relates to the technical field of information processing, in particular to a board card network access verification method and device and a board card control center.
Background
In the field of current missile-borne information processing, a plurality of functional board cards are adopted to respectively complete data processing, wherein each calculation is realized by a board card with a fixed function, and a board card network access verification method does not exist in the prior art due to the distributed design of separating a control unit from the board cards.
Disclosure of Invention
The invention aims to provide a board card network-access verification method, a board card network-access verification device and a board card control center, so as to solve the problems. In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
in a first aspect, the present application provides a board card-into-network verification method, including: acquiring first information, wherein the first information is network access request information sent by a board card, the first information comprises ID information of the board card, hardware drive version information and function code information, the function code information comprises at least two serial numbers, and each serial number corresponds to one executable computing function of the board card; and responding to the first information, performing network access authentication on the board card, and sending network access permission to the board card if the verification is passed.
Further, the performing network access authentication on the board card in response to the first information, and sending a network access permission to the board card if the verification is passed, and then includes: acquiring a calculation demand; extracting a software code and a first sequence number corresponding to the calculation requirement from a preset code library according to the calculation requirement, wherein the first sequence number is a sequence number corresponding to the calculation requirement; sending a service loading inquiry frame to a computing board card after network access authentication, wherein the computing board card is a board card with the first sequence number in function code information, and the service loading inquiry frame is used for triggering the computing board card to send a response frame; and acquiring and authenticating a response frame, if the authentication is passed, sending the software code to the computing board card, wherein the software code is used for triggering the computing board card to store the function code in a dynamic random access memory, and performing service computation according to the function code in the dynamic random access memory.
Further, the performing network access authentication on the board card in response to the first information, and sending a network access permission to the board card if the verification is passed, and then includes: receiving an encrypted calculation result, wherein the calculation result is data calculated by the calculation board card, the calculation result comprises a proofreading character string and an operation result, the operation result is a result of the calculation board card after service calculation, and the proofreading character string is calculated by ID information and a first preset function; calling a third state key to decrypt the calculation result to obtain a proofreading character string and an operation result; generating a verification character string according to the ID information; and checking the consistency of the verification character string and the first response verification, if the proofreading character string and the verification character string have consistency, judging that the operation result is legal, and if the proofreading character string and the verification character string do not have consistency, discarding the received encryption calculation result.
Further, the generating a verification string according to the ID information includes: multiplying each character in the ID information by a second preset function respectively to obtain a second calculated value corresponding to each character, wherein the second preset function and the first preset function are conjugate functions; merging and splicing the calculated values according to each character sequence in the ID information to obtain a verification character string; the verifying the consistency of the validation string with the first response validation comprises: respectively extracting at least two most significant characters in the proofreading character string and the verification character string and the bit number corresponding to each most significant character, wherein the most significant character is a maximum character or a minimum character; and if the most significant character in the proofreading character string is the same as the most significant character in the verification character string, and the bit number corresponding to each most significant character in the proofreading character string is the same as the bit number corresponding to each most significant character in the verification character string, the verification character string and the first response verification have consistency.
Further, the first information is information obtained by encrypting a status key by the board card, and the obtaining of the first information includes: receiving the network connection test requested by the board card to obtain first connection jitter and first connection delay; the first information is information obtained after the board card encrypts a first state key, the response to the first information is to perform network access authentication on the board card, and if the verification is passed, network access permission is sent to the board card, including: recording the receiving time of the network connection test; calling a preset key encryption algorithm, taking the first connection jitter, the first connection delay and the receiving time of the network connection test as input information of the preset key encryption algorithm, and solving the preset key encryption algorithm to obtain the first state key; decrypting the first information by using the first state key to obtain decrypted ID information; and comparing the decrypted ID information with a preset ID database, if the comparison is successful, sending a network access permission to the board card, and if the comparison is failed, discarding the first information.
In a second aspect, the present application further provides a board card-into-net verification apparatus, including: the device comprises a first acquisition unit, a second acquisition unit and a processing unit, wherein the first acquisition unit is used for acquiring first information, the first information is network access request information sent by a board card, the first information comprises ID information of the board card, hardware drive version information and function code information, the function code information comprises at least two serial numbers, and each serial number corresponds to one executable calculation function of the board card; and the network access verification unit is used for responding to the first information, performing network access authentication on the board card, and sending network access permission to the board card if the verification is passed.
Further, the board card network access verification device further includes: a second obtaining unit for obtaining a calculation requirement; the first calling unit is used for extracting a software code and a first serial number corresponding to the calculation requirement from a preset code library according to the calculation requirement, wherein the first serial number is a serial number corresponding to the calculation requirement; the first sending unit is used for sending a service loading inquiry frame to a computing board card after network access authentication, wherein the computing board card is a board card with the first sequence number in function code information, and the service loading inquiry frame is used for triggering the computing board card to send a response frame; and the first authentication unit is used for acquiring and authenticating the response frame, if the authentication is passed, sending the software code to the computing board card, wherein the software code is used for triggering the computing board card to store the function code in a dynamic random access memory, and performing service calculation according to the function code in the dynamic random access memory.
Further, the board card network access verification device further includes: the first receiving unit is used for receiving an encrypted calculation result, wherein the calculation result is data calculated by the calculation board card, the calculation result comprises a proofreading character string and an operation result, the operation result is a result of the calculation board card after service calculation, and the proofreading character string is calculated by ID information and a first preset function; the second calling unit is used for calling the third state key to decrypt the calculation result to obtain a proofreading character string and an operation result; a first generation unit configured to generate a verification string based on the ID information; and the first checking unit is used for checking the consistency of the verification character string and the first response verification, if the proofreading character string and the verification character string have consistency, the operation result is legal, and if the proofreading character string and the verification character string do not have consistency, the received encryption calculation result is discarded.
Further, the first generation unit includes: the first calculation unit is used for multiplying each character in the ID information by a second preset function respectively to obtain a second calculation value corresponding to each character, and the second preset function and the first preset function are conjugate functions; the second calculation unit is used for merging and splicing the calculated values according to each character sequence in the ID information to obtain a verification character string; the first verification unit includes: the first extraction unit is used for respectively extracting at least two most significant characters in the proofreading character string and the verification character string and the bit number corresponding to each most significant character, wherein the most significant character is a maximum character or a minimum character; and the first judging unit is used for judging that the verification character string is consistent with the first response verification if the most significant character in the correction character string is the same as the most significant character in the verification character string and the bit number corresponding to each most significant character in the correction character string is the same as the bit number corresponding to each most significant character in the verification character string.
In a third aspect, the present application further provides a board control device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the board card network access verification method when executing the computer program.
The invention has the beneficial effects that:
when the board card is started, the board card reads ID information, hardware drive version information and function code information in the flash and sends the ID information, the hardware drive version information and the function code information to the board card control center, namely the equipment used by the method. And then the board card control center performs network access verification on the board card, reads the function code information and redistributes the calculation task. In the method, the whole computing system is protected from being mixed with an illegal board card which is a board card for stealing data by performing network access verification on the board card, so that the purpose of protecting the computing data is achieved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic flow chart of a board card network access verification method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a board card network access verification apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a board card network access verification device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example 1:
the embodiment provides a board card network-in verification method.
Referring to FIG. 1, the method is shown to include steps S20 and S30.
S20, first information is obtained, the first information is network access request information sent by the board card, the first information comprises ID information of the board card, hardware drive version information and function code information, the function code information comprises at least two serial numbers, each serial number corresponds to one board card and can execute a calculation function, and the first information is stored in flash of the board card.
And S30, responding to the first information, performing network access authentication on the board card, and sending network access permission to the board card if the authentication is passed.
In the method, when the board card is started, the board card reads ID information, hardware drive version information and function code information in the flash and sends the ID information, the hardware drive version information and the function code information to a board card control center, namely equipment used by the method. And then the board card control center performs network access verification on the board card, reads the function code information and then distributes a calculation task. In the method, the whole computing system is protected from being mixed into an illegal board card by performing network access verification on the board card, wherein the illegal board card is a board card for stealing data. Thereby achieving the purpose of protecting the calculation data.
In some specific embodiments, the method further includes step S40, step S50, step S60, and step S70.
And S40, acquiring calculation requirements.
And S50, extracting the software code and the first sequence number corresponding to the calculation requirement from the preset code library according to the calculation requirement, wherein the first sequence number is the sequence number corresponding to the calculation requirement.
And S60, sending a service loading inquiry frame to the calculation board card after network access authentication, wherein the calculation board card is a board card with a first sequence number in the function code information, and the service loading inquiry frame is used for triggering the calculation board card to send a response frame.
And S70, acquiring and authenticating the response frame, if the authentication is passed, sending a software code to the computing board, wherein the software code is used for triggering the computing board to store the function code in the dynamic random access memory, and performing service computation according to the function code in the dynamic random access memory.
In the application, the board card is designed to be a design which does not contain functional codes, so that the architecture of the board card can be designed to be a multi-functional architecture. Meanwhile, the design is used for a distributed computing system, when the whole computing system needs some specific computing functions, the board card control center realizes different functions on limited hardware according to an unavailable scene, and the environmental adaptability of the computing system is improved; software codes for realizing the same function can be loaded on the hardware of the plurality of board cards at the same time, and the plurality of board cards work at the same time to improve the computing capacity of the system; in addition, when a certain board card has a fault, the function can be realized on the other board card in a mode of loading software codes, and the reliability of the system is improved.
Meanwhile, in the application, when the information processing system is started, the board card starts the hardware driving and service loading functions from the nonvolatile memory, and the board card control center can perform network communication and service loading with the board card. The board control center issues the selected function code to the designated board, and the board stores the code in the dynamic random access memory to execute the function service program. Since the nonvolatile memory of the universal computing board card does not need to store specific codes for completing the functions of the special board card, and only needs the functions of hardware driving and service loading, information leakage does not exist before the board card is transported and used, and the safety of service data is ensured; after the board card is electrified, the function code needs to be issued by a control unit network, all application services are centrally and uniformly managed in a board card control center, and data control management is more convenient; after the board card completes calculation, the data in the dynamic random access memory can be automatically powered off and emptied, so that the risk of information leakage is reduced.
In some specific embodiments, the present application further includes step S80, step S90, step S100, and step S110.
And S80, receiving the encrypted calculation result, wherein the calculation result is data calculated by the calculation board, the calculation result comprises a correction character string and an operation result, the operation result is a result of the calculation board after service calculation, and the correction character string is calculated by ID information and a first preset function.
S90, calling a third state key decryption calculation result to obtain a proofreading character string and an operation result;
and S100, generating a verification character string according to the ID information.
S110, checking the consistency of the verification character string and the first response verification, if the proofreading character string and the verification character string have consistency, the operation result is legal, and if the proofreading character string and the verification character string do not have consistency, the received encryption calculation result is discarded.
In the method, in order to prevent the key from being illegally inserted and stolen, the key change in various states is adopted, so that the probability of the key being cracked is reduced. The method for establishing the third-state key is described in the following. And simultaneously, the encrypted verification character of the third state key is introduced to achieve the purpose of realizing network access authentication.
In some specific embodiments, step S100 includes step S101 and step S102.
S101, multiplying each character in the ID information by a second preset function respectively to obtain a second calculated value corresponding to each character, wherein the second preset function and the first preset function are conjugate functions.
It should be noted that, in the present application, the first preset function may be a sine function, and the second preset function may be a cosine function, where the first preset function and the second preset function are conjugate functions, and the present application is not limited specifically.
And S102, combining and splicing the calculated values according to each character sequence in the ID information to obtain a verification character string.
Step S110 includes step S111 and step S112.
S111, respectively extracting at least two most significant characters in the proofreading character string and the verification character string and the number of bits corresponding to each most significant character, wherein the most significant character is a maximum character or a minimum character;
it should be noted that, in the method, the most significant character is the maximum value or the least significant value, such as a string of data 2345678, that is, the minimum character 2 is extracted at 1 bit, the maximum character 8 is extracted at 7 th bit, for 511548998, such data also extracts the minimum character 1 at 2, 3 bits, and the maximum character 9 at 7, 8 bits. Similarly, the method for extracting the verification character string containing the english character is also the above extraction method, and is not described in detail in this application.
And S112, if the most significant character in the proofreading character string is the same as the most significant character in the verification character string, and the number of bits corresponding to each most significant character in the proofreading character string is the same as the number of bits corresponding to each most significant character in the verification character string, the verification character string has consistency with the first response verification.
It should be noted that, in this step, it is required to verify both the order of the maximum value itself and the position of the minimum value itself. In the method, whether the data is complete or not can be verified in the above mode. The purpose of authentication is achieved.
In some specific embodiments, the method further includes step S10.
And S10, receiving the network connection test requested by the board card, and obtaining the first connection jitter and the first connection delay.
And further includes step S120, step S130, step S140, and step S150.
S120, recording the receiving time of the network connection test;
s130, calling a preset key encryption algorithm, taking the first connection jitter, the first connection delay and the receiving time of the network connection test as input information of the preset key encryption algorithm, and solving the preset key encryption algorithm to obtain a first state key;
s140, decrypting the first information by using the first state key to obtain decrypted ID information;
s150, comparing the decrypted ID information with a preset ID database, if the comparison is successful, sending network access permission to the board card, and if the comparison is failed, discarding the first information.
In the method, the delay and the jitter in the network state are used as basic elements for manufacturing the dynamic key, so that the probability of cracking the key can be effectively reduced.
It should be noted that, in this step, the key encryption algorithm is preset as AES, and it is obvious to those skilled in the art that other encryption algorithms may be selected.
Meanwhile, in the method, a new key is adopted when the board card communicates with the board card control center every time. Specifically, the method includes step S160, step S170, and step S180.
And S160, performing network connection test on the board card to obtain second connection jitter and second connection delay.
S170, if the first delay is not consistent with the second delay or the first connection jitter is not consistent with the second connection jitter, generating a second state key.
And S180, carrying out data transmission with the board card, and encrypting the data by using the second state key.
Through the steps, the method generates a new key for communication according to different communication environments each time, and effectively ensures the connection safety of the board card and the control unit. And calling a preset key encryption algorithm, taking the second connection jitter, the second connection delay and the receiving time of the latest network connection test as input information of the preset key encryption algorithm, and solving the preset key encryption algorithm to obtain the first state key.
Example 2:
as shown in fig. 2, the present embodiment provides a board-to-board network authentication apparatus, which includes:
a first obtaining unit 702, configured to obtain first information, where the first information is network access request information sent by a board, the first information includes ID information of the board, hardware drive version information, and function code information, the function code information includes at least two serial numbers, and each serial number corresponds to one board and can perform a calculation function;
and a network access verification unit 703, configured to perform network access authentication on the board card in response to the first information, and send a network access permission to the board card if the verification is passed.
In some specific embodiments, the apparatus further comprises:
a second obtaining unit 704, configured to obtain a calculation requirement;
the first calling unit 705 is configured to extract a software code and a first sequence number corresponding to a calculation requirement from a preset code library according to the calculation requirement, where the first sequence number is a sequence number corresponding to the calculation requirement;
a first sending unit 706, configured to send a service loading inquiry frame to the computing board after network access authentication, where the computing board is a board having a first sequence number in the function code information, and the service loading inquiry frame is used to trigger the computing board to send a response frame;
the first authentication unit 707 is configured to obtain and authenticate the response frame, and if the authentication is passed, send a software code to the computing board, where the software code is used to trigger the computing board to store the function code in the dynamic random access memory, and perform service calculation according to the function code in the dynamic random access memory.
In some specific embodiments, the apparatus further comprises:
the first receiving unit 708 is configured to receive an encrypted calculation result, where the calculation result is data calculated by the calculation board, the calculation result includes a proofreading character string and an operation result, the operation result is a result of the calculation board performing service calculation, and the proofreading character string is calculated by ID information and a first preset function;
a second invoking unit 709, configured to invoke the third state key decryption calculation result to obtain a collation string and an operation result;
a first generating unit 710 for generating a verification string from the ID information;
the first checking unit 711 is configured to check consistency between the verification string and the first response verification, and if the collation string and the verification string have consistency, the operation result is legal, and if the collation string and the verification string do not have consistency, the received encryption calculation result is discarded.
In some specific embodiments, the first generating unit 710 includes:
the first calculating unit 7101 is configured to multiply each character in the ID information with a second preset function respectively to obtain a second calculated value corresponding to each character, where the second preset function and the first preset function are conjugate functions;
the second calculation unit 7102, which is used for merging and splicing calculation values according to each character sequence in the ID information to obtain a verification character string;
the first verification unit 711 includes:
a first extracting unit 7111, configured to extract at least two most significant characters in the collation character string and the verification character string, and a bit number corresponding to each of the most significant characters, respectively, where the most significant character is a maximum character or a minimum character;
the first determining unit 7112 is configured to, if the most significant character in the check string is the same as the most significant character in the verification string, and the number of bits corresponding to each most significant character in the check string is the same as the number of bits corresponding to each most significant character in the verification string, determine that the verification string and the first response verification have consistency.
In some specific embodiments, the apparatus further comprises:
a first test unit 701, configured to receive a network connection test requested by a board card, and obtain a first connection jitter and a first connection delay;
the network access authentication unit 703 includes:
a first recording unit 7031, configured to record a reception time of the network connection test;
a first invoking unit 7032, configured to invoke a preset key encryption algorithm, use the first connection jitter, the first connection delay, and the receiving time of the network connection test as input information of the preset key encryption algorithm, and solve the preset key encryption algorithm to obtain a first state key;
a first decryption unit 7033, configured to decrypt the first information using the first state key to obtain decrypted ID information;
a second determining unit 7034, configured to compare the decrypted ID information with a preset ID database, send a network access permission to the board card if the comparison is successful, and discard the first information if the comparison is failed.
In some specific embodiments, the apparatus further comprises:
a second testing unit 712, configured to perform a network connection test on the board card to obtain a second connection jitter and a second connection delay;
a second generating unit 713, configured to generate a second state key if the first delay is inconsistent with the second delay or the first connection jitter is inconsistent with the second connection jitter;
and a transmission unit 714, configured to perform data transmission with the board card, where the data is encrypted by using the second state key.
It should be noted that, regarding the apparatus in the above embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated herein.
Example 3:
corresponding to the above method embodiment, this embodiment further provides a board-in-network verification board control device, and a board-in-network verification board control device described below and a board-in-network verification method described above may be referred to in correspondence.
Fig. 3 is a block diagram illustrating a board-to-net authentication board card control apparatus 800 according to an exemplary embodiment. As shown in fig. 3, the board card network access verification board card control device 800 may include: a processor 801, a memory 802. The card network access verification card control device 800 may further include one or more of an I/O interface 804, and a communication component 805.
The processor 801 is configured to control the overall operation of the board card network access verification board card control device 800, so as to complete all or part of the steps in the above-described board card network access verification method. Memory 802 is used to store various types of data to support the operation of the on-board verification board control device 800, such data may include, for example, instructions for any application or method operating on the on-board verification board control device 800, as well as application-related data, such as contact data, transceived messages, pictures, audio, video, and so forth. The Memory 802 may be implemented by any type of volatile or nonvolatile Memory board control device or combination thereof, such as a Static Random Access Memory (SRAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), an Erasable Programmable Read-Only Memory (EPROM), a Programmable Read-Only Memory (PROM), a Read-Only Memory (ROM), a magnetic Memory, a flash Memory, a magnetic disk, or an optical disk. The I/O interface 804 provides an interface between the processor 801 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 805 is used for performing wired or wireless communication between the board card control device 800 and other board card control devices. Wireless communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, or 4G, or a combination of one or more of them, so that the corresponding communication component 805 may include: Wi-Fi module, bluetooth module, NFC module.
In an exemplary embodiment, the board access verification board control Device 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing board control devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors or other electronic components, for executing the above board access verification method.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A board-to-net authentication method, comprising:
acquiring first information, wherein the first information is network access request information sent by a board card, the first information comprises ID information of the board card, hardware drive version information and function code information, the function code information comprises at least two serial numbers, and each serial number corresponds to one executable computing function of the board card;
and responding to the first information, performing network access authentication on the board card, and sending network access permission to the board card if the verification is passed.
2. The board network access verification method according to claim 1, wherein the authenticating network access to the board in response to the first information, and sending a network access permission to the board if the authentication is passed, then includes:
acquiring a calculation demand;
extracting a software code and a first sequence number corresponding to the calculation requirement from a preset code library according to the calculation requirement, wherein the first sequence number is a sequence number corresponding to the calculation requirement;
sending a service loading inquiry frame to a computing board card after network access authentication, wherein the computing board card is a board card with the first sequence number in function code information, and the service loading inquiry frame is used for triggering the computing board card to send a response frame;
and acquiring and authenticating a response frame, if the authentication is passed, sending the software code to the computing board card, wherein the software code is used for triggering the computing board card to store the function code in a dynamic random access memory, and performing service computation according to the function code in the dynamic random access memory.
3. The board network access verification method according to claim 1, wherein the authenticating network access to the board in response to the first information, and sending a network access permission to the board if the authentication is passed, then includes:
receiving an encrypted calculation result, wherein the calculation result is data calculated by the calculation board card, the calculation result comprises a proofreading character string and an operation result, the operation result is a result of the calculation board card after service calculation, and the proofreading character string is calculated by ID information and a first preset function;
calling a third state key to decrypt the calculation result to obtain a proofreading character string and an operation result;
generating a verification character string according to the ID information;
and checking the consistency of the verification character string and the first response verification, if the proofreading character string and the verification character string have consistency, judging that the operation result is legal, and if the proofreading character string and the verification character string do not have consistency, discarding the received encryption calculation result.
4. The board card network access verification method according to claim 3, wherein the generating a verification string according to the ID information includes:
multiplying each character in the ID information by a second preset function respectively to obtain a second calculated value corresponding to each character, wherein the second preset function and the first preset function are conjugate functions;
merging and splicing the calculated values according to each character sequence in the ID information to obtain a verification character string;
the verifying the consistency of the validation string with the first response validation comprises:
respectively extracting at least two most significant characters in the proofreading character string and the verification character string and the bit number corresponding to each most significant character, wherein the most significant character is a maximum character or a minimum character;
and if the most significant character in the proofreading character string is the same as the most significant character in the verification character string, and the bit number corresponding to each most significant character in the proofreading character string is the same as the bit number corresponding to each most significant character in the verification character string, the verification character string and the first response verification have consistency.
5. The method for verifying the network access of the board card according to claim 1, wherein the first information is information obtained by encrypting a status key of the board card, and the obtaining of the first information previously includes:
receiving the network connection test requested by the board card to obtain first connection jitter and first connection delay;
the first information is information obtained after the board card encrypts a first state key, the response to the first information is to perform network access authentication on the board card, and if the verification is passed, network access permission is sent to the board card, including:
recording the receiving time of the network connection test;
calling a preset key encryption algorithm, taking the first connection jitter, the first connection delay and the receiving time of the network connection test as input information of the preset key encryption algorithm, and solving the preset key encryption algorithm to obtain the first state key;
decrypting the first information by using the first state key to obtain decrypted ID information;
and comparing the decrypted ID information with a preset ID database, if the comparison is successful, sending a network access permission to the board card, and if the comparison is failed, discarding the first information.
6. A board-to-net verification apparatus, comprising:
the device comprises a first acquisition unit, a second acquisition unit and a processing unit, wherein the first acquisition unit is used for acquiring first information, the first information is network access request information sent by a board card, the first information comprises ID information of the board card, hardware drive version information and function code information, the function code information comprises at least two serial numbers, and each serial number corresponds to one executable calculation function of the board card;
and the network access verification unit is used for responding to the first information, performing network access authentication on the board card, and sending network access permission to the board card if the verification is passed.
7. The board card network access verification device of claim 6, wherein the board card network access verification device further comprises:
a second obtaining unit for obtaining a calculation requirement;
the first calling unit is used for extracting a software code and a first serial number corresponding to the calculation requirement from a preset code library according to the calculation requirement, wherein the first serial number is a serial number corresponding to the calculation requirement;
the first sending unit is used for sending a service loading inquiry frame to a computing board card after network access authentication, wherein the computing board card is a board card with the first sequence number in function code information, and the service loading inquiry frame is used for triggering the computing board card to send a response frame;
and the first authentication unit is used for acquiring and authenticating the response frame, if the authentication is passed, sending the software code to the computing board card, wherein the software code is used for triggering the computing board card to store the function code in a dynamic random access memory, and performing service calculation according to the function code in the dynamic random access memory.
8. The board card network access verification device of claim 6, wherein the board card network access verification device further comprises:
the first receiving unit is used for receiving an encrypted calculation result, wherein the calculation result is data calculated by the calculation board card, the calculation result comprises a proofreading character string and an operation result, the operation result is a result of the calculation board card after service calculation, and the proofreading character string is calculated by ID information and a first preset function;
the second calling unit is used for calling the third state key to decrypt the calculation result to obtain a proofreading character string and an operation result;
a first generation unit configured to generate a verification string based on the ID information;
and the first checking unit is used for checking the consistency of the verification character string and the first response verification, if the proofreading character string and the verification character string have consistency, the operation result is legal, and if the proofreading character string and the verification character string do not have consistency, the received encryption calculation result is discarded.
9. The board card network access verification device of claim 8, wherein the first generation unit comprises:
the first calculation unit is used for multiplying each character in the ID information by a second preset function respectively to obtain a second calculation value corresponding to each character, and the second preset function and the first preset function are conjugate functions;
the second calculation unit is used for merging and splicing the calculated values according to each character sequence in the ID information to obtain a verification character string;
the first verification unit includes:
the first extraction unit is used for respectively extracting at least two most significant characters in the proofreading character string and the verification character string and the bit number corresponding to each most significant character, wherein the most significant character is a maximum character or a minimum character;
and the first judging unit is used for judging that the verification character string is consistent with the first response verification if the most significant character in the correction character string is the same as the most significant character in the verification character string and the bit number corresponding to each most significant character in the correction character string is the same as the bit number corresponding to each most significant character in the verification character string.
10. A board control device, comprising:
a memory for storing a computer program;
a processor, configured to implement the steps of the card network access authentication method according to any one of claims 1 to 5 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111595196.XA CN114244620B (en) | 2021-12-24 | 2021-12-24 | Board card network access verification method and device and board card control center |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111595196.XA CN114244620B (en) | 2021-12-24 | 2021-12-24 | Board card network access verification method and device and board card control center |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114244620A true CN114244620A (en) | 2022-03-25 |
| CN114244620B CN114244620B (en) | 2023-06-09 |
Family
ID=80762362
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111595196.XA Active CN114244620B (en) | 2021-12-24 | 2021-12-24 | Board card network access verification method and device and board card control center |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114244620B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115061852A (en) * | 2022-08-15 | 2022-09-16 | 广东科伺智能科技有限公司 | Functional board card, production system of functional board card and use method of servo system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185754A (en) * | 2011-01-30 | 2011-09-14 | 广东佳和通信技术有限公司 | Method for upgrading board card in switch system |
| US20170063426A1 (en) * | 2015-09-01 | 2017-03-02 | iDevices, LLC | System and method for displaying device-specific information for a smart device |
| US20180063092A1 (en) * | 2015-04-10 | 2018-03-01 | Pcms Holdings, Inc. | System and method for delegation of cloud computing processes |
| WO2018099248A1 (en) * | 2016-11-30 | 2018-06-07 | 中兴通讯股份有限公司 | Back panel device, signal interconnection method and device |
| US20190138725A1 (en) * | 2016-06-16 | 2019-05-09 | Virsec Systems, Inc. | Systems And Methods For Remediating Memory Corruption In A Computer Application |
| CN112436964A (en) * | 2020-11-12 | 2021-03-02 | 中国联合网络通信集团有限公司 | Equipment adaptation method and network management device |
| CN113595744A (en) * | 2021-09-29 | 2021-11-02 | 北京卓建智菡科技有限公司 | Network access method, device, electronic equipment and storage medium |
-
2021
- 2021-12-24 CN CN202111595196.XA patent/CN114244620B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185754A (en) * | 2011-01-30 | 2011-09-14 | 广东佳和通信技术有限公司 | Method for upgrading board card in switch system |
| US20180063092A1 (en) * | 2015-04-10 | 2018-03-01 | Pcms Holdings, Inc. | System and method for delegation of cloud computing processes |
| US20170063426A1 (en) * | 2015-09-01 | 2017-03-02 | iDevices, LLC | System and method for displaying device-specific information for a smart device |
| US20190138725A1 (en) * | 2016-06-16 | 2019-05-09 | Virsec Systems, Inc. | Systems And Methods For Remediating Memory Corruption In A Computer Application |
| WO2018099248A1 (en) * | 2016-11-30 | 2018-06-07 | 中兴通讯股份有限公司 | Back panel device, signal interconnection method and device |
| CN112436964A (en) * | 2020-11-12 | 2021-03-02 | 中国联合网络通信集团有限公司 | Equipment adaptation method and network management device |
| CN113595744A (en) * | 2021-09-29 | 2021-11-02 | 北京卓建智菡科技有限公司 | Network access method, device, electronic equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 刘川辉;张小辉;史晓杰;: "基于FPGA的光纤传输板卡通用平台设计", no. 08 * |
| 孙睿智: "基于PCI总线的加密解密板卡", no. 04 * |
| 李泽银;范超杰;: "一种基于ARM的多系统安全在线升级方案设计", no. 06 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115061852A (en) * | 2022-08-15 | 2022-09-16 | 广东科伺智能科技有限公司 | Functional board card, production system of functional board card and use method of servo system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114244620B (en) | 2023-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9270466B2 (en) | System and method for temporary secure boot of an electronic device | |
| CN113572715B (en) | Data transmission method and system based on block chain | |
| CN112257086B (en) | User privacy data protection method and electronic equipment | |
| CN111666564B (en) | Application program safe starting method and device, computer equipment and storage medium | |
| JP2004538584A (en) | Information processing method and system in electronic device, electronic device, and processing block | |
| CN110311787B (en) | Authorization management method, system, device and computer readable storage medium | |
| CN106372497B (en) | Application programming interface API protection method and protection device | |
| CN111865889B (en) | Login request processing method, system, device, electronic equipment and storage medium | |
| CN112688972B (en) | Method and system for protecting account security | |
| CN112257093B (en) | Authentication method, terminal and storage medium for data object | |
| CN113553572A (en) | Resource information acquisition method and device, computer equipment and storage medium | |
| CN111709007A (en) | User authentication method, device and equipment | |
| CN114244620B (en) | Board card network access verification method and device and board card control center | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| CN110602051B (en) | Information processing method based on consensus protocol and related device | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN103559430A (en) | Application account management method and device based on android system | |
| CN115952552A (en) | Remote data destruction method, system and equipment | |
| CN114553573A (en) | Identity authentication method and device | |
| CN109688158B (en) | Financial execution chain authentication method, electronic device and storage medium | |
| CN108449753B (en) | Method for reading data in trusted computing environment by mobile phone device | |
| KR101906484B1 (en) | Method for application security and system for executing the method | |
| CN115603940A (en) | Board card bidirectional network access authentication method and device and board card | |
| CN116566744B (en) | Data processing method and security verification system | |
| CN114791834B (en) | Application program starting method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |