CN116795741B - Method and system for preventing memory data from being deleted and tampered - Google Patents
Method and system for preventing memory data from being deleted and tampered Download PDFInfo
- Publication number
- CN116795741B CN116795741B CN202311089983.6A CN202311089983A CN116795741B CN 116795741 B CN116795741 B CN 116795741B CN 202311089983 A CN202311089983 A CN 202311089983A CN 116795741 B CN116795741 B CN 116795741B
- Authority
- CN
- China
- Prior art keywords
- memory
- encryption chip
- soc
- protection
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012217 deletion Methods 0.000 claims abstract description 37
- 230000037430 deletion Effects 0.000 claims abstract description 37
- 230000008569 process Effects 0.000 claims abstract description 34
- 230000002265 prevention Effects 0.000 claims abstract description 9
- 238000012986 modification Methods 0.000 claims description 9
- 230000004048 modification Effects 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 8
- 238000007726 management method Methods 0.000 claims description 8
- 230000003993 interaction Effects 0.000 claims description 6
- 230000002452 interceptive effect Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 abstract description 12
- 238000013507 mapping Methods 0.000 abstract description 3
- 238000004590 computer program Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 11
- 238000004519 manufacturing process Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 4
- 239000012141 concentrate Substances 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000012356 Product development Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
- G06F3/0632—Configuration or reconfiguration of storage systems by initialisation or re-initialisation of storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0643—Management of files
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The application provides a memory data deletion and tampering prevention method and a system, wherein an initialization flow realizes the binding relation between an SOC and an encryption chip; the heartbeat process starts the write protection initialization of the protection memory; the file operation flow realizes the success of write protection initialization; the unlocking process realizes single unlocking. Through independently designing and developing the controller, the protection memory with the write protection function is customized while the read function of the universal controller is compatible; the method specifically comprises the steps of encrypting and mapping to the protection memory through an algorithm, so that the security can be ensured even if the memory is sliced.
Description
Technical Field
The application relates to the technical field of data storage security, in particular to a method and a system for preventing memory data from being deleted and tampered.
Background
When data storage is carried out in the data storage, the specific process is as follows: inside the eMMC, a NANDFlash chip (Flash memory array) and a DeviceController chip (eMMC controller) are packaged together. The eMMC (EmbeddedMultiMediaCard) is an embedded memory standard for products such as mobile phones and tablet computers, which is defined by the MMC society. The eMMC integrates a controller in the package, provides a standard interface and manages the flash memory so that the handset manufacturer can concentrate on other parts of the product development and shorten the time to market out the product. The eMMC controller is responsible for managing the memory and provides a standard interface, so that the eMMC can automatically adjust the working modes of the host and the slave without handling other complicated NANDFlash compatibility and management problems, and meanwhile, the controller is a linking medium between other applications and the multimedia bus, and can complete protocol conversion before the application bus and the standard multimedia bus.
The eMMC integrates a FlashController inside the eMMC for completing functions such as erasure equalization, bad block management, ECC verification, etc. Compared with the method that NANDflash is directly connected to the Host, the eMMC shields the physical characteristics of NANDflash, can reduce the complexity of software of the Host, enables the Host to concentrate on upper-layer business, and omits special processing of NANDflash.
The conventional eMMC is a general device, and a user can use a general emmm cdriver to read and write data by communicating with HostProcessor (SOC) through SDIO. The traditional data encryption mode is to encrypt data through an encryption chip and store the encrypted data into the eMMC. The data stored in eMMC is encrypted data. The read-write protection of the eMMC memory is realized through the SOC, namely, the encryption data writing of the eMMC is controlled through the SOC; however, this process has a drawback in that if eMMC is detached and welded to another general SOC, data can be read and written arbitrarily; the purpose of preventing the data from being tampered and deleted cannot be achieved.
Disclosure of Invention
The application mainly aims to provide a method and a system for preventing memory data from being deleted and tampered, which solve the problem that a data memory cannot realize the technology of preventing the data from being tampered and deleted.
In order to solve the technical problems, the application adopts the following technical scheme: a memory data deletion and tampering prevention method comprises the following steps:
s1, initializing a process, and forming a binding relation between the SOC and the encryption chip;
s2, a heartbeat flow, namely, a heartbeat message is generated by the SOC, a return heartbeat message from the encryption chip is received, and whether the heartbeat message is legal or not is judged according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
s3, the file operation flow, namely sending a request initialization message to the encryption chip by the SOC, returning the request initialization message, and then sending the lock-free writing area to the protection memory;
s4, an unlocking process, namely sending a single unlocking instruction to the encryption chip by the SOC, receiving a single unlocking message from the encryption chip, then sending a non-locking writing area to the protection memory, opening the protection memory, and performing file reading and writing operation after the unlocking is successful.
In a preferred embodiment, the S1 specifically includes: the eMMC controller and the encryption chip are subjected to prepositive interactive binding, and when the encryption chip leaves the memory, only data can be read out, and data deletion or modification cannot be performed.
In a preferred embodiment, the S1 specifically includes:
s11, adding a GPS (global positioning system) into the encryption chip to perform real-time positioning time to form message timing, and sending a message Wen Jiaoshi to an MCU (micro control unit) of the SOC; GPS real-time positioning time is introduced into the encryption chip, so that unlocking is prevented by adopting a data replay mode;
s12, the SOC sends a communication initialization instruction and a lifecycle acquisition instruction to the encryption chip, and receives a return lifecycle instruction from the encryption chip;
s13, judging whether the life cycle is 2, if so, proceeding to the next step.
In a preferred embodiment, the step S13 specifically includes:
judging whether the life cycle is 2, if not, setting the life cycle to 2 in the SOC, sending the life cycle to the encryption chip, and then, when the returned life cycle from the encryption chip is 2, carrying out the next step.
In a preferred embodiment, the S2 specifically includes: if not, repeating the heartbeat process described in the step S2 until the heartbeat process is legal, and then carrying out the next step.
In a preferred embodiment, the step S4 specifically includes: when the memory is formatted under the condition of unlocking failure or unlocking failure, the write protection of the protection memory is in an open state, and data cannot be written in;
after the eMMC chip is physically detached, the control instruction of the SOC needs to be unlocked with the encryption chip in an encryption interaction single time, and related operations such as formatting and the like cannot be performed on the data storage chip, so that deletion and tamper prevention of the data are realized.
In a preferred embodiment, the step S3 specifically includes:
after the protection memory is initialized in a write-protection way, the WPD content is read to the SOC, and the SOC sends a request initialization message to the encryption chip.
The application also provides a memory data deletion and tampering preventing system, which comprises an encryption chip, an SOC and a protection memory;
in the initialization stage, the SOC and the encryption chip form a binding relation;
in the heartbeat process stage, the SOC generates a heartbeat message, receives a return heartbeat message from the encryption chip, and judges whether the heartbeat message is legal or not according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
in the file operation flow stage, after the SOC sends a request initialization message to the encryption chip and returns the request initialization message, the SOC sends the lock-free writing area to the protection memory;
in the unlocking stage, the SOC sends a single unlocking instruction to the encryption chip, receives a single unlocking message from the encryption chip, then sends a non-locking writing area to the protection memory, and the protection memory is successfully unlocked at this time, so that file reading and writing operations can be performed.
In a preferred scheme, the electronic equipment is further included, and the electronic equipment comprises a memory and a processor;
the processor is used for realizing the steps of the method for preventing the deletion and tampering of the memory data when executing the computer management program stored in the memory.
In a preferred embodiment, the method includes a computer-readable storage medium having a computer management class program stored thereon;
the computer management class program realizes the steps of the memory data deletion and tampering prevention method when being executed by a processor.
The application provides a method and a system for preventing memory data from being deleted and tampered, and the method and the system for preventing memory data from being deleted and tampered comprise four processes: the initialization process realizes the binding relation between the SOC and the encryption chip; the heartbeat process starts the write protection initialization of the protection memory; the file operation flow realizes the success of write protection initialization; the unlocking process realizes single unlocking. Through independently designing and developing the controller, the protection memory with the write protection function is customized while the read function of the universal controller is compatible; the method specifically comprises the steps of encrypting and mapping to the protection memory through an algorithm, so that the security can be ensured even if the memory is sliced.
Drawings
The application is further illustrated by the following examples in conjunction with the accompanying drawings:
FIG. 1 is a flow chart of a method for preventing deletion and tampering of memory data according to the present application;
FIG. 2 is a schematic diagram of a hardware structure of an electronic device according to the present application;
FIG. 3 is a schematic diagram of a hardware architecture of a computer readable storage medium of the present application;
fig. 4 is a schematic diagram of interaction control of read-write commands provided by the present application.
Detailed Description
Example 1
As shown in fig. 1 to 3, a method for preventing deletion and tampering of memory data includes the following steps:
s1, initializing a process, and forming a binding relation between the SOC and the encryption chip;
s2, a heartbeat flow, namely, a heartbeat message is generated by the SOC, a return heartbeat message from the encryption chip is received, and whether the heartbeat message is legal or not is judged according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
s3, the file operation flow, namely sending a request initialization message to the encryption chip by the SOC, returning the request initialization message, and then sending the lock-free writing area to the protection memory;
s4, an unlocking process, namely sending a single unlocking instruction to the encryption chip by the SOC, receiving a single unlocking message from the encryption chip, then sending a non-locking writing area to the protection memory, opening the protection memory, and performing file reading and writing operation after the unlocking is successful.
In a preferred embodiment, the S1 specifically includes: the eMMC controller and the encryption chip are subjected to prepositive interactive binding, and when the encryption chip leaves the memory, only data can be read out, and data deletion or modification cannot be performed.
In a preferred embodiment, the S1 specifically includes:
s11, adding a GPS (global positioning system) into the encryption chip to perform real-time positioning time to form message timing, and sending a message Wen Jiaoshi to an MCU (micro control unit) of the SOC;
s12, the SOC sends a communication initialization instruction and a lifecycle acquisition instruction to the encryption chip, and receives a return lifecycle instruction from the encryption chip;
s13, judging whether the life cycle is 2, if so, proceeding to the next step.
Life cycle (life cycle): the whole process of recorder equipment from production, delivery, preassembly, installation, operation, maintenance and scrapping refers to the whole stage of creating, operating and destroying a component, and the emphasis is on a time period.
In the application, the following components are added: lifecycle 1 is the default state, and is still in the uninitialized binding state, and the lifecycle after binding is 2.
The life cycle of the application is as follows: the 00H chip does not perform key injection and information initialization; 01H, the chip leaves the factory, the recorder number has been allocated; 02H recorder production (maintenance) inspection stage; after 03H recorder production (maintenance), leaving factory to be assembled; 04H preinstalled state, VIN can be set; 05H, mounting and preparing, wherein VIN and license plate numbers can be set; 06H, mounting and self-checking; 07H formal operating state; OFH scrapped/taken out status.
In a preferred embodiment, the step S13 specifically includes:
judging whether the life cycle is 2, if not, setting the life cycle to 2 in the SOC, sending the life cycle to the encryption chip, and then, when the returned life cycle from the encryption chip is 2, carrying out the next step.
In a preferred embodiment, the S2 specifically includes: if not, repeating the heartbeat process described in the step S2 until the heartbeat process is legal, and then carrying out the next step.
In a preferred embodiment, the step S4 specifically includes: when the memory is formatted in case of unlocking failure or unlocking failure, the write protection of the protection memory is in an on state, and data cannot be written.
In a preferred embodiment, the step S3 specifically includes:
after the protection memory is initialized in a write-protection way, the WPD content is read to the SOC, and the SOC sends a request initialization message to the encryption chip.
Example 2
Further describing with embodiment 1, as shown in the structures of fig. 1-4, fig. 1 is a method for preventing deletion and tampering of memory data, provided by the application, comprising the following steps:
s1, initializing a process, and forming a binding relation between the SOC and the encryption chip; in a specific scheme, the eMMC controller (SOC) realizes pre-interactive binding with the encryption chip, and only data can be read out after the encryption chip leaves the memory, so that data deletion and modification cannot be performed. Therefore, the encryption chip and the memory are deeply bound, and the memory is effectively prevented from being modified or deleted after being disassembled. The data security memory and the equipment are bound in a factory.
S2, a heartbeat flow, namely, a heartbeat message is generated by the SOC, a return heartbeat message from the encryption chip is received, and whether the heartbeat message is legal or not is judged according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization; if not, repeating the heartbeat process described in the step S2 until the heartbeat process is legal, and then carrying out the next step.
S3, the file operation flow, the SOC sends a request initialization message to the encryption chip, returns the request initialization message, and sends the lock-free writing area to the protection memory; after the protection memory performs write protection initialization, the WPD content is read to the SOC, and the SOC sends a request initialization message to the encryption chip.
S4, in the unlocking process, the SOC sends a single unlocking instruction to the encryption chip and receives a single unlocking message from the encryption chip, then sends a non-locking writing area to the protection memory, and the protection memory is successfully unlocked at this time, so that file reading and writing operations can be performed. When the memory is formatted in case of unlocking failure or unlocking failure, the write protection of the protection memory is in an on state, and data cannot be written. After the eMMC chip is physically detached, the control instruction of the SOC needs to be unlocked with the encryption chip in an encryption interaction single time, and related operations such as formatting and the like cannot be performed on the data storage chip, so that deletion and tamper prevention of the data are realized.
The memory uses encryption instructions when recording the relevant encrypted data to be protected. When an lawbreaker breaks through a data replay mode, the data storage judges that the instruction time and the equipment are earlier than the current time of the equipment, and the data writing and the deletion tampering failure are caused by the fact that the replay instruction has no latest time; the GPS real-time positioning time is introduced into the encryption chip, so that unlocking is prevented by adopting a data replay mode. In the unlocked case, the device is formatted and write-protected on cannot be written to. That is, after the eMMC chip is physically detached, the control needs to be unlocked with the encryption chip in a single time through encryption interaction, and the data storage chip cannot be formatted, so that data deletion and tamper prevention can be realized. In the event of an accident, the data of the equipment can be directly read, and the authority of the data is ensured because the protection function is opened.
In the preferred scheme, the eMMC controller and the encryption chip are subjected to prepositive interactive binding, and when the encryption chip leaves the memory, only data can be read out, and data deletion or modification cannot be performed. Thus, even if the memory is physically decomposed, the function that the internal data cannot be deleted and tampered can be realized.
S11, adding a GPS (global positioning system) into an encryption chip to perform real-time positioning time to form message timing, and sending a message Wen Jiaoshi to an MCU (micro control unit) of the SOC; GPS real-time positioning time is introduced into the encryption chip, and unlocking is prevented by adopting a data replay mode.
S12, the SOC sends a communication initialization instruction and a lifecycle acquisition instruction to the encryption chip, and receives a return lifecycle instruction from the encryption chip;
s13, judging whether the life cycle is 2, if so, proceeding to the next step. If not, setting the life cycle in the SOC as 2, sending the life cycle to the encryption chip, and then, when receiving the return life cycle from the encryption chip as 2, carrying out the next step. Life cycle (life cycle): the whole process of recorder equipment from production, delivery, preassembly, installation, operation, maintenance and scrapping refers to the whole stage of creating, operating and destroying a component, and the emphasis is on a time period.
In the application, the following components are added: lifecycle 1 is the default state, and is still in the uninitialized binding state, and the lifecycle after binding is 2.
The eMMC controller in the SOC realizes the pre-interactive binding with the encryption chip, and only data reading is needed when the encryption chip leaves the encryption chip, so that data deletion and modification cannot be performed.
The preferred scheme, as shown in fig. 4, is used to take care of the core functions of eMMC instruction formulation, logical-to-physical mapping, NANDFlash management, etc. by customizing the flash translation layer (FTL, flashTranslationLayer). Under the condition of being compatible with a general protocol, the controller performs security interaction before reading and writing instructions, so that the controller is safe.
Example 3
Further described in connection with examples 1-2, as shown in figures 1-4,
the application also provides a memory data deletion and tampering preventing system, which comprises an encryption chip, an SOC and a protection memory;
in the initialization stage, the SOC and the encryption chip form a binding relation;
in the heartbeat process stage, the SOC generates a heartbeat message, receives a return heartbeat message from the encryption chip, and judges whether the heartbeat message is legal or not according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
in the file operation flow stage, after the SOC sends a request initialization message to the encryption chip and returns the request initialization message, the SOC sends the lock-free writing area to the protection memory;
in the unlocking stage, the SOC sends a single unlocking instruction to the encryption chip, receives a single unlocking message from the encryption chip, then sends a non-locking writing area to the protection memory, and the protection memory is successfully unlocked at this time, so that file reading and writing operations can be performed.
The embodiment of the application also provides a memory data deletion and tampering preventing system which is used for realizing the memory data deletion and tampering preventing method, and comprises an encryption chip, an SOC and a protection memory;
in the initialization stage, the SOC and the encryption chip form a binding relation;
in the heartbeat process stage, the SOC generates a heartbeat message, receives a return heartbeat message from the encryption chip, and judges whether the heartbeat message is legal or not according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
in the file operation flow stage, after the SOC sends a request initialization message to the encryption chip and returns the request initialization message, the SOC sends the lock-free writing area to the protection memory;
in the unlocking stage, the SOC sends a single unlocking instruction to the encryption chip, receives a single unlocking message from the encryption chip, then sends a non-locking writing area to the protection memory, and the protection memory is successfully unlocked at this time, so that file reading and writing operations can be performed.
Example 4
Further described in connection with embodiments 1-3, the structure as shown in FIGS. 1-4 further includes an electronic device including a memory, a processor;
the processor is used for realizing the steps of the method for preventing the deletion and tampering of the memory data when executing the computer management program stored in the memory.
Fig. 2 is a schematic diagram of an embodiment of an electronic device according to an embodiment of the present application. As shown in fig. 2, an embodiment of the present application provides an electronic device, including a memory 1310, a processor 1320, and a computer program 1311 stored in the memory 1310 and executable on the processor 1320, wherein the processor 1320 executes the computer program 1311 to implement the following steps: s1, initializing a process, and forming a binding relation between the SOC and the encryption chip;
s2, a heartbeat flow, namely, a heartbeat message is generated by the SOC, a return heartbeat message from the encryption chip is received, and whether the heartbeat message is legal or not is judged according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
s3, the file operation flow, the SOC sends a request initialization message to the encryption chip, returns the request initialization message, and sends the lock-free writing area to the protection memory;
s4, in the unlocking process, the SOC sends a single unlocking instruction to the encryption chip and receives a single unlocking message from the encryption chip, then sends a non-locking writing area to the protection memory, and the protection memory is successfully unlocked at this time, so that file reading and writing operations can be performed.
Example 5
Further described in connection with embodiments 1-4, the structure shown in FIGS. 1-4 includes a computer-readable storage medium having a computer-management-class program stored thereon;
the computer management class program realizes the steps of the memory data deletion and tampering prevention method when being executed by a processor.
Fig. 3 is a schematic diagram of an embodiment of a computer readable storage medium according to the present application. As shown in fig. 3, the present embodiment provides a computer-readable storage medium 1400 having stored thereon a computer program 1411, which computer program 1411, when executed by a processor, performs the steps of: s1, initializing a process, and forming a binding relation between the SOC and the encryption chip;
s2, a heartbeat flow, namely, a heartbeat message is generated by the SOC, a return heartbeat message from the encryption chip is received, and whether the heartbeat message is legal or not is judged according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
s3, the file operation flow, the SOC sends a request initialization message to the encryption chip, returns the request initialization message, and sends the lock-free writing area to the protection memory;
s4, in the unlocking process, the SOC sends a single unlocking instruction to the encryption chip and receives a single unlocking message from the encryption chip, then sends a non-locking writing area to the protection memory, and the protection memory is successfully unlocked at this time, so that file reading and writing operations can be performed.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and for those portions of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
The above embodiments are only preferred embodiments of the present application, and should not be construed as limiting the present application, and the scope of the present application should be defined by the claims, including the equivalents of the technical features in the claims. I.e., equivalent replacement modifications within the scope of this application are also within the scope of the application.
Claims (8)
1. A memory data deletion and tampering preventing method is characterized in that: the method comprises the following steps:
s1, initializing a process, and forming a binding relation between the SOC and the encryption chip;
s2, a heartbeat flow, namely, a heartbeat message is generated by the SOC, a return heartbeat message from the encryption chip is received, and whether the heartbeat message is legal or not is judged according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
s3, the file operation flow, namely sending a request initialization message to the encryption chip by the SOC, returning the request initialization message, and then sending the lock-free writing area to the protection memory;
s4, an unlocking flow, namely sending a single unlocking instruction to the encryption chip by the SOC, receiving a single unlocking message from the encryption chip, then sending a non-locking writing area to the protection memory, opening the protection memory, and performing file reading and writing operation after the unlocking is successful;
the S1 specifically comprises the following steps:
s11, adding a GPS (global positioning system) into the encryption chip to perform real-time positioning time to form message timing, and sending a message Wen Jiaoshi to an MCU (micro control unit) of the SOC; GPS real-time positioning time is introduced into the encryption chip, so that unlocking is prevented by adopting a data replay mode;
s12, the SOC sends a communication initialization instruction and a lifecycle acquisition instruction to the encryption chip, and receives a return lifecycle instruction from the encryption chip;
s13, judging whether the life cycle is 2, if so, performing the next step;
the step S13 specifically comprises the following steps:
judging whether the life cycle is 2, if not, setting the life cycle to 2 in the SOC, sending the life cycle to the encryption chip, and then, when the returned life cycle from the encryption chip is 2, carrying out the next step.
2. The method for preventing deletion and tampering of memory data according to claim 1, wherein: the S1 specifically comprises the following steps: the eMMC controller and the encryption chip are subjected to prepositive interactive binding, and when the encryption chip leaves the memory, only data can be read out, and data deletion or modification cannot be performed.
3. The method for preventing deletion and tampering of memory data according to claim 1, wherein: the step S2 specifically comprises the following steps: if not, repeating the heartbeat process described in the step S2 until the heartbeat process is legal, and then carrying out the next step.
4. The method for preventing deletion and tampering of memory data according to claim 1, wherein: the step S4 specifically comprises the following steps: when the memory is formatted under the condition of unlocking failure or unlocking failure, the write protection of the protection memory is in an open state, and data cannot be written in;
after the eMMC chip is physically detached, the control instruction of the SOC needs to be unlocked with the encryption chip in an encryption interaction single time, and related operations such as formatting and the like cannot be performed on the data storage chip, so that deletion and tamper prevention of the data are realized.
5. The method for preventing deletion and tampering of memory data according to claim 1, wherein: the step S3 specifically comprises the following steps:
after the protection memory is initialized in a write-protection way, the WPD content is read to the SOC, and the SOC sends a request initialization message to the encryption chip.
6. A memory data deletion and tampering preventing system based on a memory data deletion and tampering preventing method is characterized in that: the system comprises an encryption chip, an SOC and a protection memory;
in the initialization stage, the SOC and the encryption chip form a binding relation;
in the heartbeat process stage, the SOC generates a heartbeat message, receives a return heartbeat message from the encryption chip, and judges whether the heartbeat message is legal or not according to rules in the binding relation; if the protection memory is legal, starting the protection memory to perform write protection initialization;
in the file operation flow stage, after the SOC sends a request initialization message to the encryption chip and returns the request initialization message, the SOC sends the lock-free writing area to the protection memory;
in the unlocking stage, the SOC sends a single unlocking instruction to the encryption chip, receives a single unlocking message from the encryption chip, then sends a non-locking writing area to the protection memory, and the protection memory is successfully unlocked at this time, so that file reading and writing operations can be performed.
7. The memory data deletion-resistant tamper system based on the memory data deletion-resistant tamper method as set forth in claim 6, wherein: the electronic equipment comprises a memory and a processor;
the processor is used for realizing the steps of the method for preventing the deletion and tampering of the memory data when executing the computer management program stored in the memory.
8. The memory data deletion-resistant tamper system based on the memory data deletion-resistant tamper method as set forth in claim 6, wherein: comprises a computer readable storage medium for storing thereon a computer management class program;
the computer management class program realizes the steps of the memory data deletion and tampering prevention method when being executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311089983.6A CN116795741B (en) | 2023-08-28 | 2023-08-28 | Method and system for preventing memory data from being deleted and tampered |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311089983.6A CN116795741B (en) | 2023-08-28 | 2023-08-28 | Method and system for preventing memory data from being deleted and tampered |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116795741A CN116795741A (en) | 2023-09-22 |
| CN116795741B true CN116795741B (en) | 2023-11-10 |
Family
ID=88040102
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311089983.6A Active CN116795741B (en) | 2023-08-28 | 2023-08-28 | Method and system for preventing memory data from being deleted and tampered |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116795741B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101751273A (en) * | 2008-12-15 | 2010-06-23 | 中国科学院声学研究所 | Safety guide device and method for embedded system |
| CN106295404A (en) * | 2015-06-17 | 2017-01-04 | 北京虎符科技有限公司 | Integrated SOC based on security kernel |
| CN106572106A (en) * | 2016-11-07 | 2017-04-19 | 福建星海通信科技有限公司 | Method of transmitting message between TBOX terminal and TSP platform |
| CN107729777A (en) * | 2017-09-28 | 2018-02-23 | 山东华芯半导体有限公司 | A kind of safety encryption solid-state storage method |
| CN108260022A (en) * | 2017-12-04 | 2018-07-06 | 南京超聚通信科技有限公司 | A kind of broadband hybrid network and its operation method based on the unidirectional HFC accesses net of broadcasting and TV |
| CN111444528A (en) * | 2020-03-31 | 2020-07-24 | 海信视像科技股份有限公司 | Data security protection method, device and storage medium |
| CN112269547A (en) * | 2020-10-26 | 2021-01-26 | 武汉轻工大学 | Active and controllable hard disk data deleting method and device without operating system |
| CN112702417A (en) * | 2020-12-21 | 2021-04-23 | 四川长虹电器股份有限公司 | Method for preventing replay of edge calculation message |
| CN113806811A (en) * | 2021-07-16 | 2021-12-17 | 苏州浪潮智能科技有限公司 | Method and device for automatically recovering tampered firmware and storage medium |
| CN114697082A (en) * | 2022-03-09 | 2022-07-01 | 中易通科技股份有限公司 | Production and application method of encryption and decryption device in server-free environment |
| CN114697017A (en) * | 2020-12-31 | 2022-07-01 | 华为技术有限公司 | Key agreement method and related equipment thereof |
| US11500591B1 (en) * | 2021-07-28 | 2022-11-15 | Netapp, Inc. | Methods and systems for enabling and disabling remote storage location cache usage in a networked storage system |
| WO2023090297A1 (en) * | 2021-11-22 | 2023-05-25 | Verbatim Japan株式会社 | Storage device and program |
| CN116366326A (en) * | 2023-03-27 | 2023-06-30 | 国网河南省电力公司电力科学研究院 | Intelligent power distribution terminal-oriented safety protection system and method |
| CN116484431A (en) * | 2023-06-21 | 2023-07-25 | 荣耀终端有限公司 | Data protection method, electronic equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101636638B1 (en) * | 2012-03-19 | 2016-07-05 | 인텔 코포레이션 | Anti-malware protection operation with instruction included in an operand |
| US20210173945A1 (en) * | 2019-12-06 | 2021-06-10 | Pure Storage, Inc. | Replicating data to a storage system that has an inferred trust relationship with a client |
-
2023
- 2023-08-28 CN CN202311089983.6A patent/CN116795741B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101751273A (en) * | 2008-12-15 | 2010-06-23 | 中国科学院声学研究所 | Safety guide device and method for embedded system |
| CN106295404A (en) * | 2015-06-17 | 2017-01-04 | 北京虎符科技有限公司 | Integrated SOC based on security kernel |
| CN106572106A (en) * | 2016-11-07 | 2017-04-19 | 福建星海通信科技有限公司 | Method of transmitting message between TBOX terminal and TSP platform |
| CN107729777A (en) * | 2017-09-28 | 2018-02-23 | 山东华芯半导体有限公司 | A kind of safety encryption solid-state storage method |
| CN108260022A (en) * | 2017-12-04 | 2018-07-06 | 南京超聚通信科技有限公司 | A kind of broadband hybrid network and its operation method based on the unidirectional HFC accesses net of broadcasting and TV |
| CN111444528A (en) * | 2020-03-31 | 2020-07-24 | 海信视像科技股份有限公司 | Data security protection method, device and storage medium |
| CN112269547A (en) * | 2020-10-26 | 2021-01-26 | 武汉轻工大学 | Active and controllable hard disk data deleting method and device without operating system |
| CN112702417A (en) * | 2020-12-21 | 2021-04-23 | 四川长虹电器股份有限公司 | Method for preventing replay of edge calculation message |
| CN114697017A (en) * | 2020-12-31 | 2022-07-01 | 华为技术有限公司 | Key agreement method and related equipment thereof |
| CN113806811A (en) * | 2021-07-16 | 2021-12-17 | 苏州浪潮智能科技有限公司 | Method and device for automatically recovering tampered firmware and storage medium |
| US11500591B1 (en) * | 2021-07-28 | 2022-11-15 | Netapp, Inc. | Methods and systems for enabling and disabling remote storage location cache usage in a networked storage system |
| WO2023090297A1 (en) * | 2021-11-22 | 2023-05-25 | Verbatim Japan株式会社 | Storage device and program |
| CN114697082A (en) * | 2022-03-09 | 2022-07-01 | 中易通科技股份有限公司 | Production and application method of encryption and decryption device in server-free environment |
| CN116366326A (en) * | 2023-03-27 | 2023-06-30 | 国网河南省电力公司电力科学研究院 | Intelligent power distribution terminal-oriented safety protection system and method |
| CN116484431A (en) * | 2023-06-21 | 2023-07-25 | 荣耀终端有限公司 | Data protection method, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 内蒙古电力网页防篡改系统的设计与实现;奥伟;徐晓红;谢炯;;内蒙古电力技术(第04期);第54-57页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116795741A (en) | 2023-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2013506910A (en) | Write Once Read Many (WORM) Memory Device Authentication and Secure Ring | |
| CN107729777B (en) | Secure encryption solid-state storage method | |
| CN104715209A (en) | Outgoing document encryption protection method | |
| CN101334827A (en) | Magnetic disc encryption method and magnetic disc encryption system for implementing the method | |
| CN101388061A (en) | Progress protection technology based on Windows system remote thread monitor | |
| CN101551838B (en) | Identity authentication method and system of memory card | |
| CN114793159A (en) | Random encryption method applied to automobile ECU controller | |
| US20100115004A1 (en) | Backup system that stores boot data file of embedded system in different strorage sections and method thereof | |
| CN116795741B (en) | Method and system for preventing memory data from being deleted and tampered | |
| US6898555B2 (en) | Method for indicating the integrity of use-information of a computer program | |
| CN102012874A (en) | USB (universal serial bus) storage device provided with resource manager | |
| US20090119782A1 (en) | Method and device for digital rights protection | |
| CN103440465A (en) | Mobile storage medium safety control method | |
| CN110826099A (en) | Safe storage method and system suitable for embedded real-time operating system | |
| CN103105783B (en) | embedded element and control method | |
| CN103577744A (en) | Network on-line activating mode for Android mobile internet equipment | |
| CN116089327A (en) | Data protection method and related equipment | |
| CN105138378A (en) | BIOS flash method and electronic device | |
| CN115391834A (en) | Method and system for monitoring file tampering and electronic equipment | |
| EP1977551B1 (en) | Binding a protected application program to shell code | |
| KR102338774B1 (en) | Data protection method to prevent data leakage and corruption by preventing file contents from being read and written at the kernel level of the storage operating system | |
| CN111124462B (en) | Method, device, server and storage medium for updating embedded multimedia card | |
| CN102148054A (en) | Flash memory storage system, controller of flash memory storage system and data falsification preventing method | |
| TWI704574B (en) | A security controlling method for a data strage device | |
| CN101216807B (en) | Hard disk copying-proof method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |