CN209949120U - Ten-million Ethernet encryption and decryption board card - Google Patents
Ten-million Ethernet encryption and decryption board card Download PDFInfo
- Publication number
- CN209949120U CN209949120U CN201920940545.9U CN201920940545U CN209949120U CN 209949120 U CN209949120 U CN 209949120U CN 201920940545 U CN201920940545 U CN 201920940545U CN 209949120 U CN209949120 U CN 209949120U
- Authority
- CN
- China
- Prior art keywords
- interface
- encryption
- decryption
- board
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses a ten gigabit ethernet encryption and decryption integrated circuit board, its characterized in that: the system comprises a board card management interface, a key management interface, a plaintext interface, a ciphertext interface, an encryption and decryption module, a main control module, a clock module, a power supply module, a CPLD and the like; the board management interface comprises a serial port and an Ethernet port and is used for realizing the management of the board; the key management interface comprises an Ethernet port, a USB interface and an RFID card reading interface and is used for realizing downloading and updating of the encryption and decryption keys; the encryption and decryption module comprises two FPGAs (field programmable gate arrays), and each FPGA is respectively connected with 2 plain texts and 2 cipher texts through 4 XFI (x-ray filter interface) interfaces of the FPGA; the plaintext interface and the ciphertext interface are used in pairs, and the plaintext interface and the ciphertext interface are in one-to-one correspondence. The system is convenient to manage, has rich key management interfaces, can realize the bidirectional encryption and decryption of a plurality of 10G plaintext ciphertext ports simultaneously, and can meet the requirement of large-data-volume full-line-speed encryption and decryption.
Description
The technical field is as follows:
the utility model relates to a data encryption field especially relates to a ten gigabit ethernet encryption and decryption integrated circuit board.
Background art:
ethernet is one of the most widely used communication methods at present, and the security of data is greatly tested due to the openness and wide use of the network architecture. The related data is encrypted and decrypted by using a related algorithm such as AES, SM4 and the like, so that the safety of the data can be effectively improved, and information leakage and monitoring events can be prevented.
Most of the common encryption and decryption processes are completed by software, the efficiency is low, the requirement of Ethernet line speed cannot be met, and the encryption and decryption method can be used on some terminal equipment. But the requirements cannot be met in some application scenarios of large data transmission.
The utility model discloses a megaethernet encryption and decryption integrated circuit board uses FPGA to encrypt and decrypt ethernet data, the efficiency of improvement encryption and decryption that can be very big, and the integrated circuit board provides multiple key introduction interface and equipment management interface simultaneously. The encryption and decryption integrated circuit board can be independently used by an external power supply, can also be connected with a switch board card, a network card and the like through internal connection wires and is externally presented by the same equipment, so that the related board cards have the encryption and decryption functions.
The utility model has the following contents:
ten gigabit ethernet encryption integrated circuit board mainly by integrated circuit board management interface, key management interface, plain text interface, ciphertext interface, encrypt and decrypt module, host system, clock module, power module, CPLD, fan interface etc. constitute.
The board management interface comprises a serial port and an Ethernet port and is mainly responsible for management of the board, including version management, online upgrade and the like.
The key management interface comprises a network port, a USB interface and an RFID card reading interface, and aims to manage keys, such as key import, key update and the like.
The plaintext interface is SFP + interface for receiving and transmitting plaintext.
The cipher text interface is SFP + interface for receiving and transmitting cipher text.
The encryption and decryption module is a plurality of FPGA, each FPGA is connected with 2 plaintexts and 2 ciphertext interfaces and is used for completing encryption of data from a plaintexts port to a ciphertext port and decryption of the data from the ciphertext port to the plaintexts port.
The main control module uses a CPU to complete the related work of board card management, key management and the like.
The clock module is used for generating an Ethernet clock required by the FPGA of the encryption and decryption module.
The power module is used for generating each path of power needed by the board card and adopts a dual redundancy design.
The CPLD is responsible for some logic copying, reset control and the like of the board card.
And the fan interface is used for connecting the direct current fan to radiate heat for the board card.
Description of the drawings:
FIG. 1 is a schematic diagram of the interior of the board card;
FIG. 2 is a flow diagram of FPGA data within the encryption and decryption module;
the specific implementation mode is as follows:
in order to make the technical problem, technical solution and advantageous effects to be solved by the present invention more clearly understood, the following description is made in conjunction with the accompanying drawings and embodiments. It should be noted that the specific embodiments described herein are only for explaining the present invention, and are not used to limit the present invention.
Ten gigabit ethernet encrypt integrated circuit board, as shown in fig. 1: the system mainly comprises a board card management interface, a key management interface, a plaintext interface, a ciphertext interface, an encryption and decryption module, a main control module, a clock module, a power supply module, a CPLD and the like.
The board management interface comprises a serial port and an Ethernet port. The serial port is in an RJ45 form and is connected with a UART interface of a main control module CPU through an RS232 PHY chip; the Ethernet port is in RJ45 form and is connected with the SGMII1 interface of the main control module CPU through an Ethernet PHY chip. The two interfaces have the same function, and the board card can be managed through any one of the interfaces.
The key management interface comprises an Ethernet port, a USB interface and an RFID card reading interface. The Ethernet port is in an RJ45 form and is connected with an SGMII2 interface of a main control module CPU through an Ethernet PHY chip; the USB interface is connected with the USB interface of the main control module CPU; the RFID card reading interface is connected with the IIC interface of the CPU through the RFID module. The three interfaces have the same function, and can download or update keys through any one of the three interfaces, namely, an upper computer configuration key is used for inserting a network cable, a U disk configuration key is used, and an RFID identification card is used for configuring the keys.
The plaintext interface is the SFP + interface. Which is connected with an XFI interface of the FPGA of the encryption and decryption module.
The cipher text interface is SFP + interface. Wherein, XFI interface of FPGA of the encryption and decryption module is connected.
The plaintext interface and the ciphertext interface are not arranged on the same side of the board card, are arranged on two sides of the board card, and are convenient to be matched with the board card of other equipment for use. As shown in fig. 1, the cipher text interface and the board management interface are located on the same side of the board, and the plaintext interface and the power supply interface are located on the other side of the board, so that the layout is designed to facilitate the use of the cipher text interface and the board management interface in cooperation with other boards, and a new device with encryption and decryption functions is formed.
The encryption and decryption module is a plurality of FPGAs, and in the present embodiment, two FPGAs of the Xilinx Kintex7 series are used. Each FPGA is connected to 2 plain-text interfaces and 2 cipher-text interfaces through its own 4 XFI interfaces, and is always used in pairs when in use, that is, the plain-text interfaces and the cipher-text interfaces are in one-to-one correspondence, as shown in fig. 2. The encryption module inside the FPGA encrypts the data accessed from the plaintext port into ciphertext to be output, and the decryption module inside the FPGA decrypts the data accessed from the ciphertext port into plaintext to be output.
The main control module is a CPU, in this embodiment, a PowerPC model is P1014 is used, and a UART interface thereof is connected to an RS232 PHY chip and an RJ 45-shaped RS232 serial port is externally extended as a board management interface; an SGMII1 interface is connected with an Ethernet PHY chip, and an RJ 45-shaped network port is expanded outside the Ethernet PHY chip and serves as a board card management interface; the SGMII2 interface is connected with an Ethernet PHY chip and is externally expanded with an RJ 45-shaped network port as a key management interface; a USB interface is expanded outside the USB interface and is used as a key management interface; the IIC interface is connected with the RFID module external expansion RFID card reading interface and serves as a key management interface; the IFC bus is connected with an MIF interface (parallel bus interface supporting motorola or intel mode) of the FPGA and is used as a communication interface between the main control module and the encryption and decryption module.
The clock module is used for generating an Ethernet clock required by the FPGA of the encryption and decryption module. Since the gigabit ethernet is usually required to be downward compatible with the gigabit ethernet, the clock module has the capability of outputting 156.25Mhz clock and 125Mhz clock simultaneously, so as to meet the clock requirements of the FPGA gigabit and gigabit ethernet cores.
The power module is used for generating each path of power needed by the board card and adopts a dual redundancy design. When one of the power supplies is abnormal, the power supply of the board card is not influenced.
The CPLD is responsible for some logic copying and resetting control of the board card.
And the fan interface is used for connecting the direct current fan to radiate heat for the board card.
The above-mentioned preferred embodiments of the present invention are not intended to limit the present invention, and all modifications, equivalent replacements, and improvements made within the spirit and principles of the present invention should be included within the protection scope of the present invention.
Claims (8)
1. The ten-gigabit Ethernet encryption and decryption board card is characterized in that: the gigabit Ethernet encryption board card consists of a board card management interface, a key management interface, a plaintext interface, a ciphertext interface, an encryption and decryption module, a main control module, a clock module, a power supply module, a CPLD (complex programmable logic device) and a fan interface; the main control module is connected with a management interface by using a PowerPC model P1014, an external RS232 chip through UART and an external Ethernet PHY chip through SGMII, is connected with a key management interface by using an external PHY chip through SGMII, a USB interface and an external RFID module through IIC, and is connected with an MIF interface of FPGA through an IFC bus; the plaintext interface and the ciphertext interface are connected with the FPGA through an XFI interface.
2. The gigabit ethernet encryption/decryption board of claim 1, wherein: the management interface of the board card comprises a serial port and an Ethernet port and is used for realizing the management of the board card.
3. The gigabit ethernet encryption/decryption board of claim 1, wherein: the key management interface of the board card comprises an Ethernet port, a USB interface and an RFID card reading interface, and is used for realizing downloading and updating of the encryption and decryption keys.
4. The gigabit ethernet encryption/decryption board of claim 1, wherein: the encryption and decryption module of the board card is a plurality of FPGA, each FPGA is respectively connected with 2 plain texts and 2 cipher texts through 4 XFI interfaces of the FPGA, and the encryption and decryption module is used for realizing encryption of data from a plain text port to a cipher text port and decryption of data from the cipher text port to the plain text port.
5. The gigabit ethernet encryption/decryption board of claim 1, wherein: the plaintext interface and the ciphertext interface of the board card need to be used in pairs, and the plaintext interface and the ciphertext interface are in one-to-one correspondence.
6. The gigabit ethernet encryption/decryption board of claim 1, wherein: the plaintext interface and the ciphertext interface of the board card are not positioned on the same side of the board card and are positioned on two sides of the board card.
7. The gigabit ethernet encryption/decryption board of claim 1, wherein: the clock module of the board can output 156.25Mhz clock and 125Mh clock at the same time.
8. The gigabit ethernet encryption/decryption board of claim 1, wherein: the power module of the board card adopts a dual redundancy design; when one of the power supplies is abnormal, the power supply of the board card is not influenced.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201920940545.9U CN209949120U (en) | 2019-06-25 | 2019-06-25 | Ten-million Ethernet encryption and decryption board card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201920940545.9U CN209949120U (en) | 2019-06-25 | 2019-06-25 | Ten-million Ethernet encryption and decryption board card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN209949120U true CN209949120U (en) | 2020-01-14 |
Family
ID=69135840
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201920940545.9U Active CN209949120U (en) | 2019-06-25 | 2019-06-25 | Ten-million Ethernet encryption and decryption board card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN209949120U (en) |
-
2019
- 2019-06-25 CN CN201920940545.9U patent/CN209949120U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101410848B (en) | Method and system for device authentication | |
| CN102195776A (en) | Method and system for processing information in a safety communication system | |
| WO2006036320A2 (en) | System and method for creating a security application for programmable cryptography module | |
| CN103973432A (en) | SM4 algorithm encryption unit based on FPGA chip and USB interface chip | |
| CN105871902A (en) | Data encryption and isolation system | |
| CN106101150A (en) | The method and system of AES | |
| CN103986582A (en) | Data encryption transmission method, device and system based on dynamic encryption technology | |
| CN104581712A (en) | Encryption communication method and system of mobile terminal | |
| CN105978686A (en) | Key management method and system | |
| CN110602107B (en) | Zynq-based network cipher machine and network data encryption and decryption method | |
| CN205787791U (en) | Network relay and network system | |
| CN109658545A (en) | A kind of cipher set-up method and network access system of network lock | |
| CN205792703U (en) | Data encryption and shielding system | |
| CN100369017C (en) | Encrypt device and method for static RAM programmable gate array chip | |
| CN104486069A (en) | GOST encryption and decryption equipment and method based on FPGA (field programmable gate array) | |
| CN209949120U (en) | Ten-million Ethernet encryption and decryption board card | |
| CN109960943A (en) | A kind of encryption device | |
| CN103902932B (en) | Method for encryption through data encryption and decryption device for USB storage devices | |
| CN106961323B (en) | Key decryption board card, device, system and processing method | |
| CN103427978A (en) | Wireless Chinese character transmitting device based on chaotic encryption system | |
| CN101267295A (en) | Method and system for processing information in safety communication system | |
| CN105933332B (en) | Transformer remote monitoring system with special encryption and decryption chip and working method thereof | |
| CN209390080U (en) | A kind of miniaturization electric power special quantum encryption integrated apparatus | |
| CN218162489U (en) | Internet of things gateway equipment with encryption communication function | |
| CN205453789U (en) | Embedded type safety in terminal inserts module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |