CN109067523A - A kind of data ciphering method of encrypted card - Google Patents
A kind of data ciphering method of encrypted card Download PDFInfo
- Publication number
- CN109067523A CN109067523A CN201810850409.0A CN201810850409A CN109067523A CN 109067523 A CN109067523 A CN 109067523A CN 201810850409 A CN201810850409 A CN 201810850409A CN 109067523 A CN109067523 A CN 109067523A
- Authority
- CN
- China
- Prior art keywords
- encryption
- decryption
- data
- task
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of data ciphering methods of encrypted card, comprising the following steps: step S1: encryption/task of decryption that receiving host is sent;Step S2: encryption/task of decryption to be processed is distributed into the data encrypting and deciphering module of idle state and directly stores task after processing to the corresponding storage unit of data encrypting and deciphering module after the completion of encryption/decryption;Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to host.Compared with prior art, the present invention combines memory and encryption device, and host realizes that encryption and decryption operation greatly improves host process efficiency without waiting encryption and decryption task to complete in real time by control store instruction and informing mechanism.
Description
Technical field
The present invention relates to technical field of data security more particularly to a kind of data ciphering methods of encrypted card.
Background technique
Hardware security module (Hardware Secure Module, HSM) has been got over as a kind of important encryption equipment
To be more widely applied in the fields such as government, finance, communication, national defence.Due to being related to the protection and safety of sensitive information, use
Hardware security module to storage medium encrypt it is particularly important, can to avoid when storing device losses important or private information let out
It is close.There is the implementation of hardware security module on China and the international at present, is able to achieve RSA, elliptic curve/SM2, SM4 etc. and adds
Close algorithm supports the multiple interfaces such as PCI/PCI-X, PCI-E/mini PCI-E.In the prior art, hardware security module is usual
Using encrypted card realize in data Encrypt and Decrypt operation, at present encrypted card be by special chip (usually FPGA, FPGA turn
ASIC it) realizes, needs with customized non-standard dedicated api interface, the application due to existing product based on the end PC is all with certainly
Definition, off-gauge API, lead to the operating system to each application, will in addition provide original part driving.In different computers
Under operating system, special driving is needed to service for it, this exploitation to software can expend huge manpower, practical
The compatibility of upper software is to promote this kind of product, maximum problem.
Meanwhile encrypted card usually only has single encryption function in the prior art, directly returns and adds after the completion of encryption
Ciphertext data, host needs to monitor encrypted state in real time, to greatly occupy host resource.
Therefore in view of the drawbacks of the prior art, it is really necessary to propose a kind of technical solution to solve skill of the existing technology
Art problem.
Summary of the invention
In view of this, being solved it is necessory to provide a kind of data ciphering method of encrypted card using the communications protocol of standard
Prior art systems compatibility and driving problems;Memory and encryption device are combined simultaneously, host passes through storage control
Instruction and informing mechanism realize that encryption and decryption operation greatly improves host without waiting encryption and decryption task to complete in real time
Treatment effeciency;And high-speed data encryption and decryption behaviour is realized by the way that multiple data encrypting and deciphering modules and a variety of enciphering and deciphering algorithms are arranged
Make.
In order to overcome the drawbacks of the prior art, technical scheme is as follows:
A kind of data ciphering method of encrypted card, comprising the following steps:
Step S1: encryption/task of decryption that receiving host is sent;
Step S2: by encryption/task of decryption to be processed distribute to idle state data encrypting and deciphering module and encryption/
Directly task after processing is stored to the corresponding storage unit of data encrypting and deciphering module after the completion of decryption oprerations;The number
There is unique identifying number according to encryption/decryption module;
Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;
Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to master
Machine.
As a preferred technical solution, in step S3, information table is updated by monitored data encryption/decryption module and according to institute
State the operation of information table control encrypted card;The information table includes at least mission number, module number, action type, state letter
Breath and storage address information, the mission number are the unique identifying number of each received task setting;The module number
For the identification number of the data encrypting and deciphering module to task progress encryption/decryption;The action type is data encrypting and deciphering
Module carries out cryptographic operation or decryption oprerations to the task;The status information is the working condition of data encrypting and deciphering module;Institute
Stating storage address information is the address information for storing the task and carrying out data information after encryption/decryption.
Multiple storage units are arranged in each data encrypting and deciphering module as a preferred technical solution, and each storage unit is used
In one cryptographic tasks of storage.
As a preferred technical solution, further include the configuration-direct of receiving host and is redistributed according to configuration-direct described
The storage unit of data encrypting and deciphering module, the access unit address space is according to encryption algorithm type and waiting task
Data length is reset.
The configuration-direct is used for the encryption/decryption parameter of configuration data encryption/decryption module as a preferred technical solution,;Institute
Encryption/decryption parameter is stated including at least encryption algorithm type, is in AES-128/256, SM2, SM3, SM4, RSA, 3DES or SHA
It is any.
As a preferred technical solution, in the step S3, after the completion of encryption/decryption update information table and to
It includes that the task corresponds to access unit address information that host, which feeds back task to complete message,.
As a preferred technical solution, in step s 4, the acquisition assignment instructions that receiving host is sent are to appropriate address
The reading instruction in space.
As a preferred technical solution, in step sl, encryption/task of decryption that receiving host is sent is to appropriate address
The write command in space.
The data encrypting and deciphering module further comprises MCU, randomizer, algorithm as a preferred technical solution,
Storage unit and encryption and decryption processing unit, the algorithm storage unit is for storing Encryption Algorithm;The encryption and decryption processing unit
For loading corresponding Encryption Algorithm according to the instruction of MCU and executing encryption/decryption;The randomizer is for producing
The raw key for being used for the Encryption Algorithm;The MCU and the randomizer, algorithm storage unit and encryption and decryption processing are single
Member, for controlling the work of the data encrypting and deciphering module.
The data encrypting and deciphering module uses the S686 main control chip of Hua Lanwei company as a preferred technical solution,.
Compared with prior art, the present invention solves prior art systems compatibility using the communications protocol of standard and drives
Dynamic problem, memory and encryption device are combined, and host realizes encryption and decryption behaviour by control store instruction and informing mechanism
Make, host greatly improves host process efficiency without waiting encryption and decryption task to complete in real time;And by the way that multiple data are arranged
Encryption/decryption module and a variety of enciphering and deciphering algorithms realize the operation of high-speed data encryption and decryption.
Detailed description of the invention
Fig. 1 is the functional block diagram that card architecture is encrypted in the present invention.
Fig. 2 is the functional block diagram of data encrypting and deciphering module in the present invention.
The flow diagram of the data ciphering method of the position Fig. 3 encrypted card of the present invention.
Following specific embodiment will further illustrate the present invention in conjunction with above-mentioned attached drawing.
Specific embodiment
Technical solution provided by the invention is described further below with reference to attached drawing.
Since prior art encrypted card product is all to lead to the operation system to each application with customized, off-gauge API
In addition system will provide original part driving, this exploitation to software can expend huge manpower, the actually compatibility of software,
It is big to make this kind of product promote difficulty.
Referring to Fig. 3, it show a kind of flow chart of the data ciphering method of encrypted card of the present invention, comprising the following steps:
Step S1: encryption/task of decryption that receiving host is sent;
Step S2: by encryption/task of decryption to be processed distribute to idle state data encrypting and deciphering module and encryption/
Directly task after processing is stored to the corresponding storage unit of data encrypting and deciphering module after the completion of decryption oprerations;The number
There is unique identifying number according to encryption/decryption module;
Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;
Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to master
Machine.
Wherein, in step sl, encryption/task of decryption that receiving host is sent is the write command to appropriate address space.
In the step S3, information table is updated after the completion of encryption/decryption and is disappeared to host feedback task completion
Breath includes that the task corresponds to access unit address information.
In step s 4, it is the reading instruction to appropriate address space that receiving host was sent, which obtains assignment instructions,.
By adopting the above technical scheme, memory and encryption device are combined, host is by control store instruction and leads to
Know that mechanism realizes encryption and decryption operation, host greatly improves host process efficiency without waiting encryption and decryption task to complete in real time.It is right
For external host, encrypted card is equivalent to common external a generic storage equipment, such as USB flash disk, hard disk etc., it might even be possible to have
Drive has the attribute of the normal hard disk such as storage size, and unlike the prior art, the present invention is in normal read-write operation
Under, it has been also equipped with data encrypting and deciphering function.Under framework of the present invention, data encryption operation is equivalent to and adds be-encrypted data write-in
Close card, while other operations can be handled after host transmission task, without waiting;Cryptographic operation is completed, and encrypted card sends notice
Instruction informs that the cryptographic operation of host corresponding task is completed, and host obtains the data letter for being stored in appropriate address by reading instruction again
Breath completes primary encryption/decryption oprerations.
In a preferred embodiment, in step S3, information table and basis are updated by monitored data encryption/decryption module
The operation of the information table control encrypted card;The information table includes at least mission number, module number, action type, state
Information and storage address information, the mission number are the unique identifying number of each received task setting;The module is compiled
Number for the task carry out encryption/decryption data encrypting and deciphering module identification number;The action type is that data add solution
Close module carries out cryptographic operation or decryption oprerations to the task;The status information is the working condition of data encrypting and deciphering module;
The storage address information is the address information for storing the task and carrying out data information after encryption/decryption.
In above-mentioned technical proposal, multiple storage units are arranged in each data encrypting and deciphering module, and each storage unit is for depositing
Store up an encryption and decryption task.After each encryption and decryption task has been handled, store into one of storage unit;Task stores it
Afterwards, data encrypting and deciphering module can handle next encryption and decryption task;Meanwhile control module directly reads storage unit
It writes, is completely independent to host feedback data and data encrypting and deciphering process, thus greatly high treatment effeciency.In addition, by setting
The state for setting the read-write of storage flag mark data, task has been stored to phase after state, which is set to ready, indicates encryption/decryption
The storage unit answered;State is set to done expression and has read corresponding data from storage unit, then the memory space can
To be released;Greatly improve storage space utilization.
In a preferred embodiment, further include the steps that the configuration-direct of receiving host, configuration-direct is for configuring
The encryption/decryption parameter of data encrypting and deciphering module;The encryption/decryption parameter includes at least encryption algorithm type, is AES-128/256,
Any one of SM2, SM3, SM4, RSA, 3DES or SHA.Meanwhile configuration-direct further includes the data length of waiting task,
Data encrypting and deciphering module redistributes access unit address space according to configuration-direct.For example, current crypto task size is
2K, the length after using SM2 Encryption Algorithm to handle then carry out memory space using the space 4K as basic storage unit for 4K
It redistributes.By adopting the above technical scheme, setting Encryption Algorithm can be required according to user and be arranged according to actual needs optimal
Storage unit.
Referring to Fig. 1, it show the functional block diagram that card architecture is encrypted in the present invention, including interface module, control module, data
Encryption/decryption module and memory module, wherein interface module uses standard interface, for carrying out data communication with host, it is preferable that
Interface module is any one of PCIe, SATA, USB, SAS, IEEE1394, SD, eMMC or SPI interface.Due to using general
Standard interface, while using agreement control instruction (Data Transport Protocol) realize encryption and decryption operation, without installation drive
Dynamic program can realize plug and play under different operating system.
Multiple storage units are arranged in memory module in data encrypting and deciphering module and memory module ingenious combination by the present invention;
Data encrypting and deciphering module is used to carry out encryption/decryption to being distributed for task according to the control instruction of control module and will
Task after encrypted/decryption is stored in corresponding storage unit;Meanwhile control module is also connected with memory module, it can
Directly read the data information in memory module.By adopting the above technical scheme, by the operation of the encryption and decryption of encrypted card it is fully enclosed in
Inside, for external host, encrypted card is equivalent to common external a generic storage equipment, such as USB flash disk, hard disk etc., very
Can extremely there be drive, have the attribute of the normal hard disk such as storage size, only under normal read-write operation, the hard disk is also
Has data encrypting and deciphering function.Under framework of the present invention, data encryption operation is equivalent to, encrypted card is written into be-encrypted data,
Other operations can be handled after host transmission task simultaneously, without waiting;Cryptographic operation is completed, and encrypted card sends notification instruction and accuses
Know that the cryptographic operation of host corresponding task is completed, host obtains the data information for being stored in appropriate address by reading instruction again, complete
At primary encryption/decryption oprerations.
Control module is the core of the encryption card architecture, for controlling the operation of encrypted card;Wherein, control module is by connecing
The task that mouth mold block receiving host is sent, distributes to data encrypting and deciphering module for received task;Control module monitoring data adds
The state of deciphering module, control module completes message to host feedback task to allow master after the completion of task encryption/decryption
Machine is obtained in time through encryption and decryption treated task;Further, it is read after the acquisition assignment instructions of control module receiving host
The data information of corresponding storage unit is simultaneously sent to host.
Further, multiple data encrypting and deciphering modules are arranged in encrypted card, and each data encrypting and deciphering module has unique identification
Number and distribute corresponding storage unit to store the task after encryption/decryption.To greatly improve Data Concurrent processing capacity
It is stronger.
In a preferred embodiment, setting information table in control module, the control module monitored data encryption and decryption
Module updates information table and controls the operation of the encrypted card according to the information table;Information table includes at least mission number, mould
Block number, action type, status information and storage address information, mission number are unique mark of each received task setting
Knowledge number;Module number is the identification number that the data encrypting and deciphering module of encryption/decryption is carried out to the task;Action type is number
Cryptographic operation or decryption oprerations are carried out to the task according to encryption/decryption module;Status information is the work shape of data encrypting and deciphering process
State;Storage address information is the address information for storing the task and carrying out data information after encryption/decryption.Specifically, control
After the task that module receiving host is sent, establishes an I/O task and determine corresponding mission number, completed in I/O task specified
After operation, host can just be fed back accordingly;After establishing I/O task, control module distributes an idle data encrypting and deciphering
Module simultaneously obtains its module number, while listening for data encrypting and deciphering module execution encryption/decryption to update information table,
In, status information includes at least busy, idle, ready and done, wherein state, which is set to busy, indicates data encrypting and deciphering module
Carrying out data processing;State, which is set to idle, indicates that data encrypting and deciphering resume module completes task, can undertake new task;
Task has been stored to corresponding storage unit after state is set to ready expression encryption/decryption;State is set to done and indicates
Through having read corresponding data from storage unit, then the memory space can be released.It therefore, can be with by above- mentioned information table
It is apparent from the process status, the working condition of data encrypting and deciphering module and the address space of memory module of any one task
State, so that the encryption and decryption of carry out task be facilitated to handle.
In a kind of preferred embodiments, the order of Data Transport Protocol has stack function, to solve read write command
Out-of-order response problem, IO queue is managed operational order, realizes concurrent data encrypting and deciphering processing.Add for each
Decryption oprerations, because the data length of encryption and decryption and enciphering and deciphering algorithm are different, the duration of processing is also different, every time encryption and decryption point
It being handled with one hardware encryption card of network, after the completion of waiting processing, is there is the stack-protocol of storage, notice system task is completed,
Finally the data after process encryption and decryption are sent.Therefore, when being written and read every time, encrypted card can all establish one
A I/O task just can feed back accordingly host after I/O task completes read-write operation.
In a kind of preferred embodiments, by the control instruction of agreement by action type and specific memory address space
Binding, that is, memory space address is carried out particular division, the write operation of a specified address and length data can be taken as
A kind of encryption and decryption order of encryption mode can notify the read operation carried out to this address after encryption and decryption is disposed automatically, read
The data taken are then the data after encryption and decryption is disposed.
In a kind of preferred embodiments, multiple encryption algorithms are set in data encrypting and deciphering module, according to control module
Control instruction select corresponding Encryption Algorithm.Preferably, before carrying out data encrypting and deciphering operation, configuration-direct pair is first passed through
Data encrypting and deciphering module is configured to select specific Encryption Algorithm.Wherein, Encryption Algorithm includes AES-128/256, SM2,
SM3, SM4, RSA, 3DES, SHA etc..
In the present invention, each data encrypting and deciphering module binds corresponding storage unit, it is preferable that storage unit is according to matching
It sets instruction to dynamically distribute, namely calculates required storage sky according to specific encryption and decryption tupe and task data length gauge
Between, it determines write-in data or reads the initial position of data, the data to encryption and decryption are written by this position, are finally read from this position
Data of encryption and decryption out, complete the processing of an encryption and decryption, to realize dynamic allocation storage unit.
In a kind of preferred embodiments, the store instruction that control module receiving host is sent, control module will be to specific
The write operation of address resolves to a kind of encryption and decryption instruction of encryption mode, obtains host is resolved to the read operation of particular address
Assignment instructions.Wherein, address mapping table is saved in control module, records the initial address of each storage unit, space size, right
Therefore the data encrypting and deciphering module and its encryption and decryption type answered will be resolved to a kind of add to the write operation of some storage unit
The encryption and decryption order of close mode (being arranged by configuration-direct).For example 0x100000 starts as 001 number encryption/decryption module
Cryptographic operation, 0x200000 start as the decryption oprerations of 001 number encryption/decryption module.And the length address is subjected to equal portions
It divides, such as 0x800 (2K) can be set by the length of each storage unit reservation process data, add then just having 128
Decryption unit, then each 2K corresponds to a data encryption/decryption module from 0x100000 to 0x13ffff, and 0x140000 is arrived
0x1fffff is then reserved to the more processing units of this encryption and decryption.It is of course also possible to more for a data encryption/decryption module distribution
A storage unit.Corresponding encryption and decryption address writes data and then starts enciphering/deciphering processing, will obtain having added from this address reading later/
The data of decryption.For example, control instruction is the storage unit for being 0x100000 by data information writing address, then control module will
Data information is sent to 001 number encryption/decryption module and starts cryptographic operation, and after cryptographic operation, the data of encryption are believed
Breath is stored in the storage unit that address is 0x100000;Equally, to the storage list for being 0x200000 by data information writing address
Member, then data information is sent to 001 number encryption/decryption module and starts decryption oprerations by control module, and cryptographic operation terminates
Afterwards, the storage unit that the data information memory of encryption is 0x200000 in address.
In a kind of preferred embodiments, storage unit is integrated in data encrypting and deciphering module, and control unit passes through address
Mapping table manages each storage unit.
In a kind of preferred embodiments, storage unit uses EMMC or Flash storage device.
In a kind of preferred embodiments, data encrypting and deciphering module uses the S686 main control chip of Hua Lanwei company.To
Pressure can be shared for control module while carrying out data encrypting and deciphering processing, reduce the consumption and occupancy of its resource.S686
Built-in hardware encryption module supports AES-128/256, SM2, SM3, and SM4, RSA, the multiple encryption algorithms such as 3DES, SHA can
While guaranteeing that the quick encryption and decryption of data is handled, do not cause damages to the read-write transmission performance of data.Built-in random number hair
Raw device can be carried out driving by firmware in piece and generate random number, guarantee the truly random property that key generates.S686 compatible to SD 1.0,
The agreements such as SD2.0, SD3.0 and EMMC3.3, EMMC4.0, EMMC5.0 carry out memory management using 32 embedded type CPUs, and
It supports multichannel memory management, helps the quick processing for carrying out data and read-write operation.
Referring to fig. 2, it is shown the functional block diagram of data encrypting and deciphering module of the present invention, further comprises MCU, random number generation
Device, algorithm storage unit and encryption and decryption processing unit, the algorithm storage unit is for storing Encryption Algorithm;At the encryption and decryption
Reason unit is used to load corresponding Encryption Algorithm according to the instruction of MCU and executes encryption/decryption;The randomizer
For generating the key for being used for the Encryption Algorithm;The MCU and the randomizer, algorithm storage unit and encryption and decryption
Processing unit, for controlling the work of the data encrypting and deciphering module.
The above description of the embodiment is only used to help understand the method for the present invention and its core ideas.It should be pointed out that pair
For those skilled in the art, without departing from the principle of the present invention, the present invention can also be carried out
Some improvements and modifications, these improvements and modifications also fall within the scope of protection of the claims of the present invention.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of data ciphering method of encrypted card, which comprises the following steps:
Step S1: encryption/task of decryption that receiving host is sent;
Step S2: encryption/task of decryption to be processed is distributed into the data encrypting and deciphering module of idle state and in encryption/decryption
Directly task after processing is stored to the corresponding storage unit of data encrypting and deciphering module after the completion of operation;The data add
Deciphering module has unique identifying number;
Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;
Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to host.
2. the data ciphering method of encrypted card according to claim 1, which is characterized in that in step S3, by monitoring number
Information table is updated according to encryption/decryption module and the operation of encrypted card is controlled according to the information table;The information table includes at least task
Number, module number, action type, status information and storage address information, the mission number are each received task
The unique identifying number of setting;The module number is the mark that the data encrypting and deciphering module of encryption/decryption is carried out to the task
Knowledge number;The action type is that data encrypting and deciphering module carries out cryptographic operation or decryption oprerations to the task;The status information
For the working condition of data encrypting and deciphering module;The storage address information is to store the task to carry out number after encryption/decryption
It is believed that the address information of breath.
3. the data ciphering method of encrypted card according to claim 1 or 2, which is characterized in that each data encrypting and deciphering mould
Multiple storage units are arranged in block, and each storage unit is for storing a cryptographic tasks.
4. the data ciphering method of encrypted card according to claim 3, which is characterized in that further include the configuration of receiving host
Instruct and redistribute according to configuration-direct the storage unit of the data encrypting and deciphering module, the access unit address space
It is reset according to the data length of encryption algorithm type and waiting task.
5. the data ciphering method of encrypted card according to claim 3, which is characterized in that the configuration-direct is for configuring
The encryption/decryption parameter of data encrypting and deciphering module;The encryption/decryption parameter includes at least encryption algorithm type, is AES-128/256,
Any one of SM2, SM3, SM4, RSA, 3DES or SHA.
6. the data ciphering method of encrypted card according to claim 1 or 2, which is characterized in that in the step S3,
Updating information table after the completion of encryption/decryption and completing message to host feedback task includes that the task corresponds to storage unit
Address information.
7. the data ciphering method of encrypted card according to claim 6, which is characterized in that in step s 4, receiving host
The assignment instructions that obtain of transmission are the reading instruction to appropriate address space.
8. the data ciphering method of encrypted card according to claim 1 or 2, which is characterized in that in step sl, receive master
Encryption/task of decryption that machine is sent is the write command to appropriate address space.
9. the data ciphering method of encrypted card according to claim 1 or 2, which is characterized in that the data encrypting and deciphering mould
Block further comprises MCU, randomizer, algorithm storage unit and encryption and decryption processing unit, and the algorithm storage unit is used
In storage Encryption Algorithm;The encryption and decryption processing unit, which is used to load corresponding Encryption Algorithm according to the instruction of MCU and execute, to be added
Close/decryption oprerations;The randomizer is used to generate the key for the Encryption Algorithm;The MCU and described random
Number generator, algorithm storage unit and encryption and decryption processing unit, for controlling the work of the data encrypting and deciphering module.
10. the data ciphering method of encrypted card according to claim 9, which is characterized in that the data encrypting and deciphering module
Using the S686 main control chip of Hua Lanwei company.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810850409.0A CN109067523A (en) | 2018-07-28 | 2018-07-28 | A kind of data ciphering method of encrypted card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810850409.0A CN109067523A (en) | 2018-07-28 | 2018-07-28 | A kind of data ciphering method of encrypted card |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109067523A true CN109067523A (en) | 2018-12-21 |
Family
ID=64831329
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810850409.0A Pending CN109067523A (en) | 2018-07-28 | 2018-07-28 | A kind of data ciphering method of encrypted card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109067523A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109995508A (en) * | 2019-04-30 | 2019-07-09 | 上海安路信息科技有限公司 | A kind of ciphering and deciphering device and method of FPGA code stream |
CN110650008A (en) * | 2019-08-30 | 2020-01-03 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Multi-port FC encryption method and device |
CN111258756A (en) * | 2020-01-09 | 2020-06-09 | 奇安信科技集团股份有限公司 | Load balancing method and device, computer equipment and readable storage medium |
CN112217643A (en) * | 2019-07-09 | 2021-01-12 | 华为技术有限公司 | Operation method, device and equipment |
CN114691584A (en) * | 2022-04-01 | 2022-07-01 | 广州万协通信息技术有限公司 | SM1 encryption and decryption device based on PCIE interface high-speed data stream |
WO2023020234A1 (en) * | 2021-08-19 | 2023-02-23 | 支付宝(杭州)信息技术有限公司 | External memory, method for providing password service, and service processing device |
CN115994106A (en) * | 2023-02-17 | 2023-04-21 | 广州万协通信息技术有限公司 | Mass data encryption and decryption method, data security device and electronic equipment |
CN116226940A (en) * | 2022-12-08 | 2023-06-06 | 广州万协通信息技术有限公司 | PCIE-based data security processing method and data security processing system |
CN116302490A (en) * | 2023-02-02 | 2023-06-23 | 广州万协通信息技术有限公司 | Multi-channel security chip scheduling method and security chip device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101471915A (en) * | 2007-12-29 | 2009-07-01 | 科骏康电子(深圳)有限公司 | Encipher method and encipher device |
CN103345453A (en) * | 2013-06-27 | 2013-10-09 | 清华大学 | Hard disk data encryption card supporting SATA interface and encryption and decryption method |
CN103942107A (en) * | 2014-04-23 | 2014-07-23 | 杭州电子科技大学 | Distributed encryption system |
CN106060024A (en) * | 2016-05-23 | 2016-10-26 | 厦门雅迅网络股份有限公司 | Safe group position query method and system |
CN107256363A (en) * | 2017-06-13 | 2017-10-17 | 杭州华澜微电子股份有限公司 | A kind of high-speed encryption and decryption device being made up of encryption/decryption module array |
-
2018
- 2018-07-28 CN CN201810850409.0A patent/CN109067523A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101471915A (en) * | 2007-12-29 | 2009-07-01 | 科骏康电子(深圳)有限公司 | Encipher method and encipher device |
CN103345453A (en) * | 2013-06-27 | 2013-10-09 | 清华大学 | Hard disk data encryption card supporting SATA interface and encryption and decryption method |
CN103942107A (en) * | 2014-04-23 | 2014-07-23 | 杭州电子科技大学 | Distributed encryption system |
CN106060024A (en) * | 2016-05-23 | 2016-10-26 | 厦门雅迅网络股份有限公司 | Safe group position query method and system |
CN107256363A (en) * | 2017-06-13 | 2017-10-17 | 杭州华澜微电子股份有限公司 | A kind of high-speed encryption and decryption device being made up of encryption/decryption module array |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109995508A (en) * | 2019-04-30 | 2019-07-09 | 上海安路信息科技有限公司 | A kind of ciphering and deciphering device and method of FPGA code stream |
CN112217643A (en) * | 2019-07-09 | 2021-01-12 | 华为技术有限公司 | Operation method, device and equipment |
WO2021004454A1 (en) * | 2019-07-09 | 2021-01-14 | 华为技术有限公司 | Operation method, apparatus and device |
CN112217643B (en) * | 2019-07-09 | 2021-12-10 | 华为技术有限公司 | Operation method, device and equipment |
US11868485B2 (en) | 2019-07-09 | 2024-01-09 | Huawei Technologies Co., Ltd. | Operation method, operation apparatus, and device |
CN110650008A (en) * | 2019-08-30 | 2020-01-03 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Multi-port FC encryption method and device |
CN111258756A (en) * | 2020-01-09 | 2020-06-09 | 奇安信科技集团股份有限公司 | Load balancing method and device, computer equipment and readable storage medium |
CN111258756B (en) * | 2020-01-09 | 2024-02-06 | 奇安信科技集团股份有限公司 | Load balancing method, device, computer equipment and readable storage medium |
WO2023020234A1 (en) * | 2021-08-19 | 2023-02-23 | 支付宝(杭州)信息技术有限公司 | External memory, method for providing password service, and service processing device |
CN114691584B (en) * | 2022-04-01 | 2023-10-27 | 广州万协通信息技术有限公司 | SM1 encryption and decryption device based on PCIE interface high-speed data stream |
CN114691584A (en) * | 2022-04-01 | 2022-07-01 | 广州万协通信息技术有限公司 | SM1 encryption and decryption device based on PCIE interface high-speed data stream |
CN116226940A (en) * | 2022-12-08 | 2023-06-06 | 广州万协通信息技术有限公司 | PCIE-based data security processing method and data security processing system |
CN116226940B (en) * | 2022-12-08 | 2024-04-26 | 广州万协通信息技术有限公司 | PCIE-based data security processing method and data security processing system |
CN116302490A (en) * | 2023-02-02 | 2023-06-23 | 广州万协通信息技术有限公司 | Multi-channel security chip scheduling method and security chip device |
CN116302490B (en) * | 2023-02-02 | 2024-05-31 | 广州万协通信息技术有限公司 | Multi-channel security chip scheduling method and security chip device |
CN115994106B (en) * | 2023-02-17 | 2023-09-05 | 广州万协通信息技术有限公司 | Mass data encryption and decryption method, data security device and electronic equipment |
CN115994106A (en) * | 2023-02-17 | 2023-04-21 | 广州万协通信息技术有限公司 | Mass data encryption and decryption method, data security device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109067523A (en) | A kind of data ciphering method of encrypted card | |
CN109325356A (en) | A kind of encryption card architecture | |
CN109104275A (en) | A kind of HSM equipment | |
US9251380B1 (en) | Method and storage device for isolating and preventing access to processor and memory used in decryption of text | |
CN107256363B (en) | High-speed encryption and decryption device composed of encryption and decryption module array | |
US8516232B2 (en) | Method and memory device for performing an operation on data | |
CN104090853A (en) | Solid-state disc encryption method and system | |
CN102930212B (en) | For the anti-leakage of data method of office system | |
US10846441B2 (en) | Computer system | |
EP2722787A1 (en) | Method and apparatus for writing and reading encrypted hard disk data | |
CN107092835A (en) | The computer data enciphering device and method of a kind of virtual memory disk | |
CN107315966B (en) | Solid state disk data encryption method and system | |
CN112035900B (en) | High-performance password card and communication method thereof | |
CN114297114B (en) | Encryption card, data interaction method and device thereof and computer readable storage medium | |
CN103902932B (en) | Method for encryption through data encryption and decryption device for USB storage devices | |
CN106612247A (en) | A data processing method and a storage gateway | |
CN110765467A (en) | Encrypted solid state disk | |
CN115859386A (en) | Chip accelerator, encryption and decryption method and device, computer equipment and storage medium | |
CN109711208B (en) | USB interface equipment data encryption conversion device and working method thereof | |
CN102930229B (en) | Office system for improving data security | |
CN101841353B (en) | Method and equipment for encrypting data through softdog | |
CN112269649A (en) | Method, device and system for realizing asynchronous execution of host task | |
CN110765498A (en) | Encryption computer | |
CN105550605A (en) | Encryption/decryption engine and implementation method thereof | |
CN110765500A (en) | Data processing method of encrypted solid state disk |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181221 |