518873 五、發明說明(/ ) 【本發明之領域】 本發明係有關資訊安全之技術領域,尤指一種可加速 加密處理之快速密碼器及加密方 【本發明之背景】 〃按,隨著資訊科技之進步,電子化資訊之流通亦隨之 晋及,而為保持重要的敏感資料之傳遞的安全性,必須藉 由铪碼益對所欲傳送之資料封包予以加密,藉以確保資料 在傳送過程之安全機密,而習知對於資料封包之加密處理 係如第三圖所示,其中,等待加密之資料封包(3 7 )係由 一用以説明該封包(37)之標頭部(371)及接續該標頭 部(371 )且用以存放使用者資訊(user inforrnati〇n ) 之資料部(Payload) ( 3 72 )所組成,而加密處理之過 私係首先將該資料封包(3 7 )之資料部(3 7 2 )及標頭部 (371)分別存放在一暫存器A (31)及一暫存器B (3 2 )中,該暫存器A ( 3 1 )内之資料部(3 7 2 )則區分 為多個資料區塊(3 7 2 1 )以依序取出,每次取出之一資料 區塊(3721)係存放至一加密用之暫存器c (33)中,以 便對該資料區塊(3 7 2 1 )進行加密運算,經加密之資料區 境(3 7 2 1 ’)則複製回存至該暫存器a ( 3 1 ),而當該資 料部( 3 72 )之所有資料區塊(372 1 )均已取出並經加密 運异而回存至暫存器A (31)時,該暫存器a (31)即儲 存有已加密之資料部(3 7 2,)。 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公髮) -11 — -----------1 — I — I (請先閱讀背面M浲意事頊存填寫本貢) % 經濟部智慧財產局員JL消費合作社印製 518873 A7 五、發明說明(1) 另由於採用之加密演算法之不同,一資料區塊 ( 3 72 1 )之大小經加密運算後可能會有所變化,因此,如 採用之加密演算法會導致資料區塊(3 7 2 1 )之變大,則經 加密運算後之資料區塊(3 72 1 )如回存至暫存器A (31 ) 將會導致溢位(〇verfl〇w )之錯誤,故必須提供一額外 之暫存益E ( 3 5 )來儲存經加密運算後之資料區塊 (3 72 1’),而該暫存器E(35)之大小係為該資料部 (3 72 )經過加密後之最大可能長度,以在該資料部 (3 7 2 )之所有資料區塊(3 7 2丨)均已取出並經加密運算 而儲存至暫存器E (35)時,該暫存器E (35)即儲存有 長度變大之已加密資料部(3 72,)◦ 當貧料封包(37 )之資料部(3 72 )已加密完畢並存 ^於暫存器A ( 31 )或暫存器E ( 35 )時,即可進行加密 1料封包(3 7 ’)之輸出,其係將該暫存器B ( 3 2 )内之 才τ /、# ( 3 7 1 )經加贫指示設定後存放至一做為加密資料 2包輸出之用的暫存器D (34)之前端處,其中,該暫存 抑D 可為一向進行加密處理之資料處理系統所要求518873 V. Description of the invention (/) [Field of the invention] The present invention relates to the technical field of information security, especially a fast cipher and encryption party that can accelerate encryption processing. [Background of the present invention] With the advancement of technology, the circulation of electronic information has also been promoted. In order to maintain the security of the transmission of important sensitive data, it is necessary to encrypt the data packets to be transmitted through the code code to ensure the data in the transmission process. The confidentiality of the data packet is known as shown in the third figure. Among them, the data packet (37) waiting to be encrypted is composed of a header (371) for explaining the packet (37). And the data part (Payload) (3 72) that continues the header (371) and is used to store user information (user inforrnati0n), and the encrypted data is first privately packaged (3 7 ) The data department (3 7 2) and the header (371) are stored in a register A (31) and a register B (3 2), respectively, in the register A (3 1). The data department (3 7 2) is divided into multiple data blocks (3 7 2 1) The data blocks (3721) are fetched sequentially, and each data block (3721) is stored in a temporary register c (33) for encryption, so that the data block (3 7 2 1) is encrypted and encrypted. The data area (3 7 2 1 ') is copied back to the register a (3 1), and when all the data blocks (372 1) of the data department (3 72) have been taken out and encrypted When it is restored to the temporary register A (31), the temporary register a (31) stores the encrypted data part (37, 2). This paper size is applicable to China National Standard (CNS) A4 specifications (210 X 297 issued) -11 — ----------- 1 — I — I (Please read M on the back first and fill in Ben Gong)% Printed by JL Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 518873 A7 V. Description of the invention (1) In addition, due to the difference in the encryption algorithm used, the size of a data block (3 72 1) may be encrypted after the encryption operation. There are changes. Therefore, if the encryption algorithm used will cause the data block (3 7 2 1) to become larger, the encrypted data block (3 72 1) will be restored to the temporary register A ( 31) will lead to the error of overflow (〇verfl〇w), so an additional temporary benefit E (3 5) must be provided to store the encrypted data block (3 72 1 '), and the temporary The size of the register E (35) is the maximum possible length of the data section (3 72) after encryption, so that all data blocks (3 7 2 丨) in the data section (3 7 2) have been taken out and When encrypted and stored in register E (35), the register E (35) stores the encrypted data section (3 72,) which becomes larger in length. When the lean packet (37 ) The data department (3 72) has been encrypted and stored ^ in register A (31) or register E (35), you can perform the output of the encrypted 1 material packet (3 7 '), which is the Talents τ /, # (3 7 1) in register B (3 2) are stored in the front end of register D (34), which is used for outputting 2 packets of encrypted data after the poverty increase instruction is set. Among them, the temporary storage D can be required by a data processing system that has always been encrypted.
勺记匕區塊,或為一專用之記憶體,最後再將暫存器A (3 1 )或暫存( 35 )内之已加密資料部(3 72,)複製 =至該暫存器? 34)中以接續該經加密指示設定之標 △ 15 ( 3 7 1 ),藉此而得以在該輸出暫存器D ( 3 * )中庐 致一經加密保護之資料封包(37,)〇 又 士旦則过自知〈加密處理過程除因複雜之加密運算而花· I之計算時間之外,其亦因需要多次之資料的複製搬移 本紙“度適1 —.ΊΙΙ4Ι — — — — (請先閱讀背面之注意事項再填寫本頁) —訂—------· 經 濟 部 智 慧 財 產 局 員 工 消 費 合 作 社 印 製 518873 A7 -~----______ 五、發明說明(3 ) — "~一Copy the block, or a dedicated memory, and finally copy the encrypted data section (3 72,) in register A (3 1) or temporary storage (35) = to the register? 34) followed by the standard set by the encrypted instruction △ 15 (3 7 1), so as to get an encrypted data packet (37,) in the output register D (3 *). Shi Dan knew that "the encryption process took I calculation time because of complex encryption operations, and it also moved the paper because of the need for multiple copies of the data." Degree appropriate 1 —.ΊΙΙ4Ι — — — — ( Please read the notes on the back before filling in this page) —Order ———---- · Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 518873 A7-~ ----______ V. Description of Invention (3) — " ~ A
而绝成效旎《不影,此外,尚可能另外需要一暫存器E ^35)以儲存長度變大之已加密資料部( 3 72,),進而 寸致硬體資源之額外菲蛰 ;、+、、丄、 /、/r化w,因此,刖逑 < 加密處理方式會 有予以改進之必要。 /、 、”發明人爰因於此,本於積極發明之精神,亟思一種可 以解決上述問題之快速密碼器及加密方法,幾經研究實驗 終至完成此項新穎進步之發明。 【本發明之概述】 本發明之目的係在提供一種快速密碼器及加密方法, 以提升對資料封包加密處理之效能並節省硬體之資源。 依據本發明之一特點,一快速加密方法係首先將資料 封包之資料部及標頭部分別存放在一第一暫存器及一第二 暫存器中;再向資料處理系統要求一第四暫存器,其大小 至少為該第一及第二暫存器大小之總和,並將該第二暫存 态内之標頭部經加密指示設定後存放至該第四暫存器;再 將該第一暫存器内之資料部區分為至少一個資料區塊取 出,而取出之每一資料區塊係存放至一第三暫存器,以對 每一貧料區塊進行加密運算,並將每一加密之資料區塊複 製存放至該第四暫存器以接續該標頭部。 依據本發明之另一特點,一快速密碼器具有一第一暫 存器以存放該資料封包之資料部’·一第二暫存器以存放該 資料封包之標頭部;一第三暫存器以存放由該第二暫存器 之貧料邵所取出之一資料區塊;一加密元件以提供對—資 Μ氏張尺度適用中國國家標準(CNS)A4規格(210 X 297公5爱) -------1------裝 (請先閱讀背面之注意事項再填寫本頁} ----訂--- 經濟部智慧財產局員工消費合作社印製 經濟部智慧財產局員工消費合作社印製 518873 A7 -- B7 五、發明說明(涔) 料區塊進行加密運算;以及一第四暫存器以依序存放來自 藏第二暫存器且經加密指示設定後之標頭部與來自該第三 暫存為且經該加密元件加密後之每一資料區塊。 由於本發明之設計新穎,能提供產業上利用,且確有 增進功效,故依法申請專利。 為使貴審查委員能進一步瞭解本發明之結構、特徵 及其目的,茲附以圖式及較佳具體實施例之詳細說明如 后: 【圖式簡單説明】 第一圖:係依據本發明之快速加密方法之加密處理示意 圖〇 第二圖:係依據本發明之快速密碼器之硬體架構圖。 第三圖··係為習知之之加密處理過程示意圖。 【圖號説明】 (11)〜(14) (31)〜(34) (35)暫存器 (17 ) ( 17’)( 3 7 ) ( 3 7’)資料封包 (1 7 1 ) ( 1 7 1 ’)( 3 7 1 ) ( 3 7 1,)標頭部 (172) (172’)(372) (372’)資料部 ( 1 72 1 ) ( 1 72 1,)( 372 1 ) ( 372 1,)資料區塊 (21 )加密元件 (22 )控制單元 (23 )資料匯流排 (24 )控制匯流排 (25 )輸入線 (26 )輸出線 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公¥ ) I-----*-------裝--------訂--------- (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 A7 五、發明說明(女) 【較佳具體實施例之詳細説明】 有關本發明之快速加密方、 照第一門所-^ 車乂佳貫施例,請先參 …U…該資料封包:由:=^^ 料部U72)所構成,本發:之:=7"接續-資 Γ二資料部(172)及標頭部…"分別存放 4 (11)及-暫存器B (12)中,再向進行加 途'處理之資料處理系統要求—暫存器D(14),其大小至 少為該暫存器A(ll)及暫在哭只, 土 7汉,孖斋B ( 1 2 )大小之總和,並 將Μ暫存器B (12)内之標頭部(171)經加密指示設定 後存放至該暫存器D (14)之前端處,該加密指示設定係 對•亥標頭部 (1 71 1今*令& β 1 、丄 p又疋為已加途、或是對該標頭部 (17 1 )設定其通訊協定編號(pr〇t〇c〇i㈠以指 示其加密演算法之種類。 於本實施例中,該暫存器D ( 14)之大小較佳地為該 I存w A ( 1 1 )及暫存器B ( 1 2 )大小之總和,惟若所採 用之加密演算法會導致加密資料的變大,則該暫存器D (!4)之大小需為暫存器b ( 12)大小及該資料部加密後 之最大可能長度之總和。 而對於存放在該暫存器a(η)中等待加密之資料部 (1 7 2 )’係以區塊為單位而將其區分為至少一個資料區 塊(1 7 2 1 )以取出進行加密處理,一般而言,資料封包之 資料部長度約為1〇〇〇〜2000字元,而資料區塊之長度可設 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公7羞) 11 丨 裝--------訂--------- (請先閱讀背面之注意事項再填寫本頁) A7 B7The absolute effect is "not affected. In addition, a temporary register E ^ 35) may be needed to store the encrypted data department (3 72,) which becomes larger in length, which may result in additional cost of hardware resources; +,, 丄, /, / r turn w, so 刖 逑 < encryption processing will need to be improved. Because of this, based on the spirit of active invention, the inventor is eager to think about a fast cipher and encryption method that can solve the above problems. After several research experiments, this novel and progressive invention has been completed. [本 发明 的[Summary] The purpose of the present invention is to provide a fast cipher and encryption method to improve the performance of data packet encryption processing and save hardware resources. According to a feature of the present invention, a fast encryption method is to first packetize data The data department and the header are stored in a first register and a second register, respectively; and a fourth register is requested from the data processing system, the size of which is at least the first and second registers The sum of the size, and the header in the second temporary storage state is set to the fourth temporary register after the encryption instruction is set; then the data section in the first temporary register is divided into at least one data block Take out, and each data block taken out is stored in a third temporary register to perform an encryption operation on each lean block, and each encrypted data block is copied and stored in the fourth temporary register To According to another feature of the present invention, a fast cipher has a first register to store the data portion of the data packet '· a second register to store the header of the data packet; A third register is used to store a data block retrieved by the poor material Shao of the second register; an encryption element is provided to provide a pair of M-sheet scales applicable to China National Standard (CNS) A4 specifications (210 X 297 public 5 love) ------- 1 ------ installation (please read the precautions on the back before filling out this page) ---- Order --- Employee Cooperative of Intellectual Property Bureau, Ministry of Economic Affairs Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, printed 518873 A7-B7 V. Description of the invention (涔) The data block is encrypted; and a fourth register is used to sequentially store the second register from Tibet and After the encryption instruction is set, the header and each data block from the third temporary storage and encrypted by the encryption element. Because of the novel design of the present invention, it can provide industrial use, and indeed has enhanced efficacy, Therefore, we have applied for a patent in accordance with the law. The structure, characteristics, and purpose of the structure are described in detail below with drawings and preferred embodiments: [Simplified description of the drawings] The first picture: a schematic diagram of the encryption process according to the fast encryption method of the present invention. Figure: The hardware architecture diagram of the fast cipher according to the present invention. The third figure is a schematic diagram of the conventional encryption process. [Illustration of the drawing number] (11) ~ (14) (31) ~ (34) (35) Register (17) (17 ') (3 7) (3 7') Data packet (1 7 1) (1 7 1 ') (3 7 1) (3 7 1,) 172) (172 ') (372) (372') Data Department (1 72 1) (1 72 1,) (372 1) (372 1,) Data block (21) Encryption element (22) Control unit (23) ) Data bus (24) Control bus (25) Input line (26) Output line This paper size is applicable to China National Standard (CNS) A4 specification (210 X 297 mm ¥) I ----- * ---- --- Equipment -------- Order --------- (Please read the precautions on the back before filling out this page) Printed by A7, Consumer Cooperatives, Intellectual Property Bureau, Ministry of Economic Affairs (Female) [of the preferred embodiment Detailed description] Regarding the fast encryption method of the present invention, according to the example of the first door-^ Car 乂 Jiaguan, please refer to ... U ... This data packet: consists of: = ^^ Material Department U72), this issue: Of: = 7 " continued-data two data department (172) and header ... " data processing system that stores 4 (11) and-temporary register B (12), and then performs additional processing Requirement—The size of register D (14) is at least the sum of the size of register A (ll) and the crying temporary, Tu 7 Han, and Dzhai B (1 2). The header (171) in (12) is set to the front end of the register D (14) after being set by the encryption instruction. The encryption instruction is set to the • Haibiao header (1 71 1 今 * 令 & β 1 and 丄 p are again added or set their communication protocol number (pr〇t〇c〇i) to the header (17 1) to indicate the type of encryption algorithm. In this embodiment, the size of the register D (14) is preferably the sum of the sizes of the I memory w A (1 1) and the register B (1 2), but if the encryption algorithm is used Will cause the encrypted data to become larger, the size of the register D (! 4) needs to be the sum of the size of the register b (12) and the maximum possible length of the encrypted data section. The data part (1 7 2) 'stored in the register a (η) waiting to be encrypted is divided into at least one data block (1 7 2 1) in units of blocks for removal and encryption. Processing, in general, the length of the data part of the data packet is about 1000 ~ 2000 characters, and the length of the data block can be set to this paper size. Applicable to China National Standard (CNS) A4 specifications (210 X 297) ) 11 丨 Install -------- Order --------- (Please read the precautions on the back before filling this page) A7 B7
五、發明說明(々) 為8位元’如此即可將該資料部 (1721 ) 。 T 1 L刀為複數個資料區塊 對該複數個資料區塊(1 72丨)之Fifth, the invention description (i) is 8-bits' so that the data department (1721) can be used. T 1 L knife is a plurality of data blocks.
心取出係自該暫存器A ")内之資料部…2)的前端起取出一資料區槐 U72D而存放至—暫存器c (13),並對該暫存器c U3)内之資料區塊(1721)進行加密運算,再將該經 加K資料區塊(1721 )複製並依序存放至該暫存器β (14 )以接續該經加密指示設定之標頭部(171,),以 此方式持續取出資料部(172)之資料區塊(1721 )進行 加獪並將加密後之資料區塊(丨72丨,)存放至該暫存器乃 (14)中,直至該資料部(172)被完全取完為止,則存 放於孫暫存器D ( 1 4 )中之内容即為已加密之資料封包 (17,)。 由别述之加密過程可知,本發明之快速加密方法係將 經加密運算之每一資料區塊(丨7 2丨,)直接複製存放於輸 出用之暫存益D (14)中,而無須回存至該暫存器a (1 1 )中,因此得以節省大量之資料複製搬移之動作,故 可大幅提升加密處理之效能,且無需額外之暫存器以儲存 長度變大之加密資料部,更能節省硬體資源之花費,並由 於其處理過程不涉及加密演算法之加密及解密之運作,因 此可通用於所有之加密演算法。 又前述之快速加密方法並得以硬體來加以實現,請參 照第二圖所示,其顯示本發明之快速密碼器的硬體架構 圖,其主要係由暫存器A〜D ( 1 1〜1 4 )、加密元件(2 1 ) i紙張尺度適用中國國家標準(CNSU4規格⑵。X 297公8爱) -------II ——_ 裝 C請先閱讀背面之注意事項再填寫本頁} ---丨訂--- 經濟部智慧財產局員工消費合作社印製 518873 A7 五、發明說明()) 及匕制單兀(22 )所構成,其中,暫存器A〜D ( 1 1〜14 ) ^加歡兀件(21 )均係連接至一資料匯流排(23 )以進行 貝料 < 處理及移轉,控制單元(22 )則經由控制匯流排 (24 )以控制暫存器A〜D (11〜14)及加密元件(22) 之動作。 而對應前述快速加密方法之所述,該暫存器A ( u ) 係自一輸入線(25 )輸入資料封包之資料部以存放之,該 暫存器B ( 1 2 )亦係自該輸入線(2 5 )輸入資料封包之標 頭部以存放之,該暫存器C ( 1 3 )係用以存放由該暫存器 B ( 1 2 )之資料部所取出之一資料區塊,該暫存器d (14 )則係依序存放來自該暫存器B ( 12 )且經加密指示 口又足後之標頭邵與來自該暫存器C ( 1 3 )且經該加密元件 (2 1 )加余後之每一資料區塊,而該加密元件即係提供對 貝料區塊進行加密之運算〇 而該控制單元(3 2 )即係控制該快速密碼器之動作, 其主要係將該暫存器Β ( 1 2 )内之標頭部經加密指示之設 足後存放至該暫存器D (14),並將該暫存器a (丨丨)内 之資料部區分為至少一個資料區塊取出以存放至該暫存器 C (13) ’再猎由該加金元件(21)而對每一資料區塊進 行加密運算,並將每一加密之資料區塊複製存放至該暫存 器D ( 1 4 )以接續標頭部,藉以在該暫存器D (丨4 )中庐 致一已加密之資料封包,並自一輸出線(26)輸出該經二 密保護之資料封包。 ‘紙張尺度適用中國國家標準(CNS)A4規格(21〇 x 297公釐) (請先閱讀背面之注意事項再填寫本頁) 裝 ----訂--- 經濟部智慧財產局員工消費合作社印製 518873 A7 五、發明說明(?) 综上所陳,本發明無論就目的、手段及功效,在在均 顯示其迥異於W知技術之特徵,為資料封包之加密設計上 的一大犬破二懇凊貴審查委員明察,早曰賜准專利,俾 嘉惠社會,實感德便。惟應注意的是,上述諸多實施例僅 係為了便於説明而舉例而已,本發明所主張之權利範圍自 應以申請專利範圍所述為準,而非僅限於上述實施例。 (請先閱讀背面之注音?事項再填寫本頁) 裝 ----訂--- 經濟部智慧財產局員工消費合作社印製The heart is taken out from the front end of the data section in the register A ") ... 2) and a data area Huai U72D is taken out and stored in-register c (13), and the register c U3) The data block (1721) is encrypted, and then the K-added data block (1721) is copied and sequentially stored in the register β (14) to continue the header (171) set by the encrypted instruction. ,), In this way, the data block (1721) of the data department (172) is continuously taken out, and the encrypted data block (丨 72 丨,) is stored in the temporary register (14) until Until the data department (172) is completely taken out, the content stored in the Sun temporary register D (1 4) is the encrypted data packet (17,). As can be seen from the encryption process mentioned above, the fast encryption method of the present invention directly copies and stores each data block (丨 7 2 丨,) encrypted in the temporary storage benefit D (14) for output, without the need to Back to the register a (1 1), so that a large amount of data copying and moving operations can be saved, so the performance of encryption processing can be greatly improved, and no additional register is needed to store the encrypted data department with a larger length. It can save the cost of hardware resources, and because its processing does not involve the operation of encryption and decryption of encryption algorithms, it can be used for all encryption algorithms. The foregoing fast encryption method can also be implemented by hardware. Please refer to the second figure, which shows the hardware architecture diagram of the fast cipher of the present invention, which is mainly composed of the registers A ~ D (1 1 ~ 1 4), encryption element (2 1) i paper size applies to Chinese national standards (CNSU4 specifications ⑵. X 297 male 8 love) ------- II --_ Please read the precautions on the back before filling This page} --- 丨 Order --- Printed by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 518873 A7 V. Description of invention ()) and dagger unit (22), of which register A ~ D ( 1 1 ~ 14) ^ Jiahuan pieces (21) are all connected to a data bus (23) for shell material < processing and transfer, and the control unit (22) is controlled by the control bus (24) The operations of the registers A to D (11 to 14) and the encryption element (22). Corresponding to the aforementioned fast encryption method, the register A (u) is input from the data part of the data packet for storage by an input line (25), and the register B (1 2) is also input from the input Line (2 5) enters the header of the data packet for storage. The register C (1 3) is used to store a data block taken out by the data section of the register B (1 2). The register d (14) sequentially stores the header Shao from the register B (12) and the encrypted instruction port, and the header C from the register C (1 3) and the encrypted element. (2 1) Each data block after the addition is added, and the encryption element is to provide an operation for encrypting the shell material block, and the control unit (3 2) is to control the operation of the fast cipher, which It is mainly that the header in the register B (1 2) is stored in the register D (14) after the encryption instruction is set, and the data department in the register a (丨 丨) is stored. It is divided into at least one data block to be taken out and stored in the register C (13). Then, the data is encrypted by the gold-added component (21), and each encrypted data block is encrypted. The material block is copied and stored in the register D (1 4) to continue the bid header, so that an encrypted data packet is obtained in the register D (丨 4), and it is output from an output line (26) Output the second-protected data packet. 'The paper size applies the Chinese National Standard (CNS) A4 specification (21 × 297 mm) (please read the precautions on the back before filling this page) Printed 518873 A7 V. Description of the invention (?) In summary, the present invention, regardless of its purpose, means and effects, shows its characteristics that are quite different from those of known technologies, and is a big dog for the encryption design of data packets. The second inspection committee member made a clear observation and granted a quasi-patent as early as possible. It should be noted that the above-mentioned embodiments are merely examples for the convenience of description, and the scope of the claimed rights of the present invention should be based on the scope of the patent application, rather than being limited to the above-mentioned embodiments. (Please read the Zhuyin on the back? Matters before filling out this page.) ---- Order --- Printed by the Employees' Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs