[go: up one dir, main page]

CN115834201A - Data encryption method, data decryption method and data processing method for data storage system - Google Patents

Data encryption method, data decryption method and data processing method for data storage system Download PDF

Info

Publication number
CN115834201A
CN115834201A CN202211475170.6A CN202211475170A CN115834201A CN 115834201 A CN115834201 A CN 115834201A CN 202211475170 A CN202211475170 A CN 202211475170A CN 115834201 A CN115834201 A CN 115834201A
Authority
CN
China
Prior art keywords
data
segment
encrypted
characters
corresponding matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211475170.6A
Other languages
Chinese (zh)
Inventor
禹尧
支蓉
吕明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mercedes Benz Group AG
Original Assignee
Mercedes Benz Group AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mercedes Benz Group AG filed Critical Mercedes Benz Group AG
Priority to CN202211475170.6A priority Critical patent/CN115834201A/en
Publication of CN115834201A publication Critical patent/CN115834201A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to a data encryption method for a data storage system, which comprises the following steps: segmenting original data to be encrypted into data segments with unequal lengths (S1); inserting a string of fixed length characters in front of each data segment (S2); inserting a marker character at the end of each data segment (S3); generating a correspondence matrix based on the order of the data segments and the inserted characters (S4); encrypting (S5) the generated correspondence matrix; the sequence of the data segments is adjusted and spliced, and the adjusted data segments and the encrypted correspondence matrix are stored (S6). The invention also relates to a data decryption method for a data storage system, a data processing method for a data storage system and a computer program product for performing the method. In the embodiment of the invention, the encryption of the original data segment with larger data volume is replaced by the encryption of the corresponding matrix with smaller data volume, so that the calculation amount and occupied resources of data encryption can be effectively reduced.

Description

用于数据存储系统的数据加密方法,解密方法和处理方法Data encryption method, decryption method and processing method for data storage system

技术领域technical field

本发明涉及车辆领域,尤其涉及一种用于数据存储系统的数据加密方法,一种用于数据存储系统的数据解密方法,一种用于数据存储系统的数据处理方法和一种用于执行上述方法的计算机程序产品。The present invention relates to the field of vehicles, in particular to a data encryption method for a data storage system, a data decryption method for a data storage system, a data processing method for a data storage system and a method for performing the above Method computer program product.

背景技术Background technique

在车辆领域目前可能需要采集和存储大量的数据。例如车辆的事件数据记录设备用于记录碰撞事件、有碰撞风险时车辆的相关数据。对于具备高级别驾驶辅助和/或自动驾驶功能的车辆,其还要配备有自动驾驶车辆数据记录系统用于记录所有与高级别驾驶辅助功能和/或自动驾驶功能相关的数据。自动驾驶车辆数据记录系统要记录的数据不仅包括系统发出的决策和控制类信号、车辆动力学及车身状态类信号等相关的数据,而且包括视频和/或图像数据。一般而言,对存储在车辆内的数据加密,可以一定程度上保护国家测绘信息的安全、保护个人信息、保护车辆控制的专利权等。In the field of vehicles, it may be necessary to collect and store a large amount of data. For example, the event data recording device of the vehicle is used to record collision events and relevant data of the vehicle when there is a risk of collision. For vehicles with high-level driver assistance and/or automatic driving functions, it is also equipped with an automatic driving vehicle data recording system to record all data related to high-level driver assistance functions and/or automatic driving functions. The data to be recorded by the autonomous vehicle data recording system includes not only the decision-making and control signals sent by the system, vehicle dynamics and body state signals, but also video and/or image data. Generally speaking, encrypting the data stored in the vehicle can protect the security of national surveying and mapping information, personal information, and patent rights for vehicle control to a certain extent.

然而,视频和/或图像的数据量远大于系统发出的决策和控制类信号、车辆动力学及车身状态类信号等相关数据的数据量。例如,若以4Hz存储2500次的40s的系统发出的决策和控制类信号、车辆动力学及车身状态类信号等相关的数据通常不会超过100MB级别,而1次40s的视频和/或图像数据便可能达到100MB级别。同时,由于硬件和/或软件安全模块的资源有限,加密大数据量的数据会对硬件和/或软件安全模块的应用及架构造成很大的影响。例如若某汽车架构下,加密2MB的数据需要6s,那么在这6s内该硬件和/或软件安全模块可能无法同步处理别的加密需求。若记录包含视频和/或图片的每一次触发事件可能达到的100MB级别的数据量,这让即使是能够同步处理加密请求的硬件和/或软件安全模块,也会因为加密大数据量所需的时间过长,带来断电和/或汽车下电而数据还在硬件和/或软件安全模块中被处理导致未被写入的数据丢失风险和/或其他行车安全风险。However, the amount of video and/or image data is far greater than the amount of relevant data such as decision-making and control signals, vehicle dynamics, and body state signals sent by the system. For example, if 2500 times of 40s are stored at 4Hz, the relevant data such as decision-making and control signals, vehicle dynamics, and body state signals usually do not exceed 100MB, while video and/or image data of 40s once It may reach the 100MB level. At the same time, due to the limited resources of the hardware and/or software security module, encrypting a large amount of data will have a great impact on the application and architecture of the hardware and/or software security module. For example, if it takes 6 seconds to encrypt 2MB of data under a certain car architecture, then the hardware and/or software security module may not be able to process other encryption requirements synchronously within these 6 seconds. If the data volume of each trigger event including video and/or pictures may reach 100MB level, this makes even hardware and/or software security modules capable of processing encryption requests synchronously, because of the required If the time is too long, there will be a power outage and/or the car is powered off while the data is still being processed in the hardware and/or software security module, resulting in the risk of unwritten data loss and/or other driving safety risks.

因此,如何对车辆的数据存储系统、尤其自动驾驶车辆数据记录系统的数据进行高效地加密成为目前普遍存在的技术难点。Therefore, how to efficiently encrypt the data of the data storage system of the vehicle, especially the data recording system of the automatic driving vehicle, has become a common technical difficulty at present.

发明内容Contents of the invention

本发明的目的在于提供一种用于数据存储系统的数据加密方法,一种用于数据存储系统的数据解密方法,一种用于数据存储系统的数据处理方法和一种用于执行上述方法的计算机程序产品,以解决现有技术中的问题。本发明的核心构思在于:将待加密的原始数据分段成非等长数据段;在每个数据段前后分别插入字符和标记字符,其中,所述标记字符能够标记数据段的分段节点和/或方式;将分段后的数据段的原顺序分别与在数据段前插入的字符相关联,并基于分段后的数据段的原顺序和插入的字符生成对应矩阵,将生成的对应矩阵加密,并打乱分段后且插入字符和标记字符的数据段顺序,且将所述所有处理后的非等长数据段拼接为一个和/或某几个数据段。仅基于经调整的一个和/或某几个数据段不能够生成原始数据(明文),从而通过具有较小数据量的对应矩阵的加密就能够完成数据的加密过程。在本发明的实施例中,通过对仅有较小数据量的对应矩阵的加密来代替对具有较大数据量的原始数据的加密,能够有效地降低数据加密的计算量及其占用的资源,从而不长时间和/或高带宽地占用硬件和/或软件安全模块的资源,同时能够到达数据存储系统对所存储的数据需要加密的要求。The object of the present invention is to provide a data encryption method for a data storage system, a data decryption method for a data storage system, a data processing method for a data storage system and a method for performing the above method A computer program product to solve problems in the prior art. The core idea of the present invention is: segment the original data to be encrypted into non-equal-length data segments; respectively insert characters and mark characters before and after each data segment, wherein the mark characters can mark segment nodes and/or method; the original order of the segmented data segments is associated with the characters inserted before the data segments, and a corresponding matrix is generated based on the original order of the segmented data segments and the inserted characters, and the generated corresponding matrix is encrypted, The order of the segmented data segments with inserted characters and marked characters is disturbed, and all the processed non-equal-length data segments are spliced into one and/or several data segments. The original data (plaintext) cannot be generated only based on the adjusted one and/or certain several data segments, so that the data encryption process can be completed by encrypting the corresponding matrix with a smaller data volume. In the embodiment of the present invention, by encrypting the corresponding matrix with only a small amount of data instead of encrypting the original data with a large amount of data, the calculation amount of data encryption and the resources occupied by it can be effectively reduced, Therefore, the resources of the hardware and/or software security module are not occupied for a long time and/or high bandwidth, and at the same time, the requirement of the data storage system for storing data to be encrypted can be met.

根据本发明的第一方面,提供了一种用于数据存储系统的数据加密方法。所述数据加密方法包括以下步骤:According to a first aspect of the present invention, a data encryption method for a data storage system is provided. Described data encryption method comprises the following steps:

步骤S1:将待加密的原始数据分段成非等长数据段;Step S1: Segment the original data to be encrypted into data segments of unequal length;

步骤S2:在每个数据段前插入一串固定长度的字符;Step S2: Insert a string of fixed-length characters before each data segment;

步骤S3:在每个数据段的末尾插入标记字符;Step S3: Insert a mark character at the end of each data segment;

步骤S4:基于数据段的顺序和插入的字符生成对应矩阵;Step S4: Generate a corresponding matrix based on the order of the data segments and the inserted characters;

步骤S5:对所生成的对应矩阵进行加密;Step S5: Encrypt the generated corresponding matrix;

步骤S6:将所述数据段的顺序进行调整和拼接,并存储经调整的数据段和经加密的对应矩阵。Step S6: adjusting and concatenating the sequence of the data segments, and storing the adjusted data segments and the encrypted corresponding matrix.

可选地,所述数据加密方法可以包括以下步骤:Optionally, the data encryption method may include the following steps:

步骤S10:将原始数据存储在非易失性存储器中;Step S10: storing the original data in a non-volatile memory;

步骤S11:从非易失性存储器读取所述原始数据。Step S11: read the original data from the non-volatile memory.

可选地,所述数据加密方法可以包括以下步骤:Optionally, the data encryption method may include the following steps:

步骤S7:将存储在非易失性存储器中的原始数据(明文)删除。Step S7: Delete the original data (plaintext) stored in the non-volatile memory.

可选地,在步骤S6中,将经调整的数据段和经加密的对应矩阵均存储在非易失性存储器中,或者将经调整的数据段和经加密的对应矩阵均上传至数据平台中存储,或者分别将经调整的数据段存储在非易失性存储器中并将经加密的对应矩阵上传至数据平台中存储。Optionally, in step S6, both the adjusted data segment and the encrypted corresponding matrix are stored in a non-volatile memory, or both the adjusted data segment and the encrypted corresponding matrix are uploaded to the data platform storage, or respectively store the adjusted data segments in a non-volatile memory and upload the encrypted corresponding matrix to the data platform for storage.

可选地,在没有获取且解密经加密的对应矩阵的情况下,仅基于存储经调整的数据段不能够转译原始数据(明文)。Alternatively, the original data (plaintext) cannot be translated based solely on storing the adjusted data segments without obtaining and decrypting the encrypted corresponding matrix.

可选地,在所述数据段的末尾插入的标记字符与所插入的数据段中的任一字符均不同;Optionally, the marker character inserted at the end of the data segment is different from any character in the inserted data segment;

可选地,所述标记字符作为对应矩阵的元素项同所述对应矩阵一起被加密,或者所述标记字符单独被加密,且所述标记字符的存储方式和存储地址与对应矩阵相同。Optionally, the marked character is encrypted together with the corresponding matrix as an element item of the corresponding matrix, or the marked character is encrypted separately, and the storage method and storage address of the marked character are the same as those of the corresponding matrix.

可选地,在所述数据段前插入的字符的固定长度足够长,且通过生成所述固定长度的字符的算法和/或筛选机制保证每个数据段前插入的字符不重复。Optionally, the fixed length of the characters inserted before the data segment is long enough, and the characters inserted before each data segment are guaranteed not to be repeated through an algorithm and/or a screening mechanism for generating the characters of the fixed length.

可选地,在步骤S5中,通过集成的加密算法及密钥对所生成的对应矩阵进行加密。Optionally, in step S5, the generated corresponding matrix is encrypted with an integrated encryption algorithm and key.

根据本发明的第二方面,提供了一种用于数据存储系统的数据解密方法,其中,所述数据解密方法与根据本发明的数据加密方法配合使用。所述数据解密方法包括:According to a second aspect of the present invention, a data decryption method for a data storage system is provided, wherein the data decryption method is used in conjunction with the data encryption method according to the present invention. The data decryption method includes:

步骤S1’:提取经调整的数据和经加密的对应矩阵;Step S1': extract the adjusted data and the encrypted corresponding matrix;

步骤S2’:对经加密的对应矩阵进行解密,由此获取矩阵明文;Step S2': Decrypt the encrypted corresponding matrix, thereby obtaining the plaintext of the matrix;

步骤S3’:遍历经调整的数据,通过识别所述数据中的标记字符对所述经调整的数据进行分段,由此获取待处理的非等长数据段;Step S3': traversing the adjusted data, and segmenting the adjusted data by identifying the mark characters in the data, thereby obtaining non-equal-length data segments to be processed;

步骤S4’:提取和/或标记所述数据段前插入的字符;Step S4': extracting and/or marking the characters inserted before the data segment;

步骤S5’:基于所获取的矩阵明文中字符所对应的数据段的原顺序,还原所述数据段的顺序;Step S5': Based on the original order of the data segments corresponding to the characters in the obtained matrix plaintext, restore the order of the data segments;

步骤S6’:删除所述数据段前插入的字符和所述数据段的末尾插入的标记字符;Step S6': delete the character inserted before the data segment and the tag character inserted at the end of the data segment;

步骤S7’:对经删除后的数据段进行拼接,由此获取原始数据。Step S7': Splicing the deleted data segments to obtain the original data.

根据本发明的第三方面,提供了一种用于数据存储系统的数据处理方法,所述数据处理方法包括根据本发明的数据加密方法和根据本发明的数据解密方法。According to a third aspect of the present invention, a data processing method for a data storage system is provided, the data processing method includes the data encryption method according to the present invention and the data decryption method according to the present invention.

根据本发明的第四方面,提供了一种计算机程序产品、例如计算机可读的程序载体,包含计算机程序指令,所述计算机程序指令被处理器执行时实现上述方法的步骤。According to a fourth aspect of the present invention, there is provided a computer program product, such as a computer-readable program carrier, including computer program instructions, and when the computer program instructions are executed by a processor, the steps of the above method are implemented.

附图说明Description of drawings

下面通过参照附图更详细地描述本发明可以更好地理解本发明的原理、特点和优点。附图示出:The principles, features and advantages of the present invention can be better understood by describing the present invention in more detail below with reference to the accompanying drawings. The accompanying drawings show:

图1示出根据本发明的一个示例性实施例的用于数据存储系统的数据加密方法的工作流程图;Fig. 1 shows the working flowchart of the data encryption method for data storage system according to an exemplary embodiment of the present invention;

图2示出基于现有技术的数据加密方法的数据流图;Fig. 2 shows the data flow diagram based on the data encryption method of prior art;

图3示出根据本发明的另一示例性实施例的数据加密方法的数据流图;FIG. 3 shows a data flow diagram of a data encryption method according to another exemplary embodiment of the present invention;

图4示出根据本发明的另一示例性实施例的数据加密方法的数据流图;FIG. 4 shows a data flow diagram of a data encryption method according to another exemplary embodiment of the present invention;

图5示出根据本发明的另一示例性实施例的数据加密方法的数据流图;Figure 5 shows a data flow diagram of a data encryption method according to another exemplary embodiment of the present invention;

图6示出根据本发明的另一示例性实施例的数据加密方法的数据流图;FIG. 6 shows a data flow diagram of a data encryption method according to another exemplary embodiment of the present invention;

图7示出根据本发明的另一示例性实施例的用于数据存储系统的数据加密方法的工作流程图;Fig. 7 shows a working flowchart of a data encryption method for a data storage system according to another exemplary embodiment of the present invention;

图8示出根据本发明的一个示例性实施例的用于数据存储系统的数据解密方法的工作流程图;Fig. 8 shows a working flowchart of a data decryption method for a data storage system according to an exemplary embodiment of the present invention;

图9示出根据本发明的一个示例性实施例的待加密的原始数据;Fig. 9 shows the original data to be encrypted according to an exemplary embodiment of the present invention;

图10示出根据本发明的一个示例性实施例的经分段的数据;Figure 10 illustrates segmented data according to an exemplary embodiment of the present invention;

图11示出根据本发明的一个示例性实施例的具有插入字符的经分段的数据;Figure 11 illustrates segmented data with caret characters according to an exemplary embodiment of the present invention;

图12示出根据本发明的一个示例性实施例的对应矩阵;Figure 12 shows a corresponding matrix according to an exemplary embodiment of the present invention;

图13示出根据本发明的一个示例性实施例的经加密的对应矩阵;和Figure 13 shows the encrypted correspondence matrix according to an exemplary embodiment of the present invention; and

图14示出根据本发明的一个示例性实施例的经调整的数据段。FIG. 14 illustrates adjusted data segments according to an exemplary embodiment of the present invention.

具体实施方式Detailed ways

为了使本发明所要解决的技术问题、技术方案以及有益的技术效果更加清楚明白,以下将结合附图以及多个示例性实施例对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅用于解释本发明,而不是用于限定本发明的保护范围。In order to make the technical problems, technical solutions and beneficial technical effects to be solved by the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and multiple exemplary embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, rather than to limit the protection scope of the present invention.

图1示出根据本发明的一个示例性实施例的用于数据存储系统的数据加密方法的工作流程图。以下示例性的实施例更详细地描述根据本发明的数据加密方法。Fig. 1 shows a working flowchart of a data encryption method for a data storage system according to an exemplary embodiment of the present invention. The following exemplary embodiments describe the data encryption method according to the present invention in more detail.

所述数据加密方法包括步骤S1至S6。在步骤S1中,将待加密的原始数据分段成非等长数据段。在本发明的当前实施例中,可以将如图9中所示的待加密的数据分段成多个具有随机长度的数据段,其中,每个数据段的随机长度可以通过预设的算法(例如随机数生成器)确定。图10中所示的经分段的数据具有多个具有随机长度的数据段,例如第一数据段0XAF 28,第二数据段34 2B 1E 10,第三数据段07,第四数据段38 22等。需要说明的是,根据本发明的数据加密方法不仅适用于数据量较大的图片和/或视频数据,而且可以适用于所有需要被记录的数据段,例如数据段的一部分是系统发出的决策和控制类信号、车辆动力学及车身状态类信号等相关的数据,数据段的另一部分是图片和/或视频数据等。The data encryption method includes steps S1 to S6. In step S1, the original data to be encrypted is segmented into data segments of unequal length. In the present embodiment of the present invention, the data to be encrypted as shown in FIG. e.g. random number generator) determined. The segmented data shown in FIG. 10 has a plurality of data segments with random lengths, for example first data segment 0XAF 28, second data segment 34 2B 1E 10, third data segment 07, fourth data segment 38 22 wait. It should be noted that the data encryption method according to the present invention is not only applicable to pictures and/or video data with a large amount of data, but also applicable to all data segments that need to be recorded, for example, a part of the data segment is the decision and Data related to control signals, vehicle dynamics, and body state signals, and the other part of the data segment is picture and/or video data.

在步骤S2中,在每个数据段前插入一串固定长度的字符。在此,在所述数据段前插入的字符的固定长度足够长,且通过生成该固定长度的字符的算法和/或筛选机制保证每个数据段前插入的字符不重复,由此保证每个数据段前插入的字符具有唯一性,以便在后续的步骤中将每个数据段的顺序与该数据段前插入的字符相关联。可以理解的是,在所述数据段前插入的字符可以通过预设的算法(例如随机抽取、拼接该数据段内或该数据段前后某一范围内的字符)设置成所述的插入的字符。如图11所示的具有插入字符的经分段的数据,在第一数据段0X AF 28前插入第一字符19,在第二数据段34 2B 1E 10前插入第二字符10,在第三数据段07前插入第三字符12,在第四数据段38 22前插入第四字符01。In step S2, a string of fixed-length characters is inserted before each data segment. Here, the fixed length of the characters inserted before the data segment is long enough, and the algorithm and/or screening mechanism for generating the fixed-length characters ensure that the characters inserted before each data segment are not repeated, thereby ensuring that each The characters inserted before the data segment are unique, so that the order of each data segment is associated with the characters inserted before the data segment in subsequent steps. It can be understood that the characters inserted before the data segment can be set as the inserted characters through a preset algorithm (such as random extraction, splicing characters in the data segment or within a certain range before and after the data segment) . As shown in Figure 11, the segmented data with inserted characters, the first character 19 is inserted before the first data segment 0X AF 28, the second character 10 is inserted before the second data segment 34 2B 1E 10, and the third The third character 12 is inserted before the data segment 07, and the fourth character 01 is inserted before the fourth data segment 3822.

在步骤S3中,在每个数据段的末尾插入标记字符。在此,所述标记字符与所插入的数据段中的任一字符均不同,由此在解密时能够识别所述标记字符。可以理解的是,由于所述标记字符标记在每个数据段的末尾,因此通过所述标记字符能够标记数据段的分段方式。如图11所示的具有插入字符的经分段的数据,在第一数据段0X AF 28的末尾、在第二数据段34 2B1E 10的末尾、在第三数据段07的末尾和在第四数据段38 22的末尾分别插入标记字符5F。In step S3, mark characters are inserted at the end of each data segment. Here, the marking character is different from any character in the inserted data segment, so that the marking character can be identified during decryption. It can be understood that, since the marking character marks the end of each data segment, the segmentation mode of the data segment can be marked by the marking character. Segmented data with inserted characters as shown in FIG. Marking characters 5F are inserted at the end of the data segments 38 and 22, respectively.

在步骤S4中,基于数据段的顺序和插入的字符生成对应矩阵。在本发明的当前实施例中,例如在图12中所示的对应矩阵的第一列是数据段的顺序,第二列是插入的字符,由此在对应矩阵中将数据段的顺序分别与在该数据段前插入的字符相关联。由于每个数据段前插入的字符彼此不同,因此所述数据段的顺序可以与所述数据段前插入的字符存在一一对应关系。In step S4, a correspondence matrix is generated based on the order of the data segments and the inserted characters. In the current embodiment of the present invention, for example, the first column of the corresponding matrix shown in Fig. 12 is the order of the data segment, and the second column is the inserted character, thus in the corresponding matrix the order of the data segment and The characters inserted before the data segment are associated. Since the characters inserted before each data segment are different from each other, the sequence of the data segments may have a one-to-one correspondence with the characters inserted before the data segment.

在步骤S5中,对所生成的对应矩阵进行加密。在图13中示例性地示出通过预设的加密算法加密的对应矩阵。可以理解的是,由于数据段的顺序分别与在该数据段前插入的字符相关联,且对应矩阵的数据量远远小于原始数据段的数据量,通过对应矩阵的加密代替原始数据段的加密能够有效地降低加密的计算量,从而不长时间和/或高带宽地占用硬件和/或软件安全模块的资源。In step S5, the generated corresponding matrix is encrypted. The corresponding matrix encrypted by a preset encryption algorithm is exemplarily shown in FIG. 13 . It can be understood that since the order of the data segment is associated with the characters inserted before the data segment, and the data volume of the corresponding matrix is much smaller than the data volume of the original data segment, the encryption of the original data segment is replaced by the encryption of the corresponding matrix The calculation amount of encryption can be effectively reduced, so that resources of hardware and/or software security modules are not occupied for a long time and/or with high bandwidth.

为了简单明了地阐述该优点,通过对比图2和图3的数据流图来展示数据量的变化。图2示出了一种基于现有技术的数据加密方法的数据流图,其中,随机存取存储器3直接将原始数据传输给硬件和/或软件安全模块2进行加密处理。示例性地,自动驾驶汽车数据记录系统对于每一次触发事件可能需要的原始数据量是100MB,而在某架构下加密100MB的数据需要例如10s,所需的时间过长。这不仅会导致在这段时间内该硬件和/或软件安全模块2可能无法同步处理别的加密需求,而且会带来断电和/或汽车下电而数据还在硬件和/或软件安全模块2中被处理导致未被写入的数据丢失风险。图3示出了根据本发明的另一示例性实施例的数据加密方法的数据流图。与图2所示的技术方案不同的是,在计算单元1内基于原始数据生成经调整后的数据和对应矩阵后,再将随机存取存储器3中的对应矩阵数据传输给硬件和/或软件安全模块2进行加密处理。示例性地,基于100MB的原始数据量所生成的对应矩阵的数据量可能只有10-6MB,由此有效地降低加密的计算量,从而不长时间地占用硬件和/或软件安全模块2的资源。In order to explain this advantage simply and clearly, the change of data volume is shown by comparing the data flow diagrams in Fig. 2 and Fig. 3 . FIG. 2 shows a data flow diagram of a data encryption method based on the prior art, wherein the random access memory 3 directly transmits the original data to the hardware and/or software security module 2 for encryption processing. Exemplarily, the amount of raw data that may be required by the autonomous vehicle data recording system for each trigger event is 100MB, but under a certain architecture, it takes, for example, 10s to encrypt 100MB of data, which is too long. This will not only cause the hardware and/or software security module 2 may not be able to handle other encryption needs synchronously during this time, but also cause power failure and/or power off of the car while the data is still in the hardware and/or software security module 2 is processed, resulting in the risk of data loss that has not been written. Fig. 3 shows a data flow diagram of a data encryption method according to another exemplary embodiment of the present invention. The difference from the technical solution shown in Figure 2 is that after the adjusted data and the corresponding matrix are generated based on the original data in the computing unit 1, the corresponding matrix data in the random access memory 3 is then transmitted to the hardware and/or software The security module 2 performs encryption processing. Exemplarily, the data volume of the corresponding matrix generated based on the original data volume of 100 MB may only be 10 -6 MB, thereby effectively reducing the calculation amount of encryption, thereby not occupying the hardware and/or software security module 2 for a long time. resource.

在本发明的当前实施例中,通过集成的加密算法及密钥对所生成的对应矩阵进行加密。相应地,在对对应矩阵进行解密时,可以使用适配的解密算法及密钥来还原所述对应矩阵。需要说明的是,所述标记字符可以作为对应矩阵的元素项同对应矩阵一起被加密,也可以被单独地加密。In the current embodiment of the present invention, the generated corresponding matrix is encrypted by an integrated encryption algorithm and key. Correspondingly, when decrypting the corresponding matrix, an adapted decryption algorithm and key can be used to restore the corresponding matrix. It should be noted that the mark characters can be encrypted together with the corresponding matrix as element items of the corresponding matrix, or can be encrypted separately.

在步骤S6中,将所述数据段的顺序进行调整和拼接,并存储经调整的数据段和经加密的对应矩阵。在图14中示出经调整的数据段,其中,由经分段的数据段及其前后插入的字符组成的数据段的顺序可以基于特定的算法设置成例如随机顺序。关于数据的存储位置,可以如图3所示的可选实施例中的那样将经调整的数据段和经加密的对应矩阵一同存储在非易失性存储器4中;也可以如图4所示的可选实施例中的那样将经调整的数据段和经加密的对应矩阵一同上传至数据平台5中存储。可以理解的是,由于每个数据段前后均插入有字符和标记字符且数据段的顺序已经被打乱,所以即使所存储的数据段或所存储的数据段的一部分通过特定手段被提取后,在无法破解经加密的对应矩阵的情况下也无法正确解读所提取的数据段或所提取的数据段的一部分。In step S6, the sequence of the data segments is adjusted and spliced, and the adjusted data segments and the encrypted corresponding matrix are stored. The adjusted data segment is shown in FIG. 14 , wherein the order of the data segment composed of the segmented data segment and the characters inserted before and after it can be set in a random order based on a specific algorithm, for example. Regarding the storage location of the data, the adjusted data segment and the encrypted corresponding matrix can be stored together in the non-volatile memory 4 as in the optional embodiment shown in Figure 3; it can also be as shown in Figure 4 The adjusted data segment and the encrypted corresponding matrix are uploaded to the data platform 5 for storage as in the optional embodiment. It can be understood that, since characters and mark characters are inserted before and after each data segment and the order of the data segments has been disturbed, even after the stored data segment or a part of the stored data segment is extracted by specific means, The extracted data segment or a part of the extracted data segment cannot be interpreted correctly without deciphering the encrypted corresponding matrix.

在一种可选的实施例中,可以分开地存储经调整的数据段和经加密的对应矩阵,例如如图5所示的那样将经调整的数据段存储在非易失性存储器4中,而将经加密的对应矩阵上传至数据平台5中存储。可以理解的是,对于经调整的数据段,在没有获取且解密数据平台5中的对应矩阵的情况下就不能够转译原始数据(明文),由此进一步提高了数据的安全性。In an optional embodiment, the adjusted data segment and the encrypted corresponding matrix can be stored separately, for example, the adjusted data segment is stored in the non-volatile memory 4 as shown in FIG. 5 , The encrypted corresponding matrix is uploaded to the data platform 5 for storage. It can be understood that for the adjusted data segment, the original data (plaintext) cannot be translated without obtaining and decrypting the corresponding matrix in the data platform 5, thereby further improving the security of the data.

图7示出了根据本发明的另一示例性实施例的用于数据存储系统的数据加密方法的工作流程图。以下仅阐述与图1中所示的实施例的区别,而相同的步骤为了简洁起见而不再重复描述。Fig. 7 shows a working flowchart of a data encryption method for a data storage system according to another exemplary embodiment of the present invention. Only the differences from the embodiment shown in FIG. 1 are described below, and the same steps are not described repeatedly for the sake of brevity.

所述方法可以包括步骤S10,S11和S7。以下结合图6所述的另一实施例的数据加密方法的数据流图更好地阐述这些步骤。在步骤S10中,将原始数据存储在非易失性存储器4中。可以理解的是,在图3至图5所示的可选实施例中,在完成数据处理和数据加密后才将经调整的数据段和经加密的对应矩阵存储到非易失性存储器4和/或数据平台5中。考虑到在加密过程中断电或者车辆下电时随机存取存储器3中的数据会丢失,因此在如图6所示的那样在数据处理和加密之前先将随机存取存储器3中的原始数据传输给非易失性存储器4,由此确保在加密过程中断电或者车辆下电时在非易失性存储器4中仍存储有原始数据,由此降低数据的丢失风险。The method may include steps S10, S11 and S7. These steps are better described below in conjunction with the data flow diagram of the data encryption method of another embodiment described in FIG. 6 . In step S10 , the original data is stored in the non-volatile memory 4 . It can be understood that, in the optional embodiments shown in FIGS. 3 to 5 , the adjusted data segment and the encrypted corresponding matrix are stored in the nonvolatile memory 4 and /or Data Platform 5. Considering that the data in the random access memory 3 will be lost when the encryption process is powered off or the vehicle is powered off, the original data in the random access memory 3 will be previously processed and encrypted as shown in Figure 6. It is transmitted to the non-volatile memory 4, thereby ensuring that the original data is still stored in the non-volatile memory 4 when the encryption process is powered off or the vehicle is powered off, thereby reducing the risk of data loss.

在步骤S11中,从非易失性存储器4读取所述原始数据。在图6所示的可选实施例中,将原始数据从非易失性存储器4传输至随机存取存储器3。In step S11, the original data is read from the non-volatile memory 4 . In an alternative embodiment shown in FIG. 6 , raw data is transferred from the non-volatile memory 4 to the random access memory 3 .

在步骤S6中完成存储经调整的数据段和经加密的对应矩阵的存储后,在步骤S7中将存储在非易失性存储器4中的原始数据(明文)删除。通过这种方式不仅防止原始数据泄露并进一步提高数据存储的安全性,而且在保证数据没有丢失风险的情况下节省非易失性存储器4的存储空间,以进行后续的数据存储和加密过程。After finishing storing the adjusted data segment and the encrypted corresponding matrix in step S6, the original data (plaintext) stored in the non-volatile memory 4 is deleted in step S7. This way not only prevents the original data from leaking and further improves the security of data storage, but also saves the storage space of the non-volatile memory 4 for subsequent data storage and encryption processes without risk of data loss.

图8示出根据本发明的一个示例性实施例的用于数据存储系统的数据解密方法的工作流程图。以下示例性的实施例更详细地描述根据本发明的数据解密方法。Fig. 8 shows a working flowchart of a data decryption method for a data storage system according to an exemplary embodiment of the present invention. The following exemplary embodiments describe the data decryption method according to the present invention in more detail.

所述方法包括步骤S1’至S7’。在步骤S1’中,提取经调整的数据和经加密的对应矩阵。The method comprises steps S1' to S7'. In step S1', the adjusted data and the encrypted corresponding matrix are extracted.

在步骤S2’中,对经加密的对应矩阵进行解密,由此获取矩阵明文。在本发明的当前实施例中,可以例如通过集成的解密算法及密钥进行所述解密,其中,所述解密算法适配于数据加密方法中使用的加密算法。In step S2', the encrypted corresponding matrix is decrypted, thereby obtaining the plaintext of the matrix. In the current embodiment of the invention, the decryption can eg be performed by means of an integrated decryption algorithm and key, wherein the decryption algorithm is adapted to the encryption algorithm used in the data encryption method.

在步骤S3’中,遍历经调整的数据,通过识别所述数据中的标记字符对经调整的数据进行分段,由此获取待处理的非等长数据段。在此,所述标记字符与所插入的数据段中的任一字符均不同。可以理解的是,由于所述标记字符标记在每个数据段的末尾,因此通过识别所述标记字符就能够还原数据段的分段方式,并由此获取待处理的非等长数据段。In step S3', the adjusted data is traversed, and the adjusted data is segmented by identifying the marking characters in the data, thereby obtaining the non-equal-length data segment to be processed. Here, the mark character is different from any character in the inserted data segment. It can be understood that, since the marking character is marked at the end of each data segment, the segmentation method of the data segment can be restored by identifying the marking character, and thus the data segment of unequal length to be processed can be obtained.

在步骤S4’中,提取和/或标记所述数据段前插入的字符。所述字符是数据段前插入的一串固定长度的字符。由于所获取的矩阵明文包含关于插入的字符的信息,因此例如基于所获取的矩阵明文能够提取和/或标记所述数据段前插入的字符。In step S4', the characters inserted before the data segment are extracted and/or marked. The characters are a string of fixed-length characters inserted before the data segment. Since the obtained matrix plaintext contains information about the inserted characters, the inserted characters before the data segment can be extracted and/or marked, for example based on the obtained matrix plaintext.

在步骤S5’中,基于所获取的矩阵明文中字符所对应的数据段的原顺序,还原所述数据段的顺序。可以理解的是,由于在对应矩阵中数据段的原顺序与在该数据段前插入的字符相关联,因此基于所获取的矩阵明文能够还原所述数据段的顺序。In step S5', based on the obtained original order of the data segments corresponding to the characters in the matrix plaintext, restore the order of the data segments. It can be understood that since the original order of the data segments in the corresponding matrix is associated with the character inserted before the data segment, the order of the data segments can be restored based on the obtained matrix plaintext.

在步骤S6’中,删除所述数据段前插入的字符和所述数据段的末尾插入的标记字符。In step S6', the characters inserted before the data segment and the tag characters inserted at the end of the data segment are deleted.

在步骤S7’中,对经删除后的数据段进行拼接,由此获取原始数据。In step S7', the deleted data segments are spliced, thereby obtaining the original data.

另外,应注意到,在此描述的步骤序号并不必然代表先后顺序,而仅仅是一种附图标记,根据具体情况,顺序可以更改,只要能够实现本发明的技术目的即可。In addition, it should be noted that the sequence number of the steps described here does not necessarily represent the sequence, but is just a reference number, and the sequence can be changed according to the actual situation, as long as the technical purpose of the present invention can be achieved.

尽管在此详细描述了本发明的特定实施方式,但它们仅仅是为了解释的目的而给出的,而不应认为它们对本发明的范围构成限制。在不偏离本发明的核心和范围的前提下,可以提出各种替换方案和修改方案。While specific embodiments of the invention have been described in detail herein, they have been presented for purposes of illustration only and should not be construed as limiting the scope of the invention. Various alternatives and modifications can be made without departing from the spirit and scope of the invention.

Claims (10)

1.一种用于数据存储系统的数据加密方法,其中,所述数据加密方法包括以下步骤:1. A data encryption method for a data storage system, wherein the data encryption method comprises the following steps: 步骤S1:将待加密的原始数据分段成非等长数据段;Step S1: Segment the original data to be encrypted into data segments of unequal length; 步骤S2:在每个数据段前插入一串固定长度的字符;Step S2: Insert a string of fixed-length characters before each data segment; 步骤S3:在每个数据段的末尾插入标记字符;Step S3: Insert a mark character at the end of each data segment; 步骤S4:基于数据段的顺序和插入的字符生成对应矩阵;Step S4: Generate a corresponding matrix based on the order of the data segments and the inserted characters; 步骤S5:对所生成的对应矩阵进行加密;Step S5: Encrypt the generated corresponding matrix; 步骤S6:将所述数据段的顺序进行调整和拼接,并存储经调整的数据段和经加密的对应矩阵。Step S6: adjusting and concatenating the sequence of the data segments, and storing the adjusted data segments and the encrypted corresponding matrix. 2.根据权利要求1所述的数据加密方法,其中,所述数据加密方法还包括以下步骤:2. The data encryption method according to claim 1, wherein the data encryption method further comprises the steps of: 步骤S10:将原始数据存储在非易失性存储器中;Step S10: storing the original data in a non-volatile memory; 步骤S11:从非易失性存储器读取所述原始数据。Step S11: read the original data from the non-volatile memory. 3.根据以上权利要求中任一项所述的数据加密方法,其中,在步骤S6中,将经调整的数据段和经加密的对应矩阵均存储在非易失性存储器中,或者将经调整的数据段和经加密的对应矩阵均上传至数据平台中存储,或者分别将经调整的数据段存储在非易失性存储器中并将经加密的对应矩阵上传至数据平台中存储。3. The data encryption method according to any one of the preceding claims, wherein, in step S6, both the adjusted data segment and the encrypted corresponding matrix are stored in a non-volatile memory, or the adjusted Both the data segment and the encrypted corresponding matrix are uploaded to the data platform for storage, or the adjusted data segments are stored in a non-volatile memory and the encrypted corresponding matrix is uploaded to the data platform for storage. 4.根据以上权利要求中任一项所述的数据加密方法,其中,在所述数据段前插入的字符的固定长度足够长,且通过生成所述固定长度的字符的算法和/或筛选机制保证每个数据段前插入的字符不重复;和/或4. The data encryption method according to any one of the preceding claims, wherein the fixed length of the character inserted before the data segment is long enough, and the algorithm and/or screening mechanism for generating the fixed-length character Ensure that the characters inserted before each data segment are not repeated; and/or 在所述数据段的末尾插入的标记字符与所插入的数据段中的任一字符均不同;和/或the marker character inserted at the end of said data segment is different from any character in the inserted data segment; and/or 在没有获取且解密经加密的对应矩阵的情况下,仅基于经调整的数据段不能够转译原始数据(明文)。The original data (plaintext) cannot be translated based on the adjusted data segments alone without obtaining and decrypting the encrypted corresponding matrix. 5.根据以上权利要求中任一项所述的数据加密方法,其中,所述数据加密方法还包括以下步骤:5. The data encryption method according to any one of the preceding claims, wherein the data encryption method further comprises the steps of: 步骤S7:将存储在非易失性存储器中的原始数据(明文)删除。Step S7: Delete the original data (plaintext) stored in the non-volatile memory. 6.根据以上权利要求中任一项所述的数据加密方法,其中,所述标记字符作为对应矩阵的元素项同所述对应矩阵一起被加密,或者所述标记字符单独被加密。6. The data encryption method according to any one of the preceding claims, wherein the marking characters are encrypted together with the corresponding matrix as element items of the corresponding matrix, or the marking characters are encrypted separately. 7.根据以上权利要求中任一项所述的数据加密方法,其中,在步骤S5中,通过集成的加密算法及密钥对所生成的对应矩阵进行加密。7. The data encryption method according to any one of the preceding claims, wherein, in step S5, the generated corresponding matrix is encrypted by an integrated encryption algorithm and key. 8.一种用于数据存储系统的数据解密方法,所述数据解密方法与权利要求1至7中任一项所述的数据加密方法配合使用,其中,所述数据解密方法包括:8. A data decryption method for a data storage system, the data decryption method is used in conjunction with the data encryption method according to any one of claims 1 to 7, wherein the data decryption method comprises: 步骤S1’:提取经调整的数据和经加密的对应矩阵;Step S1': extract the adjusted data and the encrypted corresponding matrix; 步骤S2’:对经加密的对应矩阵进行解密,由此获取矩阵明文;Step S2': Decrypt the encrypted corresponding matrix, thereby obtaining the plaintext of the matrix; 步骤S3’:遍历经调整的数据,通过识别所述数据中的标记字符对所述经调整的数据进行分段,由此获取待处理的非等长数据段;Step S3': traversing the adjusted data, and segmenting the adjusted data by identifying the mark characters in the data, thereby obtaining non-equal-length data segments to be processed; 步骤S4’:提取和/或标记所述数据段前插入的字符;Step S4': extracting and/or marking the characters inserted before the data segment; 步骤S5’:基于所获取的矩阵明文中字符所对应的数据段的原顺序,还原所述数据段的顺序;Step S5': Based on the original order of the data segments corresponding to the characters in the obtained matrix plaintext, restore the order of the data segments; 步骤S6’:删除所述数据段前插入的字符和所述数据段的末尾插入的标记字符;Step S6': delete the character inserted before the data segment and the tag character inserted at the end of the data segment; 步骤S7’:对经删除后的数据段进行拼接,由此获取原始数据。Step S7': Splicing the deleted data segments to obtain the original data. 9.一种用于数据存储系统的数据处理方法,所述数据处理方法包括根据权利要求1至7中任一项所述的数据加密方法和权利要求8所述的用于数据存储系统的数据解密方法。9. A data processing method for a data storage system, the data processing method comprising the data encryption method according to any one of claims 1 to 7 and the data encryption method for a data storage system according to claim 8 decryption method. 10.一种计算机程序产品、例如计算机可读的程序载体,包含计算机程序指令,所述计算机程序指令被处理器执行时实现根据以上权利要求中任一项所述的方法的步骤。10. A computer program product, such as a computer-readable program carrier, comprising computer program instructions which, when executed by a processor, implement the steps of the method according to any one of the preceding claims.
CN202211475170.6A 2022-11-23 2022-11-23 Data encryption method, data decryption method and data processing method for data storage system Pending CN115834201A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211475170.6A CN115834201A (en) 2022-11-23 2022-11-23 Data encryption method, data decryption method and data processing method for data storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211475170.6A CN115834201A (en) 2022-11-23 2022-11-23 Data encryption method, data decryption method and data processing method for data storage system

Publications (1)

Publication Number Publication Date
CN115834201A true CN115834201A (en) 2023-03-21

Family

ID=85530711

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211475170.6A Pending CN115834201A (en) 2022-11-23 2022-11-23 Data encryption method, data decryption method and data processing method for data storage system

Country Status (1)

Country Link
CN (1) CN115834201A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118035044A (en) * 2024-04-11 2024-05-14 福建省计量科学研究院(福建省眼镜质量检验站) A method for evaluating the recommendation accuracy of big data recommendation algorithms
CN118070317A (en) * 2024-04-19 2024-05-24 国网浙江浙电招标咨询有限公司 File encryption and decryption method, system and storage medium based on multi-factor authentication

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118035044A (en) * 2024-04-11 2024-05-14 福建省计量科学研究院(福建省眼镜质量检验站) A method for evaluating the recommendation accuracy of big data recommendation algorithms
CN118070317A (en) * 2024-04-19 2024-05-24 国网浙江浙电招标咨询有限公司 File encryption and decryption method, system and storage medium based on multi-factor authentication
CN118070317B (en) * 2024-04-19 2024-09-13 国网浙江浙电招标咨询有限公司 File encryption and decryption method, system and storage medium based on multi-factor authentication

Similar Documents

Publication Publication Date Title
US8077871B2 (en) Content processing apparatus and encryption processing method
KR101405720B1 (en) Accelerated cryptography with an encryption attribute
US20130305061A1 (en) Data storage device and data protection method
JP5645725B2 (en) Data processing apparatus, data processing system, and control method therefor
CN115834201A (en) Data encryption method, data decryption method and data processing method for data storage system
EP4407502A1 (en) Key management method, data protection method, system, chip, and computer device
JP2003505752A (en) Methods and systems for providing copy protection on storage media and storage media used in such systems
US8160243B1 (en) System, apparatus, and method for the secure storing of bulk data using one-time pad encryption
CN105630965A (en) System and method for securely deleting file from user space on mobile terminal flash medium
CN111399770B (en) Data storage mode conversion method, device and storage medium
CN107609428A (en) Date safety storing system and method
US7925895B2 (en) Data management apparatus, data management method, and storage medium
US8983072B2 (en) Portable data carrier featuring secure data processing
US8200964B2 (en) Method and apparatus for accessing an encrypted file system using non-local keys
CN110008724A (en) Solid-state hard disk controller method for secure loading, device and storage medium
JPH104403A (en) Encryption device, decryption device and method thereof
US20040250104A1 (en) Method of processing data and data processing apparatus
US9411984B2 (en) Cryptographic processing apparatus, cryptographic processing system, and cryptographic processing method
CN113792020B (en) A data processing method, device, terminal and storage medium
JP2005130261A (en) Image forming apparatus, its control method, and its control program
KR20230027369A (en) Unmanned Aerial Vehicle, Apparatus for Generating Source Files Providing Confidential Information Protection of Unmanned Aerial Vehicle
TWI509457B (en) Data storage device and data protection method
JP7412445B2 (en) Content duplication device, access control device and access control program
JP2010113615A (en) Semiconductor system
JP2004046638A (en) Information processing apparatus, information processing system, information processing method, storage medium, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination