CN109067523A - A kind of data ciphering method of encrypted card - Google Patents

A kind of data ciphering method of encrypted card Download PDF

Info

Publication number
CN109067523A
CN109067523A CN201810850409.0A CN201810850409A CN109067523A CN 109067523 A CN109067523 A CN 109067523A CN 201810850409 A CN201810850409 A CN 201810850409A CN 109067523 A CN109067523 A CN 109067523A
Authority
CN
China
Prior art keywords
encryption
decryption
data
task
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810850409.0A
Other languages
Chinese (zh)
Inventor
樊凌雁
胡嘉航
楚传仁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Hangzhou Electronic Science and Technology University
Original Assignee
Hangzhou Electronic Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Electronic Science and Technology University filed Critical Hangzhou Electronic Science and Technology University
Priority to CN201810850409.0A priority Critical patent/CN109067523A/en
Publication of CN109067523A publication Critical patent/CN109067523A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data ciphering methods of encrypted card, comprising the following steps: step S1: encryption/task of decryption that receiving host is sent;Step S2: encryption/task of decryption to be processed is distributed into the data encrypting and deciphering module of idle state and directly stores task after processing to the corresponding storage unit of data encrypting and deciphering module after the completion of encryption/decryption;Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to host.Compared with prior art, the present invention combines memory and encryption device, and host realizes that encryption and decryption operation greatly improves host process efficiency without waiting encryption and decryption task to complete in real time by control store instruction and informing mechanism.

Description

A kind of data ciphering method of encrypted card
Technical field
The present invention relates to technical field of data security more particularly to a kind of data ciphering methods of encrypted card.
Background technique
Hardware security module (Hardware Secure Module, HSM) has been got over as a kind of important encryption equipment To be more widely applied in the fields such as government, finance, communication, national defence.Due to being related to the protection and safety of sensitive information, use Hardware security module to storage medium encrypt it is particularly important, can to avoid when storing device losses important or private information let out It is close.There is the implementation of hardware security module on China and the international at present, is able to achieve RSA, elliptic curve/SM2, SM4 etc. and adds Close algorithm supports the multiple interfaces such as PCI/PCI-X, PCI-E/mini PCI-E.In the prior art, hardware security module is usual Using encrypted card realize in data Encrypt and Decrypt operation, at present encrypted card be by special chip (usually FPGA, FPGA turn ASIC it) realizes, needs with customized non-standard dedicated api interface, the application due to existing product based on the end PC is all with certainly Definition, off-gauge API, lead to the operating system to each application, will in addition provide original part driving.In different computers Under operating system, special driving is needed to service for it, this exploitation to software can expend huge manpower, practical The compatibility of upper software is to promote this kind of product, maximum problem.
Meanwhile encrypted card usually only has single encryption function in the prior art, directly returns and adds after the completion of encryption Ciphertext data, host needs to monitor encrypted state in real time, to greatly occupy host resource.
Therefore in view of the drawbacks of the prior art, it is really necessary to propose a kind of technical solution to solve skill of the existing technology Art problem.
Summary of the invention
In view of this, being solved it is necessory to provide a kind of data ciphering method of encrypted card using the communications protocol of standard Prior art systems compatibility and driving problems;Memory and encryption device are combined simultaneously, host passes through storage control Instruction and informing mechanism realize that encryption and decryption operation greatly improves host without waiting encryption and decryption task to complete in real time Treatment effeciency;And high-speed data encryption and decryption behaviour is realized by the way that multiple data encrypting and deciphering modules and a variety of enciphering and deciphering algorithms are arranged Make.
In order to overcome the drawbacks of the prior art, technical scheme is as follows:
A kind of data ciphering method of encrypted card, comprising the following steps:
Step S1: encryption/task of decryption that receiving host is sent;
Step S2: by encryption/task of decryption to be processed distribute to idle state data encrypting and deciphering module and encryption/ Directly task after processing is stored to the corresponding storage unit of data encrypting and deciphering module after the completion of decryption oprerations;The number There is unique identifying number according to encryption/decryption module;
Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;
Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to master Machine.
As a preferred technical solution, in step S3, information table is updated by monitored data encryption/decryption module and according to institute State the operation of information table control encrypted card;The information table includes at least mission number, module number, action type, state letter Breath and storage address information, the mission number are the unique identifying number of each received task setting;The module number For the identification number of the data encrypting and deciphering module to task progress encryption/decryption;The action type is data encrypting and deciphering Module carries out cryptographic operation or decryption oprerations to the task;The status information is the working condition of data encrypting and deciphering module;Institute Stating storage address information is the address information for storing the task and carrying out data information after encryption/decryption.
Multiple storage units are arranged in each data encrypting and deciphering module as a preferred technical solution, and each storage unit is used In one cryptographic tasks of storage.
As a preferred technical solution, further include the configuration-direct of receiving host and is redistributed according to configuration-direct described The storage unit of data encrypting and deciphering module, the access unit address space is according to encryption algorithm type and waiting task Data length is reset.
The configuration-direct is used for the encryption/decryption parameter of configuration data encryption/decryption module as a preferred technical solution,;Institute Encryption/decryption parameter is stated including at least encryption algorithm type, is in AES-128/256, SM2, SM3, SM4, RSA, 3DES or SHA It is any.
As a preferred technical solution, in the step S3, after the completion of encryption/decryption update information table and to It includes that the task corresponds to access unit address information that host, which feeds back task to complete message,.
As a preferred technical solution, in step s 4, the acquisition assignment instructions that receiving host is sent are to appropriate address The reading instruction in space.
As a preferred technical solution, in step sl, encryption/task of decryption that receiving host is sent is to appropriate address The write command in space.
The data encrypting and deciphering module further comprises MCU, randomizer, algorithm as a preferred technical solution, Storage unit and encryption and decryption processing unit, the algorithm storage unit is for storing Encryption Algorithm;The encryption and decryption processing unit For loading corresponding Encryption Algorithm according to the instruction of MCU and executing encryption/decryption;The randomizer is for producing The raw key for being used for the Encryption Algorithm;The MCU and the randomizer, algorithm storage unit and encryption and decryption processing are single Member, for controlling the work of the data encrypting and deciphering module.
The data encrypting and deciphering module uses the S686 main control chip of Hua Lanwei company as a preferred technical solution,.
Compared with prior art, the present invention solves prior art systems compatibility using the communications protocol of standard and drives Dynamic problem, memory and encryption device are combined, and host realizes encryption and decryption behaviour by control store instruction and informing mechanism Make, host greatly improves host process efficiency without waiting encryption and decryption task to complete in real time;And by the way that multiple data are arranged Encryption/decryption module and a variety of enciphering and deciphering algorithms realize the operation of high-speed data encryption and decryption.
Detailed description of the invention
Fig. 1 is the functional block diagram that card architecture is encrypted in the present invention.
Fig. 2 is the functional block diagram of data encrypting and deciphering module in the present invention.
The flow diagram of the data ciphering method of the position Fig. 3 encrypted card of the present invention.
Following specific embodiment will further illustrate the present invention in conjunction with above-mentioned attached drawing.
Specific embodiment
Technical solution provided by the invention is described further below with reference to attached drawing.
Since prior art encrypted card product is all to lead to the operation system to each application with customized, off-gauge API In addition system will provide original part driving, this exploitation to software can expend huge manpower, the actually compatibility of software, It is big to make this kind of product promote difficulty.
Referring to Fig. 3, it show a kind of flow chart of the data ciphering method of encrypted card of the present invention, comprising the following steps:
Step S1: encryption/task of decryption that receiving host is sent;
Step S2: by encryption/task of decryption to be processed distribute to idle state data encrypting and deciphering module and encryption/ Directly task after processing is stored to the corresponding storage unit of data encrypting and deciphering module after the completion of decryption oprerations;The number There is unique identifying number according to encryption/decryption module;
Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;
Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to master Machine.
Wherein, in step sl, encryption/task of decryption that receiving host is sent is the write command to appropriate address space.
In the step S3, information table is updated after the completion of encryption/decryption and is disappeared to host feedback task completion Breath includes that the task corresponds to access unit address information.
In step s 4, it is the reading instruction to appropriate address space that receiving host was sent, which obtains assignment instructions,.
By adopting the above technical scheme, memory and encryption device are combined, host is by control store instruction and leads to Know that mechanism realizes encryption and decryption operation, host greatly improves host process efficiency without waiting encryption and decryption task to complete in real time.It is right For external host, encrypted card is equivalent to common external a generic storage equipment, such as USB flash disk, hard disk etc., it might even be possible to have Drive has the attribute of the normal hard disk such as storage size, and unlike the prior art, the present invention is in normal read-write operation Under, it has been also equipped with data encrypting and deciphering function.Under framework of the present invention, data encryption operation is equivalent to and adds be-encrypted data write-in Close card, while other operations can be handled after host transmission task, without waiting;Cryptographic operation is completed, and encrypted card sends notice Instruction informs that the cryptographic operation of host corresponding task is completed, and host obtains the data letter for being stored in appropriate address by reading instruction again Breath completes primary encryption/decryption oprerations.
In a preferred embodiment, in step S3, information table and basis are updated by monitored data encryption/decryption module The operation of the information table control encrypted card;The information table includes at least mission number, module number, action type, state Information and storage address information, the mission number are the unique identifying number of each received task setting;The module is compiled Number for the task carry out encryption/decryption data encrypting and deciphering module identification number;The action type is that data add solution Close module carries out cryptographic operation or decryption oprerations to the task;The status information is the working condition of data encrypting and deciphering module; The storage address information is the address information for storing the task and carrying out data information after encryption/decryption.
In above-mentioned technical proposal, multiple storage units are arranged in each data encrypting and deciphering module, and each storage unit is for depositing Store up an encryption and decryption task.After each encryption and decryption task has been handled, store into one of storage unit;Task stores it Afterwards, data encrypting and deciphering module can handle next encryption and decryption task;Meanwhile control module directly reads storage unit It writes, is completely independent to host feedback data and data encrypting and deciphering process, thus greatly high treatment effeciency.In addition, by setting The state for setting the read-write of storage flag mark data, task has been stored to phase after state, which is set to ready, indicates encryption/decryption The storage unit answered;State is set to done expression and has read corresponding data from storage unit, then the memory space can To be released;Greatly improve storage space utilization.
In a preferred embodiment, further include the steps that the configuration-direct of receiving host, configuration-direct is for configuring The encryption/decryption parameter of data encrypting and deciphering module;The encryption/decryption parameter includes at least encryption algorithm type, is AES-128/256, Any one of SM2, SM3, SM4, RSA, 3DES or SHA.Meanwhile configuration-direct further includes the data length of waiting task, Data encrypting and deciphering module redistributes access unit address space according to configuration-direct.For example, current crypto task size is 2K, the length after using SM2 Encryption Algorithm to handle then carry out memory space using the space 4K as basic storage unit for 4K It redistributes.By adopting the above technical scheme, setting Encryption Algorithm can be required according to user and be arranged according to actual needs optimal Storage unit.
Referring to Fig. 1, it show the functional block diagram that card architecture is encrypted in the present invention, including interface module, control module, data Encryption/decryption module and memory module, wherein interface module uses standard interface, for carrying out data communication with host, it is preferable that Interface module is any one of PCIe, SATA, USB, SAS, IEEE1394, SD, eMMC or SPI interface.Due to using general Standard interface, while using agreement control instruction (Data Transport Protocol) realize encryption and decryption operation, without installation drive Dynamic program can realize plug and play under different operating system.
Multiple storage units are arranged in memory module in data encrypting and deciphering module and memory module ingenious combination by the present invention; Data encrypting and deciphering module is used to carry out encryption/decryption to being distributed for task according to the control instruction of control module and will Task after encrypted/decryption is stored in corresponding storage unit;Meanwhile control module is also connected with memory module, it can Directly read the data information in memory module.By adopting the above technical scheme, by the operation of the encryption and decryption of encrypted card it is fully enclosed in Inside, for external host, encrypted card is equivalent to common external a generic storage equipment, such as USB flash disk, hard disk etc., very Can extremely there be drive, have the attribute of the normal hard disk such as storage size, only under normal read-write operation, the hard disk is also Has data encrypting and deciphering function.Under framework of the present invention, data encryption operation is equivalent to, encrypted card is written into be-encrypted data, Other operations can be handled after host transmission task simultaneously, without waiting;Cryptographic operation is completed, and encrypted card sends notification instruction and accuses Know that the cryptographic operation of host corresponding task is completed, host obtains the data information for being stored in appropriate address by reading instruction again, complete At primary encryption/decryption oprerations.
Control module is the core of the encryption card architecture, for controlling the operation of encrypted card;Wherein, control module is by connecing The task that mouth mold block receiving host is sent, distributes to data encrypting and deciphering module for received task;Control module monitoring data adds The state of deciphering module, control module completes message to host feedback task to allow master after the completion of task encryption/decryption Machine is obtained in time through encryption and decryption treated task;Further, it is read after the acquisition assignment instructions of control module receiving host The data information of corresponding storage unit is simultaneously sent to host.
Further, multiple data encrypting and deciphering modules are arranged in encrypted card, and each data encrypting and deciphering module has unique identification Number and distribute corresponding storage unit to store the task after encryption/decryption.To greatly improve Data Concurrent processing capacity It is stronger.
In a preferred embodiment, setting information table in control module, the control module monitored data encryption and decryption Module updates information table and controls the operation of the encrypted card according to the information table;Information table includes at least mission number, mould Block number, action type, status information and storage address information, mission number are unique mark of each received task setting Knowledge number;Module number is the identification number that the data encrypting and deciphering module of encryption/decryption is carried out to the task;Action type is number Cryptographic operation or decryption oprerations are carried out to the task according to encryption/decryption module;Status information is the work shape of data encrypting and deciphering process State;Storage address information is the address information for storing the task and carrying out data information after encryption/decryption.Specifically, control After the task that module receiving host is sent, establishes an I/O task and determine corresponding mission number, completed in I/O task specified After operation, host can just be fed back accordingly;After establishing I/O task, control module distributes an idle data encrypting and deciphering Module simultaneously obtains its module number, while listening for data encrypting and deciphering module execution encryption/decryption to update information table, In, status information includes at least busy, idle, ready and done, wherein state, which is set to busy, indicates data encrypting and deciphering module Carrying out data processing;State, which is set to idle, indicates that data encrypting and deciphering resume module completes task, can undertake new task; Task has been stored to corresponding storage unit after state is set to ready expression encryption/decryption;State is set to done and indicates Through having read corresponding data from storage unit, then the memory space can be released.It therefore, can be with by above- mentioned information table It is apparent from the process status, the working condition of data encrypting and deciphering module and the address space of memory module of any one task State, so that the encryption and decryption of carry out task be facilitated to handle.
In a kind of preferred embodiments, the order of Data Transport Protocol has stack function, to solve read write command Out-of-order response problem, IO queue is managed operational order, realizes concurrent data encrypting and deciphering processing.Add for each Decryption oprerations, because the data length of encryption and decryption and enciphering and deciphering algorithm are different, the duration of processing is also different, every time encryption and decryption point It being handled with one hardware encryption card of network, after the completion of waiting processing, is there is the stack-protocol of storage, notice system task is completed, Finally the data after process encryption and decryption are sent.Therefore, when being written and read every time, encrypted card can all establish one A I/O task just can feed back accordingly host after I/O task completes read-write operation.
In a kind of preferred embodiments, by the control instruction of agreement by action type and specific memory address space Binding, that is, memory space address is carried out particular division, the write operation of a specified address and length data can be taken as A kind of encryption and decryption order of encryption mode can notify the read operation carried out to this address after encryption and decryption is disposed automatically, read The data taken are then the data after encryption and decryption is disposed.
In a kind of preferred embodiments, multiple encryption algorithms are set in data encrypting and deciphering module, according to control module Control instruction select corresponding Encryption Algorithm.Preferably, before carrying out data encrypting and deciphering operation, configuration-direct pair is first passed through Data encrypting and deciphering module is configured to select specific Encryption Algorithm.Wherein, Encryption Algorithm includes AES-128/256, SM2, SM3, SM4, RSA, 3DES, SHA etc..
In the present invention, each data encrypting and deciphering module binds corresponding storage unit, it is preferable that storage unit is according to matching It sets instruction to dynamically distribute, namely calculates required storage sky according to specific encryption and decryption tupe and task data length gauge Between, it determines write-in data or reads the initial position of data, the data to encryption and decryption are written by this position, are finally read from this position Data of encryption and decryption out, complete the processing of an encryption and decryption, to realize dynamic allocation storage unit.
In a kind of preferred embodiments, the store instruction that control module receiving host is sent, control module will be to specific The write operation of address resolves to a kind of encryption and decryption instruction of encryption mode, obtains host is resolved to the read operation of particular address Assignment instructions.Wherein, address mapping table is saved in control module, records the initial address of each storage unit, space size, right Therefore the data encrypting and deciphering module and its encryption and decryption type answered will be resolved to a kind of add to the write operation of some storage unit The encryption and decryption order of close mode (being arranged by configuration-direct).For example 0x100000 starts as 001 number encryption/decryption module Cryptographic operation, 0x200000 start as the decryption oprerations of 001 number encryption/decryption module.And the length address is subjected to equal portions It divides, such as 0x800 (2K) can be set by the length of each storage unit reservation process data, add then just having 128 Decryption unit, then each 2K corresponds to a data encryption/decryption module from 0x100000 to 0x13ffff, and 0x140000 is arrived 0x1fffff is then reserved to the more processing units of this encryption and decryption.It is of course also possible to more for a data encryption/decryption module distribution A storage unit.Corresponding encryption and decryption address writes data and then starts enciphering/deciphering processing, will obtain having added from this address reading later/ The data of decryption.For example, control instruction is the storage unit for being 0x100000 by data information writing address, then control module will Data information is sent to 001 number encryption/decryption module and starts cryptographic operation, and after cryptographic operation, the data of encryption are believed Breath is stored in the storage unit that address is 0x100000;Equally, to the storage list for being 0x200000 by data information writing address Member, then data information is sent to 001 number encryption/decryption module and starts decryption oprerations by control module, and cryptographic operation terminates Afterwards, the storage unit that the data information memory of encryption is 0x200000 in address.
In a kind of preferred embodiments, storage unit is integrated in data encrypting and deciphering module, and control unit passes through address Mapping table manages each storage unit.
In a kind of preferred embodiments, storage unit uses EMMC or Flash storage device.
In a kind of preferred embodiments, data encrypting and deciphering module uses the S686 main control chip of Hua Lanwei company.To Pressure can be shared for control module while carrying out data encrypting and deciphering processing, reduce the consumption and occupancy of its resource.S686 Built-in hardware encryption module supports AES-128/256, SM2, SM3, and SM4, RSA, the multiple encryption algorithms such as 3DES, SHA can While guaranteeing that the quick encryption and decryption of data is handled, do not cause damages to the read-write transmission performance of data.Built-in random number hair Raw device can be carried out driving by firmware in piece and generate random number, guarantee the truly random property that key generates.S686 compatible to SD 1.0, The agreements such as SD2.0, SD3.0 and EMMC3.3, EMMC4.0, EMMC5.0 carry out memory management using 32 embedded type CPUs, and It supports multichannel memory management, helps the quick processing for carrying out data and read-write operation.
Referring to fig. 2, it is shown the functional block diagram of data encrypting and deciphering module of the present invention, further comprises MCU, random number generation Device, algorithm storage unit and encryption and decryption processing unit, the algorithm storage unit is for storing Encryption Algorithm;At the encryption and decryption Reason unit is used to load corresponding Encryption Algorithm according to the instruction of MCU and executes encryption/decryption;The randomizer For generating the key for being used for the Encryption Algorithm;The MCU and the randomizer, algorithm storage unit and encryption and decryption Processing unit, for controlling the work of the data encrypting and deciphering module.
The above description of the embodiment is only used to help understand the method for the present invention and its core ideas.It should be pointed out that pair For those skilled in the art, without departing from the principle of the present invention, the present invention can also be carried out Some improvements and modifications, these improvements and modifications also fall within the scope of protection of the claims of the present invention.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (10)

1. a kind of data ciphering method of encrypted card, which comprises the following steps:
Step S1: encryption/task of decryption that receiving host is sent;
Step S2: encryption/task of decryption to be processed is distributed into the data encrypting and deciphering module of idle state and in encryption/decryption Directly task after processing is stored to the corresponding storage unit of data encrypting and deciphering module after the completion of operation;The data add Deciphering module has unique identifying number;
Step S3: while updating information table after the completion of encryption/decryption and completing message to host feedback task;
Step S4: the data information that corresponding storage unit is read after the acquisition assignment instructions that receiving host is sent is sent to host.
2. the data ciphering method of encrypted card according to claim 1, which is characterized in that in step S3, by monitoring number Information table is updated according to encryption/decryption module and the operation of encrypted card is controlled according to the information table;The information table includes at least task Number, module number, action type, status information and storage address information, the mission number are each received task The unique identifying number of setting;The module number is the mark that the data encrypting and deciphering module of encryption/decryption is carried out to the task Knowledge number;The action type is that data encrypting and deciphering module carries out cryptographic operation or decryption oprerations to the task;The status information For the working condition of data encrypting and deciphering module;The storage address information is to store the task to carry out number after encryption/decryption It is believed that the address information of breath.
3. the data ciphering method of encrypted card according to claim 1 or 2, which is characterized in that each data encrypting and deciphering mould Multiple storage units are arranged in block, and each storage unit is for storing a cryptographic tasks.
4. the data ciphering method of encrypted card according to claim 3, which is characterized in that further include the configuration of receiving host Instruct and redistribute according to configuration-direct the storage unit of the data encrypting and deciphering module, the access unit address space It is reset according to the data length of encryption algorithm type and waiting task.
5. the data ciphering method of encrypted card according to claim 3, which is characterized in that the configuration-direct is for configuring The encryption/decryption parameter of data encrypting and deciphering module;The encryption/decryption parameter includes at least encryption algorithm type, is AES-128/256, Any one of SM2, SM3, SM4, RSA, 3DES or SHA.
6. the data ciphering method of encrypted card according to claim 1 or 2, which is characterized in that in the step S3, Updating information table after the completion of encryption/decryption and completing message to host feedback task includes that the task corresponds to storage unit Address information.
7. the data ciphering method of encrypted card according to claim 6, which is characterized in that in step s 4, receiving host The assignment instructions that obtain of transmission are the reading instruction to appropriate address space.
8. the data ciphering method of encrypted card according to claim 1 or 2, which is characterized in that in step sl, receive master Encryption/task of decryption that machine is sent is the write command to appropriate address space.
9. the data ciphering method of encrypted card according to claim 1 or 2, which is characterized in that the data encrypting and deciphering mould Block further comprises MCU, randomizer, algorithm storage unit and encryption and decryption processing unit, and the algorithm storage unit is used In storage Encryption Algorithm;The encryption and decryption processing unit, which is used to load corresponding Encryption Algorithm according to the instruction of MCU and execute, to be added Close/decryption oprerations;The randomizer is used to generate the key for the Encryption Algorithm;The MCU and described random Number generator, algorithm storage unit and encryption and decryption processing unit, for controlling the work of the data encrypting and deciphering module.
10. the data ciphering method of encrypted card according to claim 9, which is characterized in that the data encrypting and deciphering module Using the S686 main control chip of Hua Lanwei company.
CN201810850409.0A 2018-07-28 2018-07-28 A kind of data ciphering method of encrypted card Pending CN109067523A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810850409.0A CN109067523A (en) 2018-07-28 2018-07-28 A kind of data ciphering method of encrypted card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810850409.0A CN109067523A (en) 2018-07-28 2018-07-28 A kind of data ciphering method of encrypted card

Publications (1)

Publication Number Publication Date
CN109067523A true CN109067523A (en) 2018-12-21

Family

ID=64831329

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810850409.0A Pending CN109067523A (en) 2018-07-28 2018-07-28 A kind of data ciphering method of encrypted card

Country Status (1)

Country Link
CN (1) CN109067523A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995508A (en) * 2019-04-30 2019-07-09 上海安路信息科技有限公司 A kind of ciphering and deciphering device and method of FPGA code stream
CN110650008A (en) * 2019-08-30 2020-01-03 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Multi-port FC encryption method and device
CN111258756A (en) * 2020-01-09 2020-06-09 奇安信科技集团股份有限公司 Load balancing method and device, computer equipment and readable storage medium
CN112217643A (en) * 2019-07-09 2021-01-12 华为技术有限公司 Operation method, device and equipment
CN114691584A (en) * 2022-04-01 2022-07-01 广州万协通信息技术有限公司 SM1 encryption and decryption device based on PCIE interface high-speed data stream
WO2023020234A1 (en) * 2021-08-19 2023-02-23 支付宝(杭州)信息技术有限公司 External memory, method for providing password service, and service processing device
CN115994106A (en) * 2023-02-17 2023-04-21 广州万协通信息技术有限公司 Mass data encryption and decryption method, data security device and electronic equipment
CN116226940A (en) * 2022-12-08 2023-06-06 广州万协通信息技术有限公司 PCIE-based data security processing method and data security processing system
CN116302490A (en) * 2023-02-02 2023-06-23 广州万协通信息技术有限公司 Multi-channel security chip scheduling method and security chip device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101471915A (en) * 2007-12-29 2009-07-01 科骏康电子(深圳)有限公司 Encipher method and encipher device
CN103345453A (en) * 2013-06-27 2013-10-09 清华大学 Hard disk data encryption card supporting SATA interface and encryption and decryption method
CN103942107A (en) * 2014-04-23 2014-07-23 杭州电子科技大学 Distributed encryption system
CN106060024A (en) * 2016-05-23 2016-10-26 厦门雅迅网络股份有限公司 Safe group position query method and system
CN107256363A (en) * 2017-06-13 2017-10-17 杭州华澜微电子股份有限公司 A kind of high-speed encryption and decryption device being made up of encryption/decryption module array

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101471915A (en) * 2007-12-29 2009-07-01 科骏康电子(深圳)有限公司 Encipher method and encipher device
CN103345453A (en) * 2013-06-27 2013-10-09 清华大学 Hard disk data encryption card supporting SATA interface and encryption and decryption method
CN103942107A (en) * 2014-04-23 2014-07-23 杭州电子科技大学 Distributed encryption system
CN106060024A (en) * 2016-05-23 2016-10-26 厦门雅迅网络股份有限公司 Safe group position query method and system
CN107256363A (en) * 2017-06-13 2017-10-17 杭州华澜微电子股份有限公司 A kind of high-speed encryption and decryption device being made up of encryption/decryption module array

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995508A (en) * 2019-04-30 2019-07-09 上海安路信息科技有限公司 A kind of ciphering and deciphering device and method of FPGA code stream
CN112217643A (en) * 2019-07-09 2021-01-12 华为技术有限公司 Operation method, device and equipment
WO2021004454A1 (en) * 2019-07-09 2021-01-14 华为技术有限公司 Operation method, apparatus and device
CN112217643B (en) * 2019-07-09 2021-12-10 华为技术有限公司 Operation method, device and equipment
US11868485B2 (en) 2019-07-09 2024-01-09 Huawei Technologies Co., Ltd. Operation method, operation apparatus, and device
CN110650008A (en) * 2019-08-30 2020-01-03 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Multi-port FC encryption method and device
CN111258756A (en) * 2020-01-09 2020-06-09 奇安信科技集团股份有限公司 Load balancing method and device, computer equipment and readable storage medium
CN111258756B (en) * 2020-01-09 2024-02-06 奇安信科技集团股份有限公司 Load balancing method, device, computer equipment and readable storage medium
WO2023020234A1 (en) * 2021-08-19 2023-02-23 支付宝(杭州)信息技术有限公司 External memory, method for providing password service, and service processing device
CN114691584B (en) * 2022-04-01 2023-10-27 广州万协通信息技术有限公司 SM1 encryption and decryption device based on PCIE interface high-speed data stream
CN114691584A (en) * 2022-04-01 2022-07-01 广州万协通信息技术有限公司 SM1 encryption and decryption device based on PCIE interface high-speed data stream
CN116226940A (en) * 2022-12-08 2023-06-06 广州万协通信息技术有限公司 PCIE-based data security processing method and data security processing system
CN116226940B (en) * 2022-12-08 2024-04-26 广州万协通信息技术有限公司 PCIE-based data security processing method and data security processing system
CN116302490A (en) * 2023-02-02 2023-06-23 广州万协通信息技术有限公司 Multi-channel security chip scheduling method and security chip device
CN116302490B (en) * 2023-02-02 2024-05-31 广州万协通信息技术有限公司 Multi-channel security chip scheduling method and security chip device
CN115994106B (en) * 2023-02-17 2023-09-05 广州万协通信息技术有限公司 Mass data encryption and decryption method, data security device and electronic equipment
CN115994106A (en) * 2023-02-17 2023-04-21 广州万协通信息技术有限公司 Mass data encryption and decryption method, data security device and electronic equipment

Similar Documents

Publication Publication Date Title
CN109067523A (en) A kind of data ciphering method of encrypted card
CN109325356A (en) A kind of encryption card architecture
CN109104275A (en) A kind of HSM equipment
US9251380B1 (en) Method and storage device for isolating and preventing access to processor and memory used in decryption of text
CN107256363B (en) High-speed encryption and decryption device composed of encryption and decryption module array
US8516232B2 (en) Method and memory device for performing an operation on data
CN104090853A (en) Solid-state disc encryption method and system
CN102930212B (en) For the anti-leakage of data method of office system
US10846441B2 (en) Computer system
EP2722787A1 (en) Method and apparatus for writing and reading encrypted hard disk data
CN107092835A (en) The computer data enciphering device and method of a kind of virtual memory disk
CN107315966B (en) Solid state disk data encryption method and system
CN112035900B (en) High-performance password card and communication method thereof
CN114297114B (en) Encryption card, data interaction method and device thereof and computer readable storage medium
CN103902932B (en) Method for encryption through data encryption and decryption device for USB storage devices
CN106612247A (en) A data processing method and a storage gateway
CN110765467A (en) Encrypted solid state disk
CN115859386A (en) Chip accelerator, encryption and decryption method and device, computer equipment and storage medium
CN109711208B (en) USB interface equipment data encryption conversion device and working method thereof
CN102930229B (en) Office system for improving data security
CN101841353B (en) Method and equipment for encrypting data through softdog
CN112269649A (en) Method, device and system for realizing asynchronous execution of host task
CN110765498A (en) Encryption computer
CN105550605A (en) Encryption/decryption engine and implementation method thereof
CN110765500A (en) Data processing method of encrypted solid state disk

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181221