CN110995720A - Encryption method, device, host terminal and encryption chip - Google Patents
Encryption method, device, host terminal and encryption chip Download PDFInfo
- Publication number
- CN110995720A CN110995720A CN201911256094.8A CN201911256094A CN110995720A CN 110995720 A CN110995720 A CN 110995720A CN 201911256094 A CN201911256094 A CN 201911256094A CN 110995720 A CN110995720 A CN 110995720A
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- encrypted data
- chip
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Abstract
The application provides an encryption method, an encryption device, a host terminal and an encryption chip, wherein the encryption method comprises the following steps: sending a first encryption key to a host end; receiving first encrypted data sent by a host end, wherein the first encrypted data is data obtained by encrypting data to be encrypted by the host end according to a first encryption key; decrypting the first encrypted data to obtain original text data; encrypting the original text data by using a second encryption key to obtain target encrypted data; and sending the target encrypted data to the host side.
Description
Technical Field
The present application relates to the field of encryption technologies, and in particular, to an encryption method, an encryption device, a host and an encryption chip.
Background
With the improvement of various security attack means, particularly the occurrence of an attack method of accessing a logic analyzer to the bottom layer of a system, cracking hardware is directly connected into a circuit to collect data of external communication during the operation of an encryption system, and the correlation analysis of the data is carried out, so that confidential data in the communication process is obtained.
In order to solve the above problems, the prior art may reduce the risk of data by encrypting data for external communication.
Disclosure of Invention
In view of the above, an object of the present invention is to provide an encryption method, an encryption device, a host and an encryption chip. The effect of improving the security of the encryption process can be achieved.
In a first aspect, an embodiment provides an encryption method, including:
sending a first encryption key to a host end;
receiving first encrypted data sent by the host side, wherein the first encrypted data is data obtained by encrypting data to be encrypted by the host side according to the first encryption key;
decrypting the first encrypted data to obtain original text data;
encrypting the original text data by using a second encryption key to obtain target encrypted data;
and sending the target encrypted data to the host side.
In an optional implementation manner, the decrypting the first encrypted data to obtain the textual data includes:
acquiring a target algorithm in a prefabricated decryption algorithm according to the first encryption key;
and decrypting the first encrypted data according to the target algorithm to obtain original text data.
The encryption method provided by the embodiment of the application can also store various encryption algorithms in advance, and the specific algorithm can be determined according to the secret key, so that the algorithm is not unique, and the data security is improved.
In an optional embodiment, the sending the target encrypted data to the host side includes:
determining index information corresponding to the target encrypted data;
generating a data message according to the index information and the target encrypted data;
and sending the data message to the host side.
The encryption method provided by the embodiment of the application can further comprise index information, so that the encrypted data can be managed in order.
In an optional embodiment, encrypting the original text data by using a second encryption key to obtain target encrypted data includes:
randomly generating a string of random numbers;
determining a target encryption algorithm according to a first random number in the string of random numbers;
and using other random numbers except the first random number in the string of random numbers as a second encryption key, and encrypting the original text data by using the target encryption algorithm to obtain target encrypted data.
In the encryption method in this embodiment, the encryption algorithm may be determined according to different random numbers, and then other random numbers are used as the encryption key, so that the encryption difficulty may be increased, and the encryption security may be improved.
In an optional embodiment, the sending the first encryption key to the host includes:
receiving a request encryption message sent by the host end;
judging whether the request encryption message is abnormal or not;
and if the request message is not abnormal, sending a first encryption key to the host end.
The encryption method provided by the embodiment of the application can also detect the security condition of the host end, and only carry out the encryption process under the condition that the request encryption message sent by the host end is not abnormal, so that the security of the encryption process can be provided.
In an alternative embodiment, the method further comprises:
receiving a closing message sent by the host end;
and changing the current state of the encryption chip into an idle state according to the closing message.
The encryption method provided by the embodiment of the application can also perform adaptive adjustment on the working state, so that the encryption process can be managed in order, and the encryption process can be more accurate.
In an optional embodiment, the sending the first encryption key to the host includes:
judging whether the current state of the encryption chip is an idle state or not;
and if the current state of the encryption chip is an idle state, sending a first encryption key to the host end.
According to the encryption method provided by the embodiment of the application, a new round of encryption work is performed only in an idle state, so that encryption errors possibly caused by simultaneous multiple encryption are prevented.
In a second aspect, an embodiment provides an encryption method, including:
acquiring a first encryption key sent by an encryption chip;
encrypting target data through the first encryption key to obtain first encrypted data;
sending the first encrypted data to the encryption chip;
and receiving target encrypted data sent by the encryption chip, wherein the target encrypted data is obtained by encrypting original text data corresponding to the first encrypted data by the encryption chip through a second encryption key.
In an optional embodiment, before the obtaining the first encryption key sent by the encryption chip, the method further includes:
sending an encrypted message to the encryption chip;
the acquiring of the first encryption key sent by the encryption chip includes: and receiving a first encryption key sent by the encryption chip after judging that the encryption message is not abnormal.
In an alternative embodiment, the method further comprises:
and after receiving the target encryption data, sending a closing message to the encryption chip, wherein the closing message is used for representing the end of the current encryption process.
The encryption method provided by the embodiment of the application can also send a closing message to the encryption chip after encryption is completed, and informs the encryption chip of the completion of encryption, so that the end of an encryption process can be realized.
In a third aspect, an embodiment provides an encryption method, including:
the encryption chip sends a first encryption key to the host end;
the host side encrypts target data through the first encryption key to obtain first encrypted data;
the encryption chip decrypts the first encrypted data to obtain original text data;
the encryption chip encrypts the original text data by using a second encryption key to obtain target encrypted data;
and the encryption chip sends the target encryption data to the host end.
In a fourth aspect, an embodiment provides an encryption apparatus, including:
the first sending module is used for sending a first encryption key to the host end;
the first receiving module is used for receiving first encrypted data sent by the host end, wherein the first encrypted data is obtained by encrypting data to be encrypted by the host end according to the first encryption key;
the decryption module is used for decrypting the first encrypted data to obtain original text data;
the first encryption module is used for encrypting the original text data by using a second encryption key to obtain target encryption data;
and the second sending module is used for sending the target encrypted data to the host end.
In a fifth aspect, an embodiment provides an encryption apparatus, including:
the acquisition module is used for acquiring a first encryption key sent by the encryption chip;
the second encryption module is used for encrypting the target data through the first encryption key to obtain first encrypted data;
the third sending module is used for sending the first encrypted data to the encryption chip;
and the second receiving module is used for receiving target encrypted data sent by the encryption chip, wherein the target encrypted data is obtained by encrypting original text data corresponding to the first encrypted data by the encryption chip through a second encryption key.
In a sixth aspect, an embodiment provides a host end, configured to perform the steps of the method in any one of the foregoing embodiments.
In a seventh aspect, an embodiment provides an encryption chip, configured to perform the steps of the method in any one of the foregoing embodiments.
In an eighth aspect, an embodiment provides an electronic device, including:
the host end of the previous embodiment; and/or the presence of a gas in the gas,
the encryption chip according to the foregoing embodiment.
In a ninth aspect, embodiments provide a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, performs the steps of the method according to any of the preceding embodiments.
According to the encryption method, the encryption device, the host end, the encryption chip, the electronic device and the computer readable storage medium, a secret key is provided for the host end before encryption is adopted, so that data needing to be encrypted is in an encrypted state in a transmission process, plaintext data are prevented from being exposed in a communication link, and the security of the encryption process can be improved.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic diagram illustrating interaction between a host side and an encryption chip according to an embodiment of the present disclosure.
Fig. 2 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Fig. 3 is a flowchart of an encryption method according to a second embodiment of the present application.
Fig. 4 is a schematic diagram of functional modules of an encryption apparatus according to a third embodiment of the present application.
Fig. 5 is a flowchart of an encryption method according to the fourth embodiment of the present application.
Fig. 6 is a schematic functional block diagram of an encryption apparatus according to a fifth embodiment of the present application.
Fig. 7 is a flowchart of an encryption method according to a sixth embodiment of the present application.
Detailed Description
The technical solution in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example one
For the convenience of understanding the present embodiment, a detailed description will be given of an operating environment for executing an encryption method disclosed in the embodiments of the present application.
Fig. 1 is a schematic diagram illustrating the interaction between a host 110 and an encryption chip 120 according to an embodiment of the present disclosure. The host side 110 is communicatively coupled to one or more local terminals over a network for data communication or interaction.
The host end 110 may be a device having a communication module, and the host end 110 may communicate with the encryption chip 120 and may also communicate with other external devices having communication functions.
The encryption chip 120 may be a chip having one or more encryption functions. In this embodiment, the encryption chip can passively communicate with the host. For example, the encryption chip 120 may perform generation of a corresponding key or encryption of data according to an instruction of a message transmitted by the host 110, and then feed back a processing result to the host 110 in a form of a response message.
In this embodiment, the encryption chip 120 can only be accessed through the host 110.
As shown in fig. 2, is a block schematic diagram of an electronic device. For example, in addition to the electronic device 200 in the present embodiment including the host 110 and the encryption chip 120, the electronic device 200 may further include a memory 211, a memory controller 212, a processor 213, a peripheral interface 214, and an input/output unit 215. The host 110 may be a device formed by the memory 211, the memory controller 212, the processor 213, the peripheral interface 214, and the input/output unit 215 of the electronic device 200. It will be understood by those skilled in the art that the structure shown in fig. 2 is merely illustrative and is not intended to limit the structure of the electronic device 200. For example, electronic device 200 may also include more or fewer components than shown in FIG. 2, or have a different configuration than shown in FIG. 2.
The aforementioned memory 211, memory controller 212, processor 213, peripheral interface 214, and input/output unit 215 are electrically connected to each other directly or indirectly, so as to implement data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The processor 213 described above is used to execute the executable modules stored in the memory.
The Memory 211 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 211 is configured to store a program, and the processor 213 executes the program after receiving an execution instruction, and the method executed by the electronic device 200 according to the process definition disclosed in any embodiment of the present application may be applied to the processor 213, or implemented by the processor 213.
The processor 213 may be an integrated circuit chip having signal processing capability. The Processor 213 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The peripheral interface 214 couples various input/output devices to the processor 213 and to the memory 211. In some embodiments, the peripheral interface 214, the processor 213, and the memory controller 212 may be implemented in a single chip. In other examples, they may be implemented separately from the individual chips.
The input/output unit 215 is used to provide input data to the user. The input/output unit 215 may be, but is not limited to, a mouse, a keyboard, and the like.
The electronic device 200 in this embodiment may be configured to perform each step in each method provided in this embodiment. The implementation of the encryption method is described in detail below by several embodiments.
Example two
Please refer to fig. 3, which is a flowchart illustrating an encryption method according to an embodiment of the present application. The encryption method in this embodiment can be applied to an encryption chip. The specific flow shown in fig. 3 will be described in detail below.
In this embodiment, after receiving the request message sent by the host, the encryption chip sends a response message to the host. The response message carries the first encryption key.
In an embodiment, step 301 may include the following steps.
Step 3011, receive the request encryption message sent by the host.
In this embodiment, after receiving the request encryption message, the encryption chip may analyze the received request encryption message according to a defined data analysis rule.
Optionally, before encryption, the encryption chip and the host end may agree on a communication protocol, and when the encryption chip or the host end receives a message of an opposite party, the message may be parsed according to the agreed communication protocol.
Step 3012, determine whether the request encryption packet is abnormal.
Illustratively, the host side and the encryption chip may agree on the message format in advance, and implement formation of messages of different requests by setting different data flags.
In this embodiment, the exception of the packet may include: the message is incomplete, the message format is disordered, and the message is falsified, disordered, lost, repeated and the like.
Alternatively, it may be checked whether the format of the request encryption message is the same as the agreed message format, whether the configuration information of the request encryption message is correct, and the like.
Step 3013, if there is no exception in the request for encrypting the packet, send a first encryption key to the host.
In this embodiment, a random number may be randomly generated, where the random number is one to a number of a preset symmetric encryption algorithm. The random number serves as a first encryption key.
In an embodiment, step 301 may include the following steps.
Step 3014, determine whether the current state of the cryptographic chip is an idle state.
Alternatively, it may be checked whether the cryptographic chip currently has an ongoing cryptographic job.
Illustratively, a state code can be stored in the encryption chip, and when the encryption chip starts encryption work, the state code is updated to a first value; and when the encryption chip finishes working, the state code is updated to a second value.
For example, whether an encryption unit in the encryption chip is in an operating state may be directly checked, and if the encryption unit is not in the operating state, it may be determined that the current state of the encryption chip is in an idle state.
Step 3015, if the current state of the encryption chip is an idle state, send a first encryption key to the host.
Optionally, the state of the service that can be normally provided can be fed back to the host side.
Optionally, before sending the first encryption key to the host, the storage area capacity in the encryption chip may be checked, and if the storage area capacity is smaller than a set value, the encryption operation may not be performed any more.
Optionally, before sending the first encryption key to the host, the received request encryption message, the state of the encryption chip, and the storage area capacity of the encryption chip may be checked, and the first encryption key may be sent to the host only when the request encryption message is not abnormal, the state of the encryption chip is in an idle state, and the storage area capacity is not less than a set value.
The first encrypted data is data obtained by encrypting data to be encrypted by the host side according to the first encryption key.
Optionally, step 303 may include: and acquiring a target algorithm in a pre-manufactured decryption algorithm according to the first encryption key, and decrypting the first encrypted data according to the target algorithm to obtain the original text data.
In this embodiment, different encryption keys may use different encryption algorithms correspondingly. The first encrypted data may also be decrypted using a corresponding decryption algorithm for a different key encryption chip.
Alternatively, different encryption and decryption algorithms may be matched according to the length of the key. Different encryption algorithms and decryption algorithms can also be adapted according to the value of the key.
In this embodiment, the encryption chip may store a plurality of encryption algorithms and decryption algorithms in advance, and the decryption algorithms are used to decrypt the received encrypted data sent by the host. An encryption algorithm may be used to encrypt data that needs to be encrypted.
And step 304, encrypting the original text data by using a second encryption key to obtain target encrypted data.
In this embodiment, a random number may be randomly generated, and the random number may be used as the second encryption key.
In this embodiment, the encryption chip may store a plurality of different encryption modes. Different encryption keys may correspond to different encryption modes.
In this embodiment, before encryption, a corresponding encryption algorithm may be determined according to the determined second encryption key.
Optionally, step 304 may include: randomly generating a first string of random numbers; determining a target encryption algorithm according to a first random number in the first string of random numbers; and using other random numbers except the first random number in the first string of random numbers as a second encryption key, and encrypting the original text data by using the target encryption algorithm to obtain target encrypted data.
Optionally, step 304 may include: randomly generating a second string of random numbers; determining a target encryption algorithm according to a random number in the second string of random numbers; and using the second string of random numbers as a second encryption key, and encrypting the original text data by using the target encryption algorithm to obtain target encrypted data.
Optionally, step 305 may include: determining index information corresponding to the target encrypted data; generating a data message according to the index information and the target encrypted data; and sending the data message to the host side.
In this embodiment, after obtaining the target encrypted data, the second encryption key, the random number generated when the second encryption key is determined, and the index information corresponding to the target encrypted data may be stored.
The index information may be an index number, for example. The host end can read the encrypted data which is encrypted in the encryption chip through the index number.
The stored data can be conveniently read by the host side by configuring the index information for the encrypted data.
In this embodiment, in order to avoid an access error of encrypted data, a sequential processing manner may be adopted, so that a possible access error caused by simultaneous execution of multiple tasks may be avoided.
Illustratively, the encryption method of the present embodiment further includes: receiving a closing message sent by the host end; and changing the current state of the encryption chip into an idle state according to the closing message.
Alternatively, the current state of the encryption chip may be recorded by a state code.
By the method in the embodiment, the safety of the encryption function of the hardware module is improved. Firstly, the method in this embodiment can prefabricate a plurality of groups of symmetric encryption algorithms in advance, and in actual operation, the adopted encryption algorithm is unpredictable, and the encryption algorithm is selected by a preset program according to a random number generated at random. The encrypted key is also a randomly generated random number, resulting in randomness of the key, so that security of encrypted data can be improved.
Further, each module corresponding to the encryption method in this embodiment may be integrated into an encryption chip, and the encryption chip may be embedded into any device to implement encryption of data to be transmitted in the device, thereby improving the adaptability of encryption.
Furthermore, the method in this implementation uses the encryption chip to encrypt the data in the host end, and the encryption chip is directly connected with the host end, and the encryption chip can only be accessed through the host end, thereby ensuring the security of the encryption algorithm.
When the data reaches the host end, the host end requests the encryption chip to return a random number (serving as a first encryption key), and the random number returned by the encryption chip is used for selecting a pre-established encryption algorithm to encrypt the communicated data. In the transmission process, the data to be protected is in an encrypted state, only encrypted data and random numbers appear in a communication link, and the cracking difficulty is improved.
The method in the embodiment can also use a self-defined message format, the message content replaces different data marks according to different requests, and the integrity of the data is verified, so that no error occurs in the data transmission process, and the accuracy of the data is improved.
EXAMPLE III
Based on the same application concept, an encryption device corresponding to the encryption method is further provided in the embodiment of the present application, and since the principle of solving the problem of the device in the embodiment of the present application is similar to that in the embodiment of the encryption method, the implementation of the device in the embodiment of the present application may refer to the description in the embodiment of the method, and repeated details are not described again.
Please refer to fig. 4, which is a schematic diagram of functional modules of an encryption apparatus according to an embodiment of the present application. Each module in the encryption device in this embodiment is configured to perform each step in the above method embodiment. The encryption device comprises a first sending module 401, a first receiving module 402, a decryption module 403, a first encryption module 404 and a second sending module 405; wherein the content of the first and second substances,
a first sending module 401, configured to send a first encryption key to a host;
a first receiving module 402, configured to receive first encrypted data sent by the host, where the first encrypted data is obtained by encrypting, by the host, data to be encrypted according to the first encryption key;
a decryption module 403, configured to decrypt the first encrypted data to obtain original text data;
a first encryption module 404, configured to encrypt the original text data by using a second encryption key to obtain target encrypted data;
a second sending module 405, configured to send the target encrypted data to the host side.
In a possible implementation manner, the decryption module 403 is configured to:
acquiring a target algorithm in a prefabricated decryption algorithm according to the first encryption key;
and decrypting the first encrypted data according to the target algorithm to obtain original text data.
In a possible implementation manner, the second sending module 405 is configured to:
determining index information corresponding to the target encrypted data;
generating a data message according to the index information and the target encrypted data;
and sending the data message to the host side.
In one possible implementation, the first sending module 401 is configured to:
receiving a request encryption message sent by the host end;
judging whether the request encryption message is abnormal or not;
and if the request message is not abnormal, sending a first encryption key to the host end.
In a possible implementation manner, the encryption apparatus of this embodiment may further include: an update module 406 to:
receiving a closing message sent by the host end;
and changing the current state of the encryption chip into an idle state according to the closing message.
In one possible implementation, the first sending module 401 is configured to:
judging whether the current state of the encryption chip is an idle state or not;
and if the current state of the encryption chip is an idle state, sending a first encryption key to the host end.
Example four
The embodiment of the present application provides an encryption method, which is similar to the encryption method in the second embodiment, but the difference is that the encryption method in the second embodiment is based on a method written on the side of the encryption chip, and the embodiment is based on a method on the side of the host end communicating with the encryption chip. As shown in fig. 5, the method in the present embodiment includes the following steps.
In this embodiment, the host and the encryption chip may agree on a communication protocol in advance.
Optionally, the first encryption key may be packaged in an acknowledgement message. After receiving the response message, the response message may be parsed through a pre-agreed communication protocol to obtain the first encryption key.
Optionally, the response message may further include information indicating the current state of the cryptographic chip. If the encryption chip is characterized to be in an idle state currently, or the encryption chip can be in a running state of providing service normally.
Before step 502, the encryption method of this embodiment further includes: step 501, sending an encrypted message to the encryption chip.
Step 502 includes: and receiving a first encryption key sent by the encryption chip after judging that the encryption message is not abnormal.
In this embodiment, the target data may be data that needs to be encrypted by the encryption chip.
In this embodiment, the host side and the encryption chip may have a plurality of encryption algorithms in agreement, and each algorithm may correspond to one type of encryption key.
Optionally, an encryption algorithm may also be selected based on the first encryption key. Step 504 may include: and according to the determined encryption algorithm, encrypting the target data by using the second encryption key.
Alternatively, the encryption algorithm used in the host side is simpler than the encryption algorithm used by the cryptographic chip.
In this embodiment, the second encryption key may be embedded in the specified position of the encrypted first encrypted data.
In this embodiment, the first encrypted data may be combined into an encrypted message according to a communication protocol agreed with the host, and the encrypted message is sent to the encryption chip.
And step 508, receiving the target encrypted data sent by the encryption chip.
In this embodiment, the target encrypted data is obtained by encrypting, by the encryption chip, original text data corresponding to the first encrypted data by using a second encryption key.
The encryption method of the embodiment may further include: step 509, after receiving the target encrypted data, sending a close message to the encryption chip.
Illustratively, the close message is used to characterize the end of the current encryption flow.
The encryption method in this embodiment is similar to that in the second embodiment, and other details about this embodiment may refer to the description in the second embodiment, and are not repeated herein.
EXAMPLE five
Based on the same application concept, an encryption device corresponding to the encryption method is further provided in the embodiment of the present application, and since the principle of solving the problem of the device in the embodiment of the present application is similar to that in the embodiment of the encryption method, the implementation of the device in the embodiment of the present application may refer to the description in the embodiment of the method, and repeated details are not described again.
Please refer to fig. 6, which is a schematic diagram of functional modules of an encryption apparatus according to an embodiment of the present application. Each module in the encryption device in this embodiment is configured to perform each step in the above method embodiment. The encryption device includes: an obtaining module 601, a second encrypting module 602, a third sending module 603 and a second receiving module 604, wherein,
an obtaining module 601, configured to obtain a first encryption key sent by an encryption chip;
a second encryption module 602, configured to encrypt target data by using the first encryption key to obtain first encrypted data;
a third sending module 603, configured to send the first encrypted data to the encryption chip;
a second receiving module 604, configured to receive the target encrypted data sent by the cryptographic chip.
And the target encrypted data is obtained by encrypting the original text data corresponding to the first encrypted data by the encryption chip through a second encryption key.
In an optional implementation manner, the encryption apparatus in this embodiment further includes: a fourth sending module 605, configured to send an encrypted message to the encryption chip;
the obtaining module 601 is configured to receive a first encryption key sent by the encryption chip after determining that the encrypted packet is not abnormal.
In an optional implementation manner, the encryption apparatus of this embodiment further includes: a fifth sending module 606, configured to send a close message to the encryption chip after receiving the target encrypted data, where the close message is used to indicate that a current encryption process is ended.
EXAMPLE six
The embodiment of the present application provides an encryption method, which is similar to the encryption method in the second embodiment, but the difference is that the encryption method in the second embodiment is based on a method written on one side of an encryption chip, and the embodiment is based on a method of an electronic device including the encryption chip and a host side. As shown in fig. 7, the method in the present embodiment includes the following steps.
Step 702, the encryption chip sends a first encryption key to the host.
Before step 702, the method may further include: in step 701, the host sends a request message to the encryption chip.
And when the encryption chip detects that the received request encryption message is not abnormal, the first encryption key is sent to the host.
Step 704, the host encrypts the target data through the first encryption key to obtain first encrypted data.
Step 705, the host side sends the first encrypted data to the encryption chip.
Step 706, the encryption chip decrypts the first encrypted data to obtain the original text data.
And step 708, the encryption chip encrypts the original text data by using a second encryption key to obtain target encrypted data.
And step 710, the encryption chip sends the target encrypted data to the host side.
For other details of the encryption method of this embodiment, reference may be further made to the descriptions in embodiment two and embodiment four, and details are not repeated here.
In addition, an encryption chip is further provided in the embodiments of the present application, and is used to execute the steps in the encryption method provided in the second embodiment.
The embodiment of the present application further provides a host, configured to execute the steps in the encryption method provided in the fourth embodiment.
Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program performs the steps of the encryption method in the foregoing method embodiments.
The computer program product of the encryption method provided in the embodiment of the present application includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the steps of the encryption method described in the above method embodiment, which may be specifically referred to in the above method embodiment, and details are not described here again.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (17)
1. An encryption method, applied to an encryption chip, includes:
sending a first encryption key to a host end;
receiving first encrypted data sent by the host side, wherein the first encrypted data is data obtained by encrypting data to be encrypted by the host side according to the first encryption key;
decrypting the first encrypted data to obtain original text data;
encrypting the original text data by using a second encryption key to obtain target encrypted data;
and sending the target encrypted data to the host side.
2. The method according to claim 1, wherein the decrypting the first encrypted data to obtain original text data comprises:
acquiring a target algorithm in a prefabricated decryption algorithm according to the first encryption key;
and decrypting the first encrypted data according to the target algorithm to obtain original text data.
3. The method according to claim 1, wherein said sending said target encrypted data to said host side comprises:
determining index information corresponding to the target encrypted data;
generating a data message according to the index information and the target encrypted data;
and sending the data message to the host side.
4. The method of claim 1, wherein encrypting the textual data using a second encryption key to obtain target encrypted data comprises:
randomly generating a string of random numbers;
determining a target encryption algorithm according to a first random number in the string of random numbers;
and using other random numbers except the first random number in the string of random numbers as a second encryption key, and encrypting the original text data by using the target encryption algorithm to obtain target encrypted data.
5. The method according to any one of claims 1 to 4, wherein the sending the first encryption key to the host comprises:
receiving a request encryption message sent by the host end;
judging whether the request encryption message is abnormal or not;
and if the request message is not abnormal, sending a first encryption key to the host end.
6. The method according to any one of claims 1-4, further comprising:
receiving a closing message sent by the host end;
and changing the current state of the encryption chip into an idle state according to the closing message.
7. The method according to claim 6, wherein the sending the first encryption key to the host comprises:
judging whether the current state of the encryption chip is an idle state or not;
and if the current state of the encryption chip is an idle state, sending a first encryption key to the host end.
8. An encryption method, comprising:
acquiring a first encryption key sent by an encryption chip;
encrypting target data through the first encryption key to obtain first encrypted data;
sending the first encrypted data to the encryption chip;
and receiving target encrypted data sent by the encryption chip, wherein the target encrypted data is obtained by encrypting original text data corresponding to the first encrypted data by the encryption chip through a second encryption key.
9. The method according to claim 8, wherein before the obtaining the first encryption key sent by the encryption chip, the method further comprises:
sending an encrypted message to the encryption chip;
the acquiring of the first encryption key sent by the encryption chip includes: and receiving a first encryption key sent by the encryption chip after judging that the encryption message is not abnormal.
10. The method of claim 8, further comprising:
and after receiving the target encryption data, sending a closing message to the encryption chip, wherein the closing message is used for representing the end of the current encryption process.
11. An encryption method, comprising:
the encryption chip sends a first encryption key to the host end;
the host side encrypts target data through the first encryption key to obtain first encrypted data;
the encryption chip decrypts the first encrypted data to obtain original text data;
the encryption chip encrypts the original text data by using a second encryption key to obtain target encrypted data;
and the encryption chip sends the target encryption data to the host end.
12. An encryption apparatus, comprising:
the first sending module is used for sending a first encryption key to the host end;
the first receiving module is used for receiving first encrypted data sent by the host end, wherein the first encrypted data is obtained by encrypting data to be encrypted by the host end according to the first encryption key;
the decryption module is used for decrypting the first encrypted data to obtain original text data;
the first encryption module is used for encrypting the original text data by using a second encryption key to obtain target encryption data;
and the second sending module is used for sending the target encrypted data to the host end.
13. An encryption apparatus, comprising:
the acquisition module is used for acquiring a first encryption key sent by the encryption chip;
the second encryption module is used for encrypting the target data through the first encryption key to obtain first encrypted data;
the third sending module is used for sending the first encrypted data to the encryption chip;
and the second receiving module is used for receiving target encrypted data sent by the encryption chip, wherein the target encrypted data is obtained by encrypting original text data corresponding to the first encrypted data by the encryption chip through a second encryption key.
14. A host side, characterized by being configured to perform the steps of the method of any of claims 1 to 7.
15. A cryptographic chip for performing the steps of the method of any one of claims 8 to 10.
16. An electronic device, comprising:
the host-side of claim 14; and/or the presence of a gas in the gas,
the cryptographic chip of claim 15.
17. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, is adapted to carry out the steps of the method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911256094.8A CN110995720B (en) | 2019-12-09 | 2019-12-09 | Encryption method, device, host terminal and encryption chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911256094.8A CN110995720B (en) | 2019-12-09 | 2019-12-09 | Encryption method, device, host terminal and encryption chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110995720A true CN110995720A (en) | 2020-04-10 |
| CN110995720B CN110995720B (en) | 2022-09-23 |
Family
ID=70091646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911256094.8A Active CN110995720B (en) | 2019-12-09 | 2019-12-09 | Encryption method, device, host terminal and encryption chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110995720B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112887077A (en) * | 2021-01-20 | 2021-06-01 | 深圳安捷丽新技术有限公司 | Random cache security method and circuit for SSD (solid State disk) master control chip |
| CN114172664A (en) * | 2021-12-07 | 2022-03-11 | 北京天融信网络安全技术有限公司 | Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and storage medium |
| CN114953787A (en) * | 2021-11-12 | 2022-08-30 | 珠海艾派克微电子有限公司 | Chip, device and data transmission method |
| WO2022261878A1 (en) * | 2021-06-16 | 2022-12-22 | 华为技术有限公司 | Method for using artificial intelligence model and related apparatus |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1863040A (en) * | 2005-07-14 | 2006-11-15 | 华为技术有限公司 | Method and apparatus for ensuring information safety of safety coalition |
| US20080267396A1 (en) * | 2007-04-24 | 2008-10-30 | Samsung Electronics Co., Ltd. | Method of sharing bus key and apparatus therefor |
| US20100042828A1 (en) * | 2008-08-18 | 2010-02-18 | Fujitsu Limited | Document data encryption method and document data encryption system |
| CN103905183A (en) * | 2014-03-05 | 2014-07-02 | 北京深思数盾科技有限公司 | Method for improving safety of communication transmission of embedded encryption chip |
| CN104410616A (en) * | 2014-11-20 | 2015-03-11 | 广州日滨科技发展有限公司 | Method and system for encrypting, decrypting and transmitting data |
| CN105681253A (en) * | 2014-11-18 | 2016-06-15 | 北京海尔广科数字技术有限公司 | Data encryption transmission method, equipment and gateway in centralized network |
| CN106302422A (en) * | 2016-08-08 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Business encryption and decryption method and device |
| CN108234132A (en) * | 2017-12-07 | 2018-06-29 | 深圳市中易通安全芯科技有限公司 | The safe communication system and method for a kind of main control chip and encryption chip |
| CN109241760A (en) * | 2018-09-28 | 2019-01-18 | 北京北信源信息安全技术有限公司 | Data ciphering method, decryption method, encryption device and decryption device |
| CN110035061A (en) * | 2019-03-07 | 2019-07-19 | 北京华安普特网络科技有限公司 | Trust server information processing method and system |
| CN110084054A (en) * | 2019-05-08 | 2019-08-02 | 深圳豪杰创新电子有限公司 | A kind of data privacy device, method, electronic equipment and storage medium |
-
2019
- 2019-12-09 CN CN201911256094.8A patent/CN110995720B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1863040A (en) * | 2005-07-14 | 2006-11-15 | 华为技术有限公司 | Method and apparatus for ensuring information safety of safety coalition |
| US20080267396A1 (en) * | 2007-04-24 | 2008-10-30 | Samsung Electronics Co., Ltd. | Method of sharing bus key and apparatus therefor |
| US20100042828A1 (en) * | 2008-08-18 | 2010-02-18 | Fujitsu Limited | Document data encryption method and document data encryption system |
| CN103905183A (en) * | 2014-03-05 | 2014-07-02 | 北京深思数盾科技有限公司 | Method for improving safety of communication transmission of embedded encryption chip |
| CN105681253A (en) * | 2014-11-18 | 2016-06-15 | 北京海尔广科数字技术有限公司 | Data encryption transmission method, equipment and gateway in centralized network |
| CN104410616A (en) * | 2014-11-20 | 2015-03-11 | 广州日滨科技发展有限公司 | Method and system for encrypting, decrypting and transmitting data |
| CN106302422A (en) * | 2016-08-08 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Business encryption and decryption method and device |
| CN108234132A (en) * | 2017-12-07 | 2018-06-29 | 深圳市中易通安全芯科技有限公司 | The safe communication system and method for a kind of main control chip and encryption chip |
| CN109241760A (en) * | 2018-09-28 | 2019-01-18 | 北京北信源信息安全技术有限公司 | Data ciphering method, decryption method, encryption device and decryption device |
| CN110035061A (en) * | 2019-03-07 | 2019-07-19 | 北京华安普特网络科技有限公司 | Trust server information processing method and system |
| CN110084054A (en) * | 2019-05-08 | 2019-08-02 | 深圳豪杰创新电子有限公司 | A kind of data privacy device, method, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 邱成相,李春: "计算机网络中数据加密技术的应用研究", 《中国管理信息化》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112887077A (en) * | 2021-01-20 | 2021-06-01 | 深圳安捷丽新技术有限公司 | Random cache security method and circuit for SSD (solid State disk) master control chip |
| CN112887077B (en) * | 2021-01-20 | 2023-04-21 | 深圳安捷丽新技术有限公司 | SSD main control chip random cache confidentiality method and circuit |
| WO2022261878A1 (en) * | 2021-06-16 | 2022-12-22 | 华为技术有限公司 | Method for using artificial intelligence model and related apparatus |
| CN114953787A (en) * | 2021-11-12 | 2022-08-30 | 珠海艾派克微电子有限公司 | Chip, device and data transmission method |
| CN114172664A (en) * | 2021-12-07 | 2022-03-11 | 北京天融信网络安全技术有限公司 | Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and storage medium |
| CN114172664B (en) * | 2021-12-07 | 2024-02-09 | 天融信雄安网络安全技术有限公司 | Data encryption and data decryption methods and devices, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110995720B (en) | 2022-09-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2019381268B2 (en) | Systems and methods for distributed data storage and delivery using blockchain | |
| CN110995720B (en) | Encryption method, device, host terminal and encryption chip | |
| CN110493197B (en) | Login processing method and related equipment | |
| CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
| US10491403B2 (en) | Data loss prevention with key usage limit enforcement | |
| CN102163268B (en) | The term of execution verifying software code the method and apparatus of integrality | |
| US8959659B2 (en) | Software authorization system and method | |
| US11374975B2 (en) | TLS integration of post quantum cryptographic algorithms | |
| CN108880806A (en) | Encryption and decryption method, chip and readable storage medium storing program for executing | |
| CN111294203B (en) | Information transmission method | |
| US9853811B1 (en) | Optimistic key usage with correction | |
| CN108494793B (en) | Network access method, device and system | |
| WO2017006118A1 (en) | Secure distributed encryption system and method | |
| CN114244522A (en) | Information protection method and device, electronic equipment and computer readable storage medium | |
| CN111404892B (en) | Data supervision method and device and server | |
| CN111787005A (en) | Dynamic encrypted secure login method and device | |
| US8862893B2 (en) | Techniques for performing symmetric cryptography | |
| CN110708273B (en) | Data encryption and decryption method and data encryption and decryption system | |
| CN115391795A (en) | Data processing method, related device and medium | |
| CN108259490B (en) | Client verification method and device | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| CN109862015B (en) | Information transmission method and device | |
| CN116188009A (en) | National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium | |
| CN111526122A (en) | Data monitoring method, device, equipment and medium | |
| CN116032532A (en) | Method, device, equipment and computer storage medium for authorizing air download service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |