CN113688407A - Data management method and related device - Google Patents
Data management method and related device Download PDFInfo
- Publication number
- CN113688407A CN113688407A CN202110873089.2A CN202110873089A CN113688407A CN 113688407 A CN113688407 A CN 113688407A CN 202110873089 A CN202110873089 A CN 202110873089A CN 113688407 A CN113688407 A CN 113688407A
- Authority
- CN
- China
- Prior art keywords
- sensitive data
- data
- secret key
- width
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000013523 data management Methods 0.000 title claims abstract description 39
- 230000007246 mechanism Effects 0.000 claims abstract description 28
- 238000004590 computer program Methods 0.000 claims description 11
- 230000001960 triggered effect Effects 0.000 claims description 11
- 238000007726 management method Methods 0.000 claims description 10
- 230000001502 supplementing effect Effects 0.000 claims description 5
- 230000000694 effects Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a data management method, which comprises the following steps: triggering an encryption and decryption mechanism; generating and storing a secret key when sensitive data are written in; encrypting the sensitive data according to the secret key, and writing the encrypted sensitive data into a main memory; when the sensitive data is read, acquiring the secret key corresponding to the read request address; and decrypting the sensitive data according to the secret key and sending the decrypted sensitive data. By the method, the risk of sensitive data leakage can be reduced, and the safety of the SOC system is improved. The application also discloses a data management device, equipment and a computer readable storage medium, which have the technical effects.
Description
Technical Field
The application relates to the technical field of computers, in particular to a data management method; it also relates to a data management device, an apparatus and a computer readable storage medium.
Background
With the wide application of the SOC (System-on-a-Chip) System in the fields of data centers and the like, the security of the SOC System is receiving more and more attention. Currently, two operating systems are operated in an existing SOC system, one operating system is used for managing sensitive data, and the other operating system is used for operating application programs. When the application program needs the sensitive data, switching to another set of operating system to read the sensitive data, and then returning the sensitive data to the application program. Although the application program cannot access the sensitive Data, the sensitive Data is still exposed in a DDR (Double Data Rate) memory, and there is a risk that the sensitive Data is directly utilized and leaked.
Therefore, how to improve the security of the SOC system has become a technical problem to be solved urgently by those skilled in the art.
Disclosure of Invention
The application aims to provide a data management method which can reduce the risk of sensitive data leakage and improve the safety of an SOC system. Another object of the present application is to provide a data management apparatus, a device and a computer-readable storage medium, all having the above technical effects.
In order to solve the above technical problem, the present application provides a data management method, including:
triggering an encryption and decryption mechanism;
generating and storing a secret key when sensitive data are written in;
encrypting the sensitive data according to the secret key, and writing the encrypted sensitive data into a main memory;
when the sensitive data is read, acquiring the secret key corresponding to the read request address;
and decrypting the sensitive data according to the secret key and sending the decrypted sensitive data.
Optionally, the triggering encryption and decryption mechanism includes:
the encryption and decryption mechanism is triggered by setting the sensitive data control bit to a target value.
Optionally, the encrypting the sensitive data according to the secret key includes:
judging whether the width of the sensitive data reaches a preset data width or not;
if the width of the sensitive data reaches the preset data width, encrypting the sensitive data directly according to the secret key;
and if the width of the sensitive data does not reach the preset data width, the sensitive data is supplemented to the preset data width, and then the supplemented sensitive data is encrypted.
Optionally, the padding the sensitive data to the preset data width includes:
and supplementing the sensitive data to the preset data width by using zeros.
Optionally, before generating the key, the method further includes:
judging whether the write request address is written with sensitive data for the first time;
if sensitive data are written in for the first time, generating the secret key corresponding to the write request address;
and if the sensitive data is not written for the first time, acquiring the key corresponding to the write request address which is generated in advance.
Optionally, the decrypting the sensitive data according to the secret key includes:
and decrypting the sensitive data with preset data width according to the secret key.
Optionally, the method further includes:
configuring the sensitive data control bits in a memory management unit.
In order to solve the above technical problem, the present application further provides a data management apparatus, including:
the trigger module is used for triggering an encryption and decryption mechanism;
the key generating module is used for generating and storing a key when sensitive data are written in;
the encryption module is used for encrypting the sensitive data according to the secret key and writing the encrypted sensitive data into the main memory;
the secret key obtaining module is used for obtaining the secret key corresponding to the read request address when the sensitive data is read;
and the decryption module is used for decrypting the sensitive data according to the secret key and sending the decrypted sensitive data.
In order to solve the above technical problem, the present application further provides a data management device, including:
a memory for storing a computer program;
a processor for implementing the steps of the data management method as described in any one of the above when executing the computer program.
To solve the above technical problem, the present application further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the data management method according to any one of the above.
The data management method provided by the application comprises the following steps: triggering an encryption and decryption mechanism; generating and storing a secret key when sensitive data are written in; encrypting the sensitive data according to the secret key, and writing the encrypted sensitive data into a main memory; when the sensitive data is read, acquiring the secret key corresponding to the read request address; and decrypting the sensitive data according to the secret key and sending the decrypted sensitive data.
Therefore, the data management method provided by the application can greatly reduce the risk of leakage of the sensitive data from the memory by performing encryption and decryption operations on the sensitive data, thereby improving the safety of the SOC system.
The data management device, the equipment and the computer readable storage medium provided by the application have the technical effects.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed in the prior art and the embodiments are briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flowchart of a data management method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a data management apparatus according to an embodiment of the present application;
fig. 3 is a schematic diagram of a data management device according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a data management method which can reduce the risk of sensitive data leakage and improve the safety of an SOC system. Another core of the present application is to provide a data management apparatus, a device and a computer-readable storage medium, all having the above technical effects.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flow chart of a data management method according to an embodiment of the present application, and referring to fig. 1, the method mainly includes:
s101: triggering an encryption and decryption mechanism;
s102: generating and storing a secret key when sensitive data are written in;
s103: encrypting the sensitive data according to the secret key, and writing the encrypted sensitive data into a main memory;
specifically, after the CPU sends a write sensitive data instruction, the encryption and decryption mechanism may be triggered, and then, after the encryption and decryption mechanism is triggered, the key may be generated and stored. For sensitive data to be written, firstly, the sensitive data is encrypted according to the generated secret key, and then the encrypted sensitive data is written into the main memory.
In a specific embodiment, the method for encrypting the sensitive data according to the key is as follows:
judging whether the width of the sensitive data reaches a preset data width or not;
if the width of the sensitive data reaches the preset data width, encrypting the sensitive data directly according to the secret key;
and if the width of the sensitive data does not reach the preset data width, the sensitive data is supplemented to the preset data width, and then the supplemented sensitive data is encrypted.
Specifically, the width of the sensitive data subjected to the encryption operation is agreed in advance, and before the sensitive data is encrypted, whether the width of the sensitive data reaches the agreed width in advance is judged, that is, whether the width of the sensitive data reaches the preset data width is judged. And if the width of the sensitive data reaches the preset data width, directly encrypting the sensitive data according to the secret key. And if the width of the sensitive data does not reach the preset data width, firstly supplementing the sensitive data to enable the sensitive data to reach the preset data width, and after the sensitive data is supplemented, encrypting the supplemented sensitive data according to the secret key.
The predetermined data width may be 512 bits. That is, if the width of the sensitive data reaches 512 bits, the sensitive data is directly encrypted according to the key. If the width of the sensitive data does not reach 512 bits, the sensitive data is firstly supplemented to reach 512 bits, and after the sensitive data is supplemented, the supplemented sensitive data is encrypted according to the secret key.
The sensitive data can be filled with zeros.
It is understood that the above-mentioned filling method and other methods may be adopted for filling, and the present application is not limited to this.
Further, in a specific embodiment, before generating the key, the method further includes:
judging whether the write request address is written with sensitive data for the first time;
if sensitive data are written in for the first time, generating the secret key corresponding to the write request address;
and if the sensitive data is not written for the first time, acquiring the key corresponding to the write request address which is generated in advance.
Specifically, in this embodiment, before generating the key, it is determined whether the address to which the sensitive data is written in the sensitive data for the first time. If the sensitive data is written for the first time, it indicates that the address does not have a corresponding key, and at this time, the key of the address needs to be generated first, and then data encryption is performed according to the generated key. If the sensitive data is not written for the first time, the corresponding secret key exists in the address, and at this time, the secret key does not need to be regenerated, and only the secret key generated before is needed to be obtained, and data encryption is carried out according to the secret key.
The process of encrypting and storing the sensitive data may be as follows, in combination with whether the write request address is written into the sensitive data for the first time and whether the width of the sensitive data reaches the preset data width:
and if the write request address is that sensitive data is written for the first time and the width of the sensitive data reaches the preset data width, generating a secret key, directly encrypting the sensitive data according to the generated secret key, and writing the encrypted sensitive data into the main memory.
And if the write request address is that sensitive data is written for the first time and the width of the sensitive data does not reach the preset data width, generating a secret key, after the sensitive data is filled to the preset data width, encrypting the filled sensitive data according to the generated secret key, and finally writing the encrypted sensitive data into the main memory.
If the write request address is not the first time to write the sensitive data and the width of the sensitive data reaches the preset data width, firstly, a key corresponding to the write request address which is generated before is obtained, the sensitive data is directly encrypted according to the read key, and then the encrypted sensitive data is written into the main memory.
If the write request address is not the first time of writing sensitive data, and the width of the sensitive data does not reach the preset data width, firstly, a secret key corresponding to the write request address which is generated before and sensitive data with the preset data width which is written in the write request address are obtained, the written sensitive data are decrypted according to the read secret key, the sensitive data are replaced to the corresponding correct position of the written sensitive data with the preset data width, then the sensitive data with the preset data width which is obtained after replacement are encrypted according to the read secret key, and finally the encrypted sensitive data are written in the main memory.
S104: when the sensitive data is read, acquiring the secret key corresponding to the read request address;
s105: and decrypting the sensitive data according to the secret key and sending the decrypted sensitive data.
Specifically, after the CPU sends a sensitive data reading instruction, the encryption and decryption mechanism may be triggered, and after the encryption and decryption mechanism is triggered, for the sensitive data to be read, first, according to the read request address, the key corresponding to the read request address is read, the sensitive data is read from the read request address, and then, after the read sensitive data is decrypted according to the read key, the decrypted sensitive data is returned.
In a specific embodiment, the decrypting the sensitive data according to the key includes: and decrypting the sensitive data with preset data width according to the secret key.
Specifically, in the embodiment, corresponding to the implementation of encrypting and storing data in units of the preset data width, when the encrypted data is read, the sensitive data of the preset data width is read from the read request address, and then the sensitive data of the preset data width is decrypted according to the key.
For example, data encryption and storage are performed in units of 512 bits, and then when the sensitive data is read, the sensitive data is read in units of 512 bits, and the sensitive data of 512 bits is decrypted according to the secret key.
The encryption is performed when the sensitive data is written and the decryption is performed when the sensitive data is read on the premise that the encryption and decryption mechanism is triggered.
In a specific embodiment, the manner of triggering the encryption and decryption mechanism may be:
the encryption and decryption mechanism is triggered by setting the sensitive data control bit to a target value.
Specifically, a sensitive data control bit may be configured (additionally arranged) in the storage management unit in advance, and a value representing the sensitive data control bit when sensitive data encryption and decryption is to be performed, that is, a target value, is agreed, and when a write sensitive data request or a read sensitive data request is sent by the CPU, the sensitive data control bit is set to the target value, thereby implementing a trigger encryption and decryption mechanism.
The specific position and the number of the sensitive data control bit and the specific value of the target value are not limited in the application, and the difference setting can be performed.
For example, the sensitive data control bit is one bit and the target value is 1. When the sensitive data is not read or written, the sensitive data is controlled to be set to 0. When the CPU sends out a request for writing sensitive data or a request for reading sensitive data, the control bit of the sensitive data is set to 1.
In order to implement the management scheme provided by the above embodiment provided by the application, in addition to adding the sensitive data control bit in the storage management unit, a main memory security access module may be added between the cache and the main memory controller. The main memory security access module comprises a key generator and a key memory.
Based on the above setting, the specific implementation process of implementing the management scheme by means of the storage management unit and the main memory security access module may be as follows:
when the CPU sends a request for writing sensitive data, the storage management unit sets the control bit of the sensitive data as a target value, thereby triggering an encryption and decryption mechanism. After the encryption and decryption mechanism is triggered, when the sensitive data reaches the main memory security access module, the main memory security access module encrypts the sensitive data and writes the encrypted sensitive data into the main memory. The process of encrypting and storing sensitive data refers to the above embodiments, and is not described herein in detail.
When the CPU sends a request for reading sensitive data, the storage management unit sets the control bit of the sensitive data to a target value, thereby triggering an encryption and decryption mechanism. After the encryption and decryption mechanism is triggered, when a read request reaches the main memory security access module, the main memory security access module searches a corresponding secret key according to the read request address and reads sensitive data, and finally decrypts the read sensitive data according to the read secret key and returns the decrypted sensitive data.
In summary, the data management method provided by the present application includes: triggering an encryption and decryption mechanism; generating and storing a secret key when sensitive data are written in; encrypting the sensitive data according to the secret key, and writing the encrypted sensitive data into a main memory; when the sensitive data is read, acquiring the secret key corresponding to the read request address; and decrypting the sensitive data according to the secret key and sending the decrypted sensitive data. Therefore, the data management method provided by the application can greatly reduce the risk of leakage of the sensitive data from the memory by performing encryption and decryption operations on the sensitive data, thereby improving the safety of the SOC system.
The present application also provides a data management apparatus, which is described below and to which the above-described method can be referred. Referring to fig. 2, fig. 2 is a schematic diagram of a data management apparatus according to an embodiment of the present application, and referring to fig. 2, the apparatus includes:
the trigger module 10 is used for triggering an encryption and decryption mechanism;
the key generating module 20 is configured to generate and store a key when sensitive data is written in;
the encryption module 30 is configured to encrypt the sensitive data according to the secret key, and write the encrypted sensitive data into the main memory;
the key obtaining module 40 is configured to obtain the key corresponding to the read request address when the sensitive data is read;
and the decryption module 50 is configured to decrypt the sensitive data according to the secret key, and send the decrypted sensitive data.
On the basis of the foregoing embodiment, optionally, the triggering module 10 is specifically configured to:
the encryption and decryption mechanism is triggered by setting the sensitive data control bit to a target value.
On the basis of the foregoing embodiment, optionally, the encryption module 30 includes:
the judging unit is used for judging whether the width of the sensitive data reaches the preset data width;
the first encryption unit is used for directly encrypting the sensitive data according to the secret key if the width of the sensitive data reaches the preset data width;
and the second encryption unit is used for supplementing the sensitive data to the preset data width and encrypting the supplemented sensitive data if the width of the sensitive data does not reach the preset data width.
On the basis of the foregoing embodiment, optionally, the second encryption unit is specifically configured to:
and supplementing the sensitive data to the preset data width by using zeros.
On the basis of the above embodiment, optionally, the method further includes:
the judging module is used for judging whether the write request address is written with sensitive data for the first time;
if the sensitive data is written in for the first time, the key generation module 20 generates the key corresponding to the write request address;
if the sensitive data is not written for the first time, the key obtaining module 40 obtains a key corresponding to the write request address that has been generated in advance.
On the basis of the foregoing embodiment, optionally, the decryption module 50 is specifically configured to:
and decrypting the sensitive data with preset data width according to the secret key.
On the basis of the above embodiment, optionally, the method further includes:
and the configuration module is used for configuring the sensitive data control bit in the storage management unit.
The data management device provided by the application writes sensitive data into a main memory after encrypting the sensitive data to be written in, and returns the sensitive data to be read after decrypting the sensitive data when reading the sensitive data, so that the risk of leakage of the sensitive data from a memory can be greatly reduced by performing encryption and decryption operations on the sensitive data, and the safety of an SOC (system on chip) system is improved.
The present application also provides a data management device, shown with reference to fig. 3, comprising a memory 1 and a processor 2.
A memory 1 for storing a computer program;
a processor 2 for executing a computer program to implement the steps of:
triggering an encryption and decryption mechanism; generating and storing a secret key when sensitive data are written in; encrypting the sensitive data according to the secret key, and writing the encrypted sensitive data into a main memory; when the sensitive data is read, acquiring the secret key corresponding to the read request address; and decrypting the sensitive data according to the secret key and sending the decrypted sensitive data.
For the introduction of the device provided in the present application, please refer to the above method embodiment, which is not described herein again.
The present application further provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, performs the steps of:
triggering an encryption and decryption mechanism; generating and storing a secret key when sensitive data are written in; encrypting the sensitive data according to the secret key, and writing the encrypted sensitive data into a main memory; when the sensitive data is read, acquiring the secret key corresponding to the read request address; and decrypting the sensitive data according to the secret key and sending the decrypted sensitive data.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
For the introduction of the computer-readable storage medium provided in the present application, please refer to the above method embodiments, which are not described herein again.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device, the apparatus and the computer-readable storage medium disclosed by the embodiments correspond to the method disclosed by the embodiments, so that the description is simple, and the relevant points can be referred to the description of the method.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The data management method, apparatus, device and computer-readable storage medium provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. A method for managing data, comprising:
triggering an encryption and decryption mechanism;
generating and storing a secret key when sensitive data are written in;
encrypting the sensitive data according to the secret key, and writing the encrypted sensitive data into a main memory;
when the sensitive data is read, acquiring the secret key corresponding to the read request address;
and decrypting the sensitive data according to the secret key and sending the decrypted sensitive data.
2. The data management method of claim 1, wherein the triggering of the encryption/decryption mechanism comprises:
the encryption and decryption mechanism is triggered by setting the sensitive data control bit to a target value.
3. The data management method of claim 1, wherein the encrypting the sensitive data according to the key comprises:
judging whether the width of the sensitive data reaches a preset data width or not;
if the width of the sensitive data reaches the preset data width, encrypting the sensitive data directly according to the secret key;
and if the width of the sensitive data does not reach the preset data width, the sensitive data is supplemented to the preset data width, and then the supplemented sensitive data is encrypted.
4. The data management method of claim 3, wherein padding the sensitive data to the preset data width comprises:
and supplementing the sensitive data to the preset data width by using zeros.
5. The data management method of claim 1, wherein generating the key further comprises:
judging whether the write request address is written with sensitive data for the first time;
if sensitive data are written in for the first time, generating the secret key corresponding to the write request address;
and if the sensitive data is not written for the first time, acquiring the key corresponding to the write request address which is generated in advance.
6. The data management method of claim 3, wherein the decrypting the sensitive data according to the key comprises:
and decrypting the sensitive data with preset data width according to the secret key.
7. The data management method of claim 2, further comprising:
configuring the sensitive data control bits in a memory management unit.
8. A data management apparatus, comprising:
the trigger module is used for triggering an encryption and decryption mechanism;
the key generating module is used for generating and storing a key when sensitive data are written in;
the encryption module is used for encrypting the sensitive data according to the secret key and writing the encrypted sensitive data into the main memory;
the secret key obtaining module is used for obtaining the secret key corresponding to the read request address when the sensitive data is read;
and the decryption module is used for decrypting the sensitive data according to the secret key and sending the decrypted sensitive data.
9. A data management apparatus, characterized by comprising:
a memory for storing a computer program;
a processor for implementing the steps of the data management method of any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the data management method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110873089.2A CN113688407A (en) | 2021-07-30 | 2021-07-30 | Data management method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110873089.2A CN113688407A (en) | 2021-07-30 | 2021-07-30 | Data management method and related device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113688407A true CN113688407A (en) | 2021-11-23 |
Family
ID=78578404
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110873089.2A Pending CN113688407A (en) | 2021-07-30 | 2021-07-30 | Data management method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113688407A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106062768A (en) * | 2014-02-28 | 2016-10-26 | 超威半导体公司 | Cryptographic protection of information in a processing system |
| CN106130719A (en) * | 2016-07-21 | 2016-11-16 | 中国科学院信息工程研究所 | A kind of cryptographic algorithm multinuclear implementation method resisting memory overflow attack and device |
| CN110069935A (en) * | 2019-03-20 | 2019-07-30 | 上海交通大学 | Inside protecting sensitive data method and system based on label memory |
| CN110447032A (en) * | 2017-03-29 | 2019-11-12 | 超威半导体公司 | Storage page between management program and virtual machine converts monitoring |
| CN111049830A (en) * | 2019-12-13 | 2020-04-21 | 重庆国翰能源发展有限公司 | Data information leakage prevention method for charging pile |
| CN111492353A (en) * | 2018-08-15 | 2020-08-04 | 华为技术有限公司 | Safe data transfer device, system and method |
| CN111814162A (en) * | 2020-06-30 | 2020-10-23 | 浙江大学 | Kernel sensitive data protection method based on customized hardware security attribute |
| US20210150038A1 (en) * | 2019-11-20 | 2021-05-20 | International Business Machines Corporation | Smart data protection |
-
2021
- 2021-07-30 CN CN202110873089.2A patent/CN113688407A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106062768A (en) * | 2014-02-28 | 2016-10-26 | 超威半导体公司 | Cryptographic protection of information in a processing system |
| CN106130719A (en) * | 2016-07-21 | 2016-11-16 | 中国科学院信息工程研究所 | A kind of cryptographic algorithm multinuclear implementation method resisting memory overflow attack and device |
| CN110447032A (en) * | 2017-03-29 | 2019-11-12 | 超威半导体公司 | Storage page between management program and virtual machine converts monitoring |
| CN111492353A (en) * | 2018-08-15 | 2020-08-04 | 华为技术有限公司 | Safe data transfer device, system and method |
| CN110069935A (en) * | 2019-03-20 | 2019-07-30 | 上海交通大学 | Inside protecting sensitive data method and system based on label memory |
| US20210150038A1 (en) * | 2019-11-20 | 2021-05-20 | International Business Machines Corporation | Smart data protection |
| CN111049830A (en) * | 2019-12-13 | 2020-04-21 | 重庆国翰能源发展有限公司 | Data information leakage prevention method for charging pile |
| CN111814162A (en) * | 2020-06-30 | 2020-10-23 | 浙江大学 | Kernel sensitive data protection method based on customized hardware security attribute |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20170046281A1 (en) | Address dependent data encryption | |
| CN101231622B (en) | Data storage method and equipment base on flash memory, as well as data fetch method and apparatu | |
| KR100445406B1 (en) | Apparatus for encrypting the data and method therefor | |
| US20190384938A1 (en) | Storage apparatus and method for address scrambling | |
| US20130156195A1 (en) | Method of obtaining a main key from a memory device, method of generating authentication information for a memory device, an external device and system icluding the external device | |
| CN105830086A (en) | Data protection in a storage system using external secrets | |
| CN105450620A (en) | Information processing method and device | |
| KR101303278B1 (en) | FPGA apparatus and method for protecting bitstream | |
| JP2020535693A (en) | Storage data encryption / decryption device and method | |
| KR20100100649A (en) | Data whitening for writing and reading data to and from a non-volatile memory | |
| JPH11272561A (en) | Data protection method for storage medium device for the same and storage medium therefor | |
| US9323943B2 (en) | Decrypt and encrypt data of storage device | |
| CN112887077B (en) | SSD main control chip random cache confidentiality method and circuit | |
| CN110650191A (en) | Data read-write method of distributed storage system | |
| US20120311288A1 (en) | Secure storage of full disk encryption keys | |
| CN213876729U (en) | Random cache secret circuit of SSD main control chip | |
| CN106100829B (en) | Method and device for encrypted storage | |
| CN110932853B (en) | Key management device and key management method based on trusted module | |
| CN109344656B (en) | Database data encryption/decryption method, device and equipment | |
| KR101687492B1 (en) | Storing method of data dispersively and credential processing unit | |
| JP2007336446A (en) | Data encryption apparatus | |
| CN107861892B (en) | Method and terminal for realizing data processing | |
| CN116011041A (en) | Key management method, data protection method, system, chip and computer equipment | |
| CN113688407A (en) | Data management method and related device | |
| JP2019121955A (en) | Semiconductor device and generating method of encryption key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |