CN215117523U - Server data protection system based on PUFs hardware encryption board card - Google Patents
Server data protection system based on PUFs hardware encryption board card Download PDFInfo
- Publication number
- CN215117523U CN215117523U CN202120859550.4U CN202120859550U CN215117523U CN 215117523 U CN215117523 U CN 215117523U CN 202120859550 U CN202120859550 U CN 202120859550U CN 215117523 U CN215117523 U CN 215117523U
- Authority
- CN
- China
- Prior art keywords
- pufs
- data
- board card
- hardware
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses a server data protection system based on PUFs hardware encryption board card, including the hardware encryption board card based on PUFs, data storage server, host computer, the hardware encryption board card based on PUFs is connected with data storage server, and data storage server is connected with the host computer; the hardware encryption board card based on the PUFs comprises a PUFs key extraction module and an AES symmetric encryption module, wherein the PUFs key extraction module is connected with the AES symmetric encryption module, and the AES symmetric encryption module is connected with a PCIE data transmission path; the PUFs key extraction module consists of a PUFs key extraction circuit, an error correction circuit and an auxiliary data memory, wherein the PUFs key extraction circuit, the auxiliary data memory and the error correction circuit are connected; the utility model discloses a server data protection system can realize that data encryption through the hardware integrated circuit board, has guaranteed the high efficiency to sensitive data protection to regard the fingerprint characteristic of hardware circuit as the key use, can resist the physics and attack, promoted the security of system.
Description
Technical Field
The utility model relates to a server data protection system based on PUFs hardware encryption integrated circuit board for to sensitive data protection.
Background
With the rapid development of information technologies such as internet of things, cloud computing and big data, data plays a crucial role in life of people, the landing of applications such as mobile software, big data analysis and smart home is promoted, and great convenience is brought to the working life of people. Because the data has the characteristics of multiple types and large volume, the server is usually selected to manage the data, so that safe storage, timely updating and reliable backup are realized. Therefore, the data storage system of the server plays an important role in the development process of the current information age.
However, the security and privacy of server stored data become important issues that hinder the development of storage systems. If sensitive data is not protected, once the data is leaked, not only can safety problems be caused, but also huge damage can be caused to the privacy of users. The storage system of the existing server usually adopts a software encryption mode to protect sensitive data. The encryption speed of the method relying on software is limited, and once the data volume is large and the request quantity is large, the high efficiency of encryption and decryption services cannot be ensured.
Currently, such software encryption needs to secure the key. However, once the server is subjected to invasive attack means such as physical attack and the like, so that the encryption key is leaked, the security and privacy of the data can still be threatened.
SUMMERY OF THE UTILITY MODEL
The utility model aims to solve the technical problem that a server data protection system based on PUFs hardware encryption integrated circuit board is provided, realize that the server is high-efficient, reliable data protection.
For solving the technical problem, the utility model discloses server data protection system based on PUFs hardware encryption integrated circuit board, include hardware encryption integrated circuit board, PCIE data transmission route, data storage server, host computer based on PUFs, hardware encryption integrated circuit board based on PUFs passes through PCIE data transmission route and is connected with data storage server, data storage server and host computer connection.
The hardware encryption board card based on the PUFs comprises a PUFs key extraction module and an AES symmetric encryption module, wherein the PUFs key extraction module is connected with the AES symmetric encryption module, the AES symmetric encryption module is connected with a PCIE data transmission path, the PUFs key extraction module provides a physically safe encryption key, and a key practically generated by the AES hardware encryption module encrypts sensitive data.
The PUFs key extraction module is composed of a PUFs key extraction circuit, an error correction circuit and an auxiliary data memory, and the PUFs key extraction circuit, the auxiliary data memory and the error correction circuit are connected. The error correction circuit resists the interference of environmental factors and ensures the reliability of the generated key; the auxiliary data memory stores auxiliary data for error correction.
The PCIE data path is used for realizing efficient communication between the server and the hardware encryption board card; PCIE interfaces are arranged at both the server end and the hardware board card end.
The data storage server is used for storing common data and encrypted sensitive data, the sensitive data are encrypted by the PCIE transmission path to the hardware encryption board card, and then ciphertext data are returned to the server for safe storage.
The AES encryption module adopts a hardware circuit form, realizes AES symmetric encryption, and protects data by using PUFs secret keys.
The data storage server comprises a data storage module, an upper computer interface and a PCIE interface, wherein the data storage module is used for storing common data and encrypted sensitive data, and the data are sent to a hardware encryption board card based on the PUFs through the PCIE interface for encryption and decryption; and the upper computer interface is used for communicating the data storage server with the upper computer.
And the PCIE interface is used for connecting the PCIE transmission path and transmitting and receiving data. And the PCIE interface is communicated with the hardware encryption board card based on the PUFs and transmits the data to be protected to the hardware encryption board card based on the PUFs. And the data storage server realizes the communication between the server and an upper computer through an upper computer interface. The upper computer is used for displaying information of users and file storage directories and can monitor the encryption performance of the hardware board card in real time.
The utility model discloses a server data protection system can realize that data encryption through the hardware integrated circuit board, has guaranteed the high efficiency to sensitive data protection to regard the fingerprint characteristic of hardware circuit as the key use, can resist the physics and attack, promoted the security of system.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a block diagram of the server protection system of the present invention.
Fig. 2 is a schematic diagram of a composition of a hardware encryption board based on the PUFs.
FIG. 3 is a schematic diagram of a PUFs key extraction module.
FIG. 4 is a schematic diagram of the composition of a data storage server.
Detailed Description
As shown in fig. 1, the utility model discloses a server data protection system based on PUFs hardware encryption integrated circuit board, include: the hardware encryption board card based on the PUFs, the PCIE data transmission path, the data storage server (for example, a beacon communication server is adopted), and the upper computer (for example, a desktop computer, a notebook computer and the like are adopted). The data storage server is used for storing common data and encrypted sensitive data, the sensitive data are encrypted to the hardware encryption board card based on the PUFs through the PCIE data transmission path, and then ciphertext data are returned to the data storage server to be safely stored. Wherein:
(1) hardware encryption board card based on PUFs
As shown in fig. 2, the hardware encryption board is a Xilinx Kintex7 FPGA board, and includes a PUFs key extraction module (for example, a corresponding module in a text is adopted in a key generation mechanism (Chenjian) based on BR-PUFs, a key generation mechanism [ D ] based on BR-PUFs, south kyo: university of southeast, 2019), an AES symmetric encryption module (for example, a corresponding module in a text is adopted in a hardware implementation of an AES cryptographic algorithm (wang 18836; kun. a hardware implementation of an AES cryptographic algorithm [ J ] modern electronic technology, 2010 (16): 10-13 ])), and a PCIE interface, the PUFs key extraction module provides a PUFs key to the AES symmetric encryption module for encrypting sensitive data, and the pcfs key extraction module sends data to the data storage server through a PCIE data transmission channel.
A PUFs key extraction module, as shown in fig. 3, in which a hardware extraction circuit (hardware fingerprint extraction circuit) is implemented by using BR PUFs, receives 128-bit excitation, and generates a 128-bit response; the auxiliary data is extracted from the auxiliary data memory and sent with the response to an error correction module (circuit) that generates the PUFs keys for encryption.
And the AES symmetric encryption module uses the PUFs secret key extraction module data to encrypt or decrypt. The Data processed by the hardware encryption board card is transmitted to the PCIE interface through a Data Channel (PCIE Data transmission Channel).
And a PCIE data channel is used between the hardware encryption board card and the data storage server, so that the high-efficiency transmission of data is realized.
(2) Data storage server
As shown in fig. 4, the data storage server is a beacon R2200V 5 high-performance server, and includes a data storage module, a PCIE interface, and an upper computer interface; the data storage module selects different data types, files are directly stored in a system path, path information is stored in a mysql database, information such as accounts, passwords and identity cards of users is directly stored in the database, and information needing encryption is transmitted to the hardware encryption board card through the PCIE interface for further processing.
(3) Upper computer
The upper computer is a desktop computer, is communicated with the server through a network port and is used for displaying user and file management information, and the running condition of the hardware board card based on the PUFs can be monitored in real time.
The utility model relates to an above the utility model relates to a module, algorithm etc. are prior art, are not limited to the list in the above-mentioned embodiment, the key of the utility model is that the relation of connection realizes data encryption through the hardware integrated circuit board, has guaranteed the high efficiency to sensitive data protection to use the fingerprint characteristic of hardware circuit as the secret key, can resist physics and attack, promoted the security of system.
The above-mentioned embodiment does not limit the utility model in any way, and all the technical solutions that adopt the mode of equivalent replacement or equivalent transform to obtain all fall within the protection scope of the utility model.
Claims (2)
1. The server data protection system based on the PUFs hardware encryption board card is characterized by comprising the PUFs hardware encryption board card, a PCIE data transmission path, a data storage server and an upper computer, wherein the PUFs hardware encryption board card is connected with the data storage server through the PCIE data transmission path, and the data storage server is connected with the upper computer; the hardware encryption board card based on the PUFs comprises a PUFs key extraction module and an AES symmetric encryption module, wherein the PUFs key extraction module is connected with the AES symmetric encryption module, and the AES symmetric encryption module is connected with a PCIE data transmission path; the PUFs key extraction module is composed of a PUFs key extraction circuit, an error correction circuit and an auxiliary data memory, and the PUFs key extraction circuit, the auxiliary data memory and the error correction circuit are connected.
2. The system according to claim 1, wherein the server data protection system based on the PUFs hardware encryption board card comprises: the data storage server comprises a data storage module, an upper computer interface and a PCIE interface, wherein the data storage module is used for storing common data and encrypted sensitive data, and the data are sent to a hardware encryption board card based on the PUFs through the PCIE interface for encryption and decryption; and the upper computer interface is used for communicating the data storage server with the upper computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202120859550.4U CN215117523U (en) | 2021-04-25 | 2021-04-25 | Server data protection system based on PUFs hardware encryption board card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202120859550.4U CN215117523U (en) | 2021-04-25 | 2021-04-25 | Server data protection system based on PUFs hardware encryption board card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN215117523U true CN215117523U (en) | 2021-12-10 |
Family
ID=79271547
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202120859550.4U Active CN215117523U (en) | 2021-04-25 | 2021-04-25 | Server data protection system based on PUFs hardware encryption board card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN215117523U (en) |
-
2021
- 2021-04-25 CN CN202120859550.4U patent/CN215117523U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100487715C (en) | Date safety storing system, device and method | |
| CN106789052B (en) | Remote key issuing system based on quantum communication network and use method thereof | |
| CN100464549C (en) | Method for realizing data safety storing business | |
| CN103780622A (en) | Data classification and encryption method for cloud storage | |
| EP2466508A1 (en) | Deduplicated and encrypted backups | |
| CN107295069A (en) | Data back up method, device, storage medium and server | |
| CN103731475B (en) | A kind of data protection system | |
| CN103530201A (en) | Safety data repetition removing method and system applicable to backup system | |
| CN105184935A (en) | Bluetooth intelligent lock system capable of sharing passwords by WeChat | |
| US20150019875A1 (en) | Portable device for data encryption/decryption and/or compression/decompression | |
| CN104618096A (en) | Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center | |
| CN102468962A (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
| CN115085934A (en) | Contract management method based on block chain and combined key and related equipment | |
| CN114239015A (en) | Data security management method and device, data cloud platform and storage medium | |
| CN215117523U (en) | Server data protection system based on PUFs hardware encryption board card | |
| CN109698839B (en) | Desensitization data comparison method and device based on asymmetric algorithm | |
| CN110210199B (en) | Internet of things equipment identity authentication method based on fingerprint acquisition and identification | |
| CN102761559A (en) | Private data-based network security sharing method and communication terminal | |
| CN105357005A (en) | Electric power trusted computing cryptographic module for PCI/PCI-E interface | |
| CN112217806B (en) | Data transmission encryption method, server and storage medium | |
| CN201838004U (en) | Hardware encryption card for computer interface | |
| CN115883078A (en) | File encryption method, file decryption method, file encryption device, file decryption equipment and storage medium | |
| CN115694922A (en) | File transmission encryption method and equipment under domestic CPU and OS | |
| CN114239014A (en) | File processing method and device based on offline device and electronic device | |
| CN114390518A (en) | Encryption method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |