CN110321302B - Embedded system data storage area management method - Google Patents
Embedded system data storage area management method Download PDFInfo
- Publication number
- CN110321302B CN110321302B CN201910583951.9A CN201910583951A CN110321302B CN 110321302 B CN110321302 B CN 110321302B CN 201910583951 A CN201910583951 A CN 201910583951A CN 110321302 B CN110321302 B CN 110321302B
- Authority
- CN
- China
- Prior art keywords
- access
- data
- storage area
- read
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention relates to a method for managing a data storage area of an embedded system, which is characterized by comprising the following steps: acquiring a first access address and a first access mode, inquiring a logic address file, and acquiring a storage area type; when the storage area type is a scrambling code storage area, first data access processing is carried out; when the storage area type is a non-scrambling code storage area, second data access processing is carried out; performing third data access processing when the storage area type is the electrical parameter storage area; performing fourth data access processing when the storage area type is a calculator storage area; performing a fifth data access process when the storage area type is a system parameter area; performing sixth data access processing when the storage area type is reserved for the extended area; the seventh data access processing is performed when the memory area type is a hidden area. According to the invention, the data storage area can be divided into multiple areas and the storage area type can be distributed, and the access mode is customized according to the storage area type, thereby realizing the safety protection function of the data storage area.
Description
Technical Field
The invention relates to the technical field of embedded systems, in particular to a method for managing a data storage area of an embedded system.
Background
With the wide application of embedded equipment in industrial control and the internet of things, a plurality of unattended application scenes appear: such as shared devices, e.g., internet of things end devices, etc. At present, the conventional embedded device manages the data thereof, and a common way is to set the device user right at the operating system level to realize the access control of the data area. In this way, the data stored in the storage area is not loaded with the bottom layer read-write protection function, and the data stealing or rewriting mode of directly accessing the storage device (device or chip) through a physical way has no protection effect. Especially for unattended equipment, a data bottom layer access protection means needs to be promoted.
Disclosure of Invention
The present invention aims to provide a method for managing a data storage area of an embedded system, aiming at the technical defects, according to the method of the present invention, the data storage area of the embedded system can be classified into storage types according to different purposes: the system comprises a readable and writable scrambling storage area, a readable and writable non-scrambling storage area, a readable and writable electrical parameter storage area, a readable and writable calculator storage area, a read-only system parameter area, a read-only reserved expansion area and a read-only hidden area, and different access control modes are provided for different storage area types. Thus, sensitive data can be stored in a scrambled storage area, non-sensitive data can be stored in a plaintext storage area such as a non-scrambled storage area, an electrical parameter storage area, a calculator storage area, etc., non-rewritable system parameters can be stored in a read-only system parameter area, data of a higher security level can be placed in a read-only hidden area, and the area can not be read by setting a hidden identifier.
In order to achieve the above object, the present invention provides a method for managing a data storage area of an embedded system, comprising:
the embedded system acquires a first access address and a first access mode, inquires a logic address file according to the first access address and acquires a storage area type;
when the storage area type is a scrambling code storage area, the embedded system performs first data access processing on the first access address according to the first access mode;
when the storage area type is a non-scrambling storage area, the embedded system performs second data access processing on the first access address according to the first access mode;
when the storage area type is the electrical parameter storage area, the embedded system performs third data access processing on the first access address according to the first access mode;
when the storage area type is a calculator storage area, the embedded system performs fourth data access processing on the first access address according to the first access mode;
when the storage area type is a system parameter area, the embedded system performs fifth data access processing on the first access address according to the first access mode;
when the storage area type is reserved for the extended area, the embedded system performs sixth data access processing on the first access address according to the first access mode;
and when the storage area type is a hidden area, the embedded system performs seventh data access processing on the first access address according to the first access mode.
Further, the performing, by the embedded system, a first data access process on the first access address according to the first access mode specifically includes:
when the value of the first access mode is a read mode, the embedded system performs first descrambling and reading processing on the data of the first access address to generate first read data;
and when the value of the first access mode is a write mode, the embedded system acquires first write data and performs first scrambling write processing on the first access address according to the first write data.
Further, the performing, by the embedded system, a second data access process on the first access address according to the first access mode specifically includes:
when the value of the first access mode is a read mode, the embedded system performs first plaintext read processing on the data of the first access address to generate second read data;
and when the value of the first access mode is a write mode, the embedded system acquires second write data and carries out first plaintext write processing on the first access address according to the second write data.
Further, the embedded system performs a third data access process on the first access address according to the first access mode, and specifically includes:
when the value of the first access mode is a read mode, the embedded system performs second plaintext read processing on the data of the first access address to generate third read data;
and when the value of the first access mode is a write mode, the embedded system acquires third write data and carries out second plaintext write processing on the first access address according to the third write data.
Further, the performing, by the embedded system, a fourth data access process on the first access address according to the first access mode specifically includes:
when the value of the first access mode is a read mode, the embedded system performs third plaintext read processing on the data of the first access address to generate fourth read data;
and when the value of the first access mode is a write mode, the embedded system acquires fourth write data and carries out third plaintext write processing on the first access address according to the fourth write data.
Further, the performing, by the embedded system, a fifth data access process on the first access address according to the first access mode specifically includes:
and when the value of the first access mode is a read mode, the embedded system performs fourth plaintext read processing on the data of the first access address to generate fifth read data.
Further, the sixth data access processing is performed on the first access address by the embedded system according to the first access mode, and specifically includes:
and when the value of the first access mode is a read mode, the embedded system performs fifth plaintext read processing on the data of the first access address to generate sixth read data.
Further, the embedded system performs a seventh data access process on the first access address according to the first access mode, and specifically includes:
and when the value of the first access mode is a read mode, the embedded system performs sixth plaintext read processing on the data of the first access address to generate seventh read data.
Preferably, the performing, by the embedded system, a sixth plaintext read process on the data of the first access address to generate seventh read data specifically includes:
the embedded system acquires a first hidden identifier;
when the value of the first hidden identifier is a non-hidden data area, the embedded system performs sixth plaintext reading processing on the data of the first access address to generate seventh read data;
when the value of the first hidden identifier is a hidden data area, the embedded system quits the sixth plaintext reading processing and returns an error message that the operation attribute does not exist.
Further, the method further comprises:
when the value of the storage area type is a system parameter area and the value of the first access mode is a writing mode, the embedded system quits data access processing and returns error information of 'operation attribute error';
when the value of the storage area type is a reserved expansion area and the value of the first access mode is a write mode, the embedded system quits data access processing and returns error information of 'operation attribute error';
and when the value of the storage area type is a hidden area and the value of the first access mode is a write mode, the embedded system quits the data access processing and returns error information of 'operation attribute error'.
According to the method for managing the data storage area of the embedded system, provided by the embodiment of the invention, the data storage area is divided into a scrambling code storage area, a non-scrambling code storage area, an electrical parameter storage area, a calculator storage area, a system parameter area, a reserved expansion area and a hidden area according to an address interval through the logic address file. For a scrambling code storage area, a scrambling read-write mechanism is provided by a system, so that when data is stored in the storage area, the data is a ciphertext processed by a scrambling algorithm, and when the data is read, the original text can be obtained only by descrambling the directly read data; for a non-scrambling code storage area, an electrical parameter storage area and a calculator storage area, a plaintext read-write mechanism is provided by a system, and data are also stored in the three storage areas in a plaintext mode; for a system parameter area and a reserved expansion area, the system recognizes the system parameter area and the reserved expansion area as a read-only area, a plaintext data reading access mode is provided, and data are stored in the two storage areas in a plaintext mode; the system identifies the hidden area as a hidden area, inhibits any access to the hidden area when its functionality is activated, and provides read access to the plaintext data when the hidden area functionality is deactivated, in which the data is stored in plaintext form.
Drawings
FIG. 1 is a schematic diagram of an embedded system storage area according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a logical address file according to an embodiment of the present invention;
fig. 3 is a schematic working diagram of a method for managing a data storage area of an embedded system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic diagram of an embedded system storage area provided in an embodiment of the present invention, and as shown in fig. 1, the embodiment of the present invention divides an embedded system data storage area into 7 types, where the types and the purposes are respectively: the scrambling code storage area is used for storing non-shared data or sensitive data, data read-write of the storage area needs data scrambling and descrambling processing through a specific algorithm, and data storage is also a scrambled ciphertext; the non-scrambling code storage area is used for storing sharable data or non-sensitive data, the data reading and writing of the storage area can be realized by plaintext reading and writing, and the data storage is also in a plaintext mode; the electric parameter storage area is used for storing specific electric parameters of the embedded equipment, and data reading and writing of the storage area can be realized by plaintext reading and writing; and the calculator storage area is used for storing various counter parameter values of the embedded equipment, and data reading and writing of the storage area can be realized by plaintext reading and writing. The system parameter area is used for storing key parameters in the embedded system, the data access to the storage area is in a read-only mode, and the data is stored in a plaintext mode; the data access to the storage area is in a read-only mode, and the data is stored in a plaintext mode; and the system is inaccessible to the data area when the value of the hidden identifier in the system is hidden, and the system is accessed to the data area in a read-only mode when the value of the hidden identifier in the system is not hidden, so that the data is stored in a plaintext mode.
The logical address file includes 7 records. Each record corresponds to a storage area type as described in fig. 1. Each record consists of 4 sets of parameters: address interval parameter, memory area type parameter, read operation parameter, write operation parameter, wherein: the address interval parameters comprise a starting address and an ending address, and the physical address range of the access area corresponding to the record is nominal; the values of the storage area type parameter include the type 7 storage area shown in FIG. 1; the read operation parameters comprise three state values (descrambling read, plaintext read, prohibited read); the write operation parameters include three state values (scrambled write, plaintext write, write disabled).
Fig. 2 is a schematic diagram of a logical address file according to an embodiment of the present invention, and as can be seen from the above description, in record 1 of the logical address file in fig. 2, a storage area between a first start address and a first end address (including the start address and the end address itself) is a scrambling storage area, and the read-write mode of the storage area is scrambling write and descrambling read; recording 2, wherein a storage area between a second starting address and a second ending address (including the starting address and the ending address) is an unscrambled storage area, and the reading and writing modes of the storage area are plaintext writing and plaintext reading; recording 3, wherein a storage area between a third starting address and a third ending address (including the starting address and the ending address) is an electrical parameter storage area, and the reading and writing modes of the storage area are plaintext writing and plaintext reading; and 4, recording, wherein a storage area between the fourth starting address and the fourth ending address (including the starting address and the ending address) is a calculator storage area, and the reading and writing modes of the storage area are plaintext writing and plaintext reading. Recording 5, wherein a storage area between a fifth starting address and a fifth ending address (including the starting address and the ending address) is a system parameter area, and the read-write mode of the storage area is a read-only mode; recording 6, wherein a storage area between a sixth starting address and a sixth ending address (including the starting address and the ending address) is a reserved expansion area, and the read-write mode of the storage area is a read-only mode; record 7, the storage area between the seventh start address and the seventh end address (including the start and end addresses itself) is a hidden area, the storage area is not accessible when the hidden flag value of the storage area is hidden, and the read-write mode of the storage area is a read-only mode when the hidden flag value of the storage area is not hidden.
In a first embodiment of the present invention, as shown in fig. 3, which is a schematic working diagram of a method for managing a data storage area of an embedded system according to a first embodiment of the present invention, the method includes the following steps:
step 11, the embedded system obtains the first access address and the first access mode, queries the logic address file according to the first access address, obtains the storage area type,
the method specifically comprises the following steps: step A1, initializing the value of the first temporary record index to 0, initializing the value of the first temporary storage area type to null, and initializing the value of the total number of the first temporary records to 7;
step A2, extracting a first temporary record index record byte according to the logic address file, and generating a first temporary record;
step A3, according to the first temporary record, extracting the first temporary start address byte to generate a first temporary start address, and extracting the first temporary end address byte to generate a first temporary end address;
step A4, determining whether the first access address is greater than or equal to the first temporary start address, if so, going to step A5; if the first access address is smaller than the first temporary starting address, it indicates that the access address does not belong to the storage area identified by the record, go to step a 7;
step A5, judging whether the first access address is less than or equal to the first temporary ending address, if the first access address is less than or equal to the first temporary ending address, indicating that the access address belongs to the storage area of the record mark, and going to step A6; if the first access address is larger than the first temporary end address, it indicates that the access address does not belong to the storage area identified by the record, go to step a 7;
step A6, according to the first temporary record, extracting the first temporary storage area type byte to generate the first temporary storage area type, and going to step A9;
step a7, adding 1 to the value of the first temporary record index;
step A8, determining whether the value of the first temporary record index is less than or equal to the first temporary record total number, if the value of the first temporary record index is less than or equal to the first temporary record total number, going to step A2; if the value of the first temporary record index is greater than the first temporary record total number, go to step A9;
step A9, according to the first temporary storage area type, extracting all bytes of the first temporary storage area type to generate a storage area type;
step A10, when the storage area type is the scrambling code storage area, go to step 121; if the storage area type is the non-scrambling code storage area, go to step 122; if the storage area type is the electrical parameter storage area, go to step 123; if the storage area type is calculator storage area, go to step 124; if the storage area type is the system parameter area, go to step 125; if the storage area type is the reserved expansion area, go to step 126; if the storage area type is hidden, go to step 127; if the memory type is not any of the 7 types described above, proceed to step 410.
the method specifically comprises the following steps: step B1, when the first access mode is a read mode, the embedded system performs a first descrambling and reading process on the data of the first access address to generate first read data, and the descrambling algorithm at the position is generally as follows: turning to step 130, a byte XOR algorithm, a symmetric algorithm, an asymmetric signature algorithm and the like;
step B2, if the value of the first access mode is the write mode, the embedded system obtains the first write data, and carries out the first scrambling write processing to the first access address according to the first write data, and the scrambling algorithm at the position is generally: byte xor algorithm, symmetric algorithm, asymmetric signature algorithm, etc. Go to step 130;
in step B3, when the first access mode is neither the read mode nor the write mode, the process proceeds to step 410.
the method specifically comprises the following steps: step C1, when the first access mode is a read mode, the embedded system performs a first plaintext read process on the first access address to generate a second read data, and goes to step 130;
step C2, when the value of the first access mode is the write mode, the embedded system obtains the second write data, and performs the first plaintext write process on the first access address according to the second write data, and goes to step 130;
step C3, when the first access mode is neither the read mode nor the write mode, go to step 410.
the method specifically comprises the following steps: step D1, when the first access mode is a read mode, the embedded system performs a second plaintext read process on the first access address to generate a third read data, and goes to step 130;
step D2, when the value of the first access mode is the write mode, the embedded system obtains the third write data, and performs the second plaintext write process on the first access address according to the third write data, and goes to step 130;
step D3, when the first access mode is neither the read mode nor the write mode, go to step 410.
the method specifically comprises the following steps: step E1, when the first access mode is a read mode, the embedded system performs a third plaintext read process on the first access address to generate a fourth read data, and goes to step 130;
step E2, when the value of the first access mode is the write mode, the embedded system obtains the fourth write data, and performs the third plaintext write process on the first access address according to the fourth write data, and goes to step 130;
step E3, when the first access mode is neither the read mode nor the write mode, go to step 410.
the method specifically comprises the following steps: step F1, when the first access mode is a read mode, the embedded system performs a fourth plaintext read process on the first access address to generate a fifth read data, and goes to step 130;
step F2, when the value of the first access mode is the write mode, go to step 420;
in step F3, when the first access mode is neither the read mode nor the write mode, the process proceeds to step 410.
the method specifically comprises the following steps: step G1, when the first access mode is a read mode, the embedded system performs a fifth plaintext read process on the first access address to generate a sixth read data, and goes to step 130;
step G2, when the value of the first access mode is the write mode, go to step 420;
in step G3, when the first access mode is neither the read mode nor the write mode, the process proceeds to step 410.
the method specifically comprises the following steps: step H1, when the value of the first access mode is the read mode, according to the first access mode, the seventh data access processing is performed to the first access address,
the method specifically comprises the following steps: step J11, the embedded system obtains a first hidden mark;
step J12, determining whether the value of the first hidden flag is a hidden data area, if the value of the first hidden flag is a hidden data area, going to step 420; if the value of the first hidden flag is not the hidden data area, go to step J13;
step J13, the embedded system performs a sixth plaintext read process on the first access address to generate a seventh read data, and goes to step 130;
step H2, when the value of the first access mode is the write mode, go to step 420;
in step H3, when the first access mode is neither the read mode nor the write mode, the process proceeds to step 410.
And step 130, the embedded system returns the execution result of the data access processing to the upper computer.
At step 410, the embedded system exits the data access process and returns an error message "operation attribute does not exist".
In step 420, the embedded system exits the data access process and returns an error message "operation attribute error".
In the second embodiment of the present invention, when the storage region where the access address is located belongs to the scrambling code storage region, the method includes the following steps:
step 91, the embedded system obtains a first access address and a first access mode.
And step 92, according to the first access address, the embedded system inquires a logic address file and acquires the value of the storage area type as a scrambling code storage area.
Step 93, judging whether the first access mode is a reading mode, and if the value of the first access mode is the reading mode, turning to step 94; if the value of the first access mode is not read mode, go to step 95.
Step 94, the embedded system performs a first descrambling process on the data of the first access address to generate first read data and goes to step 100,
the method specifically comprises the following steps: l1, the embedded system extracts the first temporary read data from the first access address and obtains the scrambling algorithm identification, wherein the scrambling algorithm identification is the system parameter used by the system to identify the scrambling code generation algorithm of the scrambling code storage area;
step L2, when the scrambling algorithm identification is byte XOR algorithm, obtaining a first temporary scrambling code, performing exclusive OR calculation on the first temporary read data according to the first temporary scrambling code to generate first read data, and going to step 100;
step L3, when the scrambling algorithm is identified as a symmetric algorithm, obtaining a first decryption key, performing decryption calculation on the first temporary read data according to the first decryption key to generate first read data, and going to step 100;
and L4, when the scrambling algorithm is identified as the asymmetric signature algorithm, acquiring a first signature verification public key, performing signature verification calculation on the first temporary read data according to the first signature verification public key to generate first read data, and turning to the step 100.
Step 95, judging whether the first access mode is a write mode, and if the value of the first access mode is the write mode, turning to step 96; if the value of the first access mode is not the write mode, go to step 210.
Step 96, the embedded system acquires the first write data, performs the first scrambling write process on the first access address according to the first write data and goes to step 100,
the method specifically comprises the following steps: k1, obtaining scrambling algorithm identification, wherein the scrambling algorithm identification is a system parameter used by the system for identifying scrambling code generation algorithm in the scrambling code storage area;
step K2, when the scrambling algorithm identification is byte XOR algorithm, obtaining a first temporary scrambling code, performing exclusive OR calculation on the first written data according to the first temporary scrambling code to generate first scrambled written data, writing the first scrambled written data into the first access address, and going to step 100;
step K3, when the scrambling algorithm is identified as a symmetric algorithm, acquiring a first decryption key, carrying out encryption calculation on the first written data according to the first decryption key to generate first encrypted written data, writing the first encrypted written data in the first access address, and turning to step 100;
and K4, when the scrambling algorithm is identified as the asymmetric signature algorithm, acquiring a first signature private key, performing signature calculation on the first write-in data according to the first signature private key to generate first signature write-in data, writing the first signature write-in data into the first access address, and turning to the step 100.
And step 100, the embedded system returns the execution result of the data access processing to the upper computer.
In step 210, the embedded system exits the data access process and returns an error message "operation attribute does not exist".
According to the method for managing the data storage area of the embedded system, provided by the embodiment of the invention, the data storage area is divided into a scrambling code storage area, a non-scrambling code storage area, an electrical parameter storage area, a calculator storage area, a system parameter area, a reserved expansion area and a hidden area according to an address interval through the logic address file. For a scrambling code storage area, a scrambling read-write mechanism is provided by a system, so that when data is stored in the storage area, the data is a ciphertext processed by a scrambling algorithm, and when the data is read, the original text can be obtained only by descrambling the directly read data; for a non-scrambling code storage area, an electrical parameter storage area and a calculator storage area, a plaintext read-write mechanism is provided for the system, and data are also stored in the three storage areas in a plaintext mode; for a system parameter area and a reserved expansion area, the system recognizes the system parameter area and the reserved expansion area as a read-only area, a plaintext data reading access mode is provided, and data are stored in the two storage areas in a plaintext mode; the system identifies the hidden area as a hidden area, inhibits any access to the hidden area when its functionality is activated, and provides read access to the plaintext data when the hidden area functionality is deactivated, in which the data is stored in plaintext form. The method can divide the data storage area of the embedded system into multiple data application areas and provide different access control modes for different application areas. Therefore, the sensitive data can be stored in the scrambled storage area, the non-sensitive data can be stored in the plaintext storage area, the non-rewritable system parameters can be stored in the readable storage area, and the data hidden area can be set by setting the hidden mark of the storage area.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, a software module executed by a processor, or a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (6)
1. A method for managing data storage areas of an embedded system is characterized by comprising the following steps:
the embedded system acquires a first access address and a first access mode, inquires a logic address file according to the first access address and acquires a storage area type;
when the storage area type is a scrambling code storage area, the embedded system performs first data access processing on the first access address according to the first access mode;
when the storage area type is a non-scrambling storage area, the embedded system performs second data access processing on the first access address according to the first access mode;
when the storage area type is the electrical parameter storage area, the embedded system performs third data access processing on the first access address according to the first access mode;
when the storage area type is a calculator storage area, the embedded system performs fourth data access processing on the first access address according to the first access mode;
when the storage area type is a system parameter area, the embedded system performs fifth data access processing on the first access address according to the first access mode;
when the storage area type is reserved for the extended area, the embedded system performs sixth data access processing on the first access address according to the first access mode;
when the storage area type is a hidden area, the embedded system performs seventh data access processing on the first access address according to the first access mode;
the embedded system performs a first data access process on the first access address according to the first access mode, and specifically includes:
when the value of the first access mode is a read mode, the embedded system performs first descrambling and reading processing on the data of the first access address to generate first read data;
when the value of the first access mode is a write mode, the embedded system acquires first write data and carries out first scrambling write processing on the first access address according to the first write data;
the algorithm of the first descrambling and reading processing and the algorithm of the first scrambling and writing processing comprise a byte exclusive or algorithm, a symmetric algorithm and an asymmetric signature algorithm;
the embedded system performs a seventh data access processing on the first access address according to the first access mode, and specifically includes:
when the value of the first access mode is a read mode, the embedded system performs sixth plaintext read processing on the data of the first access address to generate seventh read data;
the embedded system performs sixth plaintext read processing on the data of the first access address to generate seventh read data, and the method specifically includes:
the embedded system acquires a first hidden identifier;
when the value of the first hidden identifier is a non-hidden data area, the embedded system performs sixth plaintext reading processing on the data of the first access address to generate seventh read data;
when the value of the first hidden identifier is a hidden data area, the embedded system quits the sixth plaintext reading processing and returns an error message that the operation attribute does not exist;
the embedded system storage area types comprise the scrambling code storage area, the non-scrambling code storage area, the electrical parameter storage area, the calculator storage area, the system parameter area, the reserved expansion area and the hidden area;
the logical address file comprises a plurality of records; each record comprises an address interval parameter, a storage area type parameter, a reading operation parameter and a writing operation parameter; the address interval parameters comprise a starting address and an ending address; in the logic address file, the read operation parameter of the record of which the storage area type parameter is the scrambling code storage area is descrambling read, and the write operation parameter is scrambling write; the read operation parameter recorded by the storage area type parameter which is the non-scrambling code storage area is plaintext read, and the write operation parameter is plaintext write; the read operation parameter recorded in the storage area with the storage area type parameter as the electrical parameter storage area is plaintext read, and the write operation parameter is plaintext write; the storage area type parameter is that the read operation parameter recorded in the calculator storage area is plaintext read, and the write operation parameter is plaintext write; the read operation parameter recorded by the storage area type parameter system parameter area is plaintext read, and the write operation parameter is write prohibition; the read operation parameter of the record with the storage area type parameter being reserved for the expansion area is plaintext read, and the write operation parameter is write prohibition; the write operation parameter of the record with the storage area type parameter being the hidden area is write prohibition; the storage area type parameter is that the read operation parameter recorded in the hidden area corresponds to the first hidden identifier, if the first hidden identifier is a non-hidden data area, the read operation parameter is plaintext read, and if the first hidden identifier is a hidden data area, the read operation parameter is prohibited to read;
the querying a logic address file according to the first access address to obtain a storage area type specifically includes: inquiring the logic address file, and taking the storage area type parameter of which the starting address range and the ending address range of the address interval parameter meet the record of the first access address as the storage area type;
the method further comprises the following steps: when the preset scrambling algorithm identification is a byte XOR algorithm, the algorithm of the first descrambling and reading processing and the algorithm of the first scrambling and writing processing are byte XOR algorithms; when the preset scrambling algorithm identification is a symmetric algorithm, the algorithm of the first descrambling and reading processing and the algorithm of the first scrambling and writing processing are symmetric algorithms; when the preset scrambling algorithm identification is an asymmetric signature algorithm, the algorithm of the first descrambling and reading processing and the algorithm of the first scrambling and writing processing are asymmetric signature algorithms;
the method further comprises the following steps: when the value of the storage area type is a system parameter area and the value of the first access mode is a writing mode, the embedded system quits data access processing and returns error information of 'operation attribute error';
when the value of the storage area type is a reserved expansion area and the value of the first access mode is a write mode, the embedded system quits data access processing and returns error information of 'operation attribute error';
and when the value of the storage area type is a hidden area and the value of the first access mode is a write mode, the embedded system quits the data access processing and returns error information of 'operation attribute error'.
2. The method according to claim 1, wherein the embedded system performs a second data access process on the first access address according to the first access mode, and specifically includes:
when the value of the first access mode is a read mode, the embedded system performs first plaintext read processing on the data of the first access address to generate second read data;
and when the value of the first access mode is a write mode, the embedded system acquires second write data and carries out first plaintext write processing on the first access address according to the second write data.
3. The method according to claim 1, wherein the embedded system performs a third data access process on the first access address according to the first access mode, specifically including:
when the value of the first access mode is a read mode, the embedded system performs second plaintext read processing on the data of the first access address to generate third read data;
and when the value of the first access mode is a write mode, the embedded system acquires third write data and carries out second plaintext write processing on the first access address according to the third write data.
4. The method according to claim 1, wherein the embedded system performs a fourth data access process on the first access address according to the first access mode, specifically including:
when the value of the first access mode is a read mode, the embedded system performs third plaintext read processing on the data of the first access address to generate fourth read data;
and when the value of the first access mode is a write mode, the embedded system acquires fourth write data and carries out third plaintext write processing on the first access address according to the fourth write data.
5. The method according to claim 1, wherein the embedded system performs a fifth data access process on the first access address according to the first access mode, specifically including:
and when the value of the first access mode is a read mode, the embedded system performs fourth plaintext read processing on the data of the first access address to generate fifth read data.
6. The method according to claim 1, wherein the embedded system performs a sixth data access process on the first access address according to the first access mode, specifically including:
and when the value of the first access mode is a read mode, the embedded system performs fifth plaintext read processing on the data of the first access address to generate sixth read data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910583951.9A CN110321302B (en) | 2019-06-28 | 2019-06-28 | Embedded system data storage area management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910583951.9A CN110321302B (en) | 2019-06-28 | 2019-06-28 | Embedded system data storage area management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110321302A CN110321302A (en) | 2019-10-11 |
| CN110321302B true CN110321302B (en) | 2021-10-01 |
Family
ID=68121506
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910583951.9A Active CN110321302B (en) | 2019-06-28 | 2019-06-28 | Embedded system data storage area management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110321302B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112764842A (en) * | 2019-11-05 | 2021-05-07 | 珠海格力电器股份有限公司 | Authority control method, device, equipment and storage medium |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1280737C (en) * | 2002-12-31 | 2006-10-18 | 台均科技(深圳)有限公司 | Safety authentication method for movable storage device and read and write identification device |
| CN102981980A (en) * | 2004-12-21 | 2013-03-20 | 桑迪士克股份有限公司 | Method for control access in storage device |
| CN100476762C (en) * | 2005-12-31 | 2009-04-08 | 联想(北京)有限公司 | Safety memory device and data management method |
| CN101082883A (en) * | 2006-05-31 | 2007-12-05 | 朴显泽 | Storage apparatus having multiple layer encrypting protection |
| US8286883B2 (en) * | 2007-11-12 | 2012-10-16 | Micron Technology, Inc. | System and method for updating read-only memory in smart card memory modules |
| CN101567095A (en) * | 2008-04-25 | 2009-10-28 | 山西科泰微技术有限公司 | Method and device for managing fire protection data |
| SG185640A1 (en) * | 2010-05-24 | 2012-12-28 | Soda Private Ltd | Method and system of secure computing environment having auditable control of data movement |
| CN102063388A (en) * | 2011-01-10 | 2011-05-18 | 北京深思洛克软件技术股份有限公司 | Data protection method and device |
| CN102567233B (en) * | 2011-12-23 | 2014-07-02 | 福建升腾资讯有限公司 | Data protection method of USB storage device based on magnetic disc virtual technology |
| CN103617404A (en) * | 2013-12-17 | 2014-03-05 | 天津赢达信科技有限公司 | Storing device of safety partitions |
| CN103793334A (en) * | 2014-01-14 | 2014-05-14 | 上海上讯信息技术股份有限公司 | Mobile storage device based data protecting method and mobile storage device |
| CN105095945A (en) * | 2014-05-07 | 2015-11-25 | 中兴软创科技股份有限公司 | SD card capable of securely storing data |
| US9489534B2 (en) * | 2014-10-23 | 2016-11-08 | Northrop Grumman Systems Corporation | Multi-level security system for enabling secure file sharing across multiple security levels and method thereof |
| CN106709380A (en) * | 2015-07-20 | 2017-05-24 | 中国科学院声学研究所 | Encryption and decryption method and system capable of aiming at disk data memory area |
-
2019
- 2019-06-28 CN CN201910583951.9A patent/CN110321302B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110321302A (en) | 2019-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU747222B2 (en) | Method and apparatus for protection of recorded digital data | |
| CA2242596C (en) | System for controlling access and distribution of digital property | |
| US10592641B2 (en) | Encryption method for digital data memory card and assembly for performing the same | |
| US6957343B2 (en) | Validating keying material by using a validation area of read-only media to prevent playback of unauthorized copies of content stored on the media | |
| US20050251866A1 (en) | Storage medium and method and apparatus for separately protecting data in different areas of the storage medium | |
| WO2003034428A2 (en) | Secure single drive copy method and apparatus | |
| JPH10312335A (en) | Data processing method and processor therefor | |
| CN107341534B (en) | Electronic card anti-copy method and device and management server | |
| CN111324901A (en) | Method for creating and decrypting enterprise security encrypted file | |
| CN104778954A (en) | Optical disc partition encryption method and system | |
| CN110321302B (en) | Embedded system data storage area management method | |
| CN101740068B (en) | Data encryption method of compact disc | |
| CN111177783B (en) | Method and device for preventing mobile storage medium from being divulged | |
| CN111782605A (en) | Chip card file management method, device, terminal and storage medium | |
| US20040250104A1 (en) | Method of processing data and data processing apparatus | |
| WO2005010734A1 (en) | Data carrier belonging to an authorized domain | |
| CN116257862B (en) | Data storage system based on data hierarchical classification and database transparent encryption and decryption method | |
| KR102525429B1 (en) | Private branch exchange apparatus and method for generating and storing system identifier | |
| US20040215970A1 (en) | Data recording apparatus and method of identifying data | |
| JP2004246851A (en) | Reading restriction system for recording medium | |
| JP4773757B2 (en) | Area management type memory device | |
| KR101149582B1 (en) | Method for encrypting and decrypting data file with various security level | |
| CN117390652A (en) | Optical disc encryption method, system, medium and equipment based on double-factor authentication | |
| WO2009088114A1 (en) | Drm method using bad pattern, and digital contents recorder/player and method using that | |
| JP2007279947A (en) | Software license management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100080, Beijing, Suzhou Street, Haidian District No. 20, building 2, on the north side of the four floor Applicant after: Zhaoxun Hengda Technology Co., Ltd Address before: 100080, Beijing, Suzhou Street, Haidian District No. 20, building 2, on the north side of the four floor Applicant before: MEGAHUNT MICROELECTRONIC TECH. (BEIJING) Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |