CN111130784A - Key generation method and device, CPU chip and server - Google Patents
Key generation method and device, CPU chip and server Download PDFInfo
- Publication number
- CN111130784A CN111130784A CN201911362096.5A CN201911362096A CN111130784A CN 111130784 A CN111130784 A CN 111130784A CN 201911362096 A CN201911362096 A CN 201911362096A CN 111130784 A CN111130784 A CN 111130784A
- Authority
- CN
- China
- Prior art keywords
- key
- virtual machine
- physical address
- generate
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The embodiment of the invention provides a secret key generation method and device, a CPU chip and a server, relates to the technical field of computers, and can effectively improve the security of data storage. The key generation method comprises the following steps: acquiring virtual machine user parameters of a virtual machine running on a host machine and a host machine key of the host machine; and obfuscating the virtual machine user parameter and the host key to generate a first key. The invention is applicable to data storage applications.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for generating a secret key, a CPU chip, and a server.
Background
At present, the mainstream method for encrypting data of a DRAM memory is to encrypt the data by a fixed key mode. The encryption mode has the advantages of high encryption speed and almost no influence on the read-write performance of the memory; however, the encryption strength is not enough, and the key is easily obtained by an attacker, so that great hidden danger is caused to the data security of the user.
Disclosure of Invention
In view of this, embodiments of the present invention provide a key generation method and apparatus, a CPU chip, and a server, which can effectively improve security of data storage.
In a first aspect, an embodiment of the present invention provides a key generation method, including: acquiring virtual machine user parameters of a virtual machine running on a host machine and a host machine key of the host machine; and obfuscating the virtual machine user parameter and the host key to generate a first key.
Optionally, after generating the first key, the method further includes: acquiring a target physical address when data to be written into a memory is written into the memory; and obfuscating the target physical address and the first key to generate a second key.
Optionally, after generating the second key, the method further includes: receiving a first switching signal, and selecting the first key as an encryption key for encrypting the data; and receiving a second switching signal, and selecting the second key as an encryption key for encrypting the data.
Optionally, after generating the first key, the method further includes: acquiring a target physical address when data to be read out from a memory is read out from the memory; and obfuscating the target physical address and the first key to generate a second key.
Optionally, after generating the second key, the method further includes: receiving a first switching signal, and selecting the first key as a decryption key for decrypting the data; and receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data.
Optionally, the obfuscating the target physical address and the first key to generate a second key includes: linearly obfuscating and/or nonlinearly obfuscating the target physical address and the first secret key to generate a second secret key; or, expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
Optionally, the obfuscating the virtual machine user parameter and the host key to generate a first key includes: linearly obfuscating and/or nonlinearly obfuscating the virtual machine user parameters and the host key to generate a first key; or, expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
In a second aspect, an embodiment of the present invention further provides a key generation apparatus, including: a first obtaining unit, configured to obtain a virtual machine user parameter of a virtual machine running on a host and a host key of the host; and the first obfuscating unit is used for obfuscating the virtual machine user parameter and the host key to generate a first key.
Optionally, the key generation apparatus further includes: a second acquisition unit configured to acquire a target physical address at the time when data to be written in the memory is written in the memory after the first key is generated; and the second obfuscating unit is used for obfuscating the target physical address and the first key to generate a second key.
Optionally, the key generation apparatus further includes: a selection unit for: receiving a first switching signal, and selecting the first key as an encryption key for encrypting the data; after generating the second key, a second switching signal is received, the second key being selected as an encryption key for encrypting the data.
Optionally, the key generation apparatus further includes: a second acquisition unit configured to acquire a target physical address at the time when data to be read out from the memory is read out from the memory after the first key is generated; and the second obfuscating unit is used for obfuscating the target physical address and the first key to generate a second key.
Optionally, the key generation apparatus further includes: a selection unit for: receiving a first switching signal, and selecting the first key as a decryption key for decrypting the data; or after generating the second key, receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data.
Optionally, the second obfuscating unit includes: a first obfuscation module, configured to perform linear obfuscation and/or non-linear obfuscation on the target physical address and the first key to generate a second key; or, a second obfuscation module to: expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
Optionally, the first obfuscating unit includes: the third obfuscating module is used for performing linear obfuscation and/or non-linear obfuscation on the virtual machine user parameter and the host key to generate a first key; or, a fourth obfuscation module to: expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
In a third aspect, an embodiment of the present invention further provides a CPU chip, including: a memory controller to: acquiring virtual machine user parameters of a virtual machine running on a host machine and a host machine key of the host machine; and obfuscating the virtual machine user parameter and the host key to generate a first key.
Optionally, the CPU chip further includes: a processor core for sending a target physical address to the memory controller when data to be written into a memory is written into the memory; the memory controller is further configured to obfuscate the target physical address with the first key to generate a second key.
Optionally, the processor core is further configured to send a first switching signal or the second switching signal to the memory controller; the memory controller is further configured to receive a first switching signal, and select the first key as an encryption key for encrypting the data; or receiving a second switch signal, and selecting the second key as an encryption key for encrypting the data.
Optionally, the CPU chip further includes: a processor core for transmitting to the memory controller a target physical address at which data to be read from the memory is read from the memory; the memory controller is further configured to obfuscate the target physical address with the first key to generate a second key.
Optionally, the processor core is further configured to send a first switching signal or the second switching signal to the memory controller; the memory controller is further configured to receive a first switching signal, and select the first key as a decryption key for decrypting the data; or receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data.
Optionally, the memory controller is specifically configured to: linearly obfuscating and/or nonlinearly obfuscating the target physical address and the first secret key to generate a second secret key; or, expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
Optionally, the memory controller is specifically configured to: linearly obfuscating and/or nonlinearly obfuscating the virtual machine user parameters and the host key to generate a first key; or, expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
In a fourth aspect, an embodiment of the present invention further provides a server, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the server; the memory is used for storing executable program codes; the processor is any one of the CPU chips provided by the embodiment of the invention.
The key generation method, the key generation device, the CPU chip and the server provided by the embodiment of the invention can acquire the virtual machine user parameters of the virtual machine running on the host and the host key of the host, and mix the virtual machine user parameters with the host key to generate the first key. In this way, the host key can be scrambled using the virtual machine user parameter to generate the first key. In the whole process, the first secret key can not be stored in the medium, so that the opportunity of reading or tampering from the outside is avoided, the probability of obtaining or cracking the first secret key is greatly reduced, and the safety of data storage is effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a key generation method according to an embodiment of the present invention;
fig. 2 is a detailed flowchart of a key generation method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a key generation apparatus according to an embodiment of the present invention;
fig. 4 is another schematic structural diagram of a key generation apparatus according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a CPU chip according to an embodiment of the present invention;
fig. 6 is another schematic structural diagram of a CPU chip according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In a first aspect, an embodiment of the present invention provides a key generation apparatus, which can effectively improve security of data storage.
As shown in fig. 1, a key generation method provided by an embodiment of the present invention may include:
s11, acquiring virtual machine user parameters of a virtual machine running on a host machine and a host key of the host machine;
optionally, in an embodiment of the present invention, multiple virtual machines may be run on one host, each virtual machine may be logged in and used by one virtual machine user at the same time, and after the virtual machine user logs out, the virtual machine may be logged in and used by other virtual machine users, where each virtual machine user corresponds to one virtual machine user parameter.
After the user logs in the virtual machine for the first time, the host computer can generate a string of virtual machine user parameters for the user, or the user can set the string of virtual machine user parameters by himself. Optionally, the virtual machine user parameter may be, for example, a binary number with a preset bit width or a binary number that can be converted into a preset bit width. The user then logs into the virtual machine and can use the virtual machine user parameters to generate a key to access the memory. The user parameters of the virtual machine can be input by a user when the memory is read and written, or can be stored in a preset register in advance, and when the user logs in the virtual machine and passes the identity authentication, the preset register can be accessed.
Optionally, the user parameters corresponding to different virtual machine users may be the same or different, but each virtual machine user only knows the virtual machine user parameter of itself, but cannot know the virtual machine user parameters of other users, thereby implementing user isolation of the key.
Optionally, in an embodiment of the present invention, after the user logs in the virtual machine, the virtual machine may generate a random number and use the random number as a virtual machine user parameter of the user. The random number generator for generating the random number may be implemented by software, or may be implemented by hardware based on discrete circuit elements, a single chip, an FPGA, and the like, which is not limited in the embodiments of the present invention.
For example, in another embodiment of the invention, an m-bit binary number [ m-1:0 ] may be reserved based on the number n of users logged into the virtual machine]Wherein n is 2m. And randomly selecting one virtual machine user parameter from the reserved binary number as the new user every time a new user logs in the virtual machine for the first time. For example, if m is 3 and n is 8, the bit width of the virtual machine user parameter is 3, specifically [2:0 ]]The method comprises the following steps: the 8 virtual machine user parameters 000, 001, 010, 011, 100, 101, 110, 111 are used to distinguish 8 different users. After a new user logs in the virtual machine for the first time, a virtual machine user parameter, for example, the virtual machine user parameter 101 selected as the user, may be randomly selected from the 8 virtual machine user parameters. Then the user still uses 101 as the virtual machine user parameter the next time he logs in to the virtual machine.
In order to further improve the security, in an embodiment of the present invention, virtual machine user parameters with a larger bit width may be set as needed, for example, the bit width is 32 bits, 64 bits, 128 bits, and the like, so that more values of the virtual machine user parameters of each user are possible, and the key generated according to the values is less prone to be cracked.
Optionally, in another embodiment of the present invention, the virtual machine user parameter may also be generated according to some user information. Such user information may include, for example, a user name, a registration time, an IP address of a first login, etc.
The method for generating the virtual machine user parameters can be used independently or in combination. For example, the virtual machine user parameters may be generated partly based on user information and partly randomly.
The virtual machine user parameter provides one factor in generating the first key, and another factor in generating the first key is the host key. In particular, the host key may identify different hosts that have different host keys, while virtual machines on the same host correspond to the same host key. The host key may be directly issued by an administrator and stored in a preset register of the host. Optionally, in this step, when the host key is obtained, the host key issued by the administrator may be received, and the host key may be read from the preset register.
S12, obfuscating the virtual machine user parameter and the host key to generate a first key.
After the host key and the virtual machine user parameter are obtained, the host key and the virtual machine user parameter can be obfuscated, so that the first key is generated. Alternatively, the garbled operation may be any circuit structure capable of implementing the garbled operation, and the garbled operation may be a linear garbled operation, a nonlinear garbled operation, or both a linear garbled operation and a nonlinear garbled operation.
The key generation method provided by the embodiment of the invention can acquire the virtual machine user parameters of the virtual machine running on the host machine and the host machine key of the host machine, and confuses the virtual machine user parameters with the host machine key to generate the first key. In this way, the host key can be scrambled using the virtual machine user parameter to generate the first key. In the whole process, the first secret key does not need to be stored in the medium, so that the opportunity of reading or tampering from the outside is avoided, the probability of obtaining or cracking the first secret key is greatly reduced, and the safety of data storage is effectively improved.
Specifically, in one embodiment of the present invention, in step S12, obfuscating the virtual machine user parameter and the host key, and generating the first key may include: and linearly obfuscating and/or nonlinearly obfuscating the virtual machine user parameters and the host key to generate a first key.
Optionally, the operations performed by the linear obfuscation may include one or more of: shifting, splicing, logical operation and the like; non-linear obfuscation may include one or more of: look-up tables, multiplications, modulo, etc. The combination and execution sequence of the linear operations and/or the non-linear operations performed to generate the first key are not limited. For example, in one embodiment of the present invention, the host key X1 may be shifted 3 bits to the left to obtain X2, the virtual machine user parameter Y1 may be shifted 10 bits to the right to obtain Y2, and X2 and Y2 may be concatenated with each other to generate X2Y 2. Then, the multiplication of X2Y2 with the predetermined value is performed, and then the left shift is performed by 7 bits.
To further improve security, in an embodiment of the present invention, in step S12, obfuscating the virtual machine user parameter and the host key, and generating the first key may include: expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
Optionally, specific rules of bit width expansion may be various, for example, in an embodiment of the present invention, all or part of the numbers in the virtual machine user parameter may be copied multiple times, and expanded to the upper bits, the lower bits, or both ends, respectively, for example, 1101 is expanded to 1101, 1101, 1101, or when the copied numbers are expanded in the bit width, part of the numbers therein may be vacated, and then the vacated numbers are uniformly complemented by 0 or 1, etc., for example, 1101 is expanded to 11010, 11010, 11010 (vacant complement 0), etc.
Of course, in other embodiments of the present invention, if the bit width of the host key itself is smaller than the preset bit width threshold, bit width expansion may also be performed on the host key. The data bit width of the expanded virtual machine user parameter may be equal to or different from the data bit width of the host key. The expanded virtual machine user parameters may be obfuscated with the host key. The specific obfuscation operation is similar to that in the previous embodiment, and has been described in detail above, and is not described again here.
In the embodiment of the invention, the expanded virtual machine user parameters and the host key are mixed to generate the first key, and the mixing operation can be very complicated and is difficult to reversely decode, so that the safety of the key can be effectively improved, and the safety of data storage is greatly improved.
Optionally, in order to further improve the security of data storage, in an embodiment of the present invention, the scrambling may be further continued on the basis of the first key to generate a new key. For example, when data is read from or written to the memory, the data has a corresponding memory address in the memory, and the first key may be further scrambled by the memory address to generate the second key.
The following describes in detail the key generation method provided by the embodiment of the present invention in terms of writing data into the memory and reading data from the memory, respectively.
Specifically, in an embodiment of the present invention, after generating the first key, the key generation method provided by the present invention may further include: acquiring a target physical address when data to be written into a memory is written into the memory; and obfuscating the target physical address and the first key to generate a second key.
Alternatively, the target physical address may be a data storage physical address determined according to the memory read instruction, that is, which address unit is to be written with data, and which corresponding address unit is to be strobed. For example, in one embodiment of the invention, if it is determined that data needs to be written to the memory cell with physical address 1011011011111001 according to the logical address in the memory read instruction, 1011011011111001 is the target physical address. When data needs to be written into the next memory cell, that is, data is stored into the memory cell with the physical address of 1011011011111010, 1011011011111010 is the target physical address.
The key generation method provided by the embodiment of the invention can continue scrambling on the basis of the first key by using the address information, so that different storage units in the memory have different physical addresses, scrambling processing means for the first key are different, and the generated second key is also different. That is, the keys used for data encryption of the data in each storage unit are different, and each storage unit has its own key, so that the data security of the memory is greatly improved.
The first secret key and the second secret key can effectively improve the data security of the memory, the first secret key is obtained through one-time confusion, and the second secret key is obtained through two-time secret key confusion, so that the security and the like of the second secret key are higher than those of the first secret key. Optionally, in the embodiment of the present invention, the first key or the second key may be selected to be used according to different requirements of a user on data security. For example, for a movie file, if the security requirement is not too high, the first key may be selected for encryption, and for financial information, if the security requirement is high, the second key may be used for encryption.
For example, in an embodiment of the present invention, after generating the second key, the key generation method provided in an embodiment of the present invention may further include: receiving a first switching signal, and selecting the first key as an encryption key for encrypting the data; and receiving a second switching signal, and selecting the second key as an encryption key for encrypting the data. The first switching signal is different from the second switching signal, for example, the first switching signal may be high level, and the second switching signal may be low level, or vice versa.
Accordingly, the case of reading data from the memory is similar to the case of writing data to the memory. In an embodiment of the present invention, after generating the first key, the key generation method provided by the present invention may further include: acquiring a target physical address when data to be read out from a memory is read out from the memory; and obfuscating the target physical address and the first key to generate a second key.
Similarly, in the embodiment of the present invention, the first key or the second key may be selected to be used according to different requirements of the user on data security. For example, for a movie file, if the security requirement is not too high, the first key may be selected for encryption, and for financial information, if the security requirement is high, the second key may be used for encryption.
For example, in an embodiment of the present invention, after generating the second key, the key generation method provided in an embodiment of the present invention may further include: receiving a first switching signal, and selecting the first key as a decryption key for decrypting the data; and receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data. The first switching signal is different from the second switching signal, for example, the first switching signal may be high level, and the second switching signal may be low level, or vice versa.
Optionally, in the foregoing embodiment, obfuscating the target physical address and the first key, and generating the second key may include: and linearly obfuscating and/or nonlinearly obfuscating the target physical address and the first secret key to generate a second secret key. Or, obfuscating the target physical address and the first key, and generating the second key may also include: expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
Optionally, in an embodiment of the present invention, the operation performed by the linear obfuscation may include one or more of the following: shifting, splicing, logical operation and the like; non-linear obfuscation may include one or more of: look-up tables, multiplications, modulo, etc. The combination and execution sequence of the linear operations and/or nonlinear operations performed to generate the second key are not limited. For example, in an embodiment of the present invention, the first key M1 may be first input into a lookup table element table1 to obtain M2, the target physical address N1 is input into a shift element R2 and shifted to the right by 4 bits to obtain N2, then M2 and N2 are input into an exclusive or gate to obtain P2, then P2 is input into the lookup table element table2 to obtain P3 output, and P3 is the second key.
Optionally, in the embodiment of the present invention, specific rules of bit width expansion may be varied, as long as the original physical address is converted into a binary number with a preset bit width according to the preset rules. For details, reference may be made to the bit width extension description of the virtual machine user parameters, which are similar to each other, but the specific algorithm may be different.
Of course, in other embodiments of the present invention, if the bit width of the host key itself is smaller than the preset bit width threshold, bit width expansion may also be performed on the host key. The data bit width of the expanded virtual machine user parameter may be equal to or different from the data bit width of the host key. The expanded virtual machine user parameters may be obfuscated with the host key. The specific obfuscation operation is similar to that in the previous embodiment, and has been described in detail above, and is not described again here.
In the key generation method provided by the embodiment of the invention, each virtual machine user does not know the key actually used by the user and does not know the keys of other virtual machine users, so that the key isolation effect is achieved. Optionally, the memory access key may be the first key or the second key. Different virtual machine users correspond to different first keys when encrypted or decrypted using the first keys. When the second key is used for encryption or decryption, even if the same user uses the same virtual machine, the different second keys are corresponding to the same user as long as the accessed memory addresses are different, namely, each memory unit has the own key. The first key and the second key can be generated by a hardware circuit, the key provided for the encryption and decryption operation unit is only known by hardware, software is not known, and the security is further improved. In addition, nonlinear operation can be introduced in the generation process of the first key and the second key, and since the nonlinear operation has irreversibility, the information such as addresses, virtual machine user parameters and the like is difficult to reverse-push through the keys, so that the decoding difficulty index is increased, and the security of the memory data is effectively improved.
The following briefly describes an operation method of a key generation device according to an embodiment of the present invention with reference to a specific embodiment.
As shown in fig. 2, a key generation method provided by an embodiment of the present invention may include:
s201, a user logs in the virtual machine, and after identity authentication is passed, corresponding virtual machine user parameters and a host key are obtained from a preset register.
S202, the virtual machine user parameters are mixed with the host key to generate a first key.
S203, the user inputs a file storage instruction to store the file1 in the memory.
S204, the virtual machine analyzes the file storage instruction, obtains that the security level of the file storage instruction is a first security level, and confirms to use the first secret key to encrypt the file.
S205, the virtual machine encrypts the file1 by using the first key to form a ciphertext F1, and then stores the ciphertext F1 into the address 1.
S206, the user inputs a file reading instruction to read the file2 from the storage.
And S207, the virtual machine analyzes the file reading instruction, knows that the security level of the file reading instruction is a second security level, and determines to use a second key for decryption.
S208, the virtual machine acquires a storage address2 of the file2, and encrypts the first key according to the address of each storage unit to generate a second key corresponding to each storage unit;
optionally, the address2 may be the address of the first memory cell of the file2, and the addresses of other memory cells may be obtained by adding an offset to the address 2. The addresses corresponding to different memory cells are different.
S209, the virtual machine decrypts the content in each storage unit in the file2 by using the second key corresponding to each storage unit to form a plaintext file F2, and F2 is provided for the user.
Accordingly, in a second aspect, as shown in fig. 3, an embodiment of the present invention further provides a key generation apparatus, including:
a first obtaining unit 31, configured to obtain a virtual machine user parameter of a virtual machine running on a host and a host key of the host;
a first obfuscating unit 32, configured to obfuscate the virtual machine user parameter and the host key to generate a first key.
The key generation device provided by the embodiment of the invention can acquire the virtual machine user parameters of the virtual machine running on the host and the host key of the host, and confuse the virtual machine user parameters with the host key to generate the first key. In this way, the host key can be scrambled using the virtual machine user parameter to generate the first key. In the whole process, the first secret key can not be stored in the medium, so that the opportunity of reading or tampering from the outside is avoided, the probability of obtaining or cracking the first secret key is greatly reduced, and the safety of data storage is effectively improved.
Optionally, as shown in fig. 4, the key generation apparatus may further include: a second acquisition unit 33 for acquiring a target physical address at the time when data to be written in the memory is written in the memory after the first key is generated; a second obfuscating unit 34, configured to obfuscate the target physical address with the first key to generate a second key.
Optionally, the key generating apparatus may further include a selecting unit 35, configured to: receiving a first switching signal, and selecting the first key as an encryption key for encrypting the data; after generating the second key, a second switching signal is received, the second key being selected as an encryption key for encrypting the data.
Optionally, the key generation apparatus may further include:
a second acquisition unit 33 for acquiring a target physical address at the time when data to be read out from the memory is read out from the memory after the first key is generated;
a second obfuscating unit 34, configured to obfuscate the target physical address with the first key to generate a second key.
Optionally, the key generating apparatus may further include a selecting unit 35, configured to: receiving a first switching signal, and selecting the first key as a decryption key for decrypting the data; or after generating the second key, receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data.
Optionally, the second obfuscating unit 34 may include:
a first obfuscation module, configured to perform linear obfuscation and/or non-linear obfuscation on the target physical address and the first key to generate a second key;
alternatively, the first and second electrodes may be,
a second obfuscation module to: expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
Optionally, the first obfuscating unit 32 includes:
the third obfuscating module is used for performing linear obfuscation and/or non-linear obfuscation on the virtual machine user parameter and the host key to generate a first key;
alternatively, the first and second electrodes may be,
a fourth obfuscation module to: expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
Accordingly, in a third aspect, as shown in fig. 5, an embodiment of the present invention further provides a CPU chip, including: a memory controller 41 for: acquiring virtual machine user parameters of a virtual machine running on a host machine and a host machine key of the host machine; and obfuscating the virtual machine user parameter and the host key to generate a first key.
The CPU chip provided in the embodiment of the present invention can acquire a virtual machine user parameter of a virtual machine running on a host and a host key of the host, and confuse the virtual machine user parameter with the host key to generate a first key. In this way, the host key can be scrambled using the virtual machine user parameter to generate the first key. In the whole process, the first secret key can not be stored in the medium, so that the opportunity of reading or tampering from the outside is avoided, the probability of obtaining or cracking the first secret key is greatly reduced, and the safety of data storage is effectively improved.
Optionally, as shown in fig. 6, the CPU chip may further include a processor core 42, configured to send, to the memory controller, a target physical address when data to be written into the memory is written into the memory; the memory controller 41 is further configured to obfuscate the target physical address with the first key to generate a second key.
Optionally, the processor core 42 may be further configured to send the first switching signal or the second switching signal to the memory controller; the memory controller 41 is further configured to receive a first switching signal, and select the first key as an encryption key for encrypting the data; or receiving a second switch signal, and selecting the second key as an encryption key for encrypting the data.
Optionally, the CPU chip may further include a processor core 42 for sending, to the memory controller, a target physical address at which data to be read from the memory is read from the memory; the memory controller 41 is further configured to obfuscate the target physical address with the first key to generate a second key.
Optionally, the processor core 42 may be further configured to send the first switching signal or the second switching signal to the memory controller 41; the memory controller 41 may be further configured to receive a first switching signal, and select the first key as a decryption key for decrypting the data; or receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data.
Optionally, the memory controller 41 may be specifically configured to: linearly obfuscating and/or nonlinearly obfuscating the target physical address and the first secret key to generate a second secret key; or, expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
Optionally, the memory controller 41 may be specifically configured to: linearly obfuscating and/or nonlinearly obfuscating the virtual machine user parameters and the host key to generate a first key; or, expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
Accordingly, in a fourth aspect, as shown in fig. 7, a server provided in an embodiment of the present invention may include: the electronic device comprises a shell 61, a processor 62, a memory 63, a circuit board 64 and a power circuit 65, wherein the circuit board 64 is arranged inside a space enclosed by the shell 61, and the processor 62 and the memory 63 are arranged on the circuit board 64; a power supply circuit 65 for supplying power to each circuit or device of the electronic apparatus; the memory 63 is used to store executable program code; the processor 62 is any one of the CPU chips provided in the previous embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the module embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment.
For convenience of description, the above modules are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (22)
1. A method of key generation, comprising:
acquiring virtual machine user parameters of a virtual machine running on a host machine and a host machine key of the host machine;
and obfuscating the virtual machine user parameter and the host key to generate a first key.
2. The key generation method of claim 1, wherein after generating the first key, the method further comprises:
acquiring a target physical address when data to be written into a memory is written into the memory;
and obfuscating the target physical address and the first key to generate a second key.
3. The key generation method of claim 2, wherein after generating the second key, the method further comprises:
receiving a first switching signal, and selecting the first key as an encryption key for encrypting the data;
and receiving a second switching signal, and selecting the second key as an encryption key for encrypting the data.
4. The key generation method of claim 1, wherein after generating the first key, the method further comprises:
acquiring a target physical address when data to be read out from a memory is read out from the memory;
and obfuscating the target physical address and the first key to generate a second key.
5. The key generation method of claim 4, wherein after generating the second key, the method further comprises:
receiving a first switching signal, and selecting the first key as a decryption key for decrypting the data;
and receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data.
6. The key generation method of any of claims 2 to 5, wherein obfuscating the target physical address from the first key to generate a second key comprises:
linearly obfuscating and/or nonlinearly obfuscating the target physical address and the first secret key to generate a second secret key;
alternatively, the first and second electrodes may be,
expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
7. The key generation method of any of claims 1 to 5, wherein obfuscating the virtual machine user parameter from the host key to generate a first key comprises:
linearly obfuscating and/or nonlinearly obfuscating the virtual machine user parameters and the host key to generate a first key;
alternatively, the first and second electrodes may be,
expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
8. A key generation apparatus, comprising:
a first obtaining unit, configured to obtain a virtual machine user parameter of a virtual machine running on a host and a host key of the host;
and the first obfuscating unit is used for obfuscating the virtual machine user parameter and the host key to generate a first key.
9. The key generation apparatus according to claim 8, further comprising:
a second acquisition unit configured to acquire a target physical address at the time when data to be written in the memory is written in the memory after the first key is generated;
and the second obfuscating unit is used for obfuscating the target physical address and the first key to generate a second key.
10. The key generation apparatus according to claim 9, further comprising:
a selection unit for: receiving a first switching signal, and selecting the first key as an encryption key for encrypting the data; after generating the second key, a second switching signal is received, the second key being selected as an encryption key for encrypting the data.
11. The key generation apparatus according to claim 8, further comprising:
a second acquisition unit configured to acquire a target physical address at the time when data to be read out from the memory is read out from the memory after the first key is generated;
and the second obfuscating unit is used for obfuscating the target physical address and the first key to generate a second key.
12. The key generation apparatus according to claim 11, further comprising:
a selection unit for: receiving a first switching signal, and selecting the first key as a decryption key for decrypting the data; or after generating the second key, receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data.
13. The key generation apparatus according to any one of claims 9 to 12, wherein the second obfuscating unit includes:
a first obfuscation module, configured to perform linear obfuscation and/or non-linear obfuscation on the target physical address and the first key to generate a second key;
alternatively, the first and second electrodes may be,
a second obfuscation module to: expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
14. The key generation apparatus according to any one of claims 8 to 12, wherein the first obfuscating unit includes:
the third obfuscating module is used for performing linear obfuscation and/or non-linear obfuscation on the virtual machine user parameter and the host key to generate a first key;
alternatively, the first and second electrodes may be,
a fourth obfuscation module to: expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
15. A CPU chip, comprising:
a memory controller to: acquiring virtual machine user parameters of a virtual machine running on a host machine and a host machine key of the host machine; and obfuscating the virtual machine user parameter and the host key to generate a first key.
16. The CPU chip of claim 15, further comprising:
a processor core for sending a target physical address to the memory controller when data to be written into a memory is written into the memory;
the memory controller is further configured to obfuscate the target physical address with the first key to generate a second key.
17. The CPU chip of claim 16,
the processor core is further used for sending a first switching signal or the second switching signal to the memory controller;
the memory controller is further configured to receive a first switching signal, and select the first key as an encryption key for encrypting the data; or receiving a second switch signal, and selecting the second key as an encryption key for encrypting the data.
18. The CPU chip of claim 15, further comprising:
a processor core for transmitting to the memory controller a target physical address at which data to be read from the memory is read from the memory;
the memory controller is further configured to obfuscate the target physical address with the first key to generate a second key.
19. The CPU chip of claim 18, wherein the processor core is further configured to send a first switching signal or the second switching signal to the memory controller;
the memory controller is further configured to receive a first switching signal, and select the first key as a decryption key for decrypting the data; or receiving a second switching signal, and selecting the second key as a decryption key for decrypting the data.
20. The CPU chip according to any one of claims 16 to 19, wherein the memory controller is specifically configured to:
linearly obfuscating and/or nonlinearly obfuscating the target physical address and the first secret key to generate a second secret key;
alternatively, the first and second electrodes may be,
expanding the data bit width of the target physical address according to a preset rule to obtain a target physical address with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the target physical address subjected to the bit width expansion and the first key to generate the second key.
21. The CPU chip according to any one of claims 15 to 19, wherein the memory controller is specifically configured to:
linearly obfuscating and/or nonlinearly obfuscating the virtual machine user parameters and the host key to generate a first key;
alternatively, the first and second electrodes may be,
expanding the data bit width of the virtual machine user parameter according to a preset rule to obtain a virtual machine user parameter with the expanded bit width; and performing linear confusion and/or nonlinear confusion on the virtual machine user parameters subjected to the bit width expansion and the host key to generate the first key.
22. A server, comprising: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the server; the memory is used for storing executable program codes; the processor is the CPU chip of any one of claims 8 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911362096.5A CN111130784B (en) | 2019-12-25 | 2019-12-25 | Key generation method and device, CPU chip and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911362096.5A CN111130784B (en) | 2019-12-25 | 2019-12-25 | Key generation method and device, CPU chip and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111130784A true CN111130784A (en) | 2020-05-08 |
| CN111130784B CN111130784B (en) | 2023-08-08 |
Family
ID=70502681
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911362096.5A Active CN111130784B (en) | 2019-12-25 | 2019-12-25 | Key generation method and device, CPU chip and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111130784B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112748984A (en) * | 2020-12-28 | 2021-05-04 | 海光信息技术股份有限公司 | Virtual machine data processing method, virtual machine data control method, processor, chip, device and medium |
| CN113434876A (en) * | 2021-06-22 | 2021-09-24 | 海光信息技术股份有限公司 | Data encryption method and device, memory controller, chip and electronic equipment |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6014739A (en) * | 1997-10-27 | 2000-01-11 | Advanced Micro Devices, Inc. | Increasing general registers in X86 processors |
| CN103154963A (en) * | 2010-10-05 | 2013-06-12 | 惠普发展公司,有限责任合伙企业 | Scrambling an address and encrypting write data for storing in a storage device |
| US8613056B2 (en) * | 2006-05-26 | 2013-12-17 | Cisco Technology, Inc. | Extensible authentication and authorization of identities in an application message on a network device |
| CN104025499A (en) * | 2011-12-02 | 2014-09-03 | 株式会社东芝 | Device and authentication method therefor |
| US8838550B1 (en) * | 2011-06-27 | 2014-09-16 | Amazon Technologies, Inc. | Readable text-based compression of resource identifiers |
| CN104639516A (en) * | 2013-11-13 | 2015-05-20 | 华为技术有限公司 | Method, equipment and system for authenticating identities |
| CN108418679A (en) * | 2017-02-10 | 2018-08-17 | 阿里巴巴集团控股有限公司 | The method, apparatus and electronic equipment of key are handled under a kind of multiple data centers |
| CN108768620A (en) * | 2018-03-26 | 2018-11-06 | 海光信息技术有限公司 | A kind of data processing method and device |
| WO2018213744A2 (en) * | 2017-05-18 | 2018-11-22 | Visa International Service Association | Reducing compromise of sensitive data in virtual machine |
| US20190004973A1 (en) * | 2017-06-28 | 2019-01-03 | Intel Corporation | Multi-key cryptographic memory protection |
| CN109558740A (en) * | 2017-09-25 | 2019-04-02 | 英特尔公司 | The systems, devices and methods of multi-key cipher memory encryption for page-granular, software control |
| US10262161B1 (en) * | 2014-12-22 | 2019-04-16 | Amazon Technologies, Inc. | Secure execution and transformation techniques for computing executables |
| CN109656840A (en) * | 2018-12-21 | 2019-04-19 | 成都海光集成电路设计有限公司 | A kind of device of data encrypting and deciphering, method, storage medium and data-storage system |
| CN109933574A (en) * | 2019-02-27 | 2019-06-25 | 常州猛犸电动科技有限公司 | A kind of unique key generation method, device and terminal device |
| CN110380854A (en) * | 2019-08-12 | 2019-10-25 | 南京芯驰半导体科技有限公司 | For root key generation, partition method and the root key module of multiple systems |
-
2019
- 2019-12-25 CN CN201911362096.5A patent/CN111130784B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6014739A (en) * | 1997-10-27 | 2000-01-11 | Advanced Micro Devices, Inc. | Increasing general registers in X86 processors |
| US8613056B2 (en) * | 2006-05-26 | 2013-12-17 | Cisco Technology, Inc. | Extensible authentication and authorization of identities in an application message on a network device |
| CN103154963A (en) * | 2010-10-05 | 2013-06-12 | 惠普发展公司,有限责任合伙企业 | Scrambling an address and encrypting write data for storing in a storage device |
| US8838550B1 (en) * | 2011-06-27 | 2014-09-16 | Amazon Technologies, Inc. | Readable text-based compression of resource identifiers |
| CN104025499A (en) * | 2011-12-02 | 2014-09-03 | 株式会社东芝 | Device and authentication method therefor |
| CN104639516A (en) * | 2013-11-13 | 2015-05-20 | 华为技术有限公司 | Method, equipment and system for authenticating identities |
| US10262161B1 (en) * | 2014-12-22 | 2019-04-16 | Amazon Technologies, Inc. | Secure execution and transformation techniques for computing executables |
| CN108418679A (en) * | 2017-02-10 | 2018-08-17 | 阿里巴巴集团控股有限公司 | The method, apparatus and electronic equipment of key are handled under a kind of multiple data centers |
| WO2018213744A2 (en) * | 2017-05-18 | 2018-11-22 | Visa International Service Association | Reducing compromise of sensitive data in virtual machine |
| US20190004973A1 (en) * | 2017-06-28 | 2019-01-03 | Intel Corporation | Multi-key cryptographic memory protection |
| CN109558740A (en) * | 2017-09-25 | 2019-04-02 | 英特尔公司 | The systems, devices and methods of multi-key cipher memory encryption for page-granular, software control |
| CN108768620A (en) * | 2018-03-26 | 2018-11-06 | 海光信息技术有限公司 | A kind of data processing method and device |
| CN109656840A (en) * | 2018-12-21 | 2019-04-19 | 成都海光集成电路设计有限公司 | A kind of device of data encrypting and deciphering, method, storage medium and data-storage system |
| CN109933574A (en) * | 2019-02-27 | 2019-06-25 | 常州猛犸电动科技有限公司 | A kind of unique key generation method, device and terminal device |
| CN110380854A (en) * | 2019-08-12 | 2019-10-25 | 南京芯驰半导体科技有限公司 | For root key generation, partition method and the root key module of multiple systems |
Non-Patent Citations (3)
| Title |
|---|
| SHUHUI ZHANG ECT.: "A KVM Virtual Machine Memory Forensics Method Based on VMCS", 《2014 TENTH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY》 * |
| 佟吉钢; 张振新; 陈增强; 孙青林: "网络视频流混沌加密系统的FPGA设计实现", 《哈尔滨工程大学学报》 * |
| 糜玉林, 朱爱红, 李连: "一个用于数据库加密分组加密算法的研究与实现", 计算机工程, no. 08 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112748984A (en) * | 2020-12-28 | 2021-05-04 | 海光信息技术股份有限公司 | Virtual machine data processing method, virtual machine data control method, processor, chip, device and medium |
| CN113434876A (en) * | 2021-06-22 | 2021-09-24 | 海光信息技术股份有限公司 | Data encryption method and device, memory controller, chip and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111130784B (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2904732B1 (en) | System for generating a cryptographic key from a memory used as a physically unclonable function | |
| CN105187364B (en) | Protect whitepack implementation not under fire | |
| CN110650010B (en) | Method, device and equipment for generating and using private key in asymmetric key | |
| US10097342B2 (en) | Encoding values by pseudo-random mask | |
| EP3174238B1 (en) | Protecting white-box feistel network implementation against fault attack | |
| US8681975B2 (en) | Encryption method and apparatus using composition of ciphers | |
| CN106953723B (en) | Splitting and merging method for preventing DFA attack | |
| EP3099002A1 (en) | Diversifying control flow of white-box implementation | |
| CN106888081B (en) | Wide coding of intermediate values within white-box implementations | |
| JP2001514834A (en) | Secure deterministic cryptographic key generation system and method | |
| EP3125462A1 (en) | Balanced encoding of intermediate values within a white-box implementation | |
| US11258579B2 (en) | Method and circuit for implementing a substitution table | |
| CN110505054B (en) | Data processing method, device and equipment based on dynamic white box | |
| CN107273724B (en) | Watermarking input and output of white-box implementations | |
| CN105978680B (en) | Encryption operation method for encryption key | |
| CN111130784B (en) | Key generation method and device, CPU chip and server | |
| EP3035584A1 (en) | Using single white-box implementation with multiple external encodings | |
| Gu et al. | White-box cryptography: practical protection on hostile hosts | |
| CN107968793B (en) | Method, device and storage medium for downloading white box key | |
| Agnihotri et al. | A secure document archive implemented using multiple encryption | |
| US11431478B2 (en) | Encryption and decryption system, encryption device, decryption device and encryption and decryption method | |
| Pandey et al. | Data security using various cryptography Techniques: A Recent Survey | |
| KR20170103321A (en) | Order preserving encryption method and apparatus with enhanced security | |
| EP2940919B1 (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
| EP4307155A1 (en) | Method and circuit for protecting an electronic device from a side-channel attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |