CN110298183B - Method for protecting data security in grading manner - Google Patents
Method for protecting data security in grading manner Download PDFInfo
- Publication number
- CN110298183B CN110298183B CN201910560620.3A CN201910560620A CN110298183B CN 110298183 B CN110298183 B CN 110298183B CN 201910560620 A CN201910560620 A CN 201910560620A CN 110298183 B CN110298183 B CN 110298183B
- Authority
- CN
- China
- Prior art keywords
- communication
- communication data
- data
- data stream
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000004891 communication Methods 0.000 claims abstract description 80
- 238000012795 verification Methods 0.000 claims abstract description 22
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mathematical Physics (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for protecting data security in a grading way, which is characterized in that identity information verification is provided by an ISO7816 functional module embedded in TCM, and communication data flow is dynamically monitored through LPC; the SMQ2V6000 is used for encrypting and decrypting data, and data communication is protected through a triple data encryption protocol based on an SRAM type configuration memory; the SMQ2V6000 configures the encrypted data stream into an FPGA device, and a battery connected to a VBATT pin supplies power to maintain a secret key; the TCM is matched with the SMQ2V6000 to monitor and analyze communication data streams, the security level is judged according to the configuration, and corresponding encryption and decryption operations are carried out on the data through the SMQ2V 6000. Through the mode, the communication data is monitored and judged in real time, and the targeted communication data safety protection is realized by matching with the ISO7816 and SMQ2V6000 functional modules.
Description
Technical Field
The invention relates to the field of internet communication, in particular to a method for protecting data security in a grading manner.
Background
Under the global environment of rapid development of informatization, communication technology becomes an important guarantee for social development. Data communication relates to multiple fields of government, military, cultural and educational science, and much data stored, transmitted and processed relates to important information such as government macro decision, bank fund transfer, scientific research data and the like. Many of them are sensitive information, even national secrets, so it is inevitable to face risks of information leakage, information theft, computer viruses, etc. Without core data security technology, we will face a severe information security situation.
At present, the existing technology in the market has a single protection method for communication data safety, and lacks real-time monitoring and judgment on data communication, so that the performance parameters of products are reduced, and the protection effect on communication data is greatly reduced. The market applies more hardware level data encryption technology, or only provides a single identity authentication function based on the ISO7816 protocol; or only a single data encryption technique. There is a lack of real-time monitoring and judgment of the communication data. Not only the performance of the product is influenced, but also the protection effect of the communication data is greatly discounted, and meanwhile, certain waste is caused to system resources.
Disclosure of Invention
The invention mainly solves the technical problem of providing a method for protecting data security in a grading way for internet data communication security.
In order to solve the technical problems, the invention adopts a technical scheme that: the method for protecting data security in a grading way is provided, and comprises the steps that an ISO7816 functional module embedded in a TCM chip provides identity information verification, and communication data flow is dynamically monitored through an LPC bus; the SMQ2V6000 chip encrypts and decrypts the stored data through a built-in specific algorithm thereof, and protects data communication through a triple data encryption protocol based on an SRAM type configuration memory; the SMQ2V6000 chip supports a local and global configuration mode to configure corresponding encrypted data streams into an FPGA device, a secret key is written into the FPGA device through a JTAG instruction, and a battery connected to a VBATT pin supplies power to maintain the secret key; the TCM chip is matched with the SMQ2V6000 chip to monitor and analyze communication data flow, the security level of the communication data is judged according to user configuration, and corresponding encryption and decryption operations are carried out on the data through the SMQ2V6000 chip, so that the hierarchical protection of the communication data is realized.
Further, when the TCM chip monitors system data communication through the LPC bus, firstly, the data security level is judged according to an internal configuration protocol, and when the communication data is judged to belong to a general level, the TCM chip selects to release without processing;
when the TCM chip judges that the communication data belong to a file with a higher security level, the TCM chip sends a communication interruption instruction to the system through the SPI bus, and simultaneously an ISO7816 functional module embedded in the TCM chip is started to carry out identity verification on a user sending the data communication instruction; after the verification is successful, the TCM chip sends a communication continuation instruction to the system, and when the verification fails, the data communication is interrupted;
when the TCM chip judges that the communication data belong to the confidential document with the highest security level, the TCM chip sends a communication interruption instruction to the system through the SPI bus, and simultaneously an ISO7816 functional module embedded in the TCM chip is started to carry out identity verification on a user sending the data communication instruction; after the verification is successful, the TCM chip sends an instruction through the SPI bus to start the SMQ2V6000 encryption chip to encrypt a communication data packet, the data is fed back to the TCM chip through the SPI bus after the encryption, the TCM chip sends a communication continuation instruction to the system, and when the verification is failed, the data communication is directly interrupted.
The invention has the beneficial effects that: the invention provides a hierarchical protection method for internet data communication security on a hardware level, realizes the hierarchical protection of the data communication on the hardware level, can flexibly configure the security level of communication data according to the user requirements in different fields, can be applied to industries with higher requirements on data security, and has good popularization.
Drawings
FIG. 1 is a schematic block diagram of a preferred embodiment of a method for securing data in a hierarchical manner according to the present invention.
Detailed Description
The following detailed description of the preferred embodiments of the present invention, taken in conjunction with the accompanying drawings, will make the advantages and features of the invention easier to understand by those skilled in the art, and thus will clearly and clearly define the scope of the invention.
Referring to fig. 1, an embodiment of the present invention includes:
a method for protecting data security in a grading way comprises the steps that an ISO7816 functional module embedded in a TCM chip provides identity information verification, and communication data flow is dynamically monitored through an LPC bus; the SMQ2V6000 chip encrypts and decrypts the stored data through a built-in specific algorithm thereof, and protects data communication through a triple data encryption protocol based on an SRAM type configuration memory; the SMQ2V6000 chip supports a local and global configuration mode to configure corresponding encrypted data streams into an FPGA device, a secret key is written into the FPGA device through a JTAG instruction, and a battery connected to a VBATT pin supplies power to maintain the secret key; the TCM chip is matched with the SMQ2V6000 chip to monitor and analyze communication data flow, the security level of the communication data is judged according to user configuration, and corresponding encryption and decryption operations are carried out on the data through the SMQ2V6000 chip, so that the hierarchical protection of the communication data is realized.
After the system adopting the method is started, when the TCM chip monitors system data communication through an LPC bus, firstly, the data security level is judged according to an internal configuration protocol, and when the communication data is judged to be in a general level, the TCM chip selects to release and does not process the communication data;
when the TCM chip judges that the communication data belong to a file with a higher security level, the TCM chip sends a communication interruption instruction to the system through the SPI bus, and simultaneously an ISO7816 functional module embedded in the TCM chip is started to carry out identity verification on a user sending the data communication instruction; after the verification is successful, the TCM chip sends a communication continuation instruction to the system, and when the verification fails, the data communication is interrupted;
when the TCM chip judges that the communication data belong to the confidential document with the highest security level, the TCM chip sends a communication interruption instruction to the system through the SPI bus, and simultaneously an ISO7816 functional module embedded in the TCM chip is started to carry out identity verification on a user sending the data communication instruction; after the verification is successful, the TCM chip sends an instruction through the SPI bus to start the SMQ2V6000 encryption chip to encrypt a communication data packet, the data is fed back to the TCM chip through the SPI bus after the encryption, the TCM chip sends a communication continuation instruction to the system, and when the verification is failed, the data communication is directly interrupted.
The invention provides a hierarchical protection method for internet data communication security on a hardware level, realizes the hierarchical protection of the data communication on the hardware level, can flexibly configure the security level of communication data according to the user requirements in different fields, can be applied to industries with higher requirements on data security, and has good popularization.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (1)
1. A method for protecting data security in a grading way is characterized by comprising the steps of providing identity information verification by an ISO7816 functional module embedded in a TCM chip and dynamically monitoring communication data flow through an LPC bus; the SMQ2V6000 chip encrypts and decrypts the communication data stream through a built-in specific algorithm thereof, and protects the communication data stream through a triple data encryption protocol based on an SRAM type configuration memory; the SMQ2V6000 chip supports a local and global configuration mode to configure corresponding encrypted data streams into an FPGA device, a secret key is written into the FPGA device through a JTAG instruction, and a battery connected to a VBATT pin supplies power to maintain the secret key; the TCM chip is matched with the SMQ2V6000 chip to monitor and analyze the communication data stream, the security level of the communication data stream is judged according to user configuration, and corresponding encryption and decryption operations are carried out on the communication data stream through the SMQ2V6000 chip to realize the hierarchical protection of the communication data stream;
after the system adopting the method is started, when a TCM chip monitors a system communication data stream through an LPC bus, firstly, the security level of the communication data stream is judged according to an internal configuration protocol, and when the communication data stream is judged to belong to a general level, the TCM chip selects to release without processing;
when the TCM chip judges that the communication data stream belongs to a file with a higher level, the TCM chip sends a communication interruption instruction to the system through the SPI bus, and simultaneously an ISO7816 functional module embedded in the TCM chip is started to carry out identity verification on a user sending the data communication instruction; after the verification is successful, the TCM chip sends a communication continuation instruction to the system, and when the verification fails, the data communication is interrupted;
when the TCM chip judges that the communication data stream belongs to the file at the highest level, the TCM chip sends a communication interruption instruction to the system through the SPI bus, and simultaneously an ISO7816 functional module embedded in the TCM chip is started to carry out identity verification on a user sending the data communication instruction; after the verification is successful, the TCM chip sends an instruction through the SPI bus to start the SMQ2V6000 encryption chip to encrypt the communication data stream, the communication data stream is fed back to the TCM chip through the SPI bus after the encryption of the communication data stream is completed, the TCM chip sends a communication continuation instruction to the system, and when the verification fails, the data communication is directly interrupted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910560620.3A CN110298183B (en) | 2019-06-26 | 2019-06-26 | Method for protecting data security in grading manner |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910560620.3A CN110298183B (en) | 2019-06-26 | 2019-06-26 | Method for protecting data security in grading manner |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110298183A CN110298183A (en) | 2019-10-01 |
CN110298183B true CN110298183B (en) | 2021-07-20 |
Family
ID=68028919
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910560620.3A Active CN110298183B (en) | 2019-06-26 | 2019-06-26 | Method for protecting data security in grading manner |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110298183B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115859338B (en) * | 2023-02-15 | 2023-06-09 | 毛茸茸(西安)智能科技有限公司 | Chip data security protection method based on multistage key dynamic verification |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103368905A (en) * | 2012-03-29 | 2013-10-23 | 同方股份有限公司 | Trustable cipher module chip-based network access authentication method |
CN104618395A (en) * | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | System and method for dynamic cross-domain access control based on trusted network connection |
CN104618396A (en) * | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | Trusted network access and access control system and method |
CN204374963U (en) * | 2015-01-26 | 2015-06-03 | 山东超越数控电子有限公司 | A kind of server for encrypting module based on TCM chip |
CN104978302A (en) * | 2015-06-24 | 2015-10-14 | 山东超越数控电子有限公司 | TCM chip based intelligent security USB interface control method |
CN108377186A (en) * | 2018-03-19 | 2018-08-07 | 北京工业大学 | A kind of ssl protocol based on TCM |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7248841B2 (en) * | 2000-06-13 | 2007-07-24 | Agee Brian G | Method and apparatus for optimization of wireless multipoint electromagnetic communication networks |
US8353028B2 (en) * | 2004-06-21 | 2013-01-08 | Ebay Inc. | Render engine, and method of using the same, to verify data for access and/or publication via a computer system |
US20160065537A1 (en) * | 2014-08-28 | 2016-03-03 | Motorola Solutions, Inc | Method and apparatus enabling interoperability between devices operating at different security levels and trust chains |
US9935965B2 (en) * | 2015-05-14 | 2018-04-03 | International Business Machines Corporation | Establishing and using a trust level in mobile phones |
CN106209847A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | Electric data transmission method and device |
CN108881198B (en) * | 2018-06-07 | 2021-03-30 | 深圳市亿联智能有限公司 | Intelligent terminal safety control method |
-
2019
- 2019-06-26 CN CN201910560620.3A patent/CN110298183B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103368905A (en) * | 2012-03-29 | 2013-10-23 | 同方股份有限公司 | Trustable cipher module chip-based network access authentication method |
CN204374963U (en) * | 2015-01-26 | 2015-06-03 | 山东超越数控电子有限公司 | A kind of server for encrypting module based on TCM chip |
CN104618395A (en) * | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | System and method for dynamic cross-domain access control based on trusted network connection |
CN104618396A (en) * | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | Trusted network access and access control system and method |
CN104978302A (en) * | 2015-06-24 | 2015-10-14 | 山东超越数控电子有限公司 | TCM chip based intelligent security USB interface control method |
CN108377186A (en) * | 2018-03-19 | 2018-08-07 | 北京工业大学 | A kind of ssl protocol based on TCM |
Also Published As
Publication number | Publication date |
---|---|
CN110298183A (en) | 2019-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107735793B (en) | Binding trusted input sessions to trusted output sessions | |
CN102325320B (en) | A kind of Wireless security communication method and system | |
CN101854243B (en) | Circuit system design encryption circuit and encryption method thereof | |
CN102136048B (en) | Mobile phone Bluetooth-based ambient intelligent computer protection device and method | |
CN101098224B (en) | Method for encrypting/deciphering dynamically data file | |
GB2438359A (en) | Security chip | |
CN101504705A (en) | Trusted platform module and its computer starting control method | |
CN105513222B (en) | A kind of note output system and method based on national secret algorithm | |
CN103440462A (en) | Embedded control method for improving security and secrecy performance of security microprocessor | |
CN110378135A (en) | Intimacy protection system and method based on big data analysis and trust computing | |
CN107911567A (en) | A kind of system and method for resisting printer physical attacks | |
CN205584238U (en) | Network data encryption equipment | |
CN105809068A (en) | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm | |
CN110298183B (en) | Method for protecting data security in grading manner | |
CN101431411A (en) | Dynamic encryption method for network game data | |
CN105827388A (en) | Method for cryptographically processing data | |
CN113179258B (en) | Vehicle-mounted data encryption method based on multi-encryption algorithm | |
CN112417521B (en) | Information security system based on FPGA+processor architecture and working method thereof | |
CN112637172A (en) | Novel data security and confidentiality method | |
CN109698839B (en) | Desensitization data comparison method and device based on asymmetric algorithm | |
CN107172078B (en) | Security management and control method and system of core framework platform based on application service | |
CN207475576U (en) | A kind of safety mobile terminal system based on safety chip | |
CN115694922A (en) | File transmission encryption method and equipment under domestic CPU and OS | |
CN108154037B (en) | Inter-process data transmission method and device | |
CN106210240B (en) | A kind of encryption and decryption method and system based on intelligent terminal gyroscope |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Hu Yan Inventor after: Li Jian Inventor after: Wang Jinpeng Inventor before: Hu Yan Inventor before: Li Jian Inventor before: Wang Jinpeng |
|
CB03 | Change of inventor or designer information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |