CN109447225A - A kind of high-speed secure encryption Micro SD card - Google Patents
A kind of high-speed secure encryption Micro SD card Download PDFInfo
- Publication number
- CN109447225A CN109447225A CN201811425146.5A CN201811425146A CN109447225A CN 109447225 A CN109447225 A CN 109447225A CN 201811425146 A CN201811425146 A CN 201811425146A CN 109447225 A CN109447225 A CN 109447225A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- cryptographic algorithm
- hsspi
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 claims abstract description 36
- 238000003860 storage Methods 0.000 claims abstract description 35
- 238000012545 processing Methods 0.000 claims abstract description 21
- 238000000034 method Methods 0.000 claims description 38
- 230000006854 communication Effects 0.000 claims description 28
- 238000004891 communication Methods 0.000 claims description 27
- 239000003550 marker Substances 0.000 claims description 24
- 230000008569 process Effects 0.000 claims description 21
- 238000002360 preparation method Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 9
- 238000013461 design Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000010354 integration Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012913 prioritisation Methods 0.000 description 2
- 102220489501 Derlin-1_L73A_mutation Human genes 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/077—Constructional details, e.g. mounting of circuits in the carrier
- G06K19/0772—Physical layout of the record carrier
- G06K19/07732—Physical layout of the record carrier the record carrier having a housing or construction similar to well-known portable memory devices, such as SD cards, USB or memory sticks
Abstract
The invention discloses a kind of high-speed secures to encrypt Micro SD card, including SD interface chip, safety chip and storage chip;SD interface module and storage control are integrated in SD interface chip;Cryptographic algorithm module, COS module, cryptographic algorithm accelerator and bit arithmetic accelerator are integrated in safety chip;Memory module is integrated in storage chip;It further include HSSPI interface and dma module;HSSPI main equipment is integrated in SD interface chip;HSSPI is integrated in safety chip from equipment and dma module.The present invention can be with the rate of speeding up data transmission, and effectively improves crypto-operation processing speed.
Description
Technical field
The present invention relates to SD card technical fields, and in particular to a kind of high-speed secure encryption Micro SD card.
Background technique
Currently, the practical application of commercial cipher, mostly using safety chip as carrier, by SoC chip designing technique, by state
Close algorithm is realized in the form of Hardware I P core and is integrated into safety chip.Hardware logic operation speed had both been taken full advantage of in this way
Fast advantage is spent, and has fully ensured that the safety of national secret algorithm in the form of hardware.In terms of product type, there are USB, string
The product of the multiple interfaces forms such as mouth, SD, Micro SD, wherein Micro SD card is higher, small in size with interface communication rate
The features such as skilful portable, being widely used in smart phone, intercom, safety monitoring, intelligent router etc. has safety service demand
Terminal device.
Currently, the practical application of commercial cipher, mostly using safety chip as carrier, by SoC chip designing technique, by state
Close algorithm is realized in the form of Hardware I P core and is integrated into safety chip.Hardware logic operation speed had both been taken full advantage of in this way
Fast advantage is spent, and has fully ensured that the safety of national secret algorithm in the form of hardware.In terms of product type, there are USB, string
The product of the multiple interfaces forms such as mouth, SD, Micro SD, wherein Micro SD card is higher, small in size with interface communication rate
The features such as skilful portable, being widely used in smart phone, intercom, safety monitoring, intelligent router etc. has safety service demand
Terminal device.
Meanwhile being substantially improved with telematic services data volume, it should guarantee the safety of data information, again to the greatest extent
Data transfer delay caused by amount reduces because of encryption or decryption process.Therefore, how to develop the hardware product of high-speed encryption and decryption at
For key technical problem instantly.
It is analyzed in terms of system architecture, safety encrypts Micro SD card and is mainly made of four parts: 1) SD interface module,
It is mainly responsible for the realization of SD communication protocol, is docked with the SD Host of host computer terminal realization;2) COS module, mainly include CPU,
Memory SRAM, Imbedded Flash and system IP, the main system administration for realizing encrypted card, function are realized, code stores, and
The storage of the key messages such as key, certificate;3) cryptographic algorithm module, mainly hard-wired cryptographic algorithm engine;4) data
Memory module, the memory module including storage control and example, in hardware are mainly responsible for the control of Micro SD card data storage
And it realizes.According to the above tetrameric hardware combinations mode, the technic relization scheme master of the Micro SD card of safety encryption at present
There are following three kinds:
Scheme one: as shown in Figure 1, SD interface module, COS module, cryptographic algorithm module, data are stored mould by scheme one
Storage control Integrated design in block designs a larger safety chip into a SoC chip, will be safe
The institute of encryption Micro SD card is functional all to be concentrated on inside this safety chip completing.On the one hand the safety chip passes through SD
Interface module is connect with host computer terminal, on the one hand by Nand Flash interface and data memory module inside card
Memory module connection.
Scheme two: as shown in Fig. 2, SD interface module, COS module and cryptographic algorithm module are integrated into one by scheme two
SoC safety chip, in addition, storage control is designed as storage control chip.Wherein, safety chip by SD interface with it is upper
Position machine terminal connection, and connect by SD interface with storage control chip.Storage control chip by Nand Flash interface with
Storage chip connection.
Scheme three: it as shown in figure 3, in scheme three, is made of in entire Micro SD card three chips: a safe core
Piece, a SD interface chip and a storage chip.Wherein safety chip is made of COS module and cryptographic algorithm module, and SD connects
Mouth chip is made of the storage control of SD interface module and data memory module, and storage chip is by data memory module
Memory module composition.SD interface chip is connect upwardly through SD interface with host computer terminal, pass downwardly through SPI interface or
The interfaces such as ISO7816 are connect with safety chip, and are connect by Nand Flash interface with storage chip.
Currently, analyzed in terms of system architecture and business function, existing scheme there are still some urgent problems to be solved,
Mainly it is summarized as follows:
(1) safety chip is integrated with all modules in scheme one, and the "large and all inclusive" scheme of this pursuit has problems:
On the one hand, the integrated design risk for increasing SoC safety chip of multimode is crossed;On the other hand, safety chip is embedded
Flash is other than saving the key messages such as key, certificate, it is also necessary to the COS code of chip is saved, and memory module and SD connect
Mouth mold block can greatly increase size of code, this just needs safety chip to provide enough Imbedded Flash spaces, both improve production
The cost of material of product, and higher requirement is proposed to the process yields etc. of chip, also result in the promotion of cost.In addition,
When memory module or SD interface module update, it is also necessary to redesign whole safety chip, added losses are too big.
(2) although storage control is individually cooked up by scheme two, storage control chip is formed, in safety chip
It also needs to increase SD main device module, influences product cost;In addition, when completing data storage function, excessive communication interface ring
Section, also will affect the rate of storage.
(3) the crypto-operation rate of encrypted card is the important performance indexes of product, although scheme three can evade scheme one
The shortcomings that with scheme two, still, crypto-operation will be completed inside safety chip, and the data before and after operation will pass through
With the SPI or ISO7816 of SD interface chip chamber low speed, the processing speed of product entirety is affected.In addition, in safety chip
Portion, data need to be transferred in cryptographic algorithm module and handle by block length as defined in cryptographic algorithm under CPU control, general
Logical serial operation also will affect processing speed.
Summary of the invention
In view of the deficiencies of the prior art, the present invention is intended to provide a kind of high-speed secure encrypts Micro SD card, can accelerate
The rate of data transmission, and effectively improve crypto-operation processing speed.
To achieve the goals above, the present invention adopts the following technical scheme:
A kind of high-speed secure encryption Micro SD card, including SD interface chip, safety chip and storage chip;The SD
SD interface module and storage control are integrated in interface chip, the SD interface module communication is connected to SD interface;The peace
Cryptographic algorithm module and COS module are integrated in full chip;Memory module, the storage mould are integrated in the storage chip
Block is connected with storage control by Nand Flash interface communication;It further include HSSPI interface and DMA module;HSSPI master sets
Standby to be integrated in the SD interface chip, the SD interface module, storage control, HSSPI main equipment pass through the SD interface
The on-chip bus communication connection of chip;HSSPI is integrated in the safety chip from equipment and dma module, and the password is calculated
The on-chip bus communication connection that method module, COS module, HSSPI pass through the safety chip from equipment and dma module;It is described
HSSPI main equipment and HSSPI are connected to HSSPI interface from device talk.
Further, be also integrated with cryptographic algorithm accelerator in the safety chip, the cryptographic algorithm accelerator and
COS module, the equal communication connection of cryptographic algorithm module.
Further, it is also integrated with bit arithmetic accelerator in the safety chip, the bit arithmetic accelerator and described
Cryptographic algorithm accelerator, COS module, the equal communication connection of cryptographic algorithm module.
The present invention also provides a kind of sides that data encryption or decryption are carried out using above-mentioned high-speed secure encryption Micro SD card
Method includes the following steps:
S1, host computer terminal encrypt the transmission of Micro SD card to high-speed secure by SD interface and write data command and to be added
Close or decryption data;
S2, SD interface chip, which receive, to be write data command and to be encrypted or decryption data and is parsed, and number then will be write
It is transmitted by HSSPI main equipment to safety chip according to order and to be encrypted or decryption data;
HSSPI in S3, safety chip writes data command and to be added from the data block that equipment receives 512 bytes
Then close or decryption data set " data end of transmission " marker to own cache;
After S4, dma module automatically detect " data end of transmission " marker that HSSPI is set from equipment, it will receive
To data to be encrypted or decryption removed from the caching of equipment to the memory of the COS module of safety chip by HSSPI, then oneself
It is dynamic to set " data-moving finishes " marker;
" data end of transmission " marker that S5, HSSPI are set from device clear step S3;
S6, dma module detect whether to have received the data that whole is to be encrypted or decrypts automatically, continue if having from step
S3 starts to execute data receiver again, until stopping receiving after all receiving;
S7, cryptographic algorithm module are to be encrypted or decryption the data processing that is encrypted or decrypted and will encryption or solution
Result data after close is stored in the memory of COS module of safety chip;
S8, host computer terminal send the order for reading data by SD interface, to read the number of results after encryption or decryption
According to;
S9, SD interface chip by HSSPI main equipment send the reading to safety chip after receiving the order for reading data
According to order;
S10, safety chip HSSPI the order for the reading data that HSSPI main equipment issues, juxtaposition " data are received from equipment
Prepare loopback " marker;
After S11, dma module automatically detect " data preparation loopback " marker that HSSPI is set from equipment, from peace
The result data of encryption or the decryption of the data block of 512 bytes is carried in the memory of the COS module of full chip to HSSPI
From the caching of equipment, " data preparation finishes " mark is then set;
Data block in S12, step S11 reaches SD interface chip by HSSPI interface, and then HSSPI is set from equipment
" data, which upload, to be completed " marker;
S13, the dma module automatically detect " data, which upload, to be completed " marker that HSSPI is set from equipment, really
Recognize this end of transmission;Dma module detects whether that the result data there are also subsequent encryption or decryption needs to transmit automatically, such as
Have, continuation carries out transmission of data blocks again since step S11, otherwise stops transmission;
After result data after S14, all encryptions or decryption is transmitted to SD interface chip, extremely by HSSPI master transmissions
SD interface module, SD interface module connect the command execution results received by protocol frame format encapsulated data packet, and by SD
Mouth is transmitted to host computer terminal;
S15, host computer terminal finish receiving the result data of encryption or decryption by SD interface.
Further, detailed process is as follows by step S7:
The data to be encrypted or decryption that the CPU parsing of S7.1, COS module receives, configure and setting up password algorithm add
Fast device is given the processing task of to be encrypted or decryption data to cryptographic algorithm accelerator and is carried out, and the CPU of COS module can at this time
Then to go to handle other subsequent tasks;
S7.2, cryptographic algorithm accelerator control this to be added of the cryptographic algorithm resume module according to pipelines strategy
Close or decryption data, in the process if you need to carry out bit arithmetic, then invocation bit arithmetic accelerator carries out respective handling;
S7.3, cryptographic algorithm accelerator judge whether there are also it is untreated to be encrypted or decryption data, if there is then after
Continuous processing, otherwise exits assembly line, and the result data after encryption or decryption is removed by cryptographic algorithm accelerator to COS module
It deposits.
Further, the detailed process of step S7.2 are as follows:
S7.2.1, the 1st group of input data is removed from the memory of COS module to cryptographic algorithm mould by cryptographic algorithm accelerator
Then the input-buffer of block configures the controller of cryptographic algorithm module, start the encryption or decryption operation of the 1st group of input data;
S7.2.2, m group input data is removed from the memory of COS module to cryptographic algorithm mould by cryptographic algorithm accelerator
The input-buffer of block;1 < m≤N, m is integer, and N is that data always organize number;
S7.2.3, by the processing status of cryptographic algorithm accelerator password for inquiry algoritic module, completed to cryptographic algorithm module
After the encryption or decryption operation of m-1 group data, by the controller of cryptographic algorithm accelerator configuration cryptographic algorithm module, starting
The encryption or decryption operation of m group input data;
S7.2.4, cryptographic algorithm module carry out the encryption or decryption operation of m group input data;Meanwhile cryptographic algorithm adds
Fast device removes the result of m-1 group input data operation to the memory of COS module from the output of cryptographic algorithm module caching;
S7.2.5, cryptographic algorithm accelerator remove m+1 group input data to cryptographic algorithm module from the memory of COS module
Input-buffer;
The processing status of S7.2.6, cryptographic algorithm accelerator password for inquiry algoritic module complete the to cryptographic algorithm module
After the encryption or decryption operation of m group data, by the controller of cryptographic algorithm accelerator configuration cryptographic algorithm module, start m+1
The encryption or decryption operation of group input data;
S7.2.7, return successively handle subsequent each group of data by identical step since step S7.2.4, until all
Data processing finishes.
It should be pointed out that every group of data length of symmetric cryptographic algorithm is 128bi t.
The beneficial effects of the present invention are:
1, high-speed secure of the invention encryption Micro SD card is set by using the combination of HSSPI interface and dma module
Meter, is on the one hand able to ascend interface rate, and on the other hand, dma module can both be automatically performed HSSPI interface from equipment end
Hardware handshaking signal inquiry and configuration, and can be rapidly completed HSSPI from the data of equipment end carry, so as to avoid
The time-consuming caused by software realization aforesaid operations, further improves message transmission rate in COS module;
2, high-speed secure encryption Micro SD card of the invention by increase cryptographic algorithm accelerator as coprocessor with
The configuration and data input and output of cryptographic algorithm module are controlled, and is made in the process by increasing bit arithmetic accelerator
Bit arithmetic is completed by hard-wired bit arithmetic accelerator, can effectively improve the encryption of safety chip inter-process or decryption is appointed
The rate of business further promotes the overall performance of encrypted card.
3, high-speed secure of the invention encryption Micro SD card facilitates save the cost, reduces the design risk of product, mentions
The flexibility of high product upgrading.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of prior art one;
Fig. 2 is the structural schematic diagram of prior art two;
Fig. 3 is the structural schematic diagram of prior art three;
Fig. 4 is that the high-speed secure of the embodiment of the present invention 1 encrypts the structural schematic diagram of Micro SD card;
Fig. 5 is the method flow schematic diagram of the embodiment of the present invention 2;
Fig. 6 is the composition connection schematic diagram of HSSPI interface in the embodiment of the present invention 1;
Fig. 7 is inquiring or having set according to data transmission procedure inside safety chip described in the embodiment of the present invention 1
Process schematic of the HSSPI from the correspondence handshake of equipment;
Fig. 8 is the structural schematic diagram of cryptographic algorithm accelerator COA in the embodiment of the present invention 1;
Fig. 9 is the implementation process diagram of step S7 in the embodiment of the present invention 2;
Figure 10 is the implementation process diagram of step S7.2 in the embodiment of the present invention 2.
Specific embodiment
Below with reference to attached drawing, the invention will be further described, it should be noted that the present embodiment is with this technology side
Premised on case, the detailed implementation method and specific operation process are given, but protection scope of the present invention is not limited to this reality
Apply example.
Embodiment 1
The present embodiment provides a kind of high-speed secures to encrypt Micro SD card, as shown in figure 4, including SD interface chip
(SDIF), safety chip (SECCHIP) and storage chip (L73A);Be integrated in the SD interface chip SD interface module and
Storage control, the SD interface module communication are connected to SD interface;Be integrated in the safety chip cryptographic algorithm module and
COS module;Memory module is integrated in the storage chip, the memory module and storage control pass through Nand Flash
Interface communication connection.The memory module is mainly that the storage of data provides the hardware physical mediums such as Nand Flash, and responds
The data storage command that the storage control is sent.
Further, the SD interface chip is connect with safety chip by the HSSPI interface communication of high speed.HSSPI master
In the SD interface chip, the SD interface module, storage control, HSSPI main equipment are connect integration of equipments by the SD
The on-chip bus communication connection of mouth chip;HSSPI is integrated in the safety chip from equipment and dma module, described close
The on-chip bus communication connection that code algoritic module, COS module, HSSPI pass through the safety chip from equipment and dma module;Institute
It states HSSPI main equipment and is connected from equipment by HSSPI interface communication with HSSPI.
Further, it is also integrated in the safety chip cryptographic algorithm accelerator (COA), the cryptographic algorithm accelerates
Device is connected with COS module, cryptographic algorithm module communication respectively.
Further, it is also integrated in the safety chip bit arithmetic accelerator (BOA), the bit arithmetic accelerator
With the cryptographic algorithm accelerator, COS module, the equal communication connection of cryptographic algorithm module.
It should be noted that HSSPI interface is a kind of high speed serialization Peripheral Interface from the point of view of physical layer, it is able to use
Better simply structure realizes the message transmission rate of higher speed.HSSPI interface is main using main equipment/from the existence form of equipment
Integration of equipments is in SD interface chip, from integration of equipments in safety chip, the two communication connection, as shown in Figure 6.Except power supply/
Outside ground connecting line, You Sigen data line, a clock line and an order wire composition, transmission speed is up to 200Mb/s.
The communication of HSSPI interface is initiated by main equipment, using the mechanism of " order-response ", data using 512 bytes as block unit with
The reading data command and write data command to upload and issue that HSSPI main equipment issues.Relative in traditional scheme SPI or
ISO7816 interface, message transmission rate can be obviously improved by carrying out communication using HSSPI interface in the present embodiment.
Further, from the point of view of logic level, the signal that HSSPI interface needs master-slave equipment in communication process is held
Hand process needs to inquire or set according to data transmission procedure HSSPI and shakes hands from the correspondence of equipment inside safety chip
Signal, and data manipulation is completed according to the state of these signals, as shown in Figure 7.In this course, there are two keys
Time-consuming link: (1) inquiry and configuration of handshake mark;(2) data HSSPI from equipment cache and safety chip memory
Between move.If above-mentioned link is waited in COS module with circulation and the method for circulation assignment is realized, it will consume very much
When.
Therefore, further to promote data transmission performance, so that data is passed through HSSPI interface as early as possible and be sent to COS module
For COS resume module in memory, in the present embodiment, hard-wired prioritization scheme is used for above-mentioned two key link.
Prioritization scheme has used dma module, and HSSPI is connected to dma module from the handshake hardware of equipment, can be passed through
Controlling these handshake assists HSSPI to complete hardware handshaking from equipment, and can complete data and cache in HSSPI from equipment
And moving between safety chip memory.
It in the present embodiment, is designed by the combination of HSSPI interface and dma module, on the one hand promotes interface rate, it is another
Aspect can further improve message transmission rate to avoid time-consuming caused by software realization aforesaid operations is used in COS module.
Further, it should be noted that encryption or task of decryption are mainly by the cryptographic algorithm inside safety chip
Module (SM1, SM4, AES etc.) complete, this process be related to key setting, the input of IV value, the grouping of source data and output,
The algoritic module control configuration of register, the inquiry of algoritic module status register, encryption and decryption operation result such as move at the step
Suddenly.In the prior art, usually above-mentioned series of steps is completed by the CPU control of safety chip COS module.
In order to improve the rate of the encryption of safety chip inter-process or task of decryption, the entirety of encrypted card is further promoted
Performance controls the state of cryptographic algorithm module by increasing cryptographic algorithm accelerator in the present embodiment as coprocessor
Inquiry, configuration and data input and output, and by increasing bit arithmetic accelerator bit arithmetic in the process is patrolled by hardware
It collects to complete.
Cryptographic algorithm accelerator COA is a kind of hardware co-processor, what which can intervene in no CPU
In the case of, complete independently sequence of operations, including logical operation and data-moving etc..COA is integrated in safe core in the form of IP
In piece, carry is on the ahb bus of system.The structure of COA is as shown in figure 8, mainly comprise the following steps: ahb bus connects
Mouth mold block, PC (Program Counter) controller, instruction decoder, arithmetic logic arithmetic unit ALU (Arithmetic
Logical Unit) and general register.Wherein, ahb bus interface module is used to pass through ahb bus acquisition instruction and data;
PC controller executes process for generating and modifying PC pointer, control native instructions;Instruction decoder is used for from AHB bus
The instruction of acquisition is decoded;ALU is for completing counting in COA native instructions implementation procedure and logical operation;General deposit
Device is for instructing the relevant operations such as write-back.
Bit arithmetic accelerator BOA is a kind of module of the bit arithmetics such as hardware realization cyclic shift, step-by-step exclusive or.BOA is also
It is integrated in safety chip in the form of IP, and is connected by ahb bus with other modules in piece.In the present embodiment, BOA
It is mainly used to that COA is assisted to complete bit arithmetic, such as the cyclic shift and process data of data directory by hardware logic
Step-by-step exclusive or.
Embodiment 2
As shown in figure 5, being counted the present embodiment provides a kind of using the high-speed secure encryption Micro SD card of embodiment 1
According to the method for transmission, include the following steps:
S1, host computer terminal encrypt the transmission of Micro SD card to high-speed secure by SD interface and write data command and to be added
Close or decryption data;
S2, SD interface chip, which receive, to be write data command and to be encrypted or decryption data and is parsed, and number then will be write
It is transmitted by HSSPI main equipment to safety chip according to order and to be encrypted or decryption data;
HSSPI in S3, safety chip writes data command and to be added from the data block that equipment receives 512 bytes
Then close or decryption data set " data end of transmission " marker to own cache;
After S4, dma module automatically detect " data end of transmission " marker that HSSPI is set from equipment, it will receive
To data to be encrypted or decryption removed from the caching of equipment to the memory of the COS module of safety chip by HSSPI, then oneself
It is dynamic to set " data-moving finishes " marker;
" data end of transmission " marker that S5, HSSPI are set from device clear step S3;
S6, dma module detect whether to have received the data that whole is to be encrypted or decrypts automatically, continue if having from step
S3 starts to execute data receiver again, until stopping receiving after all receiving;
S7, cryptographic algorithm module are to be encrypted or decryption the data processing that is encrypted or decrypted and will encryption or solution
Result data after close is stored in the memory of COS module of safety chip;
S8, host computer terminal send the order for reading data by SD interface, to read the number of results after encryption or decryption
According to;
S9, SD interface chip by HSSPI main equipment send the reading to safety chip after receiving the order for reading data
According to order;
S10, safety chip HSSPI the order for the reading data that HSSPI main equipment issues, juxtaposition " data are received from equipment
Prepare loopback " marker;
After S11, dma module automatically detect " data preparation loopback " marker that HSSPI is set from equipment, from peace
The result data of encryption or the decryption of the data block of 512 bytes is carried in the memory of the COS module of full chip to HSSPI
From the caching of equipment, " data preparation finishes " mark is then set;
Data block in S12, step S11 reaches SD interface chip by HSSPI interface, and then HSSPI is set from equipment
" data, which upload, to be completed " marker;
S13, the dma module automatically detect " data, which upload, to be completed " marker that HSSPI is set from equipment, really
Recognize this end of transmission;Dma module detects whether that the result data there are also subsequent encryption or decryption needs to transmit automatically, such as
Have, continuation carries out transmission of data blocks again since step S11, otherwise stops transmission;
After result data after S14, all encryptions or decryption is transmitted to SD interface chip, extremely by HSSPI master transmissions
SD interface module, SD interface module connect the command execution results received by protocol frame format encapsulated data packet, and by SD
Mouth is transmitted to host computer terminal;
S15, host computer terminal finish receiving the result data of encryption or decryption by SD interface.In the present embodiment, such as
Shown in Fig. 9, detailed process is as follows by step S7:
The data to be encrypted or decryption that the CPU parsing of S7.1, COS module receives, configure and setting up password algorithm add
Fast device is given the processing task of to be encrypted or decryption data to cryptographic algorithm accelerator and is carried out;The CPU of COS module can at this time
Then to go to handle other subsequent tasks;
S7.2, cryptographic algorithm accelerator control this to be added of the cryptographic algorithm resume module according to pipelines strategy
Close or decryption data, in the process if you need to carry out bit arithmetic, then invocation bit arithmetic accelerator carries out respective handling;
S7.3, cryptographic algorithm accelerator judge whether there are also it is untreated to be encrypted or decryption data, if there is then after
Continuous processing, otherwise exits assembly line, and the result data after encryption or decryption is removed by cryptographic algorithm accelerator to COS module
It deposits.
In the present embodiment, it to improve the processing speed that cryptographic algorithm accelerator COA controls cryptographic algorithm module, uses
The acceleration strategy of assembly line, further reduced the time overhead of data input and output, as shown in Figure 10, step S7.2
Detailed process are as follows:
S7.2.1, the 1st group of input data is removed from the memory of COS module to cryptographic algorithm mould by cryptographic algorithm accelerator
Then the input-buffer of block configures the controller of cryptographic algorithm module, start the encryption or decryption operation of the 1st group of input data;
S7.2.2, m group input data is removed from the memory of COS module to cryptographic algorithm mould by cryptographic algorithm accelerator
The input-buffer of block;1 < m≤N, m is integer, and N is that data always organize number;
S7.2.3, by the processing status of cryptographic algorithm accelerator password for inquiry algoritic module, completed to cryptographic algorithm module
After the encryption or decryption operation of m-1 group data, by the controller of cryptographic algorithm accelerator configuration cryptographic algorithm module, starting
The encryption or decryption operation of m group input data;
S7.2.4, cryptographic algorithm module carry out the encryption or decryption operation of m group input data;Meanwhile cryptographic algorithm adds
Fast device removes the result of m-1 group input data operation to the memory of COS module from the output of cryptographic algorithm module caching;
S7.2.5, cryptographic algorithm accelerator remove m+1 group input data to cryptographic algorithm module from the memory of COS module
Input-buffer;
The processing status of S7.2.6, cryptographic algorithm accelerator password for inquiry algoritic module complete the to cryptographic algorithm module
After the encryption or decryption operation of m group data, by the controller of cryptographic algorithm accelerator configuration cryptographic algorithm module, start m+1
The encryption or decryption operation of group input data;
S7.2.7, return successively handle subsequent each group of data by identical step since step S7.2.4, until all
Data processing finishes.
For those skilled in the art, it can be provided various corresponding according to above technical solution and design
Change and modification, and all these change and modification, should be construed as being included within the scope of protection of the claims of the present invention.
Claims (6)
1. a kind of high-speed secure encrypts Micro SD card, including SD interface chip, safety chip and storage chip;The SD interface
SD interface module and storage control are integrated in chip, the SD interface module communication is connected to SD interface;The safe core
Cryptographic algorithm module and COS module are integrated in piece;It is integrated with memory module in the storage chip, the memory module and deposits
Controller is stored up to connect by Nand Flash interface communication;It is characterized in that, further including HSSPI interface and dma module;HSSPI
Main equipment is integrated in the SD interface chip, and the SD interface module, storage control, HSSPI main equipment pass through the SD
The on-chip bus communication connection of interface chip;HSSPI is integrated in the safety chip from equipment and dma module, described close
The on-chip bus communication connection that code algoritic module, COS module, HSSPI pass through the safety chip from equipment and dma module;Institute
It states HSSPI main equipment and HSSPI and is connected to HSSPI interface from device talk.
2. high-speed secure according to claim 1 encrypts Micro SD card, which is characterized in that also collect in the safety chip
At having cryptographic algorithm accelerator, the cryptographic algorithm accelerator and COS module, the equal communication connection of cryptographic algorithm module.
3. high-speed secure according to claim 2 encrypts Micro SD card, which is characterized in that also collect in the safety chip
At there is bit arithmetic accelerator, the bit arithmetic accelerator and the cryptographic algorithm accelerator, COS module, cryptographic algorithm module are equal
Communication connection.
4. a kind of carry out data encryption or decryption using any high-speed secure encryption Micro SD card of claim 1-3
Method, which comprises the steps of:
S1, host computer terminal encrypt the transmission of Micro SD card to high-speed secure by SD interface and write data command and to be encrypted or solution
Close data;
S2, SD interface chip, which receive, to be write data command and to be encrypted or decryption data and is parsed, and data life then will be write
It enables and to be encrypted or decryption data is transmitted by HSSPI main equipment to safety chip;
HSSPI in S3, safety chip writes data command and to be encrypted or solution from the data block that equipment receives 512 bytes
Then close data set " data end of transmission " marker to own cache;
After S4, dma module automatically detect " data end of transmission " marker that HSSPI is set from equipment, by what is received
To be encrypted or decryption data are removed from the caching of equipment to the memory of the COS module of safety chip by HSSPI, are then set automatically
" data-moving finishes " marker;
" data end of transmission " marker that S5, HSSPI are set from device clear step S3;
S6, dma module detect whether to have received the data that whole is to be encrypted or decrypts automatically, continue since step S3 if having
Data receiver is executed again, until stopping receiving after all receiving;
S7, cryptographic algorithm module are to be encrypted or decryption the data processing that is encrypted or decrypted and will be after encryption or decryption
Result data is stored in the memory of COS module of safety chip;
S8, host computer terminal send the order for reading data by SD interface, to read the result data after encryption or decryption;
S9, SD interface chip by HSSPI main equipment send the reading data to safety chip after receiving the order for reading data
Order;
S10, safety chip HSSPI the order for the reading data that HSSPI main equipment issues, juxtaposition " data preparation are received from equipment
Loopback " marker;
After S11, dma module automatically detect " data preparation loopback " marker that HSSPI is set from equipment, from safety chip
COS module memory in carry 512 bytes data block encryption or decryption result data to HSSPI from equipment
In caching, " data preparation finishes " mark is then set;
Data block in S12, step S11 reaches SD interface chip by HSSPI interface, and then HSSPI is set " in data from equipment
Pass and complete " marker;
S13, the dma module automatically detect " data, which upload, to be completed " marker that HSSPI is set from equipment, confirm this
The end of transmission;Dma module detects whether that the result data there are also subsequent encryption or decryption needs to transmit automatically, if any then continuing
It carries out transmission of data blocks again since step S11, otherwise stops transmission;
After result data after S14, all encryptions or decryption is transmitted to SD interface chip, connect by HSSPI master transmissions to SD
Mouth mold block, SD interface module by the command execution results received by protocol frame format encapsulated data packet, and by SD interface to
The transmission of host computer terminal;
S15, host computer terminal finish receiving the result data of encryption or decryption by SD interface.
5. according to the method described in claim 4, it is characterized in that, step S7 detailed process is as follows:
The data to be encrypted or decryption that the CPU parsing of S7.1, COS module receives, configure simultaneously setting up password algorithm accelerator,
The processing task of to be encrypted or decryption data is given to cryptographic algorithm accelerator to carry out;
S7.2, cryptographic algorithm accelerator control this to be encrypted of the cryptographic algorithm resume module or solution according to pipelines strategy
Close data, in the process if you need to carry out bit arithmetic, then invocation bit arithmetic accelerator carries out respective handling;
S7.3, cryptographic algorithm accelerator judge whether that there are also untreated to be encrypted or decryption data, if there is then continuing to locate
Reason, otherwise exits assembly line, and the result data after encryption or decryption is removed by cryptographic algorithm accelerator to the memory of COS module.
6. according to the method described in claim 5, it is characterized in that, the detailed process of step S7.2 are as follows:
S7.2.1, the 1st group of input data removed from the memory of COS module by cryptographic algorithm accelerator it is defeated to cryptographic algorithm module
Enter caching, then configure the controller of cryptographic algorithm module, starts the encryption or decryption operation of the 1st group of input data;
S7.2.2, m group input data removed from the memory of COS module by cryptographic algorithm accelerator it is defeated to cryptographic algorithm module
Enter caching;1 < m≤N, m is integer, and N is that data always organize number;
S7.2.3, by the processing status of cryptographic algorithm accelerator password for inquiry algoritic module, complete m-1 to cryptographic algorithm module
After the encryption or decryption operation of group data, by the controller of cryptographic algorithm accelerator configuration cryptographic algorithm module, starting m group is defeated
Enter the encryption or decryption operation of data;
S7.2.4, cryptographic algorithm module carry out the encryption or decryption operation of m group input data;Meanwhile cryptographic algorithm accelerator
The result of m-1 group input data operation is removed from the output of cryptographic algorithm module caching to the memory of COS module;
S7.2.5, cryptographic algorithm accelerator remove m+1 group input data to the input of cryptographic algorithm module from the memory of COS module
Caching;
The processing status of S7.2.6, cryptographic algorithm accelerator password for inquiry algoritic module complete m group number to cryptographic algorithm module
According to encryption or decryption operation after, by cryptographic algorithm accelerator configuration cryptographic algorithm module controller, starting m+1 group input
The encryption or decryption operation of data;
S7.2.7, return successively handle subsequent each group of data by identical step since step S7.2.4, until total data
It is disposed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811425146.5A CN109447225A (en) | 2018-11-27 | 2018-11-27 | A kind of high-speed secure encryption Micro SD card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811425146.5A CN109447225A (en) | 2018-11-27 | 2018-11-27 | A kind of high-speed secure encryption Micro SD card |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109447225A true CN109447225A (en) | 2019-03-08 |
Family
ID=65555007
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811425146.5A Pending CN109447225A (en) | 2018-11-27 | 2018-11-27 | A kind of high-speed secure encryption Micro SD card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109447225A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111400732A (en) * | 2020-03-12 | 2020-07-10 | 西安石油大学 | USB channel-based encryption and decryption module and equipment |
CN111539040A (en) * | 2020-03-27 | 2020-08-14 | 郑州信大捷安信息技术股份有限公司 | Safety intelligent card system and its cipher service method |
CN111783166A (en) * | 2020-07-06 | 2020-10-16 | 深圳市安信达存储技术有限公司 | Encryption type eMMC (enhanced multimedia content protection protocol) chip structure and data processing method |
CN112231729A (en) * | 2020-10-23 | 2021-01-15 | 山东超越数控电子股份有限公司 | SD security module based on SoC chip and transmission method |
CN112597099A (en) * | 2021-01-15 | 2021-04-02 | 西安超越申泰信息科技有限公司 | SD (secure digital) security module based on SoC (System on chip) chip and design method |
NL2026311A (en) * | 2019-08-22 | 2021-04-06 | Cstarcore Tech Co Ltd | Control method and control system for data transmission |
CN113297611A (en) * | 2021-02-08 | 2021-08-24 | 阿里云计算有限公司 | Data processing method, data encryption storage method, data reading method, data processing equipment, data encryption storage equipment, data reading equipment and storage medium |
CN114499958A (en) * | 2021-12-24 | 2022-05-13 | 东软睿驰汽车技术(沈阳)有限公司 | Control method and device, vehicle and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102136046A (en) * | 2010-12-29 | 2011-07-27 | 上海爱信诺航芯电子科技有限公司 | High-speed low-power consumption safe secure digital (SD) card communicating method |
CN102223227A (en) * | 2011-06-08 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Safe and intelligent code memory chip and automatic communication file reestablishing method thereof |
CN102222050A (en) * | 2011-05-23 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Highly-efficient data processing and secure storage method and secure smart cryptographic storage chip |
CN103903042A (en) * | 2014-03-25 | 2014-07-02 | 杭州晟元芯片技术有限公司 | Data flow encryption SD card |
CN208861323U (en) * | 2018-11-27 | 2019-05-14 | 公安部第一研究所 | A kind of high-speed secure encryption Micro SD card |
-
2018
- 2018-11-27 CN CN201811425146.5A patent/CN109447225A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102136046A (en) * | 2010-12-29 | 2011-07-27 | 上海爱信诺航芯电子科技有限公司 | High-speed low-power consumption safe secure digital (SD) card communicating method |
CN102222050A (en) * | 2011-05-23 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Highly-efficient data processing and secure storage method and secure smart cryptographic storage chip |
CN102223227A (en) * | 2011-06-08 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Safe and intelligent code memory chip and automatic communication file reestablishing method thereof |
CN103903042A (en) * | 2014-03-25 | 2014-07-02 | 杭州晟元芯片技术有限公司 | Data flow encryption SD card |
CN208861323U (en) * | 2018-11-27 | 2019-05-14 | 公安部第一研究所 | A kind of high-speed secure encryption Micro SD card |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NL2026311A (en) * | 2019-08-22 | 2021-04-06 | Cstarcore Tech Co Ltd | Control method and control system for data transmission |
CN111400732A (en) * | 2020-03-12 | 2020-07-10 | 西安石油大学 | USB channel-based encryption and decryption module and equipment |
CN111539040A (en) * | 2020-03-27 | 2020-08-14 | 郑州信大捷安信息技术股份有限公司 | Safety intelligent card system and its cipher service method |
CN111539040B (en) * | 2020-03-27 | 2022-03-15 | 郑州信大捷安信息技术股份有限公司 | Safety intelligent card system and its cipher service method |
CN111783166A (en) * | 2020-07-06 | 2020-10-16 | 深圳市安信达存储技术有限公司 | Encryption type eMMC (enhanced multimedia content protection protocol) chip structure and data processing method |
CN112231729A (en) * | 2020-10-23 | 2021-01-15 | 山东超越数控电子股份有限公司 | SD security module based on SoC chip and transmission method |
CN112597099A (en) * | 2021-01-15 | 2021-04-02 | 西安超越申泰信息科技有限公司 | SD (secure digital) security module based on SoC (System on chip) chip and design method |
CN113297611A (en) * | 2021-02-08 | 2021-08-24 | 阿里云计算有限公司 | Data processing method, data encryption storage method, data reading method, data processing equipment, data encryption storage equipment, data reading equipment and storage medium |
CN114499958A (en) * | 2021-12-24 | 2022-05-13 | 东软睿驰汽车技术(沈阳)有限公司 | Control method and device, vehicle and storage medium |
CN114499958B (en) * | 2021-12-24 | 2024-02-09 | 东软睿驰汽车技术(沈阳)有限公司 | Control method and device, vehicle and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109447225A (en) | A kind of high-speed secure encryption Micro SD card | |
CN109902043B (en) | FPGA-based national cryptographic algorithm accelerated processing system | |
CN102541780B (en) | Multi-data stream channel DMA (Direct Memory Access) system | |
CN109902053A (en) | A kind of SPI communication method, terminal device and storage medium based on dual controller | |
CN101510245B (en) | High speed encryption and decryption USB bridging chip and chip high speed encryption and decryption method | |
CN104391813B (en) | A kind of embedded data security system SOC | |
CN105871895A (en) | IEC61850 communication protocol converter with encryption and decryption functions and implementing method | |
CN112540951A (en) | Special main control chip suitable for electric power system control protection device | |
CN101561751A (en) | USB encryption and decryption bridging chip | |
CN101540191B (en) | Real-time encrypted U disk and high speed encryption-decryption method | |
CN104182696A (en) | Design method based on Avalon interface for IP core of AES algorithm | |
CN104798010A (en) | Serial storage protocol compatible frame conversion, at least in part | |
CN105871894A (en) | IEC61850 communication protocol conversion SOC chip with encryption and decryption functions and implementing method | |
CN104391770A (en) | Online debugging and upper computer communication module of SOC (system-on-chip) chip for embedded data security system | |
CN208861323U (en) | A kind of high-speed secure encryption Micro SD card | |
CN106548099A (en) | A kind of chip of circuit system safeguard protection | |
CN114547663B (en) | Method for realizing data encryption, decryption and reading of high-speed chip based on USB interface | |
CN201387612Y (en) | Agricultural and animal product circulation supervising device | |
CN203102265U (en) | Solid state disk (SSD) control chip | |
CN205901787U (en) | IEC61850 communication protocol converter with encryption and decryption function | |
CN102110066A (en) | Tax-control encryption card control method | |
CN204695305U (en) | A kind of SPI communication interface based on joint product and this joint product | |
CN109656477B (en) | STT-MRAM-based non-contact smart card SoC | |
CN106529314A (en) | Micro stock market data processing system using FPGA encryption card | |
CN203102295U (en) | USB flash disk control chip |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |