CN112286463A - Data processing method, device, equipment and storage medium - Google Patents
Data processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112286463A CN112286463A CN202011193492.2A CN202011193492A CN112286463A CN 112286463 A CN112286463 A CN 112286463A CN 202011193492 A CN202011193492 A CN 202011193492A CN 112286463 A CN112286463 A CN 112286463A
- Authority
- CN
- China
- Prior art keywords
- information
- character value
- output result
- ciphertext
- unclonable function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 61
- 238000003672 processing method Methods 0.000 title claims abstract description 19
- 230000006870 function Effects 0.000 claims description 60
- 238000000034 method Methods 0.000 claims description 30
- 230000006378 damage Effects 0.000 claims description 10
- 238000010586 diagram Methods 0.000 description 8
- 239000004065 semiconductor Substances 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 230000010355 oscillation Effects 0.000 description 2
- 238000004883 computer application Methods 0.000 description 1
- 230000005284 excitation Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012916 structural analysis Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0623—Securing storage systems in relation to content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a data processing method, a data processing device, a data processing apparatus and a storage medium, wherein an original character value input by a user is acquired under the condition of receiving an information storage instruction, the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information. And taking the original character value as the input of the physical unclonable function to obtain the output result of the physical unclonable function. And taking the output result as an encryption key, encrypting the information by using an encryption algorithm to obtain a ciphertext, and storing the original character value and the ciphertext into the information writing address. Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm, the information is stored in the disk in a ciphertext mode, and the safety of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced.
Description
Technical Field
The present application relates to the field of information security, and in particular, to a data processing method, apparatus, device, and storage medium.
Background
As computer applications become more and more popular, the use of computers to store information has become a routine means, and for this reason, the security of the storage of information has thus become a non-negligible part of the information society. In addition, under a specific condition (for example, an operating system of the computer can be cracked by a third party), information needs to be destroyed quickly to prevent information leakage.
Computers are currently used to store information, usually by writing the information directly to disk. However, if the disk is stolen by a third party, the information on the disk is still stolen. In addition, in order to prevent information leakage, a computer system generally uses data overwriting to destroy information on a disk, which consumes too long time and has a low rate, and thus, it is difficult to meet the application requirement of information real-time destruction.
Disclosure of Invention
The applicant found that: in the prior art, a computer system directly writes information into a disk, namely the information is stored in the disk in a plaintext mode, so that the risk of stealing the information exists. The principle of data overwriting is as follows: and replacing the original information on the disk by using the invalid information, and repeatedly writing the invalid information in the replacement process for many times, thereby realizing the coverage of the original information. The information amount of the original information is huge, and a large amount of time is consumed in the data overwriting process, so that the information destroying rate is greatly reduced.
The application provides a data processing method, a data processing device, data processing equipment and a storage medium, and aims to improve the safety of information storage.
In order to achieve the above object, the present application provides the following technical solutions:
a method of data processing, comprising:
under the condition of receiving an information storage instruction, acquiring an original character value input by a user; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
taking the output result as an encryption key, and encrypting the information by using a preset encryption algorithm to obtain a ciphertext;
and storing the original character value and the ciphertext into the information writing address.
Optionally, the method further includes:
and under the condition of receiving an information destruction instruction, generating an invalid character value, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
Optionally, the method further includes:
under the condition of triggering the ciphertext decryption, judging whether the system environment is changed or not based on the output result;
under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext;
and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
Optionally, the determining whether the system environment is changed based on the output result includes:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
A data processing apparatus comprising:
the device comprises an acquisition unit, a storage unit and a display unit, wherein the acquisition unit is used for acquiring an original character value input by a user under the condition of receiving an information storage instruction; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
the output unit is used for taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
the encryption unit is used for encrypting the information by using a preset encryption algorithm by taking the output result as an encryption key to obtain a ciphertext;
and the storage unit is used for storing the original character value and the ciphertext into the information writing address.
Optionally, the method further includes:
and the destroying unit is used for generating an invalid character value under the condition of receiving the information destroying instruction, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
Optionally, the method further includes:
the decryption unit is used for judging whether the system environment is changed or not based on the output result under the condition of triggering the decryption of the ciphertext; under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext; and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
Optionally, the decryption unit is specifically configured to:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
A computer-readable storage medium including a stored program, wherein the program executes the data processing method.
A data processing apparatus comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus;
the memory is used for storing programs, and the processor is used for running programs, wherein the programs execute the data processing method during running.
According to the technical scheme, the original character value input by the user is obtained under the condition that the information storage instruction is received, the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information. And taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function. And taking the output result as an encryption key, encrypting the information by using a preset encryption algorithm to obtain a ciphertext, and storing the original character value and the ciphertext into the information writing address. Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm, the information is stored in the disk in a ciphertext mode, and the safety of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result of the physical unclonable function is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced. In addition, only the original character value needs to be destroyed, the secret key cannot be obtained, and the ciphertext cannot be decrypted to obtain the information plaintext, so that the purpose of information destruction is achieved. Because the information quantity of the original character value is less, the data overwriting is carried out on the physical address where the original character value is located, the consumed time is far shorter than that of the prior art, the information destroying speed is obviously increased, and therefore the application requirement of information real-time destroying is met.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1a is a schematic diagram of a data processing method according to an embodiment of the present application;
FIG. 1b is a diagram illustrating the structure of a physically unclonable function according to an embodiment of the present disclosure;
FIG. 1c is a schematic diagram of an input-output relationship of a physical unclonable function provided in an embodiment of the present application;
fig. 2 is a schematic diagram of another data processing method provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1a, a schematic diagram of a data processing method provided in an embodiment of the present application includes the following steps:
s101: and acquiring an original character value input by a user under the condition of receiving the information storage instruction.
The information storage instruction comprises information and an information writing address, and the original character value is any combination of characters, such as 2bh33, sd-98 and the like. The information write address is a physical address previously specified on a storage medium (for example, a medium such as a magnetic disk, a hard disk, or a flexible disk), and the information write address is used for storing information.
S102: and taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function.
And the original character value is used as the input of the physical unclonable function for the first time, and the obtained output result is the first character value.
A so-called Physically Unclonable Function (PUF), which is a kind of "digital fingerprint", can be used as a unique identifier for a semiconductor device (e.g., a microprocessor). PUFs are based on physical changes that occur naturally in semiconductor devices during wafer fabrication and make it possible to distinguish between other identical semiconductors. The circuit output results in a unique output value that can remain constant over different time, temperature and operating voltage conditions, and any attempt to detect or observe PUF operation will change the underlying circuit characteristics, which can guard against the intrusive physical attack of detecting the unique value used by the chip cryptographic function. Since the physical unclonable function is a physical entity embodied in a physical structure, the PUF is suitable for use in the field of cryptography. At present, PUFs are usually implemented by integrated circuits, and are usually used in applications with high security requirements, specifically, a unique value output by a PUF and not directly readable may be used as a key, and an asymmetric cryptographic hardware engine, a random number generator, and a unique ID (i.e., an identity of a chip) in a chip ROM may be used to form a strict security encryption apparatus.
In practical applications, the physical structure of the PUF includes an arbiter and a ring oscillator, and in this embodiment, the ring oscillator may be adopted as the physical structure of the PUF. Specifically, as shown in fig. 1b, a PUF based on a ring oscillator may be regarded as a combination of a plurality of ring oscillation circuits, each ring oscillation circuit is composed of an odd number of inverters, and may generate clock signals with alternating high and low levels. And taking the original character value as an excitation signal of the PUF based on the ring oscillator to obtain an output result output by the PUF, wherein the output result has uniqueness, stability, confidentiality and randomness.
In particular, the input-output relationship of a PUF based on a ring oscillator can be seen in fig. 1 c. In addition, in the PUF configuration shown in fig. 1c, the selector, the counter, the comparator, and the RO array are all well known to those skilled in the art, and will not be described herein.
It is emphasized that the application does not limit the physical implementation of the PUF used, but only guarantees that the basic functional properties of the PUF are provided.
It should be noted that the character length of the output result and the character length of the original character value may be kept consistent, and may be set by a technician according to the actual situation. Taking the output result as the key of the SM4 algorithm (a conventional encryption algorithm) as an example, the length of the key set by the SM4 algorithm is 128 bits, and correspondingly, the character length of the output result and the character length of the original character value should be 128 bits, and specifically, the structure value of the PUF based on the ring oscillator can be set to be 128.
S103: and using the first character value as an encryption key, and encrypting the information by using an SM4 algorithm to obtain a ciphertext.
The specific implementation process of encrypting information by using the SM4 algorithm is common knowledge familiar to those skilled in the art, and will not be described herein again. In addition, other encryption algorithms can be used to encrypt and decrypt information, such as the SM1 algorithm, the SM2 algorithm, and the like.
S104: and storing the original character value and the ciphertext into the information writing address.
Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm and stored in the disk in the form of the ciphertext, and the safety of information storage is obviously improved. In addition, the first character value output based on the physical unclonable function not only can provide a more secure and convenient key for information encryption, but also can avoid the weak point that the key must be subjected to plaintext storage in the traditional encryption scheme, and the first character value is used as an encryption key, is obtained by processing the original character value in real time by using the physical unclonable function, and is not stored in a disk in a plaintext or ciphertext manner, so that common attack methods (such as physical analysis, electrical analysis and structural analysis) aiming at the stored key are not effective any more, so that the key cannot be stolen by a third party, the security of the key is improved, and the security of information storage is further enhanced.
S105: and under the condition of receiving the information destruction instruction, generating an invalid character value, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
The generation process of the invalid character value is common knowledge familiar to those skilled in the art, and will not be described herein. Compared with the prior art, the original character value is the combination of all the characters, the information amount is less, only the original character value needs to be destroyed, the secret key cannot be obtained, the ciphertext cannot be decrypted to obtain the information plaintext, and therefore the purpose of information destruction is achieved. Therefore, in the embodiment, data overwriting is performed on the physical address where the original character value is located (that is, the original character value is destroyed), the time consumed by the data overwriting is far shorter than that in the prior art (data overwriting is performed on the physical address where the information is located in the prior art), and the rate of information destruction is significantly increased, so that the application requirement of information real-time destruction is met.
S106: and under the condition of receiving the information reading instruction, acquiring the ciphertext and the original character value from the information writing address.
The information reading instruction comprises an information writing address.
S107: and under the condition of triggering ciphertext decryption, taking the original character value as the input of the physical unclonable function to obtain the output result of the physical unclonable function.
And taking the original character value as the input of the physical unclonable function for the second time, wherein the obtained output result is the second character value.
It should be noted that, the ciphertext decryption process usually occurs after the information encryption process, and for this reason, in this embodiment, the original character value is taken as the input of the physical unclonable function at the nth time, the obtained output result is all regarded as the second character value, and n is a positive integer greater than 1. In other words, the encryption key used in the information encryption process is the first character value, and the decryption key used in the ciphertext decryption process is the second character value. Therefore, the first character value and the second character value are only used for distinguishing the output results obtained by using the original character value as the input of the physical unclonable function under different time sequences (namely the encryption/decryption time sequences of the information).
S108: and judging whether the second character value is the same as the first character value.
If the second character value is the same as the first character value, S109 is executed, otherwise S110 is executed.
S109: and the second character value is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
Wherein the second character value is the same as the first character value, and based on the physical unclonable characteristic of the PUF, it can be determined that the system environment has not changed. That is, the information storing process mentioned at S101 to S104 and the information reading process mentioned at S106 to S109 are performed in the same system environment. If the third party cannot crack or steal the system environment, the ciphertext cannot be decrypted to steal the information plaintext, so that the safety of information storage is enhanced.
S110: and generating an error information plaintext, and displaying the error information plaintext.
Wherein the second character value is different from the first character value, and the change of the system environment can be determined based on the physical unclonable characteristic of the PUF. That is, the information storage process mentioned in S101-S104 and the information reading process mentioned in S106-S110 are not performed in the same system environment, and thus it can be determined that there is a security risk of leakage of information (for example, a third party cracks information on a disk using another computer system). Therefore, the wrong information plaintext is generated, so that a third party can obtain the wrong information plaintext in an imperceptible manner (namely the third party does not know that the information plaintext obtained by cracking by using other computer systems is 'fake goods'), information leakage is avoided, and the safety of information storage is further enhanced.
It should be emphasized that the output result obtained by inputting the original character value to the physical unclonable function and the data overwriting (i.e. destroying the original character value) on the physical address where the original character value is located are both to avoid the key being stolen and to increase the difficulty of ciphertext cracking, thereby improving the security of information storage.
In summary, compared with the prior art, in which information is directly stored in a disk in a plaintext manner, the information is encrypted by using the encryption algorithm and stored in the disk in a ciphertext manner, so that the security of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result of the physical unclonable function is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced. In addition, only the original character value needs to be destroyed, the secret key cannot be obtained, and the ciphertext cannot be decrypted to obtain the information plaintext, so that the purpose of information destruction is achieved. Because the information quantity of the original character value is less, the data overwriting is carried out on the physical address where the original character value is located in the embodiment, the consumed time is far shorter than that of the prior art, the information destroying rate is obviously increased, and therefore the application requirement of information real-time destroying is met.
It should be noted that, in the foregoing embodiment, a specific implementation process of obtaining the ciphertext and the original character value from the information write address when the information read instruction is received is an optional implementation manner of the data processing method in the present application. And, the first character value and the second character value are also a concrete expression of the output result of the physical unclonable function. In addition, under the condition that the second character value is different from the first character value, generating an error information plaintext, and displaying the error information plaintext, which is also an optional implementation manner of the data processing method. For this reason, the flow described in the above embodiment may be summarized as the method described in fig. 2.
As shown in fig. 2, a schematic diagram of another data processing method provided in the embodiment of the present application includes the following steps:
s201: and acquiring an original character value input by a user under the condition of receiving the information storage instruction.
The information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information.
S202: and taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function.
Optionally, when the original character value is input as the physical unclonable function for the first time, the obtained output result is the first character value; and (3) when the original character value is input as the physical unclonable function at the nth time, the obtained output result is the second character value, and n is a positive integer greater than 1.
S203: and taking the output result as an encryption key, and encrypting the information by using a preset encryption algorithm to obtain a ciphertext.
The preset encryption algorithm includes, but is not limited to, the SM4 algorithm, and the process of information encryption is common knowledge familiar to those skilled in the art, and will not be described herein again.
S204: and storing the original character value and the ciphertext into the information writing address.
In summary, in the case of receiving an information storage instruction, the original character value input by the user is obtained, where the information storage instruction includes information and an information write address, and the information write address is used for storing the information. And taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function. And taking the output result as an encryption key, encrypting the information by using a preset encryption algorithm to obtain a ciphertext, and storing the original character value and the ciphertext into the information writing address. Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm, the information is stored in the disk in a ciphertext mode, and the safety of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result of the physical unclonable function is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced.
Corresponding to the data processing method provided by the embodiment of the application, the embodiment of the application also provides a data processing device.
As shown in fig. 3, a schematic structural diagram of a data processing apparatus provided in an embodiment of the present application includes:
an obtaining unit 100, configured to obtain an original character value input by a user in a case where an information storage instruction is received. The information storage instruction includes information and an information write address, and the information write address is used for storing the information.
And the output unit 200 is configured to use the original character value as an input of a preset physical unclonable function to obtain an output result of the physical unclonable function.
And the encryption unit 300 is configured to encrypt the information by using a preset encryption algorithm to obtain a ciphertext by using the output result as an encryption key.
And the storage unit 400 is used for storing the original character value and the ciphertext into the information writing address.
The destroying unit 500 is configured to generate an invalid character value when the information destroying instruction is received, and overwrite data on a physical address where the original character value is located by using the invalid character value.
And a decryption unit 600, configured to, in a case where decryption of the ciphertext is triggered, determine whether a system environment changes based on an output result, generate an erroneous information plaintext and display the erroneous information plaintext in a case where the system environment is determined to change, and decrypt the ciphertext by using the output result as a decryption key in a case where the system environment is determined not to change, to obtain the information plaintext and display the information plaintext.
The specific process of determining whether the system environment is changed by the decryption unit 600 based on the output result includes: and comparing the first character value with the second character value, wherein the first character value is an output result obtained when the original character value is input as the physical unclonable function for the first time. The second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer larger than 1. And determining that the system environment is not changed if the comparison result indicates that the first character value and the second character value are the same, and determining that the system environment is changed if the comparison result indicates that the first character value and the second character value are not the same.
In summary, in the case of receiving an information storage instruction, the original character value input by the user is obtained, where the information storage instruction includes information and an information write address, and the information write address is used for storing the information. And taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function. And taking the output result as an encryption key, encrypting the information by using a preset encryption algorithm to obtain a ciphertext, and storing the original character value and the ciphertext into the information writing address. Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm, the information is stored in the disk in a ciphertext mode, and the safety of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result of the physical unclonable function is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced.
The present application also provides a computer-readable storage medium including a stored program, wherein the program executes the data processing method provided in the present application.
The present application also provides a data processing apparatus, including: a processor, a memory, and a bus. The processor is connected with the memory through a bus, the memory is used for storing programs, and the processor is used for running the programs, wherein when the programs are run, the data processing method provided by the application is executed, and the method comprises the following steps:
under the condition of receiving an information storage instruction, acquiring an original character value input by a user; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
taking the output result as an encryption key, and encrypting the information by using a preset encryption algorithm to obtain a ciphertext;
and storing the original character value and the ciphertext into the information writing address.
Optionally, the method further includes:
and under the condition of receiving an information destruction instruction, generating an invalid character value, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
Optionally, the method further includes:
under the condition of triggering the ciphertext decryption, judging whether the system environment is changed or not based on the output result;
under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext;
and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
Optionally, the determining whether the system environment is changed based on the output result includes:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
The functions described in the method of the embodiment of the present application, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A data processing method, comprising:
under the condition of receiving an information storage instruction, acquiring an original character value input by a user; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
taking the output result as an encryption key, and encrypting the information by using a preset encryption algorithm to obtain a ciphertext;
and storing the original character value and the ciphertext into the information writing address.
2. The method of claim 1, further comprising:
and under the condition of receiving an information destruction instruction, generating an invalid character value, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
3. The method of claim 1, further comprising:
under the condition of triggering the ciphertext decryption, judging whether the system environment is changed or not based on the output result;
under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext;
and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
4. The method of claim 3, wherein determining whether a system environment has changed based on the output comprises:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
5. A data processing apparatus, comprising:
the device comprises an acquisition unit, a storage unit and a display unit, wherein the acquisition unit is used for acquiring an original character value input by a user under the condition of receiving an information storage instruction; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
the output unit is used for taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
the encryption unit is used for encrypting the information by using a preset encryption algorithm by taking the output result as an encryption key to obtain a ciphertext;
and the storage unit is used for storing the original character value and the ciphertext into the information writing address.
6. The apparatus of claim 5, further comprising:
and the destroying unit is used for generating an invalid character value under the condition of receiving the information destroying instruction, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
7. The apparatus of claim 5, further comprising:
the decryption unit is used for judging whether the system environment is changed or not based on the output result under the condition of triggering the decryption of the ciphertext; under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext; and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
8. The apparatus according to claim 7, wherein the decryption unit is specifically configured to:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium includes a stored program, wherein the program executes the data processing method of any one of claims 1 to 4.
10. A data processing apparatus, characterized by comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus;
the memory is used for storing a program and the processor is used for executing the program, wherein the program executes the data processing method of any one of claims 1 to 4 when running.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011193492.2A CN112286463A (en) | 2020-10-30 | 2020-10-30 | Data processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011193492.2A CN112286463A (en) | 2020-10-30 | 2020-10-30 | Data processing method, device, equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112286463A true CN112286463A (en) | 2021-01-29 |
Family
ID=74353718
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011193492.2A Pending CN112286463A (en) | 2020-10-30 | 2020-10-30 | Data processing method, device, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112286463A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113434876A (en) * | 2021-06-22 | 2021-09-24 | 海光信息技术股份有限公司 | Data encryption method and device, memory controller, chip and electronic equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101847296A (en) * | 2009-03-25 | 2010-09-29 | 索尼公司 | Integrated circuit, encrypt communication apparatus, system and method and information processing method |
CN103678977A (en) * | 2012-09-13 | 2014-03-26 | 联发科技股份有限公司 | Method and electronic device for protecting information security |
CN105324777A (en) * | 2013-07-04 | 2016-02-10 | 凸版印刷株式会社 | Device and authentication system |
CN106845261A (en) * | 2017-04-18 | 2017-06-13 | 广东浪潮大数据研究有限公司 | A kind of method and device of destruction SSD hard disc datas |
CN109522758A (en) * | 2018-11-21 | 2019-03-26 | 苏州矗联电子技术有限公司 | Hard disk data management method and hard disk |
CN110008761A (en) * | 2018-01-04 | 2019-07-12 | 李佳 | A kind of privacy information camouflage method |
CN111183611A (en) * | 2017-07-18 | 2020-05-19 | 平方股份有限公司 | Device with physical unclonable function |
-
2020
- 2020-10-30 CN CN202011193492.2A patent/CN112286463A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101847296A (en) * | 2009-03-25 | 2010-09-29 | 索尼公司 | Integrated circuit, encrypt communication apparatus, system and method and information processing method |
CN103678977A (en) * | 2012-09-13 | 2014-03-26 | 联发科技股份有限公司 | Method and electronic device for protecting information security |
CN105324777A (en) * | 2013-07-04 | 2016-02-10 | 凸版印刷株式会社 | Device and authentication system |
CN106845261A (en) * | 2017-04-18 | 2017-06-13 | 广东浪潮大数据研究有限公司 | A kind of method and device of destruction SSD hard disc datas |
CN111183611A (en) * | 2017-07-18 | 2020-05-19 | 平方股份有限公司 | Device with physical unclonable function |
CN110008761A (en) * | 2018-01-04 | 2019-07-12 | 李佳 | A kind of privacy information camouflage method |
CN109522758A (en) * | 2018-11-21 | 2019-03-26 | 苏州矗联电子技术有限公司 | Hard disk data management method and hard disk |
Non-Patent Citations (1)
Title |
---|
胡伟等: "硬件安全威胁与防范", 31 August 2019, 西安电子科技大学出版社, pages: 94 - 98 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113434876A (en) * | 2021-06-22 | 2021-09-24 | 海光信息技术股份有限公司 | Data encryption method and device, memory controller, chip and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9875378B2 (en) | Physically unclonable function assisted memory encryption device techniques | |
Turan et al. | Recommendation for password-based key derivation | |
KR101324825B1 (en) | Message authentication code pre-computation with applications to secure memory | |
US7082539B1 (en) | Information processing apparatus | |
US9571289B2 (en) | Methods and systems for glitch-resistant cryptographic signing | |
CN110710155A (en) | Progressive key encryption algorithm | |
JP2001514834A (en) | Secure deterministic cryptographic key generation system and method | |
KR20040053101A (en) | Device and method with reduced information leakage | |
CN102904712A (en) | Information encrypting method | |
JP6533553B2 (en) | Encryption / decryption device and power analysis protection method therefor | |
JP2013131868A (en) | Temperature sensor, encryption device, encryption method, and individual information generation device | |
BR112013012216B1 (en) | protection against passive eavesdropping | |
Vybornova | Password-based key derivation function as one of Blum-Blum-Shub pseudo-random generator applications | |
Turan et al. | Sp 800-132. recommendation for password-based key derivation: Part 1: Storage applications | |
CN114513302A (en) | Data encryption and decryption method and equipment | |
CN112286463A (en) | Data processing method, device, equipment and storage medium | |
JP4386766B2 (en) | Error detection in data processing equipment. | |
CN112989388A (en) | Security verification method and device under cloud architecture and electronic equipment | |
CN116248258A (en) | Password detection method, device, equipment and storage medium | |
Amael et al. | Securing Ventilators: Integrating Hardware Security Modules with SoftHSM and Cryptographic Algorithms | |
Jose et al. | A memory architecture using linear and nonlinear feedback shift registers for data security | |
Koopahi et al. | Secure scan-based design using Blum Blum Shub algorithm | |
TWI608381B (en) | Encryption/decryption apparatus and power analysis protecting method thereof | |
Krishnan et al. | Modified AES with Random S box generation to overcome the side channel assaults using cloud | |
CN113508380A (en) | Method for terminal entity authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |