The content of the invention
The invention provides a kind of method of internal storage data encryption and decryption, solves caused by encryption key keeps constant and dislikes
The problem of meaning attack.
The present invention provides a kind of method of internal storage data encryption and decryption, and methods described includes:
S1, processor module send key updating and asked to encrypting module, and the encrypting module produces newly after receiving request
Key;
S2, to each encrypted page in internal memory, encrypting module is with old key to corresponding page
Data deciphering, and using the new key respectively to the page data re-encrypted after each decryption.
Wherein, also include before step S1:Operating system check processor module current state, if the processor die
Block is busy then directly to be exited;
If processor module is in idle condition, operating system is hung up, does not receive the input of any other process
Output operation, and perform above-mentioned steps S1 and S2.
In addition, after above-mentioned steps successful execution, operating system returns to " success ";If the wrong appearance of above-mentioned steps, behaviour
Make system to return to " mistake " and terminate renewal process.
Wherein, step S1 also include encrypting module by new key preserve register into random access memory controller module or its in
In portion EEPROM.
Wherein, processor module realizes that sending key updating asks to encryption mould by key updating interface in step S1
Block.
Preferably, processor module is provided newly by new machine instruction, or controller firmware (FW) in step S1
Application programming interface realizes that sending key updating asks to encrypting module.
By using a kind of method of internal storage data encryption and decryption provided by the invention, it can not only be effectively reduced and be directed to
SME technology secrecies key keeps the constant malicious attack brought, so as to significantly improve the security of internal memory encryption;And provide
The flexibility of safety approach, user and system can dynamically update the key of encryption and decryption as needed.
Embodiment
Below by drawings and examples, technical scheme is described in further detail.
As seen in figures 2 and 3, the present invention provides a kind of method of internal storage data encryption and decryption, and methods described includes:
S1, processor module 1 send key updating and asked to encrypting module 2, and the encrypting module produces after receiving request
New key;
S2, to each encrypted page in internal memory, encrypting module 2 is with old key to corresponding page
Data deciphering, and using the new key respectively to the page data re-encrypted after each decryption.
By using a kind of method of internal storage data encryption and decryption provided by the invention, it can not only be effectively reduced and be directed to
SME technology secrecies key keeps the constant malicious attack brought, so as to significantly improve the security of internal memory encryption;And provide
The flexibility of safety approach, user and system can dynamically update the key of encryption and decryption as needed.
Because the renewal of encryption key can cause the failure of current crypto data in internal memory, so being needed after key updating success
Encryption data in internal memory is decrypted, then makes encryption storage again of new key again.When system is in oepration at full load
In the state of when, system has substantial amounts of data and is stored in internal memory.If now go more new key, it will when consumption is very long
Between go the data in decryption/encryption internal memory, this can cause system unavailable in a very long time.
Therefore, in a preferred embodiment of the invention, also include before step S1:Operating system check processor module
1 current state, directly exited if the processor module 1 is busy;
If processor module 1 is in idle condition, operating system is hung up, does not receive the input of any other process
Output operation, and perform above-mentioned steps S1 and S2.
By using a kind of method of internal storage data encryption and decryption provided by the invention, it can not only be effectively reduced and be directed to
SME technology secrecies key keeps the constant malicious attack brought, so as to significantly improve the security of internal memory encryption;And provide
The flexibility of safety approach, user and system can dynamically update the key of encryption and decryption as needed.
In addition, after above-mentioned steps successful execution, operating system returns to " success ";If the wrong appearance of above-mentioned steps, behaviour
Make system to return to " mistake " and terminate renewal process.
Step S1 also include encrypting module by new key preserve register into random access memory controller module or its inside
In EEPROM.
Given in Fig. 2 it is a kind of by dynamic renewal encryption key so as to increasing the system of internal memory cryptographic security.This is
System by key updating interface between processor module 1 and encrypting module 2 by (interface as shown in phantom in Figure 3, realizing shape
Formula includes hardware instruction UPDATE_MEM_KEY, encrypting module FW and provides new API etc.), so as to support the dynamic of encryption key
More New function.After adding the function, operating system can suitable at the time of to encrypting module 2 send key updating request from
And generate new encryption key.In addition, processor module 1 passes through new machine instruction, or controller firmware in step S1
(FW) new application programming interface (API) is provided and realizes that sending key updating asks to encrypting module 2.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion being described in detail in some embodiment
Point, it may refer to the associated description of other embodiment.
Professional should further appreciate that, each example described with reference to the embodiments described herein
Unit and algorithm steps, it can be realized with electronic hardware, computer software or the combination of the two, it is hard in order to clearly demonstrate
The interchangeability of part and software, the composition and step of each example are generally described according to function in the above description.
These functions are performed with hardware or software mode actually, application-specific and design constraint depending on technical scheme.
Professional and technical personnel can realize described function using distinct methods to each specific application, but this realization
It is it is not considered that beyond the scope of this invention.
The method that is described with reference to the embodiments described herein can use hardware, computing device the step of algorithm
Software module, or the two combination are implemented.Software module can be placed in random access memory (RAM), internal memory, read-only storage
(ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
In any other form of storage medium well known to interior.
The embodiment being somebody's turn to do above, the purpose of the present invention, technical scheme and beneficial effect are carried out further in detail
Describe in detail it is bright, should be understood that more than should be only the present invention embodiment, the guarantor being not intended to limit the present invention
Scope is protected, within the spirit and principles of the invention, any modification, equivalent substitution and improvements done etc., should be included in this
Within the protection domain of invention.