CN113726741B - Acceleration card data downloading method and related device - Google Patents
Acceleration card data downloading method and related device Download PDFInfo
- Publication number
- CN113726741B CN113726741B CN202110856493.9A CN202110856493A CN113726741B CN 113726741 B CN113726741 B CN 113726741B CN 202110856493 A CN202110856493 A CN 202110856493A CN 113726741 B CN113726741 B CN 113726741B
- Authority
- CN
- China
- Prior art keywords
- identification code
- information
- data
- fpga
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000001133 acceleration Effects 0.000 title claims abstract description 75
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 53
- 230000005540 biological transmission Effects 0.000 claims abstract description 30
- 238000004590 computer program Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 claims description 4
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 6
- 238000012795 verification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000013136 deep learning model Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000004719 natural immunity Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an acceleration card data downloading method, which comprises the following steps: the CPLD receives encryption information from the data transmission device; decrypting the encrypted information based on a local decryption algorithm to obtain a unique identification code; judging whether the unique identification code is the same as the identification code in the memory of the accelerator card; if yes, establishing hardware physical connection between the acceleration card and the data sending device, so that the data sending device sends data to the acceleration card through the hardware physical connection, thereby improving the safety of programs in the FPGA and avoiding leakage of the programs in the FPGA. The application also discloses an acceleration card data downloading device, a server and a computer readable storage medium, which have the beneficial effects.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an acceleration card data downloading method, an acceleration card data downloading device, a server, and a computer readable storage medium.
Background
With the continuous development of information technology, in the application scenario of reasoning acceleration computing in a data center, a considerable amount of deep learning acceleration computing units use an FPGA (Field Programmable Gate Array ) to perform hardware acceleration, and compared with a GPU (graphics processing unit, graphics processor), power consumption is lower, and more importantly, because the FPGA is similar to a computing acceleration mode of hardware, the result of the computing acceleration is not easily and illegally affected and controlled by illegal software through a direct memory tampering mode. The FPGA is realized through internal hardware connection, and has a certain natural immunity to software modification.
In the related art, the FPGA has a risk of being controlled by malicious software, for example, the malicious software can read out the program of the FPGA through the JTAG (Joint Test Action Group, physical embedded loading interface) interface or the selection map interface of the FPGA, so as to cause the disclosure of the FPGA deep learning model; or a new malicious FPGA program can be written through the interface, so that the acceleration calculation module is hijacked maliciously, and the safety of the program in the FPGA is reduced.
Therefore, how to improve the security of the program in the FPGA, avoiding the problem of leakage is a major problem of concern to those skilled in the art.
Disclosure of Invention
The purpose of the application is to provide an acceleration card data downloading method, an acceleration card data downloading device, a server and a computer readable storage medium, so as to improve the safety of programs in an FPGA and avoid leakage of the programs in the FPGA.
In order to solve the above technical problems, the present application provides an acceleration card data downloading method, including:
the CPLD receives encryption information from the data transmission device;
decrypting the encrypted information based on a local decryption algorithm to obtain a unique identification code;
judging whether the unique identification code is the same as the identification code in the memory of the accelerator card;
if yes, establishing hardware physical connection between the accelerator card and the data transmitting device so that the data transmitting device transmits data to the accelerator card through the hardware physical connection.
Optionally, the method further comprises:
and when the data transmission is finished, cutting off the physical connection of the hardware.
Optionally, decrypting the encrypted information based on a local decryption algorithm to obtain a unique identification code, including:
and decrypting the encrypted ID information and the encrypted version number information in the encrypted information based on the local decryption algorithm to obtain the unique identification code.
Optionally, determining whether the unique identification code is the same as an identification code in a memory of the accelerator card includes:
the CPLD reads the identification code from the memory of the accelerator card;
and judging whether the unique identification code is the same as the identification code.
Optionally, the accelerator card is an accelerator device connected to the data transmission device through a CPLD.
Optionally, the method further comprises:
and writing the identification code into a memory of the accelerator card through a JTAG interface.
Optionally, establishing a hardware physical connection between the accelerator card and the data sending device includes:
the CPLD sets the state of the selectmap interface to be an on state; wherein the selectmap interface is arranged between the accelerator card and the data transmitting device.
The application also provides an acceleration card data downloading device, which comprises:
an encryption information transmitting module for receiving encryption information from the data transmitting apparatus;
the encryption information decryption module is used for decrypting the encryption information based on a local decryption algorithm to obtain a unique identification code;
the identification code judging module is used for judging whether the unique identification code is the same as the identification code in the memory of the accelerator card;
and the data transmission module is used for establishing hardware physical connection between the accelerator card and the data transmission device when the unique identification code is the same as the identification code, so that the data transmission device transmits data to the accelerator card through the hardware physical connection.
The application also provides a server comprising:
a memory for storing a computer program;
and a processor for implementing the steps of the acceleration card data downloading method as described above when executing the computer program.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the acceleration card data downloading method as described above.
The method for downloading the data of the acceleration card comprises the following steps: the CPLD receives encryption information from the data transmission device; decrypting the encrypted information based on a local decryption algorithm to obtain a unique identification code; judging whether the unique identification code is the same as the identification code in the memory of the accelerator card; if yes, establishing hardware physical connection between the accelerator card and the data transmitting device so that the data transmitting device transmits data to the accelerator card through the hardware physical connection.
The CPLD decrypts the received encrypted information to obtain a unique identification code, then judges whether the unique identification code is the same as the locally stored identification code, and finally establishes hardware physical connection under the same condition so as to carry out data transmission, thereby avoiding malicious programs from being transmitted to the acceleration card through the hardware physical connection under the unauthorized condition, improving the security of data in the acceleration card and avoiding data loss.
The application further provides an acceleration card data downloading device, a server and a computer readable storage medium, which have the above beneficial effects and are not described herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flowchart of an acceleration card data downloading method according to an embodiment of the present application;
fig. 2 is a schematic hardware structure diagram of an acceleration card data downloading method according to an embodiment of the present application;
fig. 3 is a schematic diagram of a single device structure of an acceleration card data downloading method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an acceleration card data downloading device according to an embodiment of the present application.
Detailed Description
The core of the application is to provide an acceleration card data downloading method, an acceleration card data downloading device, a server and a computer readable storage medium, so as to improve the safety of programs in the FPGA and avoid leakage of the programs in the FPGA.
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
In the related art, the risk that the FPGA is controlled by malicious software exists, for example, the malicious software can read out the program of the FPGA through a JTAG interface or a selection map interface of the FPGA, so that the secret leakage of an FPGA deep learning model is caused; or a new malicious FPGA program can be written through the interface, so that the acceleration calculation module is hijacked maliciously, and the safety of the program in the FPGA is reduced.
Therefore, the application provides an acceleration card data downloading method, which comprises the steps of decrypting received encrypted information through a CPLD to obtain a unique identification code, judging whether the unique identification code is the same with a locally stored identification code, and finally establishing hardware physical connection under the same condition so as to perform data transmission, so that malicious programs are prevented from being transmitted to an acceleration card through the hardware physical connection under the unauthorized condition, the security of data in the acceleration card is improved, and data loss is avoided.
An acceleration card data downloading method provided by the present application is described below by way of an embodiment.
Referring to fig. 1, fig. 1 is a flowchart of an acceleration card data downloading method according to an embodiment of the present application.
In this embodiment, the method may include:
s101, the CPLD receives encryption information from a data transmission device;
this step is intended for the CPLD to receive the encrypted information from the data transmission device. Wherein the encryption information is encryption information for performing security verification before the acceleration card receives data.
In this embodiment, the CPLD verifies the encrypted information, rather than the accelerator card itself, so that the verification process is decoupled, thereby improving the security of the accelerator card.
The encryption information is obtained by locally encrypting the unique identification code by the data transmission device, and only the encryption information is transmitted to the CPLD and can be decrypted, so that the purpose that the accelerator card is not connected by other devices is maintained.
The encryption algorithm may be a hybrid encryption algorithm, or any encryption algorithm provided in the prior art may be used, which is not specifically limited herein.
S102, decrypting the encrypted information based on a local decryption algorithm to obtain a unique identification code;
on the basis of S101, this step aims to decrypt the encrypted information based on a local decryption algorithm, and obtain a unique identification code.
The local decryption algorithm is an algorithm corresponding to the encryption algorithm, the decryption algorithm is a hardware algorithm solidified on the CPLD, and the decryption algorithm is invisible to the outside, so that the security of the decryption process is improved.
Further, the step may include:
and decrypting the encrypted ID information and the encrypted version number information in the encrypted information based on a local decryption algorithm to obtain a unique identification code.
It can be seen that this alternative is mainly illustrative of how decryption may be performed. In this alternative, the unique identification code may be obtained by decrypting the encrypted ID information and the encrypted version number information based on a decryption algorithm. Therefore, the security of the encrypted information is improved and the data is prevented from being leaked by means of mixed decryption.
S103, judging whether the unique identification code is the same as the identification code in the memory of the accelerator card;
on the basis of S102, this step aims at judging whether the unique identification code is identical to the identification code in the memory of the accelerator card.
The identification code in the memory of the acceleration card is the identification code pre-stored in the acceleration card, the identification code is the unique identification code, and only the management party or the using party of the acceleration card can acquire the identification code.
The accelerating card is accelerating equipment connected with the data transmitting device through the CPLD.
Therefore, in this embodiment, the external device, for example, the CPU, is connected to the accelerator card through the CPLD, instead of directly connecting the accelerator card to the external device, so that the security of the accelerator card is improved.
Further, the step may include:
step 1, a CPLD reads an identification code from a memory of an accelerator card;
and 2, judging whether the unique identification code is identical to the identification code.
It can be seen that the present alternative mainly describes how to make the judgment. In this alternative, the CPLD reads the identification code from the memory of the accelerator card, and determines whether the unique identification code is identical to the identification code.
And S104, if yes, establishing hardware physical connection between the accelerator card and the data transmitting device so that the data transmitting device transmits data to the accelerator card through the hardware physical connection.
On the basis of S103, when the unique identification code is identical to the identification code, a hardware physical connection is established between the accelerator card and the data transmission device so that the data transmission device transmits data to the accelerator card through the hardware physical connection.
It can be seen that corresponding data transmission paths can be established under the condition that the identification codes are the same so as to realize data transmission. And because of the physical connection, when the CPLD enabling is not set to be in an on state, data transmission cannot be performed, and malicious invasion is avoided.
Further, the step may include:
the CPLD sets the state of the selectmap interface to be an on state; wherein the selectmap interface is arranged between the accelerator card and the data transmitting device.
It can be seen that this alternative mainly describes how to establish a hardware physical connection. In the alternative scheme, the CPLD sets the state of the selectmap interface to be an on state; wherein the selectmap interface is arranged between the accelerator card and the data transmitting device.
In addition, the present embodiment may further include:
the identification code is written into the memory of the accelerator card via the JTAG interface.
It can be seen that in this alternative, the identification code can also be written into the memory of the accelerator card via the JTAG interface. The JTAG interface is a physical embedded loading interface. The JTAG interface is hidden in a plurality of products, is not easy to be directly controlled, has little hijacking risk, and improves the safety.
In addition, the present embodiment may further include:
when the data transmission is finished, the hardware physical connection is cut off.
It can be seen that in this alternative, in order to improve the security of the accelerator card, the hardware physical connection is cut off when the data transmission is finished. The hardware physical connection is prevented from being in a normally open state, namely the risk of data leakage is avoided, and the safety of the data is improved.
In summary, the embodiment decrypts the received encrypted information through the CPLD to obtain the unique identification code, then judges whether the unique identification code is the same as the locally stored identification code, and finally establishes the hardware physical connection under the same condition so as to perform data transmission, thereby avoiding malicious programs from being transmitted to the accelerator card through the hardware physical connection under the unauthorized condition, improving the security of data in the accelerator card and avoiding data loss.
The following describes a method for downloading data of an acceleration card according to a specific embodiment.
Referring to fig. 2, fig. 2 is a schematic hardware structure diagram of an acceleration card data downloading method according to an embodiment of the present application.
Referring to fig. 3, fig. 3 is a schematic diagram of a single device structure of an acceleration card data downloading method according to an embodiment of the present application.
In this embodiment, in order to avoid the right runaway of the data acceleration unit caused by the network malicious attack, the protection of other acceleration units from illegal attack after a certain acceleration unit is broken is reduced. In the embodiment, the unique ID information of the FPGA is utilized, the ID information and the version number used for upgrading are mixed and encrypted during remote upgrading, and hardware decryption of software isolation is carried out on the accelerator card to control the selectmap authority, so that the computing model of the FPGA is protected from illegal tampering and copying.
In fig. 2, the legal remote update part stores the ID information of the data center FPGA and the version information V of the current software upgrade, and generates New id_new information and version information v_new through an encryption algorithm.
In fig. 3, the encrypted information and the new bit stream are sent to the CPU of the data center, and sent to the CPLD by the data center, the original ID information is resolved by the decryption algorithm designed in the CPLD, and compared with the ID information stored in the memory, if the verification is correct, the control enabling of the selectmap interface is opened, that is, the authority of the FPGA interface is opened to the CPU. If the verification fails, the permission is not opened, and because the encryption algorithm is on a computer which is updated remotely and the decryption algorithm is realized by a hardware unit of the CPLD, the whole process is invisible to a CPU and an operating system of the data center, so that when the data center is attacked by a malicious network, an accident of accelerating the malicious tampering of the FPGA unit is avoided.
Further, in this embodiment, the method may include:
step 1, writing the ID information of the FPGA into a memory on an acceleration card through a CPLD by utilizing JTAG;
step 2, updating the CPLD program by utilizing JTAG, closing the write enable of the memory so as to inhibit updating the ID information of the FPGA, wherein the version contains the final decryption and management functions of the selected map interface;
step 3, when the program of the FPGA acceleration unit needs to be updated, the remote computer is connected to a CPU and an operating system of the data center through a network;
step 4, the remote computer stores the FPGA program to be updated, the ID information corresponding to the FPGA and the version information of the program, the encrypted FPGA ID information and the encrypted program version information are obtained through an encryption algorithm, and three files are sent to a CPU and an operating system of a data center;
step 5, the CPU of the data center does not have a decryption algorithm or do decryption, and directly sends the encrypted FPGA ID information and the program version information to the CPLD on the accelerator card;
step 6, the CPLD on the data acceleration card analyzes the unique ID identification code of the FPGA through a hardware decryption algorithm, and if the unique ID identification code is consistent with the ID value in the memory, the hardware physical connection of the selection map is opened, and the CPU of the data center obtains the use right of the selection map;
and 7, after the CPU of the data center updates the FPGA program, the CPLD can know that the updating is completed through the counter, and then the use authority of the selected map interface can be automatically closed.
If an illegal link attempts to directly control the selectmap interface, although the corresponding control address can be found by an address addressing mode, the use authority of the selectmap cannot be obtained because of the hardware encryption and decryption function of the CPLD, and illegal copying and tampering cannot be performed.
It can be seen that, in this embodiment, the CPLD decrypts the received encrypted information to obtain the unique identification code, then determines whether the unique identification code is the same as the locally stored identification code, and finally establishes the hardware physical connection under the same condition, so as to perform data transmission, thereby avoiding that the malicious program is transmitted to the accelerator card through the hardware physical connection under the unauthorized condition, improving the security of the data in the accelerator card, and avoiding data loss.
The following describes an accelerator card data downloading device provided in the embodiments of the present application, where the accelerator card data downloading device described below and the accelerator card data downloading method described above may be referred to correspondingly.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an acceleration card data downloading device according to an embodiment of the present application.
In this embodiment, the apparatus may include:
an encryption information transmitting module 100 for receiving encryption information from the data transmitting apparatus;
the encryption information decryption module 200 is configured to decrypt the encryption information based on a local decryption algorithm to obtain a unique identification code;
the identification code judging module 300 is used for judging whether the unique identification code is the same as the identification code in the memory of the FPGA;
and the data transmission module 400 is used for establishing hardware physical connection between the FPGA and the data transmission device when the unique identification code is the same as the identification code, so that the data transmission device transmits the FPGA program to the FPGA through the hardware physical connection.
The embodiment of the application also provides a server, which comprises:
a memory for storing a computer program;
and a processor for implementing the steps of the acceleration card data downloading method as described in the above embodiments when executing the computer program.
The present application also provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, implements the steps of the acceleration card data downloading method described in the above embodiments.
In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The foregoing describes in detail an acceleration card data downloading method, an acceleration card data downloading device, a server and a computer readable storage medium. Specific examples are set forth herein to illustrate the principles and embodiments of the present application, and the description of the examples above is only intended to assist in understanding the methods of the present application and their core ideas. It should be noted that it would be obvious to those skilled in the art that various improvements and modifications can be made to the present application without departing from the principles of the present application, and such improvements and modifications fall within the scope of the claims of the present application.
Claims (8)
1. An acceleration card data downloading method, comprising:
the CPLD receives encryption information from the data transmission device; the encryption information is obtained by encrypting by adopting a hybrid encryption algorithm;
decrypting the encrypted information based on a local decryption algorithm to obtain a unique identification code; the local decryption algorithm is an algorithm corresponding to the encryption algorithm, and the decryption algorithm is a hardware algorithm solidified on the CPLD;
judging whether the unique identification code is the same as the identification code in the memory of the accelerator card;
if yes, establishing hardware physical connection between the accelerator card and the data transmitting device so that the data transmitting device transmits data to the accelerator card through the hardware physical connection;
wherein, establish the hardware physical connection between said accelerator card and said data transmitting device, including: the CPLD sets the state of the selectmap interface to be an on state; the selection map interface is arranged between the acceleration card and the data transmitting device;
if the unique identification code is different from the identification code in the memory of the accelerator card, the use authority of the selectmap interface is not opened;
the decryption algorithm based on the local decrypts the encrypted information to obtain the unique identification code, and the method comprises the following steps: decrypting the encrypted ID information and the encrypted version number information in the encrypted information based on the local decryption algorithm to obtain the unique identification code;
wherein the method comprises the following steps:
step 1, writing the ID information of the FPGA into a memory on an acceleration card through a CPLD by utilizing JTAG; step 2, updating the CPLD program by utilizing JTAG, closing the write enable of the memory so as to inhibit updating the ID information of the FPGA, wherein the version contains the final decryption and management functions of the selected map interface; step 3, when the program of the FPGA acceleration unit needs to be updated, the remote computer is connected to a CPU and an operating system of the data center through a network; step 4, the remote computer stores the FPGA program to be updated, the ID information corresponding to the FPGA and the version information of the program, the encrypted FPGA ID information and the encrypted program version information are obtained through an encryption algorithm, and three files are sent to a CPU and an operating system of a data center; step 5, the CPU of the data center does not have a decryption algorithm, does not decrypt, and directly transmits the encrypted FPGA ID information and the program version information to the CPLD on the accelerator card; step 6, the CPLD on the data acceleration card analyzes the unique ID identification code of the FPGA through a hardware decryption algorithm, and if the unique ID identification code is consistent with the ID value in the memory, the hardware physical connection of the selection map is opened, and the CPU of the data center obtains the use right of the selection map; and 7, after the CPU of the data center updates the FPGA program, the CPLD can know that the updating is completed through the counter, and then the use authority of the selected map interface can be automatically closed.
2. The acceleration card data downloading method of claim 1, further comprising:
and when the data transmission is finished, cutting off the physical connection of the hardware.
3. The acceleration card data downloading method of claim 1, wherein determining whether the unique identification code is the same as an identification code in a memory of the acceleration card, comprises:
the CPLD reads the identification code from the memory of the accelerator card;
and judging whether the unique identification code is the same as the identification code.
4. The acceleration card data downloading method of claim 1, wherein the acceleration card is an acceleration device connected to the data transmitting apparatus through a CPLD.
5. The acceleration card data downloading method of claim 1, further comprising:
and writing the identification code into a memory of the accelerator card through a JTAG interface.
6. An acceleration card data downloading apparatus, comprising:
an encryption information transmitting module for receiving encryption information from the data transmitting apparatus; the encryption information is obtained by encrypting by adopting a hybrid encryption algorithm;
the encryption information decryption module is used for decrypting the encryption information based on a local decryption algorithm to obtain a unique identification code; the local decryption algorithm is an algorithm corresponding to the encryption algorithm, and the decryption algorithm is a hardware algorithm solidified on the CPLD;
the identification code judging module is used for judging whether the unique identification code is the same as the identification code in the memory of the accelerator card;
the data transmission module is used for establishing hardware physical connection between the acceleration card and the data transmission device when the unique identification code is the same as the identification code, so that the data transmission device transmits data to the acceleration card through the hardware physical connection; wherein, establish the hardware physical connection between said accelerator card and said data transmitting device, including: the CPLD sets the state of the selectmap interface to be an on state; the selection map interface is arranged between the acceleration card and the data transmitting device;
if the unique identification code is different from the identification code in the memory of the accelerator card, the use authority of the selectmap interface is not opened;
the decryption algorithm based on the local decrypts the encrypted information to obtain the unique identification code, and the method comprises the following steps:
decrypting the encrypted ID information and the encrypted version number information in the encrypted information based on the local decryption algorithm to obtain the unique identification code;
wherein, the device is specifically used for: step 1, writing the ID information of the FPGA into a memory on an acceleration card through a CPLD by utilizing JTAG; step 2, updating the CPLD program by utilizing JTAG, closing the write enable of the memory so as to inhibit updating the ID information of the FPGA, wherein the version contains the final decryption and management functions of the selected map interface; step 3, when the program of the FPGA acceleration unit needs to be updated, the remote computer is connected to a CPU and an operating system of the data center through a network; step 4, the remote computer stores the FPGA program to be updated, the ID information corresponding to the FPGA and the version information of the program, the encrypted FPGA ID information and the encrypted program version information are obtained through an encryption algorithm, and three files are sent to a CPU and an operating system of a data center; step 5, the CPU of the data center does not have a decryption algorithm, does not decrypt, and directly transmits the encrypted FPGA ID information and the program version information to the CPLD on the accelerator card; step 6, the CPLD on the data acceleration card analyzes the unique ID identification code of the FPGA through a hardware decryption algorithm, and if the unique ID identification code is consistent with the ID value in the memory, the hardware physical connection of the selection map is opened, and the CPU of the data center obtains the use right of the selection map; and 7, after the CPU of the data center updates the FPGA program, the CPLD can know that the updating is completed through the counter, and then the use authority of the selected map interface can be automatically closed.
7. A server, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the acceleration card data downloading method of any one of claims 1 to 5 when executing said computer program.
8. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the acceleration card data downloading method of any of the claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110856493.9A CN113726741B (en) | 2021-07-28 | 2021-07-28 | Acceleration card data downloading method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110856493.9A CN113726741B (en) | 2021-07-28 | 2021-07-28 | Acceleration card data downloading method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113726741A CN113726741A (en) | 2021-11-30 |
| CN113726741B true CN113726741B (en) | 2024-01-19 |
Family
ID=78674095
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110856493.9A Active CN113726741B (en) | 2021-07-28 | 2021-07-28 | Acceleration card data downloading method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113726741B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007041654A2 (en) * | 2005-10-03 | 2007-04-12 | Divitas Networks, Inc. | Classification for media stream packets in a media gateway |
| CN102999350A (en) * | 2012-10-24 | 2013-03-27 | 绵阳市维博电子有限责任公司 | FPGA (field-programmable gate array) program upgrading and online downloading method in digital signal processing platform |
| CN104166566A (en) * | 2014-08-12 | 2014-11-26 | 福建星网锐捷网络有限公司 | FPGA configuration file upgrading method and system |
| CN107608700A (en) * | 2017-10-16 | 2018-01-19 | 浪潮(北京)电子信息产业有限公司 | A kind of update method, device and the medium of FPGA firmwares |
| CN108776648A (en) * | 2018-05-28 | 2018-11-09 | 郑州云海信息技术有限公司 | Data transmission method, system and FPGA isomeries accelerator card and storage medium |
| CN109039591A (en) * | 2017-06-08 | 2018-12-18 | 佛山芯珠微电子有限公司 | The implementation method of internet of things information encryption system based on FPGA |
| CN109214221A (en) * | 2018-08-23 | 2019-01-15 | 武汉普利商用机器有限公司 | A kind of identity card reader verification method, host computer and identity card reader |
| CN109240966A (en) * | 2018-08-20 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of accelerator card based on CPLD, collecting method and device |
| CN109542484A (en) * | 2018-11-20 | 2019-03-29 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of online updating FPGA configuration chip |
| CN109902452A (en) * | 2018-11-01 | 2019-06-18 | 北京旷视科技有限公司 | FPGA authority checking method, apparatus and processing equipment |
| EP3506312A1 (en) * | 2017-12-28 | 2019-07-03 | Ethicon LLC | Interactive surgical systems with encrypted communication capabilities |
| WO2019140218A1 (en) * | 2018-01-12 | 2019-07-18 | Stc.Unm | An autonomous, self-authenticating and self-contained secure boot-up system and methods |
| CN110209490A (en) * | 2018-04-27 | 2019-09-06 | 腾讯科技(深圳)有限公司 | A kind of EMS memory management process and relevant device |
| CN112100691A (en) * | 2020-09-11 | 2020-12-18 | 浪潮(北京)电子信息产业有限公司 | Protection method and protection system of hardware debugging interface and programmable controller |
| CN112383612A (en) * | 2020-11-11 | 2021-02-19 | 成都卫士通信息产业股份有限公司 | File transmission method, device, equipment and readable storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111435394B (en) * | 2019-01-15 | 2021-05-14 | 创新先进技术有限公司 | Safety calculation method and device based on FPGA hardware |
-
2021
- 2021-07-28 CN CN202110856493.9A patent/CN113726741B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007041654A2 (en) * | 2005-10-03 | 2007-04-12 | Divitas Networks, Inc. | Classification for media stream packets in a media gateway |
| CN102999350A (en) * | 2012-10-24 | 2013-03-27 | 绵阳市维博电子有限责任公司 | FPGA (field-programmable gate array) program upgrading and online downloading method in digital signal processing platform |
| CN104166566A (en) * | 2014-08-12 | 2014-11-26 | 福建星网锐捷网络有限公司 | FPGA configuration file upgrading method and system |
| CN109039591A (en) * | 2017-06-08 | 2018-12-18 | 佛山芯珠微电子有限公司 | The implementation method of internet of things information encryption system based on FPGA |
| CN107608700A (en) * | 2017-10-16 | 2018-01-19 | 浪潮(北京)电子信息产业有限公司 | A kind of update method, device and the medium of FPGA firmwares |
| EP3506312A1 (en) * | 2017-12-28 | 2019-07-03 | Ethicon LLC | Interactive surgical systems with encrypted communication capabilities |
| WO2019140218A1 (en) * | 2018-01-12 | 2019-07-18 | Stc.Unm | An autonomous, self-authenticating and self-contained secure boot-up system and methods |
| CN110209490A (en) * | 2018-04-27 | 2019-09-06 | 腾讯科技(深圳)有限公司 | A kind of EMS memory management process and relevant device |
| CN108776648A (en) * | 2018-05-28 | 2018-11-09 | 郑州云海信息技术有限公司 | Data transmission method, system and FPGA isomeries accelerator card and storage medium |
| CN109240966A (en) * | 2018-08-20 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of accelerator card based on CPLD, collecting method and device |
| CN109214221A (en) * | 2018-08-23 | 2019-01-15 | 武汉普利商用机器有限公司 | A kind of identity card reader verification method, host computer and identity card reader |
| CN109902452A (en) * | 2018-11-01 | 2019-06-18 | 北京旷视科技有限公司 | FPGA authority checking method, apparatus and processing equipment |
| CN109542484A (en) * | 2018-11-20 | 2019-03-29 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of online updating FPGA configuration chip |
| CN112100691A (en) * | 2020-09-11 | 2020-12-18 | 浪潮(北京)电子信息产业有限公司 | Protection method and protection system of hardware debugging interface and programmable controller |
| CN112383612A (en) * | 2020-11-11 | 2021-02-19 | 成都卫士通信息产业股份有限公司 | File transmission method, device, equipment and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于云端加密的FPGA自适应动态配置方法;陈利锋;朱路平;;计算机科学(第07期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113726741A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100563151C (en) | A kind of digital certificate updating method and system | |
| EP1542112A1 (en) | Open type general-purpose attack-resistant cpu, and application system thereof | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| CN114834393B (en) | Vehicle control system | |
| JP2007027896A (en) | Communication card, secret information processing system, secret information transmission method, and program | |
| CN111143856A (en) | PLC remote firmware upgrading system and method | |
| CN112598827B (en) | Intelligent lock authentication method, security chip, intelligent lock and management system thereof | |
| CN107430658A (en) | Fail-safe software certification and checking | |
| CN109088848A (en) | A kind of intelligent network connection automobile information method for security protection | |
| CN115314253B (en) | Data processing method, device, system, equipment and working machine | |
| CN113014444A (en) | Internet of things equipment production test system and safety protection method | |
| WO2019116922A1 (en) | Onboard updating device, program, and method for updating program or data | |
| GB2432436A (en) | Programmable logic controller peripheral device | |
| CN105975867A (en) | Data processing method | |
| CN103051963B (en) | A kind of method of controlling security of digital-television terminal equipment | |
| CN115527292B (en) | Mobile phone terminal remote vehicle unlocking method of security chip and security chip device | |
| CN113726741B (en) | Acceleration card data downloading method and related device | |
| EP3486832B1 (en) | Semiconductor device, authentication system, and authentication method | |
| CN109802929A (en) | Client-side program upgrade method and computer readable storage medium based on dual system | |
| CN107483523A (en) | Legal the firmware debugging system and its method of information safety devices | |
| JP4321303B2 (en) | Program distribution system and in-vehicle gateway device | |
| CN115600190A (en) | Data trusted execution method and device based on central computing platform | |
| CN112165396A (en) | Method for updating safety firmware | |
| CN113297563A (en) | Method and device for accessing privileged resources of system on chip and system on chip | |
| KR102145529B1 (en) | Payment method using mobile application and device for the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |