CN209803788U - PCIE credible password card - Google Patents
PCIE credible password card Download PDFInfo
- Publication number
- CN209803788U CN209803788U CN201920919411.9U CN201920919411U CN209803788U CN 209803788 U CN209803788 U CN 209803788U CN 201920919411 U CN201920919411 U CN 201920919411U CN 209803788 U CN209803788 U CN 209803788U
- Authority
- CN
- China
- Prior art keywords
- pcie
- data
- data processing
- main control
- control chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The application discloses a PCIE (peripheral component interface express) trusted password card, which comprises a PCIE interface, a host computer and a PCI (peripheral component interface express) interface, wherein the PCIE interface is used for acquiring data to be processed from the host computer and outputting a data processing result to the host computer; the main control chip is used for calling a corresponding data processing algorithm according to the data to be processed and processing the data to be processed through the data processing algorithm to obtain a data processing result; the main control chip is embedded with a first preset number of data processing algorithms; the PCIE trusted password card has the advantages of simple design, lower cost and higher safety and reliability.
Description
Technical Field
The application relates to the technical field of computer hardware, in particular to a PCIE trusted password card.
background
A PCIE (Peripheral Component Interconnect Express) trusted cryptographic card is a cryptographic device applied to a server, a cryptographic machine, and a network device for providing system security, and its main functions include encrypting and decrypting data, authenticating identity, and measuring trust. Based on the above application functions, it can be seen that the cryptographic card needs to provide various algorithms, including a packet (symmetric) algorithm used for data encryption and decryption, a public key (asymmetric) algorithm used for digital signature, a hash algorithm used for hashing data, and the like.
In the prior art, a PCIe trusted cryptographic card is composed of a main control chip + FPGA + a plurality of algorithm chips, please refer to fig. 1, fig. 1 is a schematic structural diagram of a PCIe trusted cryptographic card in the prior art, where the main control chip is mostly an MCU (micro controller Unit) embedded processor, such as an ARM processing chip, and the FPGA (Field-Programmable Gate Array) is a high-speed communication interface with the main control chip, and meanwhile, communication connection with various algorithm chips is also implemented.
Firstly, the FPGA has the disadvantages of low security, low reliability, high cost, high power consumption, and the like, does not provide a storage function, cannot store sensitive data such as a key, and needs other auxiliary devices to complete the operation; secondly, as more algorithms are needed, the number of externally-hung algorithm chips is correspondingly large, so that the design complexity of the password card is increased, and the problems of high power consumption, high cost and low reliability of the card can be caused; finally, in the data processing process, data flow needs to be transferred to the FPGA through the main control chip and then transferred to each algorithm chip from the FPGA, sensitive data such as keys need to be frequently transferred among different chips, so that great potential safety hazards exist, and the data processing efficiency of the data processing system is greatly damaged.
Therefore, how to provide a PCIE trusted cryptographic card with high security and reliability and low cost is a problem to be urgently solved by those skilled in the art.
disclosure of Invention
The application aims to provide a PCIE trusted password card which is simple in design, low in cost and high in safety and reliability.
The application provides a PCIE credible password card, PCIE credible password card includes:
the PCIE interface is used for acquiring data to be processed from a host machine and outputting a data processing result to the host machine;
The main control chip is used for calling a corresponding data processing algorithm according to the data to be processed and processing the data to be processed through the data processing algorithm to obtain a data processing result;
The main control chip is embedded with a first preset number of data processing algorithms.
preferably, the main control chip further includes an internal storage medium for storing parameter data corresponding to each of the data processing algorithms.
Preferably, the internal storage medium is embedded FLASH.
preferably, the master control chip is a CCP903T security chip.
Preferably, the main control chip further includes a second preset number of data communication interfaces for receiving the data to be processed and outputting the data processing result.
Preferably, the data communication interface includes a PCIE interface, a USB interface, a UART interface, and an SPI interface.
Preferably, the PCIE trusted cryptographic card further includes an expansion memory for storing standard metric data corresponding to the data processing result;
The master control chip also includes an extended memory interface.
Preferably, the expansion memory is a FLASH chip and/or an EMMC chip.
Preferably, the PCIE trusted cryptographic card further includes an external storage medium for storing data information issued by the host and/or the data processing result.
The PCIE trusted password card comprises a PCIE interface which is used for acquiring data to be processed from a host and outputting a data processing result to the host; the main control chip is used for calling a corresponding data processing algorithm according to the data to be processed and processing the data to be processed through the data processing algorithm to obtain a data processing result; the main control chip is embedded with a first preset number of data processing algorithms.
Therefore, the PCIE trusted password card provided by the application embeds various algorithms for data processing into the main control chip, all algorithm operations can be completed inside the main control chip, keys, sensitive data plaintext and the like can also be controlled inside the main control chip, circulation among a plurality of chips is not needed, and the PCIE trusted password card is ensured to have higher safety than a traditional trusted password card; meanwhile, the PCIE trusted password card only needs a main control chip and necessary peripherals, so that the design of a large number of peripheral algorithm chips and numerous devices such as FPGA, CPLD and the like is effectively avoided, the design cost is reduced, the power consumption is greatly reduced, and the reliability of the whole PCIE trusted password card is effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
fig. 1 is a schematic structural diagram of a PCIE trusted cryptographic card in the prior art;
Fig. 2 is a schematic structural diagram of a PCIE trusted cryptographic card provided in the present application;
Fig. 3 is a schematic structural diagram of another PCIE trusted cryptographic card provided in the present application;
Fig. 4 is a schematic structural diagram of a main control chip provided in the present application;
Fig. 5 is a schematic diagram of a secure data storage scheme inside a main control chip according to the present application;
Fig. 6 is a data processing flow chart for implementing signature operation based on a PCIE trusted cryptographic card according to the present application;
fig. 7 is a data processing flow chart for implementing encryption and decryption operations based on a PCIE trusted cryptographic card according to the present application;
Fig. 8 is a data processing flow chart for acquiring data stored in a main control chip based on a PCIE crypto card according to the present application;
Fig. 9 is a data processing flow chart for acquiring external storage data of a main control chip based on a PCIE crypto card according to the present application;
Fig. 10 is a data processing flow chart for acquiring data stored in a host based on a PCIE cipher card according to the present application;
Fig. 11 is a data processing flow chart for implementing data measurement based on a PCIE crypto card according to the present application.
Detailed Description
The core of the application is to provide the PCIE trusted password card which is simple in design, low in cost and high in safety and reliability.
in order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
referring to fig. 2, fig. 2 is a schematic structural diagram of a PCIE trusted cryptographic card provided in the present application, where the PCIE trusted cryptographic card may include:
A PCIE interface 1 configured to acquire data to be processed from a host 3 and output a data processing result to the host 3; the main control chip 2 is used for calling a corresponding data processing algorithm according to the data to be processed and processing the data to be processed through the data processing algorithm to obtain a data processing result; wherein, the main control chip 2 is embedded with a first preset number of data processing algorithms.
specifically, the PCIE trusted cryptographic card is provided with a PCIE interface 1, and is connected to the host 3 through the PCIE interface, specifically, the PCIE interface 1 of the PCIE trusted cryptographic card is inserted into a corresponding interface of the host 3, where the host 3 may be an upper computer. Therefore, the host 3 and the PCIE trusted password card communicate with each other through the PCIE interface 1, and specifically, the PCIE trusted password card may obtain the to-be-processed data issued by the host 3 through the PCIE interface 1, and after performing data processing on the to-be-processed data through the PCIE trusted password card, feed back the obtained data processing result to the host 3 through the PCIE interface 1 again.
further, the main control chip 2 is a core of the PCIE trusted cryptographic card, and various common algorithms required for general data processing are implemented inside the main control chip, and can be implemented in an embedded manner. Specifically, after the data to be processed is acquired through the PCIE interface 1, the main control chip 2 may call a corresponding data processing algorithm to process the data to be processed, so as to obtain a corresponding data processing result.
Preferably, the master chip 2 may be a CCP903T security chip.
The application provides a specific type of a main control chip 2, namely a CCP903T security chip, a PCIE interface of the chip follows PCIe 2.0 standard specification, can provide high-speed cryptographic operation service of multithreading, multiprocess and multi-card parallel processing for various security platforms of trusted computing, meets the requirements of the chip on functions of digital signature/verification, asymmetric/symmetric encryption and decryption, data integrity verification, true random number generation, key generation, management and the like, and can effectively ensure confidentiality, authenticity, integrity and resistance to denial of sensitive data. In addition, the CCP903T security chip supports mainstream operating systems such as Windows and Linux, and can be widely applied to security devices such as signature/authentication servers and security gateways/firewalls, and the fields of security data transmission, trusted computing and the like.
As a preferred embodiment, the main control chip 2 may further include an internal storage medium for storing parameter data corresponding to each data processing algorithm.
Specifically, when data to be processed is processed through a data processing algorithm, part of parameter data needs to be called to implement the processing, such as an encryption and decryption key corresponding to the encryption and decryption algorithm, a signature key corresponding to the digital signature algorithm, and the like, and the sensitive data needs to be stored in advance so as to be called later. In order to further ensure the security of the data information, a storage medium, that is, the internal storage medium, may be disposed inside the main control chip 2, and is used to implement the storage of the parameter data corresponding to each data processing algorithm, so that even when data processing is performed, the retrieval of the parameter data may be implemented inside the main control chip 2, no external circulation is required, and the security and reliability of the data information are effectively ensured.
Preferably, the internal storage medium may be embedded FLASH.
The application provides a specific internal storage medium, namely a FLASH chip embedded into a main control chip 2. The FLASH chip is a storage substance capable of rapidly storing and erasing data, and compared with a general RAM chip, the FLASH chip has the characteristic that stored data information is not easy to lose after power failure.
In addition, the data processing algorithms may include a public key algorithm, a grouping algorithm, and a hash algorithm. The public key algorithm is an asymmetric algorithm, and comprises algorithms such as SM2 and RSA; the grouping algorithm is a symmetric algorithm, and comprises algorithms such as SM1, SM4, AES, DES and the like; the hash algorithm comprises SM3, SHA1, SHA256, SHA384, SHA512 and other algorithms.
It is understood that the specific type and the specific number of the data processing algorithms are only one specific implementation manner provided in the present application, but not only, and may be set by a skilled person according to actual requirements, and the implementation of the present technical solution is not affected.
As a preferred embodiment, the main control chip 2 may further include a second preset number of data communication interfaces for receiving data to be processed and outputting a data processing result.
Specifically, after the PCIE trusted cryptographic card obtains the data to be processed from the host 3 through the PCIE interface 1, the data needs to be forwarded to the main control chip 2 for processing, and specifically, the data may also be implemented through a corresponding data communication interface, that is, the data to be processed is forwarded to the inside of the main control chip 2 through the communication data interface, and the data processing result is uploaded to the outside of the main control chip 2.
Preferably, the data communication Interface may include a PCIE Interface, a USB (Universal Serial Bus) Interface, a UART (Universal Asynchronous Receiver/Transmitter) Interface, and an SPI (Serial Peripheral Interface) Interface.
The application provides the type of comparatively concrete data communication interface, PCIE interface promptly, the USB interface, UART interface and SPI interface, from this, can select suitable interface according to the concrete type of pending data and forward it to 2 insides of main control chip.
Similar to the data processing algorithm, the specific type and the specific number of the communication data interfaces are only one specific implementation manner provided in the present application, but are not unique, and may be set by a skilled person according to actual needs, and the present application is not limited uniquely.
According to the PCIE trusted password card provided by the application, various algorithms for data processing are embedded in the main control chip, all algorithm operations can be completed in the main control chip, keys, sensitive data plaintext and the like can be controlled in the main control chip, circulation among a plurality of chips is not needed, and the PCIE trusted password card is guaranteed to have higher safety than a traditional trusted password card; meanwhile, the PCIE trusted password card only needs a main control chip and necessary peripherals, so that the design of a large number of peripheral algorithm chips and numerous devices such as FPGA, CPLD and the like is effectively avoided, the design cost is reduced, the power consumption is greatly reduced, and the reliability of the whole PCIE trusted password card is effectively improved.
On the basis of the foregoing embodiments, please refer to fig. 3 and fig. 4, where fig. 3 is a schematic structural diagram of another PCIE trusted cryptographic card provided in the present application, and fig. 4 is a schematic structural diagram of a main control chip provided in the present application.
As a preferred embodiment, the PCIE trusted cryptographic card may further include an expansion memory for storing standard metric data corresponding to the data processing result; the main control chip 2 may further include an extended memory interface.
Specifically, the PCIE trusted cryptographic card may further include an expansion memory, configured to store standard measurement data corresponding to the data processing result, so as to implement a data measurement function. For example, when the hash operation is performed on the data to be processed through the hash algorithm, the obtained operation metric value needs to be compared with the standard metric value to determine the correctness of the operation metric value, and the standard metric value is not similar to the sensitivity of data such as a security key, and the sensitivity coefficient is low, so that the data can be stored outside the main control chip 2, that is, on the expansion memory of the PCIE trusted cryptographic card.
It should be noted that the storage manner of the standard data corresponding to the data processing result is only one implementation manner provided in the present application, and may be stored in the main control chip 2. In addition, in the storage process, in order to ensure the safety of the data information, the data information can also be stored in an encrypted form.
Further, since the data processing process is implemented inside the main control chip 2, an expansion memory interface may be further provided inside the main control chip 2 for connection with an expansion memory, thereby implementing the retrieval of the standard data. It is contemplated that the type of expansion memory and the type of expansion memory interface should be identical.
Preferably, the expansion memory may be a FLASH chip and/or an EMMC (Embedded multimedia Card) chip.
As shown in fig. 3, the present application provides a specific extended memory, namely a FLASH chip and an EMMC chip, wherein the TRNG chip is a true random number chip meeting the standard requirements of the chinese national code administration. Further, as shown in fig. 4, an extended FLASH interface and an extended EMMC interface are provided inside the main control chip 2. The FLASH chip is introduced in the foregoing text, and is not described herein again; the EMMC chip is composed of an embedded storage solution, is provided with an MMC (multimedia card) interface, a flash memory device and a main controller, has the performance of rapidness and upgradability, and can effectively meet the requirements of consumer electronic products with higher requirements on storage capacity. In addition, C9000 is a high-performance PowerPC CPU, JTAG is an interface for implementing debugging and testing inside the chip, and DMA is a direct memory access controller for implementing high-speed data transmission control.
As a preferred embodiment, the PCIE trusted cryptographic card may further include an external storage medium for storing data information and/or data processing results sent by the host 3.
Specifically, a storage medium, such as a Random Access Memory (RAM) in fig. 3, for storing data information that can be changed at any time may be further disposed on the PCIE trusted crypto card, and is specifically disposed outside the main control chip 2, which is referred to as an external storage medium. The data information stored in the external storage medium may be data information issued by the host 3 and a data processing result obtained after the data processing is performed by the main control chip 2, and may be accessed and changed at any time, and the sensitivity coefficient is low.
According to the PCIE trusted password card provided by the embodiment of the application, the data information of different types is classified and stored through the storage media of different types, so that the security and confidentiality of various data information are effectively guaranteed, and further the reliability of the whole PCIE trusted password card is improved.
On the basis of the foregoing embodiments, the PCIE cryptocard provided in the present application is described below through a plurality of more specific application processes.
first, a data security storage policy in a PCIE trusted cryptographic card is introduced, please refer to fig. 5, and fig. 5 is a diagram illustrating a data security storage policy in a main control chip according to the present application. Wherein, the security chip is the main control chip. The storage root key is the root key which is stored in an encrypted manner and is stored in the main control chip, and the main control chip cannot be accessed from the outside, so that the storage root key is ensured not to be revealed. The signature key, the encryption key, the storage encryption key and the like are protected by the encryption of the storage root key and are stored in the main control chip in a ciphertext mode. In addition, data information stored inside or outside the main control chip is encrypted and protected through a storage encryption key, wherein sensitive data stored inside the main control chip refers to data stored in a FLASH chip inside the main control chip, the data can only be accessed by the main control chip, and the outside cannot be directly accessed; the sensitive data stored outside the main control chip is data stored in an external extended FLASH chip or an external extended EMMC chip, or data stored in a storage medium such as a hard disk of an upper computer (namely a host), and although the sensitive data is stored outside the main control chip, the security of the sensitive data can be ensured due to encrypted storage.
Furthermore, the encryption storage of various keys and various sensitive data guarantees the security of data information, but since the keys need to participate in operation and the sensitive data also need to be accessed after the application is authorized, the algorithm operation needs to be performed to become a plaintext for a normal data processing flow. Therefore, several data processing procedures based on specific data processing algorithms are explained below.
The first data processing algorithm: signature operation
Referring to fig. 6, fig. 6 is a data processing flow chart for implementing signature operation based on a PCIE trusted cryptographic card, where an upper computer is a host and a security chip is a main control chip, which are the same as the following. Specifically, inside a main control chip of the PCIE trusted cryptographic card, the signature private key is decrypted by storing the root key, and the data to be signed is signed by using a public key algorithm in the main control chip. The signature key plaintext only exists in the main control chip, and the specific algorithm operation is also performed in the security chip.
A second data processing algorithm: encryption and decryption operations
Referring to fig. 7, fig. 7 is a flowchart illustrating a data processing method for implementing encryption and decryption operations based on a PCIE trusted cryptographic card according to the present application. Specifically, inside a main control chip of the PCIE trusted cryptographic card, the encryption/decryption key is decrypted by storing the root key, and encryption/decryption processing is performed on data to be encrypted/decrypted by using a packet algorithm in the main control chip. The encryption/decryption key plaintext only exists in the main control chip, and the specific algorithm operation is also performed in the main control chip.
The third data processing algorithm: obtaining sensitive data in main control chip
Referring to fig. 8, fig. 8 is a flowchart illustrating a data processing method for acquiring data stored in a main control chip based on a PCIE crypto card according to the present application. Specifically, in a main control chip of the PCIE trusted cryptographic card, the storage encryption key is decrypted by the storage root key to obtain a plaintext of the storage encryption key, the sensitive data ciphertext is obtained from an internal FLASH chip of the main control chip, the internal sensitive data ciphertext to be transmitted is decrypted by using a grouping algorithm in the main control chip to obtain a sensitive data plaintext, and finally, the transmission encryption key is used to encrypt the sensitive data plaintext to return a corresponding ciphertext. The encryption key plaintext is stored only in the main control chip, the sensitive data plaintext is stored only in the main control chip, and the specific algorithm operation is also performed in the main control chip.
The fourth data processing algorithm: master control chip external sensitive data acquisition
Referring to fig. 9, fig. 9 is a flowchart illustrating a data processing method for acquiring external storage data of a main control chip based on a PCIE crypto card according to the present application. Specifically, inside a main control chip of the PCIE trusted cryptographic card, a plaintext storing an encryption key is obtained by decoding the storage encryption key through a storage root key, a sensitive data ciphertext is obtained from an expansion memory (a FLASH chip or an EMMC chip) outside the main control chip through an expansion memory interface, an external sensitive data ciphertext to be transmitted is decrypted by using a block algorithm in the main control chip, so as to obtain a sensitive data plaintext, and finally, the sensitive data plaintext is encrypted by using a transmission encryption key, so as to return the ciphertext. The encryption key plaintext is stored only in the main control chip, the sensitive data plaintext only in the chip, and the specific algorithm operation is also performed in the main control chip.
the fifth data processing algorithm: sensitive data acquisition in a host
Referring to fig. 10, fig. 10 is a flowchart illustrating a data processing method for acquiring data stored in a host based on a PCIE crypto card according to the present application. Specifically, inside a main control chip of the PCIE trusted cryptographic card, the storage encryption key is decrypted by the storage root key to obtain a plaintext of the storage encryption key, the sensitive data ciphertext issued by the upper computer is decrypted by using a block algorithm in the main control chip to obtain a sensitive data plaintext, and finally, the sensitive data plaintext is encrypted by using the transmission encryption key to return the ciphertext. The stored encryption key plaintext only exists in the main control chip, the sensitive data plaintext only exists in the main control chip, and the specific algorithm operation is also performed in the security chip.
A sixth data processing algorithm: measurement process based on hash algorithm
Referring to fig. 11, fig. 11 is a flowchart illustrating a data processing method for implementing data measurement based on a PCIE crypto card according to the present application. Specifically, inside a main control chip of the PCIE trusted password card, a hash algorithm is used for carrying out hash operation on measurement data sent by an upper computer to obtain an operation measurement value; in the main control chip, the storage encryption key is decrypted through the storage root key to obtain a plaintext of the storage encryption key; and acquiring a standard metric ciphertext from an expansion memory (a FLASH chip or an EMMC chip) outside the main control chip through an expansion memory interface, and decrypting the standard metric ciphertext by using a grouping algorithm inside the main control chip to obtain a standard metric plaintext. And finally, comparing the operation metric value with the standard metric value to obtain a metric result so as to return the metric result. The encryption key plaintext is stored only in the main control chip, the standard metric plaintext is stored only in the main control chip, and the specific algorithm operation is also performed in the main control chip.
The specific application flow of the PCIE trusted cryptographic card provided by the present application is introduced in detail through the above six data processing methods, and it can be seen that, in the PCIE trusted cryptographic card provided by the present application, various algorithms for data processing are embedded in the main control chip, all algorithm operations can be completed inside the main control chip, and a secret key, a sensitive data plaintext, and the like can also be controlled inside the main control chip, and there is no need to transfer between multiple chips, so that the PCIE trusted cryptographic card is ensured to have higher security than that of a conventional trusted cryptographic card; meanwhile, the PCIE trusted password card only needs a main control chip and necessary peripherals, so that the design of a large number of peripheral algorithm chips and numerous devices such as FPGA, CPLD and the like is effectively avoided, the design cost is reduced, the power consumption is greatly reduced, and the reliability of the whole PCIE trusted password card is effectively improved.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
the PCIE trusted cryptographic card provided in the present application is described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and these improvements and modifications also fall into the elements of the protection scope of the claims of the present application.
Claims (9)
1. a PCIE trusted crypto card is characterized by comprising:
The PCIE interface is used for acquiring data to be processed from a host machine and outputting a data processing result to the host machine;
The main control chip is used for calling a corresponding data processing algorithm according to the data to be processed and processing the data to be processed through the data processing algorithm to obtain a data processing result;
The main control chip is embedded with a first preset number of data processing algorithms.
2. The PCIE trusted cryptographic card of claim 1, wherein the main control chip further includes an internal storage medium for storing parameter data corresponding to each of the data processing algorithms.
3. The PCIE trusted cryptographic card of claim 2, wherein the internal storage medium is embedded FLASH.
4. the PCIE trusted cryptographic card of claim 1, wherein the master chip is a CCP903T security chip.
5. The PCIE trusted cryptographic card of claim 4, wherein the main control chip further includes a second preset number of data communication interfaces for receiving the data to be processed and outputting the data processing result.
6. The PCIE trusted cryptographic card of claim 5, wherein the data communication interface comprises a PCIE interface, a USB interface, a UART interface and an SPI interface.
7. the PCIE trusted cryptographic card of any one of claims 1 to 6, further comprising an expansion memory for storing standard metric data corresponding to the data processing result;
The master control chip also includes an extended memory interface.
8. The PCIE trusted cryptographic card of claim 7, wherein the expansion memory is a FLASH chip and/or an EMMC chip.
9. the PCIE trusted cryptographic card of claim 8, further comprising an external storage medium for storing data information issued by the host and/or the data processing result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201920919411.9U CN209803788U (en) | 2019-06-18 | 2019-06-18 | PCIE credible password card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201920919411.9U CN209803788U (en) | 2019-06-18 | 2019-06-18 | PCIE credible password card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN209803788U true CN209803788U (en) | 2019-12-17 |
Family
ID=68833766
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201920919411.9U Active CN209803788U (en) | 2019-06-18 | 2019-06-18 | PCIE credible password card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN209803788U (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111934859A (en) * | 2020-07-22 | 2020-11-13 | 北京三未信安科技发展有限公司 | Cipher card communication method, cipher card and computer equipment |
| CN112035900A (en) * | 2020-08-21 | 2020-12-04 | 郑州信大捷安信息技术股份有限公司 | High-performance password card and communication method thereof |
| CN114531240A (en) * | 2022-04-24 | 2022-05-24 | 北京神州安付科技股份有限公司 | Mini PCI-E password card |
| CN116302490A (en) * | 2023-02-02 | 2023-06-23 | 广州万协通信息技术有限公司 | Multi-channel security chip scheduling method and security chip device |
| CN116668026A (en) * | 2023-08-02 | 2023-08-29 | 北京国信云是科技有限公司 | Method, device, equipment and storage medium for processing password card data |
-
2019
- 2019-06-18 CN CN201920919411.9U patent/CN209803788U/en active Active
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111934859A (en) * | 2020-07-22 | 2020-11-13 | 北京三未信安科技发展有限公司 | Cipher card communication method, cipher card and computer equipment |
| CN112035900A (en) * | 2020-08-21 | 2020-12-04 | 郑州信大捷安信息技术股份有限公司 | High-performance password card and communication method thereof |
| CN112035900B (en) * | 2020-08-21 | 2022-03-15 | 郑州信大捷安信息技术股份有限公司 | High-performance password card and communication method thereof |
| CN114531240A (en) * | 2022-04-24 | 2022-05-24 | 北京神州安付科技股份有限公司 | Mini PCI-E password card |
| CN116302490A (en) * | 2023-02-02 | 2023-06-23 | 广州万协通信息技术有限公司 | Multi-channel security chip scheduling method and security chip device |
| CN116668026A (en) * | 2023-08-02 | 2023-08-29 | 北京国信云是科技有限公司 | Method, device, equipment and storage medium for processing password card data |
| CN116668026B (en) * | 2023-08-02 | 2023-10-31 | 北京国信云是科技有限公司 | Method, device, equipment and storage medium for processing password card data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN209803788U (en) | PCIE credible password card | |
| CN108345806B (en) | Hardware encryption card and encryption method | |
| US9735962B1 (en) | Three layer key wrapping for securing encryption keys in a data storage system | |
| CN110414244B (en) | Encryption card, electronic equipment and encryption service method | |
| US9954826B2 (en) | Scalable and secure key management for cryptographic data processing | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| CN106529308B (en) | data encryption method and device and mobile terminal | |
| US10943020B2 (en) | Data communication system with hierarchical bus encryption system | |
| US20180293407A1 (en) | Secure data storage device with security function implemented in a data security bridge | |
| CN107317677B (en) | Secret key storage and equipment identity authentication method and device | |
| CN114710351A (en) | Method and system for improving data security during communication | |
| US11960589B2 (en) | System for and method of authenticating a component of an electronic device | |
| CN100373376C (en) | Encryption chip, CPU program encryption method using said chip and system thereof | |
| US10776522B1 (en) | Asymmetric protection of circuit designs | |
| CN114221762A (en) | Private key storage method, private key reading method, private key management device, private key management equipment and private key storage medium | |
| CN112733180A (en) | Data query method and device and electronic equipment | |
| US11824977B2 (en) | Data processing system and method | |
| US11005651B2 (en) | Method and terminal for establishing security infrastructure and device | |
| CN117640256B (en) | Data encryption method, recommendation device and storage medium of wireless network card | |
| CN112688953B (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN113411347B (en) | Transaction message processing method and processing device | |
| CN117499159B (en) | Block chain-based data transaction method and device and electronic equipment | |
| CN114978714B (en) | RISC-V based lightweight data bus encryption safe transmission method | |
| EP4156014A1 (en) | Integrated circuit package reconfiguration mechanism | |
| Hughes | Access Control Design and Implementation for Direct Memory Access Attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |