+

CN113726741B - Acceleration card data downloading method and related device - Google Patents

Acceleration card data downloading method and related device Download PDF

Info

Publication number
CN113726741B
CN113726741B CN202110856493.9A CN202110856493A CN113726741B CN 113726741 B CN113726741 B CN 113726741B CN 202110856493 A CN202110856493 A CN 202110856493A CN 113726741 B CN113726741 B CN 113726741B
Authority
CN
China
Prior art keywords
accelerator card
identification code
data
information
fpga
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110856493.9A
Other languages
Chinese (zh)
Other versions
CN113726741A (en
Inventor
蒋东东
董刚
赵雅倩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IEIT Systems Co Ltd
Original Assignee
Inspur Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Electronic Information Industry Co Ltd filed Critical Inspur Electronic Information Industry Co Ltd
Priority to CN202110856493.9A priority Critical patent/CN113726741B/en
Publication of CN113726741A publication Critical patent/CN113726741A/en
Application granted granted Critical
Publication of CN113726741B publication Critical patent/CN113726741B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本申请公开了一种加速卡数据下载方法,包括:CPLD从数据发送装置接收加密信息;基于本地的解密算法对所述加密信息进行解密,得到唯一识别码;判断所述唯一识别码与加速卡的存储器中的识别码是否相同;若是,则在所述加速卡与所述数据发送装置之间建立硬件物理连接,以便所述数据发送装置通过所述硬件物理连接将数据发送至所述加速卡,以提高FPGA中的程序的安全性,避免FPGA中程序的泄漏。本申请还公开了一种加速卡数据下载装置,服务器以及计算机可读存储介质,具有以上有益效果。

This application discloses a method for downloading accelerator card data, which includes: CPLD receives encrypted information from a data sending device; decrypts the encrypted information based on a local decryption algorithm to obtain a unique identification code; determines whether the unique identification code is consistent with the accelerator card Whether the identification codes in the memory are the same; if so, establish a hardware physical connection between the accelerator card and the data sending device, so that the data sending device sends data to the accelerator card through the hardware physical connection , to improve the security of the program in the FPGA and avoid the leakage of the program in the FPGA. This application also discloses an accelerator card data downloading device, a server and a computer-readable storage medium, which have the above beneficial effects.

Description

一种加速卡数据下载方法及相关装置An accelerator card data downloading method and related devices

技术领域Technical field

本申请涉及计算机技术领域,特别涉及一种加速卡数据下载方法、加速卡数据下载装置,服务器以及计算机可读存储介质。The present application relates to the field of computer technology, and in particular to an accelerator card data downloading method, an accelerator card data downloading device, a server and a computer-readable storage medium.

背景技术Background technique

随着信息的技术不断发展,在数据中心的推理加速计算应用场景中,有相当多的深度学习加速计算单元使用FPGA(Field Programmable Gate Array,现场可编程逻辑门阵列)进行硬件加速,相比于GPU(graphics processing unit,图形处理器),功耗更低,更重要的是,因为FPGA类似于硬件的计算加速方式,更不容易被非法软件通过直接篡改内存的方式来非法影响和控制计算加速的结果。FPGA通过内部的硬件连接实现,对软件修改具有一定天生的免疫性。With the continuous development of information technology, in inference accelerated computing application scenarios in data centers, a considerable number of deep learning accelerated computing units use FPGA (Field Programmable Gate Array, Field Programmable Gate Array) for hardware acceleration. Compared with GPU (graphics processing unit, graphics processor) has lower power consumption. More importantly, because FPGA is similar to the computing acceleration method of hardware, it is less likely for illegal software to illegally affect and control computing acceleration by directly tampering with the memory. the result of. FPGA is implemented through internal hardware connections and has a certain degree of inherent immunity to software modifications.

相关技术中,FPGA存在被恶意软件控制的风险,比如恶意软件可以通过FPGA的JTAG(Joint Test Action Group,物理嵌入式加载接口)接口或者selectMap接口读出FPGA的程序,造成FPGA深度学习模型的泄密;或者可以通过上述接口,写入新的恶意FPGA程序,造成加速计算模块被恶意劫持,降低FPGA中程序的安全性。In related technologies, FPGA is at risk of being controlled by malware. For example, malware can read the FPGA program through the FPGA's JTAG (Joint Test Action Group, physical embedded loading interface) interface or selectMap interface, causing the FPGA deep learning model to be leaked. ; Or you can write a new malicious FPGA program through the above interface, causing the accelerated computing module to be maliciously hijacked and reducing the security of the program in the FPGA.

因此,如何提高FPGA中程序的安全性,避免出现出被泄露的问题是本领域技术人员关注的重点问题。Therefore, how to improve the security of programs in FPGA and avoid leakage is a key issue for those skilled in the art.

发明内容Contents of the invention

本申请的目的是提供一种加速卡数据下载方法、加速卡数据下载装置,服务器以及计算机可读存储介质,以提高FPGA中的程序的安全性,避免FPGA中程序的泄漏。The purpose of this application is to provide an accelerator card data download method, accelerator card data download device, server and computer-readable storage medium, so as to improve the security of the program in the FPGA and avoid the leakage of the program in the FPGA.

为解决上述技术问题,本申请提供一种加速卡数据下载方法,包括:In order to solve the above technical problems, this application provides a method for downloading accelerator card data, including:

CPLD从数据发送装置接收加密信息;CPLD receives encrypted information from the data sending device;

基于本地的解密算法对所述加密信息进行解密,得到唯一识别码;Decrypt the encrypted information based on a local decryption algorithm to obtain a unique identification code;

判断所述唯一识别码与加速卡的存储器中的识别码是否相同;Determine whether the unique identification code is the same as the identification code in the memory of the accelerator card;

若是,则在所述加速卡与所述数据发送装置之间建立硬件物理连接,以便所述数据发送装置通过所述硬件物理连接将数据发送至所述加速卡。If so, a hardware physical connection is established between the accelerator card and the data sending device, so that the data sending device sends data to the accelerator card through the hardware physical connection.

可选的,还包括:Optional, also includes:

当所述数据发送结束时,切断所述硬件物理连接。When the data transmission ends, the hardware physical connection is cut off.

可选的,基于本地的解密算法对所述加密信息进行解密,得到唯一识别码,包括:Optionally, decrypt the encrypted information based on a local decryption algorithm to obtain a unique identification code, including:

基于所述本地的解密算法对所述加密信息中的加密ID信息和加密版本号信息进行解密,得到所述唯一识别码。The encrypted ID information and encrypted version number information in the encrypted information are decrypted based on the local decryption algorithm to obtain the unique identification code.

可选的,判断所述唯一识别码与加速卡的存储器中的识别码是否相同,包括:Optionally, determining whether the unique identification code is the same as the identification code in the memory of the accelerator card includes:

所述CPLD从所述加速卡的存储器中读取所述识别码;The CPLD reads the identification code from the memory of the accelerator card;

判断所述唯一识别码与所述识别码是否相同。Determine whether the unique identification code is the same as the identification code.

可选的,所述加速卡为通过CPLD与所述数据发送装置连接的加速设备。Optionally, the accelerator card is an accelerator device connected to the data sending device through a CPLD.

可选的,还包括:Optional, also includes:

通过JTAG接口将所述识别码写入所述加速卡的存储器中。The identification code is written into the memory of the accelerator card through the JTAG interface.

可选的,在所述加速卡与所述数据发送装置之间建立硬件物理连接,包括:Optionally, establishing a hardware physical connection between the accelerator card and the data sending device includes:

所述CPLD将selectmap接口的状态设置为开启状态;其中,selectmap接口设置于所述加速卡与所述数据发送装置之间。The CPLD sets the state of the selectmap interface to an open state; wherein the selectmap interface is provided between the accelerator card and the data sending device.

本申请还提供一种加速卡数据下载装置,包括:This application also provides an accelerator card data download device, including:

加密信息发送模块,用于从数据发送装置接收加密信息;An encrypted information sending module, used to receive encrypted information from the data sending device;

加密信息解密模块,用于基于本地的解密算法对所述加密信息进行解密,得到唯一识别码;The encrypted information decryption module is used to decrypt the encrypted information based on a local decryption algorithm to obtain a unique identification code;

识别码判断模块,用于判断所述唯一识别码与加速卡的存储器中的识别码是否相同;An identification code judgment module, used to judge whether the unique identification code is the same as the identification code in the memory of the accelerator card;

数据传输模块,用于当所述唯一识别码与所述识别码相同时,在所述加速卡与所述数据发送装置之间建立硬件物理连接,以便所述数据发送装置通过所述硬件物理连接将数据发送至所述加速卡。A data transmission module, configured to establish a hardware physical connection between the accelerator card and the data sending device when the unique identification code is the same as the identification code, so that the data sending device is physically connected through the hardware Send data to the accelerator card.

本申请还提供一种服务器,包括:This application also provides a server, including:

存储器,用于存储计算机程序;Memory, used to store computer programs;

处理器,用于执行所述计算机程序时实现如上所述的加速卡数据下载方法的步骤。A processor, configured to implement the above steps of the accelerator card data downloading method when executing the computer program.

本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如上所述的加速卡数据下载方法的步骤。The present application also provides a computer-readable storage medium. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, the above steps of the accelerator card data downloading method are implemented.

本申请所提供的一种加速卡数据下载方法,包括:CPLD从数据发送装置接收加密信息;基于本地的解密算法对所述加密信息进行解密,得到唯一识别码;判断所述唯一识别码与加速卡的存储器中的识别码是否相同;若是,则在所述加速卡与所述数据发送装置之间建立硬件物理连接,以便所述数据发送装置通过所述硬件物理连接将数据发送至所述加速卡。An accelerator card data downloading method provided by this application includes: CPLD receives encrypted information from a data sending device; decrypts the encrypted information based on a local decryption algorithm to obtain a unique identification code; determines the relationship between the unique identification code and the acceleration card Whether the identification codes in the memory of the cards are the same; if so, establish a hardware physical connection between the accelerator card and the data sending device, so that the data sending device sends data to the accelerator through the hardware physical connection Card.

通过CPLD对接收到的加密信息进行解密,得到唯一识别码,再与本地存储的识别码判断是否相同,最后在相同的情况下才建立硬件物理连接,以便进行数据传输,避免恶意程序在不授权的情况下通过硬件物理连接被传输至加速卡中,提高了加速卡中数据的安全性,避免数据丢失。The received encrypted information is decrypted through CPLD to obtain a unique identification code, and then it is judged whether it is the same as the locally stored identification code. Finally, a hardware physical connection is established under the same circumstances to facilitate data transmission and avoid malicious programs from unauthorized access. It is transferred to the accelerator card through hardware physical connection, which improves the security of the data in the accelerator card and avoids data loss.

本申请还提供一种加速卡数据下载装置,服务器以及计算机可读存储介质,具有以上有益效果,在此不做赘述。This application also provides an accelerator card data downloading device, a server and a computer-readable storage medium, which have the above beneficial effects and will not be described in detail here.

附图说明Description of the drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to explain the embodiments of the present application or the technical solutions in the prior art more clearly, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only This is an embodiment of the present application. For those of ordinary skill in the art, other drawings can be obtained based on the provided drawings without exerting creative efforts.

图1为本申请实施例所提供的一种加速卡数据下载方法的流程图;Figure 1 is a flow chart of an accelerator card data downloading method provided by an embodiment of the present application;

图2为本申请实施例所提供的一种加速卡数据下载方法的硬件结构示意图;Figure 2 is a schematic diagram of the hardware structure of an accelerator card data downloading method provided by an embodiment of the present application;

图3为本申请实施例所提供的一种加速卡数据下载方法的单设备结构示意图;Figure 3 is a schematic structural diagram of a single device of an accelerator card data downloading method provided by an embodiment of the present application;

图4为本申请实施例所提供的一种加速卡数据下载装置的结构示意图。Figure 4 is a schematic structural diagram of an accelerator card data downloading device provided by an embodiment of the present application.

具体实施方式Detailed ways

本申请的核心是提供一种加速卡数据下载方法、加速卡数据下载装置,服务器以及计算机可读存储介质,以提高FPGA中的程序的安全性,避免FPGA中程序的泄漏。The core of this application is to provide an accelerator card data download method, accelerator card data download device, server and computer-readable storage medium, so as to improve the security of the program in the FPGA and avoid the leakage of the program in the FPGA.

为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments These are part of the embodiments of this application, but not all of them. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of this application.

相关技术中,FPGA存在被恶意软件控制的风险,比如恶意软件可以通过FPGA的JTAG接口或者selectMap接口读出FPGA的程序,造成FPGA深度学习模型的泄密;或者可以通过上述接口,写入新的恶意FPGA程序,造成加速计算模块被恶意劫持,降低FPGA中程序的安全性。In related technologies, FPGA has the risk of being controlled by malware. For example, malware can read the FPGA program through the FPGA's JTAG interface or selectMap interface, causing the leakage of the FPGA deep learning model; or it can write new malicious code through the above interface. The FPGA program causes the accelerated computing module to be maliciously hijacked, reducing the security of the program in the FPGA.

因此,本申请提供一种加速卡数据下载方法,通过CPLD对接收到的加密信息进行解密,得到唯一识别码,再与本地存储的识别码判断是否相同,最后在相同的情况下才建立硬件物理连接,以便进行数据传输,避免恶意程序在不授权的情况下通过硬件物理连接被传输至加速卡中,提高了加速卡中数据的安全性,避免数据丢失。Therefore, this application provides a method for downloading accelerator card data. The received encrypted information is decrypted through CPLD to obtain a unique identification code, and then it is judged whether it is the same as the locally stored identification code. Finally, the hardware physics is established under the same situation. connection for data transmission, preventing malicious programs from being transmitted to the accelerator card through hardware physical connections without authorization, improving the security of data in the accelerator card and avoiding data loss.

以下通过一个实施例,对本申请提供的一种加速卡数据下载方法进行说明。The following describes an accelerator card data downloading method provided by this application through an embodiment.

请参考图1,图1为本申请实施例所提供的一种加速卡数据下载方法的流程图。Please refer to Figure 1, which is a flow chart of an accelerator card data downloading method provided by an embodiment of the present application.

本实施例中,该方法可以包括:In this embodiment, the method may include:

S101,CPLD从数据发送装置接收加密信息;S101, CPLD receives encrypted information from the data sending device;

本步骤旨在CPLD从数据发送装置接收加密信息。其中,加密信息是在加速卡接收数据之前,用于进行安全性验证的加密信息。This step is intended for the CPLD to receive encrypted information from the data sending device. Among them, the encrypted information is the encrypted information used for security verification before the accelerator card receives the data.

本实施例中,先通过CPLD对加密信息进行验证,而不是加速卡自身进行验证,将验证过程进行解耦,提高了加速卡的安全性。In this embodiment, the encrypted information is first verified through the CPLD instead of the accelerator card itself, which decouples the verification process and improves the security of the accelerator card.

其中,加密信息为数据发送装置在本地对唯一标识码进行加密得到的加密信息,只有该加密信息传送到了CPLD中才可以被解密,保持了加速卡不被其他设备进行连接的目的。Among them, the encrypted information is the encrypted information obtained by locally encrypting the unique identification code by the data sending device. Only the encrypted information can be decrypted after it is transmitted to the CPLD, thus maintaining the purpose of the accelerator card not being connected by other devices.

其中,加密算法可以是混合加密算法,也可以采用现有技术提供的任意一种加密算法,在此不做具体限定。The encryption algorithm may be a hybrid encryption algorithm, or any encryption algorithm provided by the existing technology may be used, which is not specifically limited here.

S102,基于本地的解密算法对加密信息进行解密,得到唯一识别码;S102, decrypt the encrypted information based on the local decryption algorithm to obtain a unique identification code;

在S101的基础上,本步骤旨在基于本地的解密算法对加密信息进行解密,得到唯一识别码。Based on S101, this step aims to decrypt the encrypted information based on the local decryption algorithm and obtain a unique identification code.

其中,本地的解密算法是与加密算法相对应的算法,该解密算法为固化在CPLD本地的硬件算法,对于外界不可见,提高了解密过程的安全性。Among them, the local decryption algorithm is an algorithm corresponding to the encryption algorithm. The decryption algorithm is a hardware algorithm solidified locally in the CPLD and is invisible to the outside world, improving the security of the decryption process.

进一步的,本步骤可以包括:Further, this step may include:

基于本地的解密算法对加密信息中的加密ID信息和加密版本号信息进行解密,得到唯一识别码。The encrypted ID information and encrypted version number information in the encrypted information are decrypted based on the local decryption algorithm to obtain a unique identification code.

可见,本可选方案主要是如何进行解密做说明。本可选方案中可以是通过加密ID信息和加密版本号信息基于解密算法进行解密,得到该唯一识别码。可见,其中通过混合解密的手段,提高了加密信息的安全性,避免数据被泄露。It can be seen that this alternative mainly explains how to decrypt. In this optional solution, the unique identification code can be obtained by decrypting the encrypted ID information and the encrypted version number information based on a decryption algorithm. It can be seen that through hybrid decryption, the security of encrypted information is improved and data is prevented from being leaked.

S103,判断唯一识别码与加速卡的存储器中的识别码是否相同;S103, determine whether the unique identification code is the same as the identification code in the memory of the accelerator card;

在S102的基础上,本步骤旨在判断唯一识别码与加速卡的存储器中的识别码是否相同。Based on S102, this step aims to determine whether the unique identification code is the same as the identification code in the memory of the accelerator card.

其中,加速卡的存储器中的识别码为预先存储在加速卡中的识别码,该识别码为唯一识别码,只有该加速卡的管理方或使用方才能获取的识别码。The identification code in the memory of the accelerator card is an identification code pre-stored in the accelerator card. The identification code is a unique identification code that can only be obtained by the administrator or user of the accelerator card.

其中,加速卡为通过CPLD与数据发送装置连接的加速设备。Among them, the accelerator card is an accelerator device connected to the data sending device through a CPLD.

可见,本实施例中外界设备,例如CPU,均是通过CPLD与该加速卡进行连接,而不是加速卡与外界设备直接进行连接,提高了加速卡的安全性。It can be seen that in this embodiment, the external device, such as the CPU, is connected to the accelerator card through the CPLD instead of the accelerator card being directly connected to the external device, which improves the security of the accelerator card.

进一步的,本步骤可以包括:Further, this step may include:

步骤1,CPLD从加速卡的存储器中读取识别码;Step 1, CPLD reads the identification code from the memory of the accelerator card;

步骤2,判断唯一识别码与识别码是否相同。Step 2: Determine whether the unique identification code and the identification code are the same.

可见,本可选方案中主要是对如何进行判断做说明。本可选方案中,CPLD从加速卡的存储器中读取识别码,判断唯一识别码与识别码是否相同。It can be seen that this alternative mainly explains how to make judgments. In this optional solution, the CPLD reads the identification code from the memory of the accelerator card and determines whether the unique identification code and the identification code are the same.

S104,若是,则在加速卡与数据发送装置之间建立硬件物理连接,以便数据发送装置通过硬件物理连接将数据发送至加速卡。S104, if yes, establish a hardware physical connection between the accelerator card and the data sending device, so that the data sending device sends data to the accelerator card through the hardware physical connection.

在S103的基础上,当唯一识别码与识别码相同时,在加速卡与数据发送装置之间建立硬件物理连接,以便数据发送装置通过硬件物理连接将数据发送至加速卡。On the basis of S103, when the unique identification code is the same as the identification code, a hardware physical connection is established between the accelerator card and the data sending device, so that the data sending device sends data to the accelerator card through the hardware physical connection.

可见,在识别码相同的情况下可以建立对应的数据传输通路,以便实现数据传输。而且由于是物理连接,因此当CPLD使能不设置为开启状态时,就无法进行数据传输,避免了恶意入侵。It can be seen that when the identification codes are the same, corresponding data transmission channels can be established to achieve data transmission. And because it is a physical connection, when the CPLD is not set to the on state, data transmission cannot be performed, avoiding malicious intrusion.

进一步的,本步骤可以包括:Further, this step may include:

CPLD将selectmap接口的状态设置为开启状态;其中,selectmap接口设置于加速卡与数据发送装置之间。CPLD sets the status of the selectmap interface to the open state; wherein, the selectmap interface is set between the accelerator card and the data sending device.

可见,本可选方案中主要是对如何建立硬件物理连接做说明。本可选方案中CPLD将selectmap接口的状态设置为开启状态;其中,selectmap接口设置于加速卡与数据发送装置之间。It can be seen that this optional solution mainly explains how to establish the physical connection of the hardware. In this optional solution, CPLD sets the status of the selectmap interface to the open state; wherein, the selectmap interface is set between the accelerator card and the data sending device.

此外,本实施例还可以包括:In addition, this embodiment may also include:

通过JTAG接口将识别码写入加速卡的存储器中。Write the identification code into the memory of the accelerator card through the JTAG interface.

可见,本可选方案中还可以通过JTAG接口将识别码写入加速卡的存储器中。其中,JTAG接口为一种物理嵌入式加载接口。该JTAG接口在很多的产品中都做了隐藏,不易被直接控制,很少会有被劫持的风险,提高了安全性。It can be seen that in this optional solution, the identification code can also be written into the memory of the accelerator card through the JTAG interface. Among them, the JTAG interface is a physical embedded loading interface. The JTAG interface is hidden in many products and is not easy to be directly controlled. There is little risk of being hijacked, which improves security.

此外,本实施例还可以包括:In addition, this embodiment may also include:

当数据发送结束时,切断硬件物理连接。When the data transmission is completed, the hardware physical connection is cut off.

可见,本可选方案中为了提高加速卡的安全性,当数据发送结束时,切断硬件物理连接。避免硬件物理连接处于常开启的状态,也就是避免了数据被泄漏的风险,提高了数据的安全性。It can be seen that in this optional solution, in order to improve the security of the accelerator card, when the data transmission is completed, the hardware physical connection is cut off. Preventing the hardware physical connection from being in a constantly open state avoids the risk of data leakage and improves data security.

综上,本实施例通过CPLD对接收到的加密信息进行解密,得到唯一识别码,再与本地存储的识别码判断是否相同,最后在相同的情况下才建立硬件物理连接,以便进行数据传输,避免恶意程序在不授权的情况下通过硬件物理连接被传输至加速卡中,提高了加速卡中数据的安全性,避免数据丢失。In summary, this embodiment uses CPLD to decrypt the received encrypted information to obtain a unique identification code, and then determines whether it is the same as the locally stored identification code. Finally, under the same circumstances, a hardware physical connection is established for data transmission. This prevents malicious programs from being transmitted to the accelerator card through hardware physical connections without authorization, improves the security of data in the accelerator card and avoids data loss.

以下通过一个具体的实施例,对本申请提供的一种加速卡数据下载方法做进一步说明。The following uses a specific embodiment to further illustrate an accelerator card data downloading method provided by this application.

请参考图2,图2为本申请实施例所提供的一种加速卡数据下载方法的硬件结构示意图。Please refer to Figure 2, which is a schematic diagram of the hardware structure of an accelerator card data downloading method provided by an embodiment of the present application.

请参考图3,图3为本申请实施例所提供的一种加速卡数据下载方法的单设备结构示意图。Please refer to FIG. 3 , which is a schematic structural diagram of a single device of an accelerator card data downloading method provided by an embodiment of the present application.

本实施例中,为了避免网络恶意攻击造成的数据加速单元的权限失控,同时降低在某一个加速单元被破解后还能尽可能的保护其他加速单元不被非法攻击。本实施例,利用FPGA唯一的ID信息,通过远程升级时,将ID信息与升级使用的版本号混合加密,并在加速卡上进行软件隔离的硬件解密来控制selectmap权限,以便保护FPGA的计算模型不被非法篡改和复制。In this embodiment, in order to avoid the loss of authority of the data acceleration unit caused by malicious network attacks, and at the same time reduce the risk to other acceleration units from being illegally attacked after a certain acceleration unit is cracked. In this embodiment, the unique ID information of the FPGA is used to encrypt the ID information and the version number used for the upgrade through remote upgrade, and software-isolated hardware decryption is performed on the accelerator card to control the selectmap permissions in order to protect the computing model of the FPGA. Will not be illegally tampered with or copied.

图2中,合法远程更新部分,保存着数据中心FPGA的ID信息以及当前软件升级的版本信息V,通过加密算法,可以产生新的ID_New信息和版本信息V_New。In Figure 2, the legal remote update part stores the ID information of the data center FPGA and the version information V of the current software upgrade. Through the encryption algorithm, new ID_New information and version information V_New can be generated.

图3中,将加密后的信息和新的比特流,发送给数据中心的CPU,并由数据中心下发给CPLD,由设计在CPLD中的解密算法,解析出原始的ID信息,并和保存在存储器中的ID信息进行比较,如果校验正确,则打开selectmap接口的控制使能,也就是开放FPGA接口权限给CPU。如果校验失败,则不开放权限,因为加密算法在远程更新的计算机上,并且解密算法由CPLD的硬件单元实现,全过程对于数据中心的CPU和操作系统不可见,因此,当数据中心遭到恶意网络攻击时,也不会有造成加速FPGA单元被恶意篡改的事故。In Figure 3, the encrypted information and new bit stream are sent to the CPU of the data center, and then sent to the CPLD by the data center. The decryption algorithm designed in the CPLD parses the original ID information and saves it. The ID information in the memory is compared. If the verification is correct, the control enable of the selectmap interface is turned on, which means that the FPGA interface permission is opened to the CPU. If the verification fails, the permissions will not be opened because the encryption algorithm is on the remotely updated computer and the decryption algorithm is implemented by the hardware unit of the CPLD. The whole process is invisible to the CPU and operating system of the data center. Therefore, when the data center is attacked In the event of a malicious network attack, there will be no accidents that cause the acceleration FPGA unit to be maliciously tampered with.

进一步的,本实施例中,该方法可以包括:Further, in this embodiment, the method may include:

步骤1,利用JTAG,将FPGA的ID信息通过CPLD写入加速卡上的存储器中;Step 1: Use JTAG to write the FPGA ID information into the memory on the accelerator card through CPLD;

步骤2,利用JTAG,更新CPLD程序,关闭存储器的写使能,以便禁止更新FPGA的ID信息,此版本含有最终的selectmap接口的解密和管理功能;Step 2, use JTAG to update the CPLD program and turn off the write enable of the memory to prohibit updating the FPGA ID information. This version contains the final decryption and management functions of the selectmap interface;

步骤3,当需要更新FPGA加速单元的程序时,远程计算机通过网络连接到数据中心的CPU和操作系统上;Step 3. When the program of the FPGA acceleration unit needs to be updated, the remote computer is connected to the CPU and operating system of the data center through the network;

步骤4,远程计算机存有需要更新的FPGA程序,以及对应FPGA的ID信息,以及本次程序的版本信息,通过加密算法,得到加密后的FPGA ID信息和程序版本信息,将三个文件都发送给数据中心的CPU和操作系统;Step 4. The remote computer contains the FPGA program that needs to be updated, as well as the corresponding FPGA ID information and the version information of this program. Through the encryption algorithm, the encrypted FPGA ID information and program version information are obtained, and all three files are sent. To the CPU and operating system of the data center;

步骤5,数据中心的CPU没有解密算法,也不做解密,直接将加密的FPGA ID信息和程序版本信息发送给加速卡上的CPLD;Step 5: The CPU in the data center does not have a decryption algorithm and does not perform decryption. It directly sends the encrypted FPGA ID information and program version information to the CPLD on the accelerator card;

步骤6,数据加速卡上的CPLD通过硬件解密算法,解析出FPGA的唯一ID识别码,通过和存储器中的ID值进行对比,如果一致,则开放selectmap的硬件物理连接,数据中心的CPU获得了selectmap的使用权;Step 6: The CPLD on the data accelerator card parses the unique ID identification code of the FPGA through the hardware decryption algorithm, and compares it with the ID value in the memory. If it is consistent, the hardware physical connection of the selectmap is opened, and the CPU of the data center obtains The right to use selectmap;

步骤7,数据中心的CPU在更新完毕FPGA程序后,CPLD会通过计数器知悉更新完成,则会自动关闭selectmap接口的使用权限。Step 7: After the data center CPU completes updating the FPGA program, the CPLD will know that the update is completed through the counter, and will automatically close the use rights of the selectmap interface.

如果有非法的链接尝试直接控制selectmap接口,虽然可以通过地址寻址的方式找到对应的控制地址,但是因为存在CPLD的硬件加密解密功能,无法获得selectmap的使用权限,也就无法进行非法复制和篡改。If an illegal link attempts to directly control the selectmap interface, although the corresponding control address can be found through address addressing, due to the hardware encryption and decryption function of CPLD, the use permission of selectmap cannot be obtained, and illegal copying and tampering cannot be carried out. .

可见,本实施例通过CPLD对接收到的加密信息进行解密,得到唯一识别码,再与本地存储的识别码判断是否相同,最后在相同的情况下才建立硬件物理连接,以便进行数据传输,避免恶意程序在不授权的情况下通过硬件物理连接被传输至加速卡中,提高了加速卡中数据的安全性,避免数据丢失。It can be seen that this embodiment uses CPLD to decrypt the received encrypted information to obtain a unique identification code, and then determines whether it is the same as the locally stored identification code, and finally establishes a hardware physical connection under the same situation to facilitate data transmission and avoid Malicious programs are transmitted to the accelerator card through hardware physical connections without authorization, which improves the security of data in the accelerator card and avoids data loss.

下面对本申请实施例提供的加速卡数据下载装置进行介绍,下文描述的加速卡数据下载装置与上文描述的加速卡数据下载方法可相互对应参照。The following is an introduction to the accelerator card data downloading device provided by the embodiment of the present application. The accelerator card data downloading device described below and the accelerator card data downloading method described above may be mutually referenced.

请参考图4,图4为本申请实施例所提供的一种加速卡数据下载装置的结构示意图。Please refer to FIG. 4 , which is a schematic structural diagram of an accelerator card data downloading device provided by an embodiment of the present application.

本实施例中,该装置可以包括:In this embodiment, the device may include:

加密信息发送模块100,用于从数据发送装置接收加密信息;The encrypted information sending module 100 is used to receive encrypted information from the data sending device;

加密信息解密模块200,用于基于本地的解密算法对加密信息进行解密,得到唯一识别码;The encrypted information decryption module 200 is used to decrypt the encrypted information based on a local decryption algorithm to obtain a unique identification code;

识别码判断模块300,用于判断唯一识别码与FPGA的存储器中的识别码是否相同;The identification code judgment module 300 is used to judge whether the unique identification code is the same as the identification code in the memory of the FPGA;

数据传输模块400,用于当唯一识别码与识别码相同时,在FPGA与数据发送装置之间建立硬件物理连接,以便数据发送装置通过硬件物理连接将FPGA程序发送至FPGA。The data transmission module 400 is used to establish a hardware physical connection between the FPGA and the data sending device when the unique identification code is the same as the identification code, so that the data sending device sends the FPGA program to the FPGA through the hardware physical connection.

本申请实施例还提供一种服务器,包括:An embodiment of the present application also provides a server, including:

存储器,用于存储计算机程序;Memory, used to store computer programs;

处理器,用于执行所述计算机程序时实现如以上实施例所述的加速卡数据下载方法的步骤。A processor, configured to implement the steps of the accelerator card data downloading method described in the above embodiments when executing the computer program.

本申请实施例还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如以上实施例所述的加速卡数据下载方法的步骤。Embodiments of the present application also provide a computer-readable storage medium. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, the accelerator card data downloading method as described in the above embodiments is implemented. step.

说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in the specification is described in a progressive manner. Each embodiment focuses on its differences from other embodiments. The same and similar parts between the various embodiments can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple. For relevant details, please refer to the description in the method section.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those skilled in the art may further realize that the units and algorithm steps of each example described in connection with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of both. In order to clearly illustrate the possible functions of hardware and software, Interchangeability, in the above description, the composition and steps of each example have been generally described according to functions. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each specific application, but such implementations should not be considered beyond the scope of this application.

结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in conjunction with the embodiments disclosed herein may be implemented directly in hardware, in software modules executed by a processor, or in a combination of both. Software modules may be located in random access memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disks, removable disks, CD-ROMs, or anywhere in the field of technology. any other known form of storage media.

以上对本申请所提供的一种加速卡数据下载方法、加速卡数据下载装置,服务器以及计算机可读存储介质进行了详细介绍。本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以对本申请进行若干改进和修饰,这些改进和修饰也落入本申请权利要求的保护范围内。The above describes in detail an accelerator card data downloading method, accelerator card data downloading device, server and computer-readable storage medium provided by this application. This article uses specific examples to illustrate the principles and implementation methods of this application. The description of the above embodiments is only used to help understand the method and its core idea of this application. It should be noted that for those of ordinary skill in the art, several improvements and modifications can be made to the present application without departing from the principles of the present application, and these improvements and modifications also fall within the protection scope of the claims of the present application.

Claims (8)

1.一种加速卡数据下载方法,其特征在于,包括:1. A method for downloading accelerator card data, which is characterized by including: CPLD从数据发送装置接收加密信息;所述加密信息为采用混合加密算法加密得到的信息;The CPLD receives encrypted information from the data sending device; the encrypted information is information encrypted using a hybrid encryption algorithm; 基于本地的解密算法对所述加密信息进行解密,得到唯一识别码;本地的解密算法是与加密算法相对应的算法,该解密算法为固化在CPLD本地的硬件算法;Decrypt the encrypted information based on a local decryption algorithm to obtain a unique identification code; the local decryption algorithm is an algorithm corresponding to the encryption algorithm, and the decryption algorithm is a hardware algorithm solidified locally in the CPLD; 判断所述唯一识别码与加速卡的存储器中的识别码是否相同;Determine whether the unique identification code is the same as the identification code in the memory of the accelerator card; 若是,则在所述加速卡与所述数据发送装置之间建立硬件物理连接,以便所述数据发送装置通过所述硬件物理连接将数据发送至所述加速卡;If so, establish a hardware physical connection between the accelerator card and the data sending device, so that the data sending device sends data to the accelerator card through the hardware physical connection; 其中,在所述加速卡与所述数据发送装置之间建立硬件物理连接,包括:所述CPLD将selectmap接口的状态设置为开启状态;selectmap接口设置于所述加速卡与所述数据发送装置之间;Wherein, establishing a hardware physical connection between the accelerator card and the data sending device includes: the CPLD sets the state of the selectmap interface to an open state; the selectmap interface is set between the accelerator card and the data sending device. between; 若所述唯一识别码与加速卡的存储器中的识别码不相同,则不开放selectmap接口的使用权限;If the unique identification code is different from the identification code in the memory of the accelerator card, the use permission of the selectmap interface will not be granted; 其中,基于本地的解密算法对所述加密信息进行解密,得到唯一识别码,包括:基于所述本地的解密算法对所述加密信息中的加密ID信息和加密版本号信息进行解密,得到所述唯一识别码;Wherein, decrypting the encrypted information based on the local decryption algorithm to obtain the unique identification code includes: decrypting the encrypted ID information and encrypted version number information in the encrypted information based on the local decryption algorithm to obtain the unique identification code; 其中,该方法包括:Among them, the method includes: 步骤1,利用JTAG,将FPGA的ID信息通过CPLD写入加速卡上的存储器中;步骤2,利用JTAG,更新CPLD程序,关闭存储器的写使能,以便禁止更新FPGA的ID信息,此版本含有最终的selectmap接口的解密和管理功能;步骤3,当需要更新FPGA加速单元的程序时,远程计算机通过网络连接到数据中心的CPU和操作系统上;步骤4,远程计算机存有需要更新的FPGA程序,以及对应FPGA的ID信息,以及本次程序的版本信息,通过加密算法,得到加密后的FPGA ID信息和程序版本信息,将三个文件都发送给数据中心的CPU和操作系统;步骤5,数据中心的CPU没有解密算法,不做解密,直接将加密的FPGA ID信息和程序版本信息发送给加速卡上的CPLD;步骤6,数据加速卡上的CPLD通过硬件解密算法,解析出FPGA的唯一ID识别码,通过和存储器中的ID值进行对比,如果一致,则开放selectmap的硬件物理连接,数据中心的CPU获得了selectmap的使用权;步骤7,数据中心的CPU在更新完毕FPGA程序后,CPLD会通过计数器知悉更新完成,则会自动关闭selectmap接口的使用权限。Step 1, use JTAG to write the FPGA ID information into the memory on the accelerator card through CPLD; Step 2, use JTAG to update the CPLD program and turn off the write enable of the memory to prohibit updating the FPGA ID information. This version contains The decryption and management functions of the final selectmap interface; Step 3, when the program of the FPGA acceleration unit needs to be updated, the remote computer is connected to the CPU and operating system of the data center through the network; Step 4, the remote computer contains the FPGA program that needs to be updated , as well as the corresponding FPGA ID information and the version information of this program. Through the encryption algorithm, the encrypted FPGA ID information and program version information are obtained, and all three files are sent to the CPU and operating system of the data center; Step 5, The CPU in the data center does not have a decryption algorithm and does not decrypt. It directly sends the encrypted FPGA ID information and program version information to the CPLD on the accelerator card; Step 6. The CPLD on the data accelerator card uses the hardware decryption algorithm to parse out the unique FPGA The ID identification code is compared with the ID value in the memory. If it is consistent, the hardware physical connection of the selectmap is opened, and the data center CPU obtains the right to use the selectmap; Step 7, after the data center CPU updates the FPGA program, CPLD will know that the update is completed through the counter, and will automatically close the use rights of the selectmap interface. 2.根据权利要求1所述的加速卡数据下载方法,其特征在于,还包括:2. The accelerator card data downloading method according to claim 1, further comprising: 当所述数据发送结束时,切断所述硬件物理连接。When the data transmission ends, the hardware physical connection is cut off. 3.根据权利要求1所述的加速卡数据下载方法,其特征在于,判断所述唯一识别码与加速卡的存储器中的识别码是否相同,包括:3. The accelerator card data downloading method according to claim 1, characterized in that determining whether the unique identification code is the same as the identification code in the memory of the accelerator card includes: 所述CPLD从所述加速卡的存储器中读取所述识别码;The CPLD reads the identification code from the memory of the accelerator card; 判断所述唯一识别码与所述识别码是否相同。Determine whether the unique identification code is the same as the identification code. 4.根据权利要求1所述的加速卡数据下载方法,其特征在于,所述加速卡为通过CPLD与所述数据发送装置连接的加速设备。4. The accelerator card data downloading method according to claim 1, characterized in that the accelerator card is an accelerator device connected to the data sending device through a CPLD. 5.根据权利要求1所述的加速卡数据下载方法,其特征在于,还包括:5. The accelerator card data downloading method according to claim 1, further comprising: 通过JTAG接口将所述识别码写入所述加速卡的存储器中。The identification code is written into the memory of the accelerator card through the JTAG interface. 6.一种加速卡数据下载装置,其特征在于,包括:6. An accelerator card data downloading device, characterized in that it includes: 加密信息发送模块,用于从数据发送装置接收加密信息;所述加密信息为采用混合加密算法加密得到的信息;The encrypted information sending module is used to receive encrypted information from the data sending device; the encrypted information is information encrypted using a hybrid encryption algorithm; 加密信息解密模块,用于基于本地的解密算法对所述加密信息进行解密,得到唯一识别码;本地的解密算法是与加密算法相对应的算法,该解密算法为固化在CPLD本地的硬件算法;The encrypted information decryption module is used to decrypt the encrypted information based on a local decryption algorithm to obtain a unique identification code; the local decryption algorithm is an algorithm corresponding to the encryption algorithm, and the decryption algorithm is a hardware algorithm solidified locally in the CPLD; 识别码判断模块,用于判断所述唯一识别码与加速卡的存储器中的识别码是否相同;An identification code judgment module, used to judge whether the unique identification code is the same as the identification code in the memory of the accelerator card; 数据传输模块,用于当所述唯一识别码与所述识别码相同时,在所述加速卡与所述数据发送装置之间建立硬件物理连接,以便所述数据发送装置通过所述硬件物理连接将数据发送至所述加速卡;其中,在所述加速卡与所述数据发送装置之间建立硬件物理连接,包括:所述CPLD将selectmap接口的状态设置为开启状态;selectmap接口设置于所述加速卡与所述数据发送装置之间;A data transmission module, configured to establish a hardware physical connection between the accelerator card and the data sending device when the unique identification code is the same as the identification code, so that the data sending device is physically connected through the hardware Send data to the accelerator card; wherein establishing a hardware physical connection between the accelerator card and the data sending device includes: the CPLD sets the state of the selectmap interface to an open state; the selectmap interface is set on the Between the accelerator card and the data sending device; 若所述唯一识别码与加速卡的存储器中的识别码不相同,则不开放selectmap接口的使用权限;If the unique identification code is different from the identification code in the memory of the accelerator card, the use permission of the selectmap interface will not be granted; 其中,基于本地的解密算法对所述加密信息进行解密,得到唯一识别码,包括:Among them, the encrypted information is decrypted based on a local decryption algorithm to obtain a unique identification code, including: 基于所述本地的解密算法对所述加密信息中的加密ID信息和加密版本号信息进行解密,得到所述唯一识别码;Decrypt the encrypted ID information and encrypted version number information in the encrypted information based on the local decryption algorithm to obtain the unique identification code; 其中,所述装置具体用于:步骤1,利用JTAG,将FPGA的ID信息通过CPLD写入加速卡上的存储器中;步骤2,利用JTAG,更新CPLD程序,关闭存储器的写使能,以便禁止更新FPGA的ID信息,此版本含有最终的selectmap接口的解密和管理功能;步骤3,当需要更新FPGA加速单元的程序时,远程计算机通过网络连接到数据中心的CPU和操作系统上;步骤4,远程计算机存有需要更新的FPGA程序,以及对应FPGA的ID信息,以及本次程序的版本信息,通过加密算法,得到加密后的FPGA ID信息和程序版本信息,将三个文件都发送给数据中心的CPU和操作系统;步骤5,数据中心的CPU没有解密算法,不做解密,直接将加密的FPGA ID信息和程序版本信息发送给加速卡上的CPLD;步骤6,数据加速卡上的CPLD通过硬件解密算法,解析出FPGA的唯一ID识别码,通过和存储器中的ID值进行对比,如果一致,则开放selectmap的硬件物理连接,数据中心的CPU获得了selectmap的使用权;步骤7,数据中心的CPU在更新完毕FPGA程序后,CPLD会通过计数器知悉更新完成,则会自动关闭selectmap接口的使用权限。Among them, the device is specifically used for: step 1, using JTAG, to write the ID information of the FPGA into the memory on the accelerator card through CPLD; step 2, using JTAG, updating the CPLD program, turning off the write enable of the memory, so as to prohibit Update the ID information of the FPGA. This version contains the decryption and management functions of the final selectmap interface; Step 3, when the program of the FPGA acceleration unit needs to be updated, the remote computer is connected to the CPU and operating system of the data center through the network; Step 4, The remote computer stores the FPGA program that needs to be updated, as well as the corresponding FPGA ID information and the version information of this program. Through the encryption algorithm, the encrypted FPGA ID information and program version information are obtained, and all three files are sent to the data center. CPU and operating system; Step 5, the data center CPU does not have a decryption algorithm, does not decrypt, and directly sends the encrypted FPGA ID information and program version information to the CPLD on the accelerator card; Step 6, the CPLD on the data accelerator card passes The hardware decryption algorithm parses out the unique ID identification code of the FPGA and compares it with the ID value in the memory. If it is consistent, the hardware physical connection of the selectmap is opened, and the CPU of the data center obtains the right to use the selectmap; Step 7, Data Center After the CPU completes updating the FPGA program, the CPLD will know that the update is completed through the counter, and will automatically close the use rights of the selectmap interface. 7.一种服务器,其特征在于,包括:7. A server, characterized in that it includes: 存储器,用于存储计算机程序;Memory, used to store computer programs; 处理器,用于执行所述计算机程序时实现如权利要求1至5任一项所述的加速卡数据下载方法的步骤。A processor, configured to implement the steps of the accelerator card data downloading method according to any one of claims 1 to 5 when executing the computer program. 8.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至5任一项所述的加速卡数据下载方法的步骤。8. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the acceleration according to any one of claims 1 to 5 is achieved. Steps of card data download method.
CN202110856493.9A 2021-07-28 2021-07-28 Acceleration card data downloading method and related device Active CN113726741B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110856493.9A CN113726741B (en) 2021-07-28 2021-07-28 Acceleration card data downloading method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110856493.9A CN113726741B (en) 2021-07-28 2021-07-28 Acceleration card data downloading method and related device

Publications (2)

Publication Number Publication Date
CN113726741A CN113726741A (en) 2021-11-30
CN113726741B true CN113726741B (en) 2024-01-19

Family

ID=78674095

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110856493.9A Active CN113726741B (en) 2021-07-28 2021-07-28 Acceleration card data downloading method and related device

Country Status (1)

Country Link
CN (1) CN113726741B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007041654A2 (en) * 2005-10-03 2007-04-12 Divitas Networks, Inc. Classification for media stream packets in a media gateway
CN102999350A (en) * 2012-10-24 2013-03-27 绵阳市维博电子有限责任公司 FPGA (field-programmable gate array) program upgrading and online downloading method in digital signal processing platform
CN104166566A (en) * 2014-08-12 2014-11-26 福建星网锐捷网络有限公司 FPGA configuration file upgrading method and system
CN107608700A (en) * 2017-10-16 2018-01-19 浪潮(北京)电子信息产业有限公司 A kind of update method, device and the medium of FPGA firmwares
CN108776648A (en) * 2018-05-28 2018-11-09 郑州云海信息技术有限公司 Data transmission method, system and FPGA isomeries accelerator card and storage medium
CN109039591A (en) * 2017-06-08 2018-12-18 佛山芯珠微电子有限公司 The implementation method of internet of things information encryption system based on FPGA
CN109214221A (en) * 2018-08-23 2019-01-15 武汉普利商用机器有限公司 A kind of identity card reader verification method, host computer and identity card reader
CN109240966A (en) * 2018-08-20 2019-01-18 郑州云海信息技术有限公司 A kind of accelerator card based on CPLD, collecting method and device
CN109542484A (en) * 2018-11-20 2019-03-29 济南浪潮高新科技投资发展有限公司 A kind of method and system of online updating FPGA configuration chip
CN109902452A (en) * 2018-11-01 2019-06-18 北京旷视科技有限公司 FPGA authority checking method, apparatus and processing equipment
EP3506312A1 (en) * 2017-12-28 2019-07-03 Ethicon LLC Interactive surgical systems with encrypted communication capabilities
WO2019140218A1 (en) * 2018-01-12 2019-07-18 Stc.Unm An autonomous, self-authenticating and self-contained secure boot-up system and methods
CN110209490A (en) * 2018-04-27 2019-09-06 腾讯科技(深圳)有限公司 A memory management method and related equipment
CN112100691A (en) * 2020-09-11 2020-12-18 浪潮(北京)电子信息产业有限公司 Protection method and protection system of hardware debugging interface and programmable controller
CN112383612A (en) * 2020-11-11 2021-02-19 成都卫士通信息产业股份有限公司 File transmission method, device, equipment and readable storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111435394B (en) * 2019-01-15 2021-05-14 创新先进技术有限公司 Safety calculation method and device based on FPGA hardware

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007041654A2 (en) * 2005-10-03 2007-04-12 Divitas Networks, Inc. Classification for media stream packets in a media gateway
CN102999350A (en) * 2012-10-24 2013-03-27 绵阳市维博电子有限责任公司 FPGA (field-programmable gate array) program upgrading and online downloading method in digital signal processing platform
CN104166566A (en) * 2014-08-12 2014-11-26 福建星网锐捷网络有限公司 FPGA configuration file upgrading method and system
CN109039591A (en) * 2017-06-08 2018-12-18 佛山芯珠微电子有限公司 The implementation method of internet of things information encryption system based on FPGA
CN107608700A (en) * 2017-10-16 2018-01-19 浪潮(北京)电子信息产业有限公司 A kind of update method, device and the medium of FPGA firmwares
EP3506312A1 (en) * 2017-12-28 2019-07-03 Ethicon LLC Interactive surgical systems with encrypted communication capabilities
WO2019140218A1 (en) * 2018-01-12 2019-07-18 Stc.Unm An autonomous, self-authenticating and self-contained secure boot-up system and methods
CN110209490A (en) * 2018-04-27 2019-09-06 腾讯科技(深圳)有限公司 A memory management method and related equipment
CN108776648A (en) * 2018-05-28 2018-11-09 郑州云海信息技术有限公司 Data transmission method, system and FPGA isomeries accelerator card and storage medium
CN109240966A (en) * 2018-08-20 2019-01-18 郑州云海信息技术有限公司 A kind of accelerator card based on CPLD, collecting method and device
CN109214221A (en) * 2018-08-23 2019-01-15 武汉普利商用机器有限公司 A kind of identity card reader verification method, host computer and identity card reader
CN109902452A (en) * 2018-11-01 2019-06-18 北京旷视科技有限公司 FPGA authority checking method, apparatus and processing equipment
CN109542484A (en) * 2018-11-20 2019-03-29 济南浪潮高新科技投资发展有限公司 A kind of method and system of online updating FPGA configuration chip
CN112100691A (en) * 2020-09-11 2020-12-18 浪潮(北京)电子信息产业有限公司 Protection method and protection system of hardware debugging interface and programmable controller
CN112383612A (en) * 2020-11-11 2021-02-19 成都卫士通信息产业股份有限公司 File transmission method, device, equipment and readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种基于云端加密的FPGA自适应动态配置方法;陈利锋;朱路平;;计算机科学(第07期);全文 *

Also Published As

Publication number Publication date
CN113726741A (en) 2021-11-30

Similar Documents

Publication Publication Date Title
CN113014539B (en) Internet of things equipment safety protection system and method
CN100354786C (en) Open type general-purpose attack-resistant CPU and application system thereof
JP4689946B2 (en) A system that executes information processing using secure data
CA2400204C (en) Method and apparatus for providing secure control of software or firmware code downloading and secure operation of a computing device receiving downloaded code
CN104335548B (en) A secure data processing device and method
CN109923548A (en) Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process
CN107430658A (en) Fail-safe software certification and checking
JP2007226481A (en) Secure processor
KR101078546B1 (en) A security data file encryption and decryption device based on identification information of a general purpose storage device, and an electronic signature system
CN105099705B (en) A secure communication method and system based on USB protocol
JP2003330365A (en) Content distribution / receiving method
EP2051181A1 (en) Information terminal, security device, data protection method, and data protection program
WO2015042981A1 (en) Encryption and decryption processing method, apparatus and device
CN101421739A (en) Authentication of a request to alter at least one of a BIOS and a setting associated with the BIOS
CN105975867B (en) Data processing method
CN108595982A (en) A kind of secure computing architecture method and device based on more container separating treatments
CN105827574A (en) File access system, file access method and file access device
CN113014444A (en) Internet of things equipment production test system and safety protection method
GB2432436A (en) Programmable logic controller peripheral device
CN115314253A (en) Data processing method, device, system, equipment and working machine
CN109190335B (en) Software copyright protection method and system
JP2004282391A (en) Information processing apparatus having authentication function and authentication function providing method
KR101711024B1 (en) Method for accessing temper-proof device and apparatus enabling of the method
CN103532712B (en) digital media file protection method, system and client
CN113726741B (en) Acceleration card data downloading method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载