CN111159780A - Hardware encryption method, hardware decryption method and hardware decryption device - Google Patents
Hardware encryption method, hardware decryption method and hardware decryption device Download PDFInfo
- Publication number
- CN111159780A CN111159780A CN201911398341.8A CN201911398341A CN111159780A CN 111159780 A CN111159780 A CN 111159780A CN 201911398341 A CN201911398341 A CN 201911398341A CN 111159780 A CN111159780 A CN 111159780A
- Authority
- CN
- China
- Prior art keywords
- data
- hardware
- encryption
- decryption
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application is applicable to the technical field of information security, and provides a hardware encryption method, a hardware decryption method and a hardware decryption device, wherein the hardware encryption method comprises the following steps: acquiring data to be encrypted at an application layer, and generating an encryption instruction based on the data to be encrypted; calling a preset hardware encryption interface at the application layer to transmit an encryption instruction to the character equipment of the hardware drive layer; the character device transmits the encryption instruction to the hardware encryption chip and drives the hardware encryption chip to encrypt data to be encrypted based on a first preset encryption algorithm. The encryption operation of the hardware encryption method provided by the application is performed in the hardware encryption chip instead of the CPU, so that the occupancy rate of the data encryption operation on CPU resources is reduced, more CPU resources can be saved by a system to run other processes, and the running efficiency of other processes is improved.
Description
Technical Field
The present application belongs to the technical field of information security, and in particular, relates to a hardware encryption method, a hardware decryption method, and an apparatus thereof.
Background
The rapid development of information technology has prompted the gradual digitization of various types of information, but at the same time, has also increased the risk of data leakage. In order to reduce the risk of data leakage, various data encryption/decryption methods are proposed in the prior art. However, the existing encryption/decryption method usually performs encryption/decryption operations on data through a Central Processing Unit (CPU), that is, the encryption/decryption operations are performed in the CPU, which occupies a large amount of CPU resources and affects the operating efficiency of other processes.
Disclosure of Invention
The embodiment of the application provides a hardware encryption method, a hardware decryption method and a hardware decryption device, and can solve the problem that the encryption/decryption operation corresponding to the existing encryption/decryption method is carried out in a CPU, so that a large amount of CPU resources are occupied, and the running efficiency of other processes is influenced.
In a first aspect, an embodiment of the present application provides a hardware encryption method, including:
acquiring data to be encrypted at an application layer, and generating an encryption instruction based on the data to be encrypted;
calling a preset hardware encryption interface at the application layer to transmit the encryption instruction to character equipment of a hardware drive layer;
and the character equipment transmits the encryption instruction to a hardware encryption chip and drives the hardware encryption chip to encrypt the data to be encrypted based on a first preset encryption algorithm.
Further, the character device transmits the encryption instruction to a hardware encryption chip, and drives the hardware encryption chip to encrypt the data to be encrypted based on a first preset encryption algorithm, including:
the character equipment stores the data to be encrypted in the encryption instruction into a memory of the hardware encryption chip;
and the hardware encryption chip sequentially encrypts the data to be encrypted in the memory based on the first preset encryption algorithm.
Further, the acquiring, at the application layer, data to be encrypted and generating an encryption instruction based on the data to be encrypted includes:
acquiring the data to be encrypted from the object to be encrypted of the application layer;
and if the length of the data to be encrypted is greater than or equal to a preset data length threshold value, generating the encryption instruction based on the data to be encrypted.
Further, after the data to be encrypted is obtained from the object to be encrypted in the application layer, the method further includes:
and if the length of the data to be encrypted is smaller than the preset data length threshold, encrypting the data to be encrypted based on a second preset encryption algorithm.
In a second aspect, an embodiment of the present application further provides a hardware decryption method, including:
acquiring data to be decrypted in an application layer, and generating a decryption instruction based on the data to be decrypted;
calling a preset hardware decryption interface at the application layer to transmit the decryption instruction to character equipment of a hardware drive layer;
and the character equipment transmits the decryption instruction to a hardware decryption chip and drives the hardware decryption chip to decrypt the data to be decrypted based on a first preset decryption algorithm.
Further, the character device transmits the decryption instruction to a hardware encryption chip, and drives the hardware decryption chip to decrypt the data to be decrypted based on a first preset decryption algorithm, including:
the character equipment stores the data to be decrypted in the decryption instruction into a memory of the hardware decryption chip;
and the hardware decryption chip sequentially decrypts the data to be decrypted in the memory based on the first preset decryption algorithm.
Further, the obtaining, at the application layer, data to be decrypted and generating a decryption instruction based on the data to be decrypted includes:
acquiring the data to be decrypted from the object to be decrypted of the application layer;
and if the length of the data to be decrypted is greater than or equal to a preset data length threshold value, generating the decryption instruction based on the data to be decrypted.
Further, after the data to be decrypted is obtained from the object to be decrypted in the application layer, the method further includes:
and if the length of the data to be decrypted is smaller than the preset data length threshold, decrypting the data to be decrypted based on a second preset decryption algorithm.
In a third aspect, an embodiment of the present application provides a hardware encryption apparatus, including:
the processing unit is used for acquiring data to be encrypted at an application layer and generating an encryption instruction based on the data to be encrypted;
the processing unit is also used for calling a preset hardware encryption interface at the application layer to transmit the encryption instruction to the character equipment of the hardware drive layer;
and the character equipment is used for transmitting the encryption instruction to a hardware encryption chip and driving the hardware encryption chip to encrypt the data to be encrypted based on a first preset encryption algorithm.
In a fourth aspect, an embodiment of the present application further provides a hardware decryption apparatus, including:
the processing unit is used for acquiring data to be decrypted in an application layer and generating a decryption instruction based on the data to be decrypted;
the processing unit is also used for calling a preset hardware decryption interface at the application layer to transmit the decryption instruction to the character equipment of the hardware drive layer;
and the character equipment is used for transmitting the decryption instruction to a hardware decryption chip and driving the hardware decryption chip to decrypt the data to be decrypted based on a first preset decryption algorithm.
Compared with the prior art, the embodiment of the application has the advantages that:
according to the hardware encryption method and the hardware decryption method, character equipment is added in an encryption device and a decryption device, data to be encrypted are transmitted to a hardware encryption chip through the character equipment, the data to be decrypted are transmitted to a hardware decryption chip, the hardware encryption chip executes encryption operation on the data to be encrypted, and the hardware decryption chip executes decryption operation on the data to be decrypted. Compared with the existing encryption/decryption technology, the encryption/decryption operation in the embodiment of the application is performed in the hardware encryption/decryption chip instead of the CPU, so that the occupancy rate of the CPU resource by the data encryption operation and the data decryption operation is reduced, the system can save more CPU resources to run other processes, and the running efficiency of other processes is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart of an implementation of a hardware encryption method according to an embodiment of the present application;
fig. 2 is a block diagram of a hardware encryption device according to an embodiment of the present disclosure;
fig. 3 is a flowchart of a specific implementation of S103 in a hardware encryption method according to an embodiment of the present application;
fig. 4 is a flowchart illustrating a specific implementation of S101 in a hardware encryption method according to another embodiment of the present application;
FIG. 5 is a flowchart illustrating an implementation of a hardware encryption method according to yet another embodiment of the present application;
FIG. 6 is a flowchart of an implementation of a hardware decryption method according to an embodiment of the present application;
fig. 7 is a block diagram of a hardware decryption apparatus according to an embodiment of the present application;
fig. 8 is a flowchart illustrating an implementation of S203 in a hardware decryption method according to another embodiment of the present application;
fig. 9 is a flowchart illustrating an implementation of S201 in a hardware decryption method according to another embodiment of the present application;
fig. 10 is a flowchart illustrating an implementation of a hardware decryption method according to another embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
Fig. 1 is a flowchart illustrating an implementation of a hardware encryption method according to an embodiment of the present disclosure, in which an execution main body of the hardware encryption method is a hardware encryption device, and the hardware encryption device may be a terminal device such as a smart phone, a tablet computer, or a desktop computer. Referring to fig. 2, fig. 2 is a block diagram of a hardware encryption device according to the present embodiment, and as shown in fig. 2, the hardware encryption device 100 includes a processing unit 11, a character device 12, and a hardware encryption chip 13. The processing unit 11 is disposed in a hardware layer of the hardware encryption device, and the processing unit 11 may be a CPU, or may be another general-purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The character device 12 is disposed on a hardware driver layer of the hardware encryption apparatus, and the character device is a device that performs transmission in units of characters and is a medium for the processing unit 11 to communicate with the hardware encryption chip 13. The hardware encryption chip 13 is arranged on a hardware layer of the hardware encryption device, and the hardware encryption chip 13 can be a single chip microcomputer or a microcontroller.
The hardware encryption method shown in fig. 1 includes the following steps:
in S101, data to be encrypted is acquired in an application layer, and an encryption instruction is generated based on the data to be encrypted.
In practical applications, when a user needs to encrypt data, for example, certain application data needs to be encrypted, the user may trigger a preset encryption request of the hardware encryption device. For example, a user may trigger the preset encryption request by clicking the preset control, that is, if the hardware encryption device detects that the target user clicks the preset control, the user is considered to have triggered the preset encryption request, and at this time, the processing unit of the hardware encryption device obtains the data to be encrypted in the application layer.
And after the processing unit of the hardware encryption device acquires the data to be encrypted, an encryption instruction is generated based on the data to be encrypted. Namely, the encryption command carries the data to be encrypted.
In S102, a preset hardware encryption interface is called in the application layer to transmit the encrypted instruction to the character device of the hardware driver layer.
In the embodiment of the application, the character equipment is arranged on the driving layer of the hardware encryption device and is independent from the application layer, so that data cannot be directly transmitted between the application layer and the character equipment. Based on the method, a hardware encryption interface can be configured in an encryption library of the application layer in advance, and the hardware encryption interface provides a channel for the application layer to transmit data to the character device. Specifically, the hardware encryption interface may be a set of definitions, programs, and protocols, and the application layer transmits the encryption command to the character device through the programs, the protocols, and the like specified by the hardware encryption interface.
In practical applications, the encryption library may be an open secure Sockets Layer (OpenSSL) implemented by C language, or an ssl (cyassl) encryption library with dual protocols implemented by C language.
In the embodiment of the application, after the processing unit of the hardware encryption device generates the encryption instruction, a preset hardware encryption interface is called at an application layer to transmit the encryption instruction to the character equipment of a hardware drive layer.
In S103, the character device transmits the encryption instruction to a hardware encryption chip, and drives the hardware encryption chip to encrypt the data to be encrypted based on a first preset encryption algorithm.
In the embodiment of the application, after the character device in the hardware encryption device receives the encryption instruction, the data to be encrypted can be extracted from the encryption instruction, the data to be encrypted is transmitted to the hardware encryption chip, and the hardware encryption chip is driven to encrypt the data to be encrypted based on the first preset encryption algorithm.
In practical applications, since the application layer cannot directly access the hardware cryptographic chip, the cryptographic instruction of the application layer needs to be transmitted to the hardware cryptographic chip through the character device. And after the hardware encryption chip receives the encryption instruction, encrypting the data to be encrypted according to a first preset encryption algorithm.
It should be noted that the hardware encryption chip is packaged with a first preset encryption algorithm in advance. The first preset encryption algorithm may be set according to actual needs, and is not limited herein. In an embodiment of the present application, the preset encryption algorithm may be a symmetric encryption algorithm, for example: data Encryption Standard (DES) algorithm. The symmetric encryption algorithm refers to an algorithm using the same key for encryption and decryption, and the key refers to a character string composed of numbers, letters or special symbols.
It can be understood that, in the embodiment of the present application, there may be one piece of data to be encrypted, or there may be at least two pieces of data.
In a possible implementation manner of the present application, when there are at least two pieces of data to be encrypted, S103 may be specifically implemented by S1031 to S1032 shown in fig. 3, which are detailed as follows:
in S1031, the character device stores the data to be encrypted in the encryption instruction into a memory of the hardware encryption chip.
In this embodiment, after the character device of the hardware encryption apparatus receives the encryption instruction, because the to-be-encrypted data in the encryption instruction generally includes at least two pieces of data, and the hardware encryption chip cannot process multiple pieces of to-be-encrypted data at the same time, the character device may store the to-be-encrypted data in the encryption instruction into the memory of the hardware encryption chip.
The Memory of the hardware encryption chip may be a Random Access Memory (RAM) or a Direct Memory Access (DMA).
In this embodiment, the character device may store the data to be encrypted in the memory of the hardware encryption chip according to a first preset sequence.
As an embodiment of the present application, the first preset order may be: the time sequence, that is, the character device can store the data to be encrypted into the memory of the hardware encryption chip according to the sequence of the transmission time.
As another embodiment of the present application, the first preset order may also be: and the encryption priority, namely the character device can sequentially store the data to be encrypted into the memory of the hardware encryption chip from high to low according to the encryption priority.
In S1032, the hardware encryption chip sequentially encrypts the data to be encrypted in the memory based on the first preset encryption algorithm.
In this embodiment, after the character device transmits the data to be encrypted to the hardware encryption chip, the hardware encryption chip may perform the data encryption operation. Specifically, the hardware encryption chip may sequentially obtain the data to be encrypted from the memory thereof, and encrypt the data to be encrypted based on a first preset encryption algorithm pre-packaged by the hardware encryption chip.
In an embodiment of the present application, in combination with S1031, the hardware encryption chip may sequentially obtain data to be encrypted from the memory thereof in an order from high to low based on the encryption priority, and encrypt the data to be encrypted based on a first preset encryption algorithm.
As another embodiment of the present application, after the hardware encryption chip encrypts the data to be encrypted, the encrypted data may be stored in a memory of the hardware encryption chip, and the encrypted data is transmitted to the character device through a controller of the memory, and the character device transmits the encrypted data to the application layer through the hardware encryption interface.
It can be seen from the above that, in the hardware encryption method provided in the embodiment of the present application, the character device is added in the hardware encryption device, the character device transmits the data to be encrypted to the hardware encryption chip, and the hardware encryption chip executes the encryption operation on the data to be encrypted, that is, the encryption operation is not performed in the CPU, so that the occupancy rate of the data encryption operation on the CPU resource is reduced, the system can save more CPU resources to run other processes, and the running efficiency of other processes is improved.
Referring to fig. 4, fig. 4 is a flowchart illustrating an implementation of a hardware encryption method according to another embodiment of the present application. As shown in fig. 4, with respect to the embodiment corresponding to fig. 1, S101 in this embodiment can be specifically implemented by S1011 to S1012, which are detailed as follows:
in S1011, the data to be encrypted is obtained from the object to be encrypted of the application layer.
In this embodiment, when the processing unit of the hardware encryption device detects the preset encryption request, the processing unit may obtain the data to be encrypted from the object to be encrypted in the application layer.
In practical applications, the object to be encrypted may be any application program of the application layer, for example, a payment-type application program or a chat-type application program, and the like, which is not limited herein. Illustratively, when a user needs to encrypt chat data in a certain chat application program, the chat application program is an object to be encrypted, the chat data is data to be encrypted, and the processing unit of the hardware encryption device can acquire the chat data to be encrypted from the chat application program.
It should be noted that, when the length of the data to be encrypted is longer, the encryption performance of the hardware encryption mode is better; when the length of the encrypted data is short, the encryption performance of the software encryption mode is better, so that a preset data length threshold value can be preset in order to determine which encryption mode is used for encrypting the data to be encrypted, wherein the preset data length threshold value is a reference data length value for judging the encryption mode. The preset data length threshold value can be obtained according to actual test tests.
In an embodiment of the present application, after acquiring data to be encrypted, a processing unit of a hardware encryption device compares a length of the data to be encrypted with a preset data length threshold. If the processing unit of the hardware encryption device detects that the length of the data to be encrypted is greater than or equal to the preset data length threshold, S1012 is executed. In another embodiment of the present application, if the processing unit of the hardware encryption device detects that the length of the data to be encrypted is smaller than the preset data length threshold, S1013 in the embodiment corresponding to fig. 5 is executed.
In S1012, if the length of the data to be encrypted is greater than or equal to a preset data length threshold, the encryption instruction is generated based on the data to be encrypted.
In this embodiment, when detecting that the length of the data to be encrypted is greater than or equal to the preset data length threshold, the processing unit of the hardware encryption device generates an encryption instruction based on the data to be encrypted, and then calls a preset hardware encryption interface at the application layer to transmit the encryption instruction to the character device at the hardware driver layer, so that the character device transmits the encryption instruction to the hardware encryption chip, and drives the hardware encryption chip to encrypt the data to be encrypted based on the first preset encryption algorithm.
In another embodiment of the present application, after S1011, the hardware encryption method may further include S1013 shown in fig. 5, which is detailed as follows:
in S1013, if the length of the data to be encrypted is smaller than the preset data length threshold, the data to be encrypted is encrypted based on a second preset encryption algorithm.
It should be noted that, in this embodiment, the second preset encryption algorithm may be stored in the preset encryption library of the application layer in advance. The second preset encryption algorithm may be set according to actual needs, and is not limited herein. As an embodiment of the present application, the second preset encryption algorithm may be a symmetric encryption algorithm, for example: data Encryption Standard (DES) algorithm. The symmetric encryption algorithm refers to an algorithm using the same key for encryption and decryption, and the key refers to a character string composed of numbers, letters or special symbols.
The preset encryption library can be determined according to actual needs, and is not limited herein. For example, the preset encryption library may be an Open Secure Sockets Layer (OpenSSL) implemented by C language, or an ssl (cyassl) encryption library with dual protocols implemented by C language.
In this embodiment, after the processing unit of the hardware encryption device obtains the data to be encrypted, a second preset encryption algorithm may be obtained from a preset encryption library of the application layer.
In this embodiment, when detecting that the length of the data to be encrypted is smaller than the preset data length threshold, the processing unit of the hardware encryption device directly encrypts the data to be encrypted based on the second preset encryption algorithm without generating an encryption instruction, that is, directly encrypts the data to be encrypted at the processing unit.
As can be seen from the above, in the hardware encryption method provided in this embodiment, the length of the data to be encrypted is compared with the preset data length threshold, so as to determine the encryption mode of the data to be encrypted. If the length of the data to be encrypted is greater than or equal to a preset data length threshold value, generating an encryption instruction based on the data to be encrypted, and transmitting the encryption instruction to a hardware encryption chip for encryption; if the length of the data to be encrypted is smaller than the preset data length threshold, the data to be encrypted is directly encrypted in the processing unit, so that the encryption time of the data to be encrypted is greatly shortened, and the encryption efficiency is improved.
Corresponding to the hardware encryption method described in the foregoing embodiments, an embodiment of the present application further provides a hardware encryption apparatus, and fig. 2 shows a block diagram of a hardware encryption apparatus provided in the embodiment of the present application, and for convenience of description, only parts related to the embodiment of the present application are shown.
As shown in fig. 2, the hardware encryption device 100 includes: a processing unit 11, a character device 12 and a hardware encryption chip 13. Wherein:
the processing unit 11 is configured to obtain data to be encrypted at an application layer, and generate an encryption instruction based on the data to be encrypted.
The processing unit 11 is further configured to call a preset hardware encryption interface at the application layer to transmit the encryption instruction to the character device 12 of the hardware driver layer.
The character device 12 is configured to transmit the encryption instruction to the hardware encryption chip 13, and drive the hardware encryption chip 13 to encrypt the data to be encrypted based on a first preset encryption algorithm.
As an embodiment of the present application, the character device 12 specifically includes: and a transmission unit. Wherein:
the transmission unit is used for storing the data to be encrypted into a memory of the hardware encryption chip.
Correspondingly, the hardware encryption chip 13 specifically includes: a first encryption unit. Wherein:
the first encryption unit is used for sequentially encrypting the data to be encrypted in the memory based on the first preset encryption algorithm.
As an embodiment of the present application, the processing unit 11 specifically includes: an acquisition unit and a generation unit. Wherein:
the acquisition unit is used for acquiring the data to be encrypted from the object to be encrypted of the application layer.
The generation unit is used for generating the encryption instruction based on the data to be encrypted if the length of the data to be encrypted is greater than or equal to a preset data length threshold value.
As an embodiment of the present application, the processing unit 11 further includes: and a second encryption unit. Wherein:
the second encryption unit is used for encrypting the data to be encrypted based on a second preset encryption algorithm if the length of the data to be encrypted is smaller than the preset data length threshold.
It can be seen from the above that, in the hardware encryption method provided in the embodiment of the present application, the character device is added in the encryption device, the character device transmits the data to be encrypted to the hardware encryption chip, and the hardware encryption chip performs an encryption operation on the data to be encrypted. Compared with the prior encryption technology, the encryption operation in the embodiment of the application is performed in a hardware encryption chip instead of a CPU, so that the occupancy rate of the data encryption operation on CPU resources is reduced, more CPU resources can be saved by a system to run other processes, and the running efficiency of other processes is improved.
Referring to fig. 6, fig. 6 is a flowchart illustrating an implementation of a hardware decryption method according to an embodiment of the present disclosure. In this embodiment, the main execution body of the hardware decryption method is a hardware decryption device, and the hardware decryption device may be a terminal device such as a smart phone, a tablet computer, or a desktop computer. Referring to fig. 7, fig. 7 is a block diagram of a hardware decryption apparatus according to the present embodiment, and as shown in fig. 7, the hardware decryption apparatus 200 includes a processing unit 21, a character device 22, and a hardware encryption chip 23. The processing unit 21 is disposed in a hardware layer of the hardware decryption device, and the processing unit 21 may be a CPU, or may be another general-purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable gate array (FPGA), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The character device 22 is disposed on a hardware driver layer of the hardware decryption apparatus, and the character device is a device that performs transmission in units of characters and is a medium for the processing unit 21 to communicate with the hardware decryption chip 23. The hardware decryption chip 23 is arranged on a hardware layer of the hardware decryption device, and the hardware decryption chip 23 may be a single chip microcomputer or a microcontroller.
The steps of a hardware decryption method as shown in fig. 6 are as follows:
in S201, data to be decrypted is obtained in the application layer, and a decryption instruction is generated based on the data to be decrypted.
In practical applications, when a user needs to decrypt data, for example, needs to decrypt some application data, the user may trigger a preset decryption request of the hardware decryption device. For example, the user may trigger the preset decryption request by clicking the preset control, that is, if the hardware decryption device detects that the target user clicks the preset control, the user is considered to have triggered the preset decryption request, and at this time, the processing unit of the hardware decryption device obtains the data to be decrypted in the application layer.
And after the processing unit of the hardware decryption device acquires the data to be decrypted, a decryption instruction is generated based on the data to be decrypted. Namely, the decryption instruction carries the data to be encrypted.
In S202, a preset hardware decryption interface is called at the application layer to transmit the decryption instruction to the character device of the hardware driver layer.
In the embodiment of the application, the character device is arranged on the drive layer of the hardware decryption device and is independent from the application layer, so that data cannot be directly transmitted between the application layer and the character device. Based on the method, a hardware decryption interface can be configured in a decryption library of the application layer in advance, and the hardware decryption interface provides a channel for the application layer to transmit data to the character device. Specifically, the hardware decryption interface may be a set of definitions, programs, and protocols, and the application layer transmits the decryption instruction to the character device through the programs, the protocols, and the like specified by the hardware decryption interface.
In practical applications, the decryption library may be an open secure Sockets Layer (OpenSSL) implemented by C language, or an ssl (cyassl) decryption library with dual protocols implemented by C language.
In the embodiment of the application, after the processing unit of the hardware decryption device generates the decryption instruction at the application layer, the processing unit calls the preset hardware decryption interface at the application layer to transmit the decryption instruction to the character device at the hardware driver layer.
In S203, the character device transmits the decryption instruction to a hardware decryption chip, and drives the hardware decryption chip to decrypt the data to be decrypted based on a first preset decryption algorithm.
In the embodiment of the application, after the character device in the hardware decryption device receives the decryption instruction, the data to be decrypted can be extracted from the decryption instruction, the data to be decrypted is transmitted to the hardware decryption chip, and the hardware decryption chip is driven to decrypt the data to be decrypted based on the first preset decryption algorithm.
In practical applications, since the application layer cannot directly access the hardware decryption chip, the data to be decrypted of the application layer needs to be transmitted to the hardware decryption chip through the character device. And after receiving the algorithm of the data to be decrypted, the hardware decryption chip decrypts the data to be decrypted according to the first preset decryption algorithm.
It should be noted that the hardware decryption chip encapsulates the first predetermined decryption algorithm in advance. The first preset decryption algorithm may be set according to actual needs, and is not limited herein.
It is understood that, in the embodiment of the present application, the number of data to be decrypted may be one, or may be at least two.
In a possible implementation manner of the present application, when there are at least two pieces of data to be decrypted, S203 may be specifically implemented by S2031 to S2032 shown in fig. 8, which is detailed as follows:
in S2031, the character device stores the data to be decrypted in the decryption instruction into a memory of the hardware decryption chip.
In this embodiment, after the character device of the hardware decryption apparatus receives the decryption instruction, because the data to be decrypted in the decryption instruction generally includes at least two pieces, and the hardware decryption chip cannot process multiple pieces of data to be decrypted at the same time, the character device may store the data to be decrypted in the memory of the hardware decryption chip.
The Memory of the hardware decryption chip may be a Random Access Memory (RAM) or a Direct Memory Access (DMA).
In this embodiment, the character device may store the data to be decrypted in the memory of the hardware decryption chip according to a first preset sequence.
As an embodiment of the present application, the first preset order may be: the time sequence, that is, the character device can store the data to be decrypted into the memory of the hardware decryption chip according to the sequence of the transmission time.
As another embodiment of the present application, the first preset order may also be: the decryption priority, namely the character device can store the data to be decrypted into the memory of the hardware decryption chip in sequence from high to low according to the decryption priority.
In S2032, the hardware decryption chip sequentially decrypts the data to be decrypted in the memory based on the first preset decryption algorithm.
In this embodiment, after the data to be decrypted is transmitted to the hardware decryption chip by the character device, the hardware decryption chip may perform a data decryption operation. Specifically, the hardware decryption chip may sequentially obtain the data to be decrypted from the memory thereof, and decrypt the data to be decrypted based on a first preset decryption algorithm.
As an embodiment of the present application, in combination with S2031, the hardware decryption chip may sequentially obtain data to be decrypted from the memory thereof in an order from high to low based on the decryption priority, and decrypt the data to be decrypted based on a preset decryption algorithm.
As another embodiment of the present application, after the hardware decryption chip decrypts the data to be decrypted, the decrypted data may be stored in the memory of the hardware decryption chip, and the decrypted data is transmitted to the character device through the controller of the memory, and the character device transmits the decrypted data to the application layer through the hardware decryption interface.
It can be seen from the above that, in the hardware decryption method provided in the embodiment of the present application, the character device is added in the hardware decryption device, the character device transmits the data to be decrypted to the hardware decryption chip, and the hardware decryption chip executes a decryption operation on the data to be decrypted, that is, the decryption operation is not performed in the CPU, so that the occupancy rate of the data decryption operation on the CPU resource is reduced, the system can save more CPU resources to run other processes, and the running efficiency of other processes is improved.
Referring to fig. 9, fig. 9 is a flowchart illustrating an implementation of a hardware decryption method according to another embodiment of the present application. As shown in fig. 9, with respect to the embodiment corresponding to fig. 6, S201 in this embodiment may be specifically implemented by S2011 to S2012, which are detailed as follows:
in S2011, the data to be decrypted is acquired from the object to be decrypted of the application layer.
In this embodiment, when the processing unit of the hardware decryption device detects the preset decryption request, the processing unit may obtain the data to be decrypted from the object to be decrypted in the application layer.
In practical applications, the object to be decrypted may be any application program of the application layer, for example, a payment-type application program or a chat-type application program, and is not limited herein. Illustratively, when a user needs to decrypt chat data in a certain chat application program, the chat application program is an object to be decrypted, the chat data is data to be decrypted, and the processing unit of the hardware decryption device can acquire the chat data to be decrypted from the chat application program.
It should be noted that, when the length of the data to be decrypted is longer, the decryption performance of the hardware decryption mode is better; when the length of the decrypted data is short, the decryption performance of the software decryption mode is better, so that a preset data length threshold value can be preset in order to determine which decryption mode is used for decrypting the data to be decrypted, wherein the preset data length threshold value is a reference data length value for judging the decryption mode. The preset data length threshold value can be obtained according to actual test tests.
In an embodiment of the present application, after acquiring data to be decrypted, a processing unit of a hardware decryption device compares a length of the data to be decrypted with a preset data length threshold. If the processing unit of the hardware decryption device detects that the length of the data to be decrypted is greater than or equal to the preset data length threshold, S2012 is executed. In another embodiment of the present application, if the processing unit of the hardware decryption device detects that the length of the data to be decrypted is smaller than the preset data length threshold, S2013 in the embodiment corresponding to fig. 10 is executed.
In S2012, if the length of the data to be decrypted is greater than or equal to a preset data length threshold, the decryption instruction is generated based on the data to be decrypted.
In this embodiment, when detecting that the length of the data to be decrypted is greater than or equal to the preset data length threshold, the processing unit of the hardware decryption device generates a decryption instruction based on the data to be decrypted, and then calls a preset hardware decryption interface at the application layer to transmit the decryption instruction to the character device at the hardware drive layer, and finally the character device transmits the decryption instruction to the hardware decryption chip and drives the hardware decryption chip to decrypt the data to be decrypted based on the first preset decryption algorithm.
In another embodiment of the present application, after S2011, the hardware decryption method may further include S2013 shown in fig. 10, which is detailed as follows:
in S2013, if the length of the data to be decrypted is smaller than the preset data length threshold, decrypting the data to be decrypted based on a second preset decryption algorithm.
It should be noted that. In this embodiment, the second preset decryption algorithm may be stored in the preset decryption library of the application layer in advance. The second preset decryption algorithm may be set according to actual needs, and is not limited herein. As an embodiment of the present application, the second preset decryption algorithm may be a symmetric decryption algorithm, for example: data Encryption Standard (DES) algorithm. The symmetric decryption algorithm is an algorithm which uses the same key for decryption and decryption, and the key is a character string consisting of numbers, letters or special symbols.
The preset decryption library may be determined according to actual needs, and is not limited herein. For example, the preset decryption library may be an Open Secure Sockets Layer (OpenSSL) implemented by C language, or an ssl (cyassl) decryption library with dual protocols implemented by C language.
In this embodiment, after the processing unit of the hardware decryption device obtains the data to be decrypted, a second preset decryption algorithm may be obtained from a preset decryption library in the application layer.
In this embodiment, when detecting that the length of the data to be decrypted is smaller than the preset data length threshold, the processing unit of the hardware decryption device directly decrypts the data to be decrypted based on the preset decryption algorithm without generating a decryption instruction, that is, directly decrypts the data to be decrypted in the processing unit.
As can be seen from the above, in the hardware decryption method provided in this embodiment, the length of the data to be decrypted is compared with the preset data length threshold, so as to determine the decryption mode of the data to be decrypted. If the length of the data to be decrypted is larger than or equal to the preset data length threshold, generating a decryption instruction based on the data to be decrypted and a preset decryption algorithm, and transmitting the decryption instruction to a hardware decryption chip for decryption; if the length of the data to be decrypted is smaller than the preset data length threshold, the data to be decrypted is directly decrypted in the processing unit, so that the decryption time of the data to be decrypted is greatly shortened, and the decryption efficiency is improved.
Fig. 7 shows a block diagram of a hardware decryption apparatus provided in the embodiment of the present application, and for convenience of description, only the relevant parts of the embodiment of the present application are shown.
As shown in fig. 7, the hardware decryption apparatus 200 includes: a processing unit 21, a character device 22 and a hardware decryption chip 23. Wherein:
the processing unit 21 is configured to obtain data to be decrypted at an application layer, and generate a decryption instruction based on the data to be decrypted.
The processing unit 21 is further configured to call a preset hardware decryption interface at the application layer to transmit the decrypted instruction to the character device 22 of the hardware driver layer.
The character device 22 is configured to transmit the decryption instruction to the hardware decryption chip 23, and drive the hardware decryption chip 23 to decrypt the data to be decrypted based on a first preset decryption algorithm.
As an embodiment of the present application, the character device 22 specifically includes: and a transmission unit. Wherein:
the transmission unit is configured to store the data to be decrypted in the decryption instruction into a memory of the hardware decryption chip 23.
Correspondingly, the hardware decryption chip 23 specifically includes: a first decryption unit. Wherein:
the first decryption unit is used for sequentially decrypting the data to be decrypted in the memory based on the first preset decryption algorithm.
As an embodiment of the present application, the processing unit 21 specifically includes: an acquisition unit and a generation unit. Wherein:
the acquisition unit is used for acquiring the data to be decrypted from the object to be decrypted of the application layer.
The generation unit is used for generating the decryption instruction based on the data to be decrypted if the length of the data to be decrypted is larger than or equal to a preset data length threshold value.
As an embodiment of the present application, the processing unit 21 further includes: a second decryption unit. Wherein:
the second decryption unit is used for decrypting the data to be decrypted based on a second preset decryption algorithm if the length of the data to be decrypted is smaller than the preset data length threshold.
It can be seen from the above that, in the hardware decryption method provided in the embodiment of the present application, the character device is added in the hardware decryption device, the character device transmits the data to be decrypted to the hardware decryption chip, and the hardware decryption chip executes a decryption operation on the data to be decrypted, that is, the decryption operation is not performed in the CPU, so that the occupancy rate of the data decryption operation on the CPU resource is reduced, the system can save more CPU resources to run other processes, and the running efficiency of other processes is improved.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. A hardware encryption method, comprising:
acquiring data to be encrypted at an application layer, and generating an encryption instruction based on the data to be encrypted;
calling a preset hardware encryption interface at the application layer to transmit the encryption instruction to character equipment of a hardware drive layer;
and the character equipment transmits the encryption instruction to a hardware encryption chip and drives the hardware encryption chip to encrypt the data to be encrypted based on a first preset encryption algorithm.
2. The hardware encryption method according to claim 1, wherein the character device transmits the encryption instruction to a hardware encryption chip, and drives the hardware encryption chip to encrypt the data to be encrypted based on a first preset encryption algorithm, and the method comprises:
the character equipment stores the data to be encrypted in the encryption instruction into a memory of the hardware encryption chip;
and the hardware encryption chip sequentially encrypts the data to be encrypted in the memory based on the first preset encryption algorithm.
3. The hardware encryption method according to claim 1, wherein the obtaining data to be encrypted at an application layer and generating an encryption instruction based on the data to be encrypted comprises:
acquiring the data to be encrypted from the object to be encrypted of the application layer;
and if the length of the data to be encrypted is greater than or equal to a preset data length threshold value, generating the encryption instruction based on the data to be encrypted.
4. The hardware encryption method according to claim 3, further comprising, after obtaining the data to be encrypted from the object to be encrypted in the application layer:
and if the length of the data to be encrypted is smaller than the preset data length threshold, encrypting the data to be encrypted based on a second preset encryption algorithm.
5. A hardware decryption method, comprising:
acquiring data to be decrypted in an application layer, and generating a decryption instruction based on the data to be decrypted;
calling a preset hardware decryption interface at the application layer to transmit the decryption instruction to character equipment of a hardware drive layer;
and the character equipment transmits the decryption instruction to a hardware decryption chip and drives the hardware decryption chip to decrypt the data to be decrypted based on a first preset decryption algorithm.
6. The hardware decryption method of claim 5, wherein the character device transmits the decryption instruction to a hardware decryption chip, and drives the hardware decryption chip to decrypt the data to be decrypted based on a first preset decryption algorithm, and the method includes:
the character equipment stores the data to be decrypted in the decryption instruction into a memory of the hardware decryption chip;
and the hardware decryption chip sequentially decrypts the data to be decrypted in the memory based on the first preset decryption algorithm.
7. The hardware decryption method of claim 5, wherein the obtaining data to be decrypted at an application layer and generating a decryption instruction based on the data to be decrypted comprises:
acquiring the data to be decrypted from the object to be decrypted of the application layer;
and if the length of the data to be decrypted is greater than or equal to a preset data length threshold value, generating the decryption instruction based on the data to be decrypted.
8. The hardware decryption method according to claim 7, wherein after obtaining the data to be decrypted from the object to be decrypted in the application layer, the method further comprises:
and if the length of the data to be decrypted is smaller than the preset data length threshold, decrypting the data to be decrypted based on a second preset decryption algorithm.
9. An encryption apparatus, comprising:
the processing unit is used for acquiring data to be encrypted at an application layer and generating an encryption instruction based on the data to be encrypted;
the processing unit is also used for calling a preset hardware encryption interface at the application layer to transmit the encryption instruction to the character equipment of the hardware drive layer;
and the character equipment is used for transmitting the encrypted instruction to a hardware encryption chip and driving the hardware encryption chip to encrypt the data to be encrypted based on a first preset encryption algorithm.
10. A decryption apparatus, comprising:
the processing unit is used for acquiring data to be decrypted in an application layer and generating a decryption instruction based on the data to be decrypted;
the processing unit is also used for calling a preset hardware decryption interface at the application layer to transmit the decryption instruction to the character equipment of the hardware drive layer;
and the character equipment is used for transmitting the decryption instruction to a hardware decryption chip and driving the hardware decryption chip to decrypt the data to be decrypted based on a first preset decryption algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911398341.8A CN111159780A (en) | 2019-12-30 | 2019-12-30 | Hardware encryption method, hardware decryption method and hardware decryption device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911398341.8A CN111159780A (en) | 2019-12-30 | 2019-12-30 | Hardware encryption method, hardware decryption method and hardware decryption device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111159780A true CN111159780A (en) | 2020-05-15 |
Family
ID=70559556
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911398341.8A Pending CN111159780A (en) | 2019-12-30 | 2019-12-30 | Hardware encryption method, hardware decryption method and hardware decryption device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111159780A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113158214A (en) * | 2021-04-30 | 2021-07-23 | 中国银行股份有限公司 | Intelligent encrypted identification method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716166A (en) * | 2013-12-27 | 2014-04-09 | 哈尔滨工业大学深圳研究生院 | Self-adaptation hybrid encryption method and device and encryption communication system |
| CN105574443A (en) * | 2015-05-27 | 2016-05-11 | 上海宇尚信息科技有限公司 | Android system based encryption storage method |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN107634950A (en) * | 2017-09-19 | 2018-01-26 | 重庆大学 | A kind of method that unloading SSL/TLS agreements are designed using pipeline hardware |
-
2019
- 2019-12-30 CN CN201911398341.8A patent/CN111159780A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716166A (en) * | 2013-12-27 | 2014-04-09 | 哈尔滨工业大学深圳研究生院 | Self-adaptation hybrid encryption method and device and encryption communication system |
| CN105574443A (en) * | 2015-05-27 | 2016-05-11 | 上海宇尚信息科技有限公司 | Android system based encryption storage method |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN107634950A (en) * | 2017-09-19 | 2018-01-26 | 重庆大学 | A kind of method that unloading SSL/TLS agreements are designed using pipeline hardware |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113158214A (en) * | 2021-04-30 | 2021-07-23 | 中国银行股份有限公司 | Intelligent encrypted identification method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7657754B2 (en) | Methods and apparatus for the secure handling of data in a microcontroller | |
| CN106529308B (en) | data encryption method and device and mobile terminal | |
| EP3190543A1 (en) | Method of dynamically encrypting fingerprint data and related fingerprint sensor | |
| TWI740399B (en) | Data processing method, device and electronic equipment | |
| US20120079281A1 (en) | Systems and methods for diversification of encryption algorithms and obfuscation symbols, symbol spaces and/or schemas | |
| CN110430446B (en) | Video processing method, device, equipment and computer readable storage medium | |
| CN107786331B (en) | Data processing method, device, system and computer readable storage medium | |
| CN112823503B (en) | Data access method, data access device and mobile terminal | |
| CN108880806A (en) | Encryption and decryption method, chip and readable storage medium storing program for executing | |
| CN109787956B (en) | Data table encryption method and device, computer equipment and storage medium | |
| CN106372497B (en) | Application programming interface API protection method and protection device | |
| CN209803788U (en) | PCIE credible password card | |
| CN110995720B (en) | Encryption method, device, host terminal and encryption chip | |
| CN113872770A (en) | Security verification method, system, electronic device and storage medium | |
| US9571273B2 (en) | Method and system for the accelerated decryption of cryptographically protected user data units | |
| CN112631772A (en) | Cryptographic operation method, processor, device and storage medium | |
| US20020083332A1 (en) | Creation and distribution of a secret value between two devices | |
| CN109711178B (en) | Key value pair storage method, device, equipment and storage medium | |
| CN114528602A (en) | Security chip operation method and device based on attack detection behavior | |
| CN110555303A (en) | Method and device for preventing machine script from being maliciously accessed | |
| CN111159780A (en) | Hardware encryption method, hardware decryption method and hardware decryption device | |
| CN114172719A (en) | Encryption and decryption method, device, equipment and computer readable storage medium | |
| CN109995508B (en) | Encryption and decryption device and method for FPGA code stream | |
| US9461816B2 (en) | Methods, systems and apparatus to reduce processor demands during encryption | |
| US20150058612A1 (en) | Decryption key management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200515 |
|
| RJ01 | Rejection of invention patent application after publication |