CN109255259A - A kind of high safety encryption and decryption operational capability extended method and system - Google Patents

A kind of high safety encryption and decryption operational capability extended method and system Download PDF

Info

Publication number
CN109255259A
CN109255259A CN201811057773.8A CN201811057773A CN109255259A CN 109255259 A CN109255259 A CN 109255259A CN 201811057773 A CN201811057773 A CN 201811057773A CN 109255259 A CN109255259 A CN 109255259A
Authority
CN
China
Prior art keywords
main controller
safety
encryption
fpga main
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811057773.8A
Other languages
Chinese (zh)
Other versions
CN109255259B (en
Inventor
罗禹铭
罗禹城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangyu Safety Technology (shenzhen) Co Ltd
Original Assignee
Wangyu Safety Technology (shenzhen) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangyu Safety Technology (shenzhen) Co Ltd filed Critical Wangyu Safety Technology (shenzhen) Co Ltd
Priority to CN201811057773.8A priority Critical patent/CN109255259B/en
Publication of CN109255259A publication Critical patent/CN109255259A/en
Application granted granted Critical
Publication of CN109255259B publication Critical patent/CN109255259B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of high safety encryption and decryption operational capability extended method and systems, the described method includes: the routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller by system communication by primary processor, FPGA main controller receives related data and is cached;Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, generates corresponding command calls sequence and data grouping;FPGA main controller sends corresponding command calls to multiple safety chips and operation result is fed back to FPGA main controller by relevant data, each safety chip;FPGA main controller collects the operation result from whole safety chips, and final operation result is sent to primary processor.The FPGA main controller includes high safety application program, Mach and multi-core CPU;The present invention greatly improves the security protection ability for safety chip.

Description

A kind of high safety encryption and decryption operational capability extended method and system
Technical field
The present invention relates to safety chip technical field more particularly to a kind of high safety encryption and decryption operational capability extended method and System.
Background technique
Safety chip, which refers to, realizes one or more cryptographic algorithms, is directly or indirectly protected using cryptographic technique close The IC chip of key and sensitive information.As the bottom safety guarantee of intelligent terminal, the application of safety chip can be effective Ground prevents hacker attack and cracks, and improves the safety of intelligent terminal, protects userspersonal information and applies data safety.Mesh Before, safety chip is just increasingly being applied in intelligent terminal, provides reliable guarantee for financial payment, online identity certification. Safety chip is exactly trusted console module, is the device that can independently carry out key generation, encryption and decryption, inside possesses independence Processor and storage unit, key and characteristic can be stored, provide encryption and Security Authentication Service for computer, with safe core Piece is encrypted, and key is stored in hardware, and stolen data can not decrypt, to protect business privacy and data safety.
The usage scenario of traditional safety chip, as shown in Figure 1, safety chip is as the external from setting of system primary processor It is standby, command calls are sent from primary processor to safety chip, safety chip obtains and explains related command, then executes corresponding Operation result, is finally fed back to primary processor by encryption and decryption operation and safe handling.
It is low due to safety chip own hardware and software processing capability in such running environment, lead to safety The encryption and decryption operational capability of chip can not be promoted further.This is because (referring to for safety chip in order to cope with grinding With mechanical or chemistry method, the circuit in chip is successively removed, reaches dissection and the mesh of chip circuit structure is extracted in repercussion ) etc. physical attacks, laser and electromagnetic signal injection half is intrusive attacks, the non-intrusion types attack such as difference current analysis, safety It all joined a large amount of protection designs on CPU core, encryption and decryption circuit, memory module and bus in chip, lead to safety chip System dominant frequency and processing capacity are only capable of operation shirtsleeve operation system and application program all in low middling level, software Processing capacity and protective capacities are weaker.
The encryption and decryption operation executed inside safety chip has obtained comprehensive security protection, and security level is highest , in order to extend this high safety encryption and decryption operation, a solution is that multiple safety chips are controlled by primary processor is parallel Work, as shown in Figure 2.
But there are more serious security risks for such solution:
The encryption and decryption operation result completed there are safety chip is caused to be illegally used for the relay attack of safety chip Risk, due on primary processor operating system and application program may be by the invasion of Malware, such safety chip institute The command calls of receiving may be illegal command transmitted by Malware, and safety chip is transmitted according to Malware After data complete encryption and decryption operation and return result to primary processor, Malware can obtain corresponding operation result, Carry out the illegal use of next step.Typical relay attack (Relay of the such case aiming at conventional security chip Attack).
The hardware deficiency of primary processor itself, will lead to Malware can comprehensively grasp operating system and application software Details and loophole, for Malware obtain system permission and initiate relay attack create conditions.Since primary processor is initial Defect in design, such as Intel chip and ARM chip largely use fortune in micro-architecture design to most seek high-performance The design methods such as component is shared, Cache is shared, branch prediction are calculated, so that there are bulk informations in CPU and entire processor system The side channel of leakage exists, these information leakage side channels are referred to as " cancer " in modern advanced processor, is highly prone to " deep and remote The attack of the Malware of spirit " and " fusing " type, Malware comprehensively grasp the details of operating system and application software with Loophole obtains system permission for Malware and initiation relay attack creates conditions.
The security breaches of the operating system run on primary processor will lead to Malware and obtain system permission, and are hair Relay attack is played to create conditions.Operating system is huge due to its code size, although software maintenance staff has been paid greatly The publication of effort, operating system update and patch becomes normality, but Malware can always take advantage of a weak point, and obtains system power Limit.The Malware for obtaining system permission can be convenient initiation relay attack.
That is, it is lower to exist in the prior art safety chip itself encryption and decryption operational capability, while conventional security core The problem of running environment of piece can not effectively extend high safety encryption and decryption operational capability because of security protection scarce capacity.
Therefore, the existing technology needs to be improved and developed.
Summary of the invention
The technical problem to be solved in the present invention is that for prior art defect, the present invention provides a kind of high safety and adds solution Close operational capability extended method and system, it is intended to described by increasing FPGA main controller between primary processor and safety chip FPGA main controller includes high safety application program, Mach and multi-core CPU, when the high safety of calling safety chip is answered It is executed with when program by FPGA main controller;Mach is used to control the high safety application program for calling safety chip Safety executes;Multi-core CPU is the multi-core CPU of double-core or three cores, calls the high safety of safety chip to answer in time stopping With the execution of program, the security sensitive information saved in memory is removed, is sent and is ordered to safety chip by FPGA main controller It calls, and collects the operation result from safety chip, final operation result is sent to primary processor, is greatly improved For the security protection ability of safety chip.
The technical proposal for solving the technical problem of the invention is as follows:
A kind of high safety encryption and decryption operational capability extended method, wherein the high safety encryption and decryption operational capability extended method packet It includes:
The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master by system communication by primary processor Device is controlled, FPGA main controller receives related data and cached;
Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, is generated corresponding Command calls sequence and data grouping;
FPGA main controller sends corresponding command calls and relevant data to multiple safety chips, and each safety chip is by operation As a result FPGA main controller is fed back to;
FPGA main controller collects the operation result from whole safety chips, and final operation result is sent to primary processor.
The FPGA main controller includes high safety application program, Mach and multi-core CPU;
It is executed when calling the high safety application program of safety chip by FPGA main controller;Mach is adjusted for controlling It is executed with the safety of the high safety application program of safety chip;Multi-core CPU is the multi-core CPU of double-core or three cores, in due course Ground stops calling the execution of the high safety application program of safety chip, removes the security sensitive information saved in memory.
The high safety encryption and decryption operational capability extended method, wherein the primary processor need to by system communication The routine call of the data and encryption and decryption operation of wanting encryption and decryption is transferred to FPGA main controller, and FPGA main controller receives related data simultaneously Before being cached further include:
It is arranged one between the primary processor and the safety chip in advance for carrying out the FPGA main controller of data processing.
The high safety encryption and decryption operational capability extended method, wherein the FPGA main controller is to multiple safety chips Corresponding command calls and relevant data are sent, operation result is fed back to FPGA master control implement body packet by each safety chip It includes:
FPGA main controller sends corresponding command calls and relevant data to multiple safety chips, and each safety chip obtains simultaneously Explain related command;
Each safety chip executes corresponding encryption and decryption operation and safe handling, and respective operation result is fed back to FPGA master control Device.
The high safety encryption and decryption operational capability extended method, wherein carry out the configuration code file of fpga chip Encipherment protection, while disabling the scan chain in fpga chip.
The high safety encryption and decryption operational capability extended method, wherein pass through between FPGA main controller and primary processor System communication and routine call constitute the distributed variable-frequencypump relationship of equity.
The high safety encryption and decryption operational capability extended method, wherein FPGA main controller is by the way of soft core come real Existing CPU core, when CPU core is designed using double-core helical structure, in double-core helical structure, two logic functions are identical CPU core executes identical instruction, and the implementing result and CPU state that instruct are compared.
The high safety encryption and decryption operational capability extended method, wherein FPGA main controller is by the way of soft core come real Existing CPU core, when CPU core is designed using three core redundancy structures, in three core redundancy structures, three logic functions are identical CPU core executes identical instruction, and the implementing result and CPU state that instruct are compared.
A kind of high safety encryption and decryption operational capability expansion system, wherein high safety encryption and decryption operational capability extension system System includes:
Primary processor, for being transferred to the routine call that the data for needing encryption and decryption and encryption and decryption operate by system communication FPGA main controller;
Routine call is decomposed into serial subprocess for receiving related data and being cached by FPGA main controller, to being related to pacifying The operation of full chip part, generates corresponding command calls sequence and data grouping, sends corresponding life to multiple safety chips Calling and relevant data are enabled, and the operation result that each safety chip is fed back is sent to primary processor;
Multiple safety chips execute corresponding encryption and decryption operation and safe handling, by operation for obtaining and explaining related command As a result FPGA main controller is fed back to;
The FPGA main controller includes high safety application program, Mach and multi-core CPU.
The high safety encryption and decryption operational capability expansion system, wherein call the high safety application program of safety chip When executed by FPGA main controller;
The safety that Mach is used to control the high safety application program for calling safety chip executes;
Multi-core CPU is removed and is saved in memory in time stopping calling the execution of the high safety application program of safety chip Security sensitive information.
The high safety encryption and decryption operational capability expansion system, wherein multi-core CPU is the multicore of double-core or three cores CPU。
The invention discloses a kind of high safety encryption and decryption operational capability extended method and systems, which comprises main place The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller, FPGA by system communication by reason device Main controller receives related data and is cached;Routine call is decomposed into serial subprocess by FPGA main controller, to being related to safety The operation of chip part generates corresponding command calls sequence and data grouping;FPGA main controller is sent to multiple safety chips Operation result is fed back to FPGA main controller by corresponding command calls and relevant data, each safety chip;FPGA main controller Collect the operation result from whole safety chips, final operation result is sent to primary processor.The FPGA main controller Including high safety application program, Mach and multi-core CPU;When call safety chip high safety application program when by FPGA main controller executes;The safety that Mach is used to control the high safety application program for calling safety chip executes; Multi-core CPU is the multi-core CPU of double-core or three cores, and the high safety application program in time stopping calling safety chip is held Row removes the security sensitive information saved in memory.The present invention sends command calls to safety chip by FPGA main controller, And collect the operation result from safety chip, final operation result is sent to primary processor, greatly improves and is directed to The security protection ability of safety chip.
Detailed description of the invention
Fig. 1 is the schematic illustration of the usage scenario of traditional safety chip;
Fig. 2 is the schematic illustration for controlling the usage scenario of multiple safety chip concurrent workings by primary processor in the prior art;
Fig. 3 is the flow chart of the preferred embodiment of high safety encryption and decryption operational capability extended method of the present invention;
Fig. 4 is the structure principle chart of the preferred embodiment of high safety encryption and decryption operational capability expansion system of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer and more explicit, right as follows in conjunction with drawings and embodiments The present invention is further described.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and do not have to It is of the invention in limiting.
High safety encryption and decryption operational capability extended method described in present pre-ferred embodiments, as shown in figure 3, the Gao An Full encryption and decryption operational capability extended method the following steps are included:
Step S10, primary processor is transmitted the routine call of the data for needing encryption and decryption and encryption and decryption operation by system communication FPGA main controller is given, FPGA main controller receives related data and cached.
Specifically, encryption and decryption circuit has obtained a large amount of physics, electricity and security protection in logic in safety chip, this A little encryption and decryption circuits can resist the physics of the known overwhelming majority, electricity and attack in logic, therefore these are added The operation that decryption circuit executes is known as high safety encryption and decryption operation.
It is arranged one between the primary processor and the safety chip in advance for carrying out the FPGA master control of data processing Device, the FPGA main controller include high safety application program, Mach and multi-core CPU;When calling safety chip It is executed when high safety application program by FPGA main controller;Mach, which is used to control, calls the high safety of safety chip to answer It is executed with the safety of program;Multi-core CPU is the multi-core CPU of double-core or three cores, calls safety chip in time stopping The security sensitive information saved in memory is removed in the execution of high safety application program.
The high safety application program for calling safety chip is arranged on FPGA main controller and is executed, master can be efficiently solved There are problems that the details leakage of high safety application program caused by security breaches on processor, has evaded and having pacified on primary processor Malware caused by full loophole is invaded, and initiates the safety wind of the relay attack for safety chip on this basis Danger.
For FPGA main controller as an independent processor, it passes through system communication and program tune between primary processor With, constitute equity distributed variable-frequencypump relationship, without master-slave.Slave equipment of the safety chip as FPGA main controller, Command calls are sent from FPGA main controller to multiple safety chips, each safety chip obtains and explains related command, then holds Operation result is finally fed back to FPGA main controller by the corresponding encryption and decryption operation of row and safe handling, in the present invention, FPGA master control Device+safety chip constitutes an enhanced secure operating environment.
Step S20, routine call is decomposed into serial subprocess by FPGA main controller, to being related to the behaviour of safety chip part Make, generates corresponding command calls sequence and data grouping.
Specifically, FPGA main controller is parsed to the routine call for carrying out host processor and is decomposed into serial subprocess, For being related to the operation of safety chip part, FPGA main controller generates corresponding command calls sequence and data grouping.
Step S30, FPGA main controller sends corresponding command calls and relevant data, Ge Gean to multiple safety chips Operation result is fed back to FPGA main controller by full chip.
Specifically, FPGA main controller sends corresponding command calls and relevant data, Ge Gean to multiple safety chips Full chip obtains and explains related command;Each safety chip executes corresponding encryption and decryption operation and safe handling, by operation knot Fruit feeds back to FPGA main controller;FPGA main controller controls multiple safety chips and is executed concurrently high safety encryption and decryption operation, thus Promote the efficiency of encryption and decryption operation.
Step S40, FPGA main controller collects the operation result from whole safety chips, and final operation result is sent To primary processor.
Further, it is executed when calling the high safety application program of safety chip by FPGA main controller, has evaded main place Security breaches are utilized by Malware on reason device, are caused the details of high safety application program to reveal, are concurrently risen for safety chip Relay attack risk.For example, due to modern times advanced cpu chip the lacking in micro-architecture design of Intel and ARM company It falls into, information leakage side channel is that these chips are not eliminable " cancer ", and answering on a large scale due to these CPU primary processors With by these chips, replacement is impossible completely in a short time.By security protection application of less demanding after continuation of insurance It stays on original primary processor and executes, and the high safety application program for calling safety chip is arranged on FPGA main controller and is held Row, can efficiently solve on primary processor that there are the application particulars of the calling safety chip caused by security breaches to let out Dew, and the risk of the relay attack for safety chip is initiated based on this.
Further, FPGA main controller can use the stronger new design of function of safety protection, eliminate information leakage side letter The security threat of the high safety application particulars leakage of safety chip is called caused by road.FPGA main controller can be neatly CPU core is realized by the way of soft core, and is isolated in micro-architecture design using stringenter time and space come effectively Information leakage side channel is eliminated on ground, enhances FPGA main controller to the security protection ability of high safety application program.
Wherein, the multi-core CPU in FPGA main controller is the multi-core CPU of double-core or three cores, using the reason of multi-core CPU In promoting the protective capacities for malware attacks, since Malware can only at a time modify one of CPU's Buffer status, while the buffer status of two or three CPU is modified, and modified multiple CPU states are completely the same It is difficult to realize, therefore by double-core helical structure or three core redundancy structures, can be effectively detected and find that malice is soft Attack condition of the part to CPU.Since FPGA main controller mainly executes program relevant to safe encryption and decryption, do not need to execute Complicated operating system, it is only necessary to execute the Mach simplified.Mach is by simplifying operation The function and code size (the usually only magnitudes of tens K) of system, therefore Mach can carry out stringent needle Formal verification to safety (SeL4 micro-kernel has reached highest security level).It can be into one using the micro-kernel of high safety Step promotes the safety of FPGA main controller.Since FPGA main controller mainly executes application program relevant to safe encryption and decryption, because This these application program can carry out simplifying for code size, while carry out stringent security test and verifying, while to this The source of a little application programs and upgrading carry out it is stringent manage and control, guaranteeing these application programs all is the journey of high security Sequence, to guarantee the safety of FPGA main controller.
Wherein, the multi-core CPU of FPGA main controller can be designed using CPU core double-core helical structure, detection and discovery malice The attack of software, protection call the safety of the high safety application program of safety chip to execute.Malware is to CPU program Attack can only modify instruction stream/data flow/system mode of one of CPU, while modify instruction stream/data of two CPU Stream/system mode, and modify that result is identical to be difficult to realize.The attack of Malware is detected in double-core helical structure When, it can in time stop the execution for calling the high safety application program of safety chip, remove the peace saved in memory Full sensitive information achievees the purpose that high safety application security is protected to execute.
Wherein, the multi-core CPU in FPGA main controller can be designed using three core redundancy structure of CPU core, and detection and discovery are disliked The attack of meaning software, protection call the safety of the high safety application program of safety chip to execute.Malware is to CPU program Attack, can only modify instruction stream/data flow/system mode of one of CPU, while modifying instruction stream/number of three CPU According to stream/system mode, and modify that result is identical to be difficult to realize.The attack row of Malware is detected in three core redundancy structures For when, can in time stop the execution for calling the high safety application program of safety chip, remove and saved in memory Security sensitive information achievees the purpose that high safety application security is protected to execute.
Further, FPGA main controller can use the higher micro-kernel of security protection ability, promote the peace of software systems Full protection ability guarantees that the safety for the high safety application program for calling safety chip executes;FPGA main controller can be adopted neatly CPU core is realized with the mode of soft core, and is isolated in micro-architecture design using stringenter time and space come effectively Information leakage side channel is eliminated, the security protection to the high safety application program for calling safety chip of FPGA main controller is enhanced Ability.
In addition, due to safety concerns, the configuration code file needs of fpga chip encrypt, while disabling FPGA (scan chain is a kind of realization technology of Testability Design to scan chain in chip, it is by implantation shift register, so that surveying Examination personnel can be externally controlled and observe the signal value of circuit internal trigger) it is the base that FPGA main controller chip secure is run This requirement.
CPU core and other function module in FPGA main controller can be directed to the needs of security protection and combine currently most The design of CPU core and other function module is neatly modified in main hardware and software Attack Scenarios and threat, adjusts CPU core Instruction set, to enhance the security protection ability of whole system.
FPGA is a kind of way of realization of circuit function, is adjusted in the circuit function of FPGA main controller by practical application After sizing, whole circuit functions in FPGA main controller can be converted to asic chip realization, to further promote chip Performance reduces power consumption and saves cost.
As shown in figure 4, being based on above-mentioned high safety encryption and decryption operational capability extended method, the present invention further correspondingly provides one kind High safety encryption and decryption operational capability expansion system, the high safety encryption and decryption operational capability expansion system include:
Primary processor 101, for being transmitted the routine call of the data for needing encryption and decryption and encryption and decryption operation by system communication To FPGA main controller 102;Routine call is decomposed into series for receiving related data and being cached by FPGA main controller 102 Subprocess generates corresponding command calls sequence and data grouping to the operation of 103 part of safety chip is related to, to multiple peaces Full chip 103 sends corresponding command calls and relevant data, and the operation result that each safety chip 103 is fed back is sent To primary processor 101;Multiple safety chips 103 execute corresponding encryption and decryption operation and peace for obtaining and explaining related command Full processing, feeds back to FPGA main controller 102 for operation result;The FPGA main controller 102 include high safety application program 1021, Mach 1022 and multi-core CPU 1023.
Wherein, Mach 1022, which is used to control, calls the safety of the high safety application program of safety chip to hold Row;Multi-core CPU 1023 is removed and is protected in memory in time stopping calling the execution of the high safety application program of safety chip The security sensitive information deposited;Multi-core CPU 1023 is the multi-core CPU of double-core or three cores.
The present invention is controlled multiple safety chips by FPGA main controller and is executed concurrently high safety encryption and decryption operation, thus Promote the efficiency of encryption and decryption operation.
In conclusion the present invention provides a kind of high safety encryption and decryption operational capability extended method and system, the method packet Include: the routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master control by system communication by primary processor Device, FPGA main controller receive related data and are cached;Routine call is decomposed into serial subprocess by FPGA main controller, to relating to And the operation of safety chip part, generate corresponding command calls sequence and data grouping;FPGA main controller is to multiple safe cores Piece sends corresponding command calls and operation result is fed back to FPGA main controller by relevant data, each safety chip;FPGA Main controller collects the operation result from whole safety chips, and final operation result is sent to primary processor.The FPGA Main controller includes high safety application program, Mach and multi-core CPU;When the high safety application journey for calling safety chip It is executed when sequence by FPGA main controller;Mach is used to control the safety for the high safety application program for calling safety chip It executes;Multi-core CPU is the multi-core CPU of double-core or three cores, in time stopping calling the high safety application journey of safety chip The security sensitive information saved in memory is removed in the execution of sequence.The present invention is sent to safety chip by FPGA main controller and is ordered It enables and calling, and collect the operation result from safety chip, final operation result is sent to primary processor, is greatly promoted For the security protection ability of safety chip.
Certainly, those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, It is that related hardware (such as processor, controller etc.) can be instructed to be automatically performed by computer program, the program can It is stored in a computer-readable storage medium, described program may include the stream such as above-mentioned each method embodiment when being executed Journey.Wherein the storage medium can be memory, magnetic disk, CD etc..
It should be understood that the application of the present invention is not limited to the above for those of ordinary skills can With improvement or transformation based on the above description, all these modifications and variations all should belong to the guarantor of appended claims of the present invention Protect range.

Claims (10)

1. a kind of high safety encryption and decryption operational capability extended method, which is characterized in that the high safety encryption and decryption operational capability expands Exhibition method includes:
The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master by system communication by primary processor Device is controlled, FPGA main controller receives related data and cached;
Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, is generated corresponding Command calls sequence and data grouping;
FPGA main controller sends corresponding command calls and relevant data to multiple safety chips, and each safety chip is by operation As a result FPGA main controller is fed back to;
FPGA main controller collects the operation result from whole safety chips, and final operation result is sent to primary processor;
The FPGA main controller includes high safety application program, Mach and multi-core CPU;
It is executed when calling the high safety application program of safety chip by FPGA main controller;Mach is adjusted for controlling It is executed with the safety of the high safety application program of safety chip;Multi-core CPU is the multi-core CPU of double-core or three cores, in due course Ground stops calling the execution of the high safety application program of safety chip, removes the security sensitive information saved in memory.
2. high safety encryption and decryption operational capability extended method according to claim 1, which is characterized in that the primary processor The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller, FPGA master control by system communication Before device receives related data and is cached further include:
It is arranged one between the primary processor and the safety chip in advance for carrying out the FPGA main controller of data processing.
3. high safety encryption and decryption operational capability extended method according to claim 1 or 2, which is characterized in that the FPGA Main controller sends corresponding command calls to multiple safety chips and relevant data, each safety chip feed back operation result It is specifically included to FPGA main controller:
FPGA main controller sends corresponding command calls and relevant data to multiple safety chips, and each safety chip obtains simultaneously Explain related command;
Each safety chip executes corresponding encryption and decryption operation and safe handling, and respective operation result is fed back to FPGA master control Device.
4. high safety encryption and decryption operational capability extended method according to claim 1, which is characterized in that by fpga chip Configuration code file encrypts, while disabling the scan chain in fpga chip.
5. high safety encryption and decryption operational capability extended method according to claim 1, which is characterized in that FPGA main controller with The distributed variable-frequencypump relationship of equity is made up of between primary processor system communication and routine call.
6. high safety encryption and decryption operational capability extended method according to claim 5, which is characterized in that FPGA main controller is adopted CPU core is realized with the mode of soft core, and when CPU core is designed using double-core helical structure, in double-core helical structure, two are patrolled It collects the identical CPU core of function and executes identical instruction, and the implementing result and CPU state that instruct are compared.
7. high safety encryption and decryption operational capability extended method according to claim 5, which is characterized in that FPGA main controller is adopted CPU core is realized with the mode of soft core, and when CPU core is designed using three core redundancy structures, in three core redundancy structures, three are patrolled It collects the identical CPU core of function and executes identical instruction, and the implementing result and CPU state that instruct are compared.
8. a kind of high safety encryption and decryption operational capability expansion system, which is characterized in that the high safety encryption and decryption operational capability expands Exhibition system includes:
Primary processor, for being transferred to the routine call that the data for needing encryption and decryption and encryption and decryption operate by system communication FPGA main controller;
Routine call is decomposed into serial subprocess for receiving related data and being cached by FPGA main controller, to being related to pacifying The operation of full chip part, generates corresponding command calls sequence and data grouping, sends corresponding life to multiple safety chips Calling and relevant data are enabled, and the operation result that each safety chip is fed back is sent to primary processor;
Multiple safety chips execute corresponding encryption and decryption operation and safe handling, by operation for obtaining and explaining related command As a result FPGA main controller is fed back to;
The FPGA main controller includes high safety application program, Mach and multi-core CPU.
9. high safety encryption and decryption operational capability expansion system according to claim 8, which is characterized in that call safety chip High safety application program when executed by FPGA main controller;
The safety that Mach is used to control the high safety application program for calling safety chip executes;
Multi-core CPU is removed and is saved in memory in time stopping calling the execution of the high safety application program of safety chip Security sensitive information.
10. high safety encryption and decryption operational capability expansion system according to claim 8, which is characterized in that multi-core CPU is double The multi-core CPU of core or three cores.
CN201811057773.8A 2018-09-11 2018-09-11 High-security encryption and decryption computing capability expansion method and system Active CN109255259B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811057773.8A CN109255259B (en) 2018-09-11 2018-09-11 High-security encryption and decryption computing capability expansion method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811057773.8A CN109255259B (en) 2018-09-11 2018-09-11 High-security encryption and decryption computing capability expansion method and system

Publications (2)

Publication Number Publication Date
CN109255259A true CN109255259A (en) 2019-01-22
CN109255259B CN109255259B (en) 2020-08-04

Family

ID=65047251

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811057773.8A Active CN109255259B (en) 2018-09-11 2018-09-11 High-security encryption and decryption computing capability expansion method and system

Country Status (1)

Country Link
CN (1) CN109255259B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110008001A (en) * 2019-03-29 2019-07-12 网御安全技术(深圳)有限公司 Safety encryption, system and the hardware security monitor card of monitor of virtual machine
CN110166240A (en) * 2019-06-25 2019-08-23 南方电网科学研究院有限责任公司 A kind of Network Isolation password board
CN112445827A (en) * 2020-11-26 2021-03-05 中孚信息股份有限公司 Data security processing system, method and device in cloud office environment
CN112910932A (en) * 2021-04-30 2021-06-04 北京数盾信息科技有限公司 Data processing method, device and system
CN113094762A (en) * 2021-04-30 2021-07-09 北京数盾信息科技有限公司 Data processing method and device and signature verification server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201665226U (en) * 2009-11-02 2010-12-08 北京全路通信信号研究设计院 Train control center main processing equipment
CN102799819A (en) * 2012-07-04 2012-11-28 北京京航计算通讯研究所 Embedded software safety protection system
CN205003526U (en) * 2015-09-11 2016-01-27 浙江中烟工业有限责任公司 PLC cooperative control device based on SOPC technique

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201665226U (en) * 2009-11-02 2010-12-08 北京全路通信信号研究设计院 Train control center main processing equipment
CN102799819A (en) * 2012-07-04 2012-11-28 北京京航计算通讯研究所 Embedded software safety protection system
CN205003526U (en) * 2015-09-11 2016-01-27 浙江中烟工业有限责任公司 PLC cooperative control device based on SOPC technique

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110008001A (en) * 2019-03-29 2019-07-12 网御安全技术(深圳)有限公司 Safety encryption, system and the hardware security monitor card of monitor of virtual machine
CN110008001B (en) * 2019-03-29 2021-01-05 网御安全技术(深圳)有限公司 Security reinforcement method and system for virtual machine monitor and hardware security monitoring card
CN110166240A (en) * 2019-06-25 2019-08-23 南方电网科学研究院有限责任公司 A kind of Network Isolation password board
CN110166240B (en) * 2019-06-25 2024-05-03 南方电网科学研究院有限责任公司 Network isolation password board card
CN112445827A (en) * 2020-11-26 2021-03-05 中孚信息股份有限公司 Data security processing system, method and device in cloud office environment
CN112910932A (en) * 2021-04-30 2021-06-04 北京数盾信息科技有限公司 Data processing method, device and system
CN113094762A (en) * 2021-04-30 2021-07-09 北京数盾信息科技有限公司 Data processing method and device and signature verification server
CN112910932B (en) * 2021-04-30 2021-07-20 北京数盾信息科技有限公司 Data processing method, device and system
CN113094762B (en) * 2021-04-30 2021-12-07 北京数盾信息科技有限公司 Data processing method and device and signature verification server

Also Published As

Publication number Publication date
CN109255259B (en) 2020-08-04

Similar Documents

Publication Publication Date Title
CN109255259A (en) A kind of high safety encryption and decryption operational capability extended method and system
Qiu et al. Voltjockey: Breaching trustzone by software-controlled voltage manipulation over multi-core frequencies
Yuce et al. Fault attacks on secure embedded software: Threats, design, and evaluation
Bossuet et al. Architectures of flexible symmetric key crypto engines—a survey: From hardware coprocessor to multi-crypto-processor system on chip
JP5775738B2 (en) Information processing apparatus, secure module, information processing method, and information processing program
US9792229B2 (en) Protecting a memory
EP2864925B1 (en) Managing use of a field programmable gate array with reprogrammable cryptographic operations
CN101419652B (en) Software and hardware combined program protecting method
EP3311324B1 (en) Enhanced security of power management communications and protection from side channel attacks
US8181008B2 (en) Secure system-on-chip
US9735953B2 (en) Side channel analysis resistant architecture
CN107851162A (en) For carrying out the technology of safe programming to safe I/O cipher engine
CN110210190A (en) A kind of Code obfuscation method based on secondary compilation
La et al. Denial-of-service on FPGA-based cloud infrastructures—attack and defense
EP3271828B1 (en) Cache and data organization for memory protection
Mahmoud et al. Electrical-level attacks on CPUs, FPGAs, and GPUs: Survey and implications in the heterogeneous era
CN110443078B (en) Security storage system based on privilege hierarchy
CN105827388A (en) Method for cryptographically processing data
CN109190407A (en) A kind of high-performance encryption and decryption operational capability extended method and system
Gross et al. Fpganeedle: Precise remote fault attacks from fpga to cpu
Rahimi et al. Trends and challenges in ensuring security for low-power and high-performance embedded SoCs
Ahmed et al. Multi-tenant cloud FPGA: A survey on security
CN110932853A (en) Key management device and key management method based on trusted module
KR101656092B1 (en) Secured computing system with asynchronous authentication
CN109284638B (en) Protection method and system for operating environment of security chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant