CN109981671A - Data processing method and encryption equipment based on encryption equipment - Google Patents

Data processing method and encryption equipment based on encryption equipment Download PDF

Info

Publication number
CN109981671A
CN109981671A CN201910266538.XA CN201910266538A CN109981671A CN 109981671 A CN109981671 A CN 109981671A CN 201910266538 A CN201910266538 A CN 201910266538A CN 109981671 A CN109981671 A CN 109981671A
Authority
CN
China
Prior art keywords
data
operation result
check code
transmission
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910266538.XA
Other languages
Chinese (zh)
Other versions
CN109981671B (en
Inventor
孙吉平
陈文静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Senseshield Technology Co Ltd
Original Assignee
Beijing Senseshield Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Senseshield Technology Co Ltd filed Critical Beijing Senseshield Technology Co Ltd
Priority to CN201910266538.XA priority Critical patent/CN109981671B/en
Publication of CN109981671A publication Critical patent/CN109981671A/en
Application granted granted Critical
Publication of CN109981671B publication Critical patent/CN109981671B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Data processing method and encryption equipment based on encryption equipment are provided, which includes crypto chip, and method includes: response data operation request and obtains pending data, and check code issues crypto chip before pending data and pending data are transmitted;It receives crypto chip and determines that pending data successfully passes check code before the first transmission for executing operation result and calculated operation result that operation obtains after pending data transmission integrity verifies;Check code is sent to crypto chip before transmitting after successfully passing the verification of the first operation result transmission integrity by the second of inverse operation request, operation result and operation result;It receives crypto chip and determines that operation result successfully passes check code before the transmission for executing inverse operation result and calculated inverse operation result that inverse operation obtains after the second operation result transmission integrity verifies;Determine whether pending data and inverse operation result are consistent after successfully passing the verification of inverse operation result transmission integrity;If consistent, show data operation success.

Description

Data processing method and encryption equipment based on encryption equipment
Technical field
The present invention relates to computer safety field, more particularly, to promotion crypto chip reason data reliability based on adding The data processing method and encryption equipment of close machine.
Background technique
In order to improve the efficiency and safety of data encrypting and deciphering, crypto chip is often used in substituting soft algorithm progress password fortune It calculates, especially in the application field for needing high performance cipher operation.Generally, crypto chip can all provide a set of application program Programming interface (API), built-in application program (the hereinafter also referred to built-in application of encryption machine equipment (being hereafter also referred to as encryption equipment) Program) directly by API that crypto chip provides the calculation function that is provided using chip.But application program makes Need data being transferred to chip interior from encryption equipment memory when with the crypto-operation function of chip, the process of data transmission due to Need to be related to other hardware of encryption equipment, therefore data have loss or incomplete possibility.Due to hard inside crypto chip The electrical characteristic of the part situation unstable there is also program or data.It to sum up, may when carrying out operation using crypto chip There are the incorrect situations of operation result.
Therefore, this field, which exists, improves the reliability that crypto chip carries out data operation processing (for example, encryption and decryption data) Demand.
Summary of the invention
The object of the present invention is to provide one kind can be improved data operation processing (such as data encrypting and deciphering calculation process) The data processing method and encryption equipment based on encryption equipment of reliability.
First scheme according to the present invention, provides a kind of data processing method based on encryption equipment, and encryption equipment includes close Code chip, this method comprises: obtaining pending data in response to data operation processing request, and by pending data and wait locate Check code is sent to crypto chip before managing the transmission of data, receives crypto chip and is determining that it is to be processed that pending data successfully passes Request is handled according to data operation after data transfer integrity verification, predetermined operation operation obtained is executed to pending data As a result check code before the first of the operation result and by crypto chip being calculated is transmitted, passes successfully passing the first operation result After defeated completeness check, check code is sent to close before the second of data inverse operation request, operation result and operation result is transmitted Code chip receives crypto chip after determining that operation result successfully passes the verification of the second operation result transmission integrity according to data Inverse operation request executes the inverse operation inverse operation result obtained of predetermined operation to operation result and is calculated by crypto chip Check code before the transmission of the inverse operation result arrived determines to be processed after successfully passing the verification of inverse operation result transmission integrity Whether data are consistent with inverse operation result, if pending data is consistent with inverse operation result, show that data operation is processed into Function.
According to the preferred embodiment of first scheme, the verification of pending data transmission integrity includes by the biography of pending data Defeated preceding check code checking algorithm identical with check code before the transmission for calculating pending data with utilization is calculated to be processed Check code is compared after the transmission of data.
According to the preferred embodiment of first scheme, data operation processing request includes that data encryption asks summed data decryption to be asked It asks.
According to the preferred embodiment of first scheme, the verification of the first operation result transmission integrity includes by the of operation result One transmits the operation that preceding check code checking algorithm identical with check code before the transmission for calculating operation result with utilization is calculated As a result check code is compared after the first transmission.
According to the preferred embodiment of first scheme, the verification of the second operation result transmission integrity includes by the of operation result Two transmit preceding check code is calculated with checking algorithm identical with check code before the second transmission for calculating operation result is utilized Check code is compared after second transmission of operation result.
Preferably, inverse operation result transmission integrity verification include by check code before the transmission of inverse operation result and using with Check code after the transmission for the inverse operation result that the identical checking algorithm of check code is calculated before the transmission of calculating inverse operation result It is compared.
Alternative plan according to the present invention provides a kind of encryption equipment, comprising: crypto chip, for pending data Carry out scheduled data operation processing;Memory, wherein being stored with computer program instructions;Processor, computer program instructions Method described in either a program in above-mentioned each scheme is realized when executed by the processor.
Third program according to the present invention provides a kind of data processing method based on encryption equipment, comprising: to encryption equipment Send data operation processing request and pending data, receive from encryption equipment predetermined operation carried out to pending data and Obtained operation result sends data inverse operation request and operation result to encryption equipment, receive from encryption equipment to operation knot Fruit has carried out inverse operation obtained from the inverse operation of predetermined operation as a result, pending data is compared with inverse operation result, If the two is consistent, show that data operation is handled successfully.
Above scheme according to the present invention, the data processing method based on encryption equipment provided and encryption equipment are in view of data The process of transmission causes data to there is loss or incomplete possibility due to needing other hardware for being related to encrypting machine equipment It, can be to crypto chip and due to the situation that the electrical characteristic of hardware is unstable there is also program or data inside crypto chip The data operation of progress is handled and the safety and reliability of data transmission procedure is verified, so that it is guaranteed that obtaining accurately , correct calculation process is as a result, improve the safety and reliability that encryption equipment carries out data operation processing.
Detailed description of the invention
Description by reference to attached drawing to following specific embodiments, these schemes of the disclosure and other schemes and on It states and other purposes, advantage and feature will become obvious, in the accompanying drawings:
Fig. 1 is the block diagram for showing the building block of framework of the encryption machine equipment according to the embodiment of the present disclosure;
Fig. 2 is the process timing diagram for illustrating to be promoted according to the cryptographic calculation reliability of embodiment of the disclosure;
Fig. 3 is the process timing diagram for illustrating decryption operational reliability according to an embodiment of the present disclosure and being promoted;
Fig. 4 is the flow chart of each step for the data processing method for illustrating root according to the embodiment of the present disclosure;
Fig. 5 is the stream for illustrating each step of data processing method of the user interface side according to another embodiment of the disclosure Cheng Tu.
Specific embodiment
Embodiment given here and attached drawing show various principles of the invention.It should be understood that this field skill Art personnel can design various arrangements and implementation, these arrangement and implementation be although not explicitly described herein or It shows, but embodies these principles of the invention and including within the scope of this disclosure.In addition, various implementations described herein Example is not necessarily mutually exclusive, but various embodiments can be combined to produce the other implementation comprising the principle of the invention Example.To make the objectives, technical solutions, and advantages of the present invention more comprehensible, hereinafter, referring to the drawings and the embodiments, to this hair Bright further description.
Fig. 1 shows the block diagram of the building block of the framework of encryption machine equipment 10 (also referred to as encryption equipment 10).At least In some embodiments, as shown in Figure 1, encryption machine equipment 10 includes memory 101, processor 102, crypto chip 103, Yong Hujie Mouth 104, processor 102 may include built-in application program 105.Specifically, the application aspect of encryption machine equipment 10 mainly includes Cryptoguard/verification and data encryption/decryption calculation process, both have operated with two differences in crypto chip 103 Business cipher key realize.
In one embodiment of the present disclosure, memory 101 is used for storage program area, other applications and operation System and application program such as built-in application program 105 carry out program data used in operating process and apply data.Processing Device 102 is operated and handled for executing the various of required execution in encryption equipment.In various embodiments, processor 102 can wrap Include one or more processing cores or processing unit.
Crypto chip 103 is the safety chip encrypted in machine equipment 10, is main cryptography arithmetic unit.Crypto chip 103 inside saves the business cipher key of some cores, the kind data such as subcode, business cipher key be to outside it is sightless, all with The relevant cryptography arithmetic of business is all completed inside crypto chip 103, farthest to guarantee the safety of data.In general, In order to improve performance, an encryption machine equipment 10 can be embedded with multiple crypto chips 103.
In embodiment, user interface 104 can be any interface that user can interact therewith, the user interface 104 can be communicatively coupled by application programming interface (API) with built-in application program 105.
Built-in application program 105 shown in Fig. 1 can be the internal module of encryption machine equipment 10, built-in application program 105 usually can be the application program using software realization, mainly provide following functions: the register initial of encryption machine equipment 10 Change, management function (replication Manager's lock, system setting), key recovery etc..In other embodiments, built-in application program 105 It can also be realized by firmware.
As previously mentioned, crypto chip 103 would generally provide one or more crypto chip API, the built-in application of encryption equipment The crypto chip API that program 105 is directly provided by crypto chip 103 is come the calculation function that is provided using crypto chip 103.? In this case, built-in application program 105 is needed data when using the crypto-operation function of crypto chip 103 from encryption equipment Device memory is transferred to the inside of crypto chip 103, and the process that data are transmitted is related to its of encryption machine equipment 10 due to needs The related elements such as his hardware, therefore there are loss of data or incomplete possibility in transmission process.Inside crypto chip 103 by Program is also likely to be present in the electrical characteristic of hardware or data are unstable or the case where change.Above-mentioned due to these, There may be the incorrect situation of obtained operation result when carrying out data processing operation using crypto chip 103.
In view of this, the invention discloses a kind of promoted to carry out data operation processing (for example, number using crypto chip 103 According to encryption and decryption) reliability scheme.The program is mainly concerned with the built-in application program 105 of encryption machine equipment 10, code core Piece 103 and crypto chip API.The program is by carrying out data operation processing using crypto chip 103 in built-in application program 105 During increase it is following of both verification means promote the progress data operation processing of crypto chip 103 (for example, to data Carry out encryption and decryption) reliability: data transmission procedure completeness check, crypto-operation result correctness verification.Fig. 2 to Fig. 5 points The crypto chip 103 using encryption machine equipment 10 for not showing each embodiment according to the present invention carries out data operation processing The flow chart of the method for (including data encryption and data decryption processing).
Firstly, introducing two treatment processes for carrying out data transmission completeness check separately below.In encryption machine equipment 10 Crypto chip 103 main application aspect context in, the process relate generally to data from built-in application program transportation to Crypto chip 103 and data are transferred to built-in application program in terms of the two from crypto chip 103.
A. data transmission procedure completeness check
Data transmission procedure includes that data from built-in application program 105 are transferred to crypto chip 103 and data from code core Piece 103 is transferred to the two subprocess of built-in application program 105.The Reliability Assurance of the process is to pass through data integrity verifying Algorithm is realized.
Data are 103 from built-in application program transportation to crypto chip
It calculates the check code to operational data first before carrying out data transmission, and the check code and data is passed together It is defeated by crypto chip 103, crypto chip 103 can also use the check code of same algorithm calculating data after receiving data, such as The check code that fruit calculates is consistent with the check code received, shows that data are not changed in transmission process, Ke Yiji It is continuous to carry out data processing operation, such as crypto-operation.If it is inconsistent, showing that data have changed, then crypto chip 103 directly return to miscue, without data processing operation, such as crypto-operation.
Data are transferred to built-in application program from crypto chip 103
Calculate the check code of operation result data first before carrying out data transmission, and together by the check code and data It is transferred to crypto chip 103, built-in application program 105 can also use the verification of same algorithm calculating data after receiving data Code shows that data are not changed in transmission process if the check code calculated and the check code received are consistent, It can continue subsequent check.If it is inconsistent, showing that data have changed, then built-in application program 105 is direct Miscue is returned to, EP (end of program) is simultaneously exited.
Further, at the data operation that the crypto chip 103 that the embodiment of the present invention further relates to encryption machine equipment 10 carries out The correctness of reason verifies, and in the context of the present invention, it mainly includes crypto chip 103 which, which handles correctness verification, The verification of encryption correctness and crypto chip 103 decrypt correctness and verify the two aspects.
B. crypto-operation result correctness verifies
Data processing operation, such as crypto-operation mainly include that 103 encryption data of crypto chip and crypto chip 103 solve The two calculating processes of ciphertext data.The Reliability Assurance of the calculating process is by using crypto chip 103 to data operation As a result inverse operation is carried out to realize.
Crypto chip 103 encrypts correctness verification
The premise for executing the verification is to have already been through data transmission procedure completeness check.Built-in application program 105 connects After receiving 103 encrypted result of crypto chip, encrypted result is decrypted using crypto chip 103, then compares decryption knot Whether fruit consistent with be-encrypted data, if unanimously, show 103 encrypted result of crypto chip be correctly, it is otherwise, built-in to answer Miscue is returned to program 105, EP (end of program) is simultaneously exited.
Crypto chip 103 decrypts correctness verification
The premise for executing the verification is to have already been through data transmission procedure completeness check.Built-in application program 105 connects After the decrypted result for receiving crypto chip 103, decrypted result is encrypted using crypto chip 103, then compares encryption As a result whether consistent with data to be decrypted, if unanimously, show 103 decrypted result of crypto chip be correctly, it is otherwise, built-in Application program 105 returns to miscue and exits.
The method of the present invention and traditional advantage using 103 encryption and decryption data of crypto chip, which essentially consist in, is added to data biography The completeness check and 103 operation result of crypto chip of defeated process verify, and effectively can detect and prevent by both verifications Data have found that it is likely that the mistake of generation in the mistake of transmission process and crypto-operation process in time, improve the correct of operation result Property.
It is provided by the invention promoted crypto chip 103 carry out data processing operation (for example, encryption and decryption data) it is reliable The scheme of property, specifically includes two processes of data encryption and data deciphering, is applied to below with reference to Fig. 2 and Fig. 3 to this method Encryption machine equipment is described in detail come the process for carrying out encryption and decryption for the data to user.
It is illustrated below with reference to Fig. 2 process handled the data encryption.Fig. 2 shows in accordance with an embodiment of the present disclosure Cryptographic calculation reliability promoted process timing diagram.As shown in Fig. 2, data encryption fortune according to an embodiment of the invention The process of calculation includes ciphering process and decrypting process.
Ciphering process involved in data encryption treatment process shown in Fig. 2 is illustrated below.Firstly, user to It encrypts machine equipment 10 and initiates encryption data request, be-encrypted data (also referred to as plaintext or clear data) is passed to as parameter Encrypt machine equipment.The built-in application program 105 of encryption machine equipment 10 receives and parses through user's request, obtains be-encrypted data.So Afterwards, the built-in application program 105 for encrypting machine equipment 10 calculates the check code of be-encrypted data, by be-encrypted data and check code one It rises and is transferred to crypto chip 103 via crypto chip API.Then, be-encrypted data and check code are received in crypto chip 103 Later, using the check code for calculating be-encrypted data with the identical algorithm of built-in application program 105 for encrypting machine equipment 10, if The check code calculated and the check code received are consistent, then it is assumed that mistake do not occur in be-encrypted data transmission process Accidentally, crypto-operation can be carried out, otherwise directly returns to error message.
Then, crypto chip 103 carries out cryptographic calculation to clear data, obtains encrypted result (also referred to as ciphertext or ciphertext Data);Crypto chip 103 calculates the check code of encrypted result, and encrypted result and result check code are returned to encryption together The built-in application program 105 of machine equipment 10.The built-in application program 105 for encrypting machine equipment 10 calculates the check code of encrypted result.
Then, the verification that the built-in application program 105 of machine equipment 10 compares the check code of oneself calculating and receives is encrypted Whether code is consistent, if unanimously, then it is assumed that and in encrypted result transmission process there is no mistake, encrypted result is correct, and Encrypted result is returned into user, otherwise, directly return error message.
Decrypting process involved in data encryption treatment process shown in Fig. 2 is illustrated below.Firstly, encryption equipment The built-in application program 105 of equipment 10 calculates the check code of above-mentioned encrypted result (also referred to as ciphertext or ciphertext data), then will The encrypted result is sent to crypto chip 103 via crypto chip API together with check code as data to be decrypted.
Then, after crypto chip 103 receives data to be decrypted and check code, using in encryption machine equipment 10 It sets the identical algorithm of application program 105 and calculates the check code of data to be decrypted, if the check code calculated and received Check code is consistent, then it is assumed that and in data transmission procedure to be decrypted, there is no mistakes, can carry out crypto-operation, otherwise, Directly return to error message.
Then, operation is decrypted to ciphertext data in crypto chip 103, obtains decrypted result (also referred to as plaintext or plaintext Data);Crypto chip 103 calculates the check code of the decrypted result, and by the decrypted result together with the check code one of decrypted result Act the built-in application program 105 for returning to encryption machine equipment 10.Then, the built-in application program 105 for encrypting machine equipment 10 calculates The check code of the decrypted result.
Then, the verification that the built-in application program 105 of machine equipment 10 compares the check code of oneself calculating and receives is encrypted Whether code is consistent, if unanimously, then it is assumed that and in decrypted result transmission process there is no mistake, decrypted result is correct, and Decrypted result is returned into user, otherwise, directly return error message.
Then, it is whether consistent with the decrypted result to compare clear data for built-in application program 105, if unanimously, shown The data encryption is handled successfully, normal termination program, otherwise, is shown data encryption processing failure, is exited extremely.
It is described in detail below with reference to process of the Fig. 3 to data decryption processing.Fig. 3 shows the implementation according to the disclosure The process timing diagram that the decryption operational reliability of example is promoted.As shown in figure 3, the process of data deciphering operation include decrypting process and Ciphering process.
Decrypting process involved in data decryption processes is described in detail below with reference to Fig. 3.Firstly, user to It encrypts machine equipment 10 and initiates ciphertext data request, data to be decrypted (also referred to as ciphertext or ciphertext data) are passed to as parameter Encrypt machine equipment 10.Then, the built-in application program 105 for encrypting machine equipment 10 receives and parses through user's request, obtains to be decrypted Data.Hereafter, the built-in application program 105 for encrypting machine equipment 10 calculates the check codes of data to be decrypted, by data to be decrypted and Check code is transferred to crypto chip 103 via crypto chip API together.
After crypto chip 103 receives data to be decrypted and check code, using the built-in application with encrypting machine equipment 10 The identical algorithm of program 105 calculates the check code of ciphertext data, if the check code calculated and the check code received are It is consistent, then it is assumed that in data transmission procedure to be decrypted, there is no mistakes, can carry out crypto-operation, otherwise, directly return Error message.
Crypto chip 103 treats ciphertext data and calculating is decrypted, and obtains decrypted result (also referred to as plaintext or plaintext number According to).Then, crypto chip 103 calculate decrypted result check code, and by decrypted result and decrypted result check code together via Crypto chip API returns to the built-in application program 105 of encryption machine equipment 10.Encrypt the built-in application program 105 of machine equipment 10 Calculate the check code of decrypted result.
Then, the verification that the built-in application program 105 of machine equipment 10 compares the check code of oneself calculating and receives is encrypted Code it is whether consistent, if unanimously, then it is assumed that in decrypted result transmission process there is no mistake, the decrypted result be correctly, And the decrypted result is returned into user, and otherwise, directly return error message.
Ciphering process involved in data decryption processes is described in detail below with reference to Fig. 3.Firstly, encryption equipment The built-in application program 105 of equipment 10 calculates the check code of above-mentioned decrypted result (also referred to as plaintext or clear data), by the solution Close result is sent to crypto chip 103 via crypto chip API together with check code as be-encrypted data.
Then, after crypto chip 103 receives be-encrypted data and check code, using in encryption machine equipment 10 The check code that application program 105 identical algorithm calculates be-encrypted data is set, if the check code calculated and received Check code is consistent, then it is assumed that and in be-encrypted data transmission process, there is no mistakes, can carry out crypto-operation, otherwise, Directly return to error message.
Then, crypto chip 103 carries out computations to be-encrypted data, obtains encrypted result (also referred to as ciphertext or close Literary data).Then, crypto chip 103 calculates the check code of the encrypted result, and by the encrypted result together with the encrypted result school Test the built-in application program 105 that code returns to encryption machine equipment 10 via crypto chip API together.Then, machine equipment 10 is encrypted Built-in application program 105 calculate the encrypted result check code.
Then, the verification that the built-in application program 105 of machine equipment 10 compares the check code of oneself calculating and receives is encrypted Code it is whether consistent, if unanimously, then it is assumed that in encrypted result transmission process there is no mistake, the encrypted result be correctly, And the encrypted result is returned into user, and otherwise, directly return error message.
Then, it is whether consistent with the encrypted result to compare ciphertext data for built-in application program 105, if unanimously, shown The data deciphering is handled successfully, normal termination program, otherwise, is shown data deciphering processing failure, is exited extremely.
Fig. 4 is the flow chart for illustrating each step of data processing method of one embodiment according to the disclosure.According to this Embodiment, provides a kind of data processing method based on encryption machine equipment 10, which includes crypto chip 103, which specifically includes following steps S210-S260 as shown in Figure 4.Specifically, S210: in response to Data operation processing requests and obtains pending data, and check code before the transmission of pending data and pending data is sent To crypto chip 103;S220: it receives crypto chip 103 and is determining that it is complete that pending data successfully passes pending data transmission Property verification after request is handled according to data operation predetermined operation operation result obtained is executed to pending data and by password Check code before the first of the operation result that chip 103 is calculated is transmitted;S230: it is transferred successfully passing the first operation result After whole property verification, check code is sent to code core before the second of data inverse operation request, operation result and operation result is transmitted Piece;S240: the basis after determining that operation result successfully passes the verification of the second operation result transmission integrity of crypto chip 103 is received Data inverse operation request executes the inverse operation inverse operation result obtained of predetermined operation to operation result and by crypto chip 103 Check code before the transmission for the inverse operation result being calculated;S250: after successfully passing the verification of inverse operation result transmission integrity, Determine whether pending data is consistent with inverse operation result;S260: if pending data is consistent with inverse operation result, show Data operation is handled successfully.
According to a preferred embodiment, pending data transmission integrity verification includes by the preceding school of the transmission of pending data Test the pending data that code checking algorithm identical with check code before the transmission for calculating pending data with utilization is calculated Check code is compared after transmission.
According to another preferred embodiment, data operation processing request includes that summed data decoding request is asked in data encryption.
According to another preferred embodiment, the verification of the first operation result transmission integrity includes passing the first of operation result The operation result that defeated preceding check code checking algorithm identical with check code before the transmission for calculating operation result with utilization is calculated First transmission after check code be compared.
According to another preferred embodiment, the verification of the second operation result transmission integrity includes passing the second of operation result The operation that defeated preceding check code checking algorithm identical with check code before the second transmission for calculating operation result with utilization is calculated As a result check code is compared after the second transmission.
Preferably, inverse operation result transmission integrity verification include by check code before the transmission of inverse operation result and using with Check code after the transmission for the inverse operation result that the identical checking algorithm of check code is calculated before the transmission of calculating inverse operation result It is compared.
According to another embodiment of the invention, a kind of encryption machine equipment 10 is provided, which includes: close Code chip 103, for carrying out scheduled data operation processing to pending data;Memory 101, wherein being stored with computer journey Sequence instruction;Processor 102, computer program instructions realize that any of the various embodiments described above are real when being executed by processor 102 Apply example or and combination defined by method.
Fig. 5 is each step for illustrating the data processing method of 104 side of user interface according to the disclosure another embodiment Flow chart.According to this embodiment of the invention, a kind of data processing method based on encryption machine equipment 10, the data are provided Processing method includes following steps S310-S350 as shown in Figure 5.Specifically, S310: user sends out to encryption machine equipment 10 Send data operation processing request and pending data;S320: user receive from encryption machine equipment 10 to pending data into Operation result obtained from predetermined operation is gone;S330: user sends data inverse operation request and operation to encryption machine equipment 10 As a result;S340: user receives obtained from the inverse operation for having carried out predetermined operation to operation result from encryption machine equipment 10 Inverse operation result;S350: pending data is compared by user with inverse operation result, if the two is consistent, shows data Calculation process success.
Embodiment shown in fig. 5 illustrates the output equipment (example as user by user interface 104 and encryption machine equipment 10 Such as, equipment is shown) process of data processing method realized in user interface side when interacting.It is worth noting that, at this In embodiment, user interface 104 is communicatively coupled by API with the built-in application program 105 for encrypting machine equipment 10, and number It according to transmission integrity verification is completed by the built-in application program 105 of encryption machine equipment 10.
Above-mentioned each embodiment according to the present invention, it is contemplated that the process of data transmission encrypts machine equipment due to being related to Each hardware and cause data exist lose, damage or incomplete possibility and code core due to any other Since the electrical characteristic of hardware also leads to there is a situation where that program or data are unstable inside piece, what above-mentioned each embodiment provided Data processing method and encryption machine equipment based on encryption equipment can be handled the data operation that crypto chip carries out and encryption The safety and reliability of the data transmission procedure of machine equipment is verified, so that it is guaranteed that obtaining at accurate, correct operation Reason facilitates promotion and adds as a result, the various mistakes and failure that discovery in time and correction may occur during data operation is handled Close machine carries out the safety and reliability of data operation processing.
Flow chart shown in this article provides the example of the sequence of various processing movements.Although in a particular order or sequentially It shows, unless otherwise indicated, the sequence of movement can be modified.Therefore, the merely illustrative purpose of shown embodiment and provide, Processing can be executed in a different order, and some processing can be performed in parallel.In addition, in various embodiments can root According to needing to omit one or more steps.
Embodiment described herein software can be via the computer readable storage medium for being wherein stored with software content Or any product provides to provide, or via communication interface.Computer readable storage medium can be such that machine execution is retouched The functions or operations stated, including any mechanism to calculate form storage program module or data content that equipment can access, example Such as, read-only memory, random access memory, magnetic disk storage medium, optical disk medium, flash memory device etc..Communication interface packet Include with any one of the media such as hardwired, wireless, optics any mechanism of the interface to be communicated with another equipment, such as store Device bus interface, processor bus interface, internet connection, Magnetic Disk Controler etc..
Various assemblies described herein can be the module for executing described operation or function.It is described herein every A component includes software, hardware, firmware or combinations thereof.These components can be implemented as software module, hardware module, specialized hardware (for example, specific integrated circuit, digital signal processor etc.), embedded controller etc..
Described reality is shown for referring to for " one embodiment ", " embodiment ", " each embodiment " etc. in specification Applying example may include specific feature or structure.Moreover, these phrases are not necessarily meant to refer to the same embodiment.In addition, when combining one It when a embodiment describes specific feature or structure, is clearly stated regardless of whether making, all thinks that other embodiments is combined to realize These features or structure are in the knowledge and limit of power of those skilled in the art.
It, can be without departing from the scope of the disclosure to the disclosure other than the above content described herein Each embodiment carry out various modifications and modification.Therefore, explanation, example and each embodiment here is interpreted as illustrating Property rather than it is restrictive.The scope of the present disclosure should be limited only by appended claims and its equivalent and arrangement.

Claims (8)

1. a kind of data processing method based on encryption equipment, the encryption equipment include crypto chip, which comprises
Pending data is obtained in response to data operation processing request, and will be before the transmission of pending data and pending data Check code is sent to crypto chip,
Receive crypto chip root after determining that the pending data successfully passes the verification of pending data transmission integrity Request, which is handled, according to the data operation predetermined operation operation result obtained is executed to pending data and by crypto chip meter Check code before the first of the obtained operation result is transmitted,
After successfully passing the verification of the first operation result transmission integrity, by data inverse operation request, the operation result and fortune Check code is sent to the crypto chip before calculating the second transmission of result,
Receive crypto chip root after determining that the operation result successfully passes the verification of the second operation result transmission integrity The predetermined operation is executed to the operation result according to data inverse operation request inverse operation inverse operation result obtained and by Check code before the transmission for the inverse operation result that crypto chip is calculated,
After successfully passing the verification of inverse operation result transmission integrity, determine the pending data and the inverse operation the result is that It is no consistent,
If the pending data is consistent with the inverse operation result, show that data operation is handled successfully.
2. the method for claim 1, wherein the pending data transmission integrity verification includes by pending data Transmission before check code with using with the identical checking algorithm of check code before the transmission for calculating pending data be calculated to Check code is compared after handling the transmission of data.
3. the method for claim 1, wherein the data operation processing request includes that summed data solution is asked in data encryption Close request.
4. the method for claim 1, wherein the first operation result transmission integrity verification includes by the operation As a result check code checking algorithm meter identical with check code before the transmission for calculating the operation result with utilization before first is transmitted Check code is compared after first transmission of the obtained operation result.
5. the method for claim 1, wherein the second operation result transmission integrity verification includes by the operation As a result check code is calculated with using verification identical with check code before the second transmission for calculating the operation result before second is transmitted Check code is compared after second transmission of the operation result that method is calculated.
6. method as claimed in claim 3, wherein the inverse operation result transmission integrity verification includes by inverse operation result Transmission before check code it is inverse with using being calculated with the identical checking algorithm of check code before the transmission for calculating inverse operation result Check code is compared after the transmission of operation result.
7. a kind of encryption equipment, comprising:
Crypto chip, for carrying out scheduled data operation processing to pending data;
Memory, wherein being stored with computer program instructions;
Processor, the computer program instructions are realized described in any one of claim 1-6 when being executed as the processor Method.
8. a kind of data processing method based on encryption equipment, comprising:
Data operation processing request and pending data are sent to the encryption equipment,
It receives and operation result obtained from predetermined operation has been carried out to the pending data from the encryption equipment,
Data inverse operation request and the operation result are sent to the encryption equipment,
It receives and inverse fortune obtained from the inverse operation of the predetermined operation has been carried out to the operation result from the encryption equipment Calculate as a result,
The pending data is compared with the inverse operation result, if the two is consistent, shows that data operation is handled Success.
CN201910266538.XA 2019-04-03 2019-04-03 Data processing method based on encryption machine and encryption machine Active CN109981671B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910266538.XA CN109981671B (en) 2019-04-03 2019-04-03 Data processing method based on encryption machine and encryption machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910266538.XA CN109981671B (en) 2019-04-03 2019-04-03 Data processing method based on encryption machine and encryption machine

Publications (2)

Publication Number Publication Date
CN109981671A true CN109981671A (en) 2019-07-05
CN109981671B CN109981671B (en) 2020-12-08

Family

ID=67082741

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910266538.XA Active CN109981671B (en) 2019-04-03 2019-04-03 Data processing method based on encryption machine and encryption machine

Country Status (1)

Country Link
CN (1) CN109981671B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110502380A (en) * 2019-08-16 2019-11-26 兆讯恒达微电子技术(北京)有限公司 A kind of method of hash algorithm coprocessor self-test
CN111212042A (en) * 2019-12-24 2020-05-29 腾讯科技(深圳)有限公司 Data transmission method, device and system
CN115208587A (en) * 2022-09-15 2022-10-18 三未信安科技股份有限公司 System and method for realizing cryptographic algorithm based on cryptographic module

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101826960A (en) * 2010-04-16 2010-09-08 中国电子科技集团公司第二十八研究所 Checking method of real-time transmission encryption and decryption data
CN102223228A (en) * 2011-05-11 2011-10-19 北京航空航天大学 Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system
KR101135058B1 (en) * 2010-03-19 2012-04-13 고려대학교 산학협력단 Encryption method and encryption device using differential fault analysis in round key generation of Data Encryption Standard
CN103714299A (en) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 Method and system for encryption and decryption of file of mobile terminal
CN107220545A (en) * 2017-05-31 2017-09-29 郑州云海信息技术有限公司 A kind of hardware encryption system, method and server
CN107483177A (en) * 2017-07-07 2017-12-15 郑州云海信息技术有限公司 A kind of method and system for verifying encryption device encryption data authenticity
CN108898026A (en) * 2018-06-28 2018-11-27 泰康保险集团股份有限公司 Data ciphering method and device
CN108920980A (en) * 2018-07-02 2018-11-30 厦门强力巨彩光电科技有限公司 A kind of encryption method, chip and device
CN109194467A (en) * 2018-06-29 2019-01-11 北京东方英卡数字信息技术有限公司 A kind of safe transmission method and system of encryption data
CN109543375A (en) * 2018-11-30 2019-03-29 武汉推杰网络科技有限公司 A kind of remote access financial system with encryption equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101135058B1 (en) * 2010-03-19 2012-04-13 고려대학교 산학협력단 Encryption method and encryption device using differential fault analysis in round key generation of Data Encryption Standard
CN101826960A (en) * 2010-04-16 2010-09-08 中国电子科技集团公司第二十八研究所 Checking method of real-time transmission encryption and decryption data
CN102223228A (en) * 2011-05-11 2011-10-19 北京航空航天大学 Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system
CN103714299A (en) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 Method and system for encryption and decryption of file of mobile terminal
CN107220545A (en) * 2017-05-31 2017-09-29 郑州云海信息技术有限公司 A kind of hardware encryption system, method and server
CN107483177A (en) * 2017-07-07 2017-12-15 郑州云海信息技术有限公司 A kind of method and system for verifying encryption device encryption data authenticity
CN108898026A (en) * 2018-06-28 2018-11-27 泰康保险集团股份有限公司 Data ciphering method and device
CN109194467A (en) * 2018-06-29 2019-01-11 北京东方英卡数字信息技术有限公司 A kind of safe transmission method and system of encryption data
CN108920980A (en) * 2018-07-02 2018-11-30 厦门强力巨彩光电科技有限公司 A kind of encryption method, chip and device
CN109543375A (en) * 2018-11-30 2019-03-29 武汉推杰网络科技有限公司 A kind of remote access financial system with encryption equipment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110502380A (en) * 2019-08-16 2019-11-26 兆讯恒达微电子技术(北京)有限公司 A kind of method of hash algorithm coprocessor self-test
CN110502380B (en) * 2019-08-16 2022-11-22 兆讯恒达科技股份有限公司 Self-checking method of Hash algorithm coprocessor
CN111212042A (en) * 2019-12-24 2020-05-29 腾讯科技(深圳)有限公司 Data transmission method, device and system
CN115208587A (en) * 2022-09-15 2022-10-18 三未信安科技股份有限公司 System and method for realizing cryptographic algorithm based on cryptographic module
CN115208587B (en) * 2022-09-15 2022-12-09 三未信安科技股份有限公司 System and method for realizing cryptographic algorithm based on cryptographic module

Also Published As

Publication number Publication date
CN109981671B (en) 2020-12-08

Similar Documents

Publication Publication Date Title
Bhargavan et al. Implementing TLS with verified cryptographic security
TWI440351B (en) Verifiable, leak-resistant encryption and decryption
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
US9253162B2 (en) Intelligent card secure communication method
CN110149209B (en) Internet of things equipment and method and device for improving data transmission safety of Internet of things equipment
CN111131278B (en) Data processing method and device, computer storage medium and electronic equipment
US20170063853A1 (en) Data cipher and decipher based on device and data authentication
CN106797317A (en) Secure shared key shared system and method
CN103888251A (en) Virtual machine credibility guaranteeing method in cloud environment
CN109088902B (en) Register method and device, authentication method and device
CN113268715A (en) Software encryption method, device, equipment and storage medium
KR101739203B1 (en) Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption
CN105227319A (en) A kind of method of authentication server and device
CN109981671A (en) Data processing method and encryption equipment based on encryption equipment
CN108566368B (en) Data processing method, server and diagnosis connector
CN108064436A (en) Biometric information transmission method for building up, device, system and storage medium
CN106372497A (en) Application programming interface (API) protection method and device
CN112311718A (en) Method, device and equipment for detecting hardware and storage medium
CN111639325A (en) Merchant authentication method, device, equipment and storage medium based on open platform
CN109951276A (en) Embedded device remote identity authentication method based on TPM
CN111079178B (en) Method for desensitizing and backtracking trusted electronic medical record
WO2024113724A1 (en) Data transmission method, device, and storage medium
CN107223322A (en) The method, apparatus and system of signature verification
Miculan et al. Automated verification of Telegram’s MTProto 2.0 in the symbolic model
CN108242997B (en) Method and apparatus for secure communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee after: Beijing Shendun Technology Co.,Ltd.

Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd.

CP01 Change in the name or title of a patent holder