CN209608668U - A kind of Network Isolation password board - Google Patents
A kind of Network Isolation password board Download PDFInfo
- Publication number
- CN209608668U CN209608668U CN201920971845.3U CN201920971845U CN209608668U CN 209608668 U CN209608668 U CN 209608668U CN 201920971845 U CN201920971845 U CN 201920971845U CN 209608668 U CN209608668 U CN 209608668U
- Authority
- CN
- China
- Prior art keywords
- chip
- isolation
- safety
- fpga
- extended menory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 99
- 238000004891 communication Methods 0.000 claims abstract description 37
- 230000005540 biological transmission Effects 0.000 claims abstract description 7
- 238000013461 design Methods 0.000 claims description 6
- 230000005611 electricity Effects 0.000 claims description 4
- 230000001681 protective effect Effects 0.000 claims 1
- 238000000034 method Methods 0.000 description 13
- 238000003860 storage Methods 0.000 description 7
- 238000012423 maintenance Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000012546 transfer Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 241001269238 Data Species 0.000 description 3
- 239000004606 Fillers/Extenders Substances 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000001629 sign test Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000005303 weighing Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
This application discloses a kind of Network Isolation password boards, including communication interface, FPGA isolation exchange control chip, safety chip, cryptographic algorithm chip, the first extended menory and the second extended menory;Safety chip, for dispatching the data in FPGA isolation exchange control chip, the first extended menory and the second extended menory;FPGA isolation exchange control chip, for carrying out data relay between communication interface, safety chip, cryptographic algorithm chip and the first extended menory;First extended menory, the data sent for storing FPGA isolation exchange control chip;Second extended menory, for storing the data of safety chip transmission;Safety chip, FPGA isolation exchange control chip and cryptographic algorithm chip are integrated in the application Network Isolation password board, the medium that operating system between three without host computer is transmitted as data, the safety accidents such as leaking data caused by being cracked because of operating system are fundamentally avoided, safety and reliability is improved.
Description
Technical field
The utility model relates to power electronics field, in particular to a kind of Network Isolation password board.
Background technique
Internal and external network switching platform is isolated by force using logic realizes intranet and extranet Network Isolation with multi-level guard technology, effectively hinders
Break all kinds of internet viruses, wooden horse, worm and APT attack (APT, Advanced Persistent Threat, advanced duration
It threatens).With the fast development of internet and the application of company information Intranet, sensitive information anti-leak, intranet and extranet exchange data are anti-
It distorts and safe, content safety is increasingly taken seriously to applications such as intranet and extranet data exchange application authorizations.
National Energy Board prints and distributes security assurance informations technical solutions such as " electric power monitoring system security protection regulations " for 2014,
It is that overall safety protects core strategy, it is specified that in power generation, defeated with " security partitioning, network-specific, lateral isolation, longitudinal encryption "
Electricity, power supply, electricity consumption four processes each operation system must have corresponding protecting information safety.Wherein, isolation technology is real
Network attack protection is showed, encryption technology is realized using data safety is authorized, and the combination of the two can establish a set of
Have network, application, data Trinity security protection ability intranet and extranet security isolation technical system.
In the prior art, shown in Figure 1, Network Isolation board and cipher algorithm encryption card (national secret algorithm encrypted card) are made
It is separately provided for two sseparated boards, the coded communication that data are carried out between two editions cards needs the operating system by host computer
It is transmitted as data transmission medium, and the safe coefficient of operating system is far below Network Isolation board and cipher algorithm encryption
Card, once cause operating system to be attacked or cracked, it will the leakage of data is caused, to cause safety accident.
For this purpose, the utility model lies in that developing a kind of higher Network Isolation password board of safety and reliability.
Utility model content
In view of this, the purpose of this utility model is to provide a kind of Network Isolation password board, safety is improved and can
By property.Its concrete scheme is as follows:
A kind of Network Isolation password board, which is characterized in that including communication interface, FPGA isolation exchange control chip, peace
Full chip, cryptographic algorithm chip, the first extended menory and the second extended menory;
The communication interface, FPGA isolation exchange control chip and the cryptographic algorithm chip are sequentially connected, described
Safety chip be isolated with the FPGA exchange control chip connection, first extended menory respectively with the safety chip and
The FPGA isolation exchange control chip connection, second extended menory are connect with the safety chip;
The safety chip, for dispatching the FPGA isolation exchange control chip, first extended menory and institute
State the data in the second extended menory;
The FPGA isolation exchange control chip, in the communication interface, the safety chip, the cryptographic algorithm
Data relay is carried out between chip and first extended menory;
The cryptographic algorithm chip, for being encrypted to data;
The communication interface, for establishing the communication connection of FPGA isolation exchange the control chip and host computer;
First extended menory, the data sent for storing the FPGA isolation exchange control chip;
Second extended menory, the data sent for storing the safety chip.
Optionally, the communication interface is PCIE X1 interface.
Optionally, the FPGA isolation exchange control chip includes SSX30-E chip, HSM2-H2 chip and HSM4-G2 core
Piece.
It optionally, further include the power supply for power supply being connect with the safety chip.
Optionally, the power supply uses power supply grading design.
Optionally, between the safety chip and the power supply, including respectively with second extended menory and
The power supply connection, for realizing the safety device of light current protection;
The safety device sends the first protection signal to described for detecting the voltage of the power supply
Two extended menories;
Second extended menory is also used to empty the data being locally stored according to the first protection signal.
Optionally, the safety device includes the shell integrity degree for detecting the Network Isolation password board
Physical protection sensor, the physical protection sensor are connect with second extended menory;
The physical protection sensor is sent for obtaining the shell status information according to the shell status information
Second protects signal to second extended menory;
Second extended menory is also used to empty the data being locally stored according to the second protection signal.
Optionally, further include being connect with the safety chip, be used to indicate the Network Isolation password board working condition
Indicator light.
Optionally, the safety chip includes UART interface.
Optionally, the safety chip includes intelligent card interface;
The intelligent card interface, is used for and smart card communications, transmits and tests between the safety chip and the smart card
Demonstrate,prove data.
In the utility model, Network Isolation password board, including communication interface, FPGA isolation exchange control chip, safety
Chip, cryptographic algorithm chip, the first extended menory and the second extended menory;Communication interface, FPGA isolation exchange control core
Piece and cryptographic algorithm chip are sequentially connected, and exchange control chip connection, the first extended menory point are isolated with FPGA for safety chip
Exchange control chip connection is not isolated with safety chip and FPGA, the second extended menory is connect with safety chip;Safety chip,
For dispatching the data in FPGA isolation exchange control chip, the first extended menory and the second extended menory;FPGA isolation
Exchange control chip, for carrying out data between communication interface, safety chip, cryptographic algorithm chip and the first extended menory
Transfer;Cryptographic algorithm chip, for being encrypted to data;Communication interface, for establish FPGA isolation exchange control chip with
The communication connection of host computer;First extended menory, the data sent for storing FPGA isolation exchange control chip;Second expands
Memory is opened up, for storing the data of safety chip transmission.
Safety chip, FPGA isolation exchange control chip and password are integrated in the utility model Network Isolation password board
Algorithm chip is sequentially connected Direct Communication between three, and the operating system without host computer is as cryptographic algorithm chip and safety
The medium of data transmission, fundamentally avoids and leads because operating system is cracked between chip and FPGA isolation exchange control chip
The safety accidents such as the leaking data of cause, improve safety and reliability.
Detailed description of the invention
In order to illustrate the embodiment of the utility model or the technical proposal in the existing technology more clearly, below will be to embodiment
Or attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is only
It is the embodiments of the present invention, for those of ordinary skill in the art, without creative efforts, also
Other attached drawings can be obtained according to the attached drawing of offer.
Fig. 1 is that one kind integrates independent PCI encrypted card schematic diagram in the prior art;
Fig. 2 is a kind of Network Isolation password board structure schematic diagram disclosed in the utility model embodiment;
Fig. 3 is another kind Network Isolation password board structure schematic diagram disclosed in the utility model embodiment.
Specific embodiment
The following will be combined with the drawings in the embodiments of the present invention, carries out the technical scheme in the embodiment of the utility model
Clearly and completely describe, it is clear that the described embodiments are only a part of the embodiments of the utility model, rather than whole
Embodiment.Based on the embodiments of the present invention, those of ordinary skill in the art are without making creative work
Every other embodiment obtained, fall within the protection scope of the utility model.
The utility model embodiment discloses a kind of Network Isolation password board, shown in Figure 2, which includes communication
Interface 1, FPGA isolation exchange control chip 2 (FPGA, Field-Programmable Gate Array, field-programmable gate array
Column), safety chip 3, cryptographic algorithm chip 4, the first extended menory 5 and the second extended menory 6;
Communication interface 1, FPGA isolation exchange control chip 2 and cryptographic algorithm chip 4 be sequentially connected, safety chip 3 with
FPGA isolation exchange control chip 2 connects, and exchange control core is isolated in the first extended menory 5 with safety chip 3 and FPGA respectively
Piece 2 connects, and the second extended menory 6 is connect with safety chip 3;
Safety chip 3, for dispatching FPGA isolation exchange control chip 2, the first extended menory 5 and the second extension storage
Data in device 6.
Specifically, safety chip 3 can control the data transfer of FPGA isolation exchange control chip 2, can command
FPGA isolation exchange control chip 2 sends data to cryptographic algorithm chip 4 or is sent in the first extended menory 5, safety
Chip 3 obtains the encryption data that FPGA isolation exchange control chip 2 is sent from the first extended menory 5, and by encryption data
It is forwarded in the second extended menory 6, the first extended menory 5 expands the difference of host computer corresponding to memory with second, no
The extended menory accessed with the host computer of permission is different, therefore, to realize encryption data from a host computer interval
Physical isolation is realized due to being stored in two different memory extenders to another host computer, it is ensured that the peace of data
Quan Xing;Certainly, the data acquisition request that exchange control chip 2 receives host computer can be isolated in safety chip 3 by FPGA, by the
Corresponding data are sent to host computer in one memory extender or the second memory extender, complete data transfer task.
Further, safety chip 3 can also obtain each equipment working state, it is to be understood that safety chip 3 with
When each chip or equipment interact in Network Isolation password board, corresponding interactive instruction can be sent, to realize interactive function, In
This is repeated no more.
FPGA isolation exchange control chip 2, for expanding in communication interface 1, safety chip 3, cryptographic algorithm chip 4 and first
Data relay is carried out between exhibition memory 5.
Specifically, FPGA isolation exchange control chip 2 passes through the be-encrypted data that communication interface 1 is sent in reception host computer
Afterwards, fractured operation can be carried out to be-encrypted data, be-encrypted data is split as multiple small datas, then multiple small datas are sent out
It send to cryptographic algorithm chip 4, so that cryptographic algorithm chip 4 encrypts each small data, receives cryptographic algorithm chip 4 and return
Multiple encrypted small datas, i.e. encryption data, then encryption data is sent in the first extended menory 5, in order to pacify
Full chip 3 therefrom obtains encryption data.
Cryptographic algorithm chip 4, for being encrypted to data.
Specifically, the encryption information such as Encryption Algorithm and key are stored in cryptographic algorithm chip 4, for example, cryptographic algorithm core
It can preserve identity authentication key in piece 4, SM1 Encryption Algorithm, SM2 Encryption Algorithm, SM3 Encryption Algorithm and SM4 Encryption Algorithm,
Cryptographic algorithm chip 4 can be isolated the data that exchange control chip 2 is sent to FPGA first with hash algorithm and carry out Hash school
It tests, verification recycles Encryption Algorithm to encrypt data after passing through, and after completing encryption, can be sent to FPGA isolation exchange
Control chip 2.
Specifically, the type that the data that exchange control chip 2 is sent can be isolated in cryptographic algorithm chip 4 according to FPGA selects
Corresponding Encryption Algorithm is encrypted, and a kind of Encryption Algorithm corresponds to a type of data.
Connect specifically, exchange control chip 2 can be isolated in cryptographic algorithm chip 4 by LocalBus communication interface with FPGA
It connects, realizes the direct physical communication connection between cryptographic algorithm chip 4, FPGA isolation exchange control chip 2 and safety chip 3,
Transmitting medium without the operating system by host computer as intermediate data, fundamentally avoids because operating system is cracked
Caused safety accident.
Communication interface 1, for establishing the communication connection of FPGA isolation exchange control chip 2 and host computer.
Specifically, communication interface 1 be used for establish whole network isolation password board and host computer communication channel, network every
Mass data from password board is isolated exchange control chip 2 by FPGA and is interacted with communication interface 1 with host computer.
First extended menory 5, the data sent for storing FPGA isolation exchange control chip 2.
Specifically, exchange control chip 2 is isolated with FPGA as safety chip 3 for the first extended menory 5 carries out data friendship
The memory changed, FPGA isolation exchange control chip 2 store encrypted data to the first extended menory 5, safety chip 3
The encrypted data that FPGA isolation exchange control chip 2 stores can be then read from the first extended menory 5, meanwhile, safety
Chip 3 is to send the data in the second extended menory 6, it is also desirable to first store data to the first extended menory
It is used as transfer in 5, data can be obtained from the first extended menory 5 so that exchange control chip 2 is isolated in FPGA.
Wherein, the first extended menory 5 can be SRAM memory (SRAM, Static Random-Access
Memory, static random access memory).
Second extended menory 6, for storing the data of the transmission of safety chip 3.
Specifically, introducing transfer storing place of the extended menory as data, enable between data through safe core
Piece 3 and FPGA isolation exchange control chip 2 realize physical isolation, meanwhile, it is capable to which data is avoided to occupy the storage of each chip itself
The working efficiency of chip is improved in space.
Wherein, the second extended menory 6 can be FLASH memory.
As it can be seen that being integrated with safety chip 3, FPGA isolation exchange control in the utility model embodiment Network Isolation password board
Coremaking piece 2 and cryptographic algorithm chip 4 are sequentially connected Direct Communication between three, and the operating system without host computer is as password
The medium of data transmission between exchange control chip 2 is isolated with safety chip 3 and FPGA for algorithm chip 4, fundamentally avoids
The safety accidents such as leaking data caused by being cracked because of operating system, improve safety and reliability.
It is understood that the design of cryptographic service interface software can be according to GM/T 0018-2012 " encryption device application
Interface specification " in pertinent regulations be configured, applicable interface may include above-mentioned communication interface 1, each chip and each equipment
Interface.
Wherein, it is the thermal diffusivity for ensuring board, inside the shell due to board installation, radiation air can be installed on shell
Fan safety chip 3, FPGA isolation exchange control chip 2 and cryptographic algorithm chip 4 can be arranged accordingly to ensure to radiate
The position corresponding to the radiator fan of shell, to ensure that the heat of these high heat-producing devices can be taken away as early as possible.
Further, the software or firmware design of each equipment and chip require to be all satisfied GM/T in the utility model embodiment
0028-2014 " crypto module safety specifications ", wherein in security level for for the moment, safety chip 3 can execute integrality
Verification carries out integrity test using single authentication code, and when security level is two, 3 software of safety chip and stirrup are can
Code is executed, it is three in security level that user can not realize the debugging to safety chip 3 by SFMI, HSMI and HFMI interface
When grade or level Four, software and firmware are protected using the digital signature of approval.
The utility model embodiment discloses a kind of specific Network Isolation password board, relative to a upper embodiment, originally
Embodiment has made further instruction and optimization to technical solution.It is shown in Figure 3, specific:
Specifically, above-mentioned communication interface 1 can be PCIE X1 interface.
Wherein, above-mentioned FPGA isolation exchange control chip 2 includes SSX30-E chip, HSM2-H2 chip and HSM4-G2 core
Piece.
It is understood that Network Isolation password board in the utility model embodiment, can also include and safety chip 3
The power supply 7 for power supply of connection;To prevent electromagnetic exposure power supply 7 from can use power supply grading design.
It further, may include expanding respectively with second to realize that light current is protected between safety chip 3 and power supply 7
It opens up memory 6 and power supply 7 connects, for realizing the safety device 8 of light current protection;
Safety device 8 judges whether voltage meets preset secure threshold for detecting the voltage of power supply 7,
If it is not, then sending the first protection signal to the second extended menory 6;
Second extended menory 6 is also used to empty the data being locally stored according to the first protection signal.
Specifically, needing to run corresponding eavesdropping program when external staff wants to eavesdrop data, certainly will will lead to each
The load of chip is increased, and required power becomes larger, if wanting to meet power reguirements at this time, 7 voltage of power supply will be increased, so,
Whether safety device 8 is increased by the voltage of detection power supply 7 more than preset secure threshold, can be with if being more than
Show to have run extra program in chip, it is understood that there may be security risk, at this point, to prevent data to be stolen, security protection dress
The first protection signal to the second extended menory 6 can be sent by setting 8, so that low-power consumption of second extended menory 6 using itself
Single-chip microcontroller protects signal to empty and data is locally stored according to first, it is ensured that data will not be stolen, certainly, can also if there is demand
So that the first protection signal is sent to the first extended menory 5 so that the first extended menory 5 is equally deleted by safety chip 3
Data.
Specifically, to prevent Network Isolation password board from causing loss of data, above-mentioned security protection by physical means forcible entry
Device 8 can also include the physical protection sensor 81 for detecting the shell integrity degree of Network Isolation password board, and physics is protected
Shield sensor 81 is connect with the second extended menory 6;
Physical protection sensor 81 sends the second protection letter according to shell status information for obtaining shell status information
Number to the second extended menory 6;
Second extended menory 6 is also used to empty the data being locally stored according to the second protection signal.
Specifically, once the shell of Network Isolation password board is destroyed, physical protection sensor 81 will according to variation,
Shell status information is generated, to notify the second extended menory 6 to delete data, it is of course also possible to send by safety chip 3
To the first extended menory 5.
Further, in order to protect Network Isolation password board, safety device 8 can also include temperature detection electricity
The operating temperature of Network Isolation password board is detected on road, once overheat, can send corresponding signal to safety chip 3, by pacifying
Full chip 3 is scheduled each chip, for example, each chip can be allowed to enter low-power consumption mode, reduces calorific value or safety chip
3 can prompt the working condition of current network isolation password board, for example, green light can represent all just with external indicator light 82
Often, amber light represents busy, and red light represents in extreme working position or breaks down, and such as overheats, device failure lamp.
Specifically, above-mentioned safety chip 3 may include for communicating with external device UART interface.
Further, in order to verify to user, safety chip 3 can also include intelligent card interface;
It is communicated specifically, the smart card that family is held can be used by intelligent card interface with safety chip 3, safety
Chip 3 will verify the verification information stored in smart card, identification user right etc., so that user is only capable of weighing using with it
The corresponding operation of limit.
Meanwhile it can be with storage section key, for example, key and identity authentication key are protected, specifically, net in smart card
It may include that protection key, identity authentication key, session key, user key and key encryption are close in network isolation password board
Key;Wherein,
Protecting key is first order key, for protecting, managing secondary key and three-level key.Protect key can be by two
A component composition, a part there are in safety chip 3, deposit within a smart card by another part, carries out Hash after two component splicings
Operation obtains protection key.
Identity authentication key, user key and key-encrypting key are secondary keys.Wherein identity authentication key is symmetrical
Key, for identifying user identity, not to using open system.Identity authentication key can be stored to two places, first is that encryption
It stores in cryptographic algorithm chip 4, second is that stored in clear, into smart card, identity authentication key is carried out using password in smart card
Protection, and cannot export.When operator logs in, using using the method in the mechanism of symmetric encipherment algorithm, identify operator
Identity.
User key is public private key pair, and user encryption key is symmetric key, to open system is applied, carries out data and adds
Close, signature sign test, generation session key.
Session key is three-level key, is used to carry out encryption and decryption to session data.
Wherein, the management of key should meet: the use of equipment protection key and device keys is not to using open system;It is close
After key generates, it should be stored in safety zone, and be encryption storage;All keys in addition to public key are provided with access privilege control
Mechanism, it is not open to unauthorized user;Key in addition to public key is not appeared in outside Network Isolation password board with plaintext version;
Cipher key management operation support generates, imports, stores, backs up, restores and destroys the entire key storage phase.
It is understood that the life period of equipment state of Network Isolation password board includes: factory state, first dress state
And ready state.The transfer and storage of state are safeguarded by master control.
Factory state: just downloading master control firmware, state when in equipment without any sensitive security parameter.Equipment just produces
It is in this state out, or R1 loses, actively presses destruction key in allocation, use process, administrator destroys equipment or maintenance
Member, which logs in rear equipment, can also be transformed into factory state.
It just fills state: having generated state when firmware signature value, R1, while corresponding firmware signature private key and guarantor in equipment
Shield key is stored in equipment assembly card.In this state when equipment is dispensed into Subscriber Unit for the first time, or make in user
This state can be undergone again after being restored to factory state when with process;
Ready state: state when administrator's account and maintenance person's account has been generated in equipment.
Specifically, due to introducing identity authentication key, it is possible to be weighed accordingly for the user of different identity
Limit setting;Wherein,
Equipment manager: equipment manager is furnished with equipment manager certification card, while after logging in two administrator's accounts, can
It realizes the generation, backup, recovery of sensitive security parameter in equipment and destroys operation;
Plant maintenance person: plant maintenance person is furnished with plant maintenance person's certification card, and certain hardware events can be tentatively judged after logging in
Barrier, can sensitive security parameter in cleaning equipment, administrator block there are more than two failures or lose when, can be used to restore all
Equipment is to factory state
Equipment operator: user is furnished with user authentication card, logs in rear inoperable equipment, only uses and user identity phase
The security service of pass.
It is understood that above-mentioned administrator authentication card, plant maintenance person's certification card and user authentication card are smart card
A kind of form.
Specifically, smart card can also include following classification:
System smart card:, can when cannot be started up when equipment failure for the smart card of alternate device protection key
To use system smart card, restorer protects key;
Equipment management smart card: for verifying the smart card of equipment manager identity, holding equipment management smart card can make
With device management software, relevant device management operation is carried out;
User smart card: storage device power-up component authenticates for device power-up, only holds the personnel of user smart card,
Network Isolation password board can be just operated, the cryptographic service provided using Network Isolation password board.
It is understood that can be according to practical application request, by being merged into for the standalone feature selectivity of three kinds of smart cards
One card uses, and forms a kind of new combined intelligent card.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that
A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except there is also other identical elements in the process, method, article or apparatus that includes the element.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond the scope of the utility model.
Technology contents provided by the utility model are described in detail above, specific case pair used herein
The principles of the present invention and embodiment are expounded, and the above embodiments are only used to help understand, and this is practical new
The method and its core concept of type;At the same time, for those skilled in the art is having based on the idea of the present invention
There will be changes in body embodiment and application range, in conclusion the content of the present specification should not be construed as to originally practical
Novel limitation.
Claims (10)
1. a kind of Network Isolation password board, which is characterized in that including communication interface, FPGA isolation exchange control chip, safety
Chip, cryptographic algorithm chip, the first extended menory and the second extended menory;
The communication interface, FPGA isolation exchange control chip and the cryptographic algorithm chip are sequentially connected, the safety
Chip is isolated exchange control chip connection with the FPGA, first extended menory respectively with the safety chip and described
FPGA isolation exchange control chip connection, second extended menory are connect with the safety chip;
The safety chip, for dispatching FPGA isolation exchange control chip, first extended menory and described the
Data in two extended menories;
The FPGA isolation exchange control chip, in the communication interface, the safety chip, the cryptographic algorithm chip
Data relay is carried out between first extended menory;
The cryptographic algorithm chip, for being encrypted to data;
The communication interface, for establishing the communication connection of FPGA isolation exchange the control chip and host computer;
First extended menory, the data sent for storing the FPGA isolation exchange control chip;
Second extended menory, the data sent for storing the safety chip.
2. Network Isolation password board according to claim 1, which is characterized in that the communication interface is that PCIE X1 connects
Mouthful.
3. Network Isolation password board according to claim 1, which is characterized in that the FPGA isolation exchange control chip
Including SSX30-E chip, HSM2-H2 chip and HSM4-G2 chip.
4. Network Isolation password board according to claim 1, which is characterized in that further include being connect with the safety chip
For power supply power supply.
5. Network Isolation password board according to claim 4, which is characterized in that the power supply is classified using power supply
Design.
6. Network Isolation password board according to claim 4, which is characterized in that the safety chip and power supply electricity
It between source, including is connect respectively with second extended menory and the power supply, for realizing the safety of light current protection
Protective device;
The safety device sends the first protection signal to second expansion for detecting the voltage of the power supply
Open up memory;
Second extended menory is also used to empty the data being locally stored according to the first protection signal.
7. Network Isolation password board according to claim 6, which is characterized in that the safety device includes being used for
Detect the physical protection sensor of the shell integrity degree of the Network Isolation password board, the physical protection sensor with it is described
The connection of second extended menory;
The physical protection sensor sends second according to the shell status information for obtaining the shell status information
Protect signal to second extended menory;
Second extended menory is also used to empty the data being locally stored according to the second protection signal.
8. Network Isolation password board according to claim 6, which is characterized in that further include connecting with the safety chip
It connects, is used to indicate the indicator light of the Network Isolation password board working condition.
9. Network Isolation password board according to claim 6, which is characterized in that the safety chip includes that UART connects
Mouthful.
10. Network Isolation password board according to any one of claims 1 to 9, which is characterized in that the safety chip packet
Include intelligent card interface;
The intelligent card interface, is used for and smart card communications, the transmission verifying number between the safety chip and the smart card
According to.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201920971845.3U CN209608668U (en) | 2019-06-25 | 2019-06-25 | A kind of Network Isolation password board |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201920971845.3U CN209608668U (en) | 2019-06-25 | 2019-06-25 | A kind of Network Isolation password board |
Publications (1)
Publication Number | Publication Date |
---|---|
CN209608668U true CN209608668U (en) | 2019-11-08 |
Family
ID=68408226
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201920971845.3U Active CN209608668U (en) | 2019-06-25 | 2019-06-25 | A kind of Network Isolation password board |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN209608668U (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110166240A (en) * | 2019-06-25 | 2019-08-23 | 南方电网科学研究院有限责任公司 | A kind of Network Isolation password board |
-
2019
- 2019-06-25 CN CN201920971845.3U patent/CN209608668U/en active Active
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110166240A (en) * | 2019-06-25 | 2019-08-23 | 南方电网科学研究院有限责任公司 | A kind of Network Isolation password board |
CN110166240B (en) * | 2019-06-25 | 2024-05-03 | 南方电网科学研究院有限责任公司 | Network isolation password board card |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4890248B2 (en) | Control access to a given area | |
US7205883B2 (en) | Tamper detection and secure power failure recovery circuit | |
US9246691B2 (en) | System, method and apparata for secure communications using an electrical grid network | |
CN100365641C (en) | Method for protecting computer login using disposable password | |
JP4603167B2 (en) | Communication between modules of computing devices | |
CN102597960B (en) | Data protecting device | |
EP3949333A1 (en) | Verifying identity of a vehicle entering a trust zone | |
CN101237353B (en) | A method and system for monitoring mobile storage device based on USBKEY | |
CN107563213B (en) | Safety secrecy control device for preventing data extraction of storage equipment | |
CN103679062A (en) | Intelligent electric meter main control chip and security encryption method | |
CN102065148A (en) | Memory system access authorizing method based on communication network | |
US10680814B2 (en) | Device key security | |
US9042553B2 (en) | Communicating device and communicating method | |
CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
CN106027467A (en) | Identity card reading response system | |
CN209608668U (en) | A kind of Network Isolation password board | |
CN104363093A (en) | Method for encrypting file data by dynamic authorization code | |
CN111236105A (en) | Management method, device and system of parking spot lock and parking spot lock | |
CN110166240A (en) | A kind of Network Isolation password board | |
CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
CN106027477A (en) | Identity card reading response method | |
CN105991649B (en) | A kind of scheduling system of reading identity card | |
CN102497637B (en) | Security information protection secret-related equipment processing system and method based on WSN base station control | |
CN101894233B (en) | Trusted reconfigurable device and using method thereof | |
KR20080042582A (en) | System and method for protecting a user device using a token device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GR01 | Patent grant | ||
GR01 | Patent grant |