CN111814212A - Bus data protection method and device, storage medium and chip - Google Patents

Bus data protection method and device, storage medium and chip Download PDF

Info

Publication number
CN111814212A
CN111814212A CN202010928069.6A CN202010928069A CN111814212A CN 111814212 A CN111814212 A CN 111814212A CN 202010928069 A CN202010928069 A CN 202010928069A CN 111814212 A CN111814212 A CN 111814212A
Authority
CN
China
Prior art keywords
random number
module
bus
number generator
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010928069.6A
Other languages
Chinese (zh)
Other versions
CN111814212B (en
Inventor
朱华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Semidrive Technology Co Ltd
Original Assignee
Nanjing Semidrive Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Semidrive Technology Co Ltd filed Critical Nanjing Semidrive Technology Co Ltd
Priority to CN202010928069.6A priority Critical patent/CN111814212B/en
Publication of CN111814212A publication Critical patent/CN111814212A/en
Application granted granted Critical
Publication of CN111814212B publication Critical patent/CN111814212B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The application discloses a bus data protection method and device, a storage medium and a chip, and belongs to the technical field of chip safety. The method comprises the following steps: when the first module is a master module, the second module is a slave module, and the first module performs write operation to the second module, or when the first module is a slave module, the second module is a master module, and the second module performs read operation to the first module, the first module sends the sensitive data to the bus encryption module; the bus encryption module acquires a first random number and sends encrypted data obtained by encrypting the sensitive data according to the first random number to the bus; the bus sends the encrypted data to the bus decryption module; the bus decryption module obtains a second random number, and sensitive data obtained by decrypting the encrypted data according to the second random number are sent to the second module, wherein the second random number is the same as the first random number. The embodiment of the application can ensure the consistency of random numbers, improve the safety and accuracy of data transmission and reduce the overhead of bus bit width.

Description

Bus data protection method and device, storage medium and chip
Technical Field
The embodiment of the application relates to the field of chip security, in particular to a method and a device for protecting bus data, a storage medium and a chip.
Background
The chip is used as a core component of a system and plays a significant role in the important fields of computers, consumer electronics, network communication, automobile electronics and the like. In order to improve the security of the sensitive data in the chip, the whole process from generation (one end) to use/consumption (one end) of the sensitive data in the chip needs to be encrypted and protected, and the current relatively common encryption protection technology is a bus encryption technology.
Most of the current chips adopt buses to connect a master module and a slave module, so that data interconnection of the master module and the slave module is realized. In many chips, the bus is a topological structure distributed in the chip, and can physically exist in each part of the chip, so that the state of an internal signal can be monitored by adopting a physical attack means aiming at the weak point of the bus, and a monitored point can be found out possibly to directly steal sensitive data. In the prior art, a random number may be added to sensitive data, and mask transmission may be performed on the random number and the sensitive data.
The bus encryption technology needs to transmit sensitive data and random numbers at the same time, and hackers can monitor the masked sensitive data and the masked random numbers at the same time and solve the sensitive data through simple operation, so that the sensitive data is leaked. In addition, the sensitive data and the mask random number increase the overhead of the bus bit width after the mask is transmitted on the bus.
Disclosure of Invention
The embodiment of the application provides a bus data protection method, a device, a storage medium and a chip, which are used for solving the problems of low security and increased bus bit width overhead when sensitive data after a mask and a mask random number are transmitted on a bus simultaneously. The technical scheme is as follows:
in one aspect, a method for protecting bus data is provided, the method including:
when a first module determines that sensitive data needs to be sent to a second module according to read operation or write operation, the first module sends the sensitive data to a bus encryption module;
the bus encryption module receives the sensitive data, acquires a first random number in a first random number generator corresponding to the first module, encrypts the sensitive data according to the first random number, and sends the acquired encrypted data to a bus;
the bus sends the encrypted data to a bus decryption module;
the bus decryption module receives the encrypted data, acquires a second random number in a second random number generator corresponding to the second module, decrypts the encrypted data according to the second random number, and sends the acquired sensitive data to the second module, wherein the second random number and the first random number are the same random numbers acquired by updating the same true random number for the same times;
the second module receives the sensitive data.
In one possible implementation, the method further includes:
after each data transmission is finished, a main module sends a random number updating request to a random number consistency bus, wherein the main module is a module initiating data transmission in the first module and the second module;
the random number consistency bus controls each first random number generator to update the first random number of the first random number generator once, and controls each second random number generator to update the second random number of the second random number generator once;
each first random number generator corresponds to one first module, each second random number generator corresponds to one second module, and the updated first random number is the same as the updated second random number.
In one possible implementation form of the method,
the controlling each first random number generator to update the respective first random number once comprises: for each first random number generator in the first state, the first random number generator updates the first random number of the first random number generator once; for each first random number generator in a second state, the first random number generator records the number k of times to be updated of the first random number generator, after a first module corresponding to the first random number generator completes data transmission, the first random number of the first random number generator updates the first random number of the first random number generator for k times, and the state of the first random number generator is set to be the first state, the second state is set when the first module corresponding to the first random number generator is performing data transmission, and other first modules and second modules complete data transmission, and k is a positive integer;
the controlling each second random number generator to update the respective second random number once includes: for each second random number generator in the first state, the second random number generator updates the second random number of the second random number generator once; for each second random number generator in the second state, the second random number generator records the number n of times to be updated of the second random number generator, after the second module corresponding to the second random number generator completes data transmission, the second random number of the second random number generator is updated for n times, the state of the second random number generator is set to be the first state, the second state is set when the second module corresponding to the second random number generator is performing data transmission, and other first modules and second modules complete data transmission, and n is a positive integer.
In one possible implementation, the method further includes:
when the bus is in an idle state, the true random source broadcasts true random numbers to all the first random number generators and all the second random number generators;
each first random number generator generates an initial first random number according to the true random number;
each second random number generator generates an initial second random number according to the true random number;
wherein the initial first random number and the initial second random number are the same.
In one possible implementation, characterized in that,
the encrypting the sensitive data according to the first random number includes: the bus encryption module acquires an encryption algorithm corresponding to the sensitive data and encrypts the sensitive data according to the first random number and the encryption algorithm;
the decrypting the encrypted data according to the second random number includes: and the bus decryption module acquires a decryption algorithm corresponding to the encrypted data, and decrypts the encrypted data according to the second random number and the decryption algorithm, wherein the decryption algorithm corresponds to the encryption algorithm.
In one possible implementation form of the method,
the bus encryption module acquires an encryption algorithm corresponding to the sensitive data, and the encryption algorithm comprises the following steps: the bus encryption module acquires address information of a slave module, and searches an encryption algorithm corresponding to the address information in a first corresponding relation, wherein mapping between different address information and different encryption algorithms is stored in the first corresponding relation;
the bus decryption module obtains a decryption algorithm corresponding to the encrypted data, and the decryption algorithm comprises the following steps: the bus decryption module acquires address information of the slave module, and searches a decryption algorithm corresponding to the address information in a second corresponding relation, wherein the second corresponding relation stores mapping between different address information and different decryption algorithms;
the slave module is a module used for data storage or data operation in the first module and the second module.
In one possible implementation form of the method,
the bus encryption module acquires an encryption algorithm corresponding to the sensitive data, and the encryption algorithm comprises the following steps: the bus encryption module acquires a control signal sent by a bus, and searches an encryption algorithm corresponding to the control signal in a third corresponding relation, wherein the third corresponding relation stores mapping between different control signals and different encryption algorithms;
the bus decryption module obtains a decryption algorithm corresponding to the encrypted data, and the decryption algorithm comprises the following steps: the bus decryption module obtains the control signal sent by the bus, and searches for a decryption algorithm corresponding to the control signal in a fourth corresponding relation, wherein the fourth corresponding relation stores mapping between different control signals and different decryption algorithms.
In one aspect, an apparatus for protecting bus data is provided, the apparatus comprising:
the bus encryption module is used for encrypting the data to be sent to the first module according to the read operation or the write operation;
the encryption module is used for receiving the sensitive data through the bus encryption module, acquiring a first random number in a first random number generator corresponding to the first module, encrypting the sensitive data according to the first random number, and sending the acquired encrypted data to a bus;
the transmission module is used for sending the encrypted data to the bus decryption module through the bus;
the decryption module is used for receiving the encrypted data through the bus decryption module, acquiring a second random number in a second random number generator corresponding to the second module, decrypting the encrypted data according to the second random number, and sending the acquired sensitive data to the second module, wherein the second random number and the first random number are the same random numbers acquired by updating the same true random number for the same number of times;
a receiving module for receiving the sensitive data through the second module.
In one aspect, there is provided a computer readable storage medium having stored therein at least one instruction, at least one program, set of codes, or set of instructions that is loaded and executed by a processor to implement the method of bus data protection as described above.
In one aspect, a chip is provided, where the chip includes a processor and a memory, where the memory stores at least one instruction, and the instruction is loaded and executed by the processor to implement the bus data protection method described above.
The technical scheme provided by the embodiment of the application has the beneficial effects that at least:
when a first module determines that sensitive data needs to be sent to a second module according to read operation or write operation, the first module sends the sensitive data to a bus encryption module, the bus encryption module receives the sensitive data, a first random number in a first random number generator corresponding to the first module is obtained, the sensitive data is encrypted according to the first random number, the obtained encrypted data is sent to a bus, the bus sends the encrypted data to a bus decryption module, the bus decryption module receives the encrypted data, a second random number in a second random number generator corresponding to the second module is obtained, and the second random number and the first random number are the same random number obtained by updating the same true number for the same times, so the bus decryption module can decrypt the encrypted data according to the second random number and send the obtained sensitive data to the second module, thereby completing a data transmission. In this embodiment, only the encrypted data needs to be transmitted in the bus, and the first random number does not need to be transmitted, so that even if a hacker can monitor the encrypted data, the hacker cannot decrypt the encrypted data because the hacker cannot acquire the second random number, thereby improving the security of data transmission. In addition, the elimination of the first random number on the bus also reduces the overhead of bus bit width.
Because the first random number generator and the second random number generator have the same structure, the random seeds received by the first random number generator and the second random number generator are the same, and the first random number generator and the second random number generator synchronously update according to the random seeds, the first random number obtained after each self-operation updating of the first random number generator is the same as the second random number obtained after each self-operation updating of the second random number generator, so that the sensitive data can be ensured to be correctly encrypted and decrypted. In addition, after each data transmission is completed, the first random numbers in all the first random number generators and the second random numbers in all the second random number generators need to be updated, and all the first random numbers and the second random numbers are kept the same. That is, the first random number and the second random number used in different data transmissions are different, and the first random number and the second random number used in the same data transmission are the same.
The random number generator adopts a mixed random number generation mode of a true random source providing a true random entropy source and a pseudo random generation unit, the true random source broadcasts and sends a true random number to the pseudo random number generator as a random seed, and the random number generator receives the true random source seed and adds the true random source seed into the pseudo random number generation unit to generate a new random number. After each data transmission, the random number generator updates the pseudo-random generating unit once. Because the input and the update of the random number generators corresponding to the master module and the slave module are consistent, the numerical value of the random number can ensure the consistency, thereby ensuring the unpredictability of the random number and improving the safety of data transmission.
When a plurality of first modules are allowed to send sensitive data to a plurality of second modules at the same time, the random numbers can still be updated by adopting the updating mode of the random numbers, so that the random numbers adopted by each data encryption and decryption are different, and the safety of data transmission is ensured; and the first random number and the second random number adopted by the same data encryption and decryption are the same, thereby ensuring that the data can be correctly encrypted and decrypted.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flow chart of a method for protecting bus data according to an embodiment of the present application;
FIG. 2 is a block diagram illustrating a chip that allows a module to transmit data at the same time according to some exemplary embodiments;
FIG. 3 is a block diagram illustrating a chip that allows multiple modules to transmit data at the same time, according to some exemplary embodiments;
FIG. 4 is a schematic diagram illustrating the structure of an example chip according to some exemplary embodiments;
FIG. 5 is a diagram illustrating raw data, random number states, and bus encryption results provided by one embodiment of the present application;
fig. 6 is a block diagram of a bus data protection device according to still another embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present application more clear, the embodiments of the present application will be further described in detail with reference to the accompanying drawings.
Referring to fig. 1, a flowchart of a method for protecting bus data according to an embodiment of the present application is shown, where the method for protecting bus data can be applied to a chip. The bus data protection method can include:
step 101, when the first module determines that sensitive data needs to be sent to the second module according to read operation or write operation, the first module sends the sensitive data to the bus encryption module.
The modules for data transmission in this embodiment include a master module and a slave module. The master module is a module for initiating data transmission, and for example, the master module may be a CPU (Central Processing Unit), a DMA (Direct Memory Access), or the like. The slave module is a module for data storage or data operation, or the slave module may be a peripheral device. For example, the slave module for data storage may be a ROM (Read-Only Memory), an SRAM (Static Random-Access Memory), or the like; the slave module for performing data operation may be operation Engine, and the Peripheral may be Peripheral, etc.
If the slave module is used for data storage, one application scenario is that the master module writes sensitive data into the slave module, and at this time, the first module is the master module, and the second module is the slave module; another application scenario is where the master module reads sensitive data from the slave modules, where the first module is the slave module and the second module is the master module.
If the slave module is used for data operation, the master module needs to write sensitive data into the slave module, and at the moment, the first module is the master module, and the second module is the slave module; after the slave module obtains the operation result, the master module needs to read the operation result from the slave module, where the first module is the slave module and the second module is the master module.
If the slave module is a peripheral, one application scenario is that the master module sends data to the slave module, and the other application scenario is that the slave module sends data to the master module. In general, the data transferred between the master and slave is not sensitive data, so the data can be transferred in the clear on the bus without transferring encrypted data.
Whether the first module is a master or a slave, the sensitive data will be sent to the bus encryption module whenever the first module needs to send the sensitive data to the second module.
And 102, the bus encryption module receives the sensitive data, acquires a first random number in a first random number generator corresponding to the first module, encrypts the sensitive data according to the first random number, and sends the acquired encrypted data to the bus.
The chip in this embodiment may include a plurality of first modules and a plurality of second modules. When only one first module is allowed to send sensitive data to one second module at the same time, if the first module is a master module and the second module is a slave module, a bus encryption module is arranged between the first module and a bus, and a bus decryption module is arranged between the second module and the bus; if the first module is a slave module and the second module is a master module, a bus decryption module is arranged between the first module and the bus, and a bus encryption module is arranged between the second module and the bus. For convenience of description, in this embodiment, a bus encryption module and a bus decryption module between the first module and the bus are collectively referred to as a bus encryption/decryption module, a bus encryption module and a bus decryption module between the second module and the bus are collectively referred to as a bus encryption/decryption module, and each bus encryption/decryption module is provided with a random number generator, each random number generator is connected with a true random source, and the true random source includes a random entropy source and is used for broadcasting a true random number as a random seed to the random number generator.
Referring to fig. 2, fig. 2 illustrates an example of a chip including two master modules and four slave modules, where the two master modules are connected to a bus through a bus encryption/decryption module, and the three slave modules are also connected to the bus through a bus encryption/decryption module, so that the three slave modules and the two master modules can transmit encrypted data on the bus. The remaining slave module is directly connected to the bus, on which the slave module and the two master modules can transmit plain data. It should be noted that the slave module may further include an encryption/decryption module, and this embodiment is not limited.
When a plurality of first modules are allowed to send sensitive data to a plurality of second modules at the same time, namely when one first module sends the sensitive data to one second module, the other first module can send the sensitive data to the other second module, at this time, each first module can be distributed with a bus encryption and decryption module and a random number generator, and each second module is distributed with a bus encryption and decryption module and a random number generator, so that each first module is connected with the bus through a corresponding bus encryption and decryption module and is connected with the random number consistency bus through a corresponding random number generator; each second module is connected with the bus through a corresponding bus encryption and decryption module, connected with the random number consistency bus through a corresponding random number generator, and connected with the true random source, wherein the true random source comprises a random entropy source and is used for broadcasting the true random number to the random number generator through the random number consistency bus to serve as a random seed.
Referring to fig. 3, fig. 3 illustrates an example in which the chip includes two master modules and four slave modules, each master module corresponds to a bus encryption/decryption module and a random number generator, and each master module is connected to the bus through a corresponding bus encryption/decryption module and connected to the random number consistency bus through a corresponding random number generator. Each slave module in the three slave modules corresponds to one bus encryption and decryption module and one random number generator, and each slave module is connected with the bus through the corresponding bus encryption and decryption module and is connected with the random number consistency bus through the corresponding random number generator. Thus, the three slaves and the two masters may transmit encrypted data over the bus. The remaining slave module is directly connected to the bus, on which the slave module and the two master modules can transmit plain data. It should be noted that the slave module may further include an encryption/decryption module, and this embodiment is not limited.
Referring to fig. 4, in fig. 4, one master module is a CPU, one master module is a DMA, one slave module is a ROM, one slave module is an SRAM, one slave module is an arithmetic Engine, one slave module is a Peripheral (Peripheral), and a bus is an AHB32bit bus.
In this embodiment, after receiving the sensitive data, the bus encryption module may read the first random number from the first random number generator, encrypt the sensitive data according to the first random number to obtain encrypted data, and finally send the encrypted data to the bus. The bus encryption module is a module related to encryption function in the bus encryption and decryption module corresponding to the first module. The first random number may be a random number obtained by updating the received true random number as a random seed by the first random number generator.
Wherein, can adopt high security to encrypt according to the security demand, data are transmitted to standard security encryption and the way of not encrypting, can adopt different encryption algorithm to encrypt sensitive data, at this moment, encrypt sensitive data according to first random number, include: the bus encryption module acquires an encryption algorithm corresponding to the sensitive data and encrypts the sensitive data according to the first random number and the encryption algorithm.
In a first encryption mode, a bus encryption module obtains an encryption algorithm corresponding to sensitive data, and the encryption algorithm comprises the following steps: the bus encryption module obtains address information of the slave module, an encryption algorithm corresponding to the address information is searched in a first corresponding relation, and mapping between different address information and different encryption algorithms is stored in the first corresponding relation.
In a second encryption mode, the bus encryption module obtains an encryption algorithm corresponding to the sensitive data, and the encryption algorithm comprises the following steps: the bus encryption module obtains a control signal sent by the bus, searches an encryption algorithm corresponding to the control signal in a third corresponding relation, and the third corresponding relation stores mapping between different control signals and different encryption algorithms.
For example, the AHB bus uses the HUSER signal as a control signal, and the AXI bus uses the AxUSER signal as a control signal.
Optionally, the master module may further send other data, such as address information of the slave module and an ID of the master module, to the bus encryption module, and the bus encryption module may encrypt only the sensitive data, but not encrypt other data, and send the encrypted data and the other data to the bus.
Step 103, the bus sends the encrypted data to the bus decryption module.
In this embodiment, the bus may acquire other data such as address information of the slave module and ID of the master module, in addition to the encrypted data. The other data may be sent to the bus by the bus encryption module, or may be sent to the bus by the main module, which is not limited in this embodiment.
The bus determines a bus decryption module corresponding to the second module according to the address information, and sends the encrypted data to the bus decryption module. The bus decryption module is a module related to decryption function in the bus encryption and decryption module corresponding to the second module.
And 104, the bus decryption module receives the encrypted data, acquires a second random number in a second random number generator corresponding to the second module, decrypts the encrypted data according to the second random number, and sends the acquired sensitive data to the second module, wherein the second random number and the first random number are the same random numbers acquired by updating the same true random number the same times.
In this embodiment, after receiving the encrypted data, the bus decryption module may read the second random number from the second random number generator, decrypt the encrypted data according to the second random number to obtain sensitive data, and finally send the sensitive data to the second module. The second random number may be a random number obtained by updating the received true random number as a random seed by the second random number generator. The second random number and the first random number are updated based on the same true random number, and the updating times of the second random number and the first random number are the same, so that the second random number and the first random number can be guaranteed to be the same.
Wherein decrypting the encrypted data according to the second random number may include: and the bus decryption module acquires a decryption algorithm corresponding to the encrypted data, and decrypts the encrypted data according to the second random number and the decryption algorithm, wherein the decryption algorithm corresponds to the encryption algorithm.
Corresponding to the first encryption mode, the bus decryption module obtaining a decryption algorithm corresponding to the encrypted data may include: the bus decryption module obtains the address information of the slave module, searches the decryption algorithm corresponding to the address information in the second corresponding relation, and the second corresponding relation stores the mapping between different address information and different decryption algorithms.
Corresponding to the second decryption mode, the bus decryption module obtaining the decryption algorithm corresponding to the encrypted data may include: the bus decryption module obtains the control signal sent by the bus, and searches for the decryption algorithm corresponding to the control signal in a fourth corresponding relation, wherein the fourth corresponding relation stores mapping between different control signals and different decryption algorithms.
Taking fig. 3 as an example, when the master module 1 or 2 sends sensitive data to the slave module 1 or 2, the sensitive data is encrypted by the algorithm a in the Bus encryption/decryption module, the encrypted data is transmitted on the Bus (Bus Matrix), and the encrypted data is decrypted by the algorithm a in the Bus encryption/decryption module. When the master module 1 or 2 sends the sensitive data to the slave module 3, the sensitive data is encrypted through the algorithm B in the bus encryption and decryption module, the encrypted data is transmitted on the bus, and the encrypted data is decrypted by adopting the algorithm B in the bus encryption and decryption module. When the master module 1 or 2 sends data to the slave module 4, no encryption or decryption operation is performed on the data.
It should be noted that, the first random number generator and the second random number generator have the same structure, the random seeds received by the first random number generator and the second random number generator are the same, and the first random number generator and the second random number generator synchronously update according to the random seeds, so that the first random number obtained after each self-operation update of the first random number generator and the second random number obtained after each self-operation update of the second random number generator are the same, thereby ensuring that the sensitive data can be correctly encrypted and decrypted. Therefore, only the encrypted data needs to be transmitted on the bus, and the first random number participating in encryption and the second random number participating in decryption are not transmitted on the bus, so that the transmission overhead and the logic scale of the bus are reduced, and the safety of the bus is also improved.
The second module receives the sensitive data, step 105.
In this embodiment, after each data transmission is completed, the first random numbers in all the first random number generators and the second random numbers in all the second random number generators need to be updated, and all the first random numbers and the second random numbers are kept the same. That is, the first random number and the second random number used in different data transmissions are different, and the first random number and the second random number used in the same data transmission are the same.
If only one first module is allowed to send sensitive data to one second module at the same time, the first random number generator and the second random number generator need to be controlled to update random numbers after each data transmission is completed. If the plurality of first modules are allowed to send the sensitive data to the plurality of second modules at the same time, the random number update may be coordinated through the random number consistency bus, and specifically, the random number update may be performed through step 106 and step 107.
And step 106, after each data transmission is finished, the main module sends a random number updating request to the random number consistency bus, and the main module initiates data transmission in the first module and the second module.
When the read operation or the write operation is a single-stroke transmission operation, only one stroke of data needs to be transmitted for one data transmission. When a read operation or a write operation is a Burst (Burst) transfer operation, a data transfer requires the transfer of a plurality of data. Among them, the burst transfer operation is widely applied to bus data transfer of a chip.
Step 107, the random number consistency bus controls each first random number generator to update its respective first random number once, and controls each second random number generator to update its respective second random number once.
Each first random number generator corresponds to one first module, each second random number generator corresponds to one second module, and the updated first random number is the same as the updated second random number.
Specifically, controlling each first random number generator to update its respective first random number once includes: for each first random number generator in the first state, the first random number generator updates the first random number of the first random number generator once; for each first random number generator in the second state, the first random number generator records the number k of times to be updated of the first random number generator, after the first module corresponding to the first random number generator completes data transmission, the first random number of the first random number generator updates the first random number of the first random number generator for k times, the state of the first random number generator is set to be the first state, the second state is set when the first module corresponding to the first random number generator is performing data transmission, and other first modules and second modules complete data transmission, and k is a positive integer. Controlling each second random number generator to update its respective second random number once may include: for each second random number generator in the first state, the second random number generator updates the second random number of the second random number generator; for each second random number generator in the second state, the second random number generator records the number n of times to be updated of the second random number generator, after the second module corresponding to the second random number generator completes data transmission, the second random number of the second random number generator is updated for n times, the state of the second random number generator is set to be the first state, the second state is that the second module corresponding to the second random number generator is performing data transmission, and the other first modules and the other second modules complete data transmission, wherein n is a positive integer.
When data transmission from one first module to one second module is in progress and data transmission from another first module to another second module is finished, the states of the first random number generator corresponding to the first module in progress and the second random number generator corresponding to the second module both need to be set to Dirty (i.e. the second state), and it is necessary to record how many times (i.e. the number n of times to be updated) that the random numbers in other random number generators need to be updated to catch up with the update of the random numbers in other random number generators, so that the random numbers in all random number generators are kept consistent. When the data transmission corresponding to the first random number generator and the second random number generator marked as dirty is finished, the random number needs to be updated, and after the updating is finished, the states of the first random number generator and the second random number generator are changed into Clean (namely, a first state).
It should be noted that, when the state of the first random number generator corresponding to a first module is dirty, the first module cannot transmit encrypted data until the state of the first random number generator becomes clean; when the state of the second random number generator corresponding to one second module is dirty, the second module cannot transmit the encrypted data until the state of the second random number generator becomes clean. In addition, when a first module and a second module are performing data transmission, and another first module wants to perform data transmission with the second module, it is necessary to wait until the current data transmission is finished and the random number update is finished before starting the next data transmission.
In this embodiment, the random number consistency bus may further obtain the transmission state of each main module, and if there is at least one main module that is performing data transmission, continue to obtain the transmission state of each main module; if all masters have not performed data transfer, i.e. the bus is idle, an update of the true random number may be triggered. When the bus is in an idle state, the true random source broadcasts true random numbers to all the first random number generators and all the second random number generators; each first random number generator generates an initial first random number according to the true random number; each second random number generator generates an initial second random number according to the true random number; wherein the initial first random number and the initial second random number are the same.
The random number generator in this embodiment adopts a true random source to provide a mixed random number generation form of the true random entropy source and the pseudorandom generation unit, the true random source broadcasts and sends the true random number to the pseudorandom number generator as a random seed, and the random number generator receives the true random source seed and adds the true random source seed to the pseudorandom number generation unit to generate a new random number. After each data transmission, the random number generator updates the pseudo-random generating unit once. Since the input and the update of the random number generators corresponding to the master module and the slave module are consistent, the value of the random number can ensure consistency. The pseudo random number unit may adopt a structure of a Linear Feedback Shift Register (LFSR).
To sum up, in the method for protecting bus data provided in this embodiment, when the first module determines that sensitive data needs to be sent to the second module according to a read operation or a write operation, the first module sends the sensitive data to the bus encryption module, the bus encryption module receives the sensitive data, obtains a first random number in a first random number generator corresponding to the first module, encrypts the sensitive data according to the first random number, sends the obtained encrypted data to the bus, the bus sends the encrypted data to a bus decryption module, and finally, the bus decryption module receives the encrypted data, obtains a second random number in a second random number generator corresponding to the second module, since the second random number and the first random number are the same random number obtained by updating the same true random number the same number of times, the bus decryption module can decrypt the encrypted data according to the second random number, and sending the obtained sensitive data to the second module so as to complete data transmission. In this embodiment, only the encrypted data needs to be transmitted in the bus, and the first random number does not need to be transmitted, so that even if a hacker can monitor the encrypted data, the hacker cannot decrypt the encrypted data because the hacker cannot acquire the second random number, thereby improving the security of data transmission. In addition, the elimination of the first random number on the bus also reduces the overhead of bus bit width.
Because the first random number generator and the second random number generator have the same structure, the random seeds received by the first random number generator and the second random number generator are the same, and the first random number generator and the second random number generator synchronously update according to the random seeds, the first random number obtained after each self-operation updating of the first random number generator is the same as the second random number obtained after each self-operation updating of the second random number generator, so that the sensitive data can be ensured to be correctly encrypted and decrypted. In addition, after each data transmission is completed, the first random numbers in all the first random number generators and the second random numbers in all the second random number generators need to be updated, and all the first random numbers and the second random numbers are kept the same. That is, the first random number and the second random number used in different data transmissions are different, and the first random number and the second random number used in the same data transmission are the same.
The random number generator adopts a mixed random number generation mode of a true random source providing a true random entropy source and a pseudo random generation unit, the true random source broadcasts and sends a true random number to the pseudo random number generator as a random seed, and the random number generator receives the true random source seed and adds the true random source seed into the pseudo random number generation unit to generate a new random number. After each data transmission, the random number generator updates the pseudo-random generating unit once. Because the input and the update of the random number generators corresponding to the master module and the slave module are consistent, the numerical value of the random number can ensure the consistency, thereby ensuring the unpredictability of the random number and improving the safety of data transmission.
Because only one first module can be allowed to send sensitive data to one second module at the same time, or a plurality of first modules can be allowed to send sensitive data to a plurality of second modules at the same time, the transmission mode of the sensitive data is expanded, and the structure of the chip is expanded.
When a plurality of first modules are allowed to send sensitive data to a plurality of second modules at the same time, the random numbers can still be updated by adopting the updating mode of the random numbers, so that the random numbers adopted by each data encryption and decryption are different, and the safety of data transmission is ensured; and the first random number and the second random number adopted by the same data encryption and decryption are the same, thereby ensuring that the data can be correctly encrypted and decrypted.
The data transmission flow is explained as an example.
The main module is assumed to be a CPU and a DMA respectively, the slave modules are respectively a ROM, an SRAM, an operation Engine and a peripheral, the ROM and the SRAM comprise an encryption and decryption module, the Engine module does not comprise the encryption and decryption module, the peripheral does not perform data encryption and decryption operation, and the selection of an encryption and decryption algorithm in the bus encryption and decryption module is determined according to the address information division of the slave modules.
The random number generator of the master-slave module adopts an LFSR structure, an LFSR structure with the length of m has the maximum internal state of 2m, and the period of the LFSR structure is 2 m-1 at most because the 0 state is fully closed. When the polynomial formed by adding 1 to the tap sequence is a primitive polynomial, the LFSR structure has a maximum period of 2 m-1. The example generator polynomial is: x is the number of31+ x3+x2And + x + 1, the feedback function is output after exclusive or by using the bit of the tap 30, 3, 2, 1, 0.
The encryption algorithm in this example is performed after the sensitive data is subjected to exclusive or with the random number and the address, and based on the characteristic of exclusive or, the decryption operation is the same as the encryption algorithm.
In the chip initialization process, the true random source sends a true random number to the random number generators corresponding to the master-slave modules, so that the random numbers in the random number generators are kept in a consistent state, and the initial random number is assumed to be 0xbae7eb8 b.
1. Supposing that the CPU starts data transmission with the ROM for one time, the data transmission needs to be encrypted, and the random number generator is updated after the transmission is finished, wherein the random number is updated to 0x75cfd 717;
2. if the CPU starts the next data transmission with the ROM, and meanwhile, the DMA starts a Burst (Burst) data transmission (read operation) to the SRAM. When the data transfer of the CPU to the ROM is completed, the data transfer of the DMA to the SRAM is also in progress.
3. The CPU starts a data transmission to the operation Engine, the data transmission of the DMA to the SRAM is continued, and the random number updating request can be sent to all the random number generators through the random number consistency bus because the data transmission has no delay.
4. While the bus is idle, a random number seed may be broadcast to cause all random number generators to generate a new initial random number 0x73f5c5c 9;
5. DMA continues Burst (Burst) data transmission (write operation) to SRAM;
6. the CPU starts data transmission of the operation Engine once, because the calculation of the operation Engine is not finished all the time, and the data transmission of the DMA to the SRAM occurs once, the DMA sends a random number updating request to a random number consistency bus, and simultaneously, the random number in the random number generator per se is updated along with the updating. In the data transmission process, the CPU and the operation Engine receive a random number update request from the random number consistency bus, it is necessary to set the states of the random number generators corresponding to the CPU and the operation Engine to be dirty, it is determined that 4 times of random number updates have occurred during the data transmission of the DMA to the SRAM, after the CPU completes the data transmission with the operation Engine, the random number generators corresponding to the CPU and the operation Engine need to be updated 4 times, and then the states of the random number generators corresponding to the CPU and the operation Engine can be set to be clean.
7. The CPU starts data transmission to the peripheral equipment once, and the data is not encrypted and the random number is not updated because the peripheral equipment is in a safety interval which does not need encryption.
Please refer to fig. 5 for the original data, the random number status and the bus encryption result for each data transmission.
Referring to fig. 6, a block diagram of a bus data protection device according to an embodiment of the present application is shown, where the bus data protection device can be applied to a chip. The bus data protection device may include:
the sending module 610 is configured to send the sensitive data to the bus encryption module through the first module when the first module determines that the sensitive data needs to be sent to the second module according to the read operation or the write operation;
the encryption module 620 is configured to receive the sensitive data through the bus encryption module, acquire a first random number in a first random number generator corresponding to the first module, encrypt the sensitive data according to the first random number, and send the obtained encrypted data to the bus;
a transmission module 630, configured to send the encrypted data to the bus decryption module through the bus;
the decryption module 640 is configured to receive the encrypted data through the bus decryption module, obtain a second random number in a second random number generator corresponding to the second module, decrypt the encrypted data according to the second random number, and send the obtained sensitive data to the second module, where the second random number and the first random number are the same random numbers obtained by updating the same true random number the same number of times;
a receiving module 650, configured to receive the sensitive data through the second module.
In an optional embodiment, the apparatus further comprises an update module configured to:
after each data transmission is finished, the main module sends a random number updating request to the random number consistency bus, and the main module is a module initiating data transmission in the first module and the second module;
the random number consistency bus controls each first random number generator to update the first random number of the first random number generator once, and controls each second random number generator to update the second random number of the second random number generator once;
each first random number generator corresponds to one first module, each second random number generator corresponds to one second module, and the updated first random number is the same as the updated second random number.
In an optional embodiment, the update module is further configured to:
for each first random number generator in the first state, the first random number generator updates the first random number of the first random number generator once; for each first random number generator in the second state, the first random number generator records the number k of times to be updated of the first random number generator, after the first module corresponding to the first random number generator completes data transmission, the first random number of the first random number generator is updated for k times, the state of the first random number generator is set to be the first state, the second state is set when the first module corresponding to the first random number generator is performing data transmission, and other first modules and second modules complete data transmission, and k is a positive integer;
for each second random number generator in the first state, the second random number generator updates the second random number of the second random number generator; for each second random number generator in the second state, the second random number generator records the number n of times to be updated of the second random number generator, after the second module corresponding to the second random number generator completes data transmission, the second random number of the second random number generator is updated for n times, the state of the second random number generator is set to be the first state, the second state is that the second module corresponding to the second random number generator is performing data transmission, and the other first modules and the other second modules complete data transmission, wherein n is a positive integer.
In an optional embodiment, the update module is further configured to:
when the bus is in an idle state, the true random source broadcasts true random numbers to all the first random number generators and all the second random number generators;
each first random number generator generates an initial first random number according to the true random number;
each second random number generator generates an initial second random number according to the true random number;
wherein the initial first random number and the initial second random number are the same.
In an optional embodiment, the encryption module 620 is further configured to obtain an encryption algorithm corresponding to the sensitive data through the bus encryption module, and encrypt the sensitive data according to the first random number and the encryption algorithm;
the decryption module 640 is further configured to obtain a decryption algorithm corresponding to the encrypted data through the bus decryption module, and decrypt the encrypted data according to the second random number and the decryption algorithm, where the decryption algorithm corresponds to the encryption algorithm.
In an optional embodiment, the encryption module 620 is further configured to obtain address information of the slave module through the bus encryption module, and search for an encryption algorithm corresponding to the address information in a first corresponding relationship, where the first corresponding relationship stores mappings between different address information and different encryption algorithms;
the decryption module 640 is further configured to obtain address information of the slave module through the bus decryption module, and search for a decryption algorithm corresponding to the address information in a second correspondence, where mappings between different address information and different decryption algorithms are stored in the second correspondence;
the slave module is a module used for data storage or data operation in the first module and the second module.
In an optional embodiment, the encryption module 620 is further configured to obtain a control signal sent by the bus through the bus encryption module, and search for an encryption algorithm corresponding to the control signal in a third corresponding relationship, where the third corresponding relationship stores mappings between different control signals and different encryption algorithms;
the decryption module 640 is further configured to obtain the control signal sent by the bus through the bus decryption module, and search for a decryption algorithm corresponding to the control signal in a fourth corresponding relationship, where mapping between different control signals and different decryption algorithms is stored in the fourth corresponding relationship.
To sum up, in the bus data protection device provided in this embodiment, when the first module determines that sensitive data needs to be sent to the second module according to a read operation or a write operation, the first module sends the sensitive data to the bus encryption module, the bus encryption module receives the sensitive data, obtains a first random number in a first random number generator corresponding to the first module, encrypts the sensitive data according to the first random number, sends the obtained encrypted data to the bus, the bus sends the encrypted data to a bus decryption module, and finally, the bus decryption module receives the encrypted data, obtains a second random number in a second random number generator corresponding to the second module, because the second random number and the first random number are the same random number obtained by updating the same true random number the same number of times, the bus decryption module can decrypt the encrypted data according to the second random number, and sending the obtained sensitive data to the second module so as to complete data transmission. In this embodiment, only the encrypted data needs to be transmitted in the bus, and the first random number does not need to be transmitted, so that even if a hacker can monitor the encrypted data, the hacker cannot decrypt the encrypted data because the hacker cannot acquire the second random number, thereby improving the security of data transmission. In addition, the elimination of the first random number on the bus also reduces the overhead of bus bit width.
Because the first random number generator and the second random number generator have the same structure, the random seeds received by the first random number generator and the second random number generator are the same, and the first random number generator and the second random number generator synchronously update according to the random seeds, the first random number obtained after each self-operation updating of the first random number generator is the same as the second random number obtained after each self-operation updating of the second random number generator, so that the sensitive data can be ensured to be correctly encrypted and decrypted. In addition, after each data transmission is completed, the first random numbers in all the first random number generators and the second random numbers in all the second random number generators need to be updated, and all the first random numbers and the second random numbers are kept the same. That is, the first random number and the second random number used in different data transmissions are different, and the first random number and the second random number used in the same data transmission are the same.
The random number generator adopts a mixed random number generation mode of a true random source providing a true random entropy source and a pseudo random generation unit, the true random source broadcasts and sends a true random number to the pseudo random number generator as a random seed, and the random number generator receives the true random source seed and adds the true random source seed into the pseudo random number generation unit to generate a new random number. After each data transmission, the random number generator updates the pseudo-random generating unit once. Because the input and the update of the random number generators corresponding to the master module and the slave module are consistent, the numerical value of the random number can ensure the consistency, thereby ensuring the unpredictability of the random number and improving the safety of data transmission.
Because only one first module can be allowed to send sensitive data to one second module at the same time, or a plurality of first modules can be allowed to send sensitive data to a plurality of second modules at the same time, the transmission mode of the sensitive data is expanded, and the structure of the chip is expanded.
When a plurality of first modules are allowed to send sensitive data to a plurality of second modules at the same time, the random numbers can still be updated by adopting the updating mode of the random numbers, so that the random numbers adopted by each data encryption and decryption are different, and the safety of data transmission is ensured; and the first random number and the second random number adopted by the same data encryption and decryption are the same, thereby ensuring that the data can be correctly encrypted and decrypted.
One embodiment of the present application provides a computer-readable storage medium having stored therein at least one instruction, at least one program, set of codes, or set of instructions that is loaded and executed by a processor to implement a method of bus data protection as described above.
One embodiment of the present application provides a chip, which includes a processor and a memory, where the memory stores at least one instruction, and the instruction is loaded and executed by the processor to implement the bus data protection method as described above.
It should be noted that: in the above-mentioned embodiment, when the bus data is protected, only the division of the above-mentioned functional modules is taken as an example, and in practical applications, the above-mentioned function distribution can be completed by different functional modules according to needs, that is, the internal structure of the bus data protection device is divided into different functional modules, so as to complete all or part of the above-mentioned functions. In addition, the bus data protection device provided in the above embodiments and the bus data protection method embodiment belong to the same concept, and specific implementation processes thereof are described in the method embodiment and are not described herein again.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description should not be taken as limiting the embodiments of the present application, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the embodiments of the present application should be included in the scope of the embodiments of the present application.

Claims (10)

1. A method for protecting bus data, the method comprising:
when a first module determines that sensitive data needs to be sent to a second module according to read operation or write operation, the first module sends the sensitive data to a bus encryption module;
the bus encryption module receives the sensitive data, acquires a first random number in a first random number generator corresponding to the first module, encrypts the sensitive data according to the first random number, and sends the acquired encrypted data to a bus;
the bus sends the encrypted data to a bus decryption module;
the bus decryption module receives the encrypted data, acquires a second random number in a second random number generator corresponding to the second module, decrypts the encrypted data according to the second random number, and sends the acquired sensitive data to the second module, wherein the second random number and the first random number are the same random numbers acquired by updating the same true random number for the same times;
the second module receives the sensitive data.
2. The method of claim 1, further comprising:
after each data transmission is finished, a main module sends a random number updating request to a random number consistency bus, wherein the main module is a module initiating data transmission in the first module and the second module;
the random number consistency bus controls each first random number generator to update the first random number of the first random number generator once, and controls each second random number generator to update the second random number of the second random number generator once;
each first random number generator corresponds to one first module, each second random number generator corresponds to one second module, and the updated first random number is the same as the updated second random number.
3. The method of claim 2,
the controlling each first random number generator to update the respective first random number once comprises: for each first random number generator in the first state, the first random number generator updates the first random number of the first random number generator once; for each first random number generator in a second state, the first random number generator records the number k of times to be updated of the first random number generator, after a first module corresponding to the first random number generator completes data transmission, the first random number of the first random number generator updates the first random number of the first random number generator for k times, and the state of the first random number generator is set to be the first state, the second state is set when the first module corresponding to the first random number generator is performing data transmission, and other first modules and second modules complete data transmission, and k is a positive integer;
the controlling each second random number generator to update the respective second random number once includes: for each second random number generator in the first state, the second random number generator updates the second random number of the second random number generator once; for each second random number generator in the second state, the second random number generator records the number n of times to be updated of the second random number generator, after the second module corresponding to the second random number generator completes data transmission, the second random number of the second random number generator is updated for n times, the state of the second random number generator is set to be the first state, the second state is set when the second module corresponding to the second random number generator is performing data transmission, and other first modules and second modules complete data transmission, and n is a positive integer.
4. The method of claim 1, further comprising:
when the bus is in an idle state, the true random source broadcasts true random numbers to all the first random number generators and all the second random number generators;
each first random number generator generates an initial first random number according to the true random number;
each second random number generator generates an initial second random number according to the true random number;
wherein the initial first random number and the initial second random number are the same.
5. The method according to any one of claims 1 to 4,
the encrypting the sensitive data according to the first random number includes: the bus encryption module acquires an encryption algorithm corresponding to the sensitive data and encrypts the sensitive data according to the first random number and the encryption algorithm;
the decrypting the encrypted data according to the second random number includes: and the bus decryption module acquires a decryption algorithm corresponding to the encrypted data, and decrypts the encrypted data according to the second random number and the decryption algorithm, wherein the decryption algorithm corresponds to the encryption algorithm.
6. The method of claim 5,
the bus encryption module acquires an encryption algorithm corresponding to the sensitive data, and the encryption algorithm comprises the following steps: the bus encryption module acquires address information of a slave module, and searches an encryption algorithm corresponding to the address information in a first corresponding relation, wherein mapping between different address information and different encryption algorithms is stored in the first corresponding relation;
the bus decryption module obtains a decryption algorithm corresponding to the encrypted data, and the decryption algorithm comprises the following steps: the bus decryption module acquires address information of the slave module, and searches a decryption algorithm corresponding to the address information in a second corresponding relation, wherein the second corresponding relation stores mapping between different address information and different decryption algorithms;
the slave module is a module used for data storage or data operation in the first module and the second module.
7. The method of claim 5,
the bus encryption module acquires an encryption algorithm corresponding to the sensitive data, and the encryption algorithm comprises the following steps: the bus encryption module acquires a control signal sent by a bus, and searches an encryption algorithm corresponding to the control signal in a third corresponding relation, wherein the third corresponding relation stores mapping between different control signals and different encryption algorithms;
the bus decryption module obtains a decryption algorithm corresponding to the encrypted data, and the decryption algorithm comprises the following steps: the bus decryption module obtains the control signal sent by the bus, and searches for a decryption algorithm corresponding to the control signal in a fourth corresponding relation, wherein the fourth corresponding relation stores mapping between different control signals and different decryption algorithms.
8. An apparatus for protecting bus data, the apparatus comprising:
the bus encryption module is used for encrypting the data to be sent to the first module according to the read operation or the write operation;
the encryption module is used for receiving the sensitive data through the bus encryption module, acquiring a first random number in a first random number generator corresponding to the first module, encrypting the sensitive data according to the first random number, and sending the acquired encrypted data to a bus;
the transmission module is used for sending the encrypted data to the bus decryption module through the bus;
the decryption module is used for receiving the encrypted data through the bus decryption module, acquiring a second random number in a second random number generator corresponding to the second module, decrypting the encrypted data according to the second random number, and sending the acquired sensitive data to the second module, wherein the second random number and the first random number are the same random numbers acquired by updating the same true random number for the same number of times;
a receiving module for receiving the sensitive data through the second module.
9. A computer readable storage medium having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by a processor to implement a method of protecting bus data as claimed in any one of claims 1 to 7.
10. A chip comprising a processor and a memory, said memory having stored therein at least one instruction that is loaded and executed by said processor to implement a method of protecting bus data as claimed in any one of claims 1 to 7.
CN202010928069.6A 2020-09-07 2020-09-07 Bus data protection method and device, storage medium and chip Active CN111814212B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010928069.6A CN111814212B (en) 2020-09-07 2020-09-07 Bus data protection method and device, storage medium and chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010928069.6A CN111814212B (en) 2020-09-07 2020-09-07 Bus data protection method and device, storage medium and chip

Publications (2)

Publication Number Publication Date
CN111814212A true CN111814212A (en) 2020-10-23
CN111814212B CN111814212B (en) 2020-12-18

Family

ID=72860023

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010928069.6A Active CN111814212B (en) 2020-09-07 2020-09-07 Bus data protection method and device, storage medium and chip

Country Status (1)

Country Link
CN (1) CN111814212B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113076568A (en) * 2021-04-27 2021-07-06 广东电网有限责任公司电力调度控制中心 Bus protection device, method, chip and storage medium
CN113127901A (en) * 2021-04-21 2021-07-16 中国人民解放军战略支援部队信息工程大学 Data encryption transmission processing method, device and chip

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102081713A (en) * 2011-01-18 2011-06-01 苏州国芯科技有限公司 Office system for preventing data from being divulged
US20140129452A1 (en) * 2009-04-30 2014-05-08 Visa U.S.A., Inc. Product recall platform apparatuses, methods and systems
CN111034115A (en) * 2017-08-25 2020-04-17 7隧道公司 Encryption system and method for expanding apparent size of pool of true random numbers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140129452A1 (en) * 2009-04-30 2014-05-08 Visa U.S.A., Inc. Product recall platform apparatuses, methods and systems
CN102081713A (en) * 2011-01-18 2011-06-01 苏州国芯科技有限公司 Office system for preventing data from being divulged
CN111034115A (en) * 2017-08-25 2020-04-17 7隧道公司 Encryption system and method for expanding apparent size of pool of true random numbers

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113127901A (en) * 2021-04-21 2021-07-16 中国人民解放军战略支援部队信息工程大学 Data encryption transmission processing method, device and chip
CN113127901B (en) * 2021-04-21 2023-05-16 中国人民解放军战略支援部队信息工程大学 Processing method, device and chip for data encryption transmission
CN113076568A (en) * 2021-04-27 2021-07-06 广东电网有限责任公司电力调度控制中心 Bus protection device, method, chip and storage medium
CN113076568B (en) * 2021-04-27 2022-12-23 广东电网有限责任公司电力调度控制中心 Bus protection device, method, chip and storage medium

Also Published As

Publication number Publication date
CN111814212B (en) 2020-12-18

Similar Documents

Publication Publication Date Title
CN110337649B (en) Method and system for dynamic symmetric searchable encryption with imperceptible search patterns
US10659216B2 (en) Data processing method and apparatus
JP2021505995A (en) Storage devices and methods for address scrambling
US6831979B2 (en) Cryptographic accelerator
US9904804B2 (en) Layout-optimized random mask distribution system and method
CN111814212B (en) Bus data protection method and device, storage medium and chip
US10943020B2 (en) Data communication system with hierarchical bus encryption system
JP2003521053A (en) Microprocessor system including encryption
JP2006277411A (en) Processor, memory, computer system and data transfer method
CN112329038B (en) Data encryption control system and chip based on USB interface
JP2015513743A (en) Using the storage controller bus interface to protect data transmission between the storage device and the host
CN112134703B (en) Electronic device using improved key entropy bus protection
US11886717B2 (en) Interface for revision-limited memory
US20180276160A1 (en) SYSTEM ON CHIP (SoC), MOBILE ELECTRONIC DEVICE INCLUDING THE SAME, AND METHOD OF OPERATING THE SoC
US7673151B2 (en) Processor for encrypting and/or decrypting data and method of encrypting and/or decrypting data using such a processor
CN113810169A (en) Homomorphic encryption device and ciphertext arithmetic method thereof
CN106921490B (en) True random number generator and label chip
US9734065B2 (en) Method of managing consistency of caches
CN110611568A (en) Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms
JP2019121955A (en) Semiconductor device and generating method of encryption key
JP2023542936A (en) Metadata tweak for channel encryption differentiation
CN111566987B (en) Data processing method, circuit, terminal device and storage medium
CN114327255A (en) Memory interface controller and memory
US20220283970A1 (en) Data processing device and method for transmitting data over a bus
JP2007281994A (en) Semiconductor integrated circuit

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant