CN118246080B - Data processing method, electronic equipment, storage medium and product - Google Patents
Data processing method, electronic equipment, storage medium and product Download PDFInfo
- Publication number
- CN118246080B CN118246080B CN202410668412.6A CN202410668412A CN118246080B CN 118246080 B CN118246080 B CN 118246080B CN 202410668412 A CN202410668412 A CN 202410668412A CN 118246080 B CN118246080 B CN 118246080B
- Authority
- CN
- China
- Prior art keywords
- peripheral interface
- serial peripheral
- flash memory
- encryption
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a data processing method, electronic equipment, a storage medium and a product, and relates to the technical field of data processing. The method comprises the following steps: under the condition of the path connection between the terminal equipment and the serial peripheral interface flash memory, the terminal equipment groups the data to be stored in the path according to the target data transmission length in the process of transmitting the data to be stored through the path, and data groups with the length at most equal to the target data transmission length are obtained; encrypting the obtained data packet based on a key through an encryption and decryption unit arranged on the access to obtain an encrypted data packet; and transmitting the obtained encrypted data packet to the flash memory of the serial peripheral interface through the serial peripheral interface bus and storing the encrypted data packet. In this embodiment, the encryption operation and the data transmission are performed synchronously, so as to efficiently realize the secure storage of the flash memory data of the serial peripheral interface.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data processing method, an electronic device, a storage medium, and a product.
Background
Today, where information security is increasingly important, terminal devices such as embedded devices (e.g. security chips) can provide security protection at a hardware level, so as to resist software attacks and side channel attacks, ensure confidentiality, integrity and availability of data, and make demands of the terminal devices in various fields continuously rise. However, due to the limitations of integration, manufacturing process limitations, performance and power consumption trade-offs, and cost considerations, these terminal devices have limited resources and require a portion of data (e.g., sensitive data) to be stored in the serial peripheral interface Flash memory (i.e., SPI Flash, SPI SERIAL PERIPHERAL INTERFACE).
Currently, in order to protect data in the serial peripheral interface flash memory, the data stored in the serial peripheral interface flash memory is encrypted. However, in the process of encrypting the data, the related art consumes resources of the terminal device, so that the speed of reading and writing the data from the flash memory of the serial peripheral interface of the terminal device is slower. Therefore, how to efficiently implement the security protection of the serial peripheral interface flash memory in the terminal device is a problem to be solved at present.
Disclosure of Invention
The embodiment of the invention provides a data processing method, electronic equipment, a storage medium and a product, and aims to realize safe storage of serial peripheral interface flash memory data in high efficiency by arranging an encryption and decryption unit on a passage between terminal equipment and the serial peripheral interface flash memory and synchronously carrying out encryption and decryption operation and data transmission when the terminal equipment carries out read-write operation on the serial peripheral interface flash memory.
An embodiment of the present invention provides a data processing method, applied to a terminal device, where the method includes:
Under the condition of path connection between the terminal equipment and the serial peripheral interface flash memory, in the process of transmitting data to be stored through the path, grouping the data to be stored in the path according to a target data transmission length to obtain a data group with the length of at most the target data transmission length;
Encrypting one obtained data packet based on a key through an encryption and decryption unit arranged on the channel to obtain an encrypted data packet; the time consumption of the encryption and decryption unit for carrying out encryption operation on one data packet is less than the time consumption of a first target;
and transmitting one obtained encrypted data packet to the serial peripheral interface flash memory through a serial peripheral interface bus and storing the encrypted data packet.
A second aspect of an embodiment of the present invention provides a data processing apparatus, applied to a terminal device, where the apparatus includes:
A first data grouping module, configured to, in a case of a path connection between the terminal device and a serial peripheral interface flash memory, group data to be stored in the path with a target data transmission length in a process of transmitting the data to be stored through the path, so as to obtain a data packet with a length up to the target data transmission length;
the data encryption module is used for encrypting one obtained data packet based on a key through an encryption and decryption unit arranged on the channel to obtain an encrypted data packet; the time consumption of the encryption and decryption unit for carrying out encryption operation on one data packet is less than the time consumption of a first target;
and the first data transmission module is used for transmitting one obtained encrypted data packet to the flash memory of the serial peripheral interface through the serial peripheral interface bus and storing the encrypted data packet.
A third aspect of the embodiments of the present invention provides an electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the data processing method according to the first aspect of the embodiments of the present invention when executed by the processor.
A fourth aspect of the embodiments of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the data processing method according to the first aspect of the embodiments of the present invention.
A fifth aspect of the embodiments of the present invention provides a computer program product comprising computer programs/instructions which when executed by a processor implement the steps of the data processing method according to the first aspect of the embodiments of the present invention.
In the case of the path connection between the terminal device and the serial peripheral interface flash memory, the terminal device groups the data to be stored in the path according to the target data transmission length in the process of transmitting the data to be stored through the path, so as to obtain a data group with the length of at most the target data transmission length; encrypting the obtained data packet based on a key through an encryption and decryption unit arranged on the access to obtain an encrypted data packet; and transmitting the obtained encrypted data packet to the flash memory of the serial peripheral interface through the serial peripheral interface bus and storing the encrypted data packet. In this embodiment, the encryption and decryption unit is disposed on a path between the terminal device and the serial peripheral interface flash memory, so that in a process of transmitting data to be stored to the serial peripheral interface flash memory through the path, data to be stored is grouped, each data group is obtained, in a process of transmitting the obtained data group to the serial peripheral interface flash memory, the data group is encrypted by the encryption and decryption unit on the path and then is directly transmitted to the serial peripheral interface flash memory, and since the encryption operation only consumes one data group encryption calculation time, the time consumption is smaller than the first target time consumption, the encryption operation and the data transmission are performed synchronously, thereby saving resources of the terminal device, saving data transmission time, and efficiently realizing safe storage of the serial peripheral interface flash memory data.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart illustrating steps of a data processing method according to an embodiment of the present invention;
FIG. 2 is a system block diagram of a data security storage system according to an embodiment of the present invention;
FIG. 3 is a block diagram of a data processing apparatus according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
With the popularization of embedded systems and sensor networks, the demand for efficient encryption of terminal equipment resources and energy is also increasing. One of the most common problems in terminal devices, such as security chips, is limited resources, because security chips are required to take into account the balance of integration and power consumption, the trade-off between security and performance, manufacturing cost and price factors, and various factors such as specific application requirements, while serial peripheral interface flash memory is an ideal storage solution in various chip applications because of its advantages of saving resources, reducing volume, reducing cost, increasing speed, reducing power consumption, ease of integration, and providing scalability and flexibility.
However, storing keys, codes, configuration data, and other non-volatile data in the serial peripheral interface flash memory does present some potential security risks, and thus requires security protection of the serial peripheral interface flash memory. At present, in the related art, in the process of encrypting data, data to be encrypted is transmitted into a special encryption and decryption module through an internal bus by a terminal device, the encrypted data is obtained from the encryption and decryption module through the internal bus, and then the encrypted data is transmitted into a flash memory of a serial peripheral interface through the bus of the serial peripheral interface, so that the protection of the data in the flash memory of the serial peripheral interface is realized. However, this encryption method consumes resources of the terminal device, resulting in a slower data reading and writing rate of the terminal device from the serial peripheral interface flash memory, and particularly, when data with a larger data amount is read and written from the serial peripheral interface flash memory, the transmission rate is lower.
Therefore, in order to at least partially solve one or more of the foregoing problems and other potential problems, an embodiment of the present invention proposes a data processing method, in which an encryption/decryption unit is disposed on a path between a terminal device and a serial peripheral interface flash memory, in a process of transmitting data to be stored to the serial peripheral interface flash memory through the path, data to be stored is grouped according to a target data transmission length, each data group is obtained, in a process of transmitting the obtained data group to the serial peripheral interface flash memory, the data group is encrypted by the encryption/decryption unit on the path and then is directly transmitted to the serial peripheral interface flash memory, and since encryption operation only consumes a time for encryption calculation of one data group can be ignored, in this embodiment, encryption operation and data transmission are performed synchronously, thereby not only saving resources of the terminal device, but also saving data transmission time, and realizing efficient and safe storage of the serial peripheral interface flash memory data by the terminal device.
Referring to fig. 1, fig. 1 is a flowchart illustrating steps of a data processing method according to an embodiment of the present invention, where the data processing method is applied to a terminal device, the data processing method may include the following steps:
Step S11: and under the condition of path connection between the terminal equipment and the serial peripheral interface flash memory, in the process of transmitting data to be stored through the path, grouping the data to be stored in the path according to a target data transmission length to obtain a data packet with the length of at most the target data transmission length.
In this embodiment, the terminal device may be a terminal device that needs an external serial peripheral interface flash memory, and under the condition that a path between the terminal device and the serial peripheral interface flash memory is connected, the terminal device may perform a read-write operation on the serial peripheral interface flash memory, so as to store data in or read data from the serial peripheral interface flash memory. After receiving the command and data of the terminal device, the flash memory of the serial peripheral interface executes corresponding operations, such as reading, writing or erasing data, according to the command. These operations involve management of memory locations such as pages, sectors, and blocks within the serial peripheral interface flash memory.
Under the condition that the terminal equipment writes data into the serial peripheral interface flash memory, after the data to be stored is determined, the data to be stored can be transmitted to the serial peripheral interface flash memory through a channel between the terminal equipment and the serial peripheral interface flash memory. In this embodiment, in the process of transmitting data to be stored through the path, the data to be stored in the path is grouped with the target data transmission length. Specifically, in this embodiment, a target data transmission length is preset, where the target data transmission length is a maximum data length of one packet, and may be set arbitrarily according to requirements and data types. When the data to be stored is grouped, the data to be stored is divided according to the target data transmission length, after a plurality of data groups with the length being the target data transmission length are obtained, if the remaining data to be stored with the length which is not enough for the target data transmission length is still available, the remaining data to be stored with the length which is not enough for the target data transmission length is directly divided into one data group, therefore, the data to be stored is divided according to the embodiment, and a plurality of data groups with the length which is at most the target data transmission length can be obtained.
Step S12: encrypting one obtained data packet based on a key through an encryption and decryption unit arranged on the channel to obtain an encrypted data packet; the time consumption of the encryption and decryption unit for carrying out encryption operation on one data packet is less than the time consumption of a first target.
In this embodiment, an encryption and decryption unit is disposed on a path between the terminal device and the serial peripheral interface flash memory, and is used for encrypting and decrypting data in a process of transmitting data between the terminal device and the serial peripheral interface flash memory. And grouping the data to be stored in the access, and encrypting the obtained data packet based on a key generated in advance by an encryption and decryption unit arranged on the access to obtain an encrypted data packet every time the data packet is obtained.
The encryption and decryption unit encrypts the data packet, and since the data length of the data packet does not exceed the target data transmission length at most, the time consumed by the encryption and decryption unit for performing encryption operation on one data packet is smaller than the first target time consumption, and the first target time consumption is a maximum time consumption threshold value representing that the encryption operation time consumption is negligible, and the first target time consumption can be set arbitrarily according to requirements. That is, the relationship between the target data transmission length and the first target time consumption in this embodiment is: the time consumption of encryption operation of the data packet with the length of the target data transmission length is ensured to be less than that of the first target.
Step S13: and transmitting one obtained encrypted data packet to the serial peripheral interface flash memory through a serial peripheral interface bus and storing the encrypted data packet.
In this embodiment, after obtaining one encrypted data packet, the obtained one encrypted data packet may be transmitted to the serial peripheral interface flash memory through the serial peripheral interface bus and stored. In the process of transmitting the data to be stored to the flash memory of the serial peripheral interface, each data packet corresponding to the data to be stored in the transmission process is directly encrypted in sequence through an encryption and decryption unit on a transmission path and then is continuously transmitted, so that the transmission and storage of the whole data to be stored are completed.
In an alternative example, the serial peripheral interface flash memory may generate the data to be stored based on all the encrypted data packets after receiving all the encrypted data packets corresponding to the data to be stored and store the data to be stored in the serial peripheral interface flash memory.
In this embodiment, the encryption and decryption unit is disposed on a path between the terminal device and the serial peripheral interface flash memory, so that in a process of transmitting data to be stored to the serial peripheral interface flash memory through the path, data to be stored is grouped, each data group is obtained, in a process of transmitting the obtained data group to the serial peripheral interface flash memory, the data group is encrypted by the encryption and decryption unit on the path and then is directly transmitted to the serial peripheral interface flash memory, and since the encryption operation only consumes one data group encryption calculation time, the time consumption is smaller than the first target time consumption, the encryption operation and the data transmission are performed synchronously, thereby saving resources of the terminal device, further saving data transmission time, improving the performance of the terminal device, and efficiently realizing safe storage of the serial peripheral interface flash memory data.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, in addition to the above steps, steps S21 to S23 may be included:
Step S21: and in the process of reading target data from the flash memory of the serial peripheral interface through the path, grouping the target data in the path according to the target data transmission length to obtain target data groups with the length of at most the target data transmission length.
In this embodiment, when the terminal device reads data from the serial peripheral interface flash memory, after determining the target data, the terminal device may read the target data from the serial peripheral interface flash memory through a path between the terminal device and the serial peripheral interface flash memory. The target data in this embodiment is data that needs to be read from the serial peripheral interface flash memory. In this embodiment, in the process of reading target data from the serial peripheral interface flash memory through the path, the target data in the path is grouped with a target data transmission length. Similarly to the data grouping of the data to be stored, in this embodiment, when the target data is grouped, the target data is divided according to the target data transmission length, after a plurality of target data groups with the length being the target data transmission length are obtained by dividing, if there is remaining target data with insufficient target data transmission length, the remaining target data with insufficient target data transmission length is directly divided into one target data group, so that the embodiment divides the target data to obtain a plurality of target data groups with the length being at most the target data transmission length. The data packet in this embodiment is a data packet after the data to be stored is grouped, and the target data packet is a data packet after the target data is grouped.
Step S22: decrypting, by the encryption/decryption unit, the obtained one target data packet based on the key to obtain a decrypted target data packet; the time consumption of the encryption and decryption unit for carrying out decryption operation on one target data packet is less than that of a second target.
In this embodiment, the target data in the path is grouped, and each time a target data packet is obtained, the obtained target data packet may be decrypted by an encryption/decryption unit provided on the path based on a key generated in advance, to obtain a decrypted target data packet.
The encryption and decryption unit in this embodiment decrypts the target data packet, and since the data length of the target data packet does not exceed the target data transmission length at most, the time consumed by the encryption and decryption unit for decrypting one target data packet is less than the second target time consumption, where the second target time consumption is a maximum time consumption threshold representing that the time consumed by the decryption operation is negligible, and the second target time consumption can be set arbitrarily according to the requirement. That is, the relationship between the target data transmission length and the second target time consumption in this embodiment is: the time consumption of decryption operation of the target data packet with the length of target data transmission length is less than that of the second target. In this embodiment, the first target time consumption and the second target time consumption may be the same or different, which is not limited.
Step S23: and transmitting the obtained one decrypted target data packet to a designated address through an internal bus of the terminal equipment every time the decrypted target data packet is obtained.
In this embodiment, after obtaining one decrypted target data packet, the obtained one decrypted target data packet may be transmitted to the specified address through the internal bus of the terminal device to perform other operations. In the process of reading target data from the flash memory of the serial peripheral interface, each target data packet corresponding to the target data in the transmission process is directly decrypted in sequence and then is continuously transmitted through an encryption and decryption unit on a transmission path, so that the reading of the whole target data is completed.
In an alternative example, the specified address of the terminal device may generate the target data based on all decrypted target data packets after receiving all decrypted target data packets corresponding to the target data, so as to perform other operations on the target data, which are not limited in this embodiment.
In this embodiment, the encryption and decryption unit is disposed on a path between the terminal device and the flash memory of the serial peripheral interface, so that in a process of reading target data from the flash memory of the serial peripheral interface through the path, the target data is grouped, each target data group is obtained, in a process of transmitting the obtained target data group, the target data group is decrypted by the encryption and decryption unit on the path and then is directly transmitted to the designated address, and since the decryption operation only consumes one target data group decryption calculation time, the time consumption is smaller than the time consumption of the second target, and the time consumption is practically negligible, in this embodiment, the encryption and decryption operation and the data transmission are both performed synchronously, thereby saving resources of the terminal device, saving data transmission time, and efficiently realizing security protection of the flash memory of the serial peripheral interface in the terminal device.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, before "each of the target data packets is obtained" in step S22, "decrypting, by the encryption/decryption unit, the obtained one of the target data packets based on the key to obtain a decrypted target data packet" in step S22, further includes step S31:
step S31: and temporarily storing the target data packet through the buffer area, and sending the target data packet to the encryption and decryption unit in the buffer area in a first-in-first-out mode.
In this embodiment, the path between the terminal device and the serial peripheral interface flash memory is at least composed of the terminal device, the serial peripheral interface bus and the serial peripheral interface flash memory, where a buffer area exists between the serial peripheral interface bus and the serial peripheral interface flash memory, the encryption and decryption unit is disposed inside the terminal device, and the encryption and decryption unit is on the path from the buffer area to the serial peripheral interface bus.
Based on this, in this example, after each target data packet is obtained, the target data packet is buffered by a buffer, which may be a FIFO (first in first out) queue (i.e., first Input First Output), and the target data packet buffered in the buffer may be sent to the encryption/decryption unit by a FIFO method. And each time the encryption and decryption unit obtains a target data packet, decrypting the obtained target data packet based on the key to obtain a decrypted target data packet.
In another embodiment, after each of the encrypted data packets is obtained, the obtained encrypted data packet may be transmitted to a buffer area through a serial peripheral interface bus for temporary storage, and then the encrypted data packet temporarily stored in the buffer area is sent to a serial peripheral interface flash memory for storage in a first-in-first-out manner.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, in addition to the above steps, step S41 and step S42 may be included:
step S41: and determining the access mode corresponding to the six-wire serial peripheral interface controller.
In this embodiment, the terminal device at least includes a six-wire serial peripheral interface controller (i.e., QSPI controller), and the six-wire serial peripheral interface controller is used to perform related control on interaction between the terminal device and the serial peripheral interface flash memory, where the terminal device in this embodiment is connected to the serial peripheral interface flash memory through the six-wire serial peripheral interface controller based on the serial peripheral interface bus. The terminal device may determine an access mode in which the six-wire serial peripheral interface controller is located.
The six-wire serial peripheral interface controller of the embodiment corresponds to different access modes, and at least comprises: an indirect access mode and a direct access mode. The indirect access mode of the six-wire serial peripheral interface controller refers to: when the terminal equipment writes data, the determined data to be stored is encrypted based on an encryption and decryption unit after passing through a six-wire serial peripheral interface controller, and then the data is stored into a serial peripheral interface flash memory through a buffer area; when the terminal equipment reads data, the target data is temporarily stored in the buffer area from the flash memory of the serial peripheral interface, decrypted by the encryption and decryption unit, transmitted to the terminal equipment through the six-wire serial peripheral interface controller, and then transmitted to the designated address through the internal bus of the terminal equipment.
The direct access mode of the six-wire serial peripheral interface controller characterizes that the serial peripheral interface flash memory directly interacts with the memory of the terminal equipment, and the CPU of the terminal equipment can directly access the address of the serial peripheral interface flash memory.
Step S42: and under the condition that the six-wire serial peripheral interface controller is in a direct access mode, directly acquiring data in the serial peripheral interface flash memory through the six-wire serial peripheral interface controller, and decrypting the data through the encryption and decryption unit to obtain decrypted data.
In this embodiment, under the condition that the six-wire serial peripheral interface controller is determined to be in the direct access mode, the data in the serial peripheral interface flash memory can be directly obtained through the six-wire serial peripheral interface controller, and the directly obtained data is decrypted through the encryption and decryption unit, so that decrypted data is obtained, and the communication interaction speed of the SoC (System on Chip) and the serial peripheral interface flash memory in the terminal device is greatly improved.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In this method, the "decrypting the data by the encryption and decryption unit to obtain decrypted data" in the step S42 may include step S51 and step S52:
Step S51: and reading the secret key from the memory of the terminal equipment.
In this embodiment, a corresponding key is generated in advance for the serial peripheral interface flash memory externally connected to the terminal device, and is stored in the memory of the terminal device, so that the terminal device can directly obtain the data in the serial peripheral interface flash memory through the direct access mode of the six-wire serial peripheral interface controller, and then can read the key corresponding to the serial peripheral interface flash memory from the memory of the terminal device.
Step S52: and decrypting through the encryption and decryption unit based on the read secret key to obtain decrypted data.
In this embodiment, after the key in the memory is read, the read data may be decrypted by the encryption and decryption unit based on the read key, so as to obtain decrypted data.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, in addition to the above steps, step S61 and step S62 may be included:
Step S61: and monitoring the channel condition between the terminal equipment and the serial peripheral interface flash memory.
In this embodiment, the terminal may monitor the channel status between the terminal device and the serial peripheral interface flash memory in real time or periodically.
Step S62: and destroying all information in the encryption and decryption unit under the condition that the access condition is that the access between the terminal equipment and the serial peripheral interface flash memory is disconnected.
In this embodiment, all information in the encryption and decryption unit may be destroyed when it is determined that the path status of the path between the terminal device and the serial peripheral interface flash memory is that the path between the terminal device and the serial peripheral interface flash memory is disconnected. In this embodiment, the encryption and decryption unit does not store the encrypted and decrypted data in the process of encrypting and decrypting the data, and under the condition that the access between the terminal device and the serial peripheral interface flash memory is disconnected, all the current information in the encryption and decryption unit is automatically destroyed, so that the safety protection of the serial peripheral interface flash memory is further ensured. In an embodiment, all the current information in the encryption and decryption unit may refer to information such as data being encrypted/decrypted in the encryption and decryption unit.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, the "encrypting the obtained one of the data packets based on the key by the encryption/decryption unit provided on the channel" in the step S12 may specifically include the step S71 and the step S72, and the "decrypting the obtained one of the target data packets based on the key by the encryption/decryption unit in the step S22 may specifically include the step S73 and the step S74:
step S71: and determining a target encryption algorithm from the symmetrical algorithms through the encryption and decryption unit.
In this embodiment, the encryption and decryption unit is internally provided with a symmetric algorithm, and the built-in symmetric algorithm at least includes any one or more of the following: SM3, SM4, SM1, AES, ASCON algorithm. When the encryption and decryption unit encrypts, the target encryption algorithm can be determined from the symmetric algorithm built in the encryption and decryption unit.
Step S72: and encrypting one obtained data packet based on the key through the target encryption algorithm to obtain one encrypted data packet, wherein the encrypted data packet carries an algorithm identifier of the target encryption algorithm.
In this embodiment, after the encryption and decryption unit determines the target encryption algorithm, the encryption unit may encrypt the obtained one data packet based on the key and through the target encryption algorithm to obtain an encrypted data packet, where the encrypted data packet carries the algorithm identifier of the target encryption algorithm.
Step S73: and determining a target decryption algorithm based on the algorithm identification carried by the target data packet through the encryption and decryption unit.
In this embodiment, when the encryption and decryption unit decrypts the received target data packet, the target data packet carries an algorithm identifier, where the algorithm identifier carried by the target data packet is an algorithm identifier of a target encryption algorithm corresponding to the target data packet, and the encryption and decryption unit may determine the target decryption algorithm based on the algorithm identifier carried by the target data packet. The target decryption algorithm is a decryption algorithm corresponding to the target encryption algorithm, and the corresponding relation between the encryption algorithm and the decryption algorithm can be stored in the encryption and decryption unit in advance. In one example, the target encryption algorithm and the target decryption algorithm used by the same data may be the same.
Step S74: and decrypting the obtained target data packet by the target decryption algorithm based on the secret key to obtain a decrypted target data packet.
In this embodiment, after the encryption and decryption unit determines the target decryption algorithm, the encryption and decryption unit may decrypt the obtained target data packet based on the key and through the target decryption algorithm, to obtain a decrypted target data packet.
In this embodiment, encryption and decryption operations are performed on the serial peripheral interface flash memory data by using cryptographic algorithms such as SM1, SM3, SM4, and the like, and the data is transmitted on the serial peripheral interface bus in the form of algorithm ciphertext such as SM1/SM4/AES/ASCON, so that a masquerade cannot steal data information by monitoring the serial peripheral interface bus to perform channel measurement attack, analysis of energy traces, and the like, which can greatly improve the security and reliability of the serial peripheral interface flash memory. And SM1, SM3 and SM4 are independently developed encryption algorithms in China, have complete intellectual property rights, are simple in design, small in code quantity and easy to understand and use, are particularly excellent in performance on equipment with limited resources, and improve performance on the premise of ensuring safety by using the national encryption algorithm, so that dependence on external technology is reduced, application processes of the national encryption algorithm are promoted, and information safety is enhanced.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In this method, the "determining the target encryption algorithm from the symmetric algorithm" in the above step S71 may specifically include step S81, or, step S82 and step S83:
step S81: randomly determining one or more symmetric algorithms from the symmetric algorithms as the target encryption algorithm.
In this embodiment, one or more symmetric algorithms may be randomly determined from the symmetric algorithms built in the encryption and decryption unit as the target encryption algorithm.
Step S82: a data type of the data packet is determined.
In this embodiment, the encryption and decryption unit may determine the data type of the data packet. Wherein the data type may be a type on the data content, such as sensitive information, codes, keys, etc.; the data type may also be a type on a data format, such as xml data format, JSON data format, and the like. The embodiment can set the symmetrical algorithm corresponding to different data types in advance.
Step S83: and determining a symmetric algorithm corresponding to the data type as the target encryption algorithm from the symmetric algorithms based on the data type.
In this embodiment, based on the data type of the data packet, from among the symmetric algorithms built in the encryption/decryption unit, the symmetric algorithm corresponding to the data type may be determined as the target encryption algorithm, so as to encrypt the subsequent data packet.
The serial peripheral interface flash memory is used as an external memory, and compared with the memory resource in the chip, the physical access controllability of the serial peripheral interface flash memory is poorer. This means that if an attacker were able to physically access the serial peripheral interface flash memory, they might attempt to obtain or destroy the stored secret data such as the key by various means (e.g. direct reading, tampering or copying). Furthermore, the serial peripheral interface flash memory is connected to an external interface, which also increases the risk of data leakage or interception, especially without adequate security measures.
In the related art, corresponding protection measures are not carried out on the key in the encryption and decryption process of the flash memory data of the serial peripheral interface, the key plays a critical role in the encryption and decryption process, and the key protection is the most important link in the encryption process and needs to be fully paid attention to and guaranteed. If the key protection is improper, the security of the information cannot be ensured even if the encryption algorithm is strong.
Based on this, in order to alleviate these potential problems, in combination with the above embodiments, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, in addition to the above steps, steps S91 to S94 may be included:
Step S91: and when the terminal equipment is powered on and started, establishing access connection between the terminal equipment and the serial peripheral interface flash memory.
In this embodiment, when the terminal device is powered on and started, a path connection between the terminal device and the serial peripheral interface flash memory is established.
Step S92: and acquiring the equipment information of the terminal equipment and the equipment information of the serial peripheral interface flash memory.
In this embodiment, after establishing the access connection, the device information of the serial peripheral interface flash memory and the device information of the terminal device itself may be obtained. Wherein the device information of the terminal device includes at least one or more of: the device identification (unique identification) of the terminal device, the factory information of the terminal device, and the size of the terminal device; the device information of the serial peripheral interface flash memory at least comprises one or more of the following: the flash memory identification (unique identification) of the serial peripheral interface flash memory, the delivery date of the serial peripheral interface flash memory, the manufacturer name of the serial peripheral interface flash memory.
Step S93: and splicing the equipment information of the terminal equipment and the equipment information of the serial peripheral interface flash memory to obtain spliced information.
In this embodiment, the acquired device information of the terminal device and the device information of the serial peripheral interface flash memory may be spliced together to obtain the spliced information.
Step S94: and processing the spliced information to obtain an information abstract, and generating the secret key based on the information abstract.
In this embodiment, the spliced information may be processed by an SM3 algorithm to obtain an information abstract, so that the key is generated based on the information abstract, and the key is a key corresponding to the terminal device and the serial peripheral interface flash memory. The key in this embodiment is a symmetric key.
In an alternative embodiment, the terminal device may be connected to a plurality of serial peripheral interface flash memories, and then the keys corresponding to the plurality of serial peripheral interface flash memories may be automatically generated when the terminal device is powered on through steps S91 to S94.
In this embodiment, when the terminal device is powered on and started, after establishing a connection with a channel between the serial peripheral interface flash memory, device information of the terminal device and device information of the serial peripheral interface flash memory are combined, and a symmetric key is generated through SM3 operation, so that the serial peripheral interface flash memory and the terminal device are bound, and an attacker is prevented from replacing the serial peripheral interface flash memory to attack the terminal device.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, after the above step S94, steps S101 to S103 may be further included:
step S101: and sending the secret key to the encryption and decryption unit and storing the secret key in a memory of the terminal equipment.
In this embodiment, after the key is generated, the key may be directly sent to the encryption and decryption unit, and stored in the memory of the terminal device instead of being stored locally.
Step S102: and monitoring the channel condition between the terminal equipment and the serial peripheral interface flash memory.
In this embodiment, similar to the aforementioned step S61, the terminal may monitor the channel status between the terminal device and the serial peripheral interface flash memory in real time or periodically. The period can be freely set without limitation.
Step S103: and destroying the secret key in the memory under the condition that the access condition is that the access between the terminal equipment and the serial peripheral interface flash memory is disconnected.
In this embodiment, under the condition that it is determined that the path status of the path between the terminal device and the serial peripheral interface flash memory is that the path between the terminal device and the serial peripheral interface flash memory is disconnected, the key in the memory of the terminal device may be destroyed, that is, the key in the memory of the terminal device may be automatically destroyed.
In this embodiment, the key is automatically generated by the related information of the terminal device and the serial peripheral interface flash memory at the time of power-on and power-on, and then directly transmitted to the encryption and decryption unit for operation, and is automatically destroyed when power-off occurs, so as to ensure that the key cannot be obtained in any physical way, enhance the security of key use and storage, prevent unauthorized access and data leakage, and further ensure the security of the key.
In addition, in an embodiment, the terminal device may set the authority for the key corresponding to the serial peripheral interface flash memory, where it is determined that a certain third party has the authority of the key corresponding to the serial peripheral interface flash memory, the terminal device may send information (such as device information of the specific terminal device and device information of the serial peripheral interface flash memory) for generating the key corresponding to the serial peripheral interface flash memory to the third party having the authority, so that the third party may directly generate the key corresponding to the serial peripheral interface flash memory based on the received information, and may encrypt and decrypt data in the serial peripheral interface flash memory based on the key under permission of the authority under the condition that a path between the terminal device and the serial peripheral interface flash memory is disconnected. Therefore, when the access between the terminal equipment and the serial peripheral interface flash memory is accidentally disconnected and special conditions or emergency conditions exist and the serial peripheral interface flash memory needs to be immediately read and written, the third party can generate the key based on the authorized information for generating the key corresponding to the serial peripheral interface flash memory, so that the serial peripheral interface flash memory can be smoothly read and written.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, the case that the path between the terminal equipment and the serial peripheral interface flash memory is disconnected at least comprises one or more of the following: the terminal equipment is powered down, the serial peripheral interface flash memory is powered down, and the terminal equipment is disconnected with the serial peripheral interface flash memory.
In combination with the above embodiment, in an implementation manner, the embodiment of the present invention further provides a data processing method. In the method, the terminal device may be a device with a small storage space and a need for external memory. Wherein, the terminal equipment at least comprises any one of the following: embedded equipment, intelligent household equipment, intelligent wearing equipment and intelligent medical equipment. That is, the terminal device of the embodiment may be conventional embedded devices that need to be encrypted, for example, a security chip, an SSD (Solid STATE DISK ), a smart card, and the like, which have high-efficiency encryption and decryption under limited hardware resources; the terminal equipment can be applied to the fields of intelligent home, intelligent cities, intelligent medical treatment and the like, is used in modern miniature equipment such as intelligent home equipment, intelligent wearing equipment, intelligent medical treatment equipment and the like, has the characteristics of small size, low power consumption, portability and the like, is connected and communicated with other equipment through a wireless communication technology (such as Wi-Fi, bluetooth, NFC and the like), has good portability and flexibility, and can be rapidly integrated in the equipment to enhance authentication, communication, upgrading safety and the like.
In addition, in practice, the present embodiment is not only applicable to the serial peripheral interface flash memory, but the serial peripheral interface flash memory in the present embodiment may be any nonvolatile memory, for example: hard disk, USB (USB FLASH DISK) disk, SD card (Secure Digital Memory Card), SSD, etc.
In one embodiment, as shown in fig. 2, fig. 2 is a system block diagram of a data security storage system according to an embodiment of the present invention. In fig. 2, the data security storage system includes at least: the system comprises terminal equipment, a serial peripheral interface bus and a serial peripheral interface flash memory, wherein the terminal equipment at least comprises a system on chip controller (namely an SOC controller), a six-wire serial peripheral interface controller and an internal bus.
The six-wire serial peripheral interface controller is used for controlling interaction between the terminal equipment and the serial peripheral interface flash memory through the serial peripheral interface bus, and at least comprises the following components: buffer (i.e. FIFO), register/controller, clock management and state converter to transmit clock signals to the serial peripheral interface flash memory via the clock management, state converter and serial peripheral interface bus, so as to implement interaction between the terminal device and the serial peripheral interface flash memory. And, the interaction between the six-wire serial peripheral interface controller and the serial peripheral interface flash memory through the serial peripheral interface bus can be realized through the QSPI communication unit.
The system-on-chip controller can be at least used for controlling related instructions of the encryption and decryption unit, the six-wire serial peripheral interface controller and the serial peripheral interface flash memory, and at least comprises the following components: encryption and decryption hardware modules (algorithms of SM3, SM4, SM1, AES, ASSON and the like are built in to realize encryption and decryption units), a direct mode controller (for controlling a direct Access mode of a six-wire serial peripheral interface controller), an indirect mode controller (for controlling an indirect Access mode of the six-wire serial peripheral interface controller), a serial peripheral interface flash Memory command generator (for generating flash Memory read-write instructions and the like aiming at the serial peripheral interface) and a Static Random-Access Memory (SRAM). The system on chip controller is connected with an internal bus interface (such as an AHB interface) of the terminal equipment so as to transmit the encrypted and decrypted data to a designated address inside the terminal equipment through an internal bus.
Further, the terminal device in this embodiment may further include: the key generation unit is used for automatically generating a symmetric key when the terminal equipment is electrified and started, directly sending the generated key to the encryption and decryption operation unit without local storage, and automatically destroying the security key contained in the storage equipment when the storage equipment is powered off.
In this embodiment, the terminal device and the serial peripheral interface flash memory information are combined, a unique identification number of the terminal device, an ID of the serial peripheral interface flash memory device and some detail parameters are adopted to generate a key through SM3 operation, the key is destroyed by power failure, and the data to be stored are encrypted according to symmetric algorithms such as parameter selection encryption algorithms SM1 and SM4, so that the generation and storage processes of the key are reasonably designed and managed to prevent unauthorized access and data leakage, and the security and reliability of the system can be greatly improved.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.
Based on the same inventive concept, an embodiment of the present invention provides a data processing apparatus 300. Referring to fig. 3, fig. 3 is a block diagram of a data processing apparatus according to an embodiment of the present invention. The data processing apparatus 300 is applied to a terminal device, and the data processing apparatus 300 includes:
a first data grouping module 301, configured to, in a case of a path connection between the terminal device and a serial peripheral interface flash memory, group, in a process of transmitting data to be stored through the path, data to be stored in the path with a target data transmission length, so as to obtain a data packet with a length up to the target data transmission length;
A data encryption module 302, configured to encrypt, by an encryption/decryption unit disposed on the channel, one of the obtained data packets based on a key, to obtain an encrypted data packet; the time consumption of the encryption and decryption unit for carrying out encryption operation on one data packet is less than the time consumption of a first target;
and the first data transmission module 303 is configured to transmit, through a serial peripheral interface bus, one of the obtained encrypted data packets to the serial peripheral interface flash memory and store the encrypted data packet.
Optionally, the apparatus 300 further includes:
A second data grouping module, configured to group, during the process of reading target data from the flash memory of the serial peripheral interface through the path, the target data in the path with the target data transmission length, so as to obtain a target data packet with a length up to the target data transmission length;
The data decryption module is used for decrypting one obtained target data packet based on the key through the encryption and decryption unit to obtain a decrypted target data packet; wherein, the time consumption of the encryption and decryption unit for carrying out decryption operation on one target data packet is less than the time consumption of a second target;
And the second data transmission module is used for transmitting one obtained decrypted target data packet to a designated address through an internal bus of the terminal equipment every time the decrypted target data packet is obtained.
Optionally, the path is at least formed by the terminal device, the serial peripheral interface bus and the serial peripheral interface flash memory; a buffer area is arranged between the serial peripheral interface bus and the serial peripheral interface flash memory, the encryption and decryption unit is arranged in the terminal equipment, and the encryption and decryption unit is arranged on a path from the buffer area to the serial peripheral interface bus;
The apparatus 300 further comprises:
And the buffer module is used for temporarily storing the target data packet through the buffer area after each target data packet is obtained and before the target data packet obtained is decrypted by the encryption and decryption unit based on the secret key to obtain a decrypted target data packet, and sending the target data packet to the encryption and decryption unit through a first-in-first-out mode in the buffer area.
Optionally, the terminal device at least includes: the terminal equipment is connected with the serial peripheral interface flash memory based on the serial peripheral interface bus through the six-wire serial peripheral interface controller; the apparatus 300 further comprises:
The mode determining module is used for determining an access mode corresponding to the six-wire serial peripheral interface controller;
The direct access mode module is used for directly acquiring data in the serial peripheral interface flash memory through the six-wire serial peripheral interface controller under the condition that the six-wire serial peripheral interface controller is in a direct access mode, and decrypting the data through the encryption and decryption unit to obtain decrypted data;
The direct access mode characterizes that the serial peripheral interface flash memory directly interacts with the internal memory of the terminal equipment.
Optionally, the direct access mode module includes:
The key reading module is used for reading the key from the memory of the terminal equipment;
And the key decryption module is used for decrypting through the encryption and decryption unit based on the read key to obtain the decrypted data.
Optionally, the apparatus 300 further includes:
The first monitoring module is used for monitoring the channel condition between the terminal equipment and the serial peripheral interface flash memory;
And the unit information destroying module is used for destroying all information in the encryption and decryption unit under the condition that the access condition is that the access between the terminal equipment and the serial peripheral interface flash memory is disconnected.
Optionally, a symmetric algorithm is arranged in the encryption and decryption unit;
The data encryption module 302 includes:
The encryption algorithm determining module is used for determining a target encryption algorithm from the symmetrical algorithms through the encryption and decryption unit;
The data encryption sub-module is used for encrypting one obtained data packet through the target encryption algorithm based on the secret key to obtain one encrypted data packet, and the encrypted data packet carries an algorithm identifier of the target encryption algorithm;
The data decryption module comprises:
the decryption algorithm determining module is used for determining a target decryption algorithm based on the algorithm identifier carried by the target data packet through the encryption and decryption unit;
And the data decryption sub-module is used for decrypting one obtained target data packet through the target decryption algorithm based on the secret key to obtain one decrypted target data packet.
Optionally, the encryption algorithm determining module includes:
a random determining module, configured to randomly determine one or more symmetric algorithms from the symmetric algorithms as the target encryption algorithm;
a type determining module for determining a data type of the data packet;
And the type algorithm determining module is used for determining that the symmetric algorithm corresponding to the data type is the target encryption algorithm from the symmetric algorithms based on the data type.
Optionally, the apparatus 300 further includes:
the access establishment module is used for establishing access connection between the terminal equipment and the serial peripheral interface flash memory when the terminal equipment is powered on and started;
The information acquisition module is used for acquiring the equipment information of the terminal equipment and the equipment information of the serial peripheral interface flash memory, and the equipment information of the terminal equipment at least comprises one or more of the following: the method comprises the steps of equipment identification of terminal equipment, factory information of the terminal equipment and the size of the terminal equipment; the device information of the serial peripheral interface flash memory at least comprises one or more of the following: the method comprises the steps of (1) identifying a flash memory of the serial peripheral interface flash memory, leaving date of the serial peripheral interface flash memory, and manufacturer name of the serial peripheral interface flash memory;
The splicing module is used for splicing the equipment information of the terminal equipment and the equipment information of the serial peripheral interface flash memory to obtain spliced information;
and the key generation module is used for processing the spliced information to obtain an information abstract and generating the key based on the information abstract.
Optionally, the apparatus 300 further includes:
the key storage module is used for sending the key to the encryption and decryption unit after the key is generated based on the information abstract and storing the key in the memory of the terminal equipment;
The second monitoring module is used for monitoring the channel condition between the terminal equipment and the serial peripheral interface flash memory;
and the key destroying module is used for destroying the key in the memory under the condition that the access condition is that the access between the terminal equipment and the serial peripheral interface flash memory is disconnected.
Optionally, the case that the path between the terminal device and the serial peripheral interface flash memory is disconnected at least includes one or more of the following:
The terminal device is powered down, the serial peripheral interface flash memory is powered down, and the terminal device is disconnected with the serial peripheral interface flash memory.
Optionally, the terminal device includes at least any one of the following: embedded equipment, intelligent household equipment, intelligent wearing equipment and intelligent medical equipment.
Based on the same inventive concept, another embodiment of the present invention provides an electronic device 400 as shown in fig. 4. Fig. 4 is a schematic diagram of an electronic device according to an embodiment of the present invention. The electronic device comprises a processor 401, a memory 402 and a computer program stored on the memory 402 and executable on the processor 401, which when executed by the processor implements the steps of the data processing method according to any of the embodiments of the invention.
Based on the same inventive concept, another embodiment of the present invention provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the data processing method according to any of the above embodiments of the present invention.
Based on the same inventive concept, another embodiment of the present invention provides a computer program product comprising a computer program/instruction which, when executed by a processor, implements the steps of the data processing method according to any of the embodiments of the present invention.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the related art in the form of a software product stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk), including several instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (15)
1. A data processing method, applied to a terminal device, the method comprising:
Under the condition of path connection between the terminal equipment and the serial peripheral interface flash memory, in the process of transmitting data to be stored through the path, grouping the data to be stored in the path according to a target data transmission length to obtain a data group with the length of at most the target data transmission length;
Encrypting one obtained data packet based on a key through an encryption and decryption unit arranged on the channel to obtain an encrypted data packet; the time consumption of the encryption and decryption unit for carrying out encryption operation on one data packet is less than the time consumption of a first target;
transmitting one obtained encrypted data packet to a buffer area for temporary storage through a serial peripheral interface bus, and transmitting the encrypted data packet temporarily stored in the buffer area to a flash memory of the serial peripheral interface in a first-in first-out mode for storage;
The path is at least composed of the terminal equipment, the serial peripheral interface bus and the serial peripheral interface flash memory; the buffer area is arranged between the serial peripheral interface bus and the serial peripheral interface flash memory, the encryption and decryption unit is arranged in the terminal equipment, and the encryption and decryption unit is arranged on a path from the buffer area to the serial peripheral interface bus.
2. The data processing method of claim 1, wherein the method further comprises:
In the process of reading target data from the serial peripheral interface flash memory through the path, grouping the target data in the path according to the target data transmission length to obtain target data groups with the length of at most the target data transmission length;
Decrypting, by the encryption/decryption unit, the obtained one target data packet based on the key to obtain a decrypted target data packet; wherein, the time consumption of the encryption and decryption unit for carrying out decryption operation on one target data packet is less than the time consumption of a second target;
and transmitting the obtained one decrypted target data packet to a designated address through an internal bus of the terminal equipment every time the decrypted target data packet is obtained.
3. The data processing method according to claim 2, wherein after said each of said target data packets is obtained, and before said decrypting, by said encrypting and decrypting unit, said obtained one of said target data packets based on said key, a decrypted target data packet is obtained, said method further comprising:
And temporarily storing the target data packet through the buffer area, and sending the target data packet to the encryption and decryption unit in the buffer area in a first-in-first-out mode.
4. The data processing method according to claim 2, wherein the terminal device at least includes: the terminal equipment is connected with the serial peripheral interface flash memory based on the serial peripheral interface bus through the six-wire serial peripheral interface controller; the method further comprises the steps of:
Determining an access mode corresponding to the six-wire serial peripheral interface controller;
Under the condition that the six-wire serial peripheral interface controller is in a direct access mode, directly acquiring data in the serial peripheral interface flash memory through the six-wire serial peripheral interface controller, and decrypting the data through the encryption and decryption unit to obtain decrypted data;
The direct access mode characterizes that the serial peripheral interface flash memory directly interacts with the internal memory of the terminal equipment.
5. The method according to claim 4, wherein decrypting the data by the encryption/decryption unit to obtain decrypted data includes:
reading the secret key from the memory of the terminal equipment;
and decrypting through the encryption and decryption unit based on the read secret key to obtain decrypted data.
6. The data processing method according to claim 2, characterized in that the method further comprises:
monitoring the channel condition between the terminal equipment and the serial peripheral interface flash memory;
and destroying all information in the encryption and decryption unit under the condition that the access condition is that the access between the terminal equipment and the serial peripheral interface flash memory is disconnected.
7. The data processing method according to claim 2, wherein the encryption and decryption unit has a symmetric algorithm built therein;
the encrypting and decrypting unit arranged on the channel encrypts the obtained data packet based on a key to obtain an encrypted data packet, and the encrypting and decrypting unit comprises:
determining a target encryption algorithm from the symmetrical algorithms through the encryption and decryption unit;
Encrypting one obtained data packet based on the secret key through the target encryption algorithm to obtain one encrypted data packet, wherein the encrypted data packet carries an algorithm identifier of the target encryption algorithm;
The decrypting, by the encrypting and decrypting unit, the obtained one target data packet based on the key, to obtain a decrypted target data packet, including:
determining a target decryption algorithm based on the algorithm identification carried by the target data packet through the encryption and decryption unit;
and decrypting the obtained target data packet by the target decryption algorithm based on the secret key to obtain a decrypted target data packet.
8. The method of claim 7, wherein said determining a target encryption algorithm from said symmetric algorithms comprises:
Randomly determining one or more symmetrical algorithms from the symmetrical algorithms as the target encryption algorithm; or alternatively, the first and second heat exchangers may be,
Determining a data type of the data packet;
and determining a symmetric algorithm corresponding to the data type as the target encryption algorithm from the symmetric algorithms based on the data type.
9. The data processing method of claim 1, wherein the method further comprises:
When the terminal equipment is powered on and started, establishing access connection between the terminal equipment and the serial peripheral interface flash memory;
Acquiring equipment information of the terminal equipment and equipment information of the serial peripheral interface flash memory, wherein the equipment information of the terminal equipment at least comprises one or more of the following: the method comprises the steps of equipment identification of terminal equipment, factory information of the terminal equipment and the size of the terminal equipment; the device information of the serial peripheral interface flash memory at least comprises one or more of the following: the method comprises the steps of (1) identifying a flash memory of the serial peripheral interface flash memory, leaving date of the serial peripheral interface flash memory, and manufacturer name of the serial peripheral interface flash memory;
Splicing the equipment information of the terminal equipment and the equipment information of the serial peripheral interface flash memory to obtain spliced information;
and processing the spliced information to obtain an information abstract, and generating the secret key based on the information abstract.
10. The data processing method of claim 9, wherein after the generating the key based on the information digest, the method further comprises:
The secret key is sent to the encryption and decryption unit and is stored in the memory of the terminal equipment;
monitoring the channel condition between the terminal equipment and the serial peripheral interface flash memory;
And destroying the secret key in the memory under the condition that the access condition is that the access between the terminal equipment and the serial peripheral interface flash memory is disconnected.
11. The data processing method according to any one of claims 1 to 10, wherein the case that the path between the terminal device and the serial peripheral interface flash memory is disconnected includes at least one or more of:
The terminal device is powered down, the serial peripheral interface flash memory is powered down, and the terminal device is disconnected with the serial peripheral interface flash memory.
12. The data processing method according to any one of claims 1 to 10, wherein the terminal device includes at least any one of: embedded equipment, intelligent household equipment, intelligent wearing equipment and intelligent medical equipment.
13. An electronic device, comprising: a processor, a memory and a computer program stored on the memory and executable on the processor, which when executed by the processor performs the steps in the data processing method according to any one of claims 1 to 12.
14. A computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps in the data processing method according to any one of claims 1 to 12.
15. A computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps in the data processing method of any of claims 1 to 12.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410668412.6A CN118246080B (en) | 2024-05-28 | 2024-05-28 | Data processing method, electronic equipment, storage medium and product |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410668412.6A CN118246080B (en) | 2024-05-28 | 2024-05-28 | Data processing method, electronic equipment, storage medium and product |
Publications (2)
Publication Number | Publication Date |
---|---|
CN118246080A CN118246080A (en) | 2024-06-25 |
CN118246080B true CN118246080B (en) | 2024-08-16 |
Family
ID=91552918
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410668412.6A Active CN118246080B (en) | 2024-05-28 | 2024-05-28 | Data processing method, electronic equipment, storage medium and product |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN118246080B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102008026697A1 (en) * | 2008-06-04 | 2009-12-10 | Infineon Technologies Ag | Data output encoding device e.g. safety dongle, for use in mobile telephone, has bus encoding mechanism for selectively encoding digital signals output by processor, and peripheral interface for outputting selectively encoded signals |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7702831B2 (en) * | 2000-01-06 | 2010-04-20 | Super Talent Electronics, Inc. | Flash memory controller for electronic data flash card |
US7814337B2 (en) * | 2000-01-06 | 2010-10-12 | Super Talent Electronics, Inc. | Secure flash-memory card reader with host-encrypted data on a flash-controller-mastered bus parallel to a local CPU bus carrying encrypted hashed password and user ID |
EP1540957A4 (en) * | 2002-04-30 | 2009-07-08 | Gen Dynamics Advanced Inf Sys | Method and apparatus for in-line serial data encryption |
US7961705B2 (en) * | 2003-04-30 | 2011-06-14 | Lightwaves Systems, Inc. | High bandwidth data transport system |
US9256551B2 (en) * | 2013-08-09 | 2016-02-09 | Apple Inc. | Embedded encryption/secure memory management unit for peripheral interface controller |
US9531689B1 (en) * | 2014-11-10 | 2016-12-27 | The United States Of America As Represented By The Secretary Of The Navy | System and method for encryption of network data |
CN109040090B (en) * | 2018-08-17 | 2019-08-09 | 北京海泰方圆科技股份有限公司 | A data encryption method and device |
US20200151362A1 (en) * | 2019-08-21 | 2020-05-14 | Intel Corporation | Integrity and data encryption (ide) over computer buses |
CN112654989B (en) * | 2020-03-18 | 2022-01-28 | 华为技术有限公司 | Data storage method, data access method, and related devices and equipment |
CN112256602A (en) * | 2020-10-22 | 2021-01-22 | 方一信息科技(上海)有限公司 | PCIe SSD controller, data storage system and data transmission method |
CN112329038B (en) * | 2020-11-15 | 2022-10-14 | 珠海一微半导体股份有限公司 | Data encryption control system and chip based on USB interface |
CN115344881B (en) * | 2022-10-19 | 2023-07-04 | 无锡沐创集成电路设计有限公司 | Hard disk encryption and decryption device and method, hard disk and I/O interface |
-
2024
- 2024-05-28 CN CN202410668412.6A patent/CN118246080B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102008026697A1 (en) * | 2008-06-04 | 2009-12-10 | Infineon Technologies Ag | Data output encoding device e.g. safety dongle, for use in mobile telephone, has bus encoding mechanism for selectively encoding digital signals output by processor, and peripheral interface for outputting selectively encoded signals |
Also Published As
Publication number | Publication date |
---|---|
CN118246080A (en) | 2024-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101346930B (en) | Secure System-on-Chip | |
CN1269071C (en) | Storage card | |
CN109768862B (en) | A kind of key management method, key call method and cipher machine | |
US20160283937A1 (en) | Technologies for split key security | |
WO2008060733A2 (en) | Bi-processor architecture for secure systems | |
CN101149775A (en) | Encryption and decryption method for realizing hardware and software binding | |
CN111310213A (en) | Service data protection method, device, equipment and readable storage medium | |
CN101753312A (en) | Security certification method and security certification device for power grid equipment and negative control terminal | |
US11405202B2 (en) | Key processing method and apparatus | |
CN209402526U (en) | The key storage device of safety chip | |
CN102693385A (en) | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof | |
CA2737145A1 (en) | Secure communication interface for secure multi-processor system | |
CN103986582A (en) | Data encryption transmission method, device and system based on dynamic encryption technology | |
KR20220049197A (en) | Apparatus, method and computer program for managing quantum cryptography key | |
CN101534299A (en) | Information security device based on SD Memory/SDIO interfaces and data communication method therefor | |
CN110674515B (en) | A multi-level secure memory chip architecture | |
CN109194467A (en) | A kind of safe transmission method and system of encryption data | |
US9536116B2 (en) | Active component embedded in cable | |
CN104104650A (en) | Data file visit method and terminal equipment | |
CN112074796A (en) | Device with a removable smart card | |
CN102831357B (en) | Encryption and authentication protection method and system of secondary development embedded type application program | |
CN112217806A (en) | Data transmission encryption method, server and storage medium | |
CN102831081A (en) | Transparent encryption and decryption secure digital memory card (SD card) and implementation method thereof | |
CN118246080B (en) | Data processing method, electronic equipment, storage medium and product | |
CN103699853B (en) | A kind of intelligent SD card and control system thereof and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |