CN219105481U - Isolation encryption card based on PCI-E - Google Patents

Isolation encryption card based on PCI-E Download PDF

Info

Publication number
CN219105481U
CN219105481U CN202223522479.4U CN202223522479U CN219105481U CN 219105481 U CN219105481 U CN 219105481U CN 202223522479 U CN202223522479 U CN 202223522479U CN 219105481 U CN219105481 U CN 219105481U
Authority
CN
China
Prior art keywords
chip
encryption
pci
interface
soc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202223522479.4U
Other languages
Chinese (zh)
Inventor
刘建峰
张恒
张克
靳佳男
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xindahuaxin Information Technology Co ltd
Original Assignee
Zhengzhou Xindahuaxin Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xindahuaxin Information Technology Co ltd filed Critical Zhengzhou Xindahuaxin Information Technology Co ltd
Priority to CN202223522479.4U priority Critical patent/CN219105481U/en
Application granted granted Critical
Publication of CN219105481U publication Critical patent/CN219105481U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Storage Device Security (AREA)

Abstract

The utility model relates to an isolation encryption card based on PCI-E, which comprises an SoC encryption chip, an FPGA chip, an algorithm chip, an SRAM chip and a PCI-E interface, wherein the FPGA chip is connected with the SoC encryption chip, the algorithm chip is connected with the FPGA chip, and the PCI-E interface and the SRAM chip are connected with the SoC encryption chip. The isolation encryption card of the utility model selects the chip which can be made at home for architecture resetting, reduces the dependence on the high-performance FPGA chip with PCI-E interface, reduces the cost, reduces the number of special cipher chips, and solves the problem of large chip area caused by the arrangement of a plurality of algorithm chips.

Description

Isolation encryption card based on PCI-E
Technical Field
The utility model relates to the technical field of isolation encryption cards, in particular to an isolation encryption card based on a PCI-E interface.
Background
The encryption module contained in the traditional PCI-E encryption card needs to support a plurality of different high-performance encryption algorithm chips and a control chip scheme in the design if the encryption module needs to support a plurality of high-performance encryption algorithms, but the design scheme of the plurality of encryption algorithm chips and a main control chip not only makes the area of the encryption card huge, data signals among chips are easy to detect, data leakage is caused, and the total cost of the plurality of encryption chips and the main control chip is high; or an architecture scheme of an SoC encryption chip supporting a plurality of cryptographic algorithms and having very high performance of each algorithm is needed, the scheme depends on the SoC encryption chip with high performance, so that currently, few SoC encryption chips with high domestic performance are needed, and the architecture has no universality.
The encryption and decryption card based on PCI-E bus technology disclosed in the patent of the utility model of the grant publication number CN204390237U comprises an FPGA processing chip and more than one parallel special encryption and decryption algorithm chip.
The utility model patent of the grant bulletin number CN206712810U discloses a PCI-E bus-based high-speed password card, a main control module is mainly based on an Xilinx FPGA, an encryption module adopts a special algorithm chip, and four algorithms supported by the main control module at least adopt three algorithm chips.
Disclosure of Invention
The utility model aims to provide an isolation encryption card based on PCI-E, which solves the technical problems of large area and high cost of the existing encryption isolation card.
In order to achieve the above purpose, the utility model adopts the following technical scheme:
the PCI-E based isolation encryption card comprises an SoC encryption chip, an FPGA chip, an algorithm chip, an SRAM chip and a PCI-E interface, wherein the FPGA chip is connected with the SoC encryption chip, the algorithm chip is connected with the FPGA chip, and the PCI-E interface and the SRAM chip are connected with the SoC encryption chip.
Further, the SoC encryption chip is connected with a USB3.0 interface.
Further, the SoC encryption chip is connected with a physical noise source chip.
Further, the SoC encryption chip is also connected with a key destroying interface and a cover opening destroying interface.
Further, the SoC encryption chip is also connected with a USB Key interface, which is used for connecting the USB Key for identity authentication.
Further, the FPGA chip is connected with the SoC encryption chip through a GMII interface and is used for transmitting encrypted and decrypted data.
Further, the SoC encryption chip selects an HX6808 chip and the FPGA chip selects PGL25G.
Further, the algorithm chip is HSMD1.
Further, the algorithm chip is connected with the FPGA chip through a 32-bit bus interface and is used for encrypting and decrypting the transmitted data.
Further, the SRAM chip is connected with the SoC encryption chip through an I2C interface and is used for storing key information of the isolation encryption card.
The utility model has the beneficial effects that:
the PCI-E-based isolation encryption card adopts a general SoC encryption chip and is matched with a special cipher algorithm chip architecture. The SoC encryption chip integrates a PCI-E high-speed interface and a password security processor, a single SoC encryption chip supports a plurality of symmetric algorithms such as SM3 hash algorithm, SM4, AES, ZUC and the like, and supports an SM2 asymmetric algorithm, and a high-performance encryption algorithm chip is matched with a low-performance FPGA chip, so that the SM1 symmetric algorithm performance of the encryption card is improved. The dependency on the high-performance FPGA chip with the PCI-E interface is reduced, the required chip can be made into China, and the cost is reduced. Compared with the traditional PCI-E encryption card, the number of special cipher chips is reduced, and the problem of large chip area caused by the arrangement of a plurality of algorithm chips is solved.
Further, by setting a USB3.0 data interface, data is physically isolated, and conversion transmission from network port data to non-network port data is realized. Compared with the traditional physical security isolation card, the speed of using the USB3.0 interface as a physical transmission channel is faster than that of using the traditional IDE interface.
Drawings
FIG. 1 is a schematic diagram of an isolated crypto card of the present utility model based on PCI-E and USB3.0 interfaces;
FIG. 2 is a GMII interface signal diagram of an SoC encryption chip;
FIG. 3 is a diagram of PCI-E interface golden finger connections;
FIG. 4 is a USB Key interface connection diagram;
fig. 5 is a USB3.0 interface diagram.
Detailed Description
The following description of the embodiments of the present utility model will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present utility model, but not all embodiments. All other embodiments, which are derived by a person skilled in the art based on the embodiments of the utility model, fall within the scope of protection of the utility model.
Embodiments of the utility model:
as shown in FIG. 1, the PCI-E based isolation encryption card comprises an SoC encryption chip, an FPGA chip, an algorithm chip, an SRAM chip and a PCI-E interface, wherein the FPGA chip is connected with the SoC encryption chip, the algorithm chip is connected with the FPGA chip, and the PCI-E interface and the SRAM chip are connected with the SoC encryption chip.
The SoC encryption chip is connected with a USB3.0 interface, a physical noise source chip, a Key destroying interface, a cover opening destroying interface and a USB Key interface.
The SoC encryption chip is used for carrying out point-to-point communication from network port data to non-network port data through a USB3.0 interface so as to carry out physical isolation of the data. This is another main innovation point of the present utility model, not only has encryption function, but also adds isolation interface.
The FPGA chip is connected with the SoC encryption chip through a GMII interface and is used for transmitting encrypted and decrypted data, duplex communication is supported, and the highest speed can reach 1Gbps. The SoC encryption chip selects a self-grinding HX6808 chip, supports SM2, SM3, SM4, ZUC and other national encryption algorithms, and supports AES, DES and other international algorithms. PGL25G is selected as the FPGA chip, and the chip with low performance is selected, so that the requirements can be met in general domestic production, and the cost is reduced. The SoC encryption chip has algorithm reconfigurable capability, and besides supporting a general algorithm, hardware reconfiguration can be performed through encoding, so that the algorithm can be customized according to requirements. The SoC encryption chip has self safety protection capability, and can seal the JTAG debugging interface after development is completed to prevent detecting the internal data of the chip. The system has voltage, frequency and environmental temperature detection and response capability, can set the threshold value of the frequency, the voltage and the temperature, automatically closes related functions after exceeding the threshold value, destroys key information and prevents snooping in an encrypted card abnormal mode.
The algorithm chip is connected with the FPGA chip through a 32-bit bus interface and is used for carrying out encryption and decryption operation on the transmitted data, and the symmetric algorithm performance of the encryption card SM1 is improved. The algorithm chip is of a commercial model number of HSMD1, and supports a high-performance SM1 symmetric algorithm.
The SoC encryption chip is used for connecting the USB Key for identity authentication by setting the USB Key interface.
The SRAM chip, namely the memory, is connected with the SoC encryption chip through the I2C interface and is used for storing key information of the isolation encryption card, and power failure information or cover opening information is lost. The SRAM chip is also connected to a battery.
Two physical noise source chips are required to be arranged, and the commercial and private model is HSN3.
The SoC encryption chip is connected with the key destroying and uncovering destroying interface to ensure the physical safety of the isolation encryption card.
The PCI-E-based isolation encryption card adopts a general SoC encryption chip and is matched with a special cipher algorithm chip architecture. The SoC encryption chip integrates a PCI-E high-speed interface and a password security processor, a single SoC encryption chip supports a SM3 hash algorithm, a plurality of symmetric algorithms such as SM4, AES, ZUC and the like, and the symmetric algorithm supports a multi-core (6-core) acceleration function; and the SM2 asymmetric algorithm is supported, and the high-performance encryption algorithm chip is matched with the low-performance FPGA chip, so that the SM1 symmetric algorithm performance of the encryption card is improved. The chip that this novel encryption card needs all can be domestic, reduces the dependence to high performance, have PCI-E interface FPGA chip, and the cost is reduced, and has solved the big problem of chip area that sets up a plurality of algorithm chips and lead to, compares with traditional PCI-E encryption card, has reduced special password chip quantity of use.
And the data is physically isolated through the USB3.0 data interface, so that the conversion transmission from the network port data to the non-network port data is realized. Compared with the traditional physical security isolation card, the USB3.0 interface is used as a physical transmission channel, and the speed is faster than that of the traditional IDE interface.

Claims (10)

1. Isolation encryption card based on PCI-E, its characterized in that: the system comprises an SoC encryption chip, an FPGA chip, an algorithm chip, an SRAM chip and a PCI-E interface, wherein the FPGA chip is connected with the SoC encryption chip, the algorithm chip is connected with the FPGA chip, and the PCI-E interface and the SRAM chip are connected with the SoC encryption chip.
2. The PCI-E based quarantine encryption card of claim 1, wherein: and the SoC encryption chip is connected with a USB3.0 interface.
3. The PCI-E based quarantine encryption card of claim 1, wherein: the SoC encryption chip is connected with a physical noise source chip.
4. The PCI-E based quarantine encryption card of claim 1, wherein: the SoC encryption chip is also connected with a key destroying interface and a cover opening destroying interface.
5. The PCI-E based quarantine encryption card of claim 1, wherein: the SoC encryption chip is also connected with a USB Key interface and is used for connecting the USB Key for identity authentication.
6. The PCI-E based quarantine encryption card of claim 1, wherein: the FPGA chip is connected with the SoC encryption chip through a GMII interface and is used for transmitting encrypted and decrypted data.
7. The PCI-E based quarantine encryption card of claim 1, wherein: the SoC encryption chip selects HX6808 chip and the FPGA chip selects PGL25G.
8. The PCI-E based quarantine encryption card of claim 1, wherein: the algorithm chip is of a commercial scale type HSMD1.
9. The PCI-E based quarantine encryption card of claim 1, wherein: the algorithm chip is connected with the FPGA chip through a 32-bit bus interface and is used for encrypting and decrypting the transmitted data.
10. The PCI-E based quarantine encryption card of claim 1, wherein: the SRAM chip is connected with the SoC encryption chip through the I2C interface and is used for storing key information of the isolation encryption card.
CN202223522479.4U 2022-12-28 2022-12-28 Isolation encryption card based on PCI-E Active CN219105481U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202223522479.4U CN219105481U (en) 2022-12-28 2022-12-28 Isolation encryption card based on PCI-E

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202223522479.4U CN219105481U (en) 2022-12-28 2022-12-28 Isolation encryption card based on PCI-E

Publications (1)

Publication Number Publication Date
CN219105481U true CN219105481U (en) 2023-05-30

Family

ID=86464777

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202223522479.4U Active CN219105481U (en) 2022-12-28 2022-12-28 Isolation encryption card based on PCI-E

Country Status (1)

Country Link
CN (1) CN219105481U (en)

Similar Documents

Publication Publication Date Title
CN204066121U (en) A kind of PCI-E encrypted card
CN108011716B (en) Cipher device and implementation method
CN209803788U (en) PCIE credible password card
CN101882189B (en) Embedded-type system for ensuring completeness of program and realization method thereof
US20230069781A1 (en) Microprocessor, data processing method, electronic device, and storage medium
US20230071723A1 (en) Technologies for establishing secure channel between i/o subsystem and trusted application for secure i/o data transfer
CN112035900B (en) High-performance password card and communication method thereof
CN109101829B (en) Safety solid-state disk data transmission system based on reconfigurable cipher processor
EP4145321A1 (en) Microprocessor, data processing method, electronic device, and storage medium
US11847228B2 (en) Platform security mechanism
CN219105481U (en) Isolation encryption card based on PCI-E
CN101996285B (en) Electronic equipment
Cui et al. Power system real time data encryption system based on DES algorithm
CN203930840U (en) A kind of hardware encryption card
CN110851888A (en) High-performance security encryption system with double-path heterogeneous function
CN215298232U (en) PCIE password card
CN110768982A (en) Network security interconnection device based on homemade SOC
CN107317925B (en) Mobile terminal
US20210312045A1 (en) Integrated circuit side-channel mitigation mechanism
WO2021253254A1 (en) Chip, chip encapsulation structure and electronic device
Chen et al. A RISC-V system-on-chip based on dual-core isolation for smart grid security
CN214704617U (en) Guomcipher algorithm card based on PCIe104 interface
CN201247464Y (en) Data encrypt device for ATA genus memory apparatus of USB interface
CN203242000U (en) USB (Universal Serial Bus) hardware encryption system based on FPGA (Field Programmable Gate Array) technology
EP4145316A1 (en) Microprocessor, data processing method, electronic device, and storage medium

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant