CN114329361B - Storage device and data reading method - Google Patents
Storage device and data reading method Download PDFInfo
- Publication number
- CN114329361B CN114329361B CN202210200891.XA CN202210200891A CN114329361B CN 114329361 B CN114329361 B CN 114329361B CN 202210200891 A CN202210200891 A CN 202210200891A CN 114329361 B CN114329361 B CN 114329361B
- Authority
- CN
- China
- Prior art keywords
- encryption
- unit
- output
- data
- address information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a storage device and a data reading method. Wherein, the storage device includes: the storage control module and a plurality of storage units; the decoding module is used for reading M pieces of sub data from a target storage unit, and the plurality of storage units comprise the target storage unit; the selective encryption module is connected with the storage control module and is used for acquiring address information corresponding to the M pieces of sub-data from the storage control module respectively, acquiring target address information matched with a preset address in the address information corresponding to the M pieces of sub-data and outputting an encryption control signal corresponding to the target address information; and the encryption output module is used for acquiring the M pieces of sub data from the decoding module, encrypting the sub data corresponding to the target address information when receiving the encryption control signal so as to update the M pieces of sub data, and combining the updated M pieces of sub data into encrypted data to be output. The storage device and the data reading method disclosed by the invention can solve the problem of low data reading safety in the prior art.
Description
Technical Field
The invention belongs to the technical field of data security, and particularly relates to a storage device and a data reading method.
Background
With the advent of the data information age, data security is more and more emphasized. However, when data is acquired at present, data is mostly read out from a memory directly, which makes an attacker easily read program codes in the data, so that an attacker can crack an internal program. Therefore, the security of data readout is low.
Disclosure of Invention
The embodiment of the invention provides a storage device and a data reading method, which can solve the problem of low data reading safety in the prior art.
In a first aspect, a storage device is provided, comprising:
the storage control module and a plurality of storage units;
the decoding module is connected with the storage units and is used for reading M pieces of sub data from a target storage unit, the storage units comprise the target storage unit, M is greater than or equal to 1, and M is an integer;
the selective encryption module is connected with the storage control module and is used for acquiring address information corresponding to the M subdata from the storage control module and acquiring target address information matched with a preset address in the address information corresponding to the M subdata so as to output an encryption control signal corresponding to the target address information;
and the encryption output module is respectively connected with the selective encryption module and the decoding module and is used for acquiring M subdata from the decoding module, encrypting the subdata corresponding to the target address information when the encryption control signal is received so as to update the M subdata, and combining the updated M subdata into encrypted data to be output.
Optionally, the selective encryption module includes:
the address matching unit is connected with the storage control module and is used for receiving the address information corresponding to the M pieces of subdata and outputting a trigger signal when the target address information matched with a preset address is searched from the address information;
and the signal generating unit is connected with the address matching unit and the encryption output module and is used for generating and outputting the encryption control signal when receiving the trigger signal.
Optionally, the encryption output module includes at least M encryption output units, the decoding module includes a decoding unit, and the selective encryption module includes a selective encryption unit;
the decoding unit is used for reading a subdata from the target storage unit;
the encryption output unit is connected with the decoding units in a one-to-one correspondence manner and is used for acquiring one subdata from the decoding units connected in a one-to-one correspondence manner;
the selective encryption unit is connected with the encryption output unit in a one-to-one correspondence manner, and is used for acquiring address information corresponding to the subdata from the storage control module, matching the first target address information with the preset address when the address information corresponding to the subdata comprises the first target address information consistent with the preset address, and sending a first encryption control signal corresponding to the first target address information;
the encryption output unit is further configured to encrypt data corresponding to the first target address information in the obtained one of the sub-data when the first encryption control signal is received, so as to update and output the sub-data.
Optionally, the selective encryption unit includes at least one, and the preset address configured in each selective encryption unit is inconsistent.
Optionally, the encryption output unit comprises an exclusive or gate;
the first input end of the exclusive-OR gate is connected with the decoding unit, the second input end of the exclusive-OR gate is connected with the selective encryption unit, and the output end of the exclusive-OR gate is the output end of the encryption output unit.
Optionally, the encryption output unit includes a multiplexer and an encryption unit;
the first input end of the multiplexer is connected with the decoding unit, the control end of the multiplexer is connected with the selective encryption unit, and the output end of the multiplexer is the output end of the encryption output unit;
the input end of the encryption unit is connected with the decoding unit, and the output end of the encryption unit is connected with the second input end of the multiplexer;
the multiplexer is used for keeping a path from the first input end of the multiplexer to the output end of the multiplexer when the first encryption control signal is not received; maintaining access of the second input of the multiplexer to the output of the multiplexer upon receipt of the first encryption control signal via the control terminal.
Optionally, the encryption output unit includes:
the input end of the first data output unit is connected with the decoding unit, and the control end of the first data output unit is connected with the first output end of the selective encryption unit;
when the selective encryption unit does not output the first encryption control signal, a first output end of the selective encryption unit is valid, and the first data output unit outputs the subdata;
the input end of the encryption unit is connected with the decoding unit;
the input end of the second data output unit is connected with the output end of the encryption unit, and the control end of the second data output unit is connected with the second output end of the selective encryption unit;
when the selective encryption unit outputs the first encryption control signal, a second output end of the selective encryption unit is valid, the second data output unit outputs the encrypted subdata, and the encrypted subdata corresponds to the first target address information.
Optionally, the encryption unit includes:
and the input end of the NOT gate is the input end of the encryption unit, and the output end of the NOT gate is the output end of the encryption unit.
Optionally, the storage device further comprises:
bit lines connected to the plurality of memory cells;
the decoding module is connected with the bit line, and is specifically used for reading M pieces of sub data from the target storage unit through the bit line.
In a second aspect, a data reading method is provided, which is applied to the storage device as in the first aspect, and the method includes:
reading M sub data from the target storage unit through the decoding module;
when the encryption control signal corresponding to the target address information output by the selective encryption module is detected, encrypting the subdata corresponding to the target address information to update M subdata; the encryption control signal is sent when the selective encryption module finds the target address information matched with a preset address from the address information;
and combining the updated M sub-data into encrypted data to be output.
Compared with the prior art, according to the storage device and the data reading method provided by the embodiment of the application, the selective encryption module and the encryption output module are arranged in the storage device, and the selective encryption module can acquire target address information matched with a preset address in the address information corresponding to the M subdata so as to output an encryption control signal corresponding to the target address information; and when the encryption output module receives the encryption control signal, the encryption output module encrypts the subdata corresponding to the target address information in the M subdata acquired from the decoding module, and then the subdata is combined into encrypted data to be output. According to the arrangement, the storage device can selectively encrypt and recombine to output partial sub-data in the data based on the preset address, and the external world is difficult to crack on the basis of not knowing the encryption rule, so that the effect of data reading encryption is achieved, the problem of low data reading safety in the prior art is solved, and the data reading safety is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a prior art memory device during data reading.
FIG. 2 is a functional block diagram of an embodiment of a memory device according to the present application.
FIG. 3 is a functional block diagram of another embodiment of a memory device according to the present application.
FIG. 4 is a functional block diagram of another embodiment of the memory device of the present application.
Fig. 5 is a schematic diagram of an alternative structure of the encryption output unit in fig. 4.
Fig. 6 is a schematic diagram of another alternative structure of the encryption output unit in fig. 4.
Fig. 7 is a schematic diagram of still another alternative structure of the encryption output unit in fig. 4.
FIG. 8 is a flowchart of a method of an embodiment of the present application.
In the drawings:
the device comprises a storage control module 10, a storage unit 20, a target storage unit 21, a decoding module 30, a selective encryption module 40, an address matching unit 41, a signal generating unit 42, a selective encryption unit 43, an encryption output module 50, an encryption output unit 51, a multiplexer 52, an encryption unit 53, a first data output unit 54 and a second data output unit 55.
Detailed Description
Features and exemplary embodiments of various aspects of the present invention will be described in detail below. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention.
It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict. The embodiments will be described in detail below with reference to the accompanying drawings.
With the advent of the age of data information, data storage technology is also developing. The memory is used as a carrier of data storage technology, and the safety of the memory is crucial. The Memory is actually one of sequential logic circuits, and may include at least a Read-Only Memory (ROM) and a Random Access Memory (RAM) according to the type of use.
The reading of the memory, in particular the read-only memory, relies on the decoder obtaining the row and column addresses for the selection of the corresponding data. Referring to fig. 1, after row decoding is performed according to a row address, a corresponding Word Line (WL) is turned on, and memory cells connected to the corresponding Word Line can be activated to communicate the memory cells with bit lines. The column address is used for enabling the decoder to perform column decoding so as to read subdata from the connected storage units, and all the read subdata can form data with the specified bit width.
However, in the process of reading data from the memory, the reading circuit mostly reads data directly after performing regular row-column decoding on the memory cells of the memory, and the memory cells are regularly arranged in an array. The regular arrangement and the direct data reading mode are easy for an attacker to extract the inherent instruction codes, so that the internal program of the device where the memory is located is cracked.
In order to solve the technical problem that the structure and the data reading mode of the memory are easy to be attacked and cracked by an attacker in the prior art, the high and low bits of the row and column address are exchanged in a common mode to adjust the normal sequence of the row and the column, but the mode still can easily analyze and obtain the instruction codes stored in the row and column address from the integrated circuit layout of the memory, so that the data reading of the existing memory still has great potential safety hazard and the data reading safety is low.
To solve this problem, the present application proposes a storage device, which may be at least one of a read only memory and a random access memory, for example. Fig. 2 is a schematic functional block diagram of a memory device according to a preferred embodiment of the present application. The storage device may include:
a memory control module 10 and a plurality of memory units 20.
A decoding module 30, wherein the decoding module 30 can be connected to a plurality of memory units 20. The decoding module 30 can be used to read M sub-data from the target memory cell 21, where the plurality of memory cells 20 includes the target memory cell 21, M ≧ 1, M is an integer, and M denotes a data bit width of the read data.
A selective encryption module 40, the selective encryption module 40 being connectable to the storage control module 10. The selective encryption module 40 may be configured to obtain address information corresponding to the M pieces of sub data from the storage control module 10, and obtain target address information that matches a preset address in the address information corresponding to the M pieces of sub data, so as to output an encryption control signal corresponding to the target address information.
And an encryption output module 50 respectively connected to the selective encryption module 40 and the decoding module 30, wherein the encryption output module 50 may be configured to obtain M pieces of sub data from the decoding module 30, encrypt the sub data corresponding to the target address information when receiving the encryption control signal, so as to update the M pieces of sub data, and combine the updated M pieces of sub data into encrypted data to be output.
In the embodiment of the application, the selective encryption module 40 and the encryption output module 50 are arranged in the storage device, and the selective encryption module 40 can acquire target address information matched with a preset address from the address information corresponding to the M pieces of sub-data so as to output an encryption control signal corresponding to the target address information; further, the encryption output module 50 can encrypt the sub-data corresponding to the destination address information among the M sub-data obtained from the decoding module 30 when receiving the encryption control signal, and then combine the sub-data into the encrypted data for output. According to the arrangement, the storage device can selectively encrypt and recombine to output partial sub-data in the data based on the preset address, and the external world is difficult to crack on the basis of not knowing the encryption rule, so that the effect of data reading encryption is achieved, the problem of low data reading safety in the prior art is solved, and the data reading safety is improved.
In addition, selective read-out encryption can be realized without replacing the storage device with an OTP (One Time Programmable) memory or a FLASH memory, so that the cost is saved.
Referring to fig. 2, the storage control module 10 may be a storage control chip in a memory, and the storage control module 10 may store address information, which includes a plurality of row and column address information, where each row and column address information corresponds to one piece of sub data. The row and column address information in turn includes a row address and a column address.
A plurality of memory cells 20 may be arranged in an array, and each memory cell 20 is composed of binary bits, which can represent one sub data stored in the memory cell 20, and the sub data may be a data code.
The decoding module 30 has a row decoding function and a column decoding function, and can select the target storage unit 21 by row-column address decoding according to the address information, and further extract the sub-data stored in the target storage unit 21 to obtain M sub-data.
The M pieces of sub data are sub data read by the decoding module 30 from the target storage unit 21 in the storage unit 20. When the decoding module 30 reads the sub-data from the target memory cell 21 by using the plurality of row and column address information, one row of memory cells 20 in the array formed by the memory cells 20 is activated each time according to the row address, and the activated row of memory cells 20 is again the plurality of columns of memory cells 20 corresponding to the column direction. The target memory cell 21 may be selected from the plurality of columns of memory cells 20 according to the column address.
The positions of the memory cells 20 where the required data are located can be determined by the row and column address information, and the memory cells 20 at these positions are the target memory cells 21.
In an alternative example, the memory device may further include a plurality of bit lines and word lines, and the decoding module 30 may be connected to the plurality of memory cells 20 through the bit lines and the word lines.
When the memory device needs to read data, the memory control chip (i.e. the memory control module 10) may transmit the row and column address information of the data to the decoding module 30, and the decoding module 30 may decode the row address information therein to generate a row address control signal. Each row address control signal may include an active enable signal capable of controlling a word line corresponding to the active enable signal to be enabled, such that the memory cell 20 connected to the corresponding enabled word line is activated.
Then, the decoding module 30 can select the bit line corresponding to the column address information to turn on the corresponding bit line. In the present application, there are M open bit lines, and M sub-data can be extracted from the corresponding decoding module 30 through the open bit lines.
The selective encryption module 40 may also be connected to the storage control module 10, and the selective encryption module 40 may obtain address information corresponding to the M sub-data from the address information, and further select a part of the sub-data in the M sub-data based on matching between the address information and a preset address, and encrypt the part of the sub-data by the encryption output module 50; and the other part of the sub data can not be encrypted.
After a part of the M sub-data is encrypted, the unprocessed sub-data and the encrypted sub-data can be combined together to obtain all updated sub-data, and then the updated sub-data is integrated into the encrypted data to be output integrally.
By the arrangement, a set of selective encryption scheme is provided for data output of the memory, so that part of sub-data corresponding to the preset address in the encrypted data can be encrypted, the encryption rule can not be obtained through direct analysis by the outside according to the integrated circuit layout, the data can not be cracked, and the safety of data reading is improved.
In an alternative example, referring to fig. 2 and 3 together, the selective encryption module 40 may include: the address matching unit 41 is connected to the storage control module 10, and the address matching unit 41 may be configured to receive address information corresponding to the M pieces of sub data, and output a trigger signal when target address information matching a preset address is found from the address information.
And the signal generating unit 42 is connected with the address matching unit 41 and the encryption output module 50. The signal generating unit 42 is configured to generate and output an encryption control signal when receiving the trigger signal.
The address matching unit 41 is pre-stored with a preset address, and the preset address may be single or multiple. The process of the address matching unit 41 finding the target address information matched with the preset address from the address information may be: searching address information consistent with a preset address from the address information; the consistent address information is the target address information.
Illustratively, the preset addresses stored in the address matching unit 41 are 0x3, 0x5 and 0x8, and in the data reading process, when the address information corresponding to the sub-data is not 0x3, 0x5 or 0x8, the sub-data is directly output. When the address information corresponding to the sub-data is any one of 0x3, 0x5, and 0x8, the address information of the sub-data is the target address information, and the signal generating unit 42 may output the encryption control signal corresponding to the target address information to the encryption output module 50.
The above example divides the selective encryption module 40 into two units, namely, an address matching unit 41 and a signal generation unit 42, according to functions, and both of the two units may be configured by a combination of logic circuits as long as the corresponding functions thereof can be realized, and the specific configuration thereof is not limited herein.
Wherein, the encryption control signal output by the signal generating unit 42 may be an active level, such as a high level; the invalid level may be maintained upon determining that certain sub data does not require encryption. The signal generating unit 42 may be, for example, a not gate, wherein an input terminal of the not gate is connected to the address matching unit 41, and an output terminal of the not gate is connected to a port of the encryption output module 50 for receiving the encryption control signal.
Referring to fig. 4 in conjunction with fig. 2 and fig. 3, the encryption output module 50 includes an encryption output unit 51, the decoding module 30 includes a decoding unit 31, and the selective encryption module 40 includes a selective encryption unit 43; a decoding unit 31, the decoding unit 31 can be used to read a sub data from the target storage unit 21.
The encryption output unit 51 is connected to the decoding units 31 in a one-to-one correspondence, and the encryption output unit 51 may be configured to obtain one piece of sub-data from the decoding units 31 connected in a one-to-one correspondence.
In this example, the encryption output module 50 and the decoding module 30 are correspondingly split into the encryption output unit 51 and the decoding unit 31, the encryption output unit 51 and the decoding unit 31 are connected in a one-to-one correspondence, and each of the encryption output unit 51 and the decoding unit 31 has at least M.
Each decoding unit 31 may be correspondingly connected to a column of memory cells 20, and may read one sub data from the target memory cell 21 of the column of memory cells 20 by a column address. After reading one piece of sub-data, each decoding unit 31 may input the read sub-data to the encryption output units 51 connected in one-to-one correspondence.
The encryption output unit 51 may be connected to one of the selective encryption units 43 in the selective encryption module 40, in addition to the decoding unit 31. The connected selective encryption unit 43 may be configured to obtain address information corresponding to one piece of sub-data obtained by the decoding unit 31 from the storage control module 10, and when the address information of the sub-data includes first target address information consistent with a preset address, the first target address information matches the preset address, and the encryption output unit 51 may send a first encryption control signal corresponding to the first target address information to the encryption output unit 51.
The encryption output unit 51 may encrypt the sub-data corresponding to the first destination address information upon receiving the encryption control signal output by the connected selective encryption unit 43; and the subdata which is not the first target address information is directly output, the subdata is updated, and finally the M updated subdata are combined into encrypted data.
Still referring to the preset addresses 0x3, 0x5, and 0x8 stored in the address matching unit 41, the sub-data with the address information of 0x3, 0x5, and 0x8 may be inverted and output by the encryption output unit 51 according to the encryption control signal generated by the signal generating unit 42. On the other hand, in the case of sub-data whose address information is not 0x3, 0x5, or 0x8, the encryption output unit 51 outputs the sub-data as it is.
The selective encryption unit 43 may include at least one, and when two or more selective encryption units 43 are included, the preset addresses configured in each selective encryption unit 43 are not consistent, and the encryption output unit 51 may be connected to one of the selective encryption units 43.
The selective encryption unit 43 includes two kinds of preset addresses, i.e., 0x3, 0x5, and 0x8, which are configured in the first selective encryption unit, and 0x4, 0x5, and 0x7, which are configured in the second selective encryption unit.
When the first encryption output unit connected with the first selective encryption unit acquires the first sub-data, if the address information of the first sub-data is any one of 0x3, 0x5 and 0x8, the first encryption output unit inverts the first sub-data and outputs the inverted first sub-data, and the first sub-data of the rest address information is directly output.
When the second encryption output unit connected with the second selective encryption unit acquires the second sub-data, if the address information of the second sub-data is any one of 0x4, 0x5 and 0x7, the second encryption output unit inverts the second sub-data and outputs the inverted second sub-data, and the second sub-data of the rest address information is directly output.
By arranging the multiple selective encryption units 43 comprising different preset addresses, different address information can be selected to trigger the encryption of the subdata according to different data bits, the randomness of the subdata encryption is increased, the probability of the subdata encryption can be improved, the data security is further improved, and the method is particularly suitable for the condition that the bit width of the output data is wide.
In these examples, by setting the connection structure of the encryption output unit 51, the decode unit 31, and the selective encryption unit 43, a refined selective encryption output manner for each set of sub-data is given.
It should be noted that the configuration of the encryption output unit 51 may be set according to actual needs, and may be one of the following configurations.
Referring to fig. 5, in an alternative example, the encryption output unit 51 includes an exclusive or gate; a first input terminal of the xor gate is connected to the decoding unit 31, a second input terminal of the xor gate is connected to the selective encryption unit 43, and an output terminal of the xor gate is an output terminal of the encryption output unit 51. The second input terminal of the xor gate determines whether to perform the inverse encryption according to whether the selective encryption unit 43 outputs the encryption control signal.
Illustratively, the second input terminal of the exclusive or gate inputs an active level of [1], which is the encryption control signal. When the subdata received by the first input end of the exclusive-or gate is [1], the exclusive-or result output by the exclusive-or gate is [0 ]; when the subdata received by the first input end of the exclusive-or gate is [0], the exclusive-or result output by the exclusive-or gate is [1 ].
When the sub-data received by the first input terminal of the xor gate is [1] and the second input terminal of the xor gate is [0], the xor result output by the xor gate (i.e., the output result of the encryption output unit 51) is [1 ]. When the sub data received by the first input terminal of the xor gate is [0] and the second input terminal of the xor gate is [0], the xor result output by the xor gate, that is, the output result of the encryption output unit 51 is [0 ].
Referring to fig. 6, in another alternative example, the encryption output unit 51 includes a multiplexer 52 and an encryption unit 53.
A first input terminal of the multiplexer 52 is connected to the decoding unit 31, a control terminal of the multiplexer 52 is connected to the selective encryption unit 43, and an output terminal of the multiplexer 52 is an output terminal of the encryption output unit 51.
And an encryption unit 53, wherein the input end of the encryption unit 53 is connected with the decoding unit 31, and the output end of the encryption unit 53 is connected with the second input end of the multiplexer 52.
A multiplexer 52 for maintaining a path from a first input terminal of the multiplexer 52 to an output terminal of the multiplexer 52 when the encryption control signal is not received; the second input of the multiplexer 52 is kept path to the output of the multiplexer 52 upon receipt of the encryption control signal via the control terminal.
The structure of the encryption unit 53 may be configured as a logic circuit according to actual needs, and may be, for example, a not gate, where an input end of the not gate is an input end of the encryption unit 53, and an output end of the not gate is an output end of the encryption unit 53.
It will be appreciated that in this example, the multiplexer 52 makes an enable control to determine which path from the input to the output to maintain, depending on whether the control terminal receives the encryption control signal from the selective encryption unit 43.
The sub-data accessed by the second input terminal of the multiplexer 52 is accessed to the encryption unit 53 similar to a not gate after passing through the decoding unit 31, and the sub-data output by the decoding unit 31 can be encrypted, so that the encrypted sub-data is output by the encryption output unit 51 when the multiplexer 52 maintains a path from the second input terminal to the output terminal.
The sub-data accessed by the first input terminal of the multiplexer 52 directly comes from the decoding unit 31, so when the first input terminal of the multiplexer 52 is connected to the output terminal of the multiplexer 52, the sub-data directly read by the decoding unit 31 is output by the encryption output unit 51.
Referring to fig. 7, in yet another alternative example, the encryption output unit 51 may include:
and a first data output unit 54, wherein an input end of the first data output unit 54 is connected with the decoding unit 31, and a control end of the first data output unit 54 is connected with a first output end of the selective encryption unit 43. When the selective encryption unit 43 does not output the encryption control signal, the first output terminal of the selective encryption unit 43 is enabled, and the first data output unit 54 outputs the acquired sub-data.
And the input end of the encryption unit 53 is connected with the decoding unit 31.
And a second data output unit 55, wherein an input end of the second data output unit 55 is connected with the output end of the encryption unit 53, a control end of the second data output unit 55 is connected with a second output end of the selective encryption unit 43, and an output end of the second data output unit 55 is connected with an output end of the first data output unit 54. When the selective encryption unit 43 outputs the encryption control signal, the second output terminal of the selective encryption unit 43 is enabled, and the second data output unit 55 outputs the encrypted sub-data.
It should be noted that the encryption unit 53 in this example may also be configured similarly to the encryption unit in the previous example, which is not described herein again as long as the function of encrypting the sub data can be implemented.
This example is also similar to the arrangement of the multiplexer 52 described above, and is mainly different in that two data output units are provided for outputting encrypted sub-data and unencrypted sub-data, respectively, and each data output unit is controlled by a signal output from one output terminal of the selective encryption unit 43.
Specifically, the first output terminal and the second output terminal of the selective encryption unit 43 may output opposite control signals to control the first data output unit 54 or the second data output unit 55 to output the sub-data. When the first output terminal of the selective encryption unit 43 is enabled, the first data output unit 54 outputs the sub data directly obtained from the decoding unit 31. When the second output terminal of the selective encryption unit 43 is enabled, the second data output unit 55 functions to output the sub data encrypted by the encryption unit 53.
In these examples, through the optional structural design of the encryption output unit 51, a hardware implementation scheme is provided for flexible encryption output of the sub-data corresponding to each address information, which helps to improve the security of data reading of the storage device.
On the basis of providing the above-mentioned storage device structure, the present application also provides a data reading method, please refer to fig. 8, the method includes:
s810, reading M pieces of sub data from a target storage unit through a decoding module;
s820, when an encryption control signal corresponding to the target address information output by the selective encryption module is detected, encrypting the subdata corresponding to the target address information to update M subdata; the encryption control signal is sent when the encryption module is selected to search the target address information matched with the preset address from the address information;
and S830, combining the updated M sub-data into encrypted data and outputting the encrypted data.
In the embodiment of the application, the selective encryption module outputs the encryption control signal corresponding to the target address information; and then the encryption output module can encrypt the subdata corresponding to the target address information in the M subdata acquired from the decoding module when receiving the encryption control signal, and then the subdata is combined into encrypted data to be output. The encryption control signal is sent when the encryption module is selected to search the target address information matched with the preset address from the address information corresponding to the subdata. According to the arrangement, the storage device can selectively encrypt and recombine to output partial sub-data in the data based on the preset address when the data are read out, and the external world is difficult to crack on the basis of not knowing the encryption rule, so that the effect of data reading encryption is achieved, the problem of low data reading safety in the prior art is solved, and the data reading safety is improved.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
It should be understood that in the present embodiment, "B corresponding to a" means that B is associated with a, from which B can be determined. It should also be understood that determining B from a does not mean determining B from a alone, but may be determined from a and/or other information.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A memory device, comprising:
the storage control module and a plurality of storage units;
the decoding module is connected with the storage units and is used for reading M pieces of sub data from a target storage unit, the storage units comprise the target storage unit, M is greater than or equal to 1, and M is an integer;
the selective encryption module is connected with the storage control module and is used for acquiring address information corresponding to the M subdata from the storage control module and acquiring target address information matched with a preset address in the address information corresponding to the M subdata so as to output an encryption control signal corresponding to the target address information;
and the encryption output module is respectively connected with the selective encryption module and the decoding module and is used for acquiring M subdata from the decoding module, encrypting the subdata corresponding to the target address information when the encryption control signal is received so as to update the M subdata, and combining the updated M subdata into encrypted data to be output.
2. The storage device of claim 1, wherein the selective encryption module comprises:
the address matching unit is connected with the storage control module and is used for receiving the address information corresponding to the M pieces of subdata and outputting a trigger signal when the target address information matched with a preset address is searched from the address information;
and the signal generating unit is connected with the address matching unit and the encryption output module and is used for generating and outputting the encryption control signal when receiving the trigger signal.
3. The storage device according to claim 1, wherein the encryption output module comprises at least M encryption output units, the decryption module comprises a decryption unit, and the selective encryption module comprises a selective encryption unit;
the decoding unit is used for reading a subdata from the target storage unit;
the encryption output unit is connected with the decoding units in a one-to-one correspondence manner and is used for acquiring one subdata from the decoding units connected in a one-to-one correspondence manner;
the selective encryption unit is connected with the encryption output unit in a one-to-one correspondence manner, and is used for acquiring address information corresponding to the subdata from the storage control module, matching the first target address information with the preset address when the address information corresponding to the subdata comprises the first target address information consistent with the preset address, and sending a first encryption control signal corresponding to the first target address information;
the encryption output unit is further configured to encrypt data corresponding to the first target address information in the obtained one of the sub-data when the first encryption control signal is received, so as to update and output the sub-data.
4. The storage device according to claim 3, wherein the selective encryption unit includes at least one, and the preset address configured in each selective encryption unit is not consistent.
5. The storage device according to claim 3, wherein the encryption output unit includes an exclusive or gate;
the first input end of the exclusive-or gate is connected with the decoding unit, the second input end of the exclusive-or gate is connected with the selective encryption unit, and the output end of the exclusive-or gate is the output end of the encryption output unit.
6. The storage device according to claim 3, wherein the encryption output unit includes a multiplexer and an encryption unit;
the first input end of the multiplexer is connected with the decoding unit, the control end of the multiplexer is connected with the selective encryption unit, and the output end of the multiplexer is the output end of the encryption output unit;
the input end of the encryption unit is connected with the decoding unit, and the output end of the encryption unit is connected with the second input end of the multiplexer;
the multiplexer is used for keeping a path from the first input end of the multiplexer to the output end of the multiplexer when the first encryption control signal is not received; maintaining access of the second input of the multiplexer to the output of the multiplexer upon receipt of the first encryption control signal via the control terminal.
7. The storage device according to claim 3, wherein the encryption output unit includes:
the input end of the first data output unit is connected with the decoding unit, and the control end of the first data output unit is connected with the first output end of the selective encryption unit;
when the selective encryption unit does not output the first encryption control signal, a first output end of the selective encryption unit is valid, and the first data output unit outputs the subdata;
the input end of the encryption unit is connected with the decoding unit;
the input end of the second data output unit is connected with the output end of the encryption unit, and the control end of the second data output unit is connected with the second output end of the selective encryption unit;
when the selective encryption unit outputs the first encryption control signal, a second output end of the selective encryption unit is valid, the second data output unit outputs the encrypted subdata, and the encrypted subdata corresponds to the first target address information.
8. The storage device according to claim 6 or 7, wherein the encryption unit includes:
and the input end of the NOT gate is the input end of the encryption unit, and the output end of the NOT gate is the output end of the encryption unit.
9. The storage device of claim 1, further comprising;
bit lines connected to the plurality of memory cells;
the decoding module is connected with the bit line, and is specifically used for reading M pieces of sub data from the target storage unit through the bit line.
10. A data reading method applied to the memory device according to any one of claims 1 to 9, the method comprising:
reading M sub data from the target storage unit through the decoding module;
when the encryption control signal corresponding to the target address information output by the selective encryption module is detected, encrypting the subdata corresponding to the target address information to update M subdata; the encryption control signal is sent when the selective encryption module finds the target address information matched with a preset address from the address information;
and combining the updated M sub-data into encrypted data to be output.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210200891.XA CN114329361B (en) | 2022-03-03 | 2022-03-03 | Storage device and data reading method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210200891.XA CN114329361B (en) | 2022-03-03 | 2022-03-03 | Storage device and data reading method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114329361A CN114329361A (en) | 2022-04-12 |
| CN114329361B true CN114329361B (en) | 2022-05-27 |
Family
ID=81030653
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210200891.XA Active CN114329361B (en) | 2022-03-03 | 2022-03-03 | Storage device and data reading method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114329361B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101211319A (en) * | 2006-12-31 | 2008-07-02 | 深圳市朗科科技有限公司 | Program file protection method for memory and protection device |
| CN105279439A (en) * | 2014-06-20 | 2016-01-27 | 赛普拉斯半导体公司 | Encryption method for execute-in-place memories |
| JP2019205031A (en) * | 2018-05-22 | 2019-11-28 | 東芝メモリ株式会社 | Memory system and control method |
| CN113193950A (en) * | 2021-07-01 | 2021-07-30 | 广东省新一代通信与网络创新研究院 | Data encryption method, data decryption method and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070067644A1 (en) * | 2005-08-26 | 2007-03-22 | International Business Machines Corporation | Memory control unit implementing a rotating-key encryption algorithm |
| GB2489405B (en) * | 2011-03-22 | 2018-03-07 | Advanced Risc Mach Ltd | Encrypting and storing confidential data |
-
2022
- 2022-03-03 CN CN202210200891.XA patent/CN114329361B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101211319A (en) * | 2006-12-31 | 2008-07-02 | 深圳市朗科科技有限公司 | Program file protection method for memory and protection device |
| CN105279439A (en) * | 2014-06-20 | 2016-01-27 | 赛普拉斯半导体公司 | Encryption method for execute-in-place memories |
| JP2019205031A (en) * | 2018-05-22 | 2019-11-28 | 東芝メモリ株式会社 | Memory system and control method |
| CN113193950A (en) * | 2021-07-01 | 2021-07-30 | 广东省新一代通信与网络创新研究院 | Data encryption method, data decryption method and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114329361A (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109558339B (en) | Security system and method for operating a security system | |
| US7092400B2 (en) | Method of transmitting data through a data bus | |
| CN101149709B (en) | Encryption processor of memory card and method for writing and reading data using the same | |
| US5008935A (en) | Efficient method for encrypting superblocks of data | |
| US20030105967A1 (en) | Apparatus for encrypting data and method thereof | |
| US11089018B2 (en) | Global unique device identification code distribution method | |
| US20070172053A1 (en) | Method and system for microprocessor data security | |
| US20080062803A1 (en) | System and method for encrypting data | |
| WO2009042482A2 (en) | Systems and methods for hardware key encryption | |
| CN101116081A (en) | Method and system for microprocessor data security | |
| US11899942B2 (en) | Memory systems and devices including examples of accessing memory and generating access codes using an authenticated stream cipher | |
| US20050138403A1 (en) | Data encryption in a symmetric multiprocessor electronic apparatus | |
| CN116648688A (en) | Memory system and apparatus including an instance of generating access codes for memory regions using authentication logic | |
| CN114329361B (en) | Storage device and data reading method | |
| CN112887077A (en) | Random cache security method and circuit for SSD (solid State disk) master control chip | |
| US11050575B2 (en) | Entanglement and recall system using physically unclonable function technology | |
| US11244078B2 (en) | Side channel attack protection | |
| US7769166B2 (en) | Dual mode AES implementation to support single and multiple AES operations | |
| US11050569B2 (en) | Security memory scheme | |
| US4488001A (en) | Intellectual properties protection device | |
| CN213876729U (en) | Random cache secret circuit of SSD main control chip | |
| JP2000181802A (en) | Semiconductor storage device | |
| US11403235B2 (en) | Memory and memory system | |
| JP4323527B2 (en) | Semiconductor memory device | |
| US20100229006A1 (en) | Memory for Protecting Data, Memory System Including the Memory, and Method of Driving the Memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |