CN111400732B - USB channel-based encryption and decryption module and equipment - Google Patents
USB channel-based encryption and decryption module and equipment Download PDFInfo
- Publication number
- CN111400732B CN111400732B CN202010171754.9A CN202010171754A CN111400732B CN 111400732 B CN111400732 B CN 111400732B CN 202010171754 A CN202010171754 A CN 202010171754A CN 111400732 B CN111400732 B CN 111400732B
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- decryption
- module
- usb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an encryption and decryption module and equipment based on a USB channel, which comprises a control unit, an AHB main interface, an AHB slave interface, an encryption algorithm unit, a key cache, an input cache and an output cache, wherein the AHB main interface internally comprises a DMA controller which actively initiates data transmission to read data from an external memory and transmit the encrypted or decrypted data to the external memory; the input buffer is used for storing the data read by the DMA controller from the peripheral memory and transmitting the data to the encryption algorithm unit; the control unit collects data in the input buffer, and is also used for executing configuration information and task allocation of an AHB slave interface; the encryption algorithm unit decrypts or encrypts the received data transmitted by the input buffer memory to generate a key; the invention has the advantages of high safety, high performance, low cost and strong universality.
Description
Technical Field
The invention belongs to the field of information technology safety, and particularly relates to an encryption and decryption module and equipment based on a USB channel.
Background
The USB (Universal Serial Bus) interface has the advantages of easy use, high speed, reliability, easy expansion, low power consumption, and the like, and is widely applied to data storage and transmission. With the increasing information exchange, the mobile storage device based on the USB3.0 interface plays an increasingly important role. However, when the USB storage device is originally designed, security is not considered too much because of the emphasis on convenience. The storage device widely used at present basically does not provide a data security protection function, and data in the storage device is directly stored in a plaintext form.
The wide use of the USB storage equipment brings convenience to people and brings great information safety hidden danger. On one hand, the USB storage equipment has small volume, good portability, uncertain work place and high probability of loss or theft, and once the equipment is lost or held by an illegal visitor, the stored data can be leaked; on the other hand, the USB device becomes an important carrier for spreading viruses and trojans, and seriously threatens the information security of a trusted platform.
With the continuous improvement of awareness of information security, higher requirements are put forward on the security of data stored in the USB device, and a contradiction between the convenience of the USB device and the vulnerability of the storage security thereof needs to be solved urgently.
The existing storage encryption mode mainly comprises the following two modes:
(1) Encrypting software of the upper computer: the scheme is that the read-write operation of the upper layer program on the USB equipment is analyzed through computer software, USB data stream is intercepted, and encryption and decryption of data are completed. Because the operations of password authentication, data encryption and decryption and the like of the scheme are all completed on a computer, key data is easily stolen by illegal molecules, thus having great potential safety hazard, and simultaneously, the storage encryption speed is slow due to the adoption of a software mode.
(2) Encryption in the storage device: the storage encryption of data is realized by arranging an encryption module in the USB storage equipment. The encryption module is realized by a special password chip, an embedded processor or a password SoC, and the encryption algorithm and the secret key are positioned in the USB storage equipment, so that the safety problem of the encryption module is solved. Meanwhile, the USB storage device using the method is a special device, has higher cost, can not provide storage encryption service for common USB devices, and has poorer universality.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention aims to provide an encryption and decryption module and equipment based on a USB channel, and solves the problem that important information is easy to leak due to loss of storage equipment because an encryption algorithm and data in the existing peripheral storage equipment are integrated.
In order to achieve the aim, the invention adopts the technical proposal that,
the utility model provides an encryption and decryption module based on USB passageway, includes the control unit, AHB main interface, AHB from interface, encryption algorithm unit, key buffer memory, input buffer memory and output buffer memory, wherein:
the AHB main interface internally comprises a DMA controller which is used for initiatively initiating data transmission to read data from the peripheral memory and transmitting the encrypted or decrypted data to the peripheral memory;
the input buffer is used for storing the data read by the DMA controller from the peripheral memory and transmitting the data to the encryption algorithm unit;
the control unit collects data input into the cache, and is also used for executing configuration information of an AHB slave interface and performing task allocation;
the encryption algorithm unit is used for decrypting or encrypting the received data transmitted by the input cache to generate a key; the key cache is used for storing the keys generated by the encryption algorithm unit and providing data cache for the DMA controller, and is also used for caching tasks distributed by the control unit;
the output buffer is used for receiving the data transmitted by the key buffer and then transmitting the data transmitted by the key buffer to the peripheral memory.
The invention also provides an encryption and decryption DEVICE based on the USB channel, which comprises a storage encryption module, wherein the storage encryption module comprises a DEVICE controller, an encryption and decryption module as claimed in claim 1 and a HOST controller, the encryption and decryption module is connected between the HOST controller and the DEVICE controller, the HOST controller and the DEVICE controller are used for converting analog serial signals on the USB transmission channel into digital parallel signals to be transmitted to the encryption and decryption module, the HOST controller and the DEVICE controller are used for receiving encrypted or decrypted data of the encryption and decryption module, and the encryption and decryption module is used for encrypting or decrypting the data received by the HOST controller or the DEVICE controller; the DEVICE controller is used for connecting with a peripheral storage, and the HOST controller is used for connecting with a PC.
Further, the DEVICE comprises a first USB transmission protocol module and a first storage DEVICE type protocol module which are sequentially connected between the DEVICE controller and the encryption and decryption module, and a second storage DEVICE type protocol module and a second USB transmission protocol module which are sequentially connected between the HOST controller and the encryption and decryption module, wherein the first USB transmission protocol module and the first storage DEVICE type protocol module are used for realizing communication between the DEVICE controller and the encryption and decryption module; and the second storage device type protocol module and the second USB transmission protocol module are used for realizing the communication between the HOST controller and the encryption and decryption module.
Furthermore, the DEVICE controller, the first USB transmission protocol and the first storage DEVICE type protocol read data in the peripheral memory and transmit the data to the encryption and decryption module for data encryption or decryption, and then the encrypted or decrypted data is transmitted to the PC through the second storage DEVICE type protocol, the second USB transmission protocol and the HOST controller;
the HOST controller, the second USB transmission protocol and the second storage DEVICE type protocol read the data of the PC and transmit the data to the encryption and decryption module for data encryption or decryption, and then the encrypted or decrypted data is transmitted to the peripheral memory through the first storage DEVICE type protocol, the first USB transmission protocol and the DEVICE controller.
Furthermore, the encryption and decryption device is mutually independent of the PC and the peripheral storage device, an interface for connecting a peripheral memory and an interface for connecting the PC are arranged on the encryption and decryption device, and the encryption and decryption device is arranged in the SoC system.
Furthermore, a macro-flow structure is arranged in the SoC system, a main interface of the storage encryption module is connected with the macro-flow structure, the macro-flow structure is connected with a slave interface of the ICM interconnection matrix, the ICM interconnection matrix is in communication connection with the storage structure, and the ICM interconnection matrix is used for realizing data transmission between the storage encryption module and the storage structure.
Furthermore, the macro-pipeline structure includes AHB1, AHB2, and AHB3, the main interface of DEVICE controller connects AHB1, the main interface of encryption/decryption module connects AHB2, and the main interface of HOST controller connects AHB3.
Further, the storage structure comprises a ROM memory, a FLASH memory and an SRAM memory, wherein the ROM memory is used for storing a system boot program, the FLASH memory is used for storing a user program, and the SRAM memory is used for storing temporary data in the program execution process.
Further, the SoC system further includes an AHB4, the slave interface of the DEVICE controller, the slave interface of the encryption and decryption module, and the slave interface of the HOST controller are all connected to the AHB4, and the AHB4 is further connected to the master interface of the CPU and the slave interface of the DMAC;
the main interface of the DMAC is connected with an AHB5, and the AHB5 is also connected with a slave interface of the ICM interconnection matrix;
the ICM interconnection matrix is further connected with an APB, and the APB is used for connecting low-speed equipment in the SoC system.
Compared with the prior art, the invention has at least the following beneficial effects: the encryption and decryption equipment is independent from the PC and the USB storage equipment and is positioned between the PC and the USB storage equipment, so that the leakage of stored data caused by the loss of the USB storage equipment or the holding of the PC and an illegal visitor is avoided, the problem of virus propagation by the USB equipment is solved, and the safety of stored information is ensured. The encryption and decryption equipment is based on a USB transmission protocol and does not depend on a PC operating system and a USB storage equipment hardware structure. The USB interface is suitable for all PCs with USB interfaces and common USB storage equipment, and has strong universality and cost saving. The encryption and decryption equipment is used for providing a storage encryption function for common USB equipment, encrypted ciphertext data after encryption is stored in the USB storage equipment, and an encryption algorithm is stored in the encryption and decryption equipment, so that the separation of the data and the algorithm is realized, the leakage of the cryptographic algorithm cannot be caused by the loss of the equipment, the safety of the equipment is higher, and the encryption equipment is only required to be arranged between a PC (personal computer) and an external memory, so that the great convenience is also realized;
furthermore, the invention adopts a macro pipeline (macro pipelines) technology when designing a bus structure, because one-time data encryption needs to pass through three processes of receiving, encrypting/decrypting and sending, the macro pipeline stage is determined to be three stages, and the three stages of macro pipelines respectively complete three tasks of receiving, encrypting/decrypting and sending data packets. The output result of the former task is stored in the memory and used as the input of the latter task, after the system adopts a macro-assembly line, three stages are mutually independent and only pass through the memory, one data packet only needs to be transmitted in each stage, and for a common bus structure, one data packet needs to be transmitted among three components. Therefore, the processing performance of the system can be greatly improved after the macro pipeline is adopted.
Drawings
FIG. 1 is a schematic diagram of an encryption/decryption module;
FIG. 2 is a schematic diagram of an encryption/decryption apparatus;
FIG. 3 is a schematic diagram of the overall architecture of the SoC system;
FIG. 4 is a diagram of an encryption/decryption device and a storage structure according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an ICM interconnect matrix.
Detailed Description
The present invention will be explained in detail below with reference to the drawings and the detailed description.
The invention provides an encryption and decryption module and equipment based on a USB channel, when a user reads and writes data in a peripheral storage device, the peripheral storage device is preferably the USB storage device, and the data must pass through the USB transmission channel when being transmitted between the USB storage device and a PC. Like the file filter driver, the data flowing through the channel is encrypted and decrypted so as to achieve the purpose of storage encryption. The encryption of the transmission channel is realized through independent encryption and decryption equipment, and after the encryption and decryption equipment passes user verification, the encrypted file is transparently read and written through an upper computer without changing the operation habit of a user.
As shown in fig. 1, an encryption and decryption module based on a USB channel is implemented as an instruction-level reconfigurable cipher special-purpose processor, that is, a processor architecture is adopted in the overall architecture, but a reconfiguration technology is used at the circuit level of a functional unit; the AHB main interface comprises a DMA controller inside, the DMA controller is used for initiatively initiating data transmission, namely data is fetched from an external memory or encrypted data is transmitted to the external memory, the input cache is used for temporarily storing a plaintext or a ciphertext read from the external memory by the DMA controller and transmitting the plaintext or the ciphertext to the encryption algorithm unit, and meanwhile, the control unit collects the data in the input cache; the control unit is also used for executing the configuration information of the AHB slave interface and performing task allocation; the encryption algorithm unit is used for decrypting or encrypting the data transmitted by the input cache to generate a decryption key or an encryption key, the key cache is used for storing the encryption key or the decryption key generated by the encryption algorithm unit and providing a data cache for the DMA controller, and the key cache is also used for caching tasks distributed by the control unit; and transmitting the ciphertext or the plaintext to an output cache, wherein the output cache is used for temporarily storing the ciphertext or the plaintext transmitted by the key cache, and then transmitting the complete ciphertext or the complete plaintext to an external memory.
As shown in fig. 2, an encryption and decryption device based on a USB channel is composed of a hardware part and a software part, the software part is a physical data stream, and the software is responsible for analyzing digital parallel signals according to a certain protocol specification; the USB transfer protocol completes the basic operation of USB device communication, and since the USB transfer protocol itself does not include the standard requirement for the operation of the storage device, it needs to complete the operations such as reading and writing the USB storage device by the host through the storage device type protocol. The DEVICE controller, the first USB transmission protocol and the first storage DEVICE type protocol read data in the peripheral memory and transmit the data to the encryption and decryption module for data encryption or decryption, then the second storage DEVICE type protocol, the second USB transmission protocol and the HOST controller transmit the encrypted or decrypted data to the PC or the HOST controller, the second USB transmission protocol and the second storage DEVICE type protocol read data of the PC and transmit the data to the encryption and decryption module for data encryption or decryption, and then the first storage DEVICE type protocol, the first USB transmission protocol and the DEVICE controller transmit the encrypted or decrypted data to the peripheral memory. The hardware is responsible for converting the analog serial signal on the USB transmission channel into a digital parallel signal that can be recognized by software, while to the outside, the hardware part is a logical data stream, i.e., flowing directly between the DEVICE controller and the HOST controller.
In an embodiment of the present invention, the encryption and decryption apparatus is disposed in an SoC system, and as shown in fig. 3, the following is included with respect to an overall structure of the SoC system:
(1) Macro-flow structure
The invention adopts three buses of AHB1, AHB2 and AHB3 to form a macro-flow structure, AHB4 is a control bus, CPU controls all devices on the bus, AHB5 is a DMAC bus, the bus is responsible for data transmission without a main interface device, the DMAC transmits data to a control unit in an encryption and decryption module, and the APB is a low-speed device bus and is connected with low-speed devices in a system.
(2) Memory structure
The invention uses three memories of ROM, FLASH and SRAM to build the hierarchical structure of the system memory, wherein, ROM is used to store the system bootstrap program, FLASH is used to store the user program, and SRAM is used to store the temporary data in the program execution process. After the SoC system starts working, as shown in fig. 5, the CPU first reads and executes an instruction from the ROM, and after system boot is completed, directly jumps to a user program storage area, and respectively moves part of programs and data in the FLASH to its own instruction Cache and data Cache, and when the CPU executes the program, hits and fails, it needs to search corresponding programs and data from the main memory FLASH, and the storage structure needs less SRAMs, and the SRAMs adopt a distributed structure design, and different functional components access different SRAMs when executing encryption and decryption tasks, so as to avoid that competition is formed at SRAM ports to affect system performance;
(3) Encryption and decryption device
The encryption and decryption device is built in an SoC system, specifically, an SRAM memory in a storage structure of the SoC system includes an SRAM1, an SRAM2, an SRAM3, and an SRAM4, where the SRAM1 is a first storage device class protocol, and the SRAM2 is a second storage device class protocol; in one embodiment of the present invention, as shown in fig. 4 and 5, the interfaces of the DEVICE controller and the HOST controller both use USB3.0 interfaces, when the DEVICE controller is a receiving-level instruction and the HOST controller is a sending-level instruction, the data received by the receiving-level USB3.0 DEVICE controller from the peripheral memory is stored in the SRAM1, the encryption/decryption module encrypts or decrypts the data in the SRAM1, and stores the encrypted or decrypted data in the SRAM2, and the sending-level USB3.0 HOST controller sends the data in the SRAM2 to the PC; since only the write (10) and read (10) commands are used for data transfer in the SCSI command, storage encryption is also only for these two commands. Other commands do not need to be encrypted, the SRAM3 is used for storing relevant information of other commands, at the moment, data of the receiving stage is stored in the SRAM3, the sending stage can directly read the data from the SRAM3, and the three-stage macro pipeline is transformed into the two-stage macro pipeline. Each level in the macro pipeline consists of a corresponding hardware module and a bus, the buses are mutually independent, communication is only carried out through the SRAM, no conflict is generated when data packets are processed in parallel, and the SRAM4 is a temporary data cache region of the system.
(4) Safety protection circuit
The invention relates to a storage encryption SoC chip, belonging to a safety chip, and aiming at ensuring the safety of the storage encryption SoC, the invention designs the following safety protection circuit:
(1) JTAG: the JTAG module is used for managing a JTAG interface, and can close the JTAG through the configuration register, so that a common user cannot change the inside of the chip through the JTAG interface, and the safety of internal information is protected.
(2) And (3) environment detection: the environment detection module is mainly used for detecting the internal frequency, voltage and temperature of the chip, and generates an interrupt request when the internal operation environment of the chip exceeds a normal working range.
(3) The physical noise source: the physical noise source is mainly used for generating random numbers required in the cryptographic operation process, and meanwhile, the physical noise source can be used for generating random power consumption.
(4) CLKM: CLKM is a clock management module, sets a corresponding value of a clock management register, and closes a module clock which is not required to be started at present, thereby reducing the running power consumption of a chip.
(5) System reset module
There are three reset sources in the entire SoC system: the reset module comprises power-on reset logic, external reset and watchdog timing reset (WDT), and the reset module can be used for realizing reliable reset of the SoC system.
The encryption and decryption equipment is independent from the PC and the peripheral storage equipment and is positioned between the PC and the peripheral storage equipment. The encryption and decryption equipment is based on a USB transmission protocol and does not depend on a PC operating system and a hardware structure of an external storage equipment. The method is suitable for all PCs with USB interfaces and peripheral storage equipment with USB interfaces, such as common USB storage equipment; the invention has strong universality and cost saving. The encryption and decryption equipment is used for providing a storage encryption function for common USB equipment, encrypted data after encryption is stored in the USB storage equipment, and an encryption algorithm is stored in the encryption and decryption equipment, so that the separation of the data and the algorithm is realized, the leakage of the cryptographic algorithm cannot be caused by the loss of the equipment, and the safety of the equipment is high.
Further, as shown in fig. 5, in order to achieve both high efficiency and flexibility of SoC system application, in an actual use process, according to a difference in function, an access relationship between the encryption/decryption device and the storage structure is not fixed.
The invention is independent of the storage encryption equipment between the upper computer and the USB storage equipment, can support the storage encryption speed requirement of the USB3.0 equipment, can provide storage encryption service for various USB storage equipment, saves the cost and has good universality. The encryption and decryption processes are automatically completed, the encrypted data are stored in the USB storage device, the encryption algorithm is stored in the encryption device, the separation of the algorithm, the secret key and the data is realized, and the safety is high.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. The utility model provides an encryption and decryption module based on USB passageway which characterized in that, includes the control unit, AHB main interface, AHB from interface, encryption algorithm unit, key buffer memory, input buffer memory and output buffer memory, wherein:
the AHB main interface internally comprises a DMA controller which is used for initiatively initiating data transmission to read data from the peripheral memory and transmitting the encrypted or decrypted data to the peripheral memory;
the input buffer is used for storing the data read by the DMA controller from the peripheral memory and transmitting the data to the encryption algorithm unit;
the control unit collects data input into the cache, and is also used for executing configuration information of an AHB slave interface and performing task allocation;
the encryption algorithm unit is used for decrypting or encrypting the received data transmitted by the input buffer memory to generate a key; the key cache is used for storing the key generated by the encryption algorithm unit and providing data cache for the DMA controller, and is also used for caching tasks distributed by the control unit;
the output buffer is used for receiving the data transmitted by the key buffer and then transmitting the data transmitted by the key buffer to the peripheral memory.
2. An encryption and decryption device based on a USB channel, characterized in that: the DEVICE comprises a storage encryption module, wherein the storage encryption module comprises a DEVICE controller, an encryption and decryption module as claimed in claim 1 and a HOST controller, the encryption and decryption module is connected between the HOST controller and the DEVICE controller, wherein the HOST controller and the DEVICE controller are used for converting analog serial signals on a USB transmission channel into digital parallel signals and transmitting the digital parallel signals to the encryption and decryption module, the DEVICE controller is used for connecting a peripheral memory, reading data of the peripheral memory or sending data to the peripheral memory, and the HOST controller is used for connecting a PC, reading data of the PC or sending data to the PC;
the encryption and decryption module is used for encrypting or decrypting data received from the HOST controller or the DEVICE controller.
3. An encryption and decryption device based on a USB channel according to claim 2, wherein: the DEVICE comprises an DEVICE controller, an encryption and decryption module, a first USB transmission protocol module, a first storage DEVICE type protocol module, a second USB transmission protocol module, a second storage DEVICE type protocol module, a first USB transmission protocol module and a second storage DEVICE type protocol module, wherein the first USB transmission protocol module and the first storage DEVICE type protocol module are sequentially connected between the DEVICE controller and the encryption and decryption module; and the second USB transmission protocol module and the second storage device type protocol module are used for realizing the communication between the HOST controller and the encryption and decryption module.
4. An encryption and decryption device based on a USB channel according to claim 3, wherein: the DEVICE controller, the first USB transmission protocol and the first storage DEVICE type protocol read data in the peripheral memory and transmit the data to the encryption and decryption module for data encryption or decryption, then the second storage DEVICE type protocol, the second USB transmission protocol and the HOST controller transmit the encrypted or decrypted data to the PC or the HOST controller, the second USB transmission protocol and the second storage DEVICE type protocol read PC data and transmit the data to the encryption and decryption module for data encryption or decryption, and then the first storage DEVICE type protocol, the first USB transmission protocol and the DEVICE controller transmit the encrypted or decrypted data to the peripheral memory.
5. An encryption and decryption device based on a USB channel according to claim 2, wherein: the encryption and decryption equipment is mutually independent of the PC and the peripheral storage equipment, an interface used for connecting a peripheral memory and an interface used for connecting the PC are arranged on the encryption and decryption equipment, and the encryption and decryption equipment is arranged in the SoC system.
6. An encryption and decryption device based on a USB channel according to claim 5, wherein: the system comprises an SoC system and is characterized in that a macro-flow structure is arranged in the SoC system, a main interface of a storage encryption module is connected with the macro-flow structure, the macro-flow structure is connected with a slave interface of an ICM interconnection matrix, the ICM interconnection matrix is in communication connection with the storage structure, and the ICM interconnection matrix is used for realizing data transmission between the storage encryption module and the storage structure.
7. An encryption and decryption device based on a USB channel according to claim 6, wherein: the macro flow structure comprises an AHB1, an AHB2 and an AHB3, wherein a main interface of the DEVICE controller is connected with the AHB1, a main interface of the encryption and decryption module is connected with the AHB2, and a main interface of the HOST controller is connected with the AHB3.
8. An encryption and decryption device based on a USB channel according to claim 6, wherein: the storage structure comprises a ROM, a FLASH and an SRAM, wherein the ROM is used for storing a system boot program, the FLASH is used for storing a user program, and the SRAM is used for storing temporary data in the program execution process.
9. The encryption and decryption device based on the USB channel according to claim 6, wherein: the SoC system further comprises an AHB4, wherein a slave interface of the DEVICE controller, a slave interface of the encryption and decryption module and a slave interface of the HOST controller are all connected with the AHB4, and the AHB4 is also connected with a main interface of the CPU and a slave interface of the DMAC;
the main interface of the DMAC is connected with an AHB5, and the AHB5 is also connected with a slave interface of the ICM interconnection matrix;
the ICM interconnection matrix is further connected with an APB, and the APB is used for connecting low-speed equipment in the SoC system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010171754.9A CN111400732B (en) | 2020-03-12 | 2020-03-12 | USB channel-based encryption and decryption module and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010171754.9A CN111400732B (en) | 2020-03-12 | 2020-03-12 | USB channel-based encryption and decryption module and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111400732A CN111400732A (en) | 2020-07-10 |
| CN111400732B true CN111400732B (en) | 2023-03-21 |
Family
ID=71436258
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010171754.9A Active CN111400732B (en) | 2020-03-12 | 2020-03-12 | USB channel-based encryption and decryption module and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111400732B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112329038B (en) * | 2020-11-15 | 2022-10-14 | 珠海一微半导体股份有限公司 | Data encryption control system and chip based on USB interface |
| CN112800451A (en) * | 2021-02-24 | 2021-05-14 | 山东华芯半导体有限公司 | Data dump device based on hardware physical isolation |
| CN112882964B (en) * | 2021-03-04 | 2024-05-24 | 中国航空工业集团公司西安航空计算技术研究所 | High-capacity high-safety storage system supporting multiple interfaces |
| CN113489590A (en) * | 2021-07-20 | 2021-10-08 | 山东方寸微电子科技有限公司 | 4G industrial control module with encryption and decryption functions and data transmission equipment |
| CN113901492A (en) * | 2021-09-06 | 2022-01-07 | 苏州国芯科技股份有限公司 | Data transmission encryption and decryption method, device, system and equipment |
| CN114172733B (en) * | 2021-12-10 | 2024-04-05 | 中科计算技术西部研究院 | Medical sample data encryption transmission method based on pluggable encryption terminal |
| CN114340051B (en) * | 2021-12-24 | 2023-10-24 | 郑州中科集成电路与系统应用研究院 | Portable gateway based on high-speed transmission interface |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101551784B (en) * | 2008-04-02 | 2011-04-13 | 西北工业大学 | Method and device for encrypting data in ATA memory device with USB interface |
| US9224013B2 (en) * | 2012-12-05 | 2015-12-29 | Broadcom Corporation | Secure processing sub-system that is hardware isolated from a peripheral processing sub-system |
| US10691838B2 (en) * | 2014-06-20 | 2020-06-23 | Cypress Semiconductor Corporation | Encryption for XIP and MMIO external memories |
| US10169618B2 (en) * | 2014-06-20 | 2019-01-01 | Cypress Semiconductor Corporation | Encryption method for execute-in-place memories |
-
2020
- 2020-03-12 CN CN202010171754.9A patent/CN111400732B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111400732A (en) | 2020-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111400732B (en) | USB channel-based encryption and decryption module and equipment | |
| US20230110230A1 (en) | Technologies for secure i/o with memory encryption engines | |
| KR102013841B1 (en) | Method of managing key for secure storage of data, and and apparatus there-of | |
| CN106605233B (en) | Providing trusted execution environment using processor | |
| EP3274850B1 (en) | Protecting a memory | |
| CN107408081B (en) | Providing enhanced replay protection for memory | |
| TWI493951B (en) | Systems and methods for protecting symmetric encryption keys | |
| US10289577B2 (en) | System, method and computer-accessible medium for low-overhead security wrapper for memory access control of embedded systems | |
| CN102663326B (en) | SoC-used data security encryption module | |
| US20090259857A1 (en) | System and Method for Efficient Security Domain Translation and Data Transfer | |
| US20080052532A1 (en) | Methods and systems involving secure ram | |
| US8918652B2 (en) | System and method for BIOS and controller communication | |
| CN104160407A (en) | Using storage controller bus interfaces to secure data transfer between storage devices and hosts | |
| CN112329038B (en) | Data encryption control system and chip based on USB interface | |
| WO2006131069A1 (en) | A separate encryption/decryption equipment for plentiful data and a implementing method thereof | |
| WO2019029393A1 (en) | Storage data encryption and decryption device and method | |
| CN115549911B (en) | Encryption and decryption system, method, processor and server | |
| CN108470129A (en) | A kind of data protection special chip | |
| US20200233984A1 (en) | Securing accessory interface | |
| CN109492418A (en) | A kind of safe encrypting and deciphering system of general dsp based on aes algorithm | |
| JP2007310601A (en) | Microcomputer and method for protecting its software | |
| CN108959129B (en) | Embedded system confidentiality protection method based on hardware | |
| CN106548099A (en) | A kind of chip of circuit system safeguard protection | |
| Adnan et al. | Secure boot process for wireless sensor node | |
| CN111699467B (en) | Secure element, data processing apparatus, and data processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |