CN112286463A - Data processing method, device, equipment and storage medium - Google Patents

Data processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN112286463A
CN112286463A CN202011193492.2A CN202011193492A CN112286463A CN 112286463 A CN112286463 A CN 112286463A CN 202011193492 A CN202011193492 A CN 202011193492A CN 112286463 A CN112286463 A CN 112286463A
Authority
CN
China
Prior art keywords
information
character value
output result
ciphertext
unclonable function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011193492.2A
Other languages
Chinese (zh)
Inventor
崔超
林伟斌
赵云
肖勇
蔡梓文
王浩林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China South Power Grid International Co ltd
China Southern Power Grid Co Ltd
Original Assignee
China South Power Grid International Co ltd
China Southern Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China South Power Grid International Co ltd, China Southern Power Grid Co Ltd filed Critical China South Power Grid International Co ltd
Priority to CN202011193492.2A priority Critical patent/CN112286463A/en
Publication of CN112286463A publication Critical patent/CN112286463A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0623Securing storage systems in relation to content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data processing method, a data processing device, a data processing apparatus and a storage medium, wherein an original character value input by a user is acquired under the condition of receiving an information storage instruction, the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information. And taking the original character value as the input of the physical unclonable function to obtain the output result of the physical unclonable function. And taking the output result as an encryption key, encrypting the information by using an encryption algorithm to obtain a ciphertext, and storing the original character value and the ciphertext into the information writing address. Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm, the information is stored in the disk in a ciphertext mode, and the safety of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced.

Description

Data processing method, device, equipment and storage medium
Technical Field
The present application relates to the field of information security, and in particular, to a data processing method, apparatus, device, and storage medium.
Background
As computer applications become more and more popular, the use of computers to store information has become a routine means, and for this reason, the security of the storage of information has thus become a non-negligible part of the information society. In addition, under a specific condition (for example, an operating system of the computer can be cracked by a third party), information needs to be destroyed quickly to prevent information leakage.
Computers are currently used to store information, usually by writing the information directly to disk. However, if the disk is stolen by a third party, the information on the disk is still stolen. In addition, in order to prevent information leakage, a computer system generally uses data overwriting to destroy information on a disk, which consumes too long time and has a low rate, and thus, it is difficult to meet the application requirement of information real-time destruction.
Disclosure of Invention
The applicant found that: in the prior art, a computer system directly writes information into a disk, namely the information is stored in the disk in a plaintext mode, so that the risk of stealing the information exists. The principle of data overwriting is as follows: and replacing the original information on the disk by using the invalid information, and repeatedly writing the invalid information in the replacement process for many times, thereby realizing the coverage of the original information. The information amount of the original information is huge, and a large amount of time is consumed in the data overwriting process, so that the information destroying rate is greatly reduced.
The application provides a data processing method, a data processing device, data processing equipment and a storage medium, and aims to improve the safety of information storage.
In order to achieve the above object, the present application provides the following technical solutions:
a method of data processing, comprising:
under the condition of receiving an information storage instruction, acquiring an original character value input by a user; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
taking the output result as an encryption key, and encrypting the information by using a preset encryption algorithm to obtain a ciphertext;
and storing the original character value and the ciphertext into the information writing address.
Optionally, the method further includes:
and under the condition of receiving an information destruction instruction, generating an invalid character value, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
Optionally, the method further includes:
under the condition of triggering the ciphertext decryption, judging whether the system environment is changed or not based on the output result;
under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext;
and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
Optionally, the determining whether the system environment is changed based on the output result includes:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
A data processing apparatus comprising:
the device comprises an acquisition unit, a storage unit and a display unit, wherein the acquisition unit is used for acquiring an original character value input by a user under the condition of receiving an information storage instruction; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
the output unit is used for taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
the encryption unit is used for encrypting the information by using a preset encryption algorithm by taking the output result as an encryption key to obtain a ciphertext;
and the storage unit is used for storing the original character value and the ciphertext into the information writing address.
Optionally, the method further includes:
and the destroying unit is used for generating an invalid character value under the condition of receiving the information destroying instruction, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
Optionally, the method further includes:
the decryption unit is used for judging whether the system environment is changed or not based on the output result under the condition of triggering the decryption of the ciphertext; under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext; and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
Optionally, the decryption unit is specifically configured to:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
A computer-readable storage medium including a stored program, wherein the program executes the data processing method.
A data processing apparatus comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus;
the memory is used for storing programs, and the processor is used for running programs, wherein the programs execute the data processing method during running.
According to the technical scheme, the original character value input by the user is obtained under the condition that the information storage instruction is received, the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information. And taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function. And taking the output result as an encryption key, encrypting the information by using a preset encryption algorithm to obtain a ciphertext, and storing the original character value and the ciphertext into the information writing address. Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm, the information is stored in the disk in a ciphertext mode, and the safety of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result of the physical unclonable function is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced. In addition, only the original character value needs to be destroyed, the secret key cannot be obtained, and the ciphertext cannot be decrypted to obtain the information plaintext, so that the purpose of information destruction is achieved. Because the information quantity of the original character value is less, the data overwriting is carried out on the physical address where the original character value is located, the consumed time is far shorter than that of the prior art, the information destroying speed is obviously increased, and therefore the application requirement of information real-time destroying is met.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1a is a schematic diagram of a data processing method according to an embodiment of the present application;
FIG. 1b is a diagram illustrating the structure of a physically unclonable function according to an embodiment of the present disclosure;
FIG. 1c is a schematic diagram of an input-output relationship of a physical unclonable function provided in an embodiment of the present application;
fig. 2 is a schematic diagram of another data processing method provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1a, a schematic diagram of a data processing method provided in an embodiment of the present application includes the following steps:
s101: and acquiring an original character value input by a user under the condition of receiving the information storage instruction.
The information storage instruction comprises information and an information writing address, and the original character value is any combination of characters, such as 2bh33, sd-98 and the like. The information write address is a physical address previously specified on a storage medium (for example, a medium such as a magnetic disk, a hard disk, or a flexible disk), and the information write address is used for storing information.
S102: and taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function.
And the original character value is used as the input of the physical unclonable function for the first time, and the obtained output result is the first character value.
A so-called Physically Unclonable Function (PUF), which is a kind of "digital fingerprint", can be used as a unique identifier for a semiconductor device (e.g., a microprocessor). PUFs are based on physical changes that occur naturally in semiconductor devices during wafer fabrication and make it possible to distinguish between other identical semiconductors. The circuit output results in a unique output value that can remain constant over different time, temperature and operating voltage conditions, and any attempt to detect or observe PUF operation will change the underlying circuit characteristics, which can guard against the intrusive physical attack of detecting the unique value used by the chip cryptographic function. Since the physical unclonable function is a physical entity embodied in a physical structure, the PUF is suitable for use in the field of cryptography. At present, PUFs are usually implemented by integrated circuits, and are usually used in applications with high security requirements, specifically, a unique value output by a PUF and not directly readable may be used as a key, and an asymmetric cryptographic hardware engine, a random number generator, and a unique ID (i.e., an identity of a chip) in a chip ROM may be used to form a strict security encryption apparatus.
In practical applications, the physical structure of the PUF includes an arbiter and a ring oscillator, and in this embodiment, the ring oscillator may be adopted as the physical structure of the PUF. Specifically, as shown in fig. 1b, a PUF based on a ring oscillator may be regarded as a combination of a plurality of ring oscillation circuits, each ring oscillation circuit is composed of an odd number of inverters, and may generate clock signals with alternating high and low levels. And taking the original character value as an excitation signal of the PUF based on the ring oscillator to obtain an output result output by the PUF, wherein the output result has uniqueness, stability, confidentiality and randomness.
In particular, the input-output relationship of a PUF based on a ring oscillator can be seen in fig. 1 c. In addition, in the PUF configuration shown in fig. 1c, the selector, the counter, the comparator, and the RO array are all well known to those skilled in the art, and will not be described herein.
It is emphasized that the application does not limit the physical implementation of the PUF used, but only guarantees that the basic functional properties of the PUF are provided.
It should be noted that the character length of the output result and the character length of the original character value may be kept consistent, and may be set by a technician according to the actual situation. Taking the output result as the key of the SM4 algorithm (a conventional encryption algorithm) as an example, the length of the key set by the SM4 algorithm is 128 bits, and correspondingly, the character length of the output result and the character length of the original character value should be 128 bits, and specifically, the structure value of the PUF based on the ring oscillator can be set to be 128.
S103: and using the first character value as an encryption key, and encrypting the information by using an SM4 algorithm to obtain a ciphertext.
The specific implementation process of encrypting information by using the SM4 algorithm is common knowledge familiar to those skilled in the art, and will not be described herein again. In addition, other encryption algorithms can be used to encrypt and decrypt information, such as the SM1 algorithm, the SM2 algorithm, and the like.
S104: and storing the original character value and the ciphertext into the information writing address.
Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm and stored in the disk in the form of the ciphertext, and the safety of information storage is obviously improved. In addition, the first character value output based on the physical unclonable function not only can provide a more secure and convenient key for information encryption, but also can avoid the weak point that the key must be subjected to plaintext storage in the traditional encryption scheme, and the first character value is used as an encryption key, is obtained by processing the original character value in real time by using the physical unclonable function, and is not stored in a disk in a plaintext or ciphertext manner, so that common attack methods (such as physical analysis, electrical analysis and structural analysis) aiming at the stored key are not effective any more, so that the key cannot be stolen by a third party, the security of the key is improved, and the security of information storage is further enhanced.
S105: and under the condition of receiving the information destruction instruction, generating an invalid character value, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
The generation process of the invalid character value is common knowledge familiar to those skilled in the art, and will not be described herein. Compared with the prior art, the original character value is the combination of all the characters, the information amount is less, only the original character value needs to be destroyed, the secret key cannot be obtained, the ciphertext cannot be decrypted to obtain the information plaintext, and therefore the purpose of information destruction is achieved. Therefore, in the embodiment, data overwriting is performed on the physical address where the original character value is located (that is, the original character value is destroyed), the time consumed by the data overwriting is far shorter than that in the prior art (data overwriting is performed on the physical address where the information is located in the prior art), and the rate of information destruction is significantly increased, so that the application requirement of information real-time destruction is met.
S106: and under the condition of receiving the information reading instruction, acquiring the ciphertext and the original character value from the information writing address.
The information reading instruction comprises an information writing address.
S107: and under the condition of triggering ciphertext decryption, taking the original character value as the input of the physical unclonable function to obtain the output result of the physical unclonable function.
And taking the original character value as the input of the physical unclonable function for the second time, wherein the obtained output result is the second character value.
It should be noted that, the ciphertext decryption process usually occurs after the information encryption process, and for this reason, in this embodiment, the original character value is taken as the input of the physical unclonable function at the nth time, the obtained output result is all regarded as the second character value, and n is a positive integer greater than 1. In other words, the encryption key used in the information encryption process is the first character value, and the decryption key used in the ciphertext decryption process is the second character value. Therefore, the first character value and the second character value are only used for distinguishing the output results obtained by using the original character value as the input of the physical unclonable function under different time sequences (namely the encryption/decryption time sequences of the information).
S108: and judging whether the second character value is the same as the first character value.
If the second character value is the same as the first character value, S109 is executed, otherwise S110 is executed.
S109: and the second character value is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
Wherein the second character value is the same as the first character value, and based on the physical unclonable characteristic of the PUF, it can be determined that the system environment has not changed. That is, the information storing process mentioned at S101 to S104 and the information reading process mentioned at S106 to S109 are performed in the same system environment. If the third party cannot crack or steal the system environment, the ciphertext cannot be decrypted to steal the information plaintext, so that the safety of information storage is enhanced.
S110: and generating an error information plaintext, and displaying the error information plaintext.
Wherein the second character value is different from the first character value, and the change of the system environment can be determined based on the physical unclonable characteristic of the PUF. That is, the information storage process mentioned in S101-S104 and the information reading process mentioned in S106-S110 are not performed in the same system environment, and thus it can be determined that there is a security risk of leakage of information (for example, a third party cracks information on a disk using another computer system). Therefore, the wrong information plaintext is generated, so that a third party can obtain the wrong information plaintext in an imperceptible manner (namely the third party does not know that the information plaintext obtained by cracking by using other computer systems is 'fake goods'), information leakage is avoided, and the safety of information storage is further enhanced.
It should be emphasized that the output result obtained by inputting the original character value to the physical unclonable function and the data overwriting (i.e. destroying the original character value) on the physical address where the original character value is located are both to avoid the key being stolen and to increase the difficulty of ciphertext cracking, thereby improving the security of information storage.
In summary, compared with the prior art, in which information is directly stored in a disk in a plaintext manner, the information is encrypted by using the encryption algorithm and stored in the disk in a ciphertext manner, so that the security of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result of the physical unclonable function is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced. In addition, only the original character value needs to be destroyed, the secret key cannot be obtained, and the ciphertext cannot be decrypted to obtain the information plaintext, so that the purpose of information destruction is achieved. Because the information quantity of the original character value is less, the data overwriting is carried out on the physical address where the original character value is located in the embodiment, the consumed time is far shorter than that of the prior art, the information destroying rate is obviously increased, and therefore the application requirement of information real-time destroying is met.
It should be noted that, in the foregoing embodiment, a specific implementation process of obtaining the ciphertext and the original character value from the information write address when the information read instruction is received is an optional implementation manner of the data processing method in the present application. And, the first character value and the second character value are also a concrete expression of the output result of the physical unclonable function. In addition, under the condition that the second character value is different from the first character value, generating an error information plaintext, and displaying the error information plaintext, which is also an optional implementation manner of the data processing method. For this reason, the flow described in the above embodiment may be summarized as the method described in fig. 2.
As shown in fig. 2, a schematic diagram of another data processing method provided in the embodiment of the present application includes the following steps:
s201: and acquiring an original character value input by a user under the condition of receiving the information storage instruction.
The information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information.
S202: and taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function.
Optionally, when the original character value is input as the physical unclonable function for the first time, the obtained output result is the first character value; and (3) when the original character value is input as the physical unclonable function at the nth time, the obtained output result is the second character value, and n is a positive integer greater than 1.
S203: and taking the output result as an encryption key, and encrypting the information by using a preset encryption algorithm to obtain a ciphertext.
The preset encryption algorithm includes, but is not limited to, the SM4 algorithm, and the process of information encryption is common knowledge familiar to those skilled in the art, and will not be described herein again.
S204: and storing the original character value and the ciphertext into the information writing address.
In summary, in the case of receiving an information storage instruction, the original character value input by the user is obtained, where the information storage instruction includes information and an information write address, and the information write address is used for storing the information. And taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function. And taking the output result as an encryption key, encrypting the information by using a preset encryption algorithm to obtain a ciphertext, and storing the original character value and the ciphertext into the information writing address. Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm, the information is stored in the disk in a ciphertext mode, and the safety of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result of the physical unclonable function is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced.
Corresponding to the data processing method provided by the embodiment of the application, the embodiment of the application also provides a data processing device.
As shown in fig. 3, a schematic structural diagram of a data processing apparatus provided in an embodiment of the present application includes:
an obtaining unit 100, configured to obtain an original character value input by a user in a case where an information storage instruction is received. The information storage instruction includes information and an information write address, and the information write address is used for storing the information.
And the output unit 200 is configured to use the original character value as an input of a preset physical unclonable function to obtain an output result of the physical unclonable function.
And the encryption unit 300 is configured to encrypt the information by using a preset encryption algorithm to obtain a ciphertext by using the output result as an encryption key.
And the storage unit 400 is used for storing the original character value and the ciphertext into the information writing address.
The destroying unit 500 is configured to generate an invalid character value when the information destroying instruction is received, and overwrite data on a physical address where the original character value is located by using the invalid character value.
And a decryption unit 600, configured to, in a case where decryption of the ciphertext is triggered, determine whether a system environment changes based on an output result, generate an erroneous information plaintext and display the erroneous information plaintext in a case where the system environment is determined to change, and decrypt the ciphertext by using the output result as a decryption key in a case where the system environment is determined not to change, to obtain the information plaintext and display the information plaintext.
The specific process of determining whether the system environment is changed by the decryption unit 600 based on the output result includes: and comparing the first character value with the second character value, wherein the first character value is an output result obtained when the original character value is input as the physical unclonable function for the first time. The second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer larger than 1. And determining that the system environment is not changed if the comparison result indicates that the first character value and the second character value are the same, and determining that the system environment is changed if the comparison result indicates that the first character value and the second character value are not the same.
In summary, in the case of receiving an information storage instruction, the original character value input by the user is obtained, where the information storage instruction includes information and an information write address, and the information write address is used for storing the information. And taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function. And taking the output result as an encryption key, encrypting the information by using a preset encryption algorithm to obtain a ciphertext, and storing the original character value and the ciphertext into the information writing address. Compared with the prior art, the information plaintext is directly stored in the disk, the information is encrypted by using the encryption algorithm, the information is stored in the disk in a ciphertext mode, and the safety of information storage is obviously improved. Based on the characteristics of the physical unclonable function, the output result of the physical unclonable function is used as the key of the encryption algorithm, so that the difficulty of stealing the key by a third party can be improved, and the safety of information storage is enhanced.
The present application also provides a computer-readable storage medium including a stored program, wherein the program executes the data processing method provided in the present application.
The present application also provides a data processing apparatus, including: a processor, a memory, and a bus. The processor is connected with the memory through a bus, the memory is used for storing programs, and the processor is used for running the programs, wherein when the programs are run, the data processing method provided by the application is executed, and the method comprises the following steps:
under the condition of receiving an information storage instruction, acquiring an original character value input by a user; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
taking the output result as an encryption key, and encrypting the information by using a preset encryption algorithm to obtain a ciphertext;
and storing the original character value and the ciphertext into the information writing address.
Optionally, the method further includes:
and under the condition of receiving an information destruction instruction, generating an invalid character value, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
Optionally, the method further includes:
under the condition of triggering the ciphertext decryption, judging whether the system environment is changed or not based on the output result;
under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext;
and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
Optionally, the determining whether the system environment is changed based on the output result includes:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
The functions described in the method of the embodiment of the present application, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A data processing method, comprising:
under the condition of receiving an information storage instruction, acquiring an original character value input by a user; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
taking the output result as an encryption key, and encrypting the information by using a preset encryption algorithm to obtain a ciphertext;
and storing the original character value and the ciphertext into the information writing address.
2. The method of claim 1, further comprising:
and under the condition of receiving an information destruction instruction, generating an invalid character value, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
3. The method of claim 1, further comprising:
under the condition of triggering the ciphertext decryption, judging whether the system environment is changed or not based on the output result;
under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext;
and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
4. The method of claim 3, wherein determining whether a system environment has changed based on the output comprises:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
5. A data processing apparatus, comprising:
the device comprises an acquisition unit, a storage unit and a display unit, wherein the acquisition unit is used for acquiring an original character value input by a user under the condition of receiving an information storage instruction; the information storage instruction comprises information and an information writing address, and the information writing address is used for storing the information;
the output unit is used for taking the original character value as the input of a preset physical unclonable function to obtain the output result of the physical unclonable function;
the encryption unit is used for encrypting the information by using a preset encryption algorithm by taking the output result as an encryption key to obtain a ciphertext;
and the storage unit is used for storing the original character value and the ciphertext into the information writing address.
6. The apparatus of claim 5, further comprising:
and the destroying unit is used for generating an invalid character value under the condition of receiving the information destroying instruction, and overwriting the data of the physical address where the original character value is located by using the invalid character value.
7. The apparatus of claim 5, further comprising:
the decryption unit is used for judging whether the system environment is changed or not based on the output result under the condition of triggering the decryption of the ciphertext; under the condition that the system environment is determined to be changed, generating an error information plaintext, and displaying the error information plaintext; and under the condition that the system environment is determined not to be changed, the output result is used as a decryption key to decrypt the ciphertext to obtain an information plaintext, and the information plaintext is displayed.
8. The apparatus according to claim 7, wherein the decryption unit is specifically configured to:
comparing the first character value and the second character value; the first character value is an output result obtained when the original character value is used as the input of the physical unclonable function for the first time; the second character value is an output result obtained when the original character value is input as the physical unclonable function at the nth time, and n is a positive integer greater than 1;
determining that the system environment has not changed if the comparison result indicates that the first character value and the second character value are the same;
determining that the system environment has changed if the comparison result indicates that the first character value and the second character value are not the same.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium includes a stored program, wherein the program executes the data processing method of any one of claims 1 to 4.
10. A data processing apparatus, characterized by comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus;
the memory is used for storing a program and the processor is used for executing the program, wherein the program executes the data processing method of any one of claims 1 to 4 when running.
CN202011193492.2A 2020-10-30 2020-10-30 Data processing method, device, equipment and storage medium Pending CN112286463A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011193492.2A CN112286463A (en) 2020-10-30 2020-10-30 Data processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011193492.2A CN112286463A (en) 2020-10-30 2020-10-30 Data processing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112286463A true CN112286463A (en) 2021-01-29

Family

ID=74353718

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011193492.2A Pending CN112286463A (en) 2020-10-30 2020-10-30 Data processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112286463A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113434876A (en) * 2021-06-22 2021-09-24 海光信息技术股份有限公司 Data encryption method and device, memory controller, chip and electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101847296A (en) * 2009-03-25 2010-09-29 索尼公司 Integrated circuit, encrypt communication apparatus, system and method and information processing method
CN103678977A (en) * 2012-09-13 2014-03-26 联发科技股份有限公司 Method and electronic device for protecting information security
CN105324777A (en) * 2013-07-04 2016-02-10 凸版印刷株式会社 Device and authentication system
CN106845261A (en) * 2017-04-18 2017-06-13 广东浪潮大数据研究有限公司 A kind of method and device of destruction SSD hard disc datas
CN109522758A (en) * 2018-11-21 2019-03-26 苏州矗联电子技术有限公司 Hard disk data management method and hard disk
CN110008761A (en) * 2018-01-04 2019-07-12 李佳 A kind of privacy information camouflage method
CN111183611A (en) * 2017-07-18 2020-05-19 平方股份有限公司 Device with physical unclonable function

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101847296A (en) * 2009-03-25 2010-09-29 索尼公司 Integrated circuit, encrypt communication apparatus, system and method and information processing method
CN103678977A (en) * 2012-09-13 2014-03-26 联发科技股份有限公司 Method and electronic device for protecting information security
CN105324777A (en) * 2013-07-04 2016-02-10 凸版印刷株式会社 Device and authentication system
CN106845261A (en) * 2017-04-18 2017-06-13 广东浪潮大数据研究有限公司 A kind of method and device of destruction SSD hard disc datas
CN111183611A (en) * 2017-07-18 2020-05-19 平方股份有限公司 Device with physical unclonable function
CN110008761A (en) * 2018-01-04 2019-07-12 李佳 A kind of privacy information camouflage method
CN109522758A (en) * 2018-11-21 2019-03-26 苏州矗联电子技术有限公司 Hard disk data management method and hard disk

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
胡伟等: "硬件安全威胁与防范", 31 August 2019, 西安电子科技大学出版社, pages: 94 - 98 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113434876A (en) * 2021-06-22 2021-09-24 海光信息技术股份有限公司 Data encryption method and device, memory controller, chip and electronic equipment

Similar Documents

Publication Publication Date Title
US9875378B2 (en) Physically unclonable function assisted memory encryption device techniques
Turan et al. Recommendation for password-based key derivation
KR101324825B1 (en) Message authentication code pre-computation with applications to secure memory
US7082539B1 (en) Information processing apparatus
US9571289B2 (en) Methods and systems for glitch-resistant cryptographic signing
CN110710155A (en) Progressive key encryption algorithm
JP2001514834A (en) Secure deterministic cryptographic key generation system and method
KR20040053101A (en) Device and method with reduced information leakage
CN102904712A (en) Information encrypting method
JP6533553B2 (en) Encryption / decryption device and power analysis protection method therefor
JP2013131868A (en) Temperature sensor, encryption device, encryption method, and individual information generation device
BR112013012216B1 (en) protection against passive eavesdropping
Vybornova Password-based key derivation function as one of Blum-Blum-Shub pseudo-random generator applications
Turan et al. Sp 800-132. recommendation for password-based key derivation: Part 1: Storage applications
CN114513302A (en) Data encryption and decryption method and equipment
CN112286463A (en) Data processing method, device, equipment and storage medium
JP4386766B2 (en) Error detection in data processing equipment.
CN112989388A (en) Security verification method and device under cloud architecture and electronic equipment
CN116248258A (en) Password detection method, device, equipment and storage medium
Amael et al. Securing Ventilators: Integrating Hardware Security Modules with SoftHSM and Cryptographic Algorithms
Jose et al. A memory architecture using linear and nonlinear feedback shift registers for data security
Koopahi et al. Secure scan-based design using Blum Blum Shub algorithm
TWI608381B (en) Encryption/decryption apparatus and power analysis protecting method thereof
Krishnan et al. Modified AES with Random S box generation to overcome the side channel assaults using cloud
CN113508380A (en) Method for terminal entity authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination