CN102346820A - Confidential data storage method and device - Google Patents
Confidential data storage method and device Download PDFInfo
- Publication number
- CN102346820A CN102346820A CN2010102428237A CN201010242823A CN102346820A CN 102346820 A CN102346820 A CN 102346820A CN 2010102428237 A CN2010102428237 A CN 2010102428237A CN 201010242823 A CN201010242823 A CN 201010242823A CN 102346820 A CN102346820 A CN 102346820A
- Authority
- CN
- China
- Prior art keywords
- private data
- control chip
- encryption
- read
- write
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention relates to the field of data storage, and discloses a confidential data storage method and a device, wherein the confidential data storage method comprises the steps that: confidential data which is input externally is generated in a control chip or received; the confidential data is encrypted according to a pre-saved encryption and decryption password; and the encrypted confidential data is written into an external non-volatile memory. The embodiment of the invention can realize the safe external storage of the confidential data, so that the production process complicacy and the cost of the control chip can be reduced.
Description
Technical field
The present invention relates to field of data storage, relate in particular to a kind of private data storage means and device.
Background technology
Along with the continuous development of society, increasing private data need be stored.Wherein, so-called private data is meant and need maintains secrecy, prevent the data that others obtains and attacks.Common private data a guy's digital certificate (being used for personal identification), bank's key or the like.
In the practical application, private data generally all is stored in the middle of the onboard flash memory (eflash) of control chip.For example, all built-in eflash in USB-KEY control chip, PKI smartcard control chip and SD-KEY control chip, eflash is used for the storage security data, prevents that private data from receiving multimedia attack such as outside probe and obtain.
Find in the practice, if on control chip built-in eflash, then need on manufacturing, adopt special process that the film (MASK) of control chip is increased to about 45 layers, so not only cause complex manufacturing, and cost is high.
Summary of the invention
A kind of private data storage means and device are provided in the embodiment of the invention, can have realized the external storage of safety of private data, thereby can reduce the complex manufacturing degree and the cost of control chip.
A kind of private data storage means is provided in the embodiment of the invention, has comprised:
The inner private data that produces or receive outside input of control chip;
Control chip carries out encryption according to the encryption and decryption key of preserving in advance to said private data;
The private data of control chip after with encryption writes outside non-volatile reservoir.
A kind of private data memory storage is provided in the embodiment of the invention, has comprised:
Control chip and non-volatile reservoir;
Wherein, said control chip comprises:
Programmable storing model is used to preserve the encryption and decryption key;
Encrypting module is used to receive the inner private data of importing that produce or outside, and the encryption and decryption key of preserving according to said programmable storing model carries out encryption and exports the read-write control module to said private data;
Said read-write control module is used for the private data through encryption of said encrypting module output is write said non-volatile reservoir;
Said non-volatile reservoir is used to store the private data through encryption that said read-write control module writes.
Compared with prior art, the embodiment of the invention has following beneficial effect:
In the embodiment of the invention; After control chip receives the private data of outside input; Can carry out encryption to the private data of outside input according to the encryption and decryption key of preserving in advance, then the private data after the encryption write outside non-volatile reservoir.In this way, can realize the external storage of safety of private data, can avoid the built-in eflash of control chip simultaneously, thereby can reduce the complex manufacturing degree and the cost of control chip.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention; To do to introduce simply to the accompanying drawing of required use among the embodiment below; Obviously; Accompanying drawing in describing below only is some embodiments of the present invention; For those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the process flow diagram of a kind of private data storage means of providing in the embodiment of the invention;
Fig. 2 is the process flow diagram of the another kind of private data storage means that provides in the embodiment of the invention;
Fig. 3 is the structural drawing of a kind of private data memory storage of providing in the embodiment of the invention;
Fig. 4 is the structural drawing of the another kind of private data memory storage that provides in the embodiment of the invention.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
A kind of private data storage means and device are provided in the embodiment of the invention; Wherein, This private data storage means is received the private data of outside input by control chip; And the private data of outside input is carried out encryption, and then write outside non-volatile reservoir by the private data of control chip after with encryption according to the encryption and decryption key of preserving in advance.The embodiment of the invention can realize the external storage of the safety of private data, reduces the complex manufacturing degree and the cost of control chips such as USB-KEY, PKI smartcard and SD-KEY.
Embodiment one:
See also Fig. 1, Fig. 1 is the process flow diagram of a kind of private data storage means of providing in the embodiment of the invention, and as shown in Figure 1, this private data storage means can may further comprise the steps:
101, the inner private data that produces or receive outside input of control chip;
For instance, the control chip that relates in the present embodiment can be USB-KEY control chip, PKIsmartcard control chip or SD-KEY control chip, can also be other control chip that is used for the storage security data.
For instance, the private data that relates in the present embodiment can be personal digital certificate (being used for personal identification), bank's key, also can be that other need maintain secrecy, prevent the data that others obtains and attacks.
102, control chip carries out encryption according to the encryption and decryption key of preserving in advance to said private data;
In the present embodiment, control chip can produce the encryption and decryption key of different length according to the demand of different enciphering and deciphering algorithms and Cipher Strength, and this encryption and decryption key produces in control chip and stores, and cannot be removed and duplicate, and good security is arranged.
For instance; The adaptable enciphering and deciphering algorithm of control chip can include but not limited to: key length is 56 data encryption algorithm (Data Encryption Algorithm; DES); Key length is triple data encryption algorithm (Triple Data Encryption Algorithm of 168; 3DES); Key length is 128 IDEA (International Data Encryption Algorithm; IDEA) and key length be 128; 192 or 256 Advanced Encryption Standard (Advanced Encryption Standard, AES) algorithm.
In the present embodiment, the implementation procedure that application encryption and decryption key carries out encryption to private data is a general knowledge known in those skilled in the art, and present embodiment is not given unnecessary details at this.
103, the private data of control chip after with encryption writes outside non-volatile reservoir.
In the present embodiment, the private data of control chip after with encryption writes outside non-volatile reservoir, can prevent that private data is stolen or attacks, and reaches the purpose of protection private data.
For instance; For the private data that prevents to write owing to the characteristic of non-volatile storer is lost; Control chip can duplicate the private data after the encryption and write outside non-volatile storer after some parts, reaches the purpose that improves the private data storage life.
Wherein, The non-volatile reservoir that relates in the present embodiment is the outer non-volatile storer of the sheet of control chip; Non-volatile reservoir includes but not limited to: and flash memory (Flash Memory), EEPROM (Electrically Erasable Programmable Read Only Memo) (Electrically Erasable Programmable Read-Only Memory, EEPROM) etc.
Wherein, the non-volatile reservoir that relates in the present embodiment can (Universal Serial BUS USB) be connected with control chip through internal data bus or USB (universal serial bus).
In the present embodiment, after control chip receives the private data of outside input, can carry out encryption to the private data of outside input, then the private data after the encryption write outside non-volatile reservoir according to the encryption and decryption key of preserving in advance.This mode can realize the external storage of the safety of private data, can avoid the built-in eflash of control chip simultaneously, thereby can reduce the complex manufacturing degree and the cost of control chip.
Embodiment two:
See also Fig. 2, Fig. 2 is the process flow diagram of a kind of private data storage means of providing in the embodiment of the invention, and as shown in Figure 2, this private data storage means can may further comprise the steps:
201, control chip produces random number through random generator, and this random number is preserved as the encryption and decryption key;
For instance, control chip can generate random number (very at random or pseudorandom) through random generator before the private data that receives outside input, and random number is write in the control chip programmable storing model as the encryption and decryption key.
In the present embodiment, programmable storing model specifically can be One Time Programmable (One Time Programmable, an OTP) module.
202, the inner private data that produces or receive outside input of control chip;
Wherein, step 202 is identical with step 101 in the foregoing description one, and present embodiment is not repeated.
203, control chip carries out encryption according to the encryption and decryption key of preserving in advance to said private data;
Wherein, step 203 is identical with step 102 in the foregoing description one, and present embodiment is not repeated.
204, the private data of control chip after with encryption writes outside non-volatile reservoir;
Wherein, step 204 is identical with step 103 in the foregoing description one, and present embodiment is not repeated.
205, control chip receives the outside private data of importing and reads request;
206, control chip reads the private data through encryption of preserving in the outside non-volatile reservoir;
Wherein, when preserving the private data of some parts of identical process encryptions in the non-volatile reservoir in outside, control chip only need read a complete private data through encryption and get final product.
207, control chip carries out decryption processing and output according to above-mentioned encryption and decryption key to the private data that reads.
In the present embodiment; When needs read the private data that is stored in the outside non-volatile storer (for example Flash Memory, EEPROM etc.); Control chip is deciphered this private data through the encryption and decryption key in the internal programmable memory module earlier after reading private data; Just revert to private data expressly after the deciphering, can be used.
In the present embodiment, the private data that reads is carried out decryption processing to control chip and encryption is inverse operation, is general knowledge known in those skilled in the art, and present embodiment is not given unnecessary details at this.
In the present embodiment, after control chip receives the private data of outside input, can carry out encryption to the private data of outside input, then the private data after the encryption write outside non-volatile reservoir according to the encryption and decryption key of preserving in advance; When needs read private data, control chip was deciphered and is exported according to the encryption and decryption key after reading private data.The external storage of safety that realizes private data with read, can avoid the built-in eflash of control chip simultaneously, thereby can reduce the complex manufacturing degree and the cost of control chip.
Embodiment three:
See also Fig. 3, Fig. 3 is the structural drawing of a kind of private data memory storage of providing in the embodiment of the invention, and as shown in Figure 3, this private data memory storage can comprise:
Wherein, control chip 301 can comprise:
Wherein, read-write control module 3013 is used for the private data through encryption of encrypting module 3012 outputs is write non-volatile reservoir 302;
Wherein, non-volatile reservoir 302 is used for the private data through encryption that storage read-write control module 3013 writes.
Wherein, the non-volatile reservoir 302 that relates in the present embodiment can be connected with read-write control module 3013 through internal data bus or USB (universal serial bus) (USB).
In the present embodiment; After encrypting module 3012 receives the private data of outside input; Can carry out encryption to the private data of outside input according to the encryption and decryption key that programmable storing model 3011 is preserved in advance, then the private data after the encryption write outside non-volatile reservoir 302 storages.This mode can realize the external storage of the safety of private data, can avoid the built-in eflash of control chip simultaneously, thereby can reduce the complex manufacturing degree and the cost of control chip.
Embodiment four:
See also Fig. 4, Fig. 4 is the structural drawing of the another kind of private data memory storage that provides in the embodiment of the invention, and private data memory storage shown in Figure 4 is to be obtained by private data memory storage optimization shown in Figure 3, can comprise:
Wherein, control chip 301 can comprise:
Random generator 3010 is used to produce random number, and this random number is write programmable storing model 3011 as the encryption and decryption key preserves.
Wherein, read-write control module 3013 is used for the private data through encryption of encrypting module 3012 outputs is write non-volatile reservoir 302.
For instance, read-write control module 3013 can be used for that specifically the private data through encryption of encrypting module 3012 outputs is duplicated some parts and write non-volatile reservoir 302, reaches the purpose that improves the private data storage life.
Wherein, non-volatile reservoir 302 is used for the private data through encryption that storage read-write control module 3013 writes.
As shown in Figure 4, control chip 301 can also comprise:
Deciphering module 3014 is used to receive the private data request of reading of outside input and notifies read-write control module 3013;
Correspondingly, read-write control module 3014 also is used for reading the private data of process encryption and exporting to deciphering module 3014 from non-volatile reservoir 302 according to the notice of deciphering module 3014;
Correspondingly, the deciphering module 3014 encryption and decryption key that also is used for preserving according to programmable storing model 3011 private data that read-write control module 3014 is read is carried out decryption processing and output.
In the present embodiment, control chip 301 is specially USB-KEY control chip, PKI smartcard control chip or SD-KEY control chip.
In the present embodiment; After encrypting module 3012 receives the private data of outside input; Can carry out encryption to the private data of outside input according to the encryption and decryption key that programmable storing model 3011 is preserved in advance, then the private data after the encryption write outside non-volatile reservoir 302; When needs read private data, deciphering module 3014 was deciphered and is exported according to the encryption and decryption key that programmable storing model 3011 is preserved in advance after read-write control module 3014 reads private data.The external storage of safety that realizes private data with read, can avoid the built-in eflash of control chip simultaneously, thereby can reduce the complex manufacturing degree and the cost of control chip.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of programmed instruction; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: ROM (read-only memory) (Read-Only Memory, ROM), random access device (Random Access Memory, RAM), various media that can be program code stored such as magnetic disc or CD.
More than a kind of private data storage means and device that the embodiment of the invention provided have been carried out detailed introduction; Used concrete example among this paper principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that on embodiment and range of application, all can change, to sum up, this description should not be construed as limitation of the present invention.
Claims (10)
1. a private data storage means is characterized in that, comprising:
The inner private data that produces or receive outside input of control chip;
Control chip carries out encryption according to the encryption and decryption key of preserving in advance to said private data;
The private data of control chip after with encryption writes outside non-volatile reservoir.
2. method according to claim 1 is characterized in that, said method also comprises:
Control chip produces random number through random generator;
Said random number is preserved as the encryption and decryption key.
3. method according to claim 1 and 2 is characterized in that, said method also comprises:
The private data that control chip receives outside input reads request;
Read the private data through encryption of preserving in the non-volatile reservoir in said outside;
According to said encryption and decryption key the private data that reads is carried out decryption processing and output.
4. method according to claim 1 and 2 is characterized in that, the private data of said control chip after with encryption writes outside non-volatile reservoir and comprise:
The private data of said control chip after with encryption duplicated some parts and write outside non-volatile reservoir.
5. method according to claim 1 and 2 is characterized in that, said control chip is specially USB-KEY control chip, PKI smartcard control chip or SD-KEY control chip.
6. a private data memory storage is characterized in that, comprising:
Control chip and non-volatile reservoir;
Wherein, said control chip comprises:
Programmable storing model is used to preserve the encryption and decryption key;
Encrypting module is used to receive the inner private data of importing that produce or outside, and the encryption and decryption key of preserving according to said programmable storing model carries out encryption and exports the read-write control module to said private data;
Said read-write control module is used for the private data through encryption of said encrypting module output is write said non-volatile reservoir;
Said non-volatile reservoir is used to store the private data through encryption that said read-write control module writes.
7. device according to claim 6 is characterized in that, said control chip also comprises:
Random generator is used to produce random number, and said random number is write said programmable storing model as the encryption and decryption key preserves.
8. according to claim 6 or 7 described devices, it is characterized in that said control chip also comprises:
Deciphering module is used to receive the private data request of reading of outside input and notify said read-write control module;
Said read-write control module also is used for reading the private data of process encryption and exporting to said deciphering module from said non-volatile reservoir according to said notice;
Said deciphering module also is used for carrying out decryption processing and output according to the private data that the encryption and decryption key that said programmable storing model is preserved reads said read-write control module.
9. according to claim 6 or 7 described devices, it is characterized in that,
Said read-write control module is used for that specifically the private data through encryption of said encrypting module output is duplicated some parts and writes said non-volatile reservoir.
10. according to claim 6 or 7 described devices, it is characterized in that said control chip is specially USB-KEY control chip, PKI smartcard control chip or SD-KEY control chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102428237A CN102346820A (en) | 2010-07-30 | 2010-07-30 | Confidential data storage method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102428237A CN102346820A (en) | 2010-07-30 | 2010-07-30 | Confidential data storage method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102346820A true CN102346820A (en) | 2012-02-08 |
Family
ID=45545492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102428237A Pending CN102346820A (en) | 2010-07-30 | 2010-07-30 | Confidential data storage method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102346820A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020549A (en) * | 2012-11-26 | 2013-04-03 | 北京华大信安科技有限公司 | Protection device and storage device of storer |
| CN105528548A (en) * | 2015-12-09 | 2016-04-27 | 乐鑫信息科技(上海)有限公司 | Method for encoding and automatically decoding codes in chip OutNvMem in batches |
| CN106203182A (en) * | 2016-06-23 | 2016-12-07 | 努比亚技术有限公司 | The device and method of storage data |
| CN107516047A (en) * | 2017-08-08 | 2017-12-26 | 杭州中天微系统有限公司 | A kind of data storage ciphering and deciphering device and method |
| CN107590402A (en) * | 2017-09-26 | 2018-01-16 | 杭州中天微系统有限公司 | A kind of data storage ciphering and deciphering device and method |
| US11550927B2 (en) | 2017-09-26 | 2023-01-10 | C-Sky Microsystems Co., Ltd. | Storage data encryption/decryption apparatus and method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281496A (en) * | 2007-04-02 | 2008-10-08 | 北京华旗资讯数码科技有限公司 | Ciphering type mobile storage apparatus |
-
2010
- 2010-07-30 CN CN2010102428237A patent/CN102346820A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281496A (en) * | 2007-04-02 | 2008-10-08 | 北京华旗资讯数码科技有限公司 | Ciphering type mobile storage apparatus |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020549A (en) * | 2012-11-26 | 2013-04-03 | 北京华大信安科技有限公司 | Protection device and storage device of storer |
| CN103020549B (en) * | 2012-11-26 | 2016-05-11 | 北京华大信安科技有限公司 | The protective device of memory and storage device |
| CN105528548A (en) * | 2015-12-09 | 2016-04-27 | 乐鑫信息科技(上海)有限公司 | Method for encoding and automatically decoding codes in chip OutNvMem in batches |
| CN106203182A (en) * | 2016-06-23 | 2016-12-07 | 努比亚技术有限公司 | The device and method of storage data |
| CN107516047A (en) * | 2017-08-08 | 2017-12-26 | 杭州中天微系统有限公司 | A kind of data storage ciphering and deciphering device and method |
| US11030119B2 (en) | 2017-08-08 | 2021-06-08 | C-Sky Microsystems Co., Ltd. | Storage data encryption and decryption apparatus and method |
| CN107590402A (en) * | 2017-09-26 | 2018-01-16 | 杭州中天微系统有限公司 | A kind of data storage ciphering and deciphering device and method |
| US11550927B2 (en) | 2017-09-26 | 2023-01-10 | C-Sky Microsystems Co., Ltd. | Storage data encryption/decryption apparatus and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9483664B2 (en) | Address dependent data encryption | |
| EP2728509B1 (en) | Semiconductor Device and Encryption Key Writing Method | |
| CN202650015U (en) | System for access of encrypted memory | |
| CN108599930A (en) | Firmware encrypting and deciphering system and method | |
| CN1734475B (en) | Semiconductor integrated circuit and information processing apparatus | |
| US20200310989A1 (en) | Method and apparatus to generate zero content over garbage data when encryption parameters are changed | |
| KR101303278B1 (en) | FPGA apparatus and method for protecting bitstream | |
| US9319389B2 (en) | Data recording device, and method of processing data recording device | |
| CN108229215A (en) | A kind of scrambled storage device in address and method | |
| CN102346820A (en) | Confidential data storage method and device | |
| CN100405335C (en) | Memory information protecting system, semiconductor memory, and method for protecting memory information | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN101582109A (en) | Data encryption method and device, data decryption method and device and solid state disk | |
| CN104298926B (en) | A kind of method and apparatus for running encryption file | |
| CN101218609B (en) | Portable data carrier featuring secure data processing | |
| US8745391B2 (en) | Data recording device, host device and method of processing data recording device | |
| CN103390139A (en) | Data storage device and data protection method thereof | |
| CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
| CN105095945A (en) | SD card capable of securely storing data | |
| CN103684786A (en) | Method and system for storing digital certificate and binding digital certificate to hardware carrier | |
| CN102662874B (en) | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card | |
| US20140344582A1 (en) | Information recording device | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN102480353A (en) | Method of password authentication and secret key protection | |
| CN102609368B (en) | Solid-state-drive data encryption and decryption method and solid state drive |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120208 |