CN115811397B - High-safety server cipher machine - Google Patents
High-safety server cipher machine Download PDFInfo
- Publication number
- CN115811397B CN115811397B CN202211455571.5A CN202211455571A CN115811397B CN 115811397 B CN115811397 B CN 115811397B CN 202211455571 A CN202211455571 A CN 202211455571A CN 115811397 B CN115811397 B CN 115811397B
- Authority
- CN
- China
- Prior art keywords
- task
- random number
- characterization
- data
- data set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a high-security server cipher machine, which relates to the technical field of cipher machines, and by generating a characterization data set with different data characteristics, the random numbers generated in an encryption module are guaranteed to be true random numbers.
Description
Technical Field
The invention relates to the technical field of cipher machines, in particular to a high-security server cipher machine.
Background
The server cipher machine equipment has the functions of data encryption and decryption, signature verification, MAC, hash and the like, so that the security problems of confidentiality, integrity, validity, non-repudiation and the like of sensitive information can be solved for users. During the use process, the server cipher machine device uses the administrator lock to manage the device, such as administrator identity authentication, or uses the administrator lock to complete the operations of initializing the device, recovering the key and the like.
In order to improve the security in the transmission process, the cryptographic machine uses a mode of directly generating random numbers through a multipath physical noise source chip, calculates a data verification key according to a random number production key as a key factor, isolates the interference of operators and operation modes, improves the decoding difficulty, has certain repeatability because the random numbers generated by the physical noise source chip are influenced by environmental factors such as temperature, time, voltage, pressure, audio frequency and the like, and the random numbers are generated to follow certain algorithm simulation, the result is regular and circulated, and the repeated random number result is necessarily generated when repeated physical noise is received, so the conventional cryptographic machine performs polling detection on the random numbers and clears the repeated random numbers, but the polling process is long in time consumption and low in key verification efficiency.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks, the present invention provides a high security server cryptographic engine to solve the above-mentioned technical problems.
A high security server cryptographic engine comprising:
the system comprises a command interface, an encryption module, a main control module and an encryption module, wherein the command interface and the encryption module are integrated on the main control module, the command interface is used for acquiring a physical random signal of target equipment, and the encryption module is connected with the encryption module.
Preferably, the encryption module comprises a first random number generator, a second random number generator, a Hopfield neural network module and a key bank, wherein the first random number generator generates a first random number based on a physical random signal, the Hopfield neural network module comprises a plurality of discrete Hopfield neural network circuits, each discrete Hopfield neural network circuit corresponds to one first random number one by one, each discrete Hopfield neural network circuit generates a characterization data set, the characterization data set is used for generating a received characterization signal of the first random number at the current t moment, the second random number generator generates a true random number according to the characterization signal, and the key bank is used for encrypting the random number to obtain an encrypted random number.
Preferably, the step of generating the characterization data set of the Hopfield neural network module includes:
step 1: presetting a virtual physical signal, training the virtual physical signal to generate a characterization task, and obtaining a corresponding task sample set;
step 2: and under the condition that the task sample sets are available, extracting the optimal value data from each task data set and reserving the optimal value data to obtain the characterization data set.
Preferably, the task sample set is available in the following cases: the samples in the sample set are all different.
Preferably, the time interval from the reception of the first random signal to the last random signal by the command interface is called a time stack learned by the Hopfield neural network, the Hopfield neural network modifies the characterization data set with the change of the time stack, and in the nth time stack, the Hopfield neural network accesses the N-th characterization data set.
Preferably, the step of modifying the characterization data set by the Hopfield neural network module over time stack change includes:
step 3: after the N-1 time stack is finished, presetting a virtual physical signal, training the virtual physical signal to generate an N-number characterization task, and obtaining a corresponding N-number task sample set; extracting optimal value data from each task data set to be reserved under the condition that the task sample set is available, and obtaining N-number characterization data sets;
step 4: after the N time stack is finished, presetting a virtual physical signal, training the virtual physical signal to generate an N+1 characterization task, obtaining a corresponding N+1 task sample set, adding the characterization data set of the N characterization task into the task sample set, and extracting and retaining optimal value data of each task data set under the condition that the N+1 task sample set is available, so as to obtain the N+1 characterization data set.
Preferably, the extracting of the data of optimal value includes:
step a: according to the N-number characterization data set, acquiring a feature grabber corresponding to the N-number characterization task, and adopting the feature grabber to grab the features of all sample data in the N+1-number sample data;
step b: calculating a characteristic mean value for each type of sample data according to the captured multiple sample data characteristics, and calculating Euclidean distances between the multiple sample data characteristics and the characteristic mean value;
step c: and reserving m sample data corresponding to the sample data features with the smallest Euclidean distance.
Preferably, the first random number generator and/or the second random number generator is one or more of a thermal noise random number generator, an oscillation sampling random number generator, a metastable random number generator or a chaotic random number generator.
Preferably, the master control module is configured to receive a task request sent by the target device through the command interface, and send the task data to an encryption module connected to the hub through the encryption module, where the task request includes a task type and task data.
The beneficial effects of the invention are as follows:
according to the method, the random numbers generated in the encryption module are all true random numbers by generating the characterization data sets with different data characteristics, and the characteristic distillation of the old data is adopted in the generation process of the characterization data sets, so that deviation generated in the training process is avoided, the training result is overlapped with the old data, meanwhile, the training process is separated from the encryption and decryption process by adopting a time stack as a separation mode, the data backtracking polling time in the encryption and decryption process is reduced, and the key verification efficiency of the cipher machine is effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. Like elements or portions are generally identified by like reference numerals throughout the several figures. In the drawings, elements or portions thereof are not necessarily drawn to scale.
FIG. 1 is a schematic diagram of a high security server cryptographic engine provided by the present invention;
fig. 2 is a step diagram of generating a characterization data set by a high security server cryptographic machine.
Detailed Description
Embodiments of the technical scheme of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present invention, and thus are merely examples, and are not intended to limit the scope of the present invention.
It is noted that unless otherwise indicated, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this invention pertains.
As shown in fig. 1, a high security server crypto-engine includes the following:
the system comprises a command interface, an encryption module, a main control module and an encryption module, wherein the command interface and the encryption module are integrated on the main control module, the command interface is used for acquiring a physical random signal of target equipment, and the encryption module is connected with the encryption module.
The command interface may be a network interface including, but not limited to, an RJ-45 interface, an RJ-11 interface, an SC fiber interface, an FDDI interface, an AUI interface, a BNC interface, a Console interface; the first type of interface may also be a USB interface, including but not limited to a USB1.1 interface, a USB2.0 interface, a USB3.0 interface; the encryption module may be a network interface including, but not limited to, an RJ-45 interface, an RJ-11 interface, an SC fiber interface, an FDDI interface, an AUI interface, a BNC interface, a Console interface; the first type of interface may also be a USB interface, including but not limited to a USB1.1 interface, a USB2.0 interface, a USB3.0 interface; the number of the encryption modules is set according to actual needs, and is not limited herein.
More specifically, the encryption module comprises a first random number generator, a second random number generator, a Hopfield neural network module and a key library, wherein the first random number generator generates a first random number based on a physical random signal, the Hopfield neural network module comprises a plurality of discrete Hopfield neural network circuits, each discrete Hopfield neural network circuit corresponds to one first random number one by one, each discrete Hopfield neural network circuit generates a characterization data set, the characterization data set is used for generating a received characterization signal of the first random number at the current t moment, the second random number generator generates a true random number according to the characterization signal, and the key library is used for encrypting the random number to obtain an encrypted random number.
The first random number generator generates a first random number by adopting physical processes such as noise and the like in an electronic element of target equipment, and the first random number is influenced by environmental factors such as temperature, time, voltage, pressure, audio frequency and the like, so that repeated physical noise is easily generated in a short time under a continuous environment to generate the same random number, and therefore, a discrete Hopfield neural network circuit is adopted to generate a characterization data set with different data characteristics;
the first random number is combined with the characteristic data set to generate different characteristic signals, the characteristic data are difficult to be directly input into the random number generator to obtain random numbers, so that a series of random numbers which possibly exist repeatedly are generated by adopting the first random number, the random numbers are combined with the different characteristic data to obtain different characteristic signals, the characteristic signals are then input into the second random number generator to be used as input, and the random numbers generated in the second random number generator are all true random numbers.
As shown in fig. 2, more specifically, the step of generating the characterization data set of the Hopfield neural network module includes:
step 1: presetting a virtual physical signal, training the virtual physical signal to generate a characterization task, and obtaining a corresponding task sample set;
step 2: and under the condition that the task sample sets are available, extracting the optimal value data from each task data set and reserving the optimal value data to obtain the characterization data set.
More specifically, the task sample set is available in the following cases: the samples in the sample set are all different.
And a step of presetting a virtual physical signal, wherein the manufacturing process of the characterization data set is isolated from the encryption and decryption process before the encryption and decryption process is started by the crypto, so that the data backtracking polling time in the encryption and decryption process is reduced, the key checking efficiency of the crypto is effectively improved, and the characterization data set has perfect task data with enough data quantity.
More specifically, the time interval from the receipt of the first random signal to the last random signal by the command interface is referred to as a time stack learned by the Hopfield neural network, the Hopfield neural network modifies the characterization data set as the time stack changes, and in the nth time stack, the Hopfield neural network accesses the N-th characterization data set.
In the Nth time stack, the command interface starts timing after receiving the kth signal, and if the timing duration exceeds the set range and the next random signal is still not input, the kth signal is set as the last random signal of the Nth time stack;
if the timing duration exceeds the set range, the command interface receives a random signal, and the random signal is used as the first random signal of the (n+1) th time stack.
More specifically, the step of modifying the characterization data set by the Hopfield neural network module with time stack change includes:
step 3: after the N-1 time stack is finished, presetting a virtual physical signal, training the virtual physical signal to generate an N-number characterization task, and obtaining a corresponding N-number task sample set; extracting optimal value data from each task data set to be reserved under the condition that the task sample set is available, and obtaining N-number characterization data sets;
step 4: after the N time stack is finished, presetting a virtual physical signal, training the virtual physical signal to generate an N+1 characterization task, obtaining a corresponding N+1 task sample set, adding the characterization data set of the N characterization task into the task sample set, and extracting and retaining optimal value data of each task data set under the condition that the N+1 task sample set is available, so as to obtain the N+1 characterization data set.
After the virtual physical signal training is finished and a new task sample set is available, if the characterization data set is directly used for random number generation of the next time stack, the random number generation result of the next time stack is biased to the distribution of new data, so that overlapping with the previous time stacks is difficult to avoid. In order to alleviate this phenomenon, when generating the n+1 characterization task, the characterization data set of the old task N characterization task will participate in training together with the n+1 task sample set, and prevent the data from overlapping while retaining the knowledge of the old task.
More specifically, the extracting step of the data of optimal value includes:
step a: according to the N-number characterization data set, acquiring a feature grabber corresponding to the N-number characterization task, and adopting the feature grabber to grab the features of all sample data in the N+1-number sample data;
step b: calculating a characteristic mean value for each type of sample data according to the captured multiple sample data characteristics, and calculating Euclidean distances between the multiple sample data characteristics and the characteristic mean value;
step c: and reserving m sample data corresponding to the sample data features with the smallest Euclidean distance.
More specifically, the first random number generator and/or the second random number generator is one or more of a thermal noise random number generator, an oscillation sampling random number generator, a metastable random number generator or a chaotic random number generator.
More specifically, the main control module is configured to receive a task request sent by the target device through the command interface, and send the task data to an encryption module connected to the hub through the encryption module, where the task request includes a task type and task data.
When the task type is an encryption service, the encryption module encrypts the task type to obtain encryption information, the encryption information is sent to a main control module through a hub and the encryption module, and the main control module sends the encryption information to the target equipment through the command interface after receiving the encryption information;
and when the task type is decryption service, the encryption chip decrypts the task data to obtain decryption information, the decryption information is sent to a main control module through a hub and an encryption module, and the main control module sends the decryption information to the target equipment through the command interface after receiving the decryption information.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention, and are intended to be included within the scope of the appended claims and description.
Claims (6)
1. A high security server cryptographic engine comprising:
the system comprises a command interface, an encryption module, a main control module and an encryption interface, wherein the command interface and the encryption interface are integrated on the main control module, the command interface is used for acquiring a physical random signal of target equipment, and the encryption module is connected with the main control module;
the encryption module comprises a first random number generator, a second random number generator, a Hopfield neural network module and a key library, wherein the first random number generator generates a first random number based on a physical random signal, the Hopfield neural network module comprises a plurality of discrete Hopfield neural network circuits, each discrete Hopfield neural network circuit corresponds to one first random number one by one, each discrete Hopfield neural network circuit generates a characterization data set, the characterization data set is used for generating a received characterization signal of the first random number at the current t moment, the second random number generator generates a true random number according to the characterization signal, and the key library is used for encrypting the random number to obtain an encrypted random number;
the step of generating the characterization data set of the Hopfield neural network module includes:
step 1: presetting a virtual physical signal, training the virtual physical signal to generate a characterization task, and obtaining a corresponding task sample set;
step 2: extracting and retaining the optimal value data of each task data set under the condition that the task sample set is available, and obtaining a characterization data set;
the task sample set is available in the following cases: the samples in the sample set are all different.
2. The high security server cryptographic engine of claim 1, wherein the time interval from the receipt of the first random signal to the last random signal by the command interface is referred to as a time stack for Hopfield neural network learning, the Hopfield neural network modifying the characterization data set as a function of time stack, and the Hopfield neural network accessing the N-th characterization data set in the nth time stack.
3. The high security server cryptographic engine of claim 2, wherein the Hopfield neural network module modifies the characterization data set over time stack changes comprising:
step 3: after the N-1 time stack is finished, presetting a virtual physical signal, training the virtual physical signal to generate an N-number characterization task, and obtaining a corresponding N-number task sample set; extracting optimal value data from each task data set to be reserved under the condition that the task sample set is available, and obtaining N-number characterization data sets;
step 4: after the N time stack is finished, presetting a virtual physical signal, training the virtual physical signal to generate an N+1 characterization task, obtaining a corresponding N+1 task sample set, adding the characterization data set of the N characterization task into the task sample set, and extracting and retaining optimal value data of each task data set under the condition that the N+1 task sample set is available, so as to obtain the N+1 characterization data set.
4. A high security server cryptographic machine according to claim 3, wherein the step of extracting the data of optimal value comprises:
step a: according to the N-number characterization data set, acquiring a feature grabber corresponding to the N-number characterization task, and adopting the feature grabber to grab the features of all sample data in the N+1-number sample data;
step b: calculating a characteristic mean value for each type of sample data according to the captured multiple sample data characteristics, and calculating Euclidean distances between the multiple sample data characteristics and the characteristic mean value;
step c: and reserving m sample data corresponding to the sample data features with the smallest Euclidean distance.
5. The high security server cryptographic machine of claim 1, wherein the first random number generator and/or the second random number generator is one or more of a thermal noise random number generator, an oscillating sampling random number generator, a metastable random number generator, or a chaotic random number generator.
6. The high security server cryptographic engine of claim 1, wherein the master control module is configured to receive a task request sent by the target device through the command interface, and send the task data to an encryption module connected to the hub through the encryption module, wherein the task request includes a task type and task data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211455571.5A CN115811397B (en) | 2022-11-21 | 2022-11-21 | High-safety server cipher machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211455571.5A CN115811397B (en) | 2022-11-21 | 2022-11-21 | High-safety server cipher machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115811397A CN115811397A (en) | 2023-03-17 |
| CN115811397B true CN115811397B (en) | 2023-08-04 |
Family
ID=85483609
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211455571.5A Active CN115811397B (en) | 2022-11-21 | 2022-11-21 | High-safety server cipher machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115811397B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110837651A (en) * | 2019-11-04 | 2020-02-25 | 合肥工业大学 | Color image encryption method based on fractional order discrete neural network and DNA operation |
| CN110943830A (en) * | 2019-11-08 | 2020-03-31 | 深圳市东进技术股份有限公司 | Cipher machine |
| CN111860774A (en) * | 2020-06-30 | 2020-10-30 | 深圳市永达电子信息股份有限公司 | True random number-based eigen state network circuit signal preparation system and method |
| CN113240100A (en) * | 2021-07-12 | 2021-08-10 | 深圳市永达电子信息股份有限公司 | Parallel computing method and system based on discrete Hopfield neural network |
| CN114826702A (en) * | 2022-04-11 | 2022-07-29 | 中国南方电网有限责任公司 | Database access password encryption method and device and computer equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7003109B2 (en) * | 2001-04-19 | 2006-02-21 | City University Of Hong Kong | Compact crypto-engine for random number and stream cipher generation |
| US11580411B2 (en) * | 2018-12-18 | 2023-02-14 | Hewlett Packard Enterprise Development Lp | Systems for introducing memristor random telegraph noise in Hopfield neural networks |
-
2022
- 2022-11-21 CN CN202211455571.5A patent/CN115811397B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110837651A (en) * | 2019-11-04 | 2020-02-25 | 合肥工业大学 | Color image encryption method based on fractional order discrete neural network and DNA operation |
| CN110943830A (en) * | 2019-11-08 | 2020-03-31 | 深圳市东进技术股份有限公司 | Cipher machine |
| CN111860774A (en) * | 2020-06-30 | 2020-10-30 | 深圳市永达电子信息股份有限公司 | True random number-based eigen state network circuit signal preparation system and method |
| CN113240100A (en) * | 2021-07-12 | 2021-08-10 | 深圳市永达电子信息股份有限公司 | Parallel computing method and system based on discrete Hopfield neural network |
| CN114826702A (en) * | 2022-04-11 | 2022-07-29 | 中国南方电网有限责任公司 | Database access password encryption method and device and computer equipment |
Non-Patent Citations (1)
| Title |
|---|
| 《基于离散分数阶混沌系统的图像加密》;尹昊;《中国优秀硕士学位论文全文数据库》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115811397A (en) | 2023-03-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324143B (en) | Data transmission method, electronic device and storage medium | |
| CN108092776B (en) | System based on identity authentication server and identity authentication token | |
| EP3319292B1 (en) | Methods, client and server for checking security based on biometric features | |
| CN106656907B (en) | Method, device, terminal equipment and system for authentication | |
| US5475758A (en) | User authenticating system and method in wide area distributed environment | |
| US11271759B2 (en) | Secure digital signatures using physical unclonable function devices with reduced error rates | |
| Wu | A Real-World Analysis of Kerberos Password Security. | |
| JP4638912B2 (en) | Method for transmitting a direct proof private key in a signed group to a device using a distribution CD | |
| CN109921894B (en) | Data transmission encryption method and device, storage medium and server | |
| US11477039B2 (en) | Response-based cryptography using physical unclonable functions | |
| EP2512061A1 (en) | System for conducting remote biometric operations | |
| JP2005012732A (en) | Device authentication system, terminal device, authentication server, service server, terminal device method, authentication method, terminal device program, authentication program, service server program, and storage medium | |
| WO2010130709A1 (en) | Method for authenticating access to a secured chip by a test device | |
| CN106034123A (en) | Authentication method, application system server and client | |
| CN110650011A (en) | Encryption storage method and encryption storage card based on quantum key | |
| CN114070559A (en) | Industrial Internet of things session key negotiation method based on multiple factors | |
| CN114793184B (en) | Security chip communication method and device based on third-party key management node | |
| CN113656775A (en) | Offline password verification method and system with expiration date and intelligent lock | |
| CN111327561B (en) | Authentication method, system, authentication server, and computer-readable storage medium | |
| CN113591103B (en) | Identity authentication method and system between intelligent terminals of electric power Internet of things | |
| Panchal et al. | Designing Secure and Efficient Biometric-Based Access Mechanism for Cloud Services | |
| CN112272090B (en) | Key generation method and device | |
| CN115811397B (en) | High-safety server cipher machine | |
| Yu et al. | A new method for identity authentication using mobile terminals | |
| WO2005091148A1 (en) | Storing of encrypted data in the memory of a portable electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |