Design and development of USB software encryption card and its driver

1 Introduction
Software encryption card (also known as software dog) is an intelligent encryption tool, a hardware circuit installed on parallel port, serial port and other interfaces. When the protected software is running, the program sends a query command to the encryption card inserted in the computer, and the encryption card quickly calculates the query and gives a response. The correct response can ensure the smooth operation of the software. If there is no software encryption card, the program cannot run. The latest fourth-generation software encryption card has a built-in single-chip microcomputer chip, which stores a specific algorithm program, which can encrypt and transform the read key to resist the logic analyzer.
USB software encryption card is the product of the combination of USB interface technology and fourth-generation encryption card technology, so it has some obvious advantages over other encryption cards: first, USB has a fast data transmission speed, USB1.0 protocol has a bit rate of 12M, and USB2.0 version can reach a bit rate of 480M; second, the underlying data transmission of USB has a specific packaging method and encoding format, which increases the difficulty of intercepting and decrypting encrypted data during transmission. Finally, the plug-and-play feature of USB devices greatly facilitates user use. For example, when using protected software on other microcomputers, you only need to unplug and plug, eliminating the trouble of opening the chassis and restarting.
2 Hardware Design of USB Software Encryption Card
2.1 USB Interface Chip
There are many types of USB interface chips, but no matter what kind of interface chip, there are two basic functions: one is to communicate with the host computer; the other is to provide an interface to the peripheral circuit CPU. In other words, the interface chip builds a bridge between the computer and the peripheral device, so that developers do not need to worry about how the complex USB protocol transmits data to the host. The
existing interface chips that support USB1.0 protocol can be roughly divided into two categories: one is an internally integrated microcontroller, such as Intel 8×930Ax/Hx with an embedded 8051CPU; the other only provides a read-write interface for accessing the peripheral circuit, such as USBN9603. In the design of encryption cards, it is recommended to use the second type, because the 8051CPU has a hard time processing more complex encryption algorithms. The following uses the USBN9603 as an example to introduce the use of interface chips.
Figure 1 describes the logical structure of USBN9603. It can be seen that the chip provides an 8-bit parallel interface to the outside. This interface is a data/address multiplexing interface. The chip has its own address latch inside, which cooperates with CS, RD, and WK signals to complete the read and write operations of the internal register. USBN9603 has an external interrupt INTR pin. When the USB interface changes state, it can generate an interrupt signal to notify the CPU. By setting the interrupt mask register bit by software, the occurrence of the interrupt signal can be controlled.
USBN9603 has 7 endpoints connected to the host, including a bidirectional command transmission endpoint, three receiving endpoints, and three sending endpoints. It can support interrupt (Interrupt), bulk (Bulk) and isochronal (Isochronal) transmission modes. The voltage regulator equipped with the USBN9603 transmitter (Transceiver) can generate a pull-up voltage through software setting. Connecting D+ through a pull-up resistor turns on the full-speed mode, and connecting D- turns on the low-speed mode.
USBN9603 uses an external crystal oscillator and has an external clock output device to generate an external clock signal. Its output frequency can be controlled by software. The USB interface engine of USBN9603 consists of a physical layer and a media channel controller. The physical layer includes a digital clock circuit, a monitoring circuit, a bit filling and clearing logic circuit, etc. The media channel controller layer must complete tasks such as data packet formatting, cyclic redundancy detection, and endpoint address detection, and provide control of NAK, ACK, and STALL responses issued by endpoints. The interface engine is also responsible for detecting and reporting USB bus events, such as reset, suspend, and resume.

USBN9603 provides developers with 53 programmable registers, with addresses ranging from 0x00 to 0x3F. The CPU completes all USB interface operations by reading and writing registers. The USBN9603 registers are mapped to the CPU's external RAM. The CPU addresses through the CS chip select signal, and writes the address and data through the 8-bit parallel port with the cooperation of the ALE signal and the RD and WR signals. Although the read and write operations are simple, the definition and function of each register are complex. However, as long as you have a certain understanding of the USB protocol and the functions of USBN9603, it is not difficult to understand and master the use of each register.
2.2 Design of peripheral control circuits
The peripheral control circuit has two functions: one is to operate the USB interface; the other is to implement the encryption algorithm. This requires the main control chip to provide basic read and write, interrupt and address/data signals, and at the same time have a certain computing power to adapt to the encryption algorithm. Under this premise, we have a variety of options, but the production of encryption cards cannot blindly pursue high confidentiality performance and ignore the development cost. Different solutions should be flexibly selected according to different application scenarios. For example, DSP chips have excellent confidentiality and computing speed, but the development cost is high and the cycle is long; low-priced single-chip microcomputers such as 8051 can also be used. Although they are slow and have poor confidentiality, they are simple to make and have a short development cycle.
One solution we use in practice is the single-chip microcomputer + FPGA (Field Programmable Gate Array) mode, which can not only conveniently use the single-chip microcomputer to complete the operation of the USB port, but also use the characteristics of FPGA such as fast speed and strong confidentiality to implement complex encryption algorithms. FPAG supports many encryption standards such as AES, DES, and triple DES. Moreover, relying on the online programming function of FPGA, the algorithm can be easily updated and upgraded. This combination mode conforms to the modular design concept and will increase the development speed to a certain extent.
3 USB software encryption card driver design
3.1 Basic function implementation of the driver
The basic function of the driver is to establish data communication between the application and the encryption card. Windows98 and Windows2000 operating systems provide comprehensive support for the USB bus, and replace the VxD device driver with the WDM (Windows Device Mode) device driver model. WDM supports USB1.1 protocol and provides a lower-edge interface USBDI (USB Driving Interface) for users to develop their own user drivers. USB user drivers access USB device class drivers through USBDI. USB client drivers will never receive any hardware resources (such as ports or interrupts), and all low-level I/Os are handled by USB device class drivers. Client drivers only care about major operations such as data transmission type, transmission timing, transmission pipeline, and how to process data. USBDI is a software interface designed to achieve this. Figuratively speaking, USBDI builds a logical structure of a device defined in the USB protocol in software form, as shown in Figure 2.