[go: up one dir, main page]

CN108306868A - Data security communication device and method - Google Patents

Data security communication device and method Download PDF

Info

Publication number
CN108306868A
CN108306868A CN201810052878.8A CN201810052878A CN108306868A CN 108306868 A CN108306868 A CN 108306868A CN 201810052878 A CN201810052878 A CN 201810052878A CN 108306868 A CN108306868 A CN 108306868A
Authority
CN
China
Prior art keywords
roads
signal
key
module
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810052878.8A
Other languages
Chinese (zh)
Inventor
晏浩文
陈伟
刘宇
刘建国
祝宁华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Semiconductors of CAS
Original Assignee
Institute of Semiconductors of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Semiconductors of CAS filed Critical Institute of Semiconductors of CAS
Priority to CN201810052878.8A priority Critical patent/CN108306868A/en
Publication of CN108306868A publication Critical patent/CN108306868A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

一种数据保密通信装置及方法,该装置包括:混合解混模块,用于根据第一密钥对M路第一原始数据和N‑M路随机信号进行混合处理,确定N路混合信号;加解密模块,根据第一密钥分别对N路混合信号进行加密,确定N路已加密信号;绑定解绑模块,对N路已加密信号进行绑定处理,确定绑定的N路第一保密信号;和/或对N路第二保密信号进行解绑处理,确定并输出对齐的N路解绑信号至加解密模块进行解密处理,加解密模块根据第二密钥确定并输出N路已解密信号至混合解混模块进行解混处理,混合解混模块根据第二密钥确定并输出L路第二原始数据。本发明能对N路数据进行保密处理,破译难度大;数据由N条信道同时发送,提高了通信系统物理链路的安全性。

A data security communication device and method, the device includes: a mixing and unmixing module, which is used to perform mixed processing on M channels of first original data and N-M channels of random signals according to a first key, to determine N channels of mixed signals; The decryption module encrypts the mixed signals of the N channels respectively according to the first key, and determines the encrypted signals of the N channels; the binding and unbinding module performs binding processing on the encrypted signals of the N channels, and determines the first confidentiality of the bound N channels signal; and/or unbundle the second confidential signal of N paths, determine and output the aligned N path unbundling signals to the encryption and decryption module for decryption processing, and the encryption and decryption module determines and outputs N paths of decrypted signals according to the second key The signal is sent to the mixing and unmixing module for unmixing processing, and the mixing and unmixing module determines and outputs L channels of second original data according to the second key. The invention can carry out confidential processing on N channels of data, and it is difficult to decipher; the data is sent by N channels at the same time, which improves the security of the physical link of the communication system.

Description

数据保密通信装置及方法Data security communication device and method

技术领域technical field

本发明涉及保密通信领域,尤其涉及一种数据保密通信装置及方法。The invention relates to the field of secure communication, in particular to a data secure communication device and method.

背景技术Background technique

随着信息时代的来临,网络在不知不觉间成为了我们生活中必不可少的一部分,深刻的影响着政治、经济、文化等多方面的建设,保证网络信息安全无论对个人、企业,还是国家都有着重要的意义。当前大多数的保密通信方法和装置都是基于一种加密算法的,且密钥长度有限,随着计算机运算能力的迅速增加已经不再安全;另外,当前大多数的保密通信方法和装置只保护一路信息,当需要保护多路信息时需要多个设备。With the advent of the information age, the network has unknowingly become an indispensable part of our lives, profoundly affecting the construction of politics, economy, culture and many other aspects, ensuring network information security no matter for individuals, enterprises or Countries are important. Most of the current secure communication methods and devices are based on an encryption algorithm, and the key length is limited. With the rapid increase of computer computing power, it is no longer safe; in addition, most of the current secure communication methods and devices only protect One channel of information, multiple devices are required when multiple channels of information need to be protected.

发明内容Contents of the invention

(一)要解决的技术问题(1) Technical problems to be solved

本发明的目的在于提供一种数据保密通信装置及方法,已解决上述的至少一项技术问题。The object of the present invention is to provide a data security communication device and method, which have solved at least one of the above technical problems.

(二)技术方案(2) Technical solutions

本发明的一方面,提供了一种数据保密通信装置,包括:One aspect of the present invention provides a data security communication device, including:

密钥存储模块,用于存储外界输入第一密钥和第二密钥;A key storage module, configured to store the first key and the second key input by the outside world;

混合解混模块,用于根据所述第一密钥对外界输入的M路第一原始数据和N-M路随机信号进行混合处理,确定N路混合信号,其中,N为大于1的正整数,N≥M;The mixing and unmixing module is used to perform mixed processing on M channels of first raw data and N-M channels of random signals input from the outside according to the first key, and determine N channels of mixed signals, wherein N is a positive integer greater than 1, and N ≥ M;

加解密模块,包括N个加解密单元,各加解密单元用于根据所述第一密钥分别对所述N路混合信号进行加密,确定N路已加密信号;以及An encryption and decryption module, including N encryption and decryption units, each encryption and decryption unit is used to respectively encrypt the N-way mixed signals according to the first key, and determine the N-way encrypted signals; and

绑定解绑模块,用于对所述N路已加密信号进行绑定处理,确定绑定的N路第一保密信号;和/或对外界输入的N路第二保密信号进行解绑处理,确定并输出对齐的N路解绑信号至加解密模块进行解密处理,加解密模块根据所述第二密钥确定并输出N路已解密信号至混合解混模块进行解混处理,混合解混模块根据所述第二密钥确定并输出L路第二原始数据,L为大于1的正整数,L≤N。A binding and unbinding module, configured to perform binding processing on the N channels of encrypted signals, determine the bound N channels of first confidential signals; and/or perform unbinding processing on N channels of second confidential signals input from the outside, Determine and output the aligned N-way unbundling signals to the encryption and decryption module for decryption processing, the encryption and decryption module determines and output the N-way decrypted signals to the mixing and unmixing module for unmixing processing according to the second key, and the mixing and unmixing module Determine and output L channels of second original data according to the second key, where L is a positive integer greater than 1, and L≤N.

在本发明的一些实施例中,所述混合解混模块包括随机信号发生器,所述随机信号发生器用于产生N-M路位宽为A的随机信号,其中,A为第一原始数据的位数。In some embodiments of the present invention, the hybrid unmixing module includes a random signal generator, and the random signal generator is used to generate N-M random signals with a bit width of A, where A is the number of bits of the first original data .

在本发明的一些实施例中,所述混合解混模块还包括:混合解混控制器,所述混合解混控制器用于根据时钟周期和第一密钥,控制M路第一原始数据和N-M路随机信号至N个输出端的对应关系;和/或根据时钟周期和第二密钥,控制N路已解密信号至L个第二原始数据输出端的对应关系。In some embodiments of the present invention, the mixing and unmixing module further includes: a mixing and unmixing controller, and the mixing and unmixing controller is used to control M paths of first raw data and N-M and/or according to the clock cycle and the second key, control the correspondence between the N decrypted signals and the L second original data output terminals.

在本发明的一些实施例中,所述加解密单元为AEES算法单元和/或DES算法单元。In some embodiments of the present invention, the encryption and decryption unit is an AEES algorithm unit and/or a DES algorithm unit.

在本发明的一些实施例中,加解密模块还包括:In some embodiments of the present invention, the encryption and decryption module also includes:

加解密控制器,用于确保同一时间进入加解密模块的混合信号/解绑信号在经过加解密模块处理后同时输出。The encryption and decryption controller is used to ensure that the mixed signal/unbundling signal entering the encryption and decryption module at the same time is output at the same time after being processed by the encryption and decryption module.

在本发明的一些实施例中,所述数据保密通信装置与输出N路第二保密信号的第二数据保密通信装置通信,所述数据保密通信装置的第一密钥和所述第二数据保密通信装置第二密钥一致。In some embodiments of the present invention, the data secure communication device communicates with a second data secure communication device that outputs N channels of second secret signals, and the first key of the data secure communication device and the second data secure The second key of the communication device is the same.

在本发明的一些实施例中,还包括:发射接收模块,用于发射所述第一保密信号至第二数据保密通信装置,以及接收第二数据保密通信装置输出的第二保密信号。In some embodiments of the present invention, it further includes: a transmitting and receiving module, configured to transmit the first secure signal to the second data secure communication device, and receive the second secure signal output by the second data secure communication device.

本发明的另一方面,还提供了一种数据保密通信方法,包括:Another aspect of the present invention also provides a data security communication method, including:

根据外界输入的第一密钥对外界输入的M路第一原始数据和N-M路随机信号进行混合处理,确定N路混合信号,其中,M为大于1的正整数,N≥M;According to the first key input from the outside world, the first raw data of M paths input from the outside world and the random signal of N-M paths are mixed to determine N paths of mixed signals, wherein M is a positive integer greater than 1, and N≥M;

根据所述第一密钥分别对所述N路混合信号进行加密,确定N路已加密信号;以及Encrypt the N channels of mixed signals respectively according to the first key to determine N channels of encrypted signals; and

对所述N路已加密信号进行绑定处理,确定绑定的N路第一保密信号;和/或对外界输入的N路第二保密信号进行解绑处理,确定并输出对齐的N路解绑信号至加解密模块进行解密处理,加解密模块根据所述第二密钥确定并输出N路已解密信号至混合解混模块进行解混处理,混合解混模块根据所述第二密钥确定并输出L路第二原始数据,L为大于1的正整数,L≤N。performing binding processing on the N encrypted signals, determining the bound N encrypted first confidential signals; and/or performing unbinding processing on the N encrypted second encrypted signals input from the outside, determining and outputting the aligned N encrypted signals. Bind the signal to the encryption and decryption module for decryption processing, the encryption and decryption module determines and outputs N-way decrypted signals to the mixing and unmixing module for unmixing processing according to the second key, and the mixing and unmixing module determines according to the second key And output L channels of second original data, L is a positive integer greater than 1, L≤N.

在本发明的一些实施例中,所述加密/解密处理是通过AES算法和/或DES算法实现的。In some embodiments of the present invention, the encryption/decryption processing is implemented by AES algorithm and/or DES algorithm.

在本发明的一些实施例中,所述绑定处理是通过在N路已加密信号的帧头前加入标志序列来实现的。In some embodiments of the present invention, the binding process is realized by adding a flag sequence before the frame header of the N-channel encrypted signals.

(三)有益效果(3) Beneficial effects

本发明的数据保密通信装置及方法,相较于现有技术,至少具有以下优点:Compared with the prior art, the data security communication device and method of the present invention has at least the following advantages:

1、通过对M路第一原始数据同时进行保密处理,破解时难度大,第一原始数据还由N条信道同时发送,需要同时窃取N路信号才能对数据进行恢复,单独窃取一路信号无法进行数据恢复,提高了通信系统物理链路的安全性。1. It is difficult to crack the first original data of M channels at the same time by performing confidential processing. The first original data is also sent by N channels at the same time. It is necessary to steal N channels of signals at the same time to restore the data, and it is impossible to steal one channel of signals alone. Data recovery improves the security of the physical link of the communication system.

2、还可以通过不同的加密算法对第一原始数据进行混合加密处理,丰富了算法的种类,增加了破译难度,提高了信息的安全性。2. Different encryption algorithms can also be used to perform mixed encryption processing on the first original data, which enriches the types of algorithms, increases the difficulty of deciphering, and improves the security of information.

附图说明Description of drawings

图1为本发明实施例的数据保密通信装置的结构示意图。FIG. 1 is a schematic structural diagram of a data secure communication device according to an embodiment of the present invention.

图2为本发明实施例的数据保密通信方法的步骤示意图。FIG. 2 is a schematic diagram of steps of a data secure communication method according to an embodiment of the present invention.

具体实施方式Detailed ways

目前,现有技术的保密通信方法和装置一般都基于一种加密算法,且只保护一路信息,有鉴于此,本发明提供了一种数据保密通信装置,能够给同时对M路第一原始数据进行保密处理,且能使用多种加密算法,密钥极长,突破了许多加密算法的密钥长度极限,破译难度大;此外,数据由N条信道同时发送,需要窃听所有信道才能恢复数据,大大提高了通信系统物理链路的安全性。At present, the security communication methods and devices in the prior art are generally based on an encryption algorithm, and only one channel of information is protected. In view of this, the present invention provides a data security communication device, which can simultaneously send M channels of first raw data Perform confidentiality processing, and can use a variety of encryption algorithms, the key is extremely long, breaking the key length limit of many encryption algorithms, and it is difficult to decipher; in addition, data is sent by N channels at the same time, and all channels need to be tapped to recover data. The security of the physical link of the communication system is greatly improved.

为使本公开的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本公开进一步详细说明。In order to make the purpose, technical solutions and advantages of the present disclosure clearer, the present disclosure will be further described in detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

本发明实施例的一方面,提供了一种数据保密通信装置,图1为本发明实施例的数据保密通信装置的结构示意图,如图1所示,该装置包括密钥存储模块1、混合解混模块2、加解密模块3和绑定解绑模块4。An aspect of the embodiment of the present invention provides a data secure communication device. FIG. 1 is a schematic structural diagram of the data secure communication device according to the embodiment of the present invention. As shown in FIG. 1 , the device includes a key storage module 1, a hybrid solution Mixing module 2, encryption and decryption module 3 and binding and unbinding module 4.

以下对这几个模块进行详细说明。These modules are described in detail below.

密钥存储模块1,用于存储外界输入的第一密钥和第二密钥,并将其输出至混合解混模块2和加解密模块3。在本发明的一些实施例中,其包括一矩阵键盘及其驱动作为输入设备,一I2C串行EEPROM(电可擦可编程只读存储器)及其驱动作为存储设备,其中键盘和EEPROM的驱动可以由FPGA(现场可编程门阵列)或者其他芯片实现。The key storage module 1 is used to store the first key and the second key input from the outside, and output them to the mixing and unmixing module 2 and the encryption and decryption module 3 . In some embodiments of the present invention, it includes a matrix keyboard and its driver as an input device, an I2C serial EEPROM (electrically erasable programmable read-only memory) and its driver as a storage device, wherein the drivers of the keyboard and EEPROM can be Realized by FPGA (Field Programmable Gate Array) or other chips.

密钥储模块有两种工作方式,上电后可通过矩阵键盘进行选择,选择工作方式一时,通过矩阵键盘按顺序键入所有密钥,密钥被存储在EEPROM中,并按顺序提供给混合解混模块2和加解密模块3;选择工作方式二时,不需要键入密钥,混合解混模块2和各加解密模块5按顺序从EEPROM中读取上次输入的密钥,完成准备工作。The key storage module has two working modes, which can be selected through the matrix keyboard after power-on. When the first working mode is selected, all keys are keyed in sequence through the matrix keyboard, and the keys are stored in EEPROM and provided to the hybrid solution in sequence. Mixing module 2 and encryption and decryption module 3; when selecting working mode two, no need to key in the key, mixing and unmixing module 2 and each encryption and decryption module 5 read the last input key from EEPROM in order, and complete the preparation work.

混合解混模块2,用于根据所述第一密钥对外界输入的M路第一原始信号和N-M路随机信号进行混合处理,确定M路混合信号;以及根据第二密钥对N路已解密信息进行解除混合处理,确定L路第二原始信号,L为大于1的正整数,L≤N。The mixing and unmixing module 2 is used to perform mixed processing on the M-way first original signal and the N-M-way random signal input from the outside according to the first key to determine the M-way mixed signal; The decrypted information is demixed to determine L channels of second original signals, where L is a positive integer greater than 1, and L≤N.

更具体地,该混合解混模块2可以包括随机信号发生器和混合解混控制器。More specifically, the hybrid unmixing module 2 may include a random signal generator and a hybrid unmixing controller.

在一些实施例中,随机信号发生器可以由N×A个m序列发生器构成,用于产生N-M路位宽为A的随机信号,每个m序列发生器的反馈结构或初始状态各不相同,可产生不同的伪随机信号。其中,所述随机信号和第一原始信号混合时的最小尺度为lbit。In some embodiments, the random signal generator may be composed of N×A m-sequence generators for generating N-M random signals with a bit width of A, and the feedback structure or initial state of each m-sequence generator is different , can generate different pseudo-random signals. Wherein, the minimum scale when the random signal is mixed with the first original signal is lbit.

混合解混控制器,在一些实施例中,混合解混控制器可以由字母集为N的A个无碰撞跳频序列集发生器构成,用于根据时钟周期和第一密钥,控制M路第一原始数据和N-M路随机信号至N个输出端的对应关系;和/或根据时钟周期和第二密钥,控制N路已解密信号至N个第二原始数据输出端的对应关系,其中,每个无碰撞的跳频序列集发生器的反馈结构或初始状态可以各不相同,可以产生不同的跳频序列集,A为第一原始数据的位数。The hybrid unmixing controller, in some embodiments, the hybrid unmixing controller can be composed of A non-collision frequency hopping sequence set generators whose alphabet set is N, and is used to control M channels according to the clock cycle and the first key The corresponding relationship between the first original data and the N-M random signals to the N output terminals; and/or according to the clock cycle and the second key, control the corresponding relationship between the N decrypted signals and the N second original data output terminals, wherein each The feedback structures or initial states of the generators of the collision-free frequency hopping sequence sets can be different, and different frequency hopping sequence sets can be generated, and A is the number of bits of the first original data.

无碰撞跳频序列集发生器的初始状态由输入密钥决定,用于控制混合解混模块的各个输入信号和随机信号由哪个端口输出,实现N路第一原始数据和随机信号的混合,例如,跳频序列集为[7,8,36,26...;14,16,23,45...;21,24,10,15...;...],第一个时钟周期,输入端口1输入的数据由输出端口7输出,输入端口2输入的数据由输出端口14输出,输入端口3输入的数据由输出端口21输出...,第二个时钟周期,输入端口1输入的数据由输出端口8输出,输入端口2输入的数据由输出端口16输出,输入端口3输入的数据由输出端口24输出...,依此类推。The initial state of the non-collision frequency hopping sequence set generator is determined by the input key, which is used to control which port each input signal and random signal of the mixing and unmixing module are output from, so as to realize the mixing of N-way first original data and random signals, for example , the frequency hopping sequence set is [7, 8, 36, 26...; 14, 16, 23, 45...; 21, 24, 10, 15...;...], the first clock cycle , the data input by input port 1 is output by output port 7, the data input by input port 2 is output by output port 14, the data input by input port 3 is output by output port 21..., the second clock cycle, input port 1 input The data of input port 8 is output by output port 8, the data input by input port 2 is output by output port 16, the data input by input port 3 is output by output port 24..., and so on.

加解密模块3,包括N个加解密单元,各加解密单元用于根据所述第一密钥分别对所述N路混合信号进行加密,确定N路已加密信号,N≥M;和/或根据所述第二密钥对绑定解绑模块输出的N路解绑信号进行解密处理,确定N路已解密信号。Encryption and decryption module 3, including N encryption and decryption units, each encryption and decryption unit is used to encrypt the N-channel mixed signals according to the first key, and determine N-channel encrypted signals, N≥M; and/or Deciphering the N-channel unbundling signals output by the binding-unbinding module according to the second key to determine the N-channel decrypted signals.

加解密单元可以是AES(高级加密标准)和DES(数据加密标准)等算法单元。每个算法单元所使用的加密算法或密钥可能相同可能不同。The encryption and decryption unit may be algorithm units such as AES (Advanced Encryption Standard) and DES (Data Encryption Standard). The encryption algorithm or key used by each algorithm unit may be the same or different.

还需注意的是,所述数据保密通信装置与输出N路第二保密信号的第二数据保密通信装置通信,所述数据保密通信装置的第一密钥和所述第二数据保密通信装置第二密钥一致,所述数据保密通信装置的加解密单元应与第二数据保密通信装置的加解密单元相同,这样才能保证正常通信。此外,同一数据保密通信装置的第一密钥与第二密钥可以相同也可以不同。It should also be noted that, the secure data communication device communicates with the second secure data communication device outputting N channels of second secret signals, and the first key of the secure data communication device and the first key of the secure data communication device of the second The two keys are consistent, and the encryption and decryption unit of the data security communication device should be the same as the encryption and decryption unit of the second data security communication device, so as to ensure normal communication. In addition, the first key and the second key of the same data secure communication device may be the same or different.

为实现同一时间进入加解密模块的混合信号/解绑信号在经过加解密模块处理后能够同时输出,还需要一加解密控制器,在一些实施例中,加解密模块控制器可以通过在加解密单元前后添加缓冲器实现,缓冲器根据加解密单元的指示信号对加解密模块的输入输出信号进行读写。In order to realize that the mixed signal/unbundling signal entering the encryption and decryption module at the same time can be output at the same time after being processed by the encryption and decryption module, an encryption and decryption controller is also needed. In some embodiments, the encryption and decryption module controller can pass through the encryption and decryption module. It is implemented by adding buffers before and after the unit, and the buffer reads and writes the input and output signals of the encryption and decryption module according to the instruction signal of the encryption and decryption unit.

由于各路数据经信道传输后到达接收端的时间各不相同,有一定的相对延时,接收到的N路第二保密信息必须对齐后才能进行后续处理,因此,本发明还包括一通道绑定模块,在发送时,使用特殊的标志序列(可以根据实际需求进行选择)对输入的N路已加密信息进行绑定,即在N路已加密信号的帧头前加入特殊的标志序列,在接收时,根据发送端添加的特殊标志序列,对齐N路第二保密信息;同时通道绑定模块还能通过对齐帧头,进一步对齐数据,提高接收端N路信号对齐的正确率。Since the time for each channel of data to arrive at the receiving end after being transmitted through the channel is different, there is a certain relative delay, and the received N-channel second confidential information must be aligned before subsequent processing can be performed. Therefore, the present invention also includes a channel binding The module, when sending, uses a special flag sequence (which can be selected according to actual needs) to bind the input N-way encrypted information, that is, add a special flag sequence before the frame header of the N-way encrypted signal, and receive At the same time, according to the special flag sequence added by the sending end, the second confidential information of the N channels is aligned; at the same time, the channel binding module can further align the data by aligning the frame headers, and improve the accuracy of the alignment of the N-channel signals at the receiving end.

此外,为了实现数据、信号的发射和接收,本发明的装置还可以包括一发射接收模块,用于发射所述第一保密信号至第二数据保密通信装置,以及接收第二数据保密通信装置输出的第二保密信号。In addition, in order to realize the transmission and reception of data and signals, the device of the present invention may also include a transmitting and receiving module, which is used to transmit the first confidential signal to the second data secure communication device, and receive the output of the second data secure communication device. The second secret signal of .

在一些实施例中,该发射接收模块包括但不限于光发射接收机、电发射接收机、红外发射接收机和无线电发射接收机等,具体选择与其接入的通信网络有关。本发明的数据保密通信装置与第二数据保密通信装置可以通过公共网络、军用网络、红外网络、光纤通信网络或者无线电通信网络等进行通信。In some embodiments, the transmitting and receiving module includes but is not limited to an optical transmitting receiver, an electrical transmitting receiver, an infrared transmitting receiver, and a radio transmitting receiver, etc., and the specific selection is related to the communication network it is connected to. The secure data communication device of the present invention can communicate with the second secure data communication device through a public network, a military network, an infrared network, an optical fiber communication network or a radio communication network.

可以理解的是,该数据保密通信装置可以基于FPGA、DSP(数字信号处理芯片)、单片机、ARM(Advanced RISC Machines)、ASIC(专用集成电路设计)等其他微处理器。It can be understood that the data security communication device may be based on other microprocessors such as FPGA, DSP (digital signal processing chip), single-chip microcomputer, ARM (Advanced RISC Machines), ASIC (application-specific integrated circuit design).

接着,结合图1来描述该数据保密通信装置的工作过程。Next, the working process of the data secure communication device will be described in conjunction with FIG. 1 .

当该数据保密通信装置作为加密端装置时,混合解混模块接收M路第一原始数据,并根据密钥存储模块1中的第一密钥对M路第一原始数据和N-M路随机信号进行混合处理,以得到N路混合信号,并将其输出至加解密模块3。加解密模块3接收该N路混合信号,并根据所述第一密钥对N路混合信号进行加密处理,得到并输出N路已加密信号。绑定解绑模块4接收N路已加密信号,并进行绑定处理,得到绑定的N路第一保密信号,至此,完成加密端的处理。When the data security communication device is used as an encryption terminal device, the mixing and unmixing module receives M channels of first original data, and performs M channels of first original data and N-M channels of random signals according to the first key in the key storage module 1. Mixing processing to obtain N channels of mixed signals, and output them to the encryption and decryption module 3 . The encryption and decryption module 3 receives the N channels of mixed signals, and encrypts the N channels of mixed signals according to the first key, and obtains and outputs N channels of encrypted signals. The binding and unbinding module 4 receives N channels of encrypted signals, and performs binding processing to obtain the bound N channels of first secret signals. So far, the processing at the encryption end is completed.

当该数据保密通信装置作为解密端装置时,绑定解绑模块4从与之通信的第二数据保密通信装置接收N路第二保密信号,并对其进行解绑处理,确定并输出对齐的N路解绑信号至加解密模块3。加解密模块3接收该N路解绑信号,并根据所述第二密钥对其进行解密处理,确定并输出N路已解密信号至混合解混模块2进行解混处理。混合解混模块2根据所述第二密钥,控制在每个时钟周期N路已解密信号输出至L路第二原始信号输出端的方式,得到并输出L路第二原始数据,至此,完成解密端的处理。When the data secure communication device is used as the decryption end device, the binding and unbinding module 4 receives N second secret signals from the second data secure communication device communicating with it, and performs unbinding processing on them, and determines and outputs the aligned The N-way unbundling signals are sent to the encryption and decryption module 3 . The encryption and decryption module 3 receives the N-channel unbundling signals, decrypts them according to the second key, determines and outputs the N-channel decrypted signals to the mixing and unmixing module 2 for unmixing processing. According to the second key, the mixing and unmixing module 2 controls the manner in which the decrypted signal of N paths is output to the second original signal output terminal of L paths in each clock cycle, and obtains and outputs the second original data of L paths, so far, the decryption is completed end processing.

本发明实施例的另一方面,还提供了一种数据保密通信方法,图2为本发明实施例的数据保密通信方法的步骤示意图,如图2所示,该方法包括以下步骤:In another aspect of the embodiment of the present invention, a data secure communication method is also provided. FIG. 2 is a schematic diagram of the steps of the data secure communication method according to the embodiment of the present invention. As shown in FIG. 2 , the method includes the following steps:

S1、根据外界输入的第一密钥对外界输入的M路第一原始数据和N-M路随机信号进行混合处理,确定N路混合信号,其中,M为大于1的正整数,N≥M。S1. Perform mixed processing on M channels of first raw data and N-M channels of random signals input from the outside according to the first key input from the outside, and determine N channels of mixed signals, where M is a positive integer greater than 1, and N≥M.

S2、根据所述第一密钥分别对所述N路混合信号进行加密,确定N路已加密信号。可以通过AES算法和DES算法或者其他算法实现加解密处理,本发明不作限制。S2. Encrypt the N channels of mixed signals respectively according to the first key, and determine N channels of encrypted signals. Encryption and decryption processing can be realized through AES algorithm, DES algorithm or other algorithms, which is not limited in the present invention.

S3、对所述N路已加密信号进行绑定处理,确定绑定的N路第一保密信号;和/或对外界输入的N路第二保密信号进行解绑处理,确定并输出对齐的N路解绑信号至加解密模块进行解密处理,加解密模块根据所述第二密钥确定并输出N路已解密信号至混合解混模块进行解混处理,混合解混模块根据所述第二密钥确定并输出L路第二原始数据,L为大于1的正整数,L≤N。S3. Perform binding processing on the N channels of encrypted signals, determine the bound N channels of first confidential signals; and/or perform unbinding processing on the N channels of second confidential signals input from the outside, determine and output aligned N channels The unbundled signals of the channels are sent to the encryption and decryption module for decryption processing, and the encryption and decryption module determines and outputs the decrypted signals of N channels to the mixing and unmixing module for unmixing processing according to the second key. The key determines and outputs L channels of second original data, where L is a positive integer greater than 1, and L≤N.

所述第一原始数据以及第二保密信号可以是串行信号,也可以是并行信号(看成多个单独的串行信号)。当是并行信号时,其中的每个单独的串行信号对应的输出端可以相同也可以不相同,其具体由混合解混控制器和对应密钥决定。The first original data and the second secret signal may be serial signals or parallel signals (considered as multiple individual serial signals). When it is a parallel signal, the output terminals corresponding to each individual serial signal may be the same or different, which is specifically determined by the mixing and unmixing controller and the corresponding key.

由于各路数据经信道传输后到达接收端的时间各不相同,有一定的相对延时,接收到的N路第二保密信息必须对齐才能进行后续处理,因此,在发送时,还可以使用特殊的标志序列(可以根据实际需求进行选择)对输入的N路已加密信息进行绑定,在接收时,根据发送端添加的特殊标志序列,对齐N路第二保密信息;同时还能通过对齐帧头,进一步对齐数据,提高接收端N路数据对齐的正确率。Since the time for each channel of data to reach the receiving end after transmission through the channel is different, there is a certain relative delay, and the received N channels of second confidential information must be aligned before subsequent processing can be performed. Therefore, when sending, you can also use a special The flag sequence (which can be selected according to actual needs) binds the input N-way encrypted information. When receiving, according to the special flag sequence added by the sender, align the N-way second secret information; at the same time, it can also align the frame header , to further align the data and improve the accuracy of the alignment of N-way data at the receiving end.

除非有所知名为相反之意,本说明书及所附权利要求中的数值参数是近似值,能够根据通过本公开的内容所得的所需特性改变。具体而言,所有使用于说明书及权利要求中表示组成的含量、反应条件等等的数字,应理解为在所有情况中是受到“约”的用语所修饰。一般情况下,其表达的含义是指包含由特定数量在一些实施例中±10%的变化、在一些实施例中±5%的变化、在一些实施例中±1%的变化、在一些实施例中±0.5%的变化。Unless known to the contrary, the numerical parameters set forth in the specification and attached claims are approximations that can vary depending upon the desired properties obtained from the teachings of the present disclosure. Specifically, all numbers used in the specification and claims to represent the content of the composition, reaction conditions, etc., should be understood to be modified by the term "about" in all cases. In general, the expressed meaning is meant to include a variation of ±10% in some embodiments, a variation of ±5% in some embodiments, a variation of ±1% in some embodiments, a variation of ±1% in some embodiments, and a variation of ±1% in some embodiments ±0.5% variation in the example.

再者,“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的“一”或“一个”不排除存在多个这样的元件。Furthermore, "comprising" does not exclude the presence of elements or steps not listed in a claim. "a" or "an" preceding an element does not exclude the presence of a plurality of such elements.

以上所述的具体实施例,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施例而已,并不用于限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (10)

1. a kind of data security communication device, including:
Cipher key storage block, for storing extraneous input first key and the second key;
Mixing solution mixes module, for being believed at random the first initial data of the roads M of external world's input and the roads N-M according to the first key Number mixed processing is carried out, determines the roads N mixed signal, wherein N is positive integer more than 1, N >=M;
Encryption/decryption module, including N number of encryption/decryption element, each encryption/decryption element are used for according to the first key respectively to the N Road mixed signal is encrypted, and determines the roads N coded signal;And
Binding unbundlings module, for coded signal to carry out binding processing, the secrecy letter of the roads N first of determining binding to the roads N Number;And/or unbundlings processing is carried out to the second secret signal of the roads N of external world's input, determine and exports the roads the N unbundlings signal of alignment extremely Encryption/decryption module is decrypted, and encryption/decryption module is determining according to second key and exports the roads N and has decrypted signal to mixed Conjunction solution mixes module and carries out solving mixed processing, and the mixed module of mixing solution is determining according to second key and exports the second initial data of the roads L, L is the positive integer more than 1, L≤N.
2. the apparatus according to claim 1, wherein it includes random signal generator that mixing solution, which mixes module, it is described with Machine signal generator is used to generate the random signal that the roads N-M bit wide is A, wherein A is the digit of the first initial data.
3. the apparatus according to claim 1, wherein the mixing solution mixes module and further includes:Mixing solution mixes controller, described Mixing solution mixes controller and is used to, according to clock cycle and first key, control M the first initial data of road and the roads N-M random signal extremely The correspondence of N number of output end;And/or according to clock cycle and the second key, control N has decrypted on road signal to L second original The correspondence of beginning data output end.
4. the apparatus according to claim 1, wherein the encryption/decryption element is aes algorithm unit and/or DES algorithm lists Member.
5. the apparatus according to claim 1, wherein encryption/decryption module further includes:
Encryption and decryption controller, for ensuring that the same time enters mixed signal/unbundlings signal of encryption/decryption module by adding solution It is exported simultaneously after close resume module.
6. the apparatus according to claim 1, wherein the data security communication device and the second secret signal of the roads output N The communication of the second data security communication device, the first key of the data security communication device and second data confidentiality are logical The second key agreement of T unit.
7. the apparatus according to claim 1, wherein further include:Transmitting and receiving module, for emitting the first secrecy letter Number to the second data security communication device, and receive the second secret signal of the second data security communication device output.
8. a kind of data security communication method, including:
The first initial data of the roads M and the roads N-M random signal of external world's input are mixed according to the first key of external world's input Processing, determines the roads N mixed signal, wherein M is the positive integer more than 1, N >=M;
The roads N mixed signal is encrypted respectively according to the first key, determines the roads N coded signal;And
To the roads N, coded signal carries out binding processing, determines the first secret signal of the roads N of binding;And/or the external world is inputted The second secret signal of the roads N carry out unbundlings processing, determine and the roads N unbundlings signal to the encryption/decryption module for exporting alignment be decrypted Processing, encryption/decryption module is determining according to second key and exports the roads N and has decrypted signal to mixing solution and mixes module to carry out solution mixed Processing, mixing solution mix module according to second key determination and export the second initial data of the roads L, and L is the positive integer more than 1, L ≤N。
9. according to the method described in claim 8, wherein, the encryption/decryption process is by aes algorithm and/or DES algorithms It realizes.
10. according to the method described in claim 8, wherein, the binding processing is by before the roads the N frame head of coded signal Flag sequence is added to realize.
CN201810052878.8A 2018-01-19 2018-01-19 Data security communication device and method Pending CN108306868A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810052878.8A CN108306868A (en) 2018-01-19 2018-01-19 Data security communication device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810052878.8A CN108306868A (en) 2018-01-19 2018-01-19 Data security communication device and method

Publications (1)

Publication Number Publication Date
CN108306868A true CN108306868A (en) 2018-07-20

Family

ID=62865930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810052878.8A Pending CN108306868A (en) 2018-01-19 2018-01-19 Data security communication device and method

Country Status (1)

Country Link
CN (1) CN108306868A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103607402A (en) * 2013-11-26 2014-02-26 广州博冠信息科技有限公司 Online game data encryption and decryption method and equipment
CN105306161A (en) * 2015-09-29 2016-02-03 中国科学院半导体研究所 Information enciphering method and device based on multi-channel signal fragmentation transmission technology
GB2532039B (en) * 2014-11-06 2016-09-21 Ibm Secure database backup and recovery
CN106330920A (en) * 2016-08-26 2017-01-11 中国科学院半导体研究所 A secure communication method based on multi-channel signal fragmentation transmission technology
US20170222805A1 (en) * 2016-02-03 2017-08-03 Cocoon Data Holdings Pty Limited Escrow key fragmentation system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103607402A (en) * 2013-11-26 2014-02-26 广州博冠信息科技有限公司 Online game data encryption and decryption method and equipment
GB2532039B (en) * 2014-11-06 2016-09-21 Ibm Secure database backup and recovery
CN105306161A (en) * 2015-09-29 2016-02-03 中国科学院半导体研究所 Information enciphering method and device based on multi-channel signal fragmentation transmission technology
US20170222805A1 (en) * 2016-02-03 2017-08-03 Cocoon Data Holdings Pty Limited Escrow key fragmentation system
AU2017200695A1 (en) * 2016-02-03 2017-08-17 Cocoon Data Holdings Pty Limited Escrow key fragmentation system
CN106330920A (en) * 2016-08-26 2017-01-11 中国科学院半导体研究所 A secure communication method based on multi-channel signal fragmentation transmission technology

Similar Documents

Publication Publication Date Title
CN112906070B (en) Integrated circuit and IoT devices with block cipher side channel attack mitigation and related methods
CN209402526U (en) The key storage device of safety chip
JPH11289324A (en) Transmission / reception device and transmission / reception method
CN105790927B (en) A kind of bus graded encryption system
CN103826221A (en) Bluetooth based encryption communication method, and correlation systems and methods
CN101923654B (en) Ultrahigh frequency reader-writer suitable for remote security control by different users
CN103455446A (en) Device for carrying out a cryptographic method, and operating method for same
JPH0934356A (en) High-bandwidth cryptographic system with low-bandwidth cryptographic module
CN101593254A (en) A kind of notebook computer secured inputting method and system
CN107534558A (en) For the method and data highway system of the information security for protecting the data via data bus transmission
KR19980086603A (en) Method and apparatus for data encryption and decryption
US12182246B2 (en) Security chip-based security authentication method and system, security chip, and readable storage medium
CN102227106B (en) Method and system for intelligent secret key equipment to communicate with computer
CN110602107B (en) Zynq-based network cipher machine and network data encryption and decryption method
CN112765686A (en) Power consumption attack prevention framework and method for algorithm key in chip
JP2000517497A (en) Apparatus and method for processing digital data stream with arbitrary number of data
CN101515853A (en) Information terminal and information safety device thereof
CN103427978A (en) Wireless Chinese character transmitting device based on chaotic encryption system
CN111263360B (en) Wireless encryption device and method using public key to protect variable mechanical authentication password
CN210183353U (en) A data security transmission system based on data splitting
CN101882991B (en) Communication Data Stream Encryption Method Based on Block Cipher Algorithm
CN108306868A (en) Data security communication device and method
KR100933312B1 (en) Aria encryption method capable of data encryption and authentication, and a system for performing the same
CN108134800A (en) Secure communication device and method
CN101882994B (en) Triple authentication method based on block cipher

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180720

WD01 Invention patent application deemed withdrawn after publication