CN1286286C - Method for implementing secret communication and encryption apparatus thereof - Google Patents
Method for implementing secret communication and encryption apparatus thereof Download PDFInfo
- Publication number
- CN1286286C CN1286286C CN 02123202 CN02123202A CN1286286C CN 1286286 C CN1286286 C CN 1286286C CN 02123202 CN02123202 CN 02123202 CN 02123202 A CN02123202 A CN 02123202A CN 1286286 C CN1286286 C CN 1286286C
- Authority
- CN
- China
- Prior art keywords
- module
- encryption
- data
- usb interface
- encryption device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000006854 communication Effects 0.000 title claims abstract description 75
- 238000004891 communication Methods 0.000 title claims abstract description 74
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000007726 management method Methods 0.000 claims abstract description 28
- 238000013500 data storage Methods 0.000 claims abstract description 18
- 230000005540 biological transmission Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 8
- 230000002093 peripheral effect Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 3
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a secret communication method and an encryption device thereof. The encryption device comprises a microprocessor module, an RAM module, a program storage module, a data storage module, a key management module and an algorithm management module, wherein the microprocessor module is connected with a data storage area module, the RAM module and a program storage area module by data lines. The data storage area module is connected with the key management module, and the program storage area module is connected with the algorithm management module respectively by data lines. The encryption device is characterized in that the encryption device also comprises a USB interface module. The USB interface module is connected with the key management module, the RAM module and the algorithm management module by data lines for being connected with a USB interface with a terminal needing to be encrypted so as to complete the update of data, programs and passwords. The present invention is characterized in that an externally arranged encrypting card is flexibly connected with a communication system terminal by a USB. Thus, communication security is greatly enhanced.
Description
Technical Field
The present invention relates to the field of secure communications, and more particularly, to a method for implementing secure communications and a hardware encryption device thereof.
Technical Field
The only effective method for realizing end-to-end secret communication in a communication system comprising a computer and a wireless communication system is to carry out encryption processing on transmitted information, namely to operate a proper encryption algorithm to realize data confidentiality protection, but the specific mode of how to apply the encryption algorithm has advantages and disadvantages of the encryption algorithm.
For secure communications in computer communication systems, there have been a number of ways to implement encryption, collectively including software encryption and hardware encryption. The software encryption is to add a software module specially responsible for encryption and decryption in the application layer of the communication system to encrypt and decrypt the data to and from the communication system. Because the key encryption and decryption keys and the data generated in the encryption and decryption processes are generated in the memory of the local computer during the method, if the operating system of the local computer has a bug, a remote crypto-analyst can obtain the key data, thereby easily deciphering the subsequent secret communication. In addition, because the computation amount of the encryption algorithm is very large, the encryption and decryption processes cannot tolerate a large amount of precious system resources.
To overcome these two disadvantages, many ways of using hardware encryption have been developed. The hardware encryption is to store the encryption cipher algorithm and the secret key into special hardware, and the encryption and decryption processes are also completed by a microprocessor in the hardware. Although hardware encryption fundamentally overcomes the above-mentioned disadvantages of software encryption, how to connect hardware that is exclusively responsible for encryption to a communication terminal can create more problems to consider. Any communication terminal or microprocessor is connected to a number of components and peripherals such as hardware cryptographic cards via a structure called a "bus", and there are many cryptographic cards based on buses including: ISA (AT), EISA, VESA, PCI bus, etc.
Wherein, the ISA bus is an 8/16 bit data bus with 98 pins, and the ISA bus is widely applied in the times of 80286 to 80486; the EISA bus is additionally provided with 98 signal lines on 98 signal lines of the original ISA bus, namely an EISA signal line is added between two ISA signal lines; VESA (video electronics standards organization) defines 32-bit data lines and can be expanded to 64 bits through an expansion slot, uses 33MHz clock frequency, has the maximum transmission rate of 132MB/s, and can work synchronously with a CPU. The pci (peripheral component interconnect) bus, which is one of the most popular buses at present, is a local bus introduced by Intel corporation. It defines a 32-bit data bus and is extensible to 64 bits. The PCI bus mainboard slot has smaller volume than the original ISA bus slot, greatly improves the functions of the PCI bus mainboard slot compared with the VESA and the ISA, supports burst read-write operation, has the maximum transmission rate of 132MB/s, and can simultaneously support a plurality of groups of peripheral equipment. The connection mode of the encryption card and the communication terminal based on the system buses is the same, as shown in fig. 1:
one significant advantage of using the system bus to attach the encryption card is the higher data transmission rate, which can be as high as 100 MB/s. If the rate of the external component implementing the encryption is kept up to date, the rate requirements for secure communications can be fully met.
But for the special function of encryption, due to the requirement of system security, the key is updated and managed frequently, and it is also possible to update the cryptographic algorithm in the encryption card. The key management and cipher algorithm are completed by special chip in the encryption card, if facing the requirement of updating, the encryption device is taken from the communication terminal, and the program is read and written to the special chip by corresponding read-write device to realize updating. Therefore, the system bus for hanging the encryption card lacks certain flexibility. In addition, the implementation of the apparatus is complicated, so the apparatus is often expensive. In summary, the biggest disadvantage of the method of attaching the encryption card through the system bus is the lack of flexibility. In order to reduce the cost and increase the flexibility, a mode of hanging the encryption card through serial ports such as RS-232 is also provided, and the connection diagram is the same as the above diagram. However, the biggest disadvantage of serial port transmission such as RS-232 is low rate, which cannot meet the requirements of some communication systems. In addition, an encryption function is completed in the intelligent IC card, and an IC card reader-writer is needed when the IC card is connected with the system, and the reader-writer is connected with the system through a serial port. As shown in fig. 2:
therefore, when the peripheral encryption card is added in the communication terminal such as a mobile phone or a computer, the communication terminal is modified to add a module for reading and writing the peripheral function of the IC, which is inconvenient and increases extra cost.
Therefore, there is a strong need for a way to flexibly connect an external encryption device to a communication terminal while providing a high data transmission rate.
Disclosure of Invention
The present invention is directed to the above-mentioned problems, and provides a method and apparatus for connecting a peripheral encryption card to a communication system terminal via a USB (Universal Serial Bus), so as to provide great flexibility in operation and upgrade and the ability to perform a given task with high quality.
An encryption device comprises a microprocessor module, a RAM module, a program storage module, a data storage module, a key management module and an algorithm management module, wherein the microprocessor module is connected with the data storage module, the RAM module and the program storage module through data lines, the data storage module is connected with the key management module, the program storage module is connected with the algorithm management module through data lines, and the encryption device is characterized by further comprising: and the USB interface module is connected with the key management module, the RAM module and the algorithm management module through data lines and is used for being connected with a USB interface of a terminal to be encrypted to complete the updating of data, programs and passwords.
The number of the USB interface modules can be one or more.
A secret communication method, utilize an encryption apparatus to carry on the encryption operation to the information data transmitted in the communication, characterized by that, USB interface module of the encryption apparatus connects the encryption apparatus through the USB interface of the communication terminal; the microprocessor module of the encryption equipment performs data input/output or reading and writing with the RAM module of the encryption equipment through a data line; the microprocessor module of the encryption device is also connected with the data storage module and the program storage module of the encryption device through data lines, and performs encryption operation by calling data and programs in the data storage module and the program storage module to complete the encryption work of information data transmitted in secret communication; the USB interface module is connected with the key management module, the RAM module and the algorithm management module through data lines and is used for being connected with a USB interface of a terminal needing encryption to complete the updating of data, programs and passwords.
The step of connecting the encryption device may be connecting one encryption device, or connecting a plurality of encryption devices.
The step of connecting the encryption device may be to connect the hub to the USB interface of the communication terminal, and then to connect the plurality of encryption devices.
The secret communication method further comprises a step of installing the encryption device driver on the communication terminal.
The secret communication method can finish the updating of the encryption algorithm in the encryption equipment through the input equipment of the communication terminal.
The invention has all advantages of function card encryption, and because the USB protocol can directly communicate with the terminal without additional power supply, a card reader is not required to be added. And because additional accessory equipment is not needed, the encryption equipment can be integrated into a communication system by adopting integrated processing and is communicated with an internal USB interface, and great application flexibility is increased.
USB supports very high data transmission rates, with low speeds of 10-100kbs, full speeds of 500kbs-10Mbs, and high speeds of 25-400 Mbs. The data transmission rate of the USB encryption equipment and the communication terminal is enough to meet the requirement of 3G communication rate by adopting a proper microprocessor, and the low speed, the full speed and the high speed are selected. However, smart card encryption and serial port connection cannot provide high transmission rate, and when the rate requirement of data service transmission of a communication system is rapidly increased, many current technical schemes may not meet the requirement at all, and the design starting point of the smart card encryption and serial port connection may not be improved.
Because the USB protocol supports plug and play, the technical scheme can realize the plug and play of the USB encryption equipment without equipment and hardware conflict. This provides a great flexibility in practical applications.
The storage space supported by the USB is very large, and a complex algorithm can be stored in the encryption device or a plurality of authentication certificates and keys can be stored when PKI is applied, which is difficult to be achieved by the smart card.
The technical scheme can realize easy upgrading. For the system, the serial port of the existing communication equipment can be modified to support USB communication, and later, if protocol upgrading is required, only protocol software needs to be upgraded, so that the system is very flexible. For function improvement, the increase of communication speed, the change of data transmission mode, the updating of cryptographic algorithm and key can only need software online updating. All other solutions are not so flexible.
Drawings
FIG. 1 is a schematic diagram of a prior art connection of an encryption peripheral to a communication terminal via a system bus;
FIG. 2 is a schematic diagram of the connection between the encrypted smart card and the communication terminal through a serial port;
FIG. 3 is a schematic diagram of an encryption device of the present invention;
FIG. 4 is a schematic diagram of the connection of the present invention to a communication terminal;
FIG. 5 is a schematic diagram of an embodiment of the encryption device of the present invention connected in wired communication;
FIG. 6 is a schematic diagram of an embodiment of the encryption device of the present invention connected in wireless communication;
fig. 7 is a schematic diagram of the connection of a plurality of encryption devices of the present invention to a communication terminal.
Detailed Description
The following description of the embodiments of the present invention is provided in connection with the accompanying drawings.
As shown in fig. 3, the encryption device of the present invention is an encryption card having a USB interface module, and the card includes:
a microprocessor module: the data encryption module is responsible for data operation, and performs encryption operation by calling data and programs in the data storage module and the program storage module to complete encryption work of information data transmitted in communication.
A RAM module: and finishing the input and output and read-write functions of data.
A program storage module: the main storage encryption and integrity protection algorithm can be stored in a form of a ciphertext, and after the power is on, the ciphertext is loaded into a password arithmetic unit, decrypted and recovered, and then the ciphertext is operated.
A data storage module: the key pair is used for safely storing the main key and the non-team encryption algorithm key pair, and after the power is on, the main key and the key pair are called into the processor by the data storage module to participate in the operation.
The key management module is responsible for updating and managing keys.
The microprocessor module is connected with the data storage module, the RAM module and the program storage module through data lines, and the data storage module is connected with the key management module and the program storage module is connected with the algorithm management module through data lines.
The invention has the innovation point that a USB (Universal serial bus) interface module is added, and the USB interface module is connected with a key management module, an RAM module and an algorithm management module through a data line and is used for being connected with a USB interface of a terminal to be encrypted to complete the updating of data, programs and passwords.
Fig. 4 is a schematic diagram showing the connection between the encryption card and the communication terminal according to the present invention.
In the actual design of the encryption device, one or more USB interface modules may be provided, so that several USB interfaces may be connected at the same time.
When the encryption card is used, the communication terminal can be different devices, such as a mobile phone, a PC (personal computer), a PDA (personal digital assistant) and the like, and the communication terminal is provided with a USB (universal serial bus) interface and is provided with the encryption device driver.
The method of the invention is practical and very simple: the encryption equipment is connected through a USB interface of the communication terminal, and then encryption of information in the transmission process can be completed by operating an encryption algorithm stored in the encryption equipment, so that secret communication is realized.
As shown in fig. 5, the communication terminal is a PC in wired communication, and fig. 6 is a mobile phone in wireless communication. In these communication processes, the encryption method of the present invention can be used, and is simple, convenient, and practical, and produces positive effects.
As shown in fig. 7, in practical use, if one encryption device cannot complete the required functions due to factors such as operation speed and storage space, several encryption devices may be added during operation, that is, not only one encryption card is used, but also a plurality of encryption cards may be connected and operated at the same time, and the requirements of the system are met by operating several encryption cards at the same time. The specific realization can connect a concentrator at the USB interface of the communication terminal, and then connect a plurality of encryption devices through the interface provided by the concentrator, thus, a plurality of encryption cards can be used to complete the encryption work at the same time, the capacity is increased, and the running speed is accelerated.
Due to elimination of the algorithm, updating of the key and the like, corresponding data in the encryption card needs to be updated after a period of time, and the updating of the encryption algorithm in the encryption equipment can be completed through input equipment of the communication terminal.
The equipment and the method of the invention flexibly connect the peripheral encryption card with the communication system terminal through the USB, thereby greatly improving the confidentiality of communication and the flexibility of the equipment.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (7)
1. The utility model provides an encryption equipment, includes microprocessor module, RAM module, program storage module, data storage module, key management module, algorithm management module, microprocessor module and data storage module, RAM module and program storage module pass through the data line and link to each other, between data storage module and the key management module, between program storage module and the algorithm management module, link to each other through the data line respectively, its characterized in that, encryption equipment still include: and the USB interface module is connected with the key management module, the RAM module and the algorithm management module through data lines and is used for being connected with a USB interface of a terminal to be encrypted to complete the updating of data, programs and passwords.
2. The encryption device of claim 1, wherein the USB interface module is configured to be one or more than one.
3. A secret communication method, utilize an encryption apparatus to carry on the encryption operation to the information data transmitted in the communication, characterized by that, USB interface module of the encryption apparatus connects the encryption apparatus through the USB interface of the communication terminal; wherein,
the microprocessor module of the encryption equipment carries out data input/output or reading and writing with the RAM module of the encryption equipment through a data line; the microprocessor module of the encryption device is also connected with the data storage module and the program storage module of the encryption device through data lines, and performs encryption operation by calling data and programs in the data storage module and the program storage module to complete the encryption work of information data transmitted in secret communication;
the USB interface module is connected with the key management module, the RAM module and the algorithm management module through data lines and is used for being connected with a USB interface of a terminal needing encryption to complete the updating of data, programs and passwords.
4. A secret communication method according to claim 3, wherein said step of connecting the encryption device to the communication terminal may be connecting one encryption device or connecting more than one encryption device.
5. The secure communication method according to claim 4, wherein the step of connecting the encryption device to the communication terminal comprises connecting a hub to a USB port of the communication terminal for secure communication, and further connecting a plurality of encryption devices.
6. The secure communication method according to claim 3, further comprising a step of installing the encryption device driver on the communication terminal.
7. A secret communication method according to claim 3, wherein the updating of the encryption algorithm in said encryption device is accomplished through an input device of the communication terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02123202 CN1286286C (en) | 2002-06-12 | 2002-06-12 | Method for implementing secret communication and encryption apparatus thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02123202 CN1286286C (en) | 2002-06-12 | 2002-06-12 | Method for implementing secret communication and encryption apparatus thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1464676A CN1464676A (en) | 2003-12-31 |
| CN1286286C true CN1286286C (en) | 2006-11-22 |
Family
ID=29743470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02123202 Expired - Fee Related CN1286286C (en) | 2002-06-12 | 2002-06-12 | Method for implementing secret communication and encryption apparatus thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1286286C (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1878055B (en) * | 2005-06-07 | 2010-11-03 | 北京握奇数据系统有限公司 | Separation type mass data encryption/decryption device and implementing method therefor |
| CN1964524B (en) * | 2005-11-11 | 2011-04-06 | 上海贝尔阿尔卡特股份有限公司 | MBMS safety mechanism based service protection and content protection system for BCAST service |
| CN100454321C (en) | 2006-04-29 | 2009-01-21 | 北京飞天诚信科技有限公司 | USB device with data memory and intelligent secret key and control method thereof |
| CN101996285B (en) * | 2009-08-26 | 2013-10-02 | 联想(北京)有限公司 | Electronic equipment |
| CN101895883B (en) * | 2010-06-04 | 2013-01-30 | 中国联合网络通信集团有限公司 | Smart card supporting authentication arithmetic update and method for updating authentication arithmetic |
| CN102332077A (en) * | 2010-07-14 | 2012-01-25 | 国民技术股份有限公司 | Hand-held equipment data encryption and decryption method and hand-held equipment peripheral equipment thereof |
| CN103577741B (en) * | 2013-03-13 | 2017-06-06 | 深圳市振华微电子有限公司 | A kind of USB peripheral |
| CN106228080B (en) * | 2016-06-25 | 2019-03-12 | 郑州财经学院 | A kind of computer data enciphering system |
| CN107145463A (en) * | 2017-05-09 | 2017-09-08 | 佛山博智医疗科技有限公司 | The method and system of automatic transmission hearing test data |
| CN107425958A (en) * | 2017-05-31 | 2017-12-01 | 中国科学院半导体研究所 | Secure communication device and method |
| CN114172733B (en) * | 2021-12-10 | 2024-04-05 | 中科计算技术西部研究院 | Medical sample data encryption transmission method based on pluggable encryption terminal |
| CN114189326B (en) * | 2021-12-10 | 2024-04-26 | 中科计算技术西部研究院 | Multiple encryption system and decryption method of plug-in type encryption terminal |
-
2002
- 2002-06-12 CN CN 02123202 patent/CN1286286C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1464676A (en) | 2003-12-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1658696B1 (en) | On-chip storage, creation, and manipulation of an encryption key | |
| US8176335B2 (en) | Removable computer with mass storage | |
| CN109447225B (en) | High-speed safe encryption Micro SD card | |
| US7406604B2 (en) | Method for protecting a memory card, and a memory card | |
| US8627100B2 (en) | Separate type mass data encryption/decryption apparatus and implementing method therefor | |
| CN1286286C (en) | Method for implementing secret communication and encryption apparatus thereof | |
| CN101103628B (en) | Host device, portable storage device, and method for updating meta information regarding right objects stored in portable storage device | |
| US20060129848A1 (en) | Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor | |
| US20020174337A1 (en) | Memory card with wireless communication function and data communication method | |
| WO2007067221A2 (en) | Methods and apparatus for the secure handling of data in a microcontroller | |
| CN1866224A (en) | Mobile memory device and method for accessing encrypted data in mobile memory device | |
| KR20030071460A (en) | Memory card | |
| EP2458507A1 (en) | Storage device, access controlling system, sd card and data access controlling method | |
| JP2004362516A (en) | Usb encryption device and program | |
| CN113449349A (en) | Platform security mechanism | |
| CN112116054A (en) | Multi-chip integrated card | |
| US20100122323A1 (en) | Storage device management systems and methods | |
| CN116010991A (en) | Data encryption method, data decryption method, electronic device, and readable storage medium | |
| CN115348363A (en) | Encryption/decryption chip, method, equipment and medium based on state cryptographic algorithm | |
| CN115357947A (en) | Hardware implementation method and device for obtaining trusted digital identity CTID network card data | |
| CN115344895A (en) | Trusted digital identity CTID network card decoding chip and design method thereof | |
| KR100865572B1 (en) | Apparatus and method for providing interface of mobile telecommunication terminal | |
| CN200953148Y (en) | Intelligent cipher key with large capacity data enciphering storage function | |
| CN110837627A (en) | Software copyright authentication method, system and equipment based on hard disk serial number | |
| CN1373461A (en) | Encrypting-decrypting device for data storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20061122 Termination date: 20200612 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |