CN210274109U - Ethernet card device supporting encryption function - Google Patents
Ethernet card device supporting encryption function Download PDFInfo
- Publication number
- CN210274109U CN210274109U CN201921999291.4U CN201921999291U CN210274109U CN 210274109 U CN210274109 U CN 210274109U CN 201921999291 U CN201921999291 U CN 201921999291U CN 210274109 U CN210274109 U CN 210274109U
- Authority
- CN
- China
- Prior art keywords
- encryption
- ethernet
- fpga
- controller
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The utility model discloses an Ethernet card device supporting encryption function, which comprises a FLASH key storage unit, a FPGA encryption and decryption unit, an ARM controller, a PHY chip and an Ethernet controller; the ARM controller is respectively and electrically connected with the FLASH key storage unit and the FPGA encryption and decryption unit; the FPGA encryption and decryption unit is electrically connected with the Ethernet controller and the PHY chip respectively; the Ethernet controller is connected with the PCLE bus of the host through the PCLE golden finger in sequence; the PHY chip is connected to an external network through an RJ45 interface. The utility model realizes the encryption and decryption of the Ethernet card by using the FPGA logic device, avoids the occupation of the CPU resource of the host computer, and ensures the real-time performance of the network; and by adopting an integrated hardware system structure, the stability of the system is improved, and the safe communication between the host and the gateway and between the host and the gateway is realized.
Description
Technical Field
The utility model belongs to the technical field of ethernet card, concretely relates to support ethernet card device of encryption function.
Background
As networks become widespread, security becomes an important issue affecting network performance, and openness, internationality, and freedom of the internet have increased the degree of freedom of application and put higher demands on security.
Trusted Platform Module (TPM) 1.2 was released by the 10-month Trusted Computing Group (TCG) in 2003. Besides the establishment of a trust chain, the TPM also provides functions of key management and the like, and as the technology continues to develop, the TPM will gradually become one of necessary components in a computer network in future applications.
The Ethernet encryption technology is mainly used for preventing illegal hosts from accessing the internal local area network of an organization to steal confidential information, and the technology can also prevent the hosts inside the organization from being interconnected with other illegal hosts to cause the copying of confidential data.
The existing encrypted ethernet card technology generally uses a software method to encrypt and decrypt the ethernet message or its upper layer message by using the processing capability of a processor. The technology is easy to disassemble, track and decipher by malicious personnel, the safety is often poor, and the encryption algorithm consumes a large amount of processing capacity of a host CPU, so that the throughput performance of the network and the processing capacity of the host are reduced.
SUMMERY OF THE UTILITY MODEL
An object of the utility model is to the above-mentioned among the prior art not enough, provide an ethernet card device that supports cryptographic function to solve present network card easy malicious disassembling, trail and decipher, the often relatively poor problem of security.
In order to achieve the purpose, the utility model adopts the technical proposal that:
an Ethernet card device supporting an encryption function comprises a FLASH key storage unit, an FPGA encryption and decryption unit, an ARM controller, a PHY chip and an Ethernet controller;
the ARM controller is respectively and electrically connected with the FLASH key storage unit and the FPGA encryption and decryption unit; the FPGA encryption and decryption unit is electrically connected with the Ethernet controller and the PHY chip respectively; the Ethernet controller is connected with the PCLE bus of the host through the PCLE golden finger in sequence; the PHY chip is connected to an external network through an RJ45 interface.
Preferably, the model of the ARM controller is an ARM controller chip of the GD32F405RTG 6.
Preferably, the FLASH key storage unit is internally provided with an SPI FLASH chip of the W25Q128 FVSIG.
Preferably, the FPGA encryption and decryption unit is internally provided with an FPGA chip of the PGL 22G.
Preferably, the PHY chip is a PHY chip of BCM 5464S.
Preferably, the ethernet controller has 82580 EB's ethernet controller chip built in.
The utility model provides a support ethernet card device of encryption function has following beneficial effect:
the utility model realizes the encryption and decryption of the Ethernet card by using the FPGA logic device, avoids the occupation of the CPU resource of the host computer, and ensures the real-time performance of the network; and by adopting an integrated hardware system structure, the stability of the system is improved, and the safe communication between the host and the gateway and between the host and the gateway is realized.
Drawings
Fig. 1 is a block diagram of a network card system of an ethernet card device supporting an encryption function.
Fig. 2 is a block diagram of data encryption of an ethernet card device supporting an encryption function.
Fig. 3 is a block diagram of data decryption of an ethernet card device supporting an encryption function.
Fig. 4 is a block diagram of key update of an ethernet card device supporting encryption.
Fig. 5 is a hardware configuration diagram of an ethernet card device supporting an encryption function.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and various changes may be made apparent to those skilled in the art within the spirit and scope of the present invention as defined and defined by the appended claims.
According to an embodiment of the present application, referring to fig. 1 and fig. 5, an ethernet card device supporting an encryption function according to the present solution includes:
and the FLASH key storage unit is internally provided with an SPI FLASH chip of the W25Q128FVSIG and is used for storing the key and the serial number of the encrypted Ethernet card.
And the FPGA encryption and decryption unit is internally provided with an FPGA chip of the PGL22G and is used for encrypting and decrypting data on the MII interface.
And the ARM controller selects an ARM controller chip with built-in GD32F405RTG6 to control key generation and updating.
And the PHY chip is a BCM5464S PHY chip.
An Ethernet controller, an Ethernet controller chip with 82580EB built in.
The ARM controller is respectively and electrically connected with the FLASH key storage unit and the FPGA encryption and decryption unit; the FPGA encryption and decryption unit is electrically connected with the Ethernet controller and the PHY chip respectively; the Ethernet controller is connected with the PCLE bus of the host through the PCLE golden finger in sequence; the PHY chip is connected to an external network through an RJ45 interface.
The principle of each electric element of the scheme about data encryption is as follows:
referring to fig. 2, after the ethernet card device is initialized when powered on, the ARM controller fetches the key from the FLASH key storage unit and writes the key into the register in the FPGA encryption unit. And then, plaintext data sent from the host is intercepted by the FPGA encryption unit, then the key is taken out from the register in which the key is stored and encrypted, and finally encrypted ciphertext data is sent to an external network through a physical link.
The principle of each electric element of the scheme about data decryption is as follows:
referring to fig. 3, after the ethernet card device is initialized when powered on, the ARM controller fetches the key from the FLASH key storage unit and writes the key into the register in the FPGA encryption unit. And then, the ciphertext data sent from the external network is intercepted by the FPGA decryption unit, then the key is taken out from the register in which the key is stored for decryption, and finally the decrypted plaintext data is submitted to the host through the PCIE bus.
In the whole encryption and decryption communication process, the key is very important to the management of the secret key, and the safety of the whole communication can be ensured only if the safety of the secret key is ensured. The utility model discloses an at the in-process of communication, random change secret key makes the secret key be in the non-fixed state to the robustness of reinforcing communication. The following describes the process of key update: for the convenience of the description of the whole key updating process, the key used before updating is referred to as a random key a, and the key used after updating is referred to as a random key B.
Referring to fig. 4, first, an ARM controller in the key update initiating terminal generates a random key B, writes the random key B into the FLASH key storage unit, and encapsulates the random key B into a control message that can be identified by the FPGA encryption/decryption unit, where the FPGA encryption/decryption unit encrypts the control message using the random key a and then sends the encrypted control message to the external network.
And secondly, the key updating receiving end captures the control message, transmits the control message into the FPGA encryption and decryption unit for decryption by using the random key A, identifies the type of the control message, transmits the message to the ARM controller, and the ARM controller takes out the random key B from the message and writes the random key B into the FLASH key storage unit.
And then after the ARM controller at the key updating receiving end confirms that the key is successfully written into the FLASH key storage unit, a control message with successfully updated key is generated, and after the encryption by using the random key A, the FPGA encryption and decryption unit transmits the encrypted message back to the key updating initiating end through an external network, so that the whole key updating process of updating the key is completed. Subsequent encrypted communications will be conducted using the random key B.
If the ARM controller at the key updating receiving end confirms that the key updating fails, a control message of the key updating failure is also generated, the FPGA encryption and decryption unit uses the random key A for encryption and then transmits the encrypted control message back to the key updating initiating end through an external network, and the ARM controller at the key updating initiating end modifies the random key B in the FLASH key storage unit into the random key A. Subsequent communications continue using random key a.
It should be noted that the above theoretical process only protects the whole hardware structure of the present solution, and does not involve the improvement and protection of the program, and the above principles are mature technologies, and those skilled in the art can directly derive the above principles from the hardware structure diagram of the present solution.
The utility model realizes the encryption and decryption of the Ethernet card by using the FPGA logic device, avoids the occupation of the CPU resource of the host computer, and ensures the real-time performance of the network; and by adopting an integrated hardware system structure, the stability of the system is improved, and the safe communication between the host and the gateway and between the host and the gateway is realized.
While the present invention has been described in detail with reference to the embodiments, the scope of the present invention should not be limited to the embodiments. Various modifications and changes may be made by those skilled in the art without inventive step within the scope of the appended claims.
Claims (6)
1. An Ethernet card device supporting encryption function, characterized in that: the system comprises a FLASH key storage unit, an FPGA encryption and decryption unit, an ARM controller, a PHY chip and an Ethernet controller;
the ARM controller is respectively and electrically connected with the FLASH key storage unit and the FPGA encryption and decryption unit; the FPGA encryption and decryption unit is electrically connected with the Ethernet controller and the PHY chip respectively; the Ethernet controller is connected with the PCLE bus of the host through the PCLE golden finger in sequence; the PHY chip is connected with an external network through an RJ45 interface.
2. The ethernet card device supporting encryption function according to claim 1, wherein: the model of the ARM controller is an ARM controller chip of GD32F405RTG 6.
3. The ethernet card device supporting encryption function according to claim 1, wherein: the FLASH key storage unit is internally provided with a SPIFLASH chip of W25Q128 FVSIG.
4. The ethernet card device supporting encryption function according to claim 1, wherein: the FPGA encryption and decryption unit is internally provided with an FPGA chip of the PGL 22G.
5. The ethernet card device supporting encryption function according to claim 1, wherein: the PHY chip is a BCM5464S PHY chip.
6. The ethernet card device supporting encryption function according to claim 1, wherein: the Ethernet controller is internally provided with 82580EB Ethernet controller chips.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201921999291.4U CN210274109U (en) | 2019-11-19 | 2019-11-19 | Ethernet card device supporting encryption function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201921999291.4U CN210274109U (en) | 2019-11-19 | 2019-11-19 | Ethernet card device supporting encryption function |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN210274109U true CN210274109U (en) | 2020-04-07 |
Family
ID=70021058
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201921999291.4U Active CN210274109U (en) | 2019-11-19 | 2019-11-19 | Ethernet card device supporting encryption function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN210274109U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338215A (en) * | 2021-12-30 | 2022-04-12 | 天津光电通信技术有限公司 | Network link security encryption system |
-
2019
- 2019-11-19 CN CN201921999291.4U patent/CN210274109U/en active Active
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338215A (en) * | 2021-12-30 | 2022-04-12 | 天津光电通信技术有限公司 | Network link security encryption system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3274850B1 (en) | Protecting a memory | |
| CN108345806B (en) | Hardware encryption card and encryption method | |
| US9355280B2 (en) | Apparatus and method for providing hardware security | |
| JP5815294B2 (en) | Secure field programmable gate array (FPGA) architecture | |
| CN100487715C (en) | Date safety storing system, device and method | |
| EP3274848B1 (en) | Providing enhanced replay protection for a memory | |
| US10496841B2 (en) | Dynamic and efficient protected file layout | |
| US20200228311A1 (en) | Lightweight encryption, authentication, and verification of data moving to and from intelligent devices | |
| CN102111349A (en) | Security certificate gateway | |
| US20140040632A1 (en) | Low-overhead cryptographic method and apparatus for providing memory confidentiality, integrity and replay protection | |
| CN107454590A (en) | A kind of data ciphering method, decryption method and wireless router | |
| CN110753344A (en) | NB-IoT-based smart meter secure access system | |
| CN100550030C (en) | On portable terminal host, add the method for credible platform | |
| US11698973B2 (en) | Platform security mechanism | |
| CN210274109U (en) | Ethernet card device supporting encryption function | |
| CN201051744Y (en) | A secure encryption network card device | |
| US20210126776A1 (en) | Technologies for establishing device locality | |
| CN105472030A (en) | Remote mirror image method and system based on iSCSI | |
| CN114553411B (en) | Distributed memory encryption device and distributed memory decryption device | |
| CN111541663A (en) | Link exchange encryption system based on national password standard | |
| CN106899545A (en) | A kind of system and method for terminal security communication | |
| CN115694922A (en) | File transmission encryption method and equipment under domestic CPU and OS | |
| CN115544583B (en) | Data processing method and device of server cipher machine | |
| CN209895342U (en) | BMC key safety protection card | |
| CN116167060A (en) | Trusted read-only memory system and trusted baseboard management controller system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |