CN111400717B

CN111400717B - Data reading method and related device

Info

Publication number: CN111400717B
Application number: CN202010144970.4A
Authority: CN
Inventors: 杜朝晖; 应志伟
Original assignee: Haiguang Information Technology Co Ltd
Current assignee: Haiguang Information Technology Co Ltd
Priority date: 2019-12-23
Filing date: 2020-03-04
Publication date: 2022-03-22
Anticipated expiration: 2040-03-04
Also published as: CN111368346A; CN111400717A

Abstract

The embodiment of the invention provides a data reading method and a related device, wherein the data reading method comprises the following steps: receiving at least data to be read and a memory read data authentication code of the data to be read; the data to be read comprises at least one data packet to be read, and the data packets to be read are received in parallel; storing the data to be read, generating read integrity information of the data to be read by using the data to be read, generating a processor read data authentication code at least based on the shared secret key and the read integrity information, and storing each data packet to be written into as parallel storage; and when the memory read data authentication code is equal to the processor read data authentication code, confirming the integrity of the data to be read. Therefore, the method for receiving and storing each data packet to be read in parallel can be utilized to improve the efficiency of receiving and storing data between the processor chip and the memory.

Description

Data reading method and related device

Technical Field

The present invention relates to the field of computer systems, and in particular, to a data reading method and related apparatus.

Background

In the existing computer system, data integrity needs to be guaranteed when the processor chip and the memory are mutually transmitted. Because the processor chip may read the wrong data if the integrity of the data is not guaranteed. By modifying the data sent by the memory, an attacker can utilize the vulnerability to invade the computer system.

An existing method for ensuring data integrity is that a memory generates an authentication code containing integrity information of data to be read by using all data to be read, and sends the authentication code and all data to be read to a processor chip, but corresponding integrity information can be generated only by reading all data to be read by an encryption storage unit of the memory, and the amount of data which can be processed in the memory at the same time is limited, so that the receiving and storing efficiency of the data is low.

Therefore, how to improve the efficiency of receiving and storing data between the processor chip and the memory on the premise of ensuring the integrity of the data becomes a technical problem that needs to be solved by those skilled in the art.

Disclosure of Invention

The technical problem to be solved by the embodiment of the invention is how to improve the receiving and storing efficiency of data between a processor chip and a memory on the premise of ensuring the integrity of the data.

In order to solve the above problem, an embodiment of the present invention provides a data reading method, including:

receiving at least data to be read and a memory read data authentication code of the data to be read; the data to be read comprises at least one data packet to be read, the data packets to be read are received in parallel, and the memory read data authentication code is an authentication code generated at least based on a shared key and write integrity information of the data to be read;

storing the data to be read, generating read integrity information of the data to be read by using the data to be read, generating a processor read data authentication code at least based on the shared secret key and the read integrity information, and storing each data packet to be written into as parallel storage;

judging whether the memory read data authentication code is equal to the processor read data authentication code;

and when the memory read data authentication code is equal to the processor read data authentication code, confirming the integrity of the data to be read.

Optionally, the memory read data authentication code is an authentication code generated at least based on the shared key, the write integrity information, and a memory read data counter value, where the memory read data counter value is a counter value obtained based on an initial value of the memory read data counter value and a count sequence of the memory read data counter, and after the memory read data authentication code is generated, the memory read data counter value takes a next value of the memory read data counter value as the memory read data counter value according to the count sequence of the memory read data counter;

the step of generating a processor-readable data authentication code based on at least the shared key and the read integrity information comprises:

generating the processor read data authentication code based at least on the shared key, the read integrity information, and a current processor read data counter value; and after the processor reading data authentication code is generated, taking the next value of the current processor reading data counter value as the processor reading data counter value by the processor reading data counter value according to the counting sequence of the processor reading data counter, wherein the initial value of the memory reading data counter value is the same as the initial value of the processor reading data counter value, and the counting sequence of the memory reading data counter is the same as the counting sequence of the processor reading data counter.

Optionally, the step of receiving at least the data to be read and the memory read data authentication code of the data to be read includes:

receiving the data to be read, the memory write data counter value and the memory read data authentication code stored when the data to be read is written, wherein the memory read data authentication code is an authentication code generated based on the shared key, one of the processor write data authentication code and the memory write data authentication code, and the current memory read data counter value;

the step of generating the processor read data authentication code based on at least the shared key, the read integrity information, and a current processor read data counter value comprises:

generating the processor read data authentication code based on the shared key, the read integrity information, the current processor read data counter value, and the memory write data counter value.

Optionally, the data reading method further includes: and when the memory read data authentication code is not equal to the processor read data authentication code, returning report information.

Optionally, the receiving of the data to be read and the receiving of the memory read data authentication code of the data to be read are received in parallel.

Optionally, each data packet to be read is sent by a common storage unit of the memory, and the common storage unit that sends each data packet to be written is different.

Optionally, the memory read data authentication code of the data to be read is sent by an encryption storage unit of the memory.

Optionally, the receiving of the memory write data counter value and the receiving of the data to be read and the memory read data authentication code of the data to be read are received in parallel.

Optionally, the memory write data counter value is sent by a count storage unit of the memory.

Optionally, the step of obtaining the data to be read includes:

the method comprises the steps that a memory receives a data address of data to be read and a processor read request authentication code of the data address, wherein the data address comprises at least one data address bit, the data address bit is received in parallel, and the processor read request authentication code is generated at least based on a shared secret key and the data address;

generating a memory read request authentication code based at least on the shared key and the data address;

judging whether the processor read request authentication code is equal to the memory read request authentication code;

and when the processor read request authentication code is equal to the memory read request authentication code, acquiring the data to be read according to the data address.

Optionally, the processor read request authentication code is an authentication code generated based on the shared secret key, the address to be read, and a processor read request counter value; the processor read request counter value is a counter value obtained based on an initial value of the processor read request counter value and a counting sequence of the processor read request counter, and after the processor read request authentication code is generated, the processor read request counter value takes the next value of the current processor read request counter value as the processor read request counter value according to the counting sequence of the processor read request counter;

the step of generating a memory read request authentication code based at least on the shared key and the data address comprises: generating the memory read request authentication code based on the shared key, the data address, and a current memory read request counter value; after the memory read request authentication code is generated, the memory read request counter value takes the next value of the current memory read request counter value as the memory read request counter value according to the counting sequence of the memory read request counter; the memory read request counter value is a counter value obtained based on an initial value of the memory read request counter value and a counting sequence of the memory read request counter, the initial value of the memory read request counter value is the same as the initial value of the processor read request counter value, and the counting sequence of the memory read request counter is the same as the counting sequence of the processor read request counter.

Optionally, the data reading method further includes:

when the processor read request authentication code is not equal to the memory read request authentication code, report information is returned to the processor.

Optionally, the receiving of each data address bit and the receiving of the processor read request authentication code of the data address are received in parallel.

Optionally, receiving each data address bit by using a common storage unit of the memory; and the common storage units corresponding to the data addresses are different.

Optionally, the data address and the processor read request authentication code of the data address are received by an encrypted storage unit of the memory.

Optionally, the current memory read request counter value is stored by using a count storage unit of the memory.

An embodiment of the present invention further provides a data reading apparatus, including:

the processor receiving module is suitable for at least receiving data to be read and a memory read data authentication code of the data to be read; the data to be read comprises at least one data packet to be read, the data packets to be read are received in parallel, and the memory read data authentication code is an authentication code generated at least based on a shared key and write integrity information of the data to be read;

the processor storage module is suitable for storing the data to be read, reading integrity information of the data to be read is generated by using the data to be read, a processor reading data authentication code is generated at least based on the shared secret key and the reading integrity information, and the storage of each data packet to be written is parallel storage;

the processor judging module is suitable for judging whether the memory read data authentication code is equal to the processor read data authentication code or not;

a processor confirmation module adapted to confirm the integrity of the data to be read when the memory read data authentication code is equal to the processor read data authentication code.

the processor storage module is adapted to generate the processor read data authentication code based on at least the shared key, the read integrity information, and a current processor read data counter value; and after the processor reading data authentication code is generated, taking the next value of the current processor reading data counter value as the processor reading data counter value by the processor reading data counter value according to the counting sequence of the processor reading data counter, wherein the initial value of the memory reading data counter value is the same as the initial value of the processor reading data counter value, and the counting sequence of the memory reading data counter is the same as the counting sequence of the processor reading data counter.

Optionally, the processor receiving module is adapted to receive the data to be read, the memory write data counter value stored when the data to be read is written, and the memory read data authentication code, where the memory read data authentication code is an authentication code generated based on the shared key, one of the processor write data authentication code and the memory write data authentication code, and the current memory read data counter value;

the processor storage module is adapted to generate the processor read data authentication code based on the shared key, the read integrity information, the current processor read data counter value, and the memory write data counter value.

An embodiment of the present invention further provides an on-chip system, including:

a general processor comprising at least one processor core adapted to send a read data request to read data, including reading at least one data packet to be read, each processor core adapted to receive each of the data packets to be read in parallel;

the encryption processor is suitable for at least receiving the memory reading data authentication code of the data to be read; the memory read data authentication code is an authentication code generated at least based on a shared secret key and write integrity information of the data to be read; storing the data to be read, generating read integrity information of the data to be read by using the data to be read, generating a processor read data authentication code at least based on the shared secret key and the read integrity information, and storing each data packet to be written into as parallel storage; and when the memory read data authentication code is equal to the processor read data authentication code, confirming the integrity of the data to be read.

the encryption processor is adapted to generate the processor read data authentication code based on at least the shared key, the read integrity information, and a current processor read data counter value; and after the processor reading data authentication code is generated, taking the next value of the current processor reading data counter value as the processor reading data counter value by the processor reading data counter value according to the counting sequence of the processor reading data counter, wherein the initial value of the memory reading data counter value is the same as the initial value of the processor reading data counter value, and the counting sequence of the memory reading data counter is the same as the counting sequence of the processor reading data counter.

Optionally, the encryption processor is further adapted to receive the memory write data counter value and the memory read data authentication code stored when the data to be read is written, where the memory read data authentication code is an authentication code generated based on the shared key, one of the processor write data authentication code and the memory write data authentication code, and the current memory read data counter value; generating the processor read data authentication code based on the shared key, the read integrity information, the current processor read data counter value, and the memory write data counter value.

The embodiment of the invention also provides a processor, which is characterized in that the processor is configured to execute the data reading method.

The embodiment of the present invention further provides an electronic device, which is characterized by including the data reading apparatus, or the system on chip, or the processor.

Compared with the prior art, the technical scheme of the embodiment of the invention has the following advantages:

in the data reading method provided by the embodiment of the invention, because the data to be read comprises at least one data packet to be read, the processor can receive and store each data packet to be read in parallel, receive the processor data reading authentication code of the data to be read, generate the reading integrity information of the data to be read by using the data to be read, generate the processor data reading authentication code at least based on the shared key and the reading integrity information, and verify the integrity of the data to be read by comparing the processor data reading authentication code with the memory data reading authentication code, on one hand, the data reading efficiency between the processor chip and the memory can be improved by using the method of receiving and storing each data packet to be read in parallel; meanwhile, the data integrity can be ensured by comparing the data reading authentication code of the processor with the data reading authentication code of the memory; furthermore, the memory also generates a memory read data authentication code by using the write integrity information stored in the write process, and then compares the processor read data authentication code with the memory read data authentication code, so that the integrity information of the data to be read does not need to be calculated in the memory, the influence of operation bottleneck caused by the calculation of the integrity information is reduced, and the data storage efficiency is improved on the premise of ensuring the data integrity.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

Fig. 1 is a schematic flow chart illustrating a data writing method according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of an apparatus for a data writing method and a data reading method according to an embodiment of the present invention;

FIG. 3 is a flowchart illustrating a data writing method according to another embodiment of the present invention;

FIG. 4 is a flowchart illustrating a data reading method according to an embodiment of the present invention;

FIG. 5 is a flowchart illustrating a data reading method according to another embodiment of the present invention;

FIG. 6 is a flowchart illustrating a data reading method according to another embodiment of the present invention;

FIG. 7 is a flowchart illustrating a data obtaining step to be read according to an embodiment of the present invention;

FIG. 8 is a flowchart illustrating a further data obtaining step to be read according to an embodiment of the present invention;

FIG. 9 is a schematic structural diagram of a data writing apparatus according to an embodiment of the present invention;

FIG. 10 is a schematic structural diagram of a data reading apparatus according to an embodiment of the present invention;

fig. 11 is a schematic structural diagram of a system on chip according to an embodiment of the present invention.

Detailed Description

As can be seen from the background art, in the prior art, on the premise of ensuring data integrity, the efficiency of receiving and storing data between the processor chip and the memory is low.

The embodiment of the invention provides a data reading method and a related device, wherein the data reading method comprises the following steps: receiving at least data to be read and a memory read data authentication code of the data to be read; the data to be read comprises at least one data packet to be read, the data packets to be read are received in parallel, and the memory read data authentication code is an authentication code generated at least based on a shared key and write integrity information of the data to be read; storing the data to be read, generating read integrity information of the data to be read by using the data to be read, generating a processor read data authentication code at least based on the shared secret key and the read integrity information, and storing each data packet to be written into as parallel storage; judging whether the memory read data authentication code is equal to the processor read data authentication code; and when the memory read data authentication code is equal to the processor read data authentication code, confirming the integrity of the data to be read.

In this way, in the data reading method provided in the embodiment of the present invention, the data to be read includes at least one data packet to be read, the processor may receive and store each data packet to be read in parallel, receive a processor read data authentication code corresponding to the data to be read, generate read integrity information of the data to be read by using the data to be read, generate a processor read data authentication code based on at least the shared key and the read integrity information, and verify integrity of the data to be read by comparing the processor read data authentication code with the memory read data authentication code, so that on one hand, the data reading efficiency between the processor chip and the memory may be improved by using a method of receiving and storing each data packet to be read in parallel; meanwhile, the data integrity can be ensured by comparing the data reading authentication code of the processor with the data reading authentication code of the memory; furthermore, the memory also generates a memory read data authentication code by using the write integrity information stored in the write process, and then compares the processor read data authentication code with the memory read data authentication code, so that the integrity information of the data to be read does not need to be calculated in the memory, the influence of operation bottleneck caused by the calculation of the integrity information is reduced, and the data storage efficiency is improved on the premise of ensuring the data integrity.

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

For ease of understanding, the data writing process will be described and explained first.

Referring to fig. 1, fig. 1 is a schematic flow chart illustrating a data writing method according to an embodiment of the invention.

As shown in the figure, the data writing method provided by the embodiment of the present invention includes:

step S11, receiving data to be written, write integrity information of the data to be written and a processor write data authentication code of the data to be written, wherein the data to be written comprises at least one data packet to be written, the reception of each data packet to be written is parallel reception, and the processor write data authentication code is an authentication code generated at least based on a shared secret key and the write integrity information.

It can be understood that the processor is used for sending the data to be written, the write integrity information of the data to be written, and the processor write data authentication code of the data to be written, and the processor may be a processor chip or other devices capable of performing a write operation. The storage is used for receiving data to be written, the write integrity information of the data to be written and the processor write data authentication code of the data to be written, and the storage can be a memory or other equipment with a storage function.

The data to be written comprises at least one data packet to be written, the receiving of each data packet to be written is parallel receiving, and the meaning that the receiving of each data packet to be written is parallel receiving is as follows: the receiving of the data packets to be written can be carried out simultaneously; of course, the simultaneous performance described herein may include both the case where the simultaneous start and the simultaneous end are performed, and the case where the simultaneous start and the simultaneous end are not performed, that is: the case where another packet to be written is in progress while an operation is in progress.

For convenience of description, please refer to fig. 2, and fig. 2 is a schematic diagram of an apparatus for a data writing method and a data reading method according to an embodiment of the present invention.

As shown in fig. 2, the apparatus of the data writing method according to the embodiment of the present invention includes: when the memory 2 receives the data to be written sent by the processor 1, in order to improve sending efficiency, the data to be written may be split into a plurality of data packets to be written, and then the data packets to be written are sent to the memory 2 in parallel. In one embodiment, to ensure transmission efficiency and reduce cost, each data packet to be written may be received by using a plurality of normal memory cells 21 of the memory 2. In one embodiment, as shown in fig. 2, the normal memory unit 21 includes a first normal memory unit, a second normal memory unit, a third normal memory unit and a fourth normal memory unit. Of course, in another embodiment, the general memory unit 21 may include a greater or lesser number of general memory units.

When each of the ordinary storage units 21 receives the data packet to be written, it is not required that the reception of one data packet to be written is completed before the reception of another data packet to be written is started. Of course, each of the normal storage units 21 may also receive the data packet to be written at the same time. In order to increase the receiving speed, the number of packets to be written may be set to be the same as the number of normal memory cells 21 of the memory.

The size of each data packet to be written may be equal to the size of one word in the processor or the memory, or may be larger or smaller than the size of one word in the processor or the memory.

The size of each data packet to be written may be the same or different.

In one embodiment, the size of each packet to be written may be 16 bytes.

In order to ensure data integrity, in addition to receiving data to be written, a processor write data authentication code is received, wherein the processor write data authentication code is generated by the processor at least based on the shared secret key of the processor and the sent write integrity information of the data to be written.

It is to be understood that the shared key is a key negotiated by the processor and the memory together. The shared key may be derived by a key agreement algorithm. Before obtaining the shared secret key, the processor and the memory may mutually authenticate each other in advance by means of digital signatures and the like.

The integrity information may be a hash value of the data to be written obtained according to the MD5 algorithm, the SHA-1 algorithm, or other algorithms, or may be other information that may reflect the integrity of the data.

The size of the processor write data authentication code of the data to be written may also be set as required, and in a specific embodiment, the size of the processor write data authentication code of the data to be written may also be 16 bytes.

Further, in order to reduce the computation bottleneck, it is also necessary to receive write integrity information of the data to be written, where the size of the write integrity information of the data to be written may be set as needed, and in a specific embodiment, the size of the write integrity information of the data to be written may be 16 bytes.

The receiving of the data to be written, the receiving of the write integrity information of the data to be written and the receiving of the processor write data authentication code of the data to be written may be serial receiving or parallel receiving. In a specific embodiment, in order to increase the receiving speed, the receiving of the data to be written is received in parallel with the receiving of the write integrity information of the data to be written and the receiving of the processor write data authentication code of the data to be written.

Because the receiving of the data to be written is parallel to the receiving of the writing integrity information of the data to be written and the receiving of the processor writing data authentication code of the data to be written, the memory can simultaneously receive the data to be written, the writing integrity information of the data to be written and the processor writing data authentication code of the data to be written, thereby improving the receiving efficiency and reducing the time required by receiving.

And step S12, storing the data to be written, generating a memory write data authentication code at least based on the shared secret key and the write integrity information, and storing each data packet to be written into parallel storage.

Similarly, the meaning that the storage of each packet to be written is parallel storage is: the storage of the data packets to be written may be performed simultaneously.

The storage position of each data packet to be written can also be set according to the requirement.

With continued reference to fig. 2, in an embodiment, each to-be-written data packet is stored by using a common storage unit 21 of the memory, where each common storage unit 21 storing each to-be-written data packet is different. As shown in fig. 2, in a specific embodiment, the first normal storage unit, the second normal storage unit, the third normal storage unit, and the fourth normal storage unit respectively store the data packets to be written.

Because different common storage units receive the data packets to be written, the memory can simultaneously store the data packets to be written, thereby improving the storage efficiency and reducing the time required by storage.

The memory write data authentication code is generated for the memory based at least on the shared secret key of the memory and the received write integrity information. The memory write data authentication code and the processor write data authentication code are generated using the same derived key algorithm.

The size of the memory write data authentication code of the data to be written may also be set as needed, as long as the size of the memory write data authentication code of the data to be written is the same as that of the processor write data authentication code, so in a specific embodiment, the size of the memory write data authentication code of the data to be written may be 16 bytes.

Since the encrypted storage unit of the memory can be used to receive the write integrity information of the data to be written and the processor write data authentication code of the data to be written, the generation of the memory write data authentication code can also be performed by the encrypted storage unit of the memory for the convenience of comparison.

Step S13, judging whether the processor write data authentication code is equal to the memory write data authentication code; if yes, go to step S14.

After a memory write data authentication code is obtained, judging whether the processor write data authentication code is equal to the memory write data authentication code, if so, indicating that the shared key of the processor is consistent with the shared key of the memory, and the write integrity information of the data to be written sent by the processor is consistent with the write integrity information received by the memory; when the memory does not have other errors, the data to be written sent by the processor is consistent with the data to be written received and stored by the memory, so that the integrity of the data to be written can be ensured.

At least the processor write data authentication code or the memory write data authentication code is stored, step S14.

The storing of at least the processor write data authentication code or the memory write data authentication code is storing of at least one of the processor write data authentication code or the memory write data authentication code. Since the processor write data authentication code or the memory write data authentication code is the same at this time, only one of the processor write data authentication code or the memory write data authentication code may be stored.

The storage position of the processor write data authentication code or the memory write data authentication code can be set according to requirements. Specifically, with continued reference to FIG. 2, in one embodiment, the encrypted storage unit 22 of the memory may be utilized to store one of the processor write data authentication code or the memory write data authentication code.

The processor write data authentication code or the memory write data authentication code is stored by using the encryption storage unit of the memory, and can be isolated from the ordinary storage unit, so that the safety of the data writing method can be enhanced.

In a normal situation, the processor write data authentication code is not equal to the memory write data authentication code, which is an abnormal expression, and at this time, the memory may return related information to the processor, so that the processor may perform processing by using another method, or may not return related information to the processor.

Therefore, in one embodiment, when the processor write data authentication code is not equal to the memory write data authentication code, step S15 may be executed: and returning report information.

It is understood that the report information may include information that the processor write data authentication code is not equal to the memory write data authentication code, may also include information such as size information and location information of the data to be written, may also include time information for receiving the data to be written, and may also include other information. The report information can be returned to the processor by the memory, and can also be returned to other equipment by the memory.

In this way, when the processor write data authentication code is not equal to the memory write data authentication code, the memory can return relevant report information to the processor or other equipment, thereby facilitating the processor to perform the next operation.

It can be seen that, in the data writing method provided in the embodiment of the present invention, the data to be written includes at least one data packet to be written, the memory may receive and store each data packet to be written in parallel, receive write integrity information of the data to be written calculated at the processor, and a processor write data authentication code of the data to be written, then generate a memory write data authentication code based on at least the shared key and the write integrity information, and verify the integrity of the data to be written by comparing the processor write data authentication code with the memory write data authentication code, so that on one hand, the receiving and storing efficiency of the data between the processor chip and the memory may be improved by using a method of receiving and storing each data packet to be written in parallel; meanwhile, the data integrity can be ensured by comparing the data writing authentication code of the processor with the data writing authentication code of the memory; furthermore, the received write integrity information of the data to be written, which is calculated in the processor, is utilized to generate the memory write data authentication code, and then the processor write data authentication code is compared with the memory write data authentication code, the write integrity information is calculated in the memory without utilizing the data to be written again, the influence of operation bottleneck caused by calculation of the write integrity information is reduced, and therefore the data storage efficiency is improved on the premise of ensuring the data integrity.

Of course, although the write data authentication code generated based on the shared key and the write integrity information of the data to be written can ensure the integrity of the data to be written, when the processor or a third end other than the processor and the memory sends the data to be written, the write integrity information of the data to be written, and the processor write data authentication code of the data to be written, which have been sent before, to the memory, the memory cannot identify whether the third end of the information is sent by the processor, but can only perform writing of the data to be written again, which may be used by an attacker, so as to achieve the purpose of covering the content stored in the memory.

Therefore, in order to improve the security of the data writing method, in another specific implementation, an embodiment of the present invention further provides a data writing method, please refer to fig. 3, and fig. 3 is a schematic flow chart of another data writing method according to an embodiment of the present invention.

As shown in fig. 3, the data writing method according to the embodiment of the present invention includes:

step S21: and receiving data to be written, write integrity information of the data to be written and a processor write data authentication code of the data to be written.

Please refer to the content of step S11 shown in fig. 1 for a part of the content of step S21, which is not described herein again.

In this embodiment, the processor write data authentication code is an authentication code generated by the processor based on the shared key of the processor, the write integrity information of the transmitted data to be written, and the current processor write data counter value.

It is understood that the processor write data counter value is a counter value obtained based on an initial value of the processor write data counter value and a counting sequence of the processor write data counter, and each time the processor write data authentication code is generated, a new processor write data counter value may be obtained from a current processor write data counter value and the counting sequence of the processor write data counter and stored as the processor write data counter value.

The processor write data counter value is a counter value obtained based on an initial value of the processor write data counter value and a counting sequence of the processor write data counter, wherein the counting sequence of the processor write data counter is a digital sequence with different numbers between each bit, so that when one processor write data counter value is known, the counter values of the front and rear designated bits can be known.

The form of the count sequence of the processor write data counter is many and can be chosen as desired. For convenience, in one embodiment, the count sequence of the processor write data counter and the count sequence of the memory write data counter may be an arithmetic series with 0 as the first term and 1 as the tolerance.

That is, if a represents the processor write data counter value, the initial value of the processor write data counter value is set to 0, and the count sequence of the processor write data counter is 1, the assignment formula of the processor write data counter value is a = a +1, after the processor write data authentication code is generated 1 time, the processor write data counter value is 1, after the processor write data authentication code is generated 2 times, the processor write data counter value is 2, and so on.

And step S22, generating the memory write data authentication code based on the shared secret key, the write integrity information and the current memory write data counter value, acquiring a new memory write data counter value according to the current memory write data counter value and the counting sequence of the memory write data counter, and storing the new memory write data counter value as the memory write data counter value.

Please refer to the content of step S12 shown in fig. 1 for a part of the content of step S22, which is not described herein again.

The memory write data counter value is a counter value obtained based on an initial value of the memory write data counter value and a counting sequence of the memory write data counter, the initial value of the memory write data counter value is the same as the initial value of the processor write data counter value, and the counting sequence of the memory write data counter is the same as the counting sequence of the processor write data counter.

Thus, the memory write data authentication code is an authentication code generated by the memory based on the shared secret key of the memory, the write integrity information received by the memory, and the current memory write data counter value.

The memory write data counter value is a counter value obtained based on an initial value of the memory write data counter value and a counting sequence of the memory write data counter, wherein the counting sequence of the memory write data counter is a digital sequence with different numbers between each bit, so that when one memory write data counter value is obtained, counter values of front and back appointed bits can be obtained.

The form of the counting sequence of the memory write data counter is various and can be selected according to the needs. As long as the condition that the count sequence of the memory write data counter is the same as the count sequence of the processor write data counter is satisfied.

Since the initial value of the memory write data counter value is the same as the initial value of the processor write data counter value and the count sequence of the memory write data counter is the same as the count sequence of the processor write data counter, the memory write data counter value and the processor write data counter value can always remain equal when the memory write data counter value and the processor write data counter value perform the same operation, e.g., the next value of the current counter value is taken as the new counter value.

It will be appreciated that the initial value of the memory write data counter value being the same as the initial value of the processor write data counter value may be achieved by one of the memory and the processor sending the current write data counter value to the other, the other assigning the received write data counter value to its own write data counter value. The initial value of the memory write data counter value is the same as the initial value of the processor write data counter value, which can be realized when the processor and the memory negotiate together to obtain the shared key, or when the processor and the memory mutually authenticate each other through a digital signature before obtaining the shared key.

Step S23, judging whether the processor write data authentication code is equal to the memory write data authentication code; if yes, go to step S24. If not, step S25 may also be performed.

After a memory write data authentication code is obtained, whether the processor write data authentication code is equal to the memory write data authentication code is judged, if yes, the shared key of the processor and the memory is consistent, the write integrity information of the data to be written sent by the processor is consistent with the write integrity information received by the memory, and the value of a memory write data counter is the same as the value of a processor write data counter; when the memory has no other errors, the data to be written sent by the processor is consistent with the data to be written received and stored by the memory, so that the integrity of the data to be written is ensured. And when the processor or a third end outside the processor and the memory sends the data to be written, the write integrity information of the data to be written and the processor write data authentication code of the data to be written which have been sent before to the memory, because the processor write data counter value based on the processor write data authentication code of the data to be written is different from the current memory write data counter value at this time, the memory can recognize that the data to be written is not written any more, thereby avoiding the use of an attacker, preventing the content stored in the memory from being covered, and improving the safety of the data writing method.

Step S24, storing the current memory write data counter value and one of the current processor write data authentication code and the current memory write data authentication code.

Please refer to step S14 shown in fig. 1 for a part of the content of step S24, which is not described herein again.

In addition, in order to ensure the integrity of the data to be written during data reading, please continue to refer to fig. 3, in an embodiment, the current memory write data counter value may also be stored.

When the current memory write data counter value is stored, the current memory write data counter value can be corresponded to the current data to be written by methods of adding a mark and the like, so that the integrity of the written data to be written can be protected when the data to be written is read.

The storage location of the memory write data counter value may be set as desired. Specifically, with continued reference to FIG. 2, in one embodiment, the current memory write data counter value may be stored using a count storage unit 23 of the memory. Of course, in another embodiment, the current memory write data counter value may also be stored to the encrypted storage unit 22 of the memory.

The current memory write data counter value is stored by using the counting storage unit of the memory, so that the current memory write data counter value can be isolated from the common storage unit, and the safety of the data write method can be enhanced.

Step S25: and returning report information.

Please refer to step S15 shown in fig. 1 for details of step S25, which are not described herein again.

Of course, it can be understood that, after data is written, when data is read, in order to solve the foregoing problem, an embodiment of the present invention provides a data reading method.

Referring to fig. 4, fig. 4 is a schematic flow chart illustrating a data reading method according to an embodiment of the invention.

As shown in the figure, a data reading method provided by an embodiment of the present invention includes:

and step S31, at least receiving the data to be read and the memory read data authentication code of the data to be read.

The data to be read comprises at least one data packet to be read, the data packets to be read are received in parallel, and the memory read data authentication code is an authentication code generated at least based on a shared secret key and write integrity information of the data to be read.

Of course, the data to be read includes at least one data packet to be read, and the receiving of each data packet to be read is parallel receiving, which also includes the case that the data to be read includes only one data packet to be read.

It is understood that at least the data to be read and the memory read data authentication code of the data to be read are received by the processor, and the processor may be a processor chip or other devices capable of performing a write operation. The memory is used for at least sending the data to be read and the memory reading data authentication code of the data to be read, and the memory can be a memory or other equipment with a storage function.

The data to be read comprises at least one data packet to be read, the receiving of each data packet to be read is parallel receiving, and the meaning that the receiving of each data packet to be read is parallel receiving is as follows: the reception of each of the data packets to be read may be performed simultaneously.

For convenience of explanation, please continue to refer to fig. 2.

As shown in fig. 2, the apparatus of the data reading method according to the embodiment of the present invention includes: when the memory 2 sends the data to be read to the processor 1, in order to improve sending efficiency, the data to be read may be split into a plurality of data packets to be read, and then the data packets to be read are sent to the processor 1 in parallel.

In one embodiment, to ensure transmission efficiency and reduce cost, each data packet to be read may be sent by using a plurality of normal memory cells 21 of the memory 2. As shown in fig. 2, the first normal storage unit, the second normal storage unit, the third normal storage unit, and the fourth normal storage unit may all send data packets to be read.

When each of the normal memory units 21 transmits the data packet to be read, it is not required that one data packet to be read is transmitted after the transmission of the other data packet to be read is completed. Of course, each of the normal storage units 21 may also send the data packet to be read at the same time. In order to increase the transmission speed, it can be provided that the number of data packets to be read per transmission is the same as the number of normal memory cells 21 of the memory.

The size of each data packet to be read may be equal to the size of one word in the processor or the memory, or may be larger or smaller than the size of one word in the processor or the memory. In one embodiment, each of the data packets to be read may have a size of 16 bytes.

In order to ensure data integrity, in addition to receiving data to be read, a memory read data authentication code is also received, wherein the memory read data authentication code is an authentication code generated by the memory at least based on the shared secret key of the memory and write integrity information received when the data to be read is written. Specifically, the memory read data authentication code may be generated based on at least one of the shared key of the memory and a processor write data authentication code or the memory write data authentication code stored when the data to be read is written. And the processor write data authentication code or the memory write data authentication code stored when the data to be read is written is generated at least based on the shared secret key and write integrity information received when the data to be read is written.

It is to be understood that the shared key is a key negotiated by the processor and the memory together. The shared key may be derived by a key agreement algorithm. The processor and the memory may mutually authenticate each other by a digital signature in advance before obtaining the shared secret.

The read integrity information may be a hash value of the data to be read, which is obtained by the processor according to the MD5 algorithm, the SHA-1 algorithm, or another algorithm, or may be other information that may reflect the integrity of the data.

The size of the memory read data authentication code of the data to be read can also be set according to needs, and in a specific implementation manner, the size of the memory read data authentication code of the data to be read can also be 16 bytes.

The receiving of the data to be read and the receiving of the memory reading data authentication code of the data to be read can be serial receiving or parallel receiving. In one embodiment, in order to increase the receiving speed, the receiving of the data to be read and the receiving of the memory read data authentication code of the data to be read are received in parallel.

The receiving of the data to be read and the receiving of the memory reading data authentication code of the data to be read are parallel receiving, and the data to be read and the memory reading data authentication code of the data to be read can be simultaneously received, so that the receiving efficiency is improved, and the receiving time is reduced.

The sending position of each data packet to be read can also be set according to the requirement.

With continued reference to fig. 2, in one embodiment, each data packet to be read is sent from a common memory location of the memory, and the common memory location where each data packet to be read is sent is different.

Because each common storage unit sends each data packet to be read, the memory can send the data to be read at the same time, thereby improving the sending efficiency and reducing the time required by sending.

The sending position of the memory reading data authentication code can be set according to the requirement. Specifically, with continued reference to fig. 2, in one embodiment, the memory read data authentication code of the data to be read is sent by the encrypted storage unit of the memory.

The encrypted storage unit of the memory sends the memory read data authentication code of the data to be read, so that the data can be isolated from the common storage unit, and the safety of the data writing method can be enhanced.

And step S32, storing the data to be read, generating the read integrity information of the data to be read by using the data to be read, generating a processor read data authentication code at least based on the shared key and the read integrity information, and storing each data packet to be read as parallel storage.

Similarly, the meaning that the storage of each data packet to be read is parallel storage is as follows: the storage of the data packets to be read may be performed simultaneously.

The processor reading the data authentication code is generated by the processor based on at least the shared secret key of the memory and reading integrity information of the data to be read generated by the data to be read. The processor reading data authentication code and the memory reading data authentication code are generated by using the same derived key algorithm. Specifically, the processor may generate an authentication code that is the same as a processor write data authentication code when the data to be read is written, based on at least the shared key of the processor and read integrity information that is generated by using the data to be read. And then generating the processor reading data authentication code at least based on the authentication code which is the same as the processor writing data authentication code when the data to be read is written and the shared secret key.

The size of the processor data reading authentication code of the data to be read may also be set as required, as long as the size of the processor data reading authentication code of the data to be read is the same as that of the processor data reading authentication code, so in a specific implementation manner, the size of the processor data reading authentication code of the data to be read may be 16 bytes.

Step S33, judging whether the memory read data authentication code is equal to the processor read data authentication code; yes, step S34 is executed.

When the processor read data authentication code is equal to the memory read data authentication code, the shared key of the processor is consistent with that of the memory, and the read integrity information generated by the processor by using the data to be read is consistent with the write integrity information received by the memory when the data to be read is written; when the memory has no other errors, the data to be read received by the processor is consistent with the data to be read sent by the memory, so that the integrity of the data to be read is ensured.

And step S34, confirming the integrity of the data to be read.

In a normal case, the fact that the processor reads the data authentication code is not equal to the memory read data authentication code is an abnormal expression, and at this time, the processor may return related information so as to perform processing by using other methods, or may not return related information.

Therefore, in one embodiment, when the processor reading data authentication code is not equal to the memory reading data authentication code, step S35 is executed: and returning report information.

It is understood that the report information may include information that the processor reading data authentication code is not equal to the memory reading data authentication code, may also include information such as size information and location information of the data to be read, may also include time information for receiving the data to be read, and may also include other information.

In this way, when the processor reading data authentication code is not equal to the memory reading data authentication code, the processor can return the relevant report information, thereby facilitating the next operation.

In this way, in the data reading method provided in the embodiment of the present invention, the data to be read includes at least one data packet to be read, the processor may receive and store each data packet to be read in parallel, receive a processor read data authentication code corresponding to the data to be read, generate read integrity information of the data to be read by using the data to be read, generate a processor read data authentication code based on at least the shared key and the read integrity information, and verify integrity of the data to be read by comparing the processor read data authentication code with the memory read data authentication code, so that on one hand, the data receiving and storing efficiency between the processor chip and the memory may be improved by using a method of receiving and storing each data packet to be read in parallel; meanwhile, the data integrity can be ensured by comparing the data reading authentication code of the processor with the data reading authentication code of the memory; furthermore, the memory also generates a memory read data authentication code by using the write integrity information stored in the write process, and then compares the processor read data authentication code with the memory read data authentication code, so that the integrity information of the data to be read does not need to be calculated in the memory, the influence of operation bottleneck caused by the calculation of the integrity information is reduced, and the data storage efficiency is improved on the premise of ensuring the data integrity.

Of course, although the data reading method can ensure the integrity of the data to be read, when the memory or a third terminal outside the memory and the processor sends the data to be read that has been sent before and the memory read authentication code of the data to be read to the processor, the processor cannot identify the data to be read, and the data to be read is repeatedly operated, so that the data to be read may be utilized by an attacker, which may affect the safety of the processor.

Therefore, in order to improve the security of the data reading method, in another specific implementation, an embodiment of the present invention further provides a data reading method, please refer to fig. 5, and fig. 5 is a schematic flow chart of another data reading method provided in the embodiment of the present invention.

As shown in fig. 5, the data reading method provided by the embodiment of the present invention includes:

and step S41, at least receiving the data to be read and the memory read data authentication code of the data to be read.

Please refer to the content of step S31 shown in fig. 4 for a part of the content of step S41, which is not described herein again.

In this embodiment, the memory read data authentication code is an authentication code generated based on at least the shared key, the write integrity information, and a memory read data counter value.

It can be understood that the memory read data counter value is a counter value obtained based on an initial value of the memory read data counter value and a count sequence of the memory read data counter, and after the memory read data authentication code is generated each time, a new memory read data counter value is obtained according to a current memory read data counter value and the count sequence of the memory read data counter and stored as the memory read data counter value.

In this way, the memory read data authentication code is an authentication code generated by the memory based on the shared secret key of the memory, the write integrity information of the transmitted data to be read, and the current memory read data counter value.

The memory read data counter value is a counter value obtained based on an initial value of the memory read data counter value and a counting sequence of the memory read data counter, wherein the counting sequence of the memory read data counter is a digital sequence with different numbers between each bit, so that when one memory read data counter value is obtained, the counter values of the front and back appointed bits can be obtained.

The form of the count sequence of the memory read data counter is many and can be selected as desired. For convenience, in a specific embodiment, the count sequence of the memory read data counter and the count sequence of the memory write data counter are first terms 0 and equal difference series with tolerance 1.

Step S42, storing the data to be read, generating the read integrity information of the data to be read by using the data to be read, and generating the processor read data authentication code at least based on the shared key, the read integrity information and the current processor read data counter value; and when the processor reading data authentication code is generated, the processor reading data counter value takes the next value of the current processor reading data counter value as the processor reading data counter value according to the counting sequence of the processor reading data counter.

Please refer to the content of step S32 shown in fig. 4 for a part of the content of step S42, which is not described herein again.

The initial value of the memory read data counter value is the same as the initial value of the processor read data counter value, and the counting sequence of the memory read data counter is the same as the counting sequence of the processor read data counter.

The processor data reading authentication code is an authentication code generated by the processor based on at least the shared secret key of the processor, the reading integrity information generated by the data to be read and the current processor data reading counter value.

The processor data reading counter value is a counter value obtained based on an initial value of the processor data reading counter value and a counting sequence of the processor data reading counter, wherein the counting sequence of the processor data reading counter is a digital sequence with different numbers between each bit, so that when one processor data reading counter value is obtained, counter values of front and back appointed bits can be obtained.

The form of the count sequence of the processor read data counter is many and can be selected as desired. As long as the condition that the count sequence of the processor read data counter is identical to the count sequence of the memory read data counter is satisfied.

Since the initial value of the processor read data counter value is the same as the initial value of the memory read data counter value and the count sequence of the processor read data counter is the same as the count sequence of the memory read data counter, the processor read data counter value and the memory read data counter value can always be kept equal when the processor read data counter value and the memory read data counter value perform the same operation, e.g., the next value of the current counter value is taken as a new counter value.

It is understood that the initial value of the processor read data counter value is the same as the initial value of the memory read data counter value, which can be implemented by one of the processor and the memory sending the current read data counter value to the other, and the other assigning the received read data counter value to its own read data counter value. The initial value of the processor read data counter value is the same as the initial value of the memory read data counter value, which can be realized when the memory and the processor negotiate together to obtain the shared key, or when the memory and the processor mutually authenticate each other through a digital signature before obtaining the shared key.

Step S43, judging whether the memory read data authentication code is equal to the processor read data authentication code; if yes, go to step S44; if not, step S45 may also be performed.

Please refer to the content of step S33 shown in fig. 4 for a part of the content of step S43, which is not described herein again.

After a processor reading data authentication code is obtained, judging whether the memory reading data authentication code is equal to the judgment of the processor reading data authentication code, if so, indicating that the shared key of the memory is consistent with the shared key of the processor, the writing integrity information of the data to be read sent by the memory is consistent with the reading integrity information generated by the processor by utilizing the data to be read, and the value of the processor reading data counter is the same as the value of the memory reading data counter; when the processor does not generate other errors, the data to be read sent by the memory is consistent with the data to be read received and stored by the processor, so that the integrity of the data to be read is ensured. When the memory or a third end outside the memory and the processor sends the data to be read which is sent before and the memory reading data authentication code of the data to be read to the processor, because the memory reading data counter value based on the memory reading data authentication code of the data to be read is different from the current processor reading data counter value at the moment, the processor can identify the data to be read and does not operate the data to be read, thereby avoiding the utilization of an attacker and improving the safety of the data reading method.

And step S44, confirming the integrity of the data to be read.

Please refer to the content of step S34 shown in fig. 4 for a part of the content of step S44, which is not described herein again.

Step S45: and returning report information.

Please refer to the content of step S35 shown in fig. 4 for a part of the content of step S45, which is not described herein again.

Further, when the data to be read stores the memory write data counter value during writing by using the data reading method, the integrity of the data to be read can be further protected by using the memory write data counter value.

Therefore, in an embodiment, please refer to fig. 6, and fig. 6 is a flowchart illustrating a data reading method according to another embodiment of the present invention.

As shown in fig. 6, the data reading method provided by the embodiment of the present invention includes:

and step S51, receiving the data to be read, and the memory write data counter value and the memory read data authentication code stored when the data to be read is written by using the data writing method.

Please refer to the content of step S31 shown in fig. 4 for a part of the content of step S51, which is not described herein again.

In this embodiment, the memory read data authentication code is an authentication code generated by the memory based on the shared key of the memory, the write integrity information during the storage of the data to be read, the memory write data counter value during the storage of the data to be read, and the current memory read data counter value. Specifically, the memory read data authentication code may be generated based on the shared key of the memory, a current memory read data counter value, and one of a processor write data authentication code and the memory write data authentication code stored when the data to be read is written. And the processor write data authentication code or the memory write data authentication code stored when the data to be read is written is generated based on the shared secret key, the write integrity information received when the data to be read is written and the memory write data counter value when the data to be read is stored.

The receiving of the memory write data counter value and the receiving of the data to be read and the memory read data authentication code of the data to be read can be serial receiving or parallel receiving. Therefore, in one embodiment, the receiving of the memory write data counter value is received in parallel with the receiving of the data to be read and the memory read data authentication code of the data to be read.

The receiving of the memory write data counter value and the receiving of the data to be read and the memory read data authentication code of the data to be read are parallel, so that the memory write data counter value, the data to be read and the memory read data authentication code of the data to be read can be stored simultaneously, the storage efficiency is improved, and the storage time is shortened.

The sending position of the data writing counter value of the memory during the data storage to be read can be set according to the requirement. Specifically, with continued reference to FIG. 2, in one embodiment, the memory write data counter value is sent by a count storage unit of the memory.

The data writing method can be enhanced in safety by transmitting the memory write data counter value from the count storage unit of the memory so as to be isolated from the normal storage unit.

Step S52, storing the data to be read, generating the read integrity information of the data to be read by using the data to be read, and generating the processor read data authentication code based on the shared key, the read integrity information, the current processor read data counter value and the memory write data counter value; and when the processor reading data authentication code is generated, the processor reading data counter value takes the next value of the current processor reading data counter value as the processor reading data counter value according to the counting sequence of the processor reading data counter.

Please refer to the content of step S32 shown in fig. 4 for a part of the content of step S52, which is not described herein again.

The processor data reading authentication code is an authentication code generated by the processor based on at least the shared secret key of the processor, the reading integrity information generated by the data to be read and the current processor data reading counter value. Specifically, the processor may generate an authentication code that is the same as the processor write data authentication code when the data to be read is written based on at least the shared key of the processor, the read integrity information of the data to be read generated by using the data to be read, and the received memory write data counter value when the data to be read is stored. And then generating the processor reading data authentication code at least based on the authentication code which is the same as the processor writing data authentication code when the data to be read is written, the shared key and the current processor reading data counter value.

Step S53, judging whether the memory read data authentication code is equal to the processor read data authentication code; if yes, go to step S54. If not, step S55 may also be performed.

Please refer to the content of step S33 shown in fig. 4 for a part of the content of step S53, which is not described herein again.

When the memory reads the data authentication code and the processor reads the data authentication code, the shared key of the memory is consistent with that of the processor, the write integrity information of the data to be read sent by the memory is consistent with the read integrity information generated by the processor by using the data to be read, the processor read data counter value is the same as the memory read data counter value, and the data to be read is data corresponding to the memory write data counter value when the data to be read is stored and received by the processor; when the processor does not generate other errors, the data to be read sent by the memory is consistent with the data to be read received and stored by the processor, so that the safety of the data reading method is improved.

And step S54, confirming the integrity of the data to be read.

Please refer to the content of step S34 shown in fig. 4 for a part of the content of step S54, which is not described herein again.

Step S55: and returning report information.

Please refer to the content of step S35 shown in fig. 4 for a part of the content of step S55, which is not described herein again.

Of course, in the acquisition of the data to be read, the integrity of the address can also be ensured on the premise of parallel transmission of the data address bits.

Therefore, referring to fig. 7, fig. 7 is a schematic flow chart illustrating a step of acquiring data to be read according to an embodiment of the present invention;

as shown in the figure, in the data writing method provided in the embodiment of the present invention, the step of acquiring the data to be read includes:

in step S61, the memory receives the data address of the data to be read and the processor read request authentication code of the data address.

The data address comprises at least one data address bit, the data address bits are received in parallel, and the processor read request authentication code is an authentication code generated at least based on a shared secret key and the data address.

The meaning that the receiving of each data address bit is parallel receiving is as follows: the receipt of each of the data address bits may occur simultaneously.

For convenience of explanation, please continue to refer to fig. 2.

As shown in fig. 2, when the memory 2 receives the data address sent by the processor 1, in order to improve the receiving efficiency, the data address may be divided into a plurality of data address bits, and each data address bit may be received by a plurality of normal memory cells 21 of the memory 2.

When each normal memory cell 21 receives the data address bits, it is not required that the reception of one data address bit is completed before the reception of another data address bit is started. Of course, each of the normal memory cells 21 may also receive the data address bits at the same time. In order to increase the receiving speed, the number of data address bits may be set to be the same as the number of normal memory cells 21 of the memory.

To ensure data integrity, in addition to receiving a data address, a processor read request authentication code is received, the processor read request authentication code generated for the processor based on at least the shared secret key of the processor and the transmitted data address.

The receiving of each data address bit and the receiving of the processor read request authentication code of the data address can be serial receiving or parallel receiving. In one embodiment, to increase the speed of reception, the data address bits are received in parallel with the processor read request authentication code of the data address.

Because the receiving of the data address bits and the receiving of the processor reading request authentication codes of the data addresses are received in parallel, the data address bits and the processor reading request authentication codes of the data addresses can be received simultaneously, thereby improving the receiving efficiency and reducing the time required by receiving.

The data address bits and the receiving position of the processor read request authentication code of the data address can also be set according to requirements.

With continued reference to fig. 2, in one embodiment, each of the data address bits is received by a normal memory cell 21 of the memory, and the normal memory cell 21 corresponding to each of the data addresses is different. In another embodiment, the data address and the processor read request authentication code of the data address may also be received by using the encryption storage unit 22 of the memory.

Because each common storage unit receives each data packet to be read, the encryption storage unit 22 of the memory receives the data address and the processor read request authentication code of the data address, the memory can simultaneously receive the data to be read, thereby improving the storage efficiency, reducing the time required by storage, and enhancing the safety of the data reading method because each storage unit is isolated from each other. .

A memory read request authentication code is generated based at least on the shared key and the data address, step S62.

The memory read request authentication code is generated for the memory based at least on the shared secret key and the data address generation memory read request authentication code. The memory read request authentication code and the processor read request authentication code are generated using the same derived key algorithm.

Since the data address and the processor read request authentication code of the data address can be received by the encryption storage unit 22 of the memory, the generation of the memory read request authentication code can also be performed by the encryption storage unit of the memory for the convenience of comparison.

Step S63, judging whether the processor read request authentication code is equal to the memory read request authentication code; if yes, go to step S64.

When the processor reads the request authentication code and the memory read request authentication code, the shared key of the processor is consistent with that of the memory, and the data address sent by the processor is consistent with the data address received by the memory, so that the integrity of the data address is ensured.

And step S64, acquiring the data to be read according to the data address.

In a normal case, the processor read request authentication code is not equal to the memory read request authentication code, which is an abnormal expression, and at this time, the memory may return related information to the processor, so as to perform processing by using another method, or may not return related information to the processor.

Therefore, in one embodiment, when the processor read request authentication code is not equal to the memory read request authentication code, step S65 is executed: and returning report information.

It is understood that the report information may include information that the processor read request authentication code is not equal to the memory read request authentication code, and may also include other information. The report information can be returned to the processor by the memory, and can also be returned to other equipment by the memory.

In this way, when the processor read request authentication code is not equal to the memory read request authentication code, the memory may return relevant report information to the processor or other device, thereby facilitating the processor or other device to perform the next operation.

Of course, although the verification method of the data read request can ensure the integrity of the data address, when the processor or a third end outside the processor and the memory sends the data address that has been sent before and the processor read request authentication code of the data address to the memory, the memory cannot identify the data address and can only read the data according to the data address again, which may be used by an attacker to read the content stored in the memory.

Therefore, in order to improve the security of the data reading method, in another specific implementation manner, an embodiment of the present invention further provides a step of obtaining data to be read, please refer to fig. 8, and fig. 8 is a schematic flow diagram of another step of obtaining data to be read according to the embodiment of the present invention.

As shown in fig. 8, the step of acquiring data to be read provided by the embodiment of the present invention includes:

in step S71, the memory receives the data address of the data to be read and the processor read request authentication code of the data address.

Please refer to the content of step S61 shown in fig. 7 for a part of the content of step S71, which is not described herein again.

In this embodiment, the processor read request authentication code is an authentication code generated by the processor based on the shared secret key of the processor, the sent data address, and the counter value of the processor read request stored currently when the data to be read is written.

It is understood that the processor read request counter value is a counter value obtained based on an initial value of the processor read request counter value and a counting sequence of the processor read request counter, wherein the counting sequence of the processor read request counter is a number sequence with numbers different from each other between each bit, so that when one processor read request counter value is known, the counter values of the front and rear designated bits can be known.

The form of the count sequence of the processor read request counter is many and can be chosen as desired. For convenience, in one embodiment, the count sequence of the processor read request counter is 0 as the head, and 1 is the tolerance arithmetic sequence.

And step S72, generating the memory write data authentication code based on the shared secret key, the write integrity information and the current memory read request counter value, acquiring a new memory read request counter value according to the current memory read request counter value and the counting sequence of the memory read request counter, and storing the new memory read request counter value as the memory read request counter value.

Please refer to the content of step S62 shown in fig. 7 for a part of the content of step S72, which is not described herein again.

The memory read request counter value is a counter value obtained based on an initial value of the memory read request counter value and a counting sequence of the memory read request counter, the initial value of the memory read request counter value is the same as the initial value of the processor read request counter value, and the counting sequence of the memory read request counter is the same as the counting sequence of the processor read request counter.

Thus, the memory write data authentication code is an authentication code generated by the memory based on the shared secret key of the memory, the received write integrity information, and the current memory write data counter value.

The memory read request counter value is a counter value obtained based on an initial value of the memory read request counter value and a counting sequence of the memory read request counter, wherein the counting sequence of the memory read request counter is a digital sequence with different numbers between each bit, so that when one memory read request counter value is obtained, the counter values of the front and rear appointed bits can be obtained.

The form of the counting sequence of the memory read request counter is various and can be selected according to the needs. As long as the condition that the count sequence of the memory read request counter is identical to the count sequence of the processor read request counter is satisfied.

Since the initial value of the memory read request counter value is the same as the initial value of the processor read request counter value and the count sequence of the memory read request counter is the same as the count sequence of the processor read request counter, the memory read request counter value and the processor read request counter value can always remain equal when the memory read request counter value performs the same operation as the processor read request counter value, e.g., the next value of the current counter value is taken as the new counter value.

It will be appreciated that the initial value of the memory read request counter value being the same as the initial value of the processor read request counter value may be achieved by one of the memory and the processor sending the current read request counter value to the other, the other assigning the received read request counter value to its own read request counter value. The initial value of the memory read request counter value is the same as the initial value of the processor read request counter value, which can be realized when the processor and the memory negotiate together to obtain the shared key, or when the processor and the memory mutually authenticate each other through a digital signature before obtaining the shared key.

The storage location of the memory read request counter value may be set as desired. Therefore, in one embodiment, the current memory read request counter value is stored using a count storage location of the memory. The current counter value of the memory read request is stored by using the counting storage unit of the memory and is isolated from other storage units, so that the safety of the verification method of the data read request can be enhanced.

Step S73, judging whether the processor write data authentication code is equal to the memory write data authentication code; if yes, go to step S74. If not, step S75 may also be performed.

Please refer to the content of step S63 shown in fig. 7 for a part of the content of step S73, which is not described herein again.

When the processor read request authentication code is equal to the memory read request authentication code, the shared key of the processor is consistent with that of the memory, the data address sent by the processor is consistent with that received by the memory, and the counter value of the memory read request is the same as that of the counter value of the processor read request; when no other errors occur in the memory, the data address sent by the processor is consistent with the data address received by the memory, so that the integrity of the data address is ensured. When the processor or a third end outside the processor and the memory sends a data address which has been sent before and a processor read request authentication code of the data address to the memory, because the value of the processor read request counter based on the processor read request authentication code of the data address is different from the current value of the memory read request counter, the memory can recognize the data and does not read the data according to the data address, thereby avoiding the use of an attacker, preventing the attacker from reading the content stored in the memory and improving the safety.

And step S74, acquiring the data to be read according to the data address. Please refer to the content of step S64 shown in fig. 7 for a part of the content of step S74, which is not described herein again.

Step S75: and returning report information. Please refer to the content of step S65 shown in fig. 7 for a part of the content of step S75, which is not described herein again.

The data writing device and the data reading device provided by the embodiments of the present invention and the related devices are described below, and the data writing device and the data reading device may be regarded as program modules provided for implementing the data writing method and the data reading method provided by the embodiments of the present invention. The data writing device and the data reading device described below may be referred to in correspondence with the contents of the methods described above.

Referring to fig. 9, fig. 9 is a schematic structural diagram of a data writing device according to an embodiment of the present invention, and the data writing device 3 according to the embodiment of the present invention includes:

a memory receiving module 31, where the memory receiving module 31 is adapted to receive data to be written, write integrity information of the data to be written, and a processor write data authentication code of the data to be written, where the data to be written includes at least one data packet to be written, the receiving of each data packet to be written is parallel receiving, and the processor write data authentication code is an authentication code generated based on at least a shared key and the write integrity information;

a memory storage module 32, where the memory storage module 32 is adapted to store the data to be written, and generate a memory write data authentication code based on at least the shared secret key and the write integrity information, and the storage of each data packet to be written is parallel storage;

a memory determination module 33, the memory determination module 33 being adapted to determine whether the processor write data authentication code is equal to the memory write data authentication code;

a memory validation module 34, the memory validation module 34 adapted to store at least the processor write data authentication code or the memory write data authentication code when the processor write data authentication code is equal to the memory write data authentication code.

It is understood that the processor may set the corresponding module to cooperate with the memory to implement the data writing method.

It can be seen that, in the data writing device provided in the embodiment of the present invention, the data to be written includes at least one data packet to be written, the memory receiving module can receive the data packets to be written in parallel, and receiving the write integrity information of the data to be written calculated in the processor and the processor write data authentication code of the data to be written, the memory storage module can receive and store each data packet to be written in parallel, a memory write data authentication code is then generated based on at least the shared key and the write integrity information, verifying the integrity of the data to be written by comparing the processor write data authentication code with the memory write data authentication code, therefore, on one hand, the receiving and storing efficiency of the data between the processor chip and the memory can be improved by using the method of receiving and storing the data packets to be written in parallel; meanwhile, the data integrity can be ensured by comparing the data writing authentication code of the processor with the data writing authentication code of the memory; furthermore, the received write integrity information of the data to be written, which is calculated in the processor, is utilized to generate the memory write data authentication code, and then the processor write data authentication code is compared with the memory write data authentication code, the write integrity information is calculated in the memory without utilizing the data to be written again, the influence of operation bottleneck caused by calculation of the write integrity information is reduced, and therefore the data storage efficiency is improved on the premise of ensuring the data integrity.

In another specific implementation manner, in the data writing device provided in this embodiment of the present invention, the processor write data authentication code is an authentication code generated based on the shared key, the write integrity information, and a current processor write data counter value, the processor write data counter value is a counter value obtained based on an initial value of the processor write data counter value and a count sequence of the processor write data counter, and after the processor write data authentication code is generated, a new processor write data counter value is obtained according to the current processor write data counter value and the count sequence of the processor write data counter and is stored as the processor write data counter value;

the memory storage module 32 is adapted to generate the memory write data authentication code based on the shared key, the write integrity information, and the current memory write data counter value, acquire a new memory write data counter value according to the current memory write data counter value and a count sequence of the memory write data counter, and store the new memory write data counter value as the memory write data counter value, where the memory write data counter value is a counter value obtained based on an initial value of the memory write data counter value and a count sequence of the memory write data counter, the initial value of the memory write data counter value is the same as the initial value of the processor write data counter value, and the count sequence of the memory write data counter is the same as the count sequence of the processor write data counter;

the memory validation module 34 is adapted to store the current memory write data counter value and one of the current processor write data authentication code and the current memory write data authentication code.

Referring to fig. 2, an embodiment of the invention further provides a memory, including:

the number of the common storage units is greater than or equal to 2, the common storage units are suitable for receiving and storing data to be written, the data to be written comprises at least one data packet to be written, and each common storage unit is suitable for receiving each data packet to be written in parallel and storing each data packet to be written in parallel;

an encryption storage unit 22, adapted to receive write integrity information of the data to be written and a processor write data authentication code of the data to be written, generate a memory write data authentication code based on at least the shared key and the write integrity information, and determine whether the processor write data authentication code is equal to the memory write data authentication code, where the processor write data authentication code is an authentication code generated based on at least the shared key and the write integrity information;

a count storage unit 23 adapted to store at least the processor write data authentication code or the memory write data authentication code when the processor write data authentication code is equal to the memory write data authentication code.

By adopting the memory of the above embodiment of the present invention, the data to be written includes at least one data packet to be written, the general storage unit of the memory can receive and store each data packet to be written in parallel, the encryption storage unit can receive the write integrity information of the data to be written calculated in the processor and the processor write data authentication code of the data to be written, then generate a memory write data authentication code based on at least the shared key and the write integrity information, and verify the integrity of the data to be written by comparing the processor write data authentication code with the memory write data authentication code, so that on one hand, the receiving and storing efficiency of the data between the processor chip and the memory can be improved by using the method of receiving and storing each data packet to be written in parallel; meanwhile, the data integrity can be ensured by comparing the data writing authentication code of the processor with the data writing authentication code of the memory; furthermore, the received write integrity information of the data to be written, which is calculated in the processor, is utilized to generate the memory write data authentication code, and then the processor write data authentication code is compared with the memory write data authentication code, the write integrity information is calculated in the memory without utilizing the data to be written again, the influence of operation bottleneck caused by calculation of the write integrity information is reduced, and therefore the data storage efficiency is improved on the premise of ensuring the data integrity.

Optionally, the processor write data authentication code is an authentication code generated based on the shared key, the write integrity information, and the current processor write data counter value, the processor write data counter value is a counter value obtained based on an initial value of the processor write data counter value and a count sequence of the processor write data counter, and after the processor write data authentication code is generated, a new processor write data counter value is obtained according to the current processor write data counter value and the count sequence of the processor write data counter, and is stored as the processor write data counter value;

the encryption storage unit is adapted to receive write integrity information of the data to be written and a processor write data authentication code of the data to be written, generate a memory write data authentication code based on at least the shared key and the write integrity information, and determine whether the processor write data authentication code is equal to the memory write data authentication code, including: generating the memory write data authentication code based on the shared key, the write integrity information and the current memory write data counter value, acquiring a new memory write data counter value according to the current memory write data counter value and a count sequence of a memory write data counter, and storing the new memory write data counter value as a memory write data counter value, wherein the memory write data counter value is a counter value obtained based on an initial value of the memory write data counter value and a count sequence of the memory write data counter, the initial value of the memory write data counter value is the same as the initial value of the processor write data counter value, and the count sequence of the memory write data counter is the same as the count sequence of the processor write data counter;

the count storage unit is adapted to store at least the processor write data authentication code or the memory write data authentication code including: storing the current memory write data counter value and one of the current processor write data authentication code and the current memory write data authentication code.

Embodiments of the present invention further provide a memory, where the memory stores a program suitable for data writing to implement the data writing method, and specific data writing methods, principles, and effects thereof can be described with reference to the foregoing embodiments, and are not described herein again.

An embodiment of the present invention further provides a memory chip, which may include the data writing device or the memory according to any of the foregoing embodiments, and reference may be specifically made to the foregoing embodiment schemes, which are not described herein again.

An embodiment of the present invention further provides an electronic device, which may include the memory chip according to the foregoing embodiment, and reference may be specifically made to the foregoing embodiment, which is not described herein again.

Referring to fig. 9, fig. 9 is a schematic structural diagram of a data reading device according to an embodiment of the present invention, and the data reading device 4 according to the embodiment of the present invention includes:

a processor receiving module 41, adapted to receive at least data to be read and a memory read data authentication code of the data to be read; the data to be read comprises at least one data packet to be read, the data packets to be read are received in parallel, and the memory read data authentication code is an authentication code generated at least based on a shared key and write integrity information of the data to be read;

a processor storage module 42, adapted to store the data to be read, generate read integrity information of the data to be read by using the data to be read, generate a processor read data authentication code based on at least the shared secret key and the read integrity information, and store each data packet to be written as parallel storage;

a processor determination module 43 adapted to determine whether the memory read data authentication code is equal to the processor read data authentication code;

a processor confirmation module 44 adapted to confirm the integrity of the data to be read when the memory read data authentication code is equal to the processor read data authentication code.

It is understood that the memory may be configured with corresponding modules to implement the data writing method in cooperation with the processor.

Thus, in the data reading apparatus provided in the embodiment of the present invention, the data to be read includes at least one data packet to be read, the processor receiving module may receive each data packet to be read in parallel, and receives the processor reading data authentication code with the data to be read, the processor memory module can receive and store each data packet to be read in parallel, then generating reading integrity information of the data to be read by using the data to be read, generating a processor reading data authentication code at least based on the shared secret key and the reading integrity information, verifying the integrity of the data to be read by comparing the processor read data authentication code with the memory read data authentication code, therefore, on one hand, the receiving and storing efficiency of the data between the processor chip and the memory can be improved by utilizing the method for receiving and storing each data packet to be read in parallel; meanwhile, the data integrity can be ensured by comparing the data reading authentication code of the processor with the data reading authentication code of the memory; furthermore, the memory also generates a memory read data authentication code by using the write integrity information stored in the write process, and then compares the processor read data authentication code with the memory read data authentication code, so that the integrity information of the data to be read does not need to be calculated in the memory, the influence of operation bottleneck caused by the calculation of the integrity information is reduced, and the data storage efficiency is improved on the premise of ensuring the data integrity.

the processor storage module 42 is adapted to generate the processor read data authentication code based on at least the shared secret key, the read integrity information and a current processor read data counter value; and after the processor reading data authentication code is generated, taking the next value of the current processor reading data counter value as the processor reading data counter value by the processor reading data counter value according to the counting sequence of the processor reading data counter, wherein the initial value of the memory reading data counter value is the same as the initial value of the processor reading data counter value, and the counting sequence of the memory reading data counter is the same as the counting sequence of the processor reading data counter.

Optionally, the processor receiving module 41 is adapted to receive the data to be read, the memory write data counter value stored when the data to be read is written, and the memory read data authentication code, where the memory read data authentication code is an authentication code generated based on the shared key, one of the processor write data authentication code and the memory write data authentication code, and the current memory read data counter value;

the processor storage module 44 is adapted to generate the processor read data authentication code based on the shared key, the read integrity information, the current processor read data counter value, and the memory write data counter value.

Referring to fig. 11, fig. 11 is a schematic structural diagram of a system on chip according to an embodiment of the present invention, and an embodiment of the present invention further provides a system on chip 5, including:

a general processor 51 comprising at least one processor core adapted to send a read data request to read data, including reading at least one data packet to be read, each processor core being adapted to receive each of said data packets to be read in parallel;

an encryption processor 52 adapted to receive at least the memory read data authentication code of the data to be read; the memory read data authentication code is an authentication code generated at least based on a shared secret key and write integrity information of the data to be read; storing the data to be read, generating read integrity information of the data to be read by using the data to be read, generating a processor read data authentication code at least based on the shared secret key and the read integrity information, and storing each data packet to be written into as parallel storage; and when the memory read data authentication code is equal to the processor read data authentication code, confirming the integrity of the data to be read.

Thus, in the system on chip 5 provided in the embodiment of the present invention, the data to be read includes at least one data packet to be read, the general processor 51 may receive and store each data packet to be read in parallel, the encryption processor 52 may receive a processor read data authentication code corresponding to the data to be read, then generate read integrity information of the data to be read by using the data to be read, generate a processor read data authentication code based on at least the shared key and the read integrity information, and verify integrity of the data to be read by comparing the processor read data authentication code with the memory read data authentication code, so that on one hand, a method of receiving and storing each data packet to be read in parallel may be used to improve receiving and storing efficiency of data between the system on chip and the memory; meanwhile, the data integrity can be ensured by comparing the data reading authentication code of the processor with the data reading authentication code of the memory; further, the encryption processor 52 further generates a memory read data authentication code by using the write integrity information stored in the write process, and further performs comparison between the processor read data authentication code and the memory read data authentication code, so that the integrity information of the data to be read does not need to be calculated in the memory, the influence of the operation bottleneck caused by the calculation of the integrity information is reduced, and the data storage efficiency is improved on the premise of ensuring the integrity of the data.

the cryptographic processor 52 adapted to generate the processor-read data authentication code based on at least the shared key, the read integrity information, and a current processor-read data counter value; and after the processor reading data authentication code is generated, taking the next value of the current processor reading data counter value as the processor reading data counter value by the processor reading data counter value according to the counting sequence of the processor reading data counter, wherein the initial value of the memory reading data counter value is the same as the initial value of the processor reading data counter value, and the counting sequence of the memory reading data counter is the same as the counting sequence of the processor reading data counter.

Optionally, the encryption processor 52 is further adapted to receive the memory write data counter value and the memory read data authentication code stored when the data to be read is written, where the memory read data authentication code is an authentication code generated based on the shared key, one of the processor write data authentication code and the memory write data authentication code, and the current memory read data counter value; generating the processor read data authentication code based on the shared key, the read integrity information, the current processor read data counter value, and the memory write data counter value.

The embodiment of the invention also provides a processor, which is characterized in that the processor is configured to execute the data reading method. Specifically, reference may be made to the foregoing embodiment, which is not described herein again.

The embodiment of the present invention further provides an electronic device, which is characterized by including the data reading apparatus, or the system on chip, or the processor. Specifically, reference may be made to the foregoing embodiment, which is not described herein again.

Although the embodiments of the present invention are disclosed above, the embodiments of the present invention are not limited thereto. Various changes and modifications may be effected therein by one of ordinary skill in the pertinent art without departing from the scope or spirit of the present embodiments, and it is intended that the scope of the present embodiments be defined by the appended claims.

Claims

1. A data reading method, comprising:

receiving at least data to be read and a memory read data authentication code of the data to be read; the data to be read comprises at least one data packet to be read, the data packets to be read are received in parallel, the data packets to be read are received simultaneously, the memory read data authentication code is an authentication code generated at least based on a shared key and write integrity information of the data to be read, and the write integrity information is stored in a memory in a write process;

the step of obtaining the data to be read comprises:

the method comprises the steps that a memory receives a data address of data to be read and a processor read request authentication code of the data address, wherein the data address comprises at least one data address bit, the data address bits are received in parallel, the data packets to be read are received simultaneously, and the processor read request authentication code is an authentication code generated at least based on a shared secret key and the data address;

when the processor read request authentication code is equal to the memory read request authentication code, acquiring the data to be read according to the data address;

storing the data to be read, generating reading integrity information of the data to be read by using the data to be read, generating a processor reading data authentication code at least based on the shared secret key and the reading integrity information, and storing each data packet to be read as parallel storage;

2. The data reading method according to claim 1, wherein the memory read data authentication code is an authentication code generated based on at least the shared key, the write integrity information, and a memory read data counter value, the memory read data counter value is a counter value obtained based on an initial value of a memory read data counter value and a count sequence of a memory read data counter, and the memory read data counter value takes a next value of the memory read data counter value as the memory read data counter value according to the count sequence of the memory read data counter after the memory read data authentication code is generated;

generating the processor read data authentication code based at least on the shared key, the read integrity information, and a current processor read data counter value; after the processor read data authentication code is generated, the processor read data counter value takes the next value of the current processor read data counter value as the processor read data counter value according to the counting sequence of the processor read data counter, wherein the initial value of the memory read data counter value is the same as the initial value of the processor read data counter value, the counting sequence of the memory read data counter is the same as the counting sequence of the processor read data counter, the processor read data counter value is a counter value obtained based on the initial value of the processor read data counter value and the counting sequence of the processor read data counter, and the counting sequence of the processor read data counter is a digital sequence with different numbers between each bit.

3. The data reading method of claim 1, wherein the step of receiving at least the data to be read and the memory read data authentication code of the data to be read comprises:

receiving the data to be read, the memory write data counter value and the memory read data authentication code stored when the data to be read is written, wherein the memory read data authentication code is an authentication code generated based on the shared key, one of the processor write data authentication code and the memory write data authentication code, and the current memory read data counter value, the processor write data authentication code is an authentication code generated based on at least the shared key and the write integrity information, and the memory write data authentication code is an authentication code generated based on at least the shared key and the write integrity information;

and generating the processor reading data authentication code based on the shared key, the reading integrity information, the current processor reading data counter value and the memory writing data counter value, wherein the processor reading data counter value is a counter value obtained based on an initial value of the processor reading data counter value and a counting sequence of the processor reading data counter, and the counting sequence of the processor reading data counter is a digital sequence with different numbers between each bit.

4. The data reading method of claim 1, further comprising: and when the memory read data authentication code is not equal to the processor read data authentication code, returning report information.

5. The data reading method according to claim 1, wherein the reception of the data to be read and the reception of the memory read data authentication code of the data to be read are received in parallel.

6. The data reading method according to claim 1, wherein each data packet to be read is transmitted from a common memory location of the memory, and the common memory location transmitting each data packet to be read is different.

7. The data reading method according to claim 1, wherein the memory read data authentication code of the data to be read is transmitted by an encrypted memory location of the memory.

8. The data reading method of claim 3, wherein the receiving of the memory write data counter value is received in parallel with the receiving of the data to be read, a memory read data authentication code for the data to be read.

9. The data reading method of claim 3, wherein the memory write data counter value is sent by a count storage location of the memory.

10. The data reading method according to claim 1, wherein the processor read request authentication code is an authentication code generated based on the shared key, a data address of the data to be read, and a processor read request counter value; the processor read request counter value is a counter value obtained based on an initial value of the processor read request counter value and a counting sequence of the processor read request counter, and after the processor read request authentication code is generated, the processor read request counter value takes the next value of the current processor read request counter value as the processor read request counter value according to the counting sequence of the processor read request counter;

the step of generating a memory read request authentication code based at least on the shared key and the data address comprises:

generating the memory read request authentication code based on the shared key, the data address, and a current memory read request counter value; after the memory read request authentication code is generated, the memory read request counter value takes the next value of the current memory read request counter value as the memory read request counter value according to the counting sequence of the memory read request counter; the memory read request counter value is a counter value obtained based on an initial value of the memory read request counter value and a counting sequence of the memory read request counter, the initial value of the memory read request counter value is the same as the initial value of the processor read request counter value, and the counting sequence of the memory read request counter is the same as the counting sequence of the processor read request counter.

11. The data reading method of claim 1, further comprising:

12. A method for reading data according to claim 1, wherein the receipt of each data address bit is received in parallel with the receipt of a processor read request authentication code for the data address.

13. A method for reading data according to claim 1, wherein each of said data address bits is received by a common memory location of said memory; and the common storage units corresponding to the data addresses are different.

14. The data reading method of claim 1, wherein the data address and a processor read request authentication code of the data address are received using an encrypted storage unit of the memory.

15. A data reading method according to claim 10, wherein the current memory read request counter value is stored using a count storage location of the memory.

16. A data reading apparatus, comprising:

the processor receiving module is suitable for at least receiving data to be read and a memory read data authentication code of the data to be read; the data to be read comprises at least one data packet to be read, the data packets to be read are received in parallel, the data packets to be read are received simultaneously, the memory read data authentication code is an authentication code generated at least based on a shared key and write integrity information of the data to be read, and the write integrity information is stored in a memory in a write process;

the step of obtaining the data to be read comprises:

the processor storage module is suitable for storing the data to be read, reading integrity information of the data to be read is generated by using the data to be read, a processor reading data authentication code is generated at least based on the shared secret key and the reading integrity information, and storage of each data packet to be read is parallel storage;

17. The data reading device of claim 16, wherein the memory read data authentication code is an authentication code generated based on at least the shared key, the write integrity information, and a memory read data counter value, the memory read data counter value is a counter value derived based on an initial value of a memory read data counter value and a count sequence of a memory read data counter, and the memory read data counter value takes a next value of the memory read data counter value as the memory read data counter value according to the count sequence of the memory read data counter after the memory read data authentication code is generated;

the processor storage module is adapted to generate the processor read data authentication code based on at least the shared key, the read integrity information, and a current processor read data counter value; after the processor read data authentication code is generated, the processor read data counter value takes the next value of the current processor read data counter value as the processor read data counter value according to the counting sequence of the processor read data counter, wherein the initial value of the memory read data counter value is the same as the initial value of the processor read data counter value, the counting sequence of the memory read data counter is the same as the counting sequence of the processor read data counter, the processor read data counter value is a counter value obtained based on the initial value of the processor read data counter value and the counting sequence of the processor read data counter, and the counting sequence of the processor read data counter is a digital sequence with different numbers between each bit.

18. The data reading device of claim 16, wherein the processor receiving module is adapted to receive the data to be read, the memory write data counter value stored when the data to be read is written, and the memory read data authentication code, the memory read data authentication code being an authentication code generated based on the shared key, one of the processor write data authentication code and the memory write data authentication code, and the current memory read data counter value, wherein the processor write data authentication code is an authentication code generated based on at least a shared key and the write integrity information, the memory write data authentication code being an authentication code generated based on at least the shared key and the write integrity information;

the processor storage module is adapted to generate the processor read data authentication code based on the shared key, the read integrity information, the current processor read data counter value and the memory write data counter value, where the processor read data counter value is a counter value obtained based on an initial value of the processor read data counter value and a count sequence of the processor read data counter, and the count sequence of the processor read data counter is a number sequence in which numbers between each bit are different from each other.

19. A system on a chip, comprising:

the system comprises a common processor, a data processing unit and a data processing unit, wherein the common processor comprises at least one processor core and is suitable for sending a read data request to read data, the read data request comprises at least one data packet to be read, each processor core is suitable for receiving each data packet to be read in parallel, and the data packets to be read are received simultaneously;

the encryption processor is suitable for at least receiving the memory reading data authentication code of the data to be read; the memory read data authentication code is an authentication code generated at least based on a shared secret key and write integrity information of the data to be read, and the write integrity information is stored in the memory in the write process; storing the data to be read, generating reading integrity information of the data to be read by using the data to be read, generating a processor reading data authentication code at least based on the shared secret key and the reading integrity information, and storing each data packet to be read as parallel storage; when the memory read data authentication code is equal to the processor read data authentication code, confirming the integrity of the data to be read;

the step of obtaining the data to be read comprises:

20. The system on a chip of claim 19, wherein the memory read data authentication code is an authentication code generated based on at least the shared key, the write integrity information, and a memory read data counter value, the memory read data counter value is a counter value derived based on an initial value of a memory read data counter value and a count sequence of a memory read data counter, and the memory read data counter value takes a next value of the memory read data counter value as the memory read data counter value according to the count sequence of the memory read data counter after the memory read data authentication code is generated;

the encryption processor is adapted to generate the processor read data authentication code based on at least the shared key, the read integrity information, and a current processor read data counter value; after the processor read data authentication code is generated, the processor read data counter value takes the next value of the current processed read data counter value as the processed read data counter value according to the counting sequence of the processor read data counter, wherein the initial value of the memory read data counter value is the same as the initial value of the processor read data counter value, the counting sequence of the memory read data counter is the same as the counting sequence of the processor read data counter, the processor read data counter value is a counter value obtained based on the initial value of the processor read data counter value and the counting sequence of the processor read data counter, and the counting sequence of the processor read data counter is a digital sequence with different numbers between each bit.

21. The system on a chip of claim 19, wherein the encryption processor is further adapted to: receiving the memory write data counter value and the memory read data authentication code stored when the data to be read is written, wherein the memory read data authentication code is an authentication code generated based on the shared key, one of the processor write data authentication code and the memory write data authentication code, and the current memory read data counter value, the processor write data authentication code is an authentication code generated based on at least the shared key and the write integrity information, and the memory write data authentication code is an authentication code generated based on at least the shared key and the write integrity information;

22. A processor, characterized in that the processor is configured to perform the data reading method according to any one of claims 1-15.

23. An electronic device comprising a data reading apparatus as claimed in any one of claims 16 to 18, or a system on a chip as claimed in any one of claims 19 to 21, or a processor as claimed in claim 22.