CN105007154A - Encryption and decryption device based on AES (Advanced Encryption Standard) algorithm - Google Patents
Encryption and decryption device based on AES (Advanced Encryption Standard) algorithm Download PDFInfo
- Publication number
- CN105007154A CN105007154A CN201510437634.8A CN201510437634A CN105007154A CN 105007154 A CN105007154 A CN 105007154A CN 201510437634 A CN201510437634 A CN 201510437634A CN 105007154 A CN105007154 A CN 105007154A
- Authority
- CN
- China
- Prior art keywords
- data
- input
- encryption
- output
- path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 26
- 238000012545 processing Methods 0.000 claims abstract description 53
- 230000009466 transformation Effects 0.000 claims description 20
- 238000006243 chemical reaction Methods 0.000 claims description 15
- 230000002452 interceptive effect Effects 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims 2
- 230000006870 function Effects 0.000 description 30
- 238000000034 method Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000013461 design Methods 0.000 description 3
- 230000037361 pathway Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
本发明公开了一种基于AES算法的加密解密装置,涉及信息安全技术领域,解决了现有技术中AES加密解密模式单一的问题。本发明的加密解密装置包括用于处理数据的密码处理模块。该密码处理模块包括输入逻辑通路、第一多路选择单元、密码函数运算单元、第一多路分解单元、输出逻辑通路以及第二多路选择单元。AES模式控制信号控制选择输入逻辑通路输入分组数据,并选取密码函数运算单元对分组数据进行正向或反向处理,再控制选择输出逻辑通路输出分组数据。本发明主要用于通过AES算法对数据进行加密和解密。
The invention discloses an encryption and decryption device based on an AES algorithm, relates to the technical field of information security, and solves the problem of a single AES encryption and decryption mode in the prior art. The encryption and decryption device of the present invention includes a cryptographic processing module for processing data. The cryptographic processing module includes an input logic path, a first multiplexing unit, a cryptographic function operation unit, a first demultiplexing unit, an output logic path and a second multiplexing unit. The AES mode control signal controls the selection of the input logic path to input the packet data, and selects the cryptographic function operation unit to perform forward or reverse processing on the packet data, and then controls the selection of the output logic path to output the packet data. The present invention is mainly used for encrypting and decrypting data through the AES algorithm.
Description
技术领域technical field
本发明涉及信息安全技术领域,尤其涉及一种基于AES算法的加密解密装置。The invention relates to the technical field of information security, in particular to an encryption and decryption device based on an AES algorithm.
背景技术Background technique
AES(Advanced Encryption Standard,高级加密标准)是美国NIST(NationalInstitute of Standards and Technology,国家标准与技术研究院)于2002年确立使用的一种新的信息加密算法。随着现代密码分析水平、芯片处理能力和计算技术的不断进步,AES算法在各行业各部门获得广泛的应用,并逐渐取代DES在IPSec、SSL和ATM中的加密功能。AES (Advanced Encryption Standard, Advanced Encryption Standard) is a new information encryption algorithm established and used by the US NIST (National Institute of Standards and Technology, National Institute of Standards and Technology) in 2002. With the continuous improvement of modern cryptanalysis level, chip processing capability and computing technology, AES algorithm has been widely used in various industries and departments, and gradually replaced the encryption function of DES in IPSec, SSL and ATM.
目前国内在算法实现方面的研究中,通常是基于软件实现。相对于软件加密系统,硬件加密系统处理速度快且更加安全可靠。而目前AES的高速硬件实现数量较少。因此随着AES算法的普及应用,算法的硬件开发也逐渐成为一个重要的课题。At present, domestic research on algorithm implementation is usually based on software implementation. Compared with the software encryption system, the hardware encryption system has faster processing speed and is more secure and reliable. At present, the number of high-speed hardware implementations of AES is relatively small. Therefore, with the popularization and application of the AES algorithm, the hardware development of the algorithm has gradually become an important topic.
在实现本发明的过程中,发明人发现现有技术中至少存在如下技术问题:In the process of realizing the present invention, the inventor found that there are at least the following technical problems in the prior art:
AES算法包括ECB、CTR、OFB、CFB以及CBC五种加解密模式。而目前现有技术中,支持全模式的AES加密装置还是极少的,通常仅仅支持两三种。加密模式较为单一,安全性和保密性较差。The AES algorithm includes five encryption and decryption modes: ECB, CTR, OFB, CFB and CBC. However, in the current prior art, there are very few AES encryption devices that support full modes, usually only two or three types are supported. The encryption mode is relatively single, and the security and confidentiality are poor.
发明内容Contents of the invention
本发明提供一种基于AES算法的加密解密装置,能够支持AES加密解密算法的全模式,提高加密解密的安全性和可靠性。The invention provides an encryption and decryption device based on the AES algorithm, capable of supporting all modes of the AES encryption and decryption algorithm, and improving the security and reliability of the encryption and decryption.
本发明提供一种基于AES算法的加密解密装置,包括用于处理数据的密码处理模块;所述密码处理模块包括:The present invention provides an encryption and decryption device based on the AES algorithm, including a cryptographic processing module for processing data; the cryptographic processing module includes:
至少一条输入逻辑通路,用于对输入的分组数据进行逻辑运算;at least one input logic path for performing logic operations on input packet data;
第一多路选择单元,用于根据AES模式控制信号选择一路输入逻辑通路输出逻辑运算后的分组数据;The first multiplex selection unit is used to select one input logic path according to the AES mode control signal to output the grouped data after logic operation;
密码函数运算单元,用于根据所述AES模式控制信号选择正向或者反向密码函数对所述分组数据进行加密解密处理;A cryptographic function operation unit, configured to select a forward or reverse cryptographic function to encrypt and decrypt the packet data according to the AES mode control signal;
第二多路分解单元,用于将加密解密后的分组数据分解成至少一路分组数据;The second demultiplexing unit is used to decompose the encrypted and decrypted packet data into at least one path of packet data;
至少一条输出逻辑通路,用于对分解后的每路分组数据分别进行逻辑运算;At least one output logic path, used to perform logical operations on each path of decomposed grouped data;
第二多路选择单元,用于根据所述AES模式控制信号选择一路输出逻辑通路输出逻辑运算后的分组数据。The second multiplexing unit is configured to select one output logic path according to the AES mode control signal to output the grouped data after logic operation.
本发明提供的基于AES算法的加密解密装置的核心算法部分采用全硬件实现,支持全部5种AES加密解密模式、3种密钥位宽,能够满足对AES算法加密解密的全部需求,提高了数据加密解密的安全性和保密性,使得本发明具备更强的抵抗外界攻击的能力。The core algorithm part of the encryption and decryption device based on the AES algorithm provided by the present invention is implemented by full hardware, supports all 5 kinds of AES encryption and decryption modes, and 3 kinds of key bit widths, can meet all the requirements for encryption and decryption of the AES algorithm, and improves data security. The security and confidentiality of encryption and decryption make the present invention have a stronger ability to resist external attacks.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained based on these drawings without creative effort.
图1为本发明一实施例中,密码处理模块的结构示意图;FIG. 1 is a schematic structural diagram of a cryptographic processing module in an embodiment of the present invention;
图2为本发明一实施例中,正向密码处理模块的结构示意图;Fig. 2 is a schematic structural diagram of a forward cipher processing module in an embodiment of the present invention;
图3为本发明一实施例中,反向密码处理模块的结构示意图;3 is a schematic structural diagram of a reverse cipher processing module in an embodiment of the present invention;
图4为本发明一实施例中,正向密码运算单元的结构示意图;4 is a schematic structural diagram of a forward cryptographic operation unit in an embodiment of the present invention;
图5为本发明一实施例中,反向密码运算单元的结构示意图;Fig. 5 is a schematic structural diagram of a reverse cryptographic operation unit in an embodiment of the present invention;
图6为图4中正向密码运算单元的处理流程图;Fig. 6 is the processing flowchart of the forward cryptographic operation unit in Fig. 4;
图7为图5中反向密码运算单元的处理流程图;Fig. 7 is the processing flowchart of the reverse cryptographic operation unit in Fig. 5;
图8为本发明所提供的基于AES算法的加密解密装置的结构示意图。FIG. 8 is a schematic structural diagram of an encryption and decryption device based on the AES algorithm provided by the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
本发明所提供的加密解密装置根据AES算法加密解密模式的特点,对逻辑资源实现复用。从AES算法加密解密的数据处理流程可知,几种加密模式的不同点在于两点:一是密码函数处理前输入分组数据和处理后输出分组数据的构成方式;二是所选的密码函数。根据上述两个特点,本发明中将处理前和处理后的数据交由多条逻辑通道进行处理。对于处理前后数据构成方式相同的,通过逻辑通道进行合并复用。这样,在加密解密处理时,只需选择相关的逻辑通道,再调用正向/反向密码函数即可实现多种AES加密解密模式。下面结合实施例进行详细说明。The encryption and decryption device provided by the present invention implements multiplexing of logical resources according to the characteristics of the encryption and decryption mode of the AES algorithm. From the data processing flow of AES algorithm encryption and decryption, we can see that the difference between several encryption modes lies in two points: one is the composition of the input packet data before the encryption function processing and the output packet data after processing; the other is the selected encryption function. According to the above two features, in the present invention, the pre-processed and processed data are processed by multiple logical channels. For data with the same structure before and after processing, merge and multiplex through logical channels. In this way, when encrypting and decrypting, you only need to select the relevant logical channel, and then call the forward/reverse encryption function to realize multiple AES encryption and decryption modes. The following will be described in detail in conjunction with the embodiments.
本发明所提供的一个实施例中,基于AES算法的加密解密装置主要对密码处理模块进行了改进。具体地,如图1所示,密码处理模块包括:In an embodiment provided by the present invention, the encryption and decryption device based on the AES algorithm mainly improves the encryption processing module. Specifically, as shown in Figure 1, the password processing module includes:
至少一条输入逻辑通路,用于对输入的分组数据进行逻辑运算;at least one input logic path for performing logic operations on input packet data;
第一多路选择单元,用于根据AES模式控制信号选择一路输入逻辑通路输出逻辑运算后的分组数据;The first multiplex selection unit is used to select one input logic path according to the AES mode control signal to output the grouped data after logic operation;
密码函数运算单元,用于根据所述AES模式控制信号选择正向或者反向密码函数对所述分组数据进行加密解密处理;A cryptographic function operation unit, configured to select a forward or reverse cryptographic function to encrypt and decrypt the packet data according to the AES mode control signal;
第一多路分解单元,用于将加密解密后的分组数据分解成至少一路分组数据;The first demultiplexing unit is used to decompose the encrypted and decrypted packet data into at least one path of packet data;
至少一条输出逻辑通路,用于对分解后的每路分组数据分别进行逻辑运算;At least one output logic path, used to perform logical operations on each path of decomposed grouped data;
第二多路选择单元,用于根据所述AES模式控制信号选择一路输出逻辑通路输出逻辑运算后的分组数据。The second multiplexing unit is configured to select one output logic path according to the AES mode control signal to output the grouped data after logic operation.
具体地,所述密码处理模块还包括与输入逻辑通路相连接的第二多路分解单元,用于将输入的分组数据分解成多路。当输入逻辑通路所处理的输入分组数据相同时,需要通过第二路分解单元对输入的分组数据分解后发送至各个输入逻辑通路中。当输入逻辑通路处理的输入分组数据不同时,则将输入分组数据直接交由输入逻辑通路处理即可。Specifically, the cryptographic processing module further includes a second demultiplexing unit connected to the input logical path, for decomposing the input packet data into multiple paths. When the input packet data processed by the input logic paths are the same, the input packet data needs to be decomposed by the second path decomposition unit and sent to each input logic path. When the input packet data processed by the input logic paths are different, the input packet data can be directly handed over to the input logic path for processing.
具体地,所述输出逻辑通路为以下输出逻辑通路中的任意一种:第一输入逻辑通路,用于直接输入分组数据;第二输入逻辑通路,用于输入分组数据与密码初始向量进行异或逻辑运算后的数据;第三输入逻辑通路,用于输入分组数据与前一级的输出128位数据分组进行异或逻辑运算后的数据;第四输入逻辑通路,用于直接输入密钥初始向量;第五输入逻辑通路,用于输入前一级输入分组的低b-s位与前一级密文的s位进行拼接运算后的数据;第六输入逻辑通路,用于输入前一级的输出128位数据分组;第七输入逻辑通路,用于输入计数器的值。Specifically, the output logical path is any one of the following output logical paths: the first input logical path is used to directly input the packet data; the second input logical path is used to perform XOR between the input packet data and the password initialization vector The data after logic operation; the third input logic path is used to input the grouped data and the output 128-bit data group of the previous stage to carry out the data after XOR logic operation; the fourth input logic path is used to directly input the key initial vector ; The fifth input logic path is used to input the data after the splicing operation of the low b-s bits of the previous stage input packet and the s bits of the previous stage ciphertext; the sixth input logic path is used to input the output 128 of the previous stage A bit data packet; a seventh input logic channel for inputting a value of the counter.
具体地,所述输出逻辑通路为以下输出逻辑通路中的任意一种:第一输出逻辑通路,用于直接输出分组数据;第二输出逻辑通路,用于输出分组数据高s位与当前级明文的s位异或运算后的数据;第三输出逻辑通路,用于输出分组数据与当前级明文进行异或运算后的数据;第四输出逻辑通路,用于输出分组数据高s位与当前级密文的s位进行异或运算后的数据;第五输出逻辑通路,用于输出分组数据与当前级密文异或运算后的数据;第六输出逻辑通路,用于输出分组数据与密钥初始向量异或运算后的数据;第七输出逻辑通路,用于输出分组数据与前一级的输入密文进行异或运算后的数据。Specifically, the output logic path is any one of the following output logic paths: the first output logic path is used to directly output the packet data; the second output logic path is used to output the high s bit of the packet data and the current level plaintext The data after the XOR operation of the s bits of the s bits; the third output logic path is used to output the data after the XOR operation between the packet data and the current level plaintext; the fourth output logic path is used to output the high s bits of the packet data and the current level The data after the XOR operation of the s bits of the ciphertext; the fifth output logic path is used to output the data after the XOR operation between the packet data and the current level ciphertext; the sixth output logic path is used to output the packet data and the key The data after the XOR operation of the initial vector; the seventh output logic path, used to output the data after the XOR operation of the packet data and the input ciphertext of the previous stage.
与现有技术相比,本发明中将正向加密和反向解密的输入逻辑通道和输出逻辑通道复用,有效节省了装置的硬件实现面积。通过配置输入逻辑通道和输出逻辑通道,实现AES算法的多种模式。对于AES算法的多种模式的具体实现方式在下述实施例中进行详细说明。Compared with the prior art, the present invention multiplexes the input logic channel and output logic channel of forward encryption and reverse decryption, effectively saving the hardware implementation area of the device. By configuring the input logic channel and the output logic channel, various modes of the AES algorithm can be realized. The specific implementation of various modes of the AES algorithm is described in detail in the following embodiments.
本发明所提供的一个实施例中,将密码处理模块分为正向密码函数处理和反向密码函数处理分为两个独立的模块。具体地,两个模块中分别包含输入逻辑通路、多路选择单元、多路分解单元以及输出逻辑通路。下面对两个模块的具体实施过程进行详细介绍。In an embodiment provided by the present invention, the cryptographic processing module is divided into forward cryptographic function processing and reverse cryptographic function processing into two independent modules. Specifically, the two modules respectively include an input logic path, a demultiplexing unit, a demultiplexing unit, and an output logic path. The specific implementation process of the two modules will be introduced in detail below.
参见图2,正向密码函数处理模块包括七条输入逻辑通路,两个多路分解器、两个多路选择器、正向密码函数运算单元以及五路输出逻辑通路。其中,明文分组数据经多路分解器输出为三个输入逻辑通路。其他四条输入逻辑通路输入分组数据不同,无需设置多路分解器。七条输入逻辑通路输出连接第一多路选择器的输入端。第一多路选择器的输出端连接正向密码函数运算单元;正向密码函数运算单元输出端连接第二多路分解器。第二多路分解器分解为五条输出逻辑通路。五条输出逻辑通路通过第二多路选择器选择输出。Referring to FIG. 2 , the forward cryptographic function processing module includes seven input logic paths, two demultiplexers, two multiplexers, a forward cryptographic function computing unit, and five output logic paths. Wherein, the plaintext packet data is output as three input logical paths through the demultiplexer. The other four input logic paths have different input packet data, so there is no need to set up a demultiplexer. The outputs of the seven input logic paths are connected to the input terminals of the first multiplexer. The output end of the first multiplexer is connected to the forward encryption function operation unit; the output end of the forward encryption function operation unit is connected to the second multiplexer. The second demultiplexer breaks down into five output logic paths. Five output logic lanes are selected for output by a second multiplexer.
其中,七条输入逻辑通路包括:通路(1),用于直接输入明文分组数据;通路(2),用于输入明文分组数据与密码初始向量进行异或逻辑运算后的数据;通路(3),用于输入明文分组数据与前一级的输出128位数据分组进行异或逻辑运算后的数据。通路(4),用于直接输入密钥初始向量IV;通路(5),用于输入前一级明文分组数据的低b-s位与前一级密文的s位进行拼接运算后的数据;通路(6),用于输入前一级输出的128位数据分组;通路(7),用于输入计数器的值。其中,五条输出逻辑通路包括:通路(8),用于直接输出密文分组数据;通路(9),用于输出密文分组数据高s位与当前级明文的s位异或运算后的数据;通路(10),用于输出密文分组数据与当前级明文进行异或运算后的数据;通路(11),用于输出密文分组数据高s位与当前级密文的s位进行异或运算后的数据;通路(12),用于输出密文分组数据与当前级密文异或运算后的数据。Among them, the seven input logic paths include: path (1), used to directly input plaintext packet data; path (2), used to input plaintext packet data and the initial vector of the password after XOR logic operation; path (3), It is used for the data after XOR logical operation of the input plaintext packet data and the output 128-bit data packet of the previous stage. Passage (4), is used for directly inputting the key initial vector IV; Passage (5), is used for inputting the data after the low b-s bit of the plaintext packet data of the previous level and the s bit of the ciphertext of the previous level are spliced; (6) is used to input the 128-bit data packet output by the previous stage; the path (7) is used to input the value of the counter. Among them, the five output logic paths include: path (8), used to directly output ciphertext packet data; path (9), used to output the data after the XOR operation of the high s bit of the ciphertext packet data and the s bit of the current level plaintext ; Passage (10), for outputting ciphertext packet data and the data after XOR operation of current level plaintext; Pathway (11), for outputting ciphertext packet data high s bit and s bit of current level ciphertext to carry out XOR operation or the data after the operation; the path (12) is used to output the data after the XOR operation between the ciphertext block data and the current level ciphertext.
参见图3,反向密码函数处理模块包括一条输入逻辑通路、反向密码函数运算单元、多路分解器、三条输出逻辑通路以及一个多路选择器。由于反向处理只涉及一条输入逻辑通道,因此输入端的多路分解器和多路选择器可以省略。输入逻辑通道连接反向密码函数运算单元;反向密码函数运算单元经多路分解器分为三条输出逻辑通路;输出逻辑通路通过多路选择器选择输出。Referring to FIG. 3 , the reverse cryptographic function processing module includes an input logic path, a reverse cryptographic function computing unit, a demultiplexer, three output logic paths and a multiplexer. Since the reverse processing involves only one input logic channel, the demultiplexer and multiplexer at the input can be omitted. The input logic channel is connected to the reverse encryption function operation unit; the reverse encryption function operation unit is divided into three output logic paths through the demultiplexer; the output logic path is selected for output through the multiplexer.
其中,输入逻辑通路包括通路(0),用于直接输出密文分组数据。三条输出逻辑通路包括:通路(1),用于直接输出密文分组数据;通路(2),用于输出明文分组数据与密钥初始向量IV异或运算后的数据;通路(3),用于输出明文分组数据与前一级的输入密文进行异或运算后的数据。Wherein, the input logic path includes path (0), which is used to directly output the ciphertext packet data. Three output logic paths include: path (1), for directly outputting ciphertext block data; path (2), for outputting the data after XOR operation between plaintext block data and key initial vector IV; path (3), using The output plaintext block data and the data after the XOR operation is performed on the input ciphertext of the previous stage.
基于上述可知,本发明采用逻辑资源复用技术,对于将5种模式相同逻辑通道进行合并,同时将涉及到的正向密码函数CIPHk和反向密码函数CIPH-1K进行单独设计。通过AES模式控制信号选择输入逻辑通路和输出逻辑通路,并将密码函数作为公共模块进行调用,实现AES算法的5种加解密模式。下面介绍实现5种模式的具体实现方式。Based on the above, it can be seen that the present invention adopts the logical resource multiplexing technology to combine the same logical channels of the five modes, and at the same time separately design the involved forward cryptographic function CIPHk and reverse cryptographic function CIPH -1 K. The input logic path and the output logic path are selected through the AES mode control signal, and the cryptographic function is called as a public module to realize 5 encryption and decryption modes of the AES algorithm. The following describes the specific ways to implement the five modes.
ECB加密:采用图2的通路(1)(8);ECB解密:采用图3的通路(0)(1)。ECB encryption: use the path (1)(8) in Figure 2; ECB decryption: use the path (0)(1) in Figure 3.
CBC加密:第一个输入128位数据分组采用图2的通路(2)(8),其他输入128位数据分组采用图2的通路(3)(8)。CBC解密:第一个输出128位数据分组采用图3的通路(0)(2),其他输出128位数据分组采用图3的通路(0)(3)。CBC encryption: the first input 128-bit data packet adopts the path (2) (8) of Fig. 2, and the other input 128-bit data packets adopt the path (3) (8) of Fig. 2 . CBC decryption: the first output 128-bit data packet adopts the path (0)(2) of FIG. 3, and the other output 128-bit data packets adopt the path (0)(3) of FIG. 3.
CFB加密:第一个输入128位数据分组采用图2的通路(4)(9),其他输入128位数据分组采用图2的通路(5)(10)。CFB解密:第一个输入128位数据分组采用图2的通路(4)(11),其他输入128位数据分组采用图2的通路(5)(11)。CFB encryption: the first input 128-bit data packet adopts the pathway (4)(9) in Figure 2, and the other input 128-bit data packets adopt the pathway (5)(10) in Figure 2. CFB decryption: the first input 128-bit data packet adopts the path (4) (11) in Figure 2, and the other input 128-bit data packets adopt the path (5) (11) in Figure 2 .
OFB加密:第一个输入128位数据分组采用图2的通路(4)(10),其他输入128位数据分组采用图2的通路(6)(10)。OFB解密:第一个输入128位数据分组采用图2的通路(4)(12),其他输入128位数据分组采用图2的通路(6)(12)。OFB encryption: the first input 128-bit data packet adopts the path (4) (10) of Fig. 2, and other input 128-bit data packets adopt the path (6) (10) of Fig. 2 . OFB decryption: the first input 128-bit data packet adopts the path (4) (12) of Fig. 2, and other input 128-bit data packets adopt the path (6) (12) of Fig. 2 .
CTR加密:采用图2的通路(7)(10)。CTR解密:采用图2的通路(7)(12)。CTR encryption: adopt the path (7) (10) of Fig. 2. CTR decryption: adopt the path (7) (12) of Fig. 2.
需要说明的是,本发明并不局限于上述实施例。对于选取输入逻辑通道和输出逻辑通道的任意组合所实现ECB、CTR、OFB、CFB、CBC任意一种或多种加密解密模式,都在本发明的保护范围之内。与现有技术相比,本发明所提供的加密解密装置可以实现多种加解密模式,有效提高数据的安全性和保密性,同时通过对逻辑资源进行复用,有效节省装置的硬件实现面积。It should be noted that the present invention is not limited to the above-mentioned embodiments. Any one or more encryption and decryption modes of ECB, CTR, OFB, CFB, and CBC implemented by selecting any combination of input logic channels and output logic channels are within the protection scope of the present invention. Compared with the prior art, the encryption and decryption device provided by the present invention can realize multiple encryption and decryption modes, effectively improve data security and confidentiality, and at the same time, effectively save the hardware implementation area of the device by multiplexing logic resources.
本发明所提供的一个实施例中,对于正向密码函数运算单元和反向密码函数运算单元进行了改进。由于3种位宽AES算法分别对应了128/192/256bit的密钥K,但是它们数据处理的最小单位都是128bit,只是因为密钥位宽不同对应的加密解密数据处理轮数不同,分别为10/12/14轮。而每轮处理的方式都是一样,因此本发明将每轮处理方式单独设计,作为公共资源进行调用,以达到节省资源,降低面积的作用。针对不同的轮数,采用寄存器配置的方式控制单轮处理公共模块调用的次数。In an embodiment provided by the present invention, improvements are made to the forward cryptographic function computing unit and the reverse cryptographic function computing unit. Since the three bit-width AES algorithms correspond to the key K of 128/192/256bit, but the minimum unit of data processing is 128bit, it is only because the number of encryption and decryption data processing rounds corresponding to the different key bit width is different, respectively. 10/12/14 rounds. However, each round of processing is the same, so the present invention designs each round of processing separately and calls it as a public resource, so as to save resources and reduce the area. For different numbers of rounds, register configuration is used to control the number of public module calls processed in a single round.
具体地,参见图4,正向密码函数运算单元包括两个模块:第一运算依序对数据进行S盒变换、行变换、列变换、与扩展密钥异或处理,用于实现除最后一轮之外的其他轮的轮运算。第二运算模块依序对数据进行S盒变换、行变换、与扩展密钥异或3步,用于实现最后一轮的轮运算。Specifically, referring to FIG. 4, the forward cryptographic function operation unit includes two modules: the first operation performs S-box transformation, row transformation, column transformation, and XOR processing on the data in sequence, and is used to realize the data except the last one. Round operations for rounds other than rounds. The second operation module sequentially performs three steps of S-box transformation, row transformation, and XOR with the extended key to realize the last round of round operation.
参见图5,反向密码函数运算单元包括两个模块:第三运算模块依序对数据进行反行变换、反S盒变换、与扩展密钥异或、反列变换处理,实现除最后一轮之外的其他轮的轮运算;第四运算模块依序对数据进行反行变换、反S盒变换、与扩展密钥异或处理,实现最后一轮轮运算。Referring to Figure 5, the reverse cipher function operation unit includes two modules: the third operation module sequentially performs inverse row transformation, inverse S-box transformation, XOR with the extended key, and inverse column transformation processing on the data to realize the process of removing the last round The round operation of other rounds; the fourth operation module sequentially performs inverse row transformation, inverse S-box transformation, and XOR processing with the extended key to realize the last round operation.
现有技术中,正向函数运算单元和反向函数运算单元中轮运算的过程为相逆的。从上述可知,本发明反向函数运算单元与正向函数运算单元中的轮运算过程并非完全相逆。因此,本发明与现有技术相比,具有更高的安全性。In the prior art, the round operation process in the forward function operation unit and the reverse function operation unit is reversed. It can be seen from the above that the round operation process of the reverse function operation unit and the forward function operation unit of the present invention are not completely reversed. Therefore, compared with the prior art, the present invention has higher security.
参见图6和图7,本发明对于轮运算的处理优选采用多级流水进行设计。如表1所示,本发明中优选将轮运算分为Nr1,Nr2,Nr3,Nr4,最终轮5轮,5轮相加的总数为Nr。当然也可以分成更多级或者将每级的轮运算次数进行适当调整。Referring to Fig. 6 and Fig. 7, the present invention preferably adopts multi-stage pipeline design for processing round operations. As shown in Table 1, in the present invention, the round operation is preferably divided into Nr1, Nr2, Nr3, and Nr4, and the final round is 5 rounds, and the sum of the 5 rounds is Nr. Of course, it can also be divided into more stages or the number of round operations of each stage can be adjusted appropriately.
表1Table 1
其中,表格中的数字表示要做轮运算的次数,如果为0则表示不做该级的轮运算。第一级轮运算次数Nr1统一分配为3,第四级轮运算次数Nr4+最终轮分配会因总轮数不同而异。第二级轮运算次数Nr2和第三级轮运算次数Nr3,如果需要做该级轮运算则分配为4,不做该级轮运算则为0。每轮运算需要1个时钟周期,Nr1分配为3。Nr1轮执行前与扩展密钥异或需要消耗1个时钟周期,它与Nr1一起需要4个时钟周期,这样当输入128位数据分组填满4级流水线后,就可以每4个时钟周期,输出128位数据分组,大大缩短了原来正向密码函数、反向密码函数都需要10/12/14个时钟周期才产生输出128位分组数据的时间。Wherein, the number in the table indicates the number of round operations to be performed, and if it is 0, it means that the round operation of this level is not performed. The number of calculations Nr1 in the first round is uniformly allocated to 3, and the number of calculations in the fourth round Nr4 + the distribution of the final round will vary depending on the total number of rounds. The number of operations Nr2 in the second stage and the number Nr3 in the third stage are allocated as 4 if this stage of operation is required, and as 0 if this stage of operation is not performed. Each round of operation requires 1 clock cycle, and Nr1 is allocated as 3. It takes 1 clock cycle to XOR with the extended key before the execution of the Nr1 round, and it takes 4 clock cycles together with Nr1, so that when the input 128-bit data packet fills the 4-stage pipeline, it can be output every 4 clock cycles. 128-bit data grouping greatly shortens the time required for the original forward and reverse cipher functions to generate and output 128-bit grouped data in 10/12/14 clock cycles.
本发明所提供的一个实施例中,所述密码处理模块还包括位宽转换单元,用于对所述输入的分组数据以及对输出的分组数据进行位宽转换。具体地,如图2中,位宽转换单元连接多路分解器的输入端和多路选择器的输出端。图3中位宽转换单元连接通路(0)的输入端和多路选择器的输出端。In an embodiment provided by the present invention, the cryptographic processing module further includes a bit width converting unit, configured to perform bit width conversion on the input block data and the output block data. Specifically, as shown in FIG. 2 , the bit width conversion unit is connected to the input end of the demultiplexer and the output end of the multiplexer. The bit width conversion unit in FIG. 3 is connected to the input end of the path (0) and the output end of the multiplexer.
本发明所提供的一个实施例中,参见图8,AES加密解密装置还包括与密码处理模块相连的交互寄存模块,用于根据寄存器配置信息产生密码处理模块所需的AES模式控制信号C。本发明中寄存器的配置信息可以从输入数据流中获取,还可以从处理器中获取相应的配置信息。交互寄存模块根据寄存器配置信息产生AES模式控制信号C,控制密码处理模块对待加解密分组数据D0和密钥初始向量IV进行加密解密处理。需要说明的是,AES模式控制信号C不仅用于控制加解密模式,还用于控制工作位宽等。In an embodiment provided by the present invention, referring to FIG. 8 , the AES encryption and decryption device further includes an interactive register module connected to the cryptographic processing module for generating the AES mode control signal C required by the cryptographic processing module according to the register configuration information. The configuration information of the register in the present invention can be obtained from the input data stream, and corresponding configuration information can also be obtained from the processor. The interactive registration module generates an AES mode control signal C according to the register configuration information, and controls the cryptographic processing module to encrypt and decrypt the block data D0 to be encrypted and decrypted and the key initialization vector IV. It should be noted that the AES mode control signal C is not only used to control the encryption and decryption mode, but also used to control the working bit width and the like.
本发明所提供的一个实施例中,所述加密解密装置还包括与交互寄存模块相连的处理器模块,用于设置寄存器配置信息。上述提及,输入数据流加载的寄存器配置信息实为硬件配置方式,其优点是运行速度快,但是配置方式相对单一且固定。而处理器模块为软件配置方式,即用户可以通过在处理器模块中加载相应的配置程序,即可完成寄存器配置。因此,处理器配置方式相对于输入数据流的配置方式,具有更高的灵活性。而本发明采用两者结合的方式,可配置各种工作方式,提高了本装置的运行速度,同时也增强了配置的灵活性。In an embodiment provided by the present invention, the encryption and decryption device further includes a processor module connected to the interactive registration module and used for setting register configuration information. As mentioned above, the register configuration information loaded by the input data stream is actually a hardware configuration method, which has the advantage of fast operation speed, but the configuration method is relatively single and fixed. The processor module is configured by software, that is, the user can complete the register configuration by loading the corresponding configuration program in the processor module. Therefore, the configuration mode of the processor has higher flexibility than the configuration mode of the input data stream. However, the present invention adopts the combination of the two, and various working modes can be configured, which improves the operating speed of the device and also enhances the flexibility of configuration.
本发明所提供的一个实施例中,所述加密解密装置还包括输入数据选择模块。所述输入数据选择模块用于选择不同格式的输入数据流D进入交互寄存模块。输入数据流D中包含了寄存器配置信息和待加密解密的数据D0。In an embodiment provided by the present invention, the encryption and decryption device further includes an input data selection module. The input data selection module is used to select input data streams D in different formats to enter the interactive registration module. The input data stream D contains register configuration information and data D0 to be encrypted and decrypted.
本发明所提供的一个实施例中,所述加密解密装置还包括接口模块,用于将不同格式的输入数据流进行格式转换,转换后的数据流经所述输入数据选择模块进行选择输出。其中,所述接口模块包括串口转换单元、并口转换单元、SPI转换单元以及JTAG转换单元。其中,串口转换单元用于将串行数据流转换成并行数据流,例如将1位数据流转换成32位数据流、并行转换单元用于将一种并行数据流转换成另一种并行数据流,如将8位或16位或32位数据流转换成32位数据流。SPI转换单元用于将满足SPI协议的数据流转换成并行数据流,例如将1位或2位或4位数据流转换成32数据流。JTAG转换单元将满足JTAG协议的数据流转换成并行数据流,例如将1位数据流转换成32位数据流。其中,JTAG转换单元还可以用于配置密钥K。本发明中的接口模块采用数据流传输速率匹配技术,将多种不同速率的接口统一成固定速率的接口,方便后续数据处理。In an embodiment provided by the present invention, the encryption and decryption device further includes an interface module, configured to perform format conversion on input data streams of different formats, and the converted data streams are selected and output by the input data selection module. Wherein, the interface module includes a serial port conversion unit, a parallel port conversion unit, an SPI conversion unit and a JTAG conversion unit. Among them, the serial port conversion unit is used to convert the serial data stream into a parallel data stream, for example, convert a 1-bit data stream into a 32-bit data stream, and the parallel conversion unit is used to convert a parallel data stream into another parallel data stream , such as converting an 8-bit or 16-bit or 32-bit data stream into a 32-bit data stream. The SPI conversion unit is used to convert the data stream satisfying the SPI protocol into a parallel data stream, for example, convert a 1-bit or 2-bit or 4-bit data stream into a 32-bit data stream. The JTAG conversion unit converts the data stream satisfying the JTAG protocol into a parallel data stream, for example, converts a 1-bit data stream into a 32-bit data stream. Wherein, the JTAG conversion unit can also be used to configure the key K. The interface module in the present invention adopts data stream transmission rate matching technology to unify multiple interfaces with different rates into an interface with a fixed rate to facilitate subsequent data processing.
本发明所提供的一个实施例中,所述加密解密装置还包括输出数据选择模块,用于根据所述AES模式控制信号C控制所述密码处理模块选择输出正向处理数据D1或者反向处理数据D2。所述输出数据选择模块根据交互寄存器的AES模式控制信号C将正向/反向处理后的数据进行选择输出,并进行存储,完成整个数据流的加载过程。In an embodiment provided by the present invention, the encryption and decryption device further includes an output data selection module, which is used to control the encryption processing module to select and output forward processing data D1 or reverse processing data according to the AES mode control signal C D2. The output data selection module selects and outputs the forward/reverse processed data according to the AES mode control signal C of the interactive register, and stores them to complete the loading process of the entire data stream.
本发明所提供的一个实施例中,所述加密解密装置还包括与输出数据选择模块相连的存储模块,用于存储正向/反向处理后的数据。In an embodiment provided by the present invention, the encryption and decryption device further includes a storage module connected to the output data selection module for storing forward/reverse processed data.
综上所述,本发明所提供的加密解密装置采用全硬件实现了AES算法的核心部分,同时支持全部5种加解密模式,能够满足加密解密的全部需求,提高了数据的安全性和保密性。因此相对于现有技术,本发明具备更强的抵抗外界攻击的能力。另外,本装置具有多种配置方式,有效提高了装置配置的灵活性,同时支持多种数据接口,满足多种数据流应用的需求。In summary, the encryption and decryption device provided by the present invention implements the core part of the AES algorithm by using full hardware, supports all five encryption and decryption modes at the same time, can meet all the requirements for encryption and decryption, and improves data security and confidentiality . Therefore, compared with the prior art, the present invention has a stronger ability to resist external attacks. In addition, the device has multiple configuration modes, which effectively improves the flexibility of device configuration, and supports multiple data interfaces at the same time to meet the requirements of multiple data stream applications.
本领域普通技术人员可以理解实现上述实施例中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。Those of ordinary skill in the art can understand that the implementation of all or part of the processes in the above embodiments can be completed by instructing related hardware through a computer program, and the program can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM), etc.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. All should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.
Claims (12)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510437634.8A CN105007154B (en) | 2015-07-23 | 2015-07-23 | A kind of encrypting and decrypting device based on aes algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510437634.8A CN105007154B (en) | 2015-07-23 | 2015-07-23 | A kind of encrypting and decrypting device based on aes algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105007154A true CN105007154A (en) | 2015-10-28 |
| CN105007154B CN105007154B (en) | 2018-07-31 |
Family
ID=54379683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510437634.8A Active CN105007154B (en) | 2015-07-23 | 2015-07-23 | A kind of encrypting and decrypting device based on aes algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105007154B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105512573A (en) * | 2015-11-24 | 2016-04-20 | 深圳国微技术有限公司 | Anti-attack arbitration device |
| CN105610585A (en) * | 2016-03-14 | 2016-05-25 | 北京三未信安科技发展有限公司 | Crypto-operation supporting microprocessor, method and system |
| CN109670320A (en) * | 2017-10-13 | 2019-04-23 | 三星电子株式会社 | Encrypt equipment and decryption device and its operating method |
| CN109714162A (en) * | 2019-01-29 | 2019-05-03 | 南京南瑞国盾量子技术有限公司 | A kind of quantum key expansion method and system |
| CN111488628A (en) * | 2020-06-02 | 2020-08-04 | 南京大学 | Address encryption circuit, address encryption method and setting network |
| CN115022000A (en) * | 2022-05-27 | 2022-09-06 | 北京交大微联科技有限公司 | Communication method and device of railway signal system and electronic equipment |
| CN118523902A (en) * | 2024-07-22 | 2024-08-20 | 之江实验室 | A method and device for switching multiple encryption and decryption modes based on software definition |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20250005204A1 (en) * | 2023-06-29 | 2025-01-02 | Stmicroelectronics International N.V. | Processing system, integrated circuit, device, and method for data transfer for secure processing |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101782956A (en) * | 2010-02-09 | 2010-07-21 | 杭州晟元芯片技术有限公司 | Method and device for protecting data on basis of AES real-time encryption |
| CN102185692A (en) * | 2011-04-25 | 2011-09-14 | 北京航空航天大学 | Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm |
| CN102799800A (en) * | 2011-05-23 | 2012-11-28 | 中国科学院计算技术研究所 | Security encryption coprocessor and wireless sensor network node chip |
-
2015
- 2015-07-23 CN CN201510437634.8A patent/CN105007154B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101782956A (en) * | 2010-02-09 | 2010-07-21 | 杭州晟元芯片技术有限公司 | Method and device for protecting data on basis of AES real-time encryption |
| CN102185692A (en) * | 2011-04-25 | 2011-09-14 | 北京航空航天大学 | Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm |
| CN102799800A (en) * | 2011-05-23 | 2012-11-28 | 中国科学院计算技术研究所 | Security encryption coprocessor and wireless sensor network node chip |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105512573A (en) * | 2015-11-24 | 2016-04-20 | 深圳国微技术有限公司 | Anti-attack arbitration device |
| CN105512573B (en) * | 2015-11-24 | 2019-02-05 | 深圳国微技术有限公司 | A kind of moderator of attack resistance |
| CN105610585A (en) * | 2016-03-14 | 2016-05-25 | 北京三未信安科技发展有限公司 | Crypto-operation supporting microprocessor, method and system |
| CN109670320A (en) * | 2017-10-13 | 2019-04-23 | 三星电子株式会社 | Encrypt equipment and decryption device and its operating method |
| CN109670320B (en) * | 2017-10-13 | 2023-04-25 | 三星电子株式会社 | Encryption device and decryption device, and method of operation thereof |
| CN109714162A (en) * | 2019-01-29 | 2019-05-03 | 南京南瑞国盾量子技术有限公司 | A kind of quantum key expansion method and system |
| CN111488628A (en) * | 2020-06-02 | 2020-08-04 | 南京大学 | Address encryption circuit, address encryption method and setting network |
| CN111488628B (en) * | 2020-06-02 | 2022-08-05 | 南京大学 | Address encryption circuit, address encryption method and setting network |
| CN115022000A (en) * | 2022-05-27 | 2022-09-06 | 北京交大微联科技有限公司 | Communication method and device of railway signal system and electronic equipment |
| CN115022000B (en) * | 2022-05-27 | 2023-12-01 | 北京交大微联科技有限公司 | Communication method and device of railway signal system and electronic equipment |
| CN118523902A (en) * | 2024-07-22 | 2024-08-20 | 之江实验室 | A method and device for switching multiple encryption and decryption modes based on software definition |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105007154B (en) | 2018-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105007154B (en) | A kind of encrypting and decrypting device based on aes algorithm | |
| US8983063B1 (en) | Method and system for high throughput blockwise independent encryption/decryption | |
| US9363078B2 (en) | Method and apparatus for hardware-accelerated encryption/decryption | |
| US7200226B2 (en) | Cipher block chaining decryption | |
| TWI402675B (en) | Low latency block cipher | |
| EP2863577A1 (en) | Method for conducting data encryption and decryption using symmetric cryptography algorithm and table look-up device | |
| CN101969376B (en) | Self-adaptive encryption system and method with semantic security | |
| US20160112188A1 (en) | Encryptor/decryptor, electronic device including encryptor/decryptor, and method of operating encryptor/decryptor | |
| US10237066B1 (en) | Multi-channel encryption and authentication | |
| JP2004240427A (en) | Method for designing optimal encryption function in mobile communication system and optimal encryption device | |
| CN116488795B (en) | GCM-AES processing method and device | |
| US7623660B1 (en) | Method and system for pipelined decryption | |
| CN111740818A (en) | A data processing method, device, equipment and storage medium | |
| Singh et al. | Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish | |
| US8560832B2 (en) | Information processing apparatus | |
| Patil et al. | An enhancement in international data encryption algorithm for increasing security | |
| CN1795637B (en) | Method and apparatus for a low memory hardware implementation of the key expansion function | |
| CN115550692B (en) | Method, device and equipment for encrypting video stream in real time | |
| CN114826562B (en) | Data encryption method, device, electronic device and storage medium | |
| JP4395527B2 (en) | Information processing device | |
| CN106034022A (en) | AES encryption and decryption device and method in CBC mode | |
| KR100494560B1 (en) | Real time block data encryption/decryption processor using Rijndael block cipher and method therefor | |
| Guzmán et al. | FPGA implementation of the AES-128 algorithm in non-feedback modes of operation | |
| Bittencourt et al. | CLEFIA implementation with full key expansion | |
| KR102348802B1 (en) | AES encryption and decryption circuit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 518057 Guangdong city of Shenzhen province Nanshan District high tech Industrial Park Road eight South South technology Howare Technology Building 16 Applicant after: SHENZHEN PANGO MICROSYSTEMS Co.,Ltd. Address before: 518057 Guangdong city of Shenzhen province Nanshan District high tech Industrial Park Road eight South South technology Howare Technology Building 16 Applicant before: Shenzhen Tongchuang Guoxin Electronics Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 518000 Guowei R & D building 401, No.015, Gaoxin South 1st Road, high tech Zone community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Patentee after: Shenzhen Ziguang Tongchuang Electronics Co.,Ltd. Country or region after: China Address before: 16th Floor, Haowei Technology Building, Science and Technology South Eighth Road, Nanshan District, Shenzhen, Guangdong Province, China Patentee before: SHENZHEN PANGO MICROSYSTEMS Co.,Ltd. Country or region before: China |