CN110659226A - Method for accessing data and related circuit - Google Patents

Method for accessing data and related circuit Download PDF

Info

Publication number
CN110659226A
CN110659226A CN201810685850.8A CN201810685850A CN110659226A CN 110659226 A CN110659226 A CN 110659226A CN 201810685850 A CN201810685850 A CN 201810685850A CN 110659226 A CN110659226 A CN 110659226A
Authority
CN
China
Prior art keywords
data
key
physical address
information
encrypted data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810685850.8A
Other languages
Chinese (zh)
Inventor
黄建兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MStar Semiconductor Inc Taiwan
Original Assignee
MStar Semiconductor Inc Taiwan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MStar Semiconductor Inc Taiwan filed Critical MStar Semiconductor Inc Taiwan
Priority to CN201810685850.8A priority Critical patent/CN110659226A/en
Publication of CN110659226A publication Critical patent/CN110659226A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights

Abstract

A method for accessing a data is applied to a data access system and comprises the steps of looking up a table according to a virtual address corresponding to the data to obtain a physical address, an attribute parameter and key information; generating a key according to a trigger signal; storing the key according to the key information; judging whether the data meets an encryption condition according to the attribute parameters; and when the data meets the encryption condition, performing an encryption operation on the data according to the secret key to generate encrypted data so that the data access system writes the encrypted data into the memory according to the physical address.

Description

Method for accessing data and related circuit
Technical Field
The present invention relates to a method for accessing data in a memory, and more particularly, to a method and related circuit for encrypting data to achieve protection.
Background
Conventionally, each functional circuit has different permissions for a memory, some circuits only allow writing data into the memory, some circuits only allow reading data from the memory, in order to achieve the efficacy of data security, it is usually determined whether a specific circuit can perform a write/read operation on a specific memory address, for example, when data is to be written into a first memory, a virtual address of the address is usually carried, a write circuit performs a table lookup to a second memory according to the virtual address to obtain a physical address in the memory corresponding to the virtual address, and a processing circuit receives the data and the physical address from the write circuit and performs a table lookup to a third memory according to the physical address to determine whether the write circuit has the permission for writing the physical address, if yes, the processing circuit writes the data into the physical address in the first memory; similarly, when data is to be read from the first memory, a virtual address of the address to be read is usually obtained, a reading circuit firstly performs table lookup to the second memory according to the virtual address to obtain a physical address in the memory corresponding to the virtual address, then a processing circuit receives the physical address from the reading circuit and performs table lookup to the third memory according to the physical address to judge whether the reading circuit has a reading authority for the physical address, and if so, the processing circuit reads the data from the physical address in the first memory and outputs the data to the reading circuit. However, when the data size of a data is large and the corresponding physical addresses are not continuous, the table lookup for each physical address to determine whether the data has the write/read permission is not efficient, and a new circuit architecture is needed for accessing the data.
Disclosure of Invention
Therefore, an objective of the present invention is to provide a method for accessing data and related circuit to solve the above problems.
According to an embodiment of the present invention, a method for accessing data is disclosed, which is applied to a data access system, and comprises performing table lookup according to a virtual address corresponding to the data to obtain a physical address, an attribute parameter and key information; generating a key according to a trigger signal; storing the key according to the key information; judging whether the data meets an encryption condition according to the attribute parameters; and when the data meets the encryption condition, performing an encryption operation on the data according to the secret key to generate encrypted data so that the data access system writes the encrypted data into the memory according to the physical address.
According to an embodiment of the present invention, an access circuit for performing a data access is disclosed, wherein the data corresponds to at least one virtual address, the access circuit comprises an address lookup table, a judgment circuit, a key generation circuit and a processing circuit, wherein the at least one virtual address corresponds to at least one physical address, an attribute parameter and at least one key information stored in the address lookup table; the judging circuit is used for receiving the attribute parameter, wherein the judging circuit judges whether the data meets an encryption condition according to the attribute parameter; the key generating circuit is used for receiving the at least key information, wherein when data is written, the key generating circuit generates a key corresponding to the key information; the processing circuit is coupled to the key generation circuit, wherein when the data meets the encryption condition, the processing circuit performs an encryption operation on the data according to the key to generate encrypted data, and writes the encrypted data into a memory according to the physical address.
Drawings
FIG. 1 is a diagram of a data access system according to an embodiment of the invention.
FIG. 2 is a diagram of an address lookup table in the first memory of FIG. 1.
FIG. 3 is a key lookup table in the second memory of FIG. 1
FIG. 4 is a flow chart of a method of writing data using the data access system shown in FIG. 1.
FIG. 5 is a flow chart of a method of reading data using the data access system shown in FIG. 1.
Description of the symbols
10 data access system
40 access circuit
20 write circuit
30 read circuit
70 third memory
41 first memory
42 judging circuit
43 Key Generation Circuit
44 processing circuit
45 second memory
VA virtual address
PA1, PA2 physical addresses
E1, E2 entries
key _ info1, key _ info2 Key information
att attribute parameter
key1, key2 Key
Crypto encrypted data
400,500 methods
401, 501, 508
DATA
Detailed Description
Fig. 1 is a schematic diagram of a data access system 10 according to an embodiment of the invention, as shown in fig. 1, the data access system 10 includes an access circuit 40, a write circuit 20, a read circuit 30, and a memory control circuit 50, wherein the access circuit 40 includes a first memory 41, a judgment circuit 42, a key generation circuit 43, a second memory 45, and a processing circuit 44. The memory control circuit 50 is used to access a third memory 70. In the present embodiment, the write circuit 20 is a functional circuit that needs to write data into the third memory 70, for example, the write circuit 20 is used to write an image decoded by an image decoder into the third memory 70 through the memory control circuit 50, and the read circuit 30 is a functional circuit that needs to read data from the third memory 70, for example, the read circuit 30 is used to read the image from the third memory 70 through the memory control circuit 50 to be transmitted to an image processing circuit for further image processing, which is only an example and not a limitation of the present invention, and any circuit that needs to store or read data is within the scope of the present invention.
When the write circuit 20 writes a DATA into the third memory 70, the discontinuous physical address PA corresponding to the virtual address VA is obtained by looking up a table from an address lookup table stored in the first memory 41, and the DATA is written into the physical address PA in the third memory 70 through the memory control circuit 50; similarly, when the reading circuit 30 reads the DATA in the third memory 70, the physical address PA corresponding to the virtual address VA is found from the address lookup table stored in the first memory 41, and the DATA is read from the physical address PA in the third memory 70 through the memory control circuit 50.
In the present embodiment, a physical address PA represents a page (page) in the memory 70, which is 4000 bytes (byte). If the DATA is image DATA, such as a frame, the size of the DATA may be several hundred megabytes, i.e., several hundred to several thousand pages are occupied. If it is very inefficient to check whether each page has read/write permission through the table lookup method, the present invention provides an access circuit with encryption function and method thereof, which can avoid the inefficient situation.
Fig. 2 is a schematic diagram of an address lookup table in the first memory 41 of fig. 1, as shown in fig. 2, the address lookup table is used for storing a plurality of entries (entries) E1, E2, E3 … …, wherein each entry corresponds to a virtual address VA and stores a corresponding physical address PA, an attribute parameter att and key information key _ info. When the write circuit 20 is to write the DATA into the third memory 70, a corresponding entry may be found from the address lookup table according to the virtual address VA, and a corresponding physical address PA (e.g., the physical address PA1), an attribute parameter att (e.g., the attribute parameter att1), and key information key _ info (e.g., the key information key _ info1) are obtained.
Fig. 3 is a schematic diagram of a key lookup table in the second memory 45 of fig. 1, as shown in fig. 3, the key lookup table is used for storing a plurality of key keys, wherein each key corresponds to a key information key _ info.
Referring to fig. 1 and fig. 3, when the write circuit 20 is to write the DATA into the virtual address VA, first, the physical address PA1, the attribute parameter att1 and the key information key _ info1 corresponding to the virtual address VA are obtained from the address lookup table in the first memory 41, and the key information key _ info1 is transmitted to the key generation circuit 43, and the write circuit 20 further transmits a trigger signal TRI to the key generation circuit 43. The key generation circuit 43 generates a key1 according to the trigger signal TRI, and stores the key1 in the key lookup table at a position corresponding to the key information key _ info 1.
With reference to fig. 1, the writing circuit 20 then transmits the attribute parameter att1 and the key information key _ info1 to the determining circuit 42 and the processing circuit 44, respectively, and the determining circuit 42 determines whether the DATA satisfies an encryption condition according to the attribute parameter att1 to generate a determination result s. For example, the attribute parameter att1 may have a specific bit, and when the bit value of the specific bit is '1', it represents that the DATA needs to be encrypted before being written into the third memory 70. When the determination result s indicates that the DATA is encrypted, the processing circuit 44 obtains the corresponding key1 from the key lookup table in the second memory 45 according to the key information key _ info1, and performs an encryption operation on the DATA according to the key1, for example, the processing circuit 44 may encode the DATA and the key1 to generate an encrypted DATA CRYPTO, and write the encrypted DATA CRYPTO into the third memory 70 according to the physical address PA 1. In another embodiment, the processing circuit 44 may also encode the DATA with the physical address PA1 and the key1 to generate the encrypted DATA CRYPTO to increase the complexity and protection of the encryption operation. Because each data has different physical addresses, the encryption mode is more complicated than the encryption mode which simply uses the key, and the safety is greatly improved.
On the other hand, when the attribute parameter att1 indicates that the DATA does not satisfy the encryption condition, for example, when the bit value of the specific bit in the attribute parameter att1 is '0', it represents that no encryption operation needs to be performed on the DATA, and the processing circuit 44 may directly write the DATA to the physical address PA1 in the third memory 70 according to the determination result s. In another embodiment, when the attribute parameter att1 indicates that the DATA does not satisfy the encryption condition, the processing circuit 44 may perform other operations, such as obtaining a permission information corresponding to the physical address PA1 from a permission lookup table in a fourth memory (not shown in fig. 1) according to a range information of the attribute parameter att1 about the physical address PA1, thereby confirming whether the physical address PA1 has a write permission, and if the physical address PA1 has the write permission, the processing circuit 44 writes the DATA into the third memory 70 according to the physical address PA1, wherein the range information is a memory address having a fixed range, and the permission information represents permissions of all memory addresses in the fixed range.
It should be noted that although the physical address PA and the key information key _ info are corresponding to each other in one-to-one manner in the foregoing embodiments, in another embodiment, a virtual address VA corresponding to a DATA may correspond to a plurality of physical addresses, such as the physical addresses PA1 and PA2, and the plurality of physical addresses may correspond to the same key information at the same time. Furthermore, in yet another embodiment, the processing circuit 44 may also utilize multiple keys to perform encryption operations on the same DATA DATA. For example, the processing circuit 44 may encode the DATA with the keys 1 and 2 to generate the encrypted DATA CRYPTO, or the processing circuit 44 may encode the DATA with the physical addresses PA1 and PA2 and the keys key1 and key2 to generate the encrypted DATA CRYPTO, which is then written in the third memory 70.
Similar to the operation of the write circuit 20, when the read circuit 30 wants to read the DATA written in the third memory 70, first, the virtual address VA is used to find a corresponding entry from the address lookup table in the first memory 41, and the physical address PA1, the attribute parameter att1, and the key information key _ info1 are obtained. Then, the reading circuit 30 transmits the attribute parameter att1 and the key information key _ info1 to the determining circuit 42 and the processing circuit 44, respectively, and the determining circuit 42 may determine whether the DATA to be read satisfies the encryption condition according to the attribute parameter att1 and generate the determination result s. The processing circuit 44 may determine whether a decryption operation is required to obtain the DATA according to the determination result s. For example, when the attribute parameter att1 indicates that the DATA satisfies the encryption condition, the processing circuit 44 obtains the corresponding key1 from the key lookup table of the second memory 45 according to the key information key _ info1, reads the encrypted DATA CRYPTO from the third memory 70 according to the physical address PA1, and performs a decryption operation on the encrypted DATA CRYPTO according to the key1 to obtain the DATA. In detail, if the encrypted DATA CRYPTO performs the encryption operation on the DATA only by using the key1, the processing circuit 44 performs the decryption operation only by using the key1 at this time; if the encrypted DATA CRYPTO is the DATA encrypted by the physical address PA1 and the key1, the processing circuit 44 decrypts the encrypted DATA CRYPTO by the physical address PA1 and the key 1; if the encrypted DATA CRYPTO is encrypted by using keys (e.g., keys 1 and 2) and/or physical addresses (e.g., PA1 and PA2), the processing circuit 44 performs the decryption operation according to the keys and/or the physical addresses.
On the other hand, when the attribute parameter att1 indicates that the DATA does not satisfy the encryption condition, the representative processing circuit 44 writes the DATA into the third memory 70 without encrypting the DATA, and thus, upon reading, the DATA may be directly read from the physical address PA1 in the third memory 70. In another embodiment, when the attribute parameter att1 indicates that the DATA does not satisfy the encryption condition, the processing circuit may perform other operations, for example, obtain a permission information corresponding to the physical address PA1 from a permission lookup table in the fourth memory according to the range information about the physical address PA1 in the attribute parameter att1, thereby confirming whether there is a read permission for the physical address PA1, and if there is a read permission, the processing circuit 44 reads the DATA in the third memory 70 according to the physical address PA 1.
It should be noted that although in the foregoing embodiment, the attribute parameter att1 and the key information key _ info1 are respectively transmitted to the determining circuit 42 and the processing circuit 44 by the writing circuit 20/the reading circuit 30, in other embodiments, the determining circuit 42 and the processing circuit 44 may be controlled by the writing circuit 20/the reading circuit 30 to obtain the attribute parameter att1 and the key information key _ info1 from the first memory 41.
In addition, in a preferred embodiment, the first memory 41 and the second memory 45 are Static Random Access Memories (SRAM) because the first memory 41 and the second memory 45 require very fast read and write speeds, and the third memory 70 is a Dynamic Random Access Memory (DRAM) because the third memory 70 has a larger data size requirement and the DRAM is lower in cost. However, this is not a limitation of the present invention, and in other embodiments, the first memory 41 and the second memory 45 may be a dynamic random access memory, and the third memory 70 may be a static random access memory. In addition, although the address lookup table, the key lookup table and the permission lookup table are respectively stored in the first memory 41, the second memory 45 and the fourth memory in the embodiment, in another embodiment, the lookup tables may be respectively or commonly stored in the third memory 70, the access circuit 40 or another storage device independent from the access circuit 40 and the memory 70.
FIG. 4 is a flow chart of a method 400 for writing data using the data access system 10 shown in FIG. 1, the flow of the method 400 can be briefly summarized as follows.
Step 401, a physical address, an attribute parameter and a key information are obtained according to a virtual address lookup table corresponding to a data.
Step 402, a key is generated according to a trigger signal and stored in a key lookup table according to the key information.
Step 403, determining whether the data satisfies an encryption condition according to the attribute parameter, if yes, entering step 404; if not, go to step 405.
Step 404, obtaining a key from the key lookup table according to the key information to perform an encryption operation on the data to generate encrypted data, and writing the encrypted data into a memory according to the physical address.
Step 405, look-up a table according to a range information in the attribute parameters to obtain a permission information corresponding to the physical address.
Step 406, writing the data into the memory according to the physical address when the permission information indicates that there is a write permission for the physical address.
FIG. 5 is a flow chart of a method 500 for reading DATA DATA using the DATA access system 10 shown in FIG. 1, where the flow of the method 500 can be briefly summarized as follows.
Step 501, a physical address, an attribute parameter and a key information are obtained according to a virtual address lookup table corresponding to a data.
Step 502, judging whether the data meets an encryption condition according to the attribute parameter, if so, entering step 503; if not, go to step 505.
Step 503 is reading an encrypted data from a memory according to the physical address, and obtaining a key from the key lookup table according to the key information.
In step 504, a decryption operation is performed on the encrypted data according to the key to obtain the data.
Step 505, look-up a table according to a range information in the attribute parameters to obtain a permission information corresponding to the physical address.
Step 506, reading the data from the memory according to the physical address when the permission information indicates that the physical address has a read permission.
It should be noted that although the accessing circuit 40 in the embodiment shown in fig. 1 includes the determining circuit 42, the key generating circuit 43, and the processing circuit 44 to complete the accessing of the DATA, in other embodiments, the operations of the determining circuit 42, the key generating circuit 43, and the processing circuit 44 may be implemented by software, for example, the accessing circuit 40 may be a processor, and after loading a program code, the method flow for accessing the DATA shown in fig. 4 and 5 may be executed, and after reading the embodiments of fig. 1 to 5, a person skilled in the art should easily understand that the details of implementing the operations by software are omitted for brevity.
The above-mentioned embodiments are merely preferred embodiments of the present invention, and all equivalent changes and modifications made by the claims of the present invention should be covered by the scope of the present invention.

Claims (20)

1. A method for accessing data from a memory, the method being applied to a data access system, the method comprising:
performing table lookup according to a virtual address corresponding to the data to obtain a physical address, an attribute parameter and key information;
generating a key according to a trigger signal;
storing the key according to the key information;
judging whether the data meets an encryption condition according to the attribute parameters; and
when the data meets the encryption condition, an encryption operation is executed on the data according to the secret key to generate encrypted data, so that the data access system can write the encrypted data into the memory according to the physical address.
2. The method of claim 1, wherein the step of performing the encryption operation on the data according to the secret key to generate the encrypted data comprises:
the encryption operation is performed on the data using the physical address and the key to generate the encrypted data.
3. The method of claim 1, wherein the physical address is a first physical address, the method further comprising:
performing table lookup according to the virtual address to obtain a second physical address, wherein the step of performing the encryption operation on the data according to the key to generate the encrypted data comprises:
the encryption operation is performed on the data using the first physical address, the second physical address and the key to generate the encrypted data.
4. The method of claim 1, wherein the physical address is a first physical address, the key information is first key information, and the key is a first key, the method further comprising:
looking up a table according to the virtual address to obtain a second physical address and second key information;
generating a second key according to the trigger signal; and
storing the second key according to the second key information, wherein the step of performing the encryption operation on the data according to the first key to generate the encrypted data comprises:
the encryption operation is performed on the data using the first key and the second key to generate the encrypted data.
5. The method of claim 1, further comprising:
when the data does not meet the encryption condition, looking up a table according to range information in the attribute parameters to obtain authority information; and
and when the permission information indicates that the data access system has a write permission aiming at the physical address, writing the data into the memory according to the physical address.
6. The method of claim 1, further comprising:
looking up a table according to the key information to obtain the key;
reading the encrypted data from the memory according to the physical address; and
and executing a decryption operation on the encrypted data according to the secret key to generate the data.
7. The method of claim 6, wherein the step of performing the decryption operation on the encrypted data according to the key to generate the data comprises:
the decryption operation is performed on the encrypted data using the physical address and the key to generate the data.
8. The method of claim 6, wherein the physical address is a first physical address, the method further comprising:
performing table lookup according to the virtual address to obtain a second physical address, wherein the step of performing the decryption operation on the encrypted data according to the key to generate the data comprises:
and executing the decryption operation on the encrypted data according to the first physical address, the second physical address and the secret key to generate the data.
9. The method of claim 6, wherein the physical address is a first physical address, the key information is first key information, and the key is a first key, the method further comprising:
looking up a table according to the virtual address to obtain a second physical address and second key information; and
performing table lookup according to the second key information to obtain the second key, wherein the step of performing the decryption operation on the encrypted data according to the key to generate the data comprises:
the decryption operation is performed on the encrypted data using the first key and the second key to generate the data.
10. The method of claim 6, further comprising:
when the data does not meet the encryption condition, looking up a table according to range information in the attribute parameters to obtain authority information; and
and when the permission information indicates that the physical address of the data access system has a reading permission, reading the data from the memory according to the physical address.
11. An access circuit for performing a data access, wherein the data corresponds to at least one virtual address, comprising:
an address lookup table, wherein the at least one virtual address corresponds to at least one physical address, an attribute parameter and at least one key information stored in the address lookup table;
a judging circuit for receiving the attribute parameter, wherein the judging circuit judges whether the data satisfies an encryption condition according to the attribute parameter;
a key generating circuit for receiving the at least key information, wherein the key generating circuit generates a key corresponding to the key information when data is written; and
and the processing circuit is coupled to the key generation circuit, and when the data meets the encryption condition, the processing circuit generates encrypted data by performing an encryption operation on the data according to the key and writes the encrypted data into a memory according to the physical address.
12. The access circuit of claim 11, wherein the processing circuit performs the encryption operation on the data using the physical address and the key to generate the encrypted data, and writes the encrypted data to the memory according to the physical address.
13. The accessing circuit of claim 11, wherein the physical address is a first physical address, the key information is specific key information, the virtual address further corresponds to a second physical address, and the second physical address corresponds to the specific key information, the key generating circuit generates a specific key corresponding to the specific key information when the data is written, the processing circuit generates the encrypted data by performing the encryption operation on the data according to the specific key when the data satisfies the encryption condition, and writes the encrypted data into the memory according to the first physical address and the second physical address.
14. The access circuit of claim 11 wherein the data comprises a first data and a second data, the encrypted data includes a first encrypted data and a second encrypted data, the physical address is a first physical address, the key information is a first key information, the virtual address corresponds to a second physical address, and the second physical address corresponds to a second key information, the key generating circuit generates a first key corresponding to the first key information and a second key corresponding to the second key information, when the data satisfies the encryption condition, the processing circuit performs the encryption operation on the data to generate the encrypted data according to the first key and the second key, and writing the encrypted data into the memory according to the first physical address and the second physical address.
15. The access circuit of claim 11 wherein the attribute parameter comprises a range information, further comprising:
a permission lookup table for storing a permission information corresponding to the range information;
when the data is written and the judging circuit judges that the data does not accord with the encryption condition, the processing circuit is further used for obtaining the authority information in the authority lookup table according to the range information, and when the authority information indicates that the at least one physical address has a writing authority, the processing circuit writes the data according to the at least one physical address.
16. The access circuit of claim 11, wherein the determining circuit is further configured to determine whether the data satisfies the encryption condition according to the attribute parameter when the data is read, and the processing circuit is further configured to read the encrypted data according to the physical address and perform a decryption operation on the encrypted data according to the key to generate the data when the data satisfies the encryption condition.
17. The access circuit of claim 16, wherein when the data is read and the data satisfies the encryption condition, the processing circuit performs the decryption operation on the encrypted data to generate the data by using the physical address and the key when the encrypted data is generated according to the physical address and the key.
18. The accessing circuit of claim 16, wherein the physical address is a first physical address, the key information is specific key information, the virtual address further corresponds to a second physical address, the second physical address corresponds to the specific key information, when the data is read and the data satisfies the encryption condition, the processing circuit obtains a specific key corresponding to the specific key information, reads the encrypted data according to the first physical address and the second physical address, and performs the decryption operation on the encrypted data according to the specific key to generate the data.
19. The access circuit of claim 16 wherein the data comprises a first data and a second data, the encrypted data includes a first encrypted data and a second encrypted data, the physical address is a first physical address, the key information is a first key information, the virtual address is further corresponding to a second physical address, and the second physical address corresponds to a second key information, when the data is read and the data satisfies the encryption condition, the processing circuit reads the encrypted data according to the first physical address and the second physical address, and obtain a first key corresponding to the first key information and a second key corresponding to the second key information, and performs the decryption operation on the first encrypted data according to the first key to generate the first data, and performing the decryption operation on the second encrypted data according to the second key to generate the second data.
20. The access circuit of claim 16, wherein the attribute parameter comprises a range information, further comprising:
a permission lookup table for storing a permission information corresponding to the range information;
when the data does not satisfy the encryption condition, the processing circuit is further configured to obtain the permission information in the permission lookup table according to the range information in the attribute parameter, and when the permission information indicates that the physical address of the data access system has a read permission, the processing circuit reads the data from the memory according to the physical address.
CN201810685850.8A 2018-06-28 2018-06-28 Method for accessing data and related circuit Pending CN110659226A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810685850.8A CN110659226A (en) 2018-06-28 2018-06-28 Method for accessing data and related circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810685850.8A CN110659226A (en) 2018-06-28 2018-06-28 Method for accessing data and related circuit

Publications (1)

Publication Number Publication Date
CN110659226A true CN110659226A (en) 2020-01-07

Family

ID=69026390

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810685850.8A Pending CN110659226A (en) 2018-06-28 2018-06-28 Method for accessing data and related circuit

Country Status (1)

Country Link
CN (1) CN110659226A (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030061499A1 (en) * 2001-09-21 2003-03-27 Paul Durrant Data encryption and decryption
US20030133574A1 (en) * 2002-01-16 2003-07-17 Sun Microsystems, Inc. Secure CPU and memory management unit with cryptographic extensions
CN1588328A (en) * 2004-08-03 2005-03-02 威盛电子股份有限公司 Data encrypting/de-encrypling method and its device
CN1905073A (en) * 1999-04-27 2007-01-31 松下电器产业株式会社 Semiconductor memory card and data reading apparatus
CN101622595A (en) * 2006-12-06 2010-01-06 弗森多系统公司(dba弗森-艾奥) Apparatus, system, and method for storage space recovery in solid-state storage
CN102576569A (en) * 2009-08-21 2012-07-11 拉姆伯斯公司 In-situ memory annealing
CN102609368A (en) * 2012-01-11 2012-07-25 记忆科技(深圳)有限公司 Solid-state-drive data encryption and decryption method and solid state drive
CN105389265A (en) * 2014-08-25 2016-03-09 Hgst荷兰公司 Method and apparatus to generate zero content over garbage data when encryption parameters changed
CN106062768A (en) * 2014-02-28 2016-10-26 超威半导体公司 Cryptographic protection of information in a processing system
CN106599735A (en) * 2017-02-13 2017-04-26 珠海格力电器股份有限公司 Data protection device and method, and storage controller
CN107066396A (en) * 2015-10-15 2017-08-18 Arm 有限公司 Device and method for the caching of the physical markings that operate virtual index
CN107423228A (en) * 2016-01-14 2017-12-01 三星电子株式会社 The operating method of storage facilities and storage facilities
CN107526974A (en) * 2017-08-03 2017-12-29 致象尔微电子科技(上海)有限公司 A kind of information password protection device and method
CN107689237A (en) * 2016-08-04 2018-02-13 旺宏电子股份有限公司 Electronic installation and its memory circuitry and its operating method
US20180046823A1 (en) * 2016-08-11 2018-02-15 Intel Corporation Secure Public Cloud

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1905073A (en) * 1999-04-27 2007-01-31 松下电器产业株式会社 Semiconductor memory card and data reading apparatus
US20030061499A1 (en) * 2001-09-21 2003-03-27 Paul Durrant Data encryption and decryption
US20030133574A1 (en) * 2002-01-16 2003-07-17 Sun Microsystems, Inc. Secure CPU and memory management unit with cryptographic extensions
CN1588328A (en) * 2004-08-03 2005-03-02 威盛电子股份有限公司 Data encrypting/de-encrypling method and its device
CN101622595A (en) * 2006-12-06 2010-01-06 弗森多系统公司(dba弗森-艾奥) Apparatus, system, and method for storage space recovery in solid-state storage
CN102576569A (en) * 2009-08-21 2012-07-11 拉姆伯斯公司 In-situ memory annealing
CN102609368A (en) * 2012-01-11 2012-07-25 记忆科技(深圳)有限公司 Solid-state-drive data encryption and decryption method and solid state drive
CN106062768A (en) * 2014-02-28 2016-10-26 超威半导体公司 Cryptographic protection of information in a processing system
CN105389265A (en) * 2014-08-25 2016-03-09 Hgst荷兰公司 Method and apparatus to generate zero content over garbage data when encryption parameters changed
CN107066396A (en) * 2015-10-15 2017-08-18 Arm 有限公司 Device and method for the caching of the physical markings that operate virtual index
CN107423228A (en) * 2016-01-14 2017-12-01 三星电子株式会社 The operating method of storage facilities and storage facilities
CN107689237A (en) * 2016-08-04 2018-02-13 旺宏电子股份有限公司 Electronic installation and its memory circuitry and its operating method
US20180046823A1 (en) * 2016-08-11 2018-02-15 Intel Corporation Secure Public Cloud
CN106599735A (en) * 2017-02-13 2017-04-26 珠海格力电器股份有限公司 Data protection device and method, and storage controller
CN107526974A (en) * 2017-08-03 2017-12-29 致象尔微电子科技(上海)有限公司 A kind of information password protection device and method

Similar Documents

Publication Publication Date Title
US11200337B2 (en) System and method for user data isolation
US7107459B2 (en) Secure CPU and memory management unit with cryptographic extensions
CN109564553B (en) Multi-stage memory integrity method and apparatus
US20190384938A1 (en) Storage apparatus and method for address scrambling
EP2151763A1 (en) Method and apparatus for obfuscating virtual to physical memory mapping
US11416417B2 (en) Method and apparatus to generate zero content over garbage data when encryption parameters are changed
US20050251866A1 (en) Storage medium and method and apparatus for separately protecting data in different areas of the storage medium
US9071581B2 (en) Secure storage with SCSI storage devices
US20130081144A1 (en) Storage device and writing device
US11663145B2 (en) Off-chip memory address scrambling apparatus and method for system on chip
US20190377693A1 (en) Method to generate pattern data over garbage data when encryption parameters are changed
TW202001564A (en) Method for accessing data and associated circuit
CN109508145B (en) Memory access control using address aliases
CN110659226A (en) Method for accessing data and related circuit
US8707054B2 (en) Establishing a secure memory path in a unitary memory architecture
US9411984B2 (en) Cryptographic processing apparatus, cryptographic processing system, and cryptographic processing method
JP2022030661A (en) Memory system, control method, and information processing system
US20230214331A1 (en) Micro-controller chip and access method thereof
CN110447032B (en) Memory page translation monitoring between hypervisor and virtual machine
US20230274037A1 (en) Secure Flash Controller
CN108197483A (en) Data guard method, solid state disk
KR100398620B1 (en) Memory device having circuit for scrambling data
GB2622065A (en) Counter integrity tree

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200107