CN115062352B - Data processing method, system and circuit structure for dynamically adjusting encryption area - Google Patents

Data processing method, system and circuit structure for dynamically adjusting encryption area Download PDF

Info

Publication number
CN115062352B
CN115062352B CN202210977966.5A CN202210977966A CN115062352B CN 115062352 B CN115062352 B CN 115062352B CN 202210977966 A CN202210977966 A CN 202210977966A CN 115062352 B CN115062352 B CN 115062352B
Authority
CN
China
Prior art keywords
encryption
address
area
read
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210977966.5A
Other languages
Chinese (zh)
Other versions
CN115062352A (en
Inventor
刘杨
陈毅华
吴修英
易峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Jinxin Electronic Technology Co ltd
Original Assignee
Hunan Jinxin Electronic Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Jinxin Electronic Technology Co ltd filed Critical Hunan Jinxin Electronic Technology Co ltd
Priority to CN202210977966.5A priority Critical patent/CN115062352B/en
Publication of CN115062352A publication Critical patent/CN115062352A/en
Application granted granted Critical
Publication of CN115062352B publication Critical patent/CN115062352B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The invention discloses a data processing method, a system and a circuit structure for dynamically adjusting an encryption area, wherein the data processing method for dynamically adjusting the encryption area comprises the following steps: acquiring a read-write signal; determining an operation address of the read-write signal; determining the inclusion relation between the address interval of the encryption area and the operation address; the encryption area comprises one or more sub-encryption sections, and the address interval of each sub-encryption section is determined according to a fusing result obtained after the fuse module is fused; and processing data according to the read-write signals and the inclusion relation. The data processing method for dynamically adjusting the encryption area can solve the problems that the encryption area of the existing chip can not be freely set according to actual needs, is not flexible enough and has low safety.

Description

Data processing method, system and circuit structure for dynamically adjusting encryption area
Technical Field
The present invention relates to the field of electronic correlation techniques, and in particular, to a data processing method, system, and circuit structure for dynamically adjusting an encryption area.
Background
With the improvement of the design level of a system on a chip (SOC) and the improvement of the technology, the chip has been developed into an embedded system with complete functions and complex software and hardware structures, and the problem of chip security is more important. The encryption area of the existing chip with the encryption function is fixed, can not be freely set according to actual requirements, and is not flexible enough and low in safety.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a data processing method, a system and a circuit structure for dynamically adjusting an encryption area, which can solve the problems that the encryption area of the existing chip can not be freely set according to actual needs, is not flexible and has low safety.
The data processing method for dynamically adjusting the encryption area according to the embodiment of the first aspect of the invention comprises the following steps:
acquiring a read-write signal;
determining an operation address of the read-write signal;
determining the inclusion relation between the address interval of the encryption area and the operation address; the encryption area comprises one or more sub-encryption sections, and the address interval of each sub-encryption section is determined according to a fusing result obtained after the fuse module is fused;
and processing data according to the read-write signal and the inclusion relation.
The data processing method for dynamically adjusting the encryption area according to the embodiment of the invention at least has the following beneficial effects:
the address interval of the encryption area can be set according to actual needs by fusing the fuse module, the encryption area can be a continuous sub-encryption area or a plurality of discontinuous sub-encryption areas, and the address interval of each sub-encryption area is determined according to a fusing result obtained after the fuse module is fused. After the read-write signal is acquired and the operation address of the read-write signal is determined, data processing can be performed according to the read-write signal and the inclusion relation by determining the inclusion relation between the address interval of the encryption area and the operation address. If the operation address is in the address interval of the encryption area, the data processing can be carried out only after decryption is carried out according to the read-write signal; if the operation address is not in the address interval of the encryption area, the data processing can be directly carried out. The data processing method for dynamically adjusting the encryption area can solve the problems that the encryption area of the existing chip can not be freely set according to actual needs, is not flexible enough and has low safety.
According to some embodiments of the invention, the number of sub-encrypted sections is obtained by:
obtaining password region segmentation information according to the fusing result;
and determining the number of the sub-encryption sections according to the encryption area segmentation information.
According to some embodiments of the invention, the address space of the encryption area is obtained by:
obtaining area address information according to the fusing result;
and determining the address interval of each sub-encryption section in the encryption area according to the area address information and the number of the sub-encryption sections.
According to some embodiments of the invention, the address space of the encryption area is further obtained by:
obtaining fuse decryption information according to the fusing result;
and if the fuse decryption information is inconsistent with the preset effective configuration information, determining the full-section address interval of the fuse module as the address interval of the encryption area.
According to some embodiments of the present invention, the processing data according to the read-write signal and the inclusion relation comprises:
if the inclusion relation represents that the operation address is in the address interval of the encryption area, acquiring a decryption result obtained by decryption by an encryption and decryption module according to the read-write signal;
and processing data according to the read-write signal and the decryption result.
According to some embodiments of the present invention, the processing data according to the read-write signal and the inclusion relation further comprises:
and if the inclusion relation represents that the operation address is not in the address interval of the encryption area, performing data processing according to the read-write signal.
A data processing system with dynamically adjusted encryption regions according to an embodiment of a second aspect of the present invention comprises:
a read-write signal acquisition unit for acquiring a read-write signal;
an operation address determination unit for determining an operation address of the read-write signal;
the containing relation determining unit is used for determining the containing relation between the address interval of the encryption area and the operation address; the encryption area comprises one or more sub-encryption sections, and the address interval of each sub-encryption section is determined according to a fusing result obtained after the fuse module is fused;
and the data processing unit is used for processing data according to the read-write signal and the inclusion relation.
The data processing system for dynamically adjusting the encryption area according to the embodiment of the invention at least has the following beneficial effects:
the address interval of the encryption area can be set according to actual needs by fusing the fuse module, the encryption area can be a continuous sub-encryption area or a plurality of discontinuous sub-encryption areas, and the address interval of each sub-encryption area is determined according to a fusing result obtained after the fuse module is fused. The read-write signal can be acquired by the read-write signal acquisition unit. The operation address of the read/write signal can be determined by the operation address determination unit. The inclusion relation between the address section of the encryption area and the operation address can be determined by the inclusion relation determination unit. The data processing unit can process data according to the read-write signal and the inclusion relation. If the operation address is in the address interval of the encryption area, the data processing can be carried out only after decryption is carried out according to the read-write signal; if the operation address is not in the address interval of the encryption area, the data processing can be directly carried out. The data processing system for dynamically adjusting the encryption area can solve the problems that the encryption area of the existing chip can not be freely set according to actual needs, is not flexible enough and has low safety.
The circuit structure for dynamically adjusting the encryption area according to the embodiment of the third aspect of the present invention comprises:
the fuse module is used for responding to a fusing instruction to fuse to obtain a fusing result;
the decoding module is used for decoding the fusing result to determine an address interval of an encryption area;
the address comparison module is used for determining the inclusion relation between the address interval of the encryption area and the operation address of the read-write signal and outputting a comparison result signal;
the storage module is used for storing data;
the main control module is used for acquiring the read-write signal, determining the operation address of the read-write signal and processing the data stored in the storage module according to the comparison result signal and the read-write signal.
The circuit structure for dynamically adjusting the encryption area according to the embodiment of the invention at least has the following beneficial effects:
the fuse module is fused in response to the fusing instruction, the address interval of the encryption area can be set according to actual needs, the encryption area can be a continuous sub-encryption section or a plurality of discontinuous sub-encryption sections, and the address interval of each sub-encryption section is determined by decoding a fusing result obtained after the fuse module is fused through the decoding module. After the read-write signal is obtained, whether the operation address of the read-write signal is in the address interval of the encryption area or not can be determined through the address comparison module, and a comparison result signal is output, and the main control module can perform data processing according to the read-write signal and the comparison result signal. If the operation address is in the address interval of the encryption area, the data stored in the storage module can be processed only after decryption is carried out according to the read-write signal; if the operation address is not in the address interval of the encryption area, the data stored in the storage module can be directly processed. The circuit structure for dynamically adjusting the encryption area can solve the problems that the encryption area of the existing chip can not be freely set according to actual needs, is not flexible enough and has low safety.
According to some embodiments of the invention, further comprising:
the encryption and decryption module is connected with the main control module and used for decrypting according to the read-write signal to obtain a decryption result;
the selector is provided with a first input end, a second input end, a selection control end and a selection output end, the first input end is connected with the encryption and decryption module, the second input end is connected with the main control module, the selection control end is connected with the address comparison module, and the selection output end is connected with the storage module.
According to a fourth aspect of the present invention, there is provided a computer-readable storage medium storing computer-executable instructions for performing the data processing method for dynamically adjusting encryption areas as described in the first aspect. Since the computer-readable storage medium adopts all the technical solutions of the data processing method for dynamically adjusting the encryption area of the above embodiment, at least all the advantages brought by the technical solutions of the above embodiments are achieved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a schematic diagram of a circuit structure for dynamically adjusting encryption regions according to an embodiment of the present invention;
fig. 2 is a flowchart of a data processing method for dynamically adjusting an encryption area according to an embodiment of the present invention.
Reference numerals:
a fuse module 100;
a decoding module 200;
an address comparison module 300;
a memory module 400;
a main control module 500;
an encryption and decryption module 600;
a selector 700.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
In the description of the present invention, if there are first, second, etc. described, it is only for the purpose of distinguishing technical features, and it is not understood that relative importance is indicated or implied or that the number of indicated technical features is implicitly indicated or that the precedence of the indicated technical features is implicitly indicated.
In the description of the present invention, it should be understood that the orientation or positional relationship referred to, for example, the upper, lower, etc., is indicated based on the orientation or positional relationship shown in the drawings, and is only for convenience of description and simplification of description, but does not indicate or imply that the device or element referred to must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present invention.
In the description of the present invention, it should be noted that unless otherwise explicitly defined, terms such as arrangement, installation, connection and the like should be broadly understood, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the specific contents of the technical solutions.
The embodiment of the invention provides a circuit structure for dynamically adjusting an encryption region, which comprises a fuse module 100, a decoding module 200, an address comparison module 300, a storage module 400 and a main control module 500. The fuse module 100 is used for responding to a fusing instruction to fuse, so as to obtain a fusing result; a decoding module 200, configured to decode the fusing result to determine an address interval of the encrypted area; an address comparison module 300, configured to determine an inclusion relationship between an operation address of the read/write signal and an address interval of the encryption area, and output a comparison result signal; a storage module 400 for storing data; the main control module 500 is configured to obtain the read-write signal, determine an operation address of the read-write signal, and process the data stored in the storage module 400 according to the comparison result signal and the read-write signal.
The fuse module 100 is specially used for configuring an encryption region, the fuse module 100 includes a plurality of fuse units, the fuse units are blown to 0 and not blown to 1, and can be encoded according to a blowing result, and the decoding module 200 decodes the blowing result, thereby setting the encryption region. For example, one or more of the fuse units may be selected to represent the cipher region segmentation unit, and the result of the fusing may be used to represent the cipher region segmentation information, i.e. the number of sub-encryption sections may be known by decoding. One or more fuse units are selected from the plurality of fuse units to represent the area address units, and the fusing result is divided into one or more groups to represent the area address information, namely, the address interval of each sub-encryption section can be obtained through decoding. It should be noted that the fusing may be described as 1 and the non-fusing may be described as 0, which should not be construed as limiting the present invention. In addition, the operation principle of fuse blowing is known in the prior art and will not be described herein.
According to the data processing method for dynamically adjusting the encryption area of the embodiment of the invention, the address interval of the encryption area can be set according to actual needs by fusing the fuse module 100, the encryption area can be a continuous sub-encryption section or a plurality of discontinuous sub-encryption sections, and the address interval of each sub-encryption section is determined according to the fusing result obtained after fusing the fuse module 100. After the read-write signal is acquired and the operation address of the read-write signal is determined, data processing can be performed according to the read-write signal and the inclusion relation by determining the inclusion relation between the address interval of the encryption area and the operation address. If the operation address is in the address interval of the encryption area, the data processing can be carried out only after decryption is carried out according to the read-write signal; if the operation address is not in the address interval of the encryption area, the data processing can be directly carried out. The data processing method for dynamically adjusting the encryption area can solve the problems that the encryption area of the existing chip can not be freely set according to actual needs, is not flexible enough and has low safety.
The following will clearly and completely describe the data processing method for dynamically adjusting an encryption area according to an embodiment of the present invention with reference to fig. 1 and fig. 2, and it is obvious that the embodiment described below is a part of the embodiments of the present invention, and is not a whole embodiment.
The data processing method for dynamically adjusting the encryption area according to the embodiment of the first aspect of the invention comprises the following steps:
acquiring a read-write signal;
determining an operation address of the read-write signal;
determining the inclusion relation between the address interval of the encryption area and the operation address; the encryption area comprises one or more sub-encryption sections, and the address interval of each sub-encryption section is determined according to a fusing result obtained after the fuse module is fused;
and processing data according to the read-write signals and the inclusion relation.
The fuse module 100 is specifically configured to configure an encryption area, and in response to a fusing instruction, the fuse module 100 can be fused, the fused is 0, the unblown is 1, and an address interval of the encryption area can be obtained by decoding a fusing result, where the encryption area may be a continuous sub-encryption area or a plurality of discontinuous sub-encryption areas, and the number of the sub-encryption areas and the address interval of each sub-encryption area can be obtained according to the fusing result. It should be noted that the fusing may be described as 1 and the non-fusing may be described as 0, which should not be construed as limiting the present invention. In addition, the operation principle of fuse blowing is known in the prior art and will not be described herein.
The encryption area comprises one or more sub-encryption sections, and if the operation address of the read-write signal is in the address interval of any sub-encryption section, the data processing can be performed only after decryption is performed according to the read-write signal. If the operation address does not fall into the address interval of any sub-encryption section, the data processing can be directly carried out.
In some embodiments of the invention, the number of sub-encrypted segments is obtained by:
obtaining password region segmentation information according to a fusing result;
and determining the number of the sub-encryption sections according to the encryption area segmentation information.
The fuse block 100 has a plurality of fuse units, the fuse unit is blown to 0, and is not blown to 1, and one or more of the plurality of fuse units can be selected to represent the password region segmentation unit, and the blown result is used to represent the password region segmentation information. For example, the fuse module 100 has 32 fuse units, and the 32 fuse units are named as R31 to R0, wherein R25 and R24 are cipher area segmentation units. R25 and R24 are 11, which indicates that the encryption area is divided into 3 sub-encryption sections, 10 indicates that the encryption area is divided into 2 sub-encryption sections, 01 indicates that the encryption area is divided into 1 sub-encryption sections, and 00 indicates that there is no encryption area. It should be noted that the specific parameters mentioned above can be changed according to actual needs, and should not be construed as limiting the present invention.
In some embodiments of the invention, the address space of the encryption area is obtained by:
obtaining area address information according to a fusing result;
and determining the address interval of each sub-encryption section in the encryption area according to the area address information and the number of the sub-encryption sections.
The fuse module 100 has a plurality of fuse units, the fuse units are blown to 0 and not blown to 1, one or more of the plurality of fuse units can be selected to represent the area address unit, and the blowing result is divided into one or more groups to represent the area address information. For example, the fuse module 100 has 32 fuse units, and the 32 fuse units are named as R31 to R0, wherein R23 to R0 are area address units, and the blowing result is divided into 3 groups to represent area address information. R23-R20 are the upper 4 bits of the starting address of the sub-encryption section A, and R19-R16 are the upper 4 bits of the ending address of the sub-encryption section A; R15-R12 are the upper 4 bits of the starting address of the sub-encryption section B, and R11-R8 are the upper 4 bits of the ending address of the sub-encryption section B; R7-R4 are the upper 4 bits of the starting address of the sub-encryption section C, and R3-R0 are the upper 4 bits of the ending address of the sub-encryption section C.
Making the fusing result of 32 fuse units be "110000 10 0000 0001 0011 0101 0000 0000", which means that the encryption area is divided into two discontinuous sub-encryption sections, and the address range of the sub-encryption section A is 0x10000 to 0x00000; the address range of the sub-encryption section B is 0x50000 to 0x30000; there is no sub-encrypted section C.
It should be noted that the specific parameters mentioned above may be changed according to actual needs, and should not be construed as limiting the present invention.
In some embodiments of the present invention, the address space of the encryption area is further obtained by:
obtaining fuse decryption information according to the fusing result;
if the fuse decryption information is inconsistent with the preset valid configuration information, the full-section address interval of the fuse module 100 is determined as the address interval of the encryption area.
The fuse block 100 has a plurality of fuse units, the fuse unit is blown to 0 and not blown to 1, one or more of the plurality of fuse units can be selected to represent the fuse decryption unit, and the blown result is used to represent the fuse decryption information. For example, the fuse module 100 has 32 fuse units, and the 32 fuse units are named as R31 to R0, wherein R31 to R26 are fuse decryption units. The valid configuration information is preset to 110000, if R31-R26 are 110000, the fusing result of the remaining fuse units is valid, if R31-R26 are other values, the fusing result of the remaining fuse units is invalid, and at this time, the full-section address section of the fuse module 100 is determined to be the address section of the encryption area. It should be noted that the specific parameters mentioned above may be changed according to actual needs, and should not be construed as limiting the present invention.
In some embodiments of the present invention, referring to fig. 1, the data processing according to the read-write signal and the inclusion relation includes the following steps:
if the inclusion relation representation operation address is in the address interval of the encryption area, a decryption result obtained by decryption by the encryption and decryption module 600 is obtained according to the read-write signal;
and processing data according to the read-write signal and the decryption result.
The encryption area comprises one or more sub-encryption sections, and if the operation address of the read-write signal is in the address interval of any sub-encryption section, data processing can be performed only after decryption is performed according to the read-write signal. If the decryption is successful, a valid read-write signal is generated, so that data reading and writing are performed on the storage module 400 through the selector 700; if the decryption is unsuccessful, an invalid read-write signal is generated, and the memory module 400 fails to read and write. It should be noted that the structure and the encryption/decryption method of the encryption/decryption module 600 are not limited, and may be selected according to actual needs.
In some embodiments of the present invention, referring to fig. 1, the data processing according to the read-write signal and the inclusion relation further includes the following steps: and if the inclusion relation representation operation address is not in the address interval of the encryption area, performing data processing according to the read-write signal. If the operation address is not in the address interval of the encryption area, the accessed address is a public area, and the memory module 400 can be directly accessed to perform read-write operation on the memory module 400.
From the above description, in order to better embody the advantages of the data processing method for dynamically adjusting the encryption area according to the embodiment of the present invention, a specific example is described below.
The fuse module 100 is provided with 32 fuse units, the number of the fuse units is 0 when the fuse units are blown, the number of the fuse units is 1 when the fuse units are not blown, the 32 fuse units are respectively named as R31-R0, wherein R31-R26 are fuse decryption units, and the blowing result is used for representing fuse decryption information; r25 and R24 are cipher area segmentation units, and the fusing result is used for representing cipher area segmentation information; R23-R0 are area address units, and the fusing result is divided into 3 groups to represent area address information.
The encoding rule is as follows:
R31-R26 are 110000, which means the effective blowing result of the remaining fuse unit. R31-R26 are other values, the blowing results of the remaining fuse units are invalid, and at this time, the address interval of the whole section of the fuse module 100 is determined as the address interval of the encryption area.
R25 and R24 are 11, which indicates that the encryption area is divided into 3 sub-encryption sections, 10 indicates that the encryption area is divided into 2 sub-encryption sections, 01 indicates that the encryption area is divided into 1 sub-encryption sections, and 00 indicates that there is no encryption area.
R23-R20 are the upper 4 bits of the starting address of the sub-encryption section A, and R19-R16 are the upper 4 bits of the ending address of the sub-encryption section A; R15-R12 are the upper 4 bits of the starting address of the sub-encryption section B, and R11-R8 are the upper 4 bits of the ending address of the sub-encryption section B; R7-R4 are the upper 4 bits of the starting address of the sub-encryption section C, and R3-R0 are the upper 4 bits of the ending address of the sub-encryption section C.
Making the fusing result of 32 fuse units be "110000 10 0000 0001 0011 0101 0000 0000", which means that the encryption area is divided into two discontinuous sub-encryption sections, and the address range of the sub-encryption section A is 0x10000 to 0x00000; the address range of the sub-encryption section B is 0x50000 to 0x30000; there is no sub-encrypted section C. If the operation address of the write signal is 0x40000, the comparison shows that the operation address is in the address interval of the sub-encryption segment B, the write signal is processed by the encryption and decryption module 600, and if the decryption is successful, an effective write signal is generated, so that data is written into the memory module 400 through the selector 700; if the decryption is unsuccessful, an invalid write signal is generated and the memory module 400 fails to write.
This is explained below by another specific example.
The fuse module 100 is provided with 16 fuse units, the number of the fuse units is 0 when the fuse units are fused, the number of the fuse units is 1 when the fuse units are not fused, the 16 fuse units are named as R15-R0 respectively, wherein R15-R14 are fuse decryption units, and the fused result is used for representing fuse decryption information; r13 and R12 are cipher area segmentation units, and the fusing result is used for representing cipher area segmentation information; R11-R0 are regional address units, and the fusing result is divided into 2 groups to represent regional address information.
The encoding rule is as follows:
R15-R14 are 10, indicating that the blowing result of the remaining fuse unit is valid. R15-R14 are other values, the blowing results of the remaining fuse units are invalid, and at this time, the full-segment address interval of the fuse module 100 is determined as the address interval of the encryption area.
R13 and R12 are 11, and indicate that the address section of the encryption area is the full-section address section of the fuse module 100, 10 indicates that the encryption area is divided into 2-section sub-encryption sections, 01 indicates that the encryption area is divided into 1-section sub-encryption sections, and 00 indicates that there is no encryption area.
R11-R9 are the upper 3 bits of the initial address of the sub-encryption section A, and R8-R6 are the upper 3 bits of the end address of the sub-encryption section A; R5-R3 are the upper 3 bits of the starting address of the sub-encryption section B, and R2-R0 are the upper 3 bits of the ending address of the sub-encryption section B.
Making the fusing result of 16 fuse units be 10000 010 100 ", which means that the encryption area is divided into two discontinuous sub-encryption sections, and the address range of the sub-encryption section a is 0x20000 to 0x00000; the address range of the sub-encryption zone B is 0x70000 to 0x40000. If the operation address of the read signal is 0x30000, it can be seen by contrast that the operation address is not in the address interval of any one of the sub-encryption block a and the sub-encryption block B, the data in the memory module 400 is directly read according to the read signal.
It should be noted that, the parameter settings and the corresponding working processes in the above 2 specific examples can be adjusted according to actual needs, and should not be considered as limitations of the present invention.
The following will clearly and completely describe the data processing system with dynamically adjusted encryption areas according to the embodiments of the present invention with reference to fig. 1 and fig. 2, and it is obvious that the embodiments described below are some, but not all embodiments of the present invention.
The data processing system for dynamically adjusting the encryption area according to the embodiment of the second aspect of the invention comprises a read-write signal acquisition unit, an operation address determination unit, a containing relation determination unit and a data processing unit. A read-write signal acquisition unit for acquiring a read-write signal; an operation address determining unit for determining an operation address of the read-write signal; the containing relation determining unit is used for determining the containing relation between the address interval of the encryption area and the operation address; the encryption area comprises one or more sub-encryption sections, and the address interval of each sub-encryption section is determined according to the fusing result obtained after the fuse module 100 is fused; and the data processing unit is used for processing data according to the read-write signals and the inclusion relation.
The fuse module 100 is specifically configured to configure an encryption area, and in response to a fusing instruction, the fuse module 100 can be fused, the fused is 0, the unblown is 1, and an address interval of the encryption area can be obtained by decoding a fusing result, where the encryption area may be a continuous sub-encryption area or a plurality of discontinuous sub-encryption areas, and the number of the sub-encryption areas and the address interval of each sub-encryption area can be obtained according to the fusing result. It should be noted that the fusing may be described as 1 and the non-fusing may be described as 0, which should not be construed as limiting the present invention. In addition, the operation principle of fuse blowing is known in the prior art and will not be described herein.
The encryption area comprises one or more sub-encryption sections, and if the operation address of the read-write signal is in the address interval of any sub-encryption section, the data processing can be performed only after decryption is performed according to the read-write signal. If the operation address does not fall into the address interval of any sub-encryption section, the data processing can be directly carried out.
According to the data processing system with dynamically adjusted encryption areas, provided by the embodiment of the invention, the address interval of the encryption area can be set according to actual needs by fusing the fuse module 100, the encryption area can be a continuous sub-encryption area or a plurality of discontinuous sub-encryption areas, and the address interval of each sub-encryption area is determined according to the fusing result obtained after fusing the fuse module 100. The read-write signal can be acquired by the read-write signal acquisition unit. The operation address of the read/write signal can be determined by the operation address determination unit. The inclusion relation between the address range of the encryption area and the operation address can be determined by the inclusion relation determining unit. The data processing unit can process data according to the read-write signal and the inclusion relation. If the operation address is in the address interval of the encryption area, the data processing can be carried out only after decryption is carried out according to the read-write signal; if the operation address is not in the address interval of the encryption area, the data processing can be directly carried out. The data processing system for dynamically adjusting the encryption area can solve the problems that the encryption area of the existing chip can not be freely set according to actual needs, is not flexible enough and has low safety.
The following will clearly and completely describe the circuit structure for dynamically adjusting the encryption area according to the embodiment of the present invention with reference to fig. 1 and fig. 2, and it is obvious that the embodiment described below is a part of the embodiment of the present invention, and not all of the embodiments.
The circuit structure for dynamically adjusting the encryption area according to the third embodiment of the present invention includes a fuse module 100, a decoding module 200, an address comparison module 300, a storage module 400, and a main control module 500. The fuse module 100 is used for responding to a fusing instruction to fuse and obtain a fusing result; a decoding module 200, configured to decode the fusing result to determine an address interval of the encrypted area; an address comparison module 300, configured to determine an inclusion relationship between an address interval of the encryption area and an operation address of the read/write signal, and output a comparison result signal; a storage module 400 for storing data; the main control module 500 is configured to obtain the read-write signal, determine an operation address of the read-write signal, and process the data stored in the storage module 400 according to the comparison result signal and the read-write signal.
The fuse module 100 is dedicated to configuring the encryption area, and in response to a blowing instruction, the fuse module 100 may be blown, where the blowing is 0 and the unblown is 1. The decoding module 200 decodes the fusing result to obtain the address interval of the encrypted region, where the encrypted region may be a continuous sub-encrypted segment or a plurality of discontinuous sub-encrypted segments, and the number of sub-encrypted segments and the address interval of each sub-encrypted segment may be obtained according to the fusing result. It should be noted that the fusing may be described as 1 and the non-fusing may be described as 0, which should not be construed as limiting the present invention. In addition, the operation principle of fuse blowing is known in the prior art and will not be described herein.
The encryption area includes one or more sub-encryption sections, the address comparison module 300 may determine whether the operation address of the read/write signal is within the address range of the encryption area, and if the operation address is within the address range of any one sub-encryption section, the data in the storage module 400 may be processed only after being decrypted according to the read/write signal. If the operation address does not fall into the address range of any sub-encryption sector, the data in the storage module 400 can be directly processed.
It should be noted that the specific circuit structure of the above module is not limited herein as long as the relevant functions can be realized.
According to the circuit structure for dynamically adjusting the encryption area of the embodiment of the present invention, the fuse module 100 is blown in response to the blowing instruction, the address interval of the encryption area can be set as required, the encryption area can be a continuous sub-encryption section or a plurality of discontinuous sub-encryption sections, and the address interval of each sub-encryption section is determined by decoding, by the decoding module 200, the blowing result obtained after the fuse module 100 is blown. After the read-write signal is obtained, the address comparison module 300 may determine whether the operation address of the read-write signal is within the address interval of the encryption area, and output a comparison result signal, and the main control module 500 may perform data processing according to the read-write signal and the comparison result signal. If the operation address is in the address interval of the encryption area, the data stored in the storage module 400 can be processed only after being decrypted according to the read-write signal; if the operation address is not within the address range of the encryption area, the data stored in the storage module 400 can be directly processed. The circuit structure for dynamically adjusting the encryption area can solve the problems that the encryption area of the existing chip can not be freely set according to actual needs, is not flexible enough and has low safety.
In some embodiments of the present invention, referring to fig. 1, further comprising an encryption/decryption module 600 and a selector 700. The encryption and decryption module 600 is connected with the main control module 500 and used for decrypting according to the read-write signal to obtain a decryption result; the selector 700 has a first input terminal connected to the encryption/decryption module 600, a second input terminal connected to the main control module 500, a selection control terminal connected to the address comparison module 300, and a selection output terminal connected to the storage module 400.
The selection control end of the selector 700 is configured to receive the comparison result signal, if the comparison result signal indicates that the operation address is within the address interval of any one of the sub-encryption sections, the encryption/decryption module 600 needs to decrypt according to the read/write signal, and if decryption is successful, an effective read/write signal is generated, and the first input end of the selector 700 receives the effective read/write signal to read and write data from the storage module 400; if the decryption is unsuccessful, an invalid read/write signal is generated, and the memory module 400 fails to read or write. If the comparison result signal indicates that the operation address is not in the address interval of the encryption area, the accessed address is a public area, and the read-write signal sent by the main control module 500 can be received through the second input end of the selector 700, so that the memory module 400 is directly accessed, and the read-write operation is performed on the memory module 400. It should be noted that the structure and the encryption/decryption method of the encryption/decryption module 600 are not limited, and may be selected according to actual needs.
In addition, the main control module 500 of the embodiment of the present invention includes: a memory, a processor, and a computer program stored on the memory and executable on the processor. The processor and memory may be connected by a bus or other means.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and these remote memories may be connected to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The non-transitory software program and instructions required to implement the data processing method for dynamic adjustment of encryption area of the above-described embodiment are stored in a memory, and when executed by a processor, perform the data processing method for dynamic adjustment of encryption area of the above-described embodiment.
The above-described embodiments of the apparatus are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may also be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, the fourth embodiment of the present invention further provides a computer-readable storage medium, which stores computer-executable instructions, which are executed by a processor or a controller, for example, by the processor of the main control module 500, and can enable the processor to execute the data processing method for dynamically adjusting the encryption area in the foregoing embodiment.
It will be understood by those of ordinary skill in the art that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, or suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as is well known to those skilled in the art.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.

Claims (8)

1. A data processing method for dynamically adjusting an encryption area is characterized by comprising the following steps:
acquiring a read-write signal;
determining an operation address of the read-write signal;
determining the inclusion relation between the address interval of the encryption area and the operation address; the encryption area comprises one or more sub-encryption sections, and the address interval of each sub-encryption section is determined according to a fusing result obtained after the fuse module is fused;
the number of sub-encrypted sections is obtained by the following steps: obtaining password region segmentation information according to the fusing result; determining the number of the sub-encryption sections according to the password area segmentation information;
the address interval of the encryption area is obtained by the following steps: obtaining area address information according to the fusing result; determining an address interval of each sub-encryption section in the encryption area according to the area address information and the number of the sub-encryption sections;
and processing data according to the read-write signal and the inclusion relation.
2. The data processing method for dynamic adjustment of encryption area according to claim 1, wherein the address interval of the encryption area is further obtained by the following steps:
obtaining fuse decryption information according to the fusing result;
and if the fuse decryption information is inconsistent with the preset effective configuration information, determining the full-section address interval of the fuse module as the address interval of the encryption area.
3. The data processing method for dynamically adjusting encryption areas according to claim 1, wherein the data processing according to the read/write signals and the inclusion relation comprises the following steps:
if the inclusion relation represents that the operation address is in the address interval of the encryption area, acquiring a decryption result obtained by decryption by an encryption and decryption module according to the read-write signal;
and processing data according to the read-write signal and the decryption result.
4. The data processing method for dynamically adjusting encryption areas according to claim 3, wherein the data processing is performed according to the read/write signals and the inclusion relationship, further comprising the steps of:
and if the inclusion relation represents that the operation address is not in the address interval of the encryption area, performing data processing according to the read-write signal.
5. A data processing system with dynamic adjustment of encryption zones, comprising:
a read-write signal acquisition unit for acquiring a read-write signal;
an operation address determining unit, configured to determine an operation address of the read/write signal;
the containing relation determining unit is used for determining the containing relation between the address interval of the encryption area and the operation address; the encryption area comprises one or more sub-encryption sections, and the address interval of each sub-encryption section is determined according to a fusing result obtained after the fuse module is fused; the number of sub-encrypted sections is obtained by the following steps: obtaining password region segmentation information according to the fusing result; determining the number of the sub-encryption sections according to the password area segmentation information; the address interval of the encryption area is obtained by the following steps: obtaining area address information according to the fusing result; determining an address interval of each sub-encryption section in the encryption area according to the area address information and the number of the sub-encryption sections;
and the data processing unit is used for processing data according to the read-write signal and the inclusion relation.
6. A circuit structure for dynamically adjusting encryption regions, comprising:
the fuse module is used for responding to a fusing instruction to fuse to obtain a fusing result;
the decoding module is used for decoding the fusing result to determine an address interval of an encryption area; the encryption area comprises one or more sub-encryption sections, and the number of the sub-encryption sections is determined according to the cipher area segmentation information obtained by using the fusing result; the address interval of each sub-encryption section in the encryption area is determined according to area address information obtained by using the fusing result and the number of the sub-encryption sections;
the address comparison module is used for determining the inclusion relation between the address interval of the encryption area and the operation address of the read-write signal and outputting a comparison result signal;
the storage module is used for storing data;
the main control module is used for acquiring the read-write signal, determining the operation address of the read-write signal and processing the data stored in the storage module according to the comparison result signal and the read-write signal.
7. The circuit structure for dynamically adjusting encryption regions according to claim 6, further comprising:
the encryption and decryption module is connected with the main control module and used for decrypting according to the read-write signal to obtain a decryption result;
the selector is provided with a first input end, a second input end, a selection control end and a selection output end, the first input end is connected with the encryption and decryption module, the second input end is connected with the main control module, the selection control end is connected with the address comparison module, and the selection output end is connected with the storage module.
8. A computer-readable storage medium storing computer-executable instructions for performing the data processing method for dynamically adjusting encryption areas according to any one of claims 1 to 4.
CN202210977966.5A 2022-08-16 2022-08-16 Data processing method, system and circuit structure for dynamically adjusting encryption area Active CN115062352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210977966.5A CN115062352B (en) 2022-08-16 2022-08-16 Data processing method, system and circuit structure for dynamically adjusting encryption area

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210977966.5A CN115062352B (en) 2022-08-16 2022-08-16 Data processing method, system and circuit structure for dynamically adjusting encryption area

Publications (2)

Publication Number Publication Date
CN115062352A CN115062352A (en) 2022-09-16
CN115062352B true CN115062352B (en) 2022-12-02

Family

ID=83207785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210977966.5A Active CN115062352B (en) 2022-08-16 2022-08-16 Data processing method, system and circuit structure for dynamically adjusting encryption area

Country Status (1)

Country Link
CN (1) CN115062352B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1346130A (en) * 2000-09-28 2002-04-24 株式会社东芝 Non-volatile semiconductor memory
CN110825672A (en) * 2014-06-16 2020-02-21 德州仪器公司 High performance autonomous hardware engine for online cryptographic processing
US10916327B1 (en) * 2019-08-05 2021-02-09 Micron Technology, Inc. Apparatuses and methods for fuse latch and match circuits
CN114127678A (en) * 2019-06-19 2022-03-01 美光科技公司 Speculative section selection within a memory device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1640844A1 (en) * 2004-09-27 2006-03-29 STMicroelectronics Limited Secure OTP using external memory
DE112010005842T8 (en) * 2010-10-05 2014-07-17 Hewlett-Packard Development Company, L.P. Scrambling an address and encrypting write data for storage in a storage device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1346130A (en) * 2000-09-28 2002-04-24 株式会社东芝 Non-volatile semiconductor memory
CN110825672A (en) * 2014-06-16 2020-02-21 德州仪器公司 High performance autonomous hardware engine for online cryptographic processing
CN114127678A (en) * 2019-06-19 2022-03-01 美光科技公司 Speculative section selection within a memory device
US10916327B1 (en) * 2019-08-05 2021-02-09 Micron Technology, Inc. Apparatuses and methods for fuse latch and match circuits

Also Published As

Publication number Publication date
CN115062352A (en) 2022-09-16

Similar Documents

Publication Publication Date Title
US8533856B2 (en) Secure compact flash
US8161287B2 (en) Method and system for memory protection and security using credentials
CN106657052B (en) Access management method and system for stored data
JP3638770B2 (en) Storage device with test function
KR20010034283A (en) Storage device, encrypting/decrypting device, and method for accessing nonvolatile memory
JP2008502039A (en) Security module components
US11550474B2 (en) Data storage device and method for rewriting parameters thereof
CN115062352B (en) Data processing method, system and circuit structure for dynamically adjusting encryption area
EP1640844A1 (en) Secure OTP using external memory
CN113608602A (en) Reset method and device of system on chip
US20210342076A1 (en) Method for accessing one-time-programmable memory and associated circuitry
JP4665635B2 (en) Authentication data storage method
CN100507831C (en) Method and apparatus for program execute
WO2010061562A1 (en) Information updating device and integrated circuit thereof, information updating method, and recording device and integrated circuit thereof
JP2861063B2 (en) Individual reception method of mass media information by radio wave
CN111340168B (en) Method, device and system for locking, unlocking and password clearing based on memory card
CN220359171U (en) Safety encryption system for Internet of vehicles
CN114329361B (en) Storage device and data reading method
CN114356233A (en) NVME disk locking realization method, device, equipment and medium
WO2024066533A1 (en) Chip assembly and information processing method thereof, and computer readable medium
US10754548B2 (en) Data storage device and method for rewriting parameters thereof
CN114115755B (en) Method and device for data writing and storage medium
US11588634B2 (en) Storage device and controlling method
KR101659396B1 (en) Method for Processing Security between RF Writer and Reader
US20220075535A1 (en) Recording control system, control device, recording control method, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant