CN114401081A - Data encryption transmission method, application and system - Google Patents

Data encryption transmission method, application and system Download PDF

Info

Publication number
CN114401081A
CN114401081A CN202210207092.5A CN202210207092A CN114401081A CN 114401081 A CN114401081 A CN 114401081A CN 202210207092 A CN202210207092 A CN 202210207092A CN 114401081 A CN114401081 A CN 114401081A
Authority
CN
China
Prior art keywords
data
key
transmission
transmitted
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210207092.5A
Other languages
Chinese (zh)
Inventor
刘凯
徐乃瑞
戴大海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Matrix Time Digital Technology Co Ltd
Original Assignee
Matrix Time Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matrix Time Digital Technology Co Ltd filed Critical Matrix Time Digital Technology Co Ltd
Priority to CN202210207092.5A priority Critical patent/CN114401081A/en
Publication of CN114401081A publication Critical patent/CN114401081A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data encryption transmission method, application and a system, wherein the data encryption transmission method comprises the following steps: dividing the data to be transmitted into a plurality of data frames based on the length of the data to be transmitted and the effective load of the transmission line; encrypting each data frame by adopting the first key data of the determined field; and generating a transmission matrix according to the number of the data frames and the second key data of the determined field to obtain the transmission sequence of each data frame, and transmitting each encrypted data frame according to the transmission sequence. The invention encrypts and reorders the data in the data transmission process, prevents the algorithm analysis of bottom hardware from the drive and realizes the whole system safe transmission from the drive to the FPGA.

Description

Data encryption transmission method, application and system
Technical Field
The present invention relates to the field of data encryption technologies, and in particular, to a data encryption transmission method, an application, and a system.
Background
As an encryption Algorithm, a Secure Hash Algorithm (SHA), also known as a Hash Algorithm, has been widely used and developed due to its short and fixed Hash value and its collision resistance in digital signature, file verification, data retrieval, etc. Under the background of the rapid development of the current digital economy, the information security is more and more emphasized, and the 'digital economy and security are keys'. The system and the method for quickly realizing the safe and efficient Hash algorithm have wide application prospect not only in economy, but also in the fields of national defense, science and technology and the like.
The implementation process of the hash algorithm is computationally complex and requires traversing all data of the file to be encrypted, which adds difficulty to fast implementation. At present, the application of the hash algorithm is mainly realized in software, and for a large file, the two processes of traversing data and calculating by the software are long in time consumption and consume more CPU resources. Meanwhile, there is a certain security risk in software operation, because once the host running the software carries trojan virus or the system is broken, information and algorithms are leaked. In addition, the existing encryption chip in the market can also realize the hash algorithm in a circuit form, and the security is relatively high, but the transmission rate of a chip carrying circuit under a general interface bus (such as a USB interface, a serial peripheral interface SPI, a universal serial interface UART, an integrated circuit bus interface IIC and the like) is low, about several hundred kbps, and the requirement of people on high speed and high efficiency in the interaction process is difficult to meet. Although the patent CN108628791B is a high-speed security chip based on a PCIE interface, it does not have a supporting security driver, and if the interface is called to perform memory reading and writing on other devices, it is a structure capable of knowing the interface reading and writing data, and there is a certain risk of algorithm deciphering.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the problems, the invention provides a data encryption transmission method, application and system, which not only ensure the safety in the data transmission process, but also realize the safe, efficient and rapid encryption process from the drive of the whole system to the FPGA.
The technical scheme is as follows:
a data encryption transmission method comprises the following steps:
dividing the data to be transmitted into a plurality of data frames based on the length of the data to be transmitted and the effective load of the transmission line;
encrypting each data frame by adopting the first key data of the determined field;
and generating a transmission matrix according to the number of the data frames and the second key data of the determined field to obtain the transmission sequence of each data frame, and transmitting each encrypted data frame according to the transmission sequence.
The transmission matrix is generated as follows:
if the number N of the data frames is less than or equal to the number M of bits of the second key data, taking the first N bits of the second key data to generate a transmission matrix;
if the number N of data frames is greater than M, if the number of bits of N/second key data is equal to N and mod (N, M) is equal to M, then initially, every M data frames are grouped into one group to form N groups, each group generates a transmission matrix in the same manner that N is equal to M, and finally, the remaining M data frames generate transmission matrices in the same manner that N is less than M.
The transmission matrix generation process is as follows:
if the data on the ith bit is 0, the ith data frame is still transmitted;
if odd number of data of 1 is searched in j bit, searching next data of not 1, if not, indicating that the transmission data sequence is not changed;
if the even number of data with 1 is searched to be in the g bit, exchanging the data frame of the j bit with the g bit to transmit data;
and constructing an M-order transmission matrix based on the M-order transmission matrix.
The transmission matrix generation process is as follows:
if the data on the ith bit is 0, the ith data frame is still transmitted;
if the j-th bit of data is searched to be 1, searching the next data which is not 1, and if the j-th bit of data is not searched, indicating that the transmission data sequence is not changed;
if the j +1 th bit of data is searched to be 1, exchanging the data frame of the j +1 th bit with the j bit to transmit data;
and constructing an M-order transmission matrix based on the M-order transmission matrix.
The transmission line is a PCIE bus, and the effective load of the transmission line is 4 KB.
And the receiving end adopts the second key data to obtain a transmission sequence and adopts the first key data to decrypt each data frame.
The length of the secret key is P bytes, and the nodeCombining the number of data frames and the pre-P of the key1The key data of the bytes form header information and are transmitted together with each data frame; the field of the first key is P in the middle of the key2Byte key data, the field of the second key is P-P of the last key1-P2Key data of bytes.
An application of the foregoing data encryption transmission method in data verification includes:
dividing the data to be transmitted into a plurality of data frames based on the length of the data to be transmitted and the effective load of the transmission line;
combining the key data of the determined field, irreducible polynomial coefficient and the number of the transmission data frames to form header information;
encrypting each data frame by adopting the first key data of the determined field;
generating a transmission matrix according to the number of the data frames and the second key data of the determined field to obtain the transmission sequence of each data frame, and transmitting the head information and each encrypted data frame to the hash algorithm module according to the transmission sequence;
the hash algorithm module performs hash operation on input data according to key data and irreducible polynomial coefficients in the header information to obtain a hash value;
and the subsequent input data takes the hash value generated at the previous time as a key, and hash operation is carried out on the input data by combining an irreducible polynomial coefficient to obtain a corresponding hash value.
After the hash algorithm module carries out hash operation to obtain a hash value, the hash value obtained by the hash algorithm module is encrypted by adopting key data of a determined field and is transmitted to an upper computer, and the upper computer decrypts input data according to the corresponding key data to obtain a corresponding hash value, namely the check code.
The key stored in the upper computer is divided into four sections of key data of determined fields;
combining the number of the data frames and the first section of key data of the key segmentation to form head information, and transmitting the head information together with each data frame; the field of the first key is a second section of key data of key segmentation, the field of the second key is a third section of key data of key segmentation, and the hash algorithm module is used for encrypting the key data of the hash value to a fourth section of key data of key segmentation.
The hash operation specifically comprises: converting irreducible polynomial parameters in input data into polynomials, combining the polynomials with key data in the received header information to generate a Toeplitz matrix, and performing matrix operation on the Toeplitz matrix and the input data to obtain a hash value.
A system for implementing the foregoing application, comprising:
the upper computer is internally pre-stored with a secret key, irreducible polynomial coefficients, address pointers corresponding to the secret key and the irreducible polynomial coefficients and data length;
the drive module is arranged in the upper computer, generates head information according to the key, the irreducible polynomial coefficient, the address pointer corresponding to the irreducible polynomial coefficient and the data length, encrypts each data frame according to the key data, generates a transmission matrix by combining the number of the key data and the number of the data frames, and transmits the head information and the encrypted data to be transmitted to the FPGA through a transmission line; meanwhile, key data are adopted to decrypt the data which are transmitted by the FPGA and encrypted by the Hash algorithm module to obtain check codes;
the FPGA comprises a storage module and a hash algorithm module;
the storage module is used for storing the data transmitted by the driving module and the data subjected to hash operation by the hash algorithm module;
the hash algorithm module is connected with the storage module, and is used for carrying out hash operation on the data transmitted to the storage module by the drive module to obtain a check code, encrypting the check code by adopting key data and transmitting the encrypted check code to the drive module.
The storage module comprises an address space DDR-1 used for storing input data and an address space DDR-2 used for storing output data;
the data transmitted by the driving module is stored in DDR-1, and the data subjected to hash operation by the hash algorithm module is stored in DDR-2.
The driving module acquires the data length of the data to be transmitted of the upper computer before transmission starts, and judges whether the data length exceeds the maximum capacity of the FPGA for storing input data; if the data transmission rate exceeds the preset value, returning an error, and not performing any data transmission task; if the data is within the allowable range, header information is generated according to claim 5, and the data is divided into data frames corresponding to the transmission line payloads, and 0 is added to make up for the data less than the corresponding transmission line payloads.
The transmission line is a PCIE bus, the upper computer is provided with a PCIE slot, and the FPGA is inserted into the PCIE slot to form a complete PCIE bus passage.
Has the advantages that:
(1) the invention is based on PCIE interface transmission (PCIE is a high-speed serial computer expansion bus, the bit rate of PCIE3.0 can reach 8Gbps), and the PCIE bus well solves the problem of slow file traversal speed. The upper computer can directly read and write the FPGA memory through the PCIE bus, and quickly leads data into the FPGA. And the ultra-high operation speed of the logic operation unit of the FPGA ensures that the algorithm can quickly obtain the hash value, thereby greatly improving the efficiency and the application of the encryption process.
(2) The invention encrypts and reorders the data in the data transmission process, prevents the algorithm analysis of bottom hardware from the drive and realizes the whole system safe transmission from the drive to the FPGA.
(3) The encryption algorithm system of the system belongs to a hardware encryption system. The whole system is only composed of a specific logic circuit, and after data is input, the system gives a result according to a logic structure, so that the data and logic in the system cannot be stolen through an external software instruction, and the safety of an encryption process is ensured.
(4) The whole system is simple and easy to operate, is suitable for various environments and input data of an upper computer, and has good compatibility.
Drawings
Fig. 1 is a schematic diagram of an ordering algorithm for data frame transmission.
Fig. 2 is a schematic flow chart of a data verification application method according to the present invention.
FIG. 3 is a diagram of a data verification application system according to the present invention.
Detailed Description
The invention is further elucidated with reference to the drawings and the embodiments.
The data encryption transmission method comprises the following steps:
(1) the upper computer stores a key generated according to the agreed length, an address pointer of the key and an agreed key length P Byte (Byte) in advance, and stores the address pointer and the data length of data to be transmitted according to the data to be transmitted; the invention increases the length of the secret key, which is to consider that the succession of the interface can be facilitated according to the requirement of the length of the formed check code; in the invention, the key is divided into four sections of key data of determined fields, and in the invention, the key can be equally divided into four sections of key data; furthermore, the invention can also segment the key into four segments of key data with definite fields according to the requirement, and the word length of the four segments of key data is P1Byte, P2Byte, P3Byte and (P-P)1-P2-P3) A byte; in the invention, the set key length is 64 bytes;
(2) acquiring the data length of data to be transmitted pre-stored in an upper computer before transmission starts, and judging whether the data length exceeds the maximum capacity of a subsequent data processing module capable of storing input data; if the data transmission rate exceeds the preset value, returning an error, and not performing any data transmission task; if the data is in the allowable range, forming the head information of the data packet, dividing the data to be transmitted into a plurality of data frames, determining the division according to the data effective load of the data transmission line, and adding 0 to complement the data which is insufficient in effective load; according to the invention, the PCIE bus is adopted for transmission, so that data to be transmitted is divided into a plurality of data frames of 4KB, and 0 is added for complementing the data which is less than 4 KB; the data frame with the size is because the maximum value of the payload of the data in a Transaction Layer Packet (TLP) message of the PCIE bus is 4KB, and the transmission of the data structure divided into 4KB guarantees the maximization of the transmission efficiency of the PCIE bus;
wherein, the header information of the data packet comprises: generating an identifier of the data to be transmitted and the number of the corresponding transmission serial number, key data and transmission data frames; the subsequent data processing module (the invention adopts FPGA) only operates the data with the identification, and the identification provides a judgment basis for the subsequent data module whether to filter the data; the transmission serial number is used for distinguishing different transmission data, and a mutually exclusive transmission serial number is generated in each transmission; in the invention, the key data of the header information is the first section of key data of key segmentation, more specifically, the first 16 bytes of key data;
(3) encrypting each data frame, specifically: carrying out XOR operation on the data in each data frame and the second section of key data of the key segmentation;
(4) generating a transmission matrix (N-order permutation matrix) according to the third section of key data of the key segmentation and the number N of the data frames; the specific generation mode is two:
a. if N is less than or equal to 128, taking the first N bits of the third section of key data of the key segmentation to generate a transmission matrix;
b. if the number is larger than 128, for example, N/128 is equal to N and mod (N,128) is equal to m, initially, a group of 128 data frames is formed, so as to form N groups, and each group generates a transmission matrix in the same manner that N is equal to 128; the last m data frames generate a transmission matrix in the same way that N is less than 128;
the process of generating the transmission matrix specifically is as follows:
as shown in fig. 1, taking the key data of 16 bytes as an example, the key data of 16 bytes is searched:
if the data on the ith bit is 0, the ith data frame is still transmitted;
if odd number of data of 1 is searched in j bit, searching next data of not 1, if not, indicating that the transmission data sequence is not changed;
if the even number of data with 1 is searched to be in the g bit, exchanging the data frame of the j bit with the g bit to transmit data;
constructing a 128-order transmission matrix based on the method;
in the present invention, other ways may also be set to construct the corresponding transmission matrix, such as:
if the data on the ith bit is 0, the ith data frame is still transmitted;
if the j-th bit of data is searched to be 1, searching the next data which is not 1, and if the j-th bit of data is not searched, indicating that the transmission data sequence is not changed;
if the j +1 th bit of data is searched to be 1, exchanging the data frame of the j +1 th bit with the j bit to transmit data;
constructing a 128-order transmission matrix based on the method;
(5) and (4) transmitting the data to be transmitted encrypted in the step (3) to a subsequent data processing module through a transmission line according to the transmission matrix determined in the step (4), and the subsequent data processing module sequentially acquires data transmission data by adopting a third section of key data and decrypts each data frame by adopting a second section of key data.
The invention also provides an application method in data verification by adopting the data encryption transmission method, as shown in fig. 2, comprising the following steps:
(1) in the data encryption transmission method, the irreducible polynomial coefficient generated according to the appointed length, an address pointer of the irreducible polynomial coefficient and the length Q of the irreducible polynomial coefficient are also stored in the upper computer in advance, and the subsequent data processing module is an FPGA; the header information of the data packet comprises the generated identification of the data to be transmitted, the corresponding transmission serial number, the key data, the irreducible polynomial coefficient and the number of transmission data frames; the invention increases two parameters of the key length and the irreducible polynomial parameter length, and is convenient for the inheritance of the interface according to the requirement of the formed check code length in the follow-up consideration; in the invention, the length of the set key data is 64 bytes, and the length of irreducible polynomial coefficient is 16 bytes;
(2) continuously writing the data into the memory of the FPGA through the PCIE bus according to the step (1), namely transmitting 4KB data into the memory of the FPGA once, wherein the written data occupies a continuous 4KB space from an initial address to the back, and the number of data frames in the header information is used for determining the number of times of transmitting the data frames; because the transmitted data is encrypted and the transmission sequence is changed, if a user wants to use a drive to transmit a preset data file to observe the data structure of the memory transmitted to the FPGA, the data structure becomes abnormally difficult;
(3) the PCIE bus can control the FIFO memory to carry the written data, the PCIE bus can transmit to an initial address of the FIFO memory, the data with the required word length is read from the initial address, if the data with the required word length is 4KB, the data with the required word length is read according to a clock and a counter in the FIFO memory, and the data are continuously transmitted to the Hash algorithm module;
(4) the Hash algorithm module carries out Hash operation;
(41) converting irreducible polynomial parameters in input data into a polynomial, combining the irreducible polynomial parameters with first section key data in received header information to generate a Toeplitz matrix, performing matrix operation on the Toeplitz matrix and the input data to obtain an intermediate value, and writing the intermediate value into a FIFO memory;
(42) when data is subsequently input, a new matrix is formed by taking the intermediate value generated at the previous time as a key and a polynomial, the new matrix and the new input data are subjected to matrix operation to obtain an intermediate value, and the fourth section of key data obtained by key segmentation is used for encrypting and is written into an FIFO memory;
(43) repeating the step (42) until all data are input into the hash algorithm module, wherein the intermediate value stored in the FIFO memory is the hash value, namely the check code;
(5) after the calculation is finished, the FIFO memory writes the check code in the FIFO memory into the memory of the FPGA, and after the result transmission of the check code is finished, an interrupt signal is sent to the PCIE bus;
(6) after receiving the interrupt signal, the PCIE bus sends an interrupt signal to the driver, similarly to a case of reminding that the last required data is ready;
(7) and after the driver receives the interrupted signal, reading out the check code stored in the memory of the FPGA to the driver module according to the required word length, decrypting by the driver module according to the fourth section of key data, and transmitting the decrypted check code to the upper computer, namely completing the whole check code generation process.
The invention also provides a system based on the data verification application method, as shown in fig. 3, the system comprises an upper computer, a drive module and an FPGA, wherein the upper computer is provided with a PCIE slot for FPGA plugging, the FPGA is plugged in the PCIE slot to form a complete PCIE bus path, so that communication between the upper computer and an FPGA circuit can be realized, the PCIE bus provides an AXI bus for data transmission to enter the FPGA, and data flow for writing in the FPGA and reading out the upper computer can be controlled (DDR read-write control), and the main control mode is to control switching from writing to reading out by controlling addresses for writing and reading out and interrupting control; the driving module is arranged in the upper computer and used for encrypting and transmitting data to be transmitted by the upper computer.
The upper computer is internally pre-stored with a key generated according to the appointed length and irreducible polynomial coefficients generated according to the appointed length, and is also stored with an address pointer of data to be transmitted, the data length, an address pointer of the key, the appointed key length, an address pointer of the irreducible polynomial coefficients and the length of the irreducible polynomial coefficients; the data to be transmitted refers to all data to be transmitted and subsequently encrypted by a Hash algorithm to form a check code, and pointers of the data to be transmitted refer to the first address of the data storage to be transmitted; the driving module can continuously take out data from the upper computer according to the address pointer and the data length of the data to be transmitted until the provided data length is reached; the same is true for the transmission of the key and irreducible polynomial coefficients.
The method comprises the steps that a driving module obtains the data length of data to be transmitted pre-stored in an upper computer before transmission begins, and judges whether the data length exceeds the maximum capacity of a subsequent data processing module (an FPGA is adopted in the invention) capable of storing input data; if the data transmission rate exceeds the preset value, returning an error, and not performing any data transmission task; if the data is in the allowable range, the header information of the data packet is generated according to the input data, the data length and other information, and the data is cut into data frames corresponding to the transmission line payload (the transmission line of the invention is a PCIE bus, and the payload is 4 KB). For data which is insufficient to correspond to the transmission line payload, 0 is added to complement the data.
The driving module encrypts each data frame according to the key data, generates a transmission matrix by combining the key data and the number of the data frames, and transmits the encrypted data to be transmitted to a subsequent data processing module through a transmission line; and the drive module decrypts the check code transmitted by the FPGA and subjected to Hash operation and encryption by the Hash algorithm module according to the key data to obtain the check code and transmits the check code to the upper computer.
The FPGA comprises a storage module and a hash algorithm module, the storage module comprises mutually independent address spaces DDR-1 and DDR-2 which are respectively used for storing input data and outputting data, data written into the memory of the FPGA through a PCIE bus is stored in the DDR-1, and data subjected to hash operation through the hash algorithm module is stored in the DDR-2; the maximum capacity of PCIE bus transmission is 4KB, the invention can meet the data transmission requirements of various lengths, and in order to ensure the correctness of the transmission result, the data with the length less than 4KB is transmitted by directly copying into DDR-1 without segmentation; aligning and segmenting data with the length exceeding 4KB and the storage capacity not exceeding FPGA, and segmenting the data into a plurality of data frames with the length exceeding 4KB for transmission; while data that exceeds the storage capacity of the FPGA returns an error as described above and does not perform any data transfer tasks.
The storage module is also provided with a read FIFO memory and a write FIFO memory, the read FIFO memory and the write FIFO memory are respectively connected with the DDR-1 and the DDR-2 and are respectively used for storing data written into the memory of the FPGA through the PCIE bus and data subjected to hash operation through the hash algorithm module.
The hash algorithm module is connected with the storage module, performs hash operation on data transmitted by the DDR-1 of the read FIFO memory through the hash algorithm to generate a hash value (namely a check code), encrypts the data by adopting a fourth section of key data, and transmits the encrypted data to the DDR-2 through the write FIFO memory.
In the invention, the length of the appointed hash value is 16 bytes (but the invention is not limited thereto, the invention can also select other lengths according to the actual algorithm requirement, for example, the length appointed by the SHA-1 algorithm is 20 bytes); the DDR-1 for storing input data occupies more space and is connected with the DDR-2 for storing output data in a storage space, and in order to ensure the correctness of an output result, the DDR-2 for storing the output data needs to be reserved, so that the data size of the single-write FPGA storage module is limited by the storage capacity of the FPGA storage module on one hand, and the write data cannot occupy the reserved space where the DDR-2 is located on the other hand. However, despite being limited by the limited storage capacity of the FPGA memory module, the speed at which the FPGA processes data can quickly refresh the written data to ensure the efficiency of the transfer.
In the embodiments of the present invention, it should be understood that the disclosed method and system can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the modules or the division of modules are merely one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of modules or units may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the illustrated or discussed cooperating or communicative coupling between each other may be through some interface, indirect coupling of devices or units, electrical or otherwise.
Those skilled in the art will appreciate that while some embodiments herein include some features included in other embodiments, rather than others, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (15)

1. A data encryption transmission method is characterized in that: the method comprises the following steps:
dividing the data to be transmitted into a plurality of data frames based on the length of the data to be transmitted and the effective load of the transmission line;
encrypting each data frame by adopting the first key data of the determined field;
and generating a transmission matrix according to the number of the data frames and the second key data of the determined field to obtain the transmission sequence of each data frame, and transmitting each encrypted data frame according to the transmission sequence.
2. The data encryption transmission method according to claim 1, characterized in that: the transmission matrix is generated as follows:
if the number N of the data frames is less than or equal to the number M of bits of the second key data, taking the first N bits of the second key data to generate a transmission matrix;
if the number N of data frames is greater than M, if the number of bits of N/second key data is equal to N and mod (N, M) is equal to M, then initially, every M data frames are grouped into one group to form N groups, each group generates a transmission matrix in the same manner that N is equal to M, and finally, the remaining M data frames generate transmission matrices in the same manner that N is less than M.
3. The data encryption transmission method according to claim 2, characterized in that: the transmission matrix generation process is as follows:
if the data on the ith bit is 0, the ith data frame is still transmitted;
if odd number of data of 1 is searched in j bit, searching next data of not 1, if not, indicating that the transmission data sequence is not changed;
if the even number of data with 1 is searched to be in the g bit, exchanging the data frame of the j bit with the g bit to transmit data;
and constructing an M-order transmission matrix based on the M-order transmission matrix.
4. The data encryption transmission method according to claim 2, characterized in that: the transmission matrix generation process is as follows:
if the data on the ith bit is 0, the ith data frame is still transmitted;
if the j-th bit of data is searched to be 1, searching the next data which is not 1, and if the j-th bit of data is not searched, indicating that the transmission data sequence is not changed;
if the j +1 th bit of data is searched to be 1, exchanging the data frame of the j +1 th bit with the j bit to transmit data;
and constructing an M-order transmission matrix based on the M-order transmission matrix.
5. The data encryption transmission method according to claim 1, characterized in that: the transmission line is a PCIE bus, and the effective load of the transmission line is 4 KB.
6. The data encryption transmission method according to claim 1, characterized in that: and the receiving end adopts the second key data to obtain a transmission sequence and adopts the first key data to decrypt each data frame.
7. The data encryption transmission method according to claim 1, characterized in that: the key is P bytes in length, and the number of the data frames and the front P of the key are combined1The key data of the bytes form header information and are transmitted together with each data frame; the field of the first key is P in the middle of the key2Byte key data, the field of the second key is P-P of the last key1-P2Key data of bytes.
8. An application of the data encryption transmission method according to any one of claims 1 to 6 in data verification, characterized in that: the method comprises the following steps:
dividing the data to be transmitted into a plurality of data frames based on the length of the data to be transmitted and the effective load of the transmission line;
combining the key data of the determined field, irreducible polynomial coefficient and the number of the transmission data frames to form header information;
encrypting each data frame by adopting the first key data of the determined field;
generating a transmission matrix according to the number of the data frames and the second key data of the determined field to obtain the transmission sequence of each data frame, and transmitting the head information and each encrypted data frame to the hash algorithm module according to the transmission sequence;
the hash algorithm module performs hash operation on input data according to key data and irreducible polynomial coefficients in the header information to obtain a hash value;
and the subsequent input data takes the hash value generated at the previous time as a key, and hash operation is carried out on the input data by combining an irreducible polynomial coefficient to obtain a corresponding hash value.
9. Use according to claim 8, characterized in that: after the hash algorithm module carries out hash operation to obtain a hash value, the hash value obtained by the hash algorithm module is encrypted by adopting key data of a determined field and is transmitted to an upper computer, and the upper computer decrypts input data according to the corresponding key data to obtain a corresponding hash value, namely the check code.
10. Use according to claim 9, characterized in that: the key stored in the upper computer is divided into four sections of key data of determined fields;
combining the number of the data frames and the first section of key data of the key segmentation to form head information, and transmitting the head information together with each data frame; the field of the first key is a second section of key data of key segmentation, the field of the second key is a third section of key data of key segmentation, and the hash algorithm module is used for encrypting the key data of the hash value to a fourth section of key data of key segmentation.
11. Use according to claim 8, characterized in that: the hash operation specifically comprises: converting irreducible polynomial parameters in input data into polynomials, combining the polynomials with key data in the received header information to generate a Toeplitz matrix, and performing matrix operation on the Toeplitz matrix and the input data to obtain a hash value.
12. A system for implementing the use of any of claims 9 to 11, wherein: the method comprises the following steps:
the upper computer is internally pre-stored with a secret key, irreducible polynomial coefficients, address pointers corresponding to the secret key and the irreducible polynomial coefficients and data length;
the drive module is arranged in the upper computer, generates head information according to the key, the irreducible polynomial coefficient, the address pointer corresponding to the irreducible polynomial coefficient and the data length, encrypts each data frame according to the key data, generates a transmission matrix by combining the number of the key data and the number of the data frames, and transmits the head information and the encrypted data to be transmitted to the FPGA through a transmission line; meanwhile, key data are adopted to decrypt the data which are transmitted by the FPGA and encrypted by the Hash algorithm module to obtain check codes;
the FPGA comprises a storage module and a hash algorithm module;
the storage module is used for storing the data transmitted by the driving module and the data subjected to hash operation by the hash algorithm module;
the hash algorithm module is connected with the storage module, and is used for carrying out hash operation on the data transmitted to the storage module by the drive module to obtain a check code, encrypting the check code by adopting key data and transmitting the encrypted check code to the drive module.
13. The system of claim 12, wherein: the storage module comprises an address space DDR-1 used for storing input data and an address space DDR-2 used for storing output data;
the data transmitted by the driving module is stored in DDR-1, and the data subjected to hash operation by the hash algorithm module is stored in DDR-2.
14. The system of claim 12, wherein: the driving module acquires the data length of the data to be transmitted of the upper computer before transmission starts, and judges whether the data length exceeds the maximum capacity of the FPGA for storing input data; if the data transmission rate exceeds the preset value, returning an error, and not performing any data transmission task; if the data is within the allowable range, header information is generated according to claim 5, and the data is divided into data frames corresponding to the transmission line payloads, and 0 is added to make up for the data less than the corresponding transmission line payloads.
15. The system of claim 12, wherein: the transmission line is a PCIE bus, the upper computer is provided with a PCIE slot, and the FPGA is inserted into the PCIE slot to form a complete PCIE bus passage.
CN202210207092.5A 2022-03-03 2022-03-03 Data encryption transmission method, application and system Pending CN114401081A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210207092.5A CN114401081A (en) 2022-03-03 2022-03-03 Data encryption transmission method, application and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210207092.5A CN114401081A (en) 2022-03-03 2022-03-03 Data encryption transmission method, application and system

Publications (1)

Publication Number Publication Date
CN114401081A true CN114401081A (en) 2022-04-26

Family

ID=81234531

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210207092.5A Pending CN114401081A (en) 2022-03-03 2022-03-03 Data encryption transmission method, application and system

Country Status (1)

Country Link
CN (1) CN114401081A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116366206A (en) * 2023-06-01 2023-06-30 三未信安科技股份有限公司 Method and system for enhancing reliability of password card

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116366206A (en) * 2023-06-01 2023-06-30 三未信安科技股份有限公司 Method and system for enhancing reliability of password card
CN116366206B (en) * 2023-06-01 2023-08-25 三未信安科技股份有限公司 Method and system for enhancing reliability of password card

Similar Documents

Publication Publication Date Title
US20220027288A1 (en) Technologies for low-latency cryptography for processor-accelerator communication
CN101149709B (en) Encryption processor of memory card and method for writing and reading data using the same
US10313128B2 (en) Address-dependent key generator by XOR tree
CN101196855B (en) Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method
US20120269340A1 (en) Hierarchical encryption/decryption device and method thereof
CN112329038B (en) Data encryption control system and chip based on USB interface
CN102073808B (en) Method for encrypting and storing information through SATA interface and encryption card
CN104160407A (en) Using storage controller bus interfaces to secure data transfer between storage devices and hosts
WO2008031109A2 (en) System and method for encrypting data
US11429751B2 (en) Method and apparatus for encrypting and decrypting data on an integrated circuit
CN112887077B (en) SSD main control chip random cache confidentiality method and circuit
GB2532836A (en) Address-dependent key generation with substitution-permutation network
CN102693385A (en) Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof
CN113094718A (en) File encryption method and related device
CN114401081A (en) Data encryption transmission method, application and system
CN117640256B (en) Data encryption method, recommendation device and storage medium of wireless network card
CN113158203B (en) SOC chip, circuit and external data read-write method of SOC chip
CN116018778A (en) Secure communication based on network coding
CN110837627A (en) Software copyright authentication method, system and equipment based on hard disk serial number
CN1373461A (en) Encrypting-decrypting device for data storage
KR20050002103A (en) Portable storing apparatus having encryption processor
US20230068302A1 (en) Memory device and method for data encryption/decryption of memory device
CN109471809A (en) A kind of FLASH encryption protecting method, device, FLASH controller and the chip of chip
WO2023185230A1 (en) Data processing method and apparatus
CN101727408A (en) Data encryption method based on hard disk interface controller

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination