CN207251652U - A kind of encryption gateway based on ZYNQ devices - Google Patents

A kind of encryption gateway based on ZYNQ devices Download PDF

Info

Publication number
CN207251652U
CN207251652U CN201721095692.8U CN201721095692U CN207251652U CN 207251652 U CN207251652 U CN 207251652U CN 201721095692 U CN201721095692 U CN 201721095692U CN 207251652 U CN207251652 U CN 207251652U
Authority
CN
China
Prior art keywords
zynq
encryption gateway
ethernet interface
memory
management unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201721095692.8U
Other languages
Chinese (zh)
Inventor
赵长松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sansec Technology Development Co Ltd
Original Assignee
Beijing Sansec Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sansec Technology Development Co Ltd filed Critical Beijing Sansec Technology Development Co Ltd
Priority to CN201721095692.8U priority Critical patent/CN207251652U/en
Application granted granted Critical
Publication of CN207251652U publication Critical patent/CN207251652U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

It the utility model is related to a kind of encryption gateway based on ZYNQ devices.The encryption gateway includes:Sequentially connected Ethernet interface, ZYNQ primary processors and key management unit, Ethernet interface are also connected with server;Wherein, ZYNQ primary processors receive the data packet of server transmission by Ethernet interface, command information in data packet is sent to key management unit, and according to the key management unit of reception feed back computing after secret information, the corresponding data message of secret information after computing is sent to server by Ethernet interface.The encryption gateway of the sequentially connected Ethernet interface, ZYNQ primary processors and the key management unit composition that provide through this embodiment, on the one hand, realize the technique effect of low cost;On the other hand, treat encryption device by this encryption gateway to be encrypted, realize and be not easy to be cracked, the strong technique effect of encryption performance.

Description

A kind of encryption gateway based on ZYNQ devices
Technical field
It the utility model is related to field of information security technology, more particularly to a kind of encryption gateway based on ZYNQ devices.
Background technology
In recent years, with the fast development of network and computer technology, All Around The World has come into Internet era, mutually Convenient and efficient, traversing space-time the characteristic of networking brings huge change to human society, influences the various aspects of society.People Start with this easily infrastructure change conventional business activity and office mode, carry out e-commerce, E-Government, Network office.Currently, the e-commerce initiative such as B2C, B2B is quite popularized, and the E-Government such as electronic taxation, on-line approval is put down Platform development obtain it is like a raging fire, internet become enterprises and institutions' telecommuting ideal platform.Internet terminal is also from electricity Brain expands to mobile phone, tablet etc. and moves equipment, and the trend of oriented smart home device extension.
Due to the opening of internet design, Internet user is caused to face all many security threats:Authentication Mechanism is weaker, and validated user is easily counterfeited, and is unable to control the access of resource;Attacker can eavesdrop data on the line, very It is published to again on network after to altered data.In addition network application is also faced with refusal service, and wiretapping, destruction data are complete The attack of property, confidentiality etc..These safety problems, which have been increasingly becoming, influences the bottleneck that network application further develops.
However, during inventor realizes the utility model, find to have at least the following problems:
1st, encryption by Virtual Private Network (VPN) is of high cost, power consumption is high;
2nd, it is encrypted by modes such as digital signature, encryption performance is not strong enough, is easily cracked.
Utility model content
In order to solve the above technical problems, the utility model provides a kind of encryption gateway based on ZYNQ devices, it is described to add Close gateway includes:Sequentially connected Ethernet interface, ZYNQ primary processors and key management unit, the Ethernet interface also with clothes Business device connection;Wherein, the ZYNQ primary processors receive the data packet of the server transmission by the Ethernet interface, will Command information in the data packet is sent to the key management unit, and the fortune fed back according to the key management unit of reception Secret information after calculation, the corresponding data message of the secret information is sent to the service by the Ethernet interface Device.
The technical solution provided through this embodiment:Sequentially connected Ethernet interface, ZYNQ primary processors and key pipe The encryption gateway that device is formed is managed, and the Ethernet interface in the encryption gateway is also connected with server.On the one hand, realize it is low into This technique effect;On the other hand, the technique effect for simplifying design is realized.
Further, the ZYNQ primary processors include:Arm processor and FPGA processor, wherein, the ARM processing Device is connected with the Ethernet interface and the FPGA processor respectively, the FPGA processor also with the key management unit Connection;
Wherein, the order in the data packet that the arm processor transmits the Ethernet interface of reception Information is sent to the key management unit by the FPGA processor, and by the FPGA processor of reception according to described secret The data message after confidential information transmission processing is sent to the server by the Ethernet interface.
Further, the encryption gateway further includes:Memory, the memory are connected with the arm processor, its In, the data packet and the data message that the memory receives the arm processor are stored.
Further, the memory includes:Dynamic memory and static memory.
Further, the dynamic memory is DDR3 dynamic memories.
Further, the static memory is flash storage.
Further, the Ethernet interface is gigabit ethernet interface.
Further, the quantity of the gigabit ethernet interface is two.
Further, the encryption gateway further includes:USB interface, wherein,
The USB interface is connected with the ZYNQ primary processors, and the ZYNQ primary processors will be connect by the USB interface The data message received, which is sent into the equipment being connected with the USB interface, to be stored.
The beneficial effect of the utility model embodiment is, as a result of sequentially connected Ethernet interface, ZYNQ master The encryption gateway that processor and key management unit are formed, and the technology that the Ethernet interface in encryption gateway is also connected with server Scheme, realizes low cost and obtains the technique effect of encryption gateway.
Brief description of the drawings
Fig. 1 is a kind of structure diagram for encryption gateway based on ZYNQ devices that the utility model embodiment provides;
Fig. 2 is a kind of structural representation for encryption gateway based on ZYNQ devices that another embodiment of the utility model provides Figure;
Fig. 3 is a kind of structural representation for encryption gateway based on ZYNQ devices that another embodiment of the utility model provides Figure;
Fig. 4 is a kind of structural representation for encryption gateway based on ZYNQ devices that another embodiment of the utility model provides Figure.
Embodiment
In being described below, in order to illustrate rather than in order to limit, it is proposed that such as particular system structure, interface, technology it The detail of class, understands the utility model to cut thoroughly.However, it will be clear to one skilled in the art that there is no these The utility model can also be realized in the other embodiments of detail.In other situations, omit to well-known system, The detailed description of circuit and method, in case unnecessary details hinders description of the invention.
The utility model provides a kind of encryption gateway based on ZYNQ devices.
Referring to Fig. 1, Fig. 1 is a kind of structure for encryption gateway based on ZYNQ devices that the utility model embodiment provides Schematic diagram.
As shown in Figure 1, the encryption gateway includes:Sequentially connected Ethernet interface, ZYNQ primary processors and key management Device, Ethernet interface are also connected with server;Wherein, ZYNQ primary processors receive the number of server transmission by Ethernet interface According to bag, the command information in data packet is sent to key management unit, and after the computing according to the key management unit of reception feedback Secret information, the corresponding data message of secret information after computing is sent to server by Ethernet interface.
In the present embodiment, encryption gateway includes:Three big portion of Ethernet interface, ZYNQ primary processors and key management unit Point, and Ethernet interface, ZYNQ primary processors and key management unit are sequentially connected, Ethernet interface and service in encryption gateway Device connects.
Specifically, ZYNQ primary processors are connected by Ethernet interface with server, are taken with being received by Ethernet interface The data packet that business device is sent, ZYNQ primary processors store data packet.It is appreciated that data packet includes command information, ZYNQ primary processors send the command information to connected key management unit.It is understood that key management unit exists After receiving command information, computing can be carried out to data message according to command information and obtain secret information.So in key management Device sends the secret information after computing to ZYNQ primary processors, and ZYNQ primary processors correspond to the secret information after the computing Data message sent by Ethernet interface to server.Wherein, server includes internal server and external server.
The technical solution provided through this embodiment, on the one hand, relative in the prior art, pass through Virtual Private Network Mode makes the technical solution of encryption gateway, and the application realizes low manufacture cost, the high technique effect of producing efficiency;The opposing party Face, relative to the technical solution of encryption gateway in the prior art, is made by way of digital signature, the application realizes making It is not easy to be cracked, the technique effect of the strong encryption gateway of encryption.
Referring to Fig. 2, Fig. 2 is a kind of encryption gateway based on ZYNQ devices that another embodiment of the utility model provides Structure diagram.
As shown in Fig. 2, arm processor is connected with Ethernet interface and FPGA processor respectively, FPGA processors also with it is close Key manager connects;
Wherein, the command information in the data packet that arm processor transmits the Ethernet interface of reception passes through FPGA processing Device is sent to key management unit, and the data message after the computing that the FPGA processor of reception is sent according to key management unit leads to Ethernet interface is crossed to send to server.
In the present embodiment, encryption gateway includes three parts, is respectively arm processor, FPGA processor and key pipe Manage device.Wherein, on the one hand, arm processor is connected with Ethernet interface;Another aspect arm processor also connects with FPGA processor Connect.Wherein, FPGA processor is also connected with key management unit.
Specifically, arm processor is connected with Ethernet interface, to receive the data of server transmission by Ethernet interface Bag, and data packet is stored.Arm processor is also connected with FPGA processor, and the command information in data packet is passed through FPGA processor is sent to key management unit.FPGA processor is connected with key management unit, is receiving key management unit feedback Computing after secret information after, the corresponding data message of secret information after computing is sent to arm processor.ARM processing Device is sent the data message to server by Ethernet interface.
The technical solution provided through this embodiment, by the way that ZYNQ primary processors are divided into arm processor and FPGA processing Device two parts, furthermore achieved that making is not easy the technique effect of gateway being cracked.
Referring to Fig. 3, Fig. 3 is a kind of encryption gateway based on ZYNQ devices that another embodiment of the utility model provides Structure diagram.
As shown in figure 3, the encryption gateway further includes:Memory, memory are connected with arm processor, wherein, memory will The data packet and data message that arm processor receives are stored.
In the present embodiment, encryption gateway further includes memory.Memory and the arm processor in ZYNQ primary processors Connection.When arm processor receives data packet, or when receiving data message, all send and stored into memory.
The technical solution provided through this embodiment, on the one hand, avoid and data packet and data message are stored at ARM Manage in device, take memory space, so that the technology drawback that processing speed reduces;On the other hand, by by data packet and data Information is stored into memory, furthermore achieved that making is not easy the technique effect of gateway being cracked.
More specifically, memory includes:Dynamic memory and static memory.
More specifically, dynamic memory is DDR3 dynamic memories.
More specifically, static memory is flash storage.
More specifically, Ethernet interface is gigabit ethernet interface.
More specifically, the quantity of gigabit ethernet interface is two.
Referring to Fig. 4, Fig. 4 is a kind of encryption gateway based on ZYNQ devices that another embodiment of the utility model provides Structure diagram.
As shown in figure 4, encryption gateway further includes:USB interface, wherein,
USB interface is connected with ZYNQ primary processors, and ZYNQ primary processors are by the USB interface by the data message of reception Send into the equipment being connected with USB interface and store.
In the present embodiment, realize and make the encryption gateway with USB interface.USB interface connects with ZYNQ primary processors Connect, USB interface is also connected with external equipment, and the data message that ZYNQ primary processors receive is sent to USB interface and is connected External equipment in store.
The technical solution provided through this embodiment, realizes the technology effect backed up to the relevant information of encryption gateway Fruit.
The encryption that the utility model is made up of sequentially connected Ethernet interface, ZYNQ primary processors and key management unit The technical solution of gateway.On the one hand, the technique effect of low cost is realized;On the other hand, by this encryption gateway to be encrypted Device is encrypted, and realizes and is not easy to be cracked, the strong technique effect of encryption performance.
Reader should be understood that in the description of this specification, reference term " one embodiment ", " some embodiments ", " show The description of example ", " specific example " or " some examples " etc. mean to combine the specific features of the embodiment or example description, structure, Material or feature are contained at least one embodiment or example of the utility model.In the present specification, to above-mentioned term Schematic representation need not be directed to identical embodiment or example.Moreover, description specific features, structure, material or Feature may be combined in any suitable manner in any one or more of the embodiments or examples.In addition, in not conflicting situation Under, those skilled in the art can be by the different embodiments or example described in this specification and different embodiments or example Feature be combined and combine.
It is apparent to those skilled in the art that for convenience of description and succinctly, the dress of foregoing description The specific work process with unit is put, may be referred to the corresponding process in preceding method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, can pass through it Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of unit, is only A kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or Person is desirably integrated into another system, or some features can be ignored, or does not perform.
The unit illustrated as separating component may or may not be physically separate, be shown as unit Component may or may not be physical location, you can with positioned at a place, or can also be distributed to multiple networks On unit.Some or all of unit therein can be selected to realize the utility model embodiment scheme according to the actual needs Purpose.
In addition, each functional unit in each embodiment of the utility model can be integrated in a processing unit, Can be that unit is individually physically present or two or more units integrate in a unit.Above-mentioned collection Into unit can both have been realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can To be stored in a computer read/write memory medium.Based on such understanding, the technical solution of the utility model is substantially The part to contribute in other words to the prior art, or all or part of the technical solution can be in the form of software product Embody, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment method of the utility model Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
More than, it is only specific embodiment of the present utility model, but the scope of protection of the utility model is not limited thereto, Any one skilled in the art can readily occur in various equivalent in the technical scope that the utility model discloses Modifications or substitutions, these modifications or substitutions should be covered within the scope of the utility model.Therefore, the utility model Protection domain should be subject to scope of the claims.

Claims (9)

1. a kind of encryption gateway based on ZYNQ devices, it is characterised in that the encryption gateway includes:Sequentially connected Ethernet Interface, ZYNQ primary processors and key management unit, the Ethernet interface are also connected with server;Wherein, the main places of the ZYNQ The data packet that device receives the server transmission by the Ethernet interface is managed, the command information in the data packet is sent To the key management unit, and the secret information after the computing fed back according to the key management unit of reception, by the computing The corresponding data message of secret information afterwards is sent to the server by the Ethernet interface.
A kind of 2. encryption gateway based on ZYNQ devices according to claim 1, it is characterised in that the ZYNQ main process tasks Device includes:Arm processor and FPGA processor, wherein, the arm processor respectively with the Ethernet interface and the FPGA Processor connects, and the FPGA processor is also connected with the key management unit;Wherein, the arm processor is by the institute of reception The command information stated in the data packet of Ethernet interface transmission is sent to the key by the FPGA processor Manager, and the data message after the processing that the FPGA processor of reception is sent according to the secret information passes through The Ethernet interface is sent to the server.
3. a kind of encryption gateway based on ZYNQ devices according to claim 2, it is characterised in that the encryption gateway is also Including:Memory, the memory are connected with the arm processor, wherein, the memory receives the arm processor To the data packet and the data message stored.
A kind of 4. encryption gateway based on ZYNQ devices according to claim 3, it is characterised in that the memory bag Include:Dynamic memory and static memory.
A kind of 5. encryption gateway based on ZYNQ devices according to claim 4, it is characterised in that
The dynamic memory is DDR3 dynamic memories.
A kind of 6. encryption gateway based on ZYNQ devices according to claim 4, it is characterised in that
The static memory is flash storage.
A kind of 7. encryption gateway based on ZYNQ devices according to claim 1, it is characterised in that the Ethernet interface For gigabit ethernet interface.
A kind of 8. encryption gateway based on ZYNQ devices according to claim 7, it is characterised in that the gigabit Ethernet The quantity of interface is two.
9. a kind of encryption gateway based on ZYNQ devices according to any one of claim 1-7, it is characterised in that described Encryption gateway further includes:USB interface, wherein,
The USB interface is connected with the ZYNQ primary processors, and the ZYNQ primary processors are by the USB interface by reception The data message sends into the equipment being connected with the USB interface and stores.
CN201721095692.8U 2017-08-29 2017-08-29 A kind of encryption gateway based on ZYNQ devices Active CN207251652U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201721095692.8U CN207251652U (en) 2017-08-29 2017-08-29 A kind of encryption gateway based on ZYNQ devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201721095692.8U CN207251652U (en) 2017-08-29 2017-08-29 A kind of encryption gateway based on ZYNQ devices

Publications (1)

Publication Number Publication Date
CN207251652U true CN207251652U (en) 2018-04-17

Family

ID=61883738

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201721095692.8U Active CN207251652U (en) 2017-08-29 2017-08-29 A kind of encryption gateway based on ZYNQ devices

Country Status (1)

Country Link
CN (1) CN207251652U (en)

Similar Documents

Publication Publication Date Title
CN106022080B (en) A kind of data ciphering method based on the cipher card of PCIe interface and the cipher card
CN104184735B (en) Power marketing mobile application security guard system
CN104519458B (en) A kind of method of network connection, terminal, wireless router and system
CN106535184A (en) Key management method and system
CN109257744A (en) 5G data transmission method, system and 5G data send and receive device
CN101488952A (en) Mobile storage apparatus, data secured transmission method and system
CN102882885A (en) Method and system for improving cloud computing data security
CN103795530B (en) A kind of method, device and the main frame of cross-domain controller certification
CN108809975B (en) Internal and external network isolation system and method for realizing internal and external network isolation
CN102346823B (en) The method and system that in a kind of internet, user logs in
CN104052762A (en) Data sharing method, device and system
CN105426416A (en) Transmission method and device of uniform resource locator, and sharing method and device of uniform resource locator
CN107391232A (en) A kind of system level chip SOC and SOC systems
CN104065623A (en) Information processing method, trust server and cloud server
CN103885725B (en) A kind of virtual machine access control system and its control method based on cloud computing environment
CN103873245B (en) Dummy machine system data ciphering method and equipment
CN207251652U (en) A kind of encryption gateway based on ZYNQ devices
CN116781425A (en) Service data acquisition method, device, equipment and storage medium
CN107094036A (en) A kind of cipher key processing method and Bluetooth terminal based on bluetooth communication
CN103729324A (en) Security protection device of cloud storage file based on USB3.0 interface
CN207475576U (en) A kind of safety mobile terminal system based on safety chip
CN104202166B (en) A kind of erp system datas encryption method
CN203164961U (en) Safe portable storage device
CN103139146A (en) Authentication method
CN116232880A (en) Virtual private network establishment method and system based on security isolation

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant
CP03 "change of name, title or address"

Address after: Room 1406, 14 / F, building 2, yard 16, Guangshun North Street, Chaoyang District, Beijing 100029

Patentee after: Sanwei Xin'an Technology Co., Ltd

Address before: 100101 22, building 3, building 170, Beiyuan Road, No. 1, Beijing, Chaoyang District, 2602

Patentee before: BEIJING SANSEC TECHNOLOGY DEVELOPMENT Co.,Ltd.

CP03 "change of name, title or address"