CN215378951U - Portable VPN device and remote access system - Google Patents

Portable VPN device and remote access system Download PDF

Info

Publication number
CN215378951U
CN215378951U CN202121725178.4U CN202121725178U CN215378951U CN 215378951 U CN215378951 U CN 215378951U CN 202121725178 U CN202121725178 U CN 202121725178U CN 215378951 U CN215378951 U CN 215378951U
Authority
CN
China
Prior art keywords
portable
microprocessor
module
vpn
vpn device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202121725178.4U
Other languages
Chinese (zh)
Inventor
卢培文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Fangcun Microelectronic Technology Co ltd
Shandong Fangcun Microelectronics Technology Co ltd
Original Assignee
Qingdao Fangcun Microelectronic Technology Co ltd
Shandong Fangcun Microelectronics Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Fangcun Microelectronic Technology Co ltd, Shandong Fangcun Microelectronics Technology Co ltd filed Critical Qingdao Fangcun Microelectronic Technology Co ltd
Priority to CN202121725178.4U priority Critical patent/CN215378951U/en
Application granted granted Critical
Publication of CN215378951U publication Critical patent/CN215378951U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Small-Scale Networks (AREA)

Abstract

The utility model provides a portable VPN device and a remote access system, which comprise a master controller, a memory and a communication interface connected with the master controller, wherein the master controller comprises a microprocessor, the microprocessor is connected with a CRYPTO module through an AHB bus, and the CRYPTO module is connected with various communication interfaces through an AXI bus; the microprocessor includes a master microprocessor and a slave microprocessor. The scheme adopts a hardware-level encryption scheme, so that the efficiency and the safety of data transmission are ensured; the VPN equipment supports various communication interfaces and has strong compatibility; meanwhile, the VPN equipment adopts an integrated independent design, is small in size and has good portability.

Description

Portable VPN device and remote access system
Technical Field
The utility model relates to the technical field of VPN (virtual private network) equipment, in particular to portable VPN equipment and a remote access system.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
VPN belongs to remote access technology, and is simply to use public network to build a private network. For example, when an employee of a company goes on business and goes out of the country, the employee wants to access a server resource of an intranet, and the access belongs to remote access.
The method for making the outside staff to access the resources of the internal network and utilizing the VPN is to set up a VPN server in the internal network. After the local staff is connected with the Internet, the staff outside the enterprise enters the intranet through the VPN server after connecting with the VPN server through the Internet. In order to ensure data security, communication data between the VPN server and the client is encrypted. With data encryption, data can be considered to be securely transmitted over a dedicated data link as if a private network were specifically set up, but in reality the VPN uses a public link over the internet, so the VPN is called a virtual private network, which essentially encapsulates a data communication tunnel over a public network using encryption techniques. With the VPN technology, users can access intranet resources by using the VPN whether the users are on business or at home, as long as the users can access the intranet resources through the internet, which is why the VPN is widely used in enterprises.
The mainstream VPN solution in the current market is to access the intranet of a company through special encryption software, and the existing solution has the following defects:
(1) the access speed of the existing encryption access mode through a soft module is low;
(2) are easily hacked, VPNs pose security risks when using wireless devices, roaming between access points is particularly problematic, and any solution using advanced encryption techniques may be compromised when a user roams between access points.
SUMMERY OF THE UTILITY MODEL
In order to solve the problems in the prior art, the utility model provides the portable VPN equipment, and the scheme adopts a hardware-level encryption scheme, so that the efficiency and the safety of data transmission are ensured; the VPN equipment supports various communication interfaces and has strong compatibility; meanwhile, the VPN equipment adopts an integrated independent design, is small in size and has good portability.
In order to solve the problems, the utility model adopts the following technical scheme:
a portable VPN device comprising a master, a memory and a communication interface connected to the master, wherein the master comprises a microprocessor connected to a CRYPTO module by an AHB bus, the CRYPTO module being connected to various communication interfaces by an AXI bus; the microprocessor includes a master microprocessor and a slave microprocessor.
Further, a PKE module is arranged between the CRYPTO module and the master controller.
Furthermore, the PKE module comprises an AHB interface module, a register group module, an operation unit and a microcode operation unit, and the PKE module interacts with the main microprocessor through an AHB bus based on the AHB interface module.
Further, the communication interface comprises an RJ45 gigabit network port, an RJ45 gigabit network port with POE power supply, a USB3.0 interface and an RS232 serial port.
Further, the main microprocessor adopts an FA616TE microprocessor, and the auxiliary microprocessor adopts a CK803S microprocessor.
Furthermore, the master controller is also connected with a watchdog timer, a universal asynchronous transceiver, a universal I/O interface and a TMR sensor interface through a bus.
A remote access system comprises the portable VPN device, an external network device and a PC, wherein the external network device is connected to the portable VPN device through a network cable and an RJ45 gigabit network port with POE power supply, and the PC is connected to the portable VPN device through a USB3.0 interface or a gigabit network port.
Further, the extranet device may be a router or an optical modem.
Compared with the prior art, the utility model has the beneficial effects that:
the scheme adopts a hardware-level encryption scheme, so that the efficiency and the safety of data transmission are ensured; the VPN equipment supports various communication interfaces and has strong compatibility; meanwhile, the VPN equipment adopts an integrated independent design, is small in size and has good portability.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application.
Fig. 1 is a block diagram of a portable VPN device according to a first embodiment of the present invention;
FIG. 2 is a schematic diagram of a system architecture of a main control chip according to a first embodiment of the present invention;
fig. 3 is a block diagram of a CRYPTO module according to an embodiment of the present invention;
fig. 4 is a block diagram of the PKE module according to the first embodiment of the present invention.
The specific implementation mode is as follows:
the utility model is further described with reference to the following detailed description of embodiments and drawings.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
The first embodiment is as follows:
it is an object of the present embodiment to provide a portable VPN device.
As shown in fig. 1, a block diagram of a portable VPN device is shown, an external network accesses the VPN device through a gigabit network interface (POE), a user can access a computer through a USB3.0 interface or a gigabit network interface, and efficient encryption of data is achieved through a T680 security chip, the portable VPN device includes a master controller (a security chip adopted by the master controller is hereinafter referred to as a T680 security chip, as shown in fig. 2, a detailed structure of the T680 security chip is shown), a memory, and a communication interface connected to the master controller, where, CK 803S: a 32-bit main processor; FA616 TE: a 32-bit coprocessor; and (3) PKE: a public key engine; CRYPTO: and the other parts of the encryption module are standard interfaces. The master controller comprises a microprocessor, the microprocessor is connected with a CRYPTO module through an AHB bus, and the CRYPTO module is connected with various communication interfaces through an AXI bus; the microprocessor includes a master microprocessor and a slave microprocessor.
Further, a PKE module is further disposed between the CRYPTO module and the master, specifically, as shown in fig. 3, the module includes an SM3: SM3 algorithm module, an SM4: SM4 algorithm module; the CRYPTO module is mainly used for encrypting and decrypting data entering the module. The SM4 and SM3 algorithms are currently supported. The two are independent from each other, the SM4 data is transmitted through the AXI bus, and the SM3 data is transmitted through the AHB bus. After data enters the CRYPTO module from the AXI BUS port or the AHB BUS port, the CPU configures a CRYPTO module register through the AHB BUS and selects a corresponding function until the encryption and decryption are finished.
Further, the PKE (public Key engine) module includes an AHB interface module, a register set module, an arithmetic unit, and a microcode running unit, and the PKE module interacts with the main microprocessor through an AHB bus based on the AHB interface module. Specifically, as shown in fig. 4, the RAM: random access memory, RNG: a true random number generator, HASH Module, a HASH algorithm Module; the PKE is used to speed up large digital-to-analog operations in public key cryptographic operations. In the operation process of the public key, a large number of large digital-analog operations exist, for a common embedded CPU, a large number of CPU instructions are consumed for completing the large digital-analog operations, and the efficiency is extremely low, so that a public key password acceleration module is added into most chips supporting the public key password operations to complete the operation of the public key password. PKE is used to speed up the large digital operations involved in SM2 in public key cryptography. The CPU can inquire the working condition of the PKE in a polling or interrupt mode. In addition, the PKE module needs four RAMs and one ROM, and can complete the operation with different precision according to different register configurations.
Further, the TRNG module (true random number generator) generates a random sequence by a physical random source, and then generates a true random number by SM4 equalization processing, so as to provide a key pair for asymmetric algorithms such as SM 2.
Furthermore, the equipment also comprises a power supply port, and electronic components in the equipment are supplied with power by an external power supply.
Further, the communication interface comprises an RJ45 gigabit network port, an RJ45 gigabit network port with POE power supply, a USB3.0 interface and an RS232 serial port.
Further, the VPN device further comprises a shell, wherein the shell is made of metal materials, and corresponding openings are formed in the shell according to the size of the communication interface.
Further, the main microprocessor adopts an FA616TE microprocessor, and the auxiliary microprocessor adopts a CK803S microprocessor.
Furthermore, the master controller is also connected with a watchdog timer, a universal asynchronous transceiver, a universal I/O interface and a TMR sensor interface through a bus.
Example two:
it is an object of the present embodiment to provide a remote access system.
A remote access system comprises the portable VPN device, an external network device and a PC, wherein the external network device is connected to the portable VPN device through a network cable and an RJ45 gigabit network port with POE power supply, and the PC is connected to the portable VPN device through a USB3.0 interface or a gigabit network port.
Further, the extranet device may be a router or an optical modem.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.

Claims (10)

1. A portable VPN device comprising a master, a memory and a communication interface connected to said master, wherein said master comprises a microprocessor connected to a CRYPTO module via an AHB bus, said CRYPTO module being connected to various communication interfaces via an AXI bus; the microprocessor includes a master microprocessor and a slave microprocessor.
2. The portable VPN device of claim 1, wherein a PKE module is further disposed between said CRYPTO module and said master.
3. The portable VPN apparatus of claim 2, wherein said PKE module comprises an AHB interface module, a register bank module, an arithmetic unit, and a microcode execution unit, said PKE module interacting with said host microprocessor via an AHB bus based on said AHB interface module.
4. The portable VPN device according to claim 1, wherein said device further comprises a power supply port for providing power to electronic components in said device from an external power source.
5. The portable VPN device of claim 1, wherein said communication interfaces comprise an RJ45 gigabit port, a POE powered RJ45 gigabit port, a USB3.0 interface and an RS232 serial port.
6. The portable VPN device according to claim 1, wherein said VPN device further comprises a housing, said housing being made of a metallic material and having corresponding openings according to the size of the communication interface.
7. The portable VPN device according to claim 1, wherein said master microprocessor employs a FA616TE microprocessor and said slave microprocessor employs a CK803S microprocessor.
8. The portable VPN device according to claim 1, wherein the master is further connected via a bus to a watchdog timer, a universal asynchronous transceiver transmitter, a universal I/O interface, and a TMR sensor interface.
9. A remote access system comprising the portable VPN device of any of claims 1-8, an extranet device that accesses the portable VPN device through a network cable via a POE powered RJ45 gigabit port, and a PC that accesses the portable VPN device through a USB3.0 interface or a gigabit port.
10. A remote access system as claimed in claim 9, wherein said extranet device is a router or a modem.
CN202121725178.4U 2021-07-26 2021-07-26 Portable VPN device and remote access system Active CN215378951U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202121725178.4U CN215378951U (en) 2021-07-26 2021-07-26 Portable VPN device and remote access system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202121725178.4U CN215378951U (en) 2021-07-26 2021-07-26 Portable VPN device and remote access system

Publications (1)

Publication Number Publication Date
CN215378951U true CN215378951U (en) 2021-12-31

Family

ID=79614049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202121725178.4U Active CN215378951U (en) 2021-07-26 2021-07-26 Portable VPN device and remote access system

Country Status (1)

Country Link
CN (1) CN215378951U (en)

Similar Documents

Publication Publication Date Title
US9251380B1 (en) Method and storage device for isolating and preventing access to processor and memory used in decryption of text
CN110289952B (en) Quantum data link security terminal and security communication network
JP4279856B2 (en) Information transfer method and computer
US20120233674A1 (en) Security for remote access vpn
WO2006131069A1 (en) A separate encryption/decryption equipment for plentiful data and a implementing method thereof
CN106127059B (en) The realization of credible password module and method of servicing on a kind of ARM platform
CN103618737A (en) VNC console optimization scheme of virtual machines in cloud computing environment
CN103780608A (en) SM4-algorithm control method based on programmable gate array chip
CN101431411A (en) Dynamic encryption method for network game data
CN105871540A (en) Cipher machine and cryptogrammic operation implementation method based on host machine
CN113422832B (en) File transmission method, device, equipment and storage medium
CN116418522A (en) Cloud server crypto-engine system based on virtualization technology
CN201051744Y (en) A secure encryption network card device
CN102907040A (en) Method, device and system for data transmission
CN215378951U (en) Portable VPN device and remote access system
CN111245604B (en) Server data security interaction system
CN105871926B (en) A kind of USB device secure sharing method and system based on desktop virtualization
WO2024098594A1 (en) Code protection system and method, virtual system architecture, chip and electronic device
CN210515295U (en) Security authentication system and information processing device based on security chip
CN107979608A (en) The data encrypting and deciphering Transmission system and transmission method that a kind of interface can configure
CN103701589A (en) Information transmission method and device based on virtual desktop system and relevant equipment
CN103729324A (en) Security protection device of cloud storage file based on USB3.0 interface
CN103269301A (en) Desktop type IPSecVPN cryptographic machine and networking method
CN114553411B (en) Distributed memory encryption device and distributed memory decryption device
CN210274109U (en) Ethernet card device supporting encryption function

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant