CN117633841A

CN117633841A - Encryption module controller, encryption module, encryption system, and encryption processing method

Info

Publication number: CN117633841A
Application number: CN202311704193.4A
Authority: CN
Inventors: 涂冰; 乔栩; 唐明桂; 刘扬帆
Original assignee: Hexin Technology Co ltd; Shanghai Hexin Digital Technology Co ltd
Current assignee: Hexin Technology Co ltd; Shanghai Hexin Digital Technology Co ltd
Priority date: 2023-12-12
Filing date: 2023-12-12
Publication date: 2024-03-01

Abstract

The application relates to an encryption module controller, an encryption module, an encryption system, an encryption processing method and a storage medium, which can be used in the technical field of computers. The encryption module controller is used for storing the effective data volume of the current data to be encrypted in the encryption memory and the preset data volume corresponding to the encryption memory by the memory state calculation module; the control module is used for sending a request interrupt to the computing system to instruct the computing system to read the next data to be encrypted of the current data to be encrypted from the original data to be encrypted when the effective data amount stored by the memory state computing module is monitored to be smaller than the preset data amount in the process of encrypting the current data to be encrypted by the external hardware encryption module, and storing the next data to be encrypted into the encryption memory, so that the next data to be encrypted is used as new data in the current data to be encrypted until the encryption of the original data to be encrypted is completed. The encryption processing method and device can improve encryption processing efficiency.

Description

Encryption module controller, encryption module, encryption system, and encryption processing method

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to an encryption module controller, an encryption module, an encryption system, an encryption processing method, and a storage medium.

Background

With the development of the information security field, data encryption has important applications in a plurality of fields. By encrypting the data, the security of the sensitive information can be protected, and the data is prevented from being accessed and tampered by unauthorized persons. Therefore, how to efficiently perform encryption processing has become an important research direction.

The traditional technology generally carries out encryption processing on data in a manual encryption mode; however, this method requires a lot of manual processing time for the encryption processing, resulting in low efficiency of the encryption processing.

Disclosure of Invention

In view of the above, it is desirable to provide an encryption module controller, an encryption module, an encryption system, an encryption processing method, and a storage medium that can improve the efficiency of encryption processing.

In a first aspect, the present application provides an encryption module controller, comprising:

the memory state calculation module is used for storing the effective data volume of the current data to be encrypted in the encrypted memory and the preset data volume corresponding to the encrypted memory;

the control module is used for sending a request interrupt to a computing system to instruct the computing system to read the next data to be encrypted of the current data to be encrypted from original data to be encrypted in the process of encrypting the current data to be encrypted by the external hardware encryption module, and storing the next data to be encrypted into the encryption memory, so that the next data to be encrypted is used as newly added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed if the effective data stored by the memory state computing module is monitored to be smaller than the preset data; and the sum of the data quantity of the next data to be encrypted and the preset data quantity is smaller than or equal to the storage space of the encryption memory, and the current data to be encrypted is part of the data in the original data to be encrypted.

In one embodiment, the memory state calculation module is further configured to store a data amount of the original data to be encrypted and an encrypted data amount of the original data to be encrypted;

the control module is configured to send the request interrupt to the computing system when it is monitored that the effective data amount stored by the memory state computing module is smaller than the preset data amount and it is monitored that a sum of the encrypted data amount and the effective data amount stored by the memory state computing module is smaller than the data amount of the original data to be encrypted.

In one embodiment, the control module is further configured to confirm that the original data to be encrypted is stored in the encrypted memory if it is detected that the sum of the encrypted data amount and the effective data amount stored by the memory state calculation module is equal to the data amount of the original data to be encrypted; after the current data to be encrypted in the encrypted memory is encrypted, sending an operation completion interrupt to the computing system; the operation completion interrupt is used for indicating that the encryption of the original data to be encrypted is completed.

In one embodiment, the memory state calculation module includes a memory state register set and a register value calculation unit;

The memory state register set is used for storing memory state data; the memory state data at least comprises a current encryption reading address in the encryption memory and a current storage end address of the current data to be encrypted in the encryption memory;

the register value calculating unit is configured to determine, according to the current encryption read address and the current storage end address, an effective data amount of the current data to be encrypted in the encrypted memory, and store the effective data amount of the current data to be encrypted in the memory status register set.

In a second aspect, the present application further provides an encryption module, including:

the cryptographic module controller of the first aspect;

and the external hardware encryption module is connected with the encryption module controller and is used for acquiring the current data to be encrypted from the encryption memory through the encryption module controller and carrying out encryption processing on the current data to be encrypted.

In a third aspect, the present application further provides an encryption system, including:

the encryption module of the second aspect;

and the computing system is used for reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted under the condition that the request sent by the encryption module is interrupted, storing the next data to be encrypted into the encryption memory, and enabling the next data to be encrypted to be used as newly added data in the current data to be encrypted until the original data to be encrypted is encrypted.

In one embodiment, the computing system is further configured to store the current data to be encrypted in the original data to be encrypted into the encrypted memory when the data amount of the original data to be encrypted is greater than the storage space of the encrypted memory; and the data volume of the current data to be encrypted is smaller than or equal to the storage space of the encryption memory.

In one embodiment, the encryption system further comprises:

the encryption memory is connected with the bus and used for storing the current data to be encrypted;

the original data storage module is connected with the bus and used for storing the original data to be encrypted;

and the register configuration bus is respectively connected with the bus and the encryption module controller.

In a fourth aspect, the present application further provides an encryption processing method, applied to an encryption module controller, where the method includes:

acquiring effective data quantity and preset data quantity stored in a memory state calculation module; the effective data volume is the effective data volume of the current data to be encrypted in the encrypted memory, and the preset data volume is the preset data volume corresponding to the encrypted memory;

in the process of encrypting the current data to be encrypted by an external hardware encryption module, if the effective data amount stored by the memory state calculation module is monitored to be smaller than the preset data amount, sending a request interrupt to a calculation system to instruct the calculation system to read the next data to be encrypted of the current data to be encrypted from original data to be encrypted, and storing the next data to be encrypted into the encryption memory, so that the next data to be encrypted is used as newly added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; and the sum of the data quantity of the next data to be encrypted and the preset data quantity is smaller than or equal to the storage space of the encryption memory, and the current data to be encrypted is part of the data in the original data to be encrypted.

In one embodiment, the method further comprises:

acquiring the data volume of the original data to be encrypted and the encrypted data volume of the original data to be encrypted stored in the memory state calculation module;

and sending the request interrupt to the computing system under the condition that the effective data volume stored by the memory state computing module is monitored to be smaller than the preset data volume and the sum of the encrypted data volume and the effective data volume stored by the memory state computing module is monitored to be smaller than the data volume of the original data to be encrypted.

In one embodiment, the method further comprises:

if the sum of the encrypted data volume and the effective data volume stored by the memory state calculation module is monitored to be equal to the data volume of the original data to be encrypted, confirming that the original data to be encrypted is completely stored in the encrypted memory;

after the current data to be encrypted in the encrypted memory is encrypted, sending an operation completion interrupt to the computing system; the operation completion interrupt is used for indicating that the encryption of the original data to be encrypted is completed.

In a fifth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In the encryption module controller, the encryption module, the encryption system, the encryption processing method and the storage medium, the encryption module controller comprises a memory state calculation module and a control module; the memory state calculation module is used for storing the effective data volume of the current data to be encrypted in the encrypted memory and the preset data volume corresponding to the encrypted memory; the control module is used for sending a request interrupt to a computing system to instruct the computing system to read the next data to be encrypted of the current data to be encrypted from original data to be encrypted in the process of encrypting the current data to be encrypted by the external hardware encryption module, and storing the next data to be encrypted into the encryption memory, so that the next data to be encrypted is used as newly added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed if the effective data stored by the memory state computing module is monitored to be smaller than the preset data; and the sum of the data quantity of the next data to be encrypted and the preset data quantity is smaller than or equal to the storage space of the encryption memory, and the current data to be encrypted is part of the data in the original data to be encrypted. According to the scheme, when the effective data amount stored by the memory state calculation module is monitored to be smaller than the preset data amount, the next data to be encrypted is stored into the encryption memory, so that the next data to be encrypted is used as newly-added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; according to the scheme, the original data to be encrypted are stored into the encryption memory in blocks mainly according to the storage space of the encryption memory and the data quantity of the original data to be encrypted, and the next data to be encrypted is dynamically read in the encryption process, so that the encryption process efficiency is improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for a person having ordinary skill in the art.

FIG. 1 is a block diagram of an encryption system in one embodiment;

FIG. 2 is a flow diagram of an embodiment of a densification process;

FIG. 3 is a block diagram of a cryptographic module controller in one embodiment;

FIG. 4 is a block diagram of an alternate embodiment encryption system;

FIG. 5 is a block diagram of an encryption system according to yet another embodiment;

FIG. 6 is a flow diagram of a method of encryption processing in one embodiment;

FIG. 7 is a flow chart of a method of encryption processing in another embodiment;

FIG. 8 is a flow chart of a method of encryption processing in yet another embodiment;

FIG. 9 is a schematic diagram showing some steps of an encryption processing method in one embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.

It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, etc.) and the data (including, but not limited to, data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use, and processing of the related data are required to meet the related regulations.

The encryption of the data can be composed of a plurality of operation steps, because the encryption of the data, particularly a large amount of data, consumes a large amount of resources of a computing system, in order to improve the encryption speed, a special encryption acceleration module or a special encryption acceleration chip can be directly integrated by adding a special encryption acceleration module or a special encryption acceleration product into a chip which needs to encrypt the data, and the encryption operation is realized through special custom hardware, so that the original data can be operated more efficiently and the encrypted data can be obtained.

Referring to fig. 1, a server may store original data in a memory such as an HDD (hard disk drive), when the data needs to be encrypted, a main control logic of a computing system applies for a section of DDR (double rate synchronous dynamic random access memory) memory space, reads the original data into the memory (encrypted memory), transmits information such as a position and a size of the original data in the memory to an encryption module through a register configuration bus, and may additionally transmit related information such as which encryption algorithm needs to be used for processing the data to the encryption module, and finally, after an enabling register is configured for encryption operation, the control logic of the encryption module reads the original data from a designated position of the DDR memory (encrypted memory) through a data read-write bus and sends the original data to a hardware encryption computing core for processing, and after the processing is completed, the encrypted data is written back to the DDR memory, and an interrupt indicating that the operation is completed to the main control logic of the computing system.

If the total size of the original data exceeds the size of the memory allocated to the encryption module by the computing system, the upper layer driver software divides the encrypted data into a plurality of parts, and each part does not exceed the size of the memory allocated to the encryption module by the computing system, so that multiple operations are performed according to the above operation steps until the encryption operation of all the original data is completed.

Referring to fig. 2, fig. 2 is a flow chart illustrating the above-described multiple operations. The memory is a memory with a limited size, and the original data is larger than the memory with the effective size. In fig. 2, the total size of the original data is the sum of the sizes of the 1 st to nth (N represents a number) data, each data operation is performed by taking the data from the hard disk to the DDR memory, writing the configuration register, and the encryption computing core performs encryption operation according to the configuration read data, after the completion, notifying the computing system by reporting an interrupt, until the original data all have been operated, the time consumed in the whole encryption process may be represented as t1+t2+t3+ … … +tn, where T1, T2, T3, tn represent the consumed time of each operation, and Tn represents the consumed time corresponding to the nth (N represents a number) operation.

Under the condition that the memory size is not limited, the computing system can write multiple data into different positions of the memory, so that the situation that the next original data is written in the process of writing the next original data in fig. 2 and the last original data encryption operation is required to be completed is avoided, and the total encryption operation duration can be shortened. However, in many application scenarios, especially in some edge computing terminal application scenarios, a low-cost solution (the computing capability and the storage capacity of the device are limited) is required, and an unlimited memory space cannot be used, but at the same time, a low-delay and high-reliability characteristic requirement is required, and in such a scenario, the structure and the operation of fig. 1 and 2 need to be optimized to a certain extent, and an operation method is improved, so that the encryption operation bandwidth is improved under the limited memory condition, and the total encryption operation duration is shortened.

In one exemplary embodiment, referring to fig. 3 and 4, there is provided an encryption module controller including:

the control module is used for sending a request interrupt to the computing system to instruct the computing system to read the next data to be encrypted of the current data to be encrypted from the original data to be encrypted in the process of encrypting the current data to be encrypted by the external hardware encryption module, and storing the next data to be encrypted into the encryption memory, so that the next data to be encrypted is used as new data in the current data to be encrypted until the encryption of the original data to be encrypted is completed if the effective data amount stored by the memory state computing module is monitored to be smaller than the preset data amount; the sum of the data quantity of the next data to be encrypted and the preset data quantity is smaller than or equal to the storage space of the encryption memory, and the current data to be encrypted is part of the data in the original data to be encrypted.

The encryption module controller may be a controller corresponding to the encryption module control logic.

The memory state calculation module is used for storing the current data quantity to be encrypted and preset data quantity information of the encrypted memory.

The control module may be a module corresponding to a control logic in the control logic of the encryption module.

The original data to be encrypted may be data to be encrypted (all original data to be encrypted), and may be any type of data, such as text, image, audio, and the like.

The encryption memory may be a storage space for storing data to be encrypted and an encryption result, in an embodiment, the encryption memory may be a memory space in a computer system or other storage devices, and a hardware encryption computing core (i.e., a hardware encryption module/an external hardware encryption module) in the encryption system of the server may read the data to be encrypted from the encryption memory and encrypt the data to be encrypted.

The current data to be encrypted can be a data block which is being encrypted in the encryption process, and the size of the current data to be encrypted is smaller than or equal to the storage space of the encrypted memory.

The effective data amount of the current data to be encrypted may be the remaining size of the current data to be encrypted in the encrypted memory (the data amount of the remaining data to be encrypted in the encrypted memory), and in the encryption process, whether the next data block to be encrypted needs to be read from the original data to be encrypted is determined by monitoring the effective data amount, for example, the effective data amount of the current data to be encrypted may refer to the data which is not encrypted (or not encrypted to be read) in the current data to be encrypted, or may be the data which is not encrypted (or not encrypted to be read) in the encrypted memory.

The request interrupt may be a write original data to memory request interrupt, for notifying the computing system of writing a new data block (the next data to be encrypted of the current data to be encrypted).

The next data to be encrypted of the current data to be encrypted may be represented as the next piece of data to be encrypted written after the current data to be encrypted is written.

The preset data amount may be a preset data amount threshold.

The new data in the current data to be encrypted may be the supplementary data in the current data to be encrypted.

The external hardware encryption module may be a hardware encryption computing core in an encryption system.

The computing system may be a system to which the computing system master control logic corresponds.

Optionally, the memory state calculation module stores a preset data amount corresponding to the encrypted memory; the control module loads a part of data in the original data to be encrypted into the encryption memory to serve as a current data block to be encrypted; the external hardware encryption module starts to encrypt the current data block to be encrypted; the memory state calculation module stores the current effective data quantity of the encrypted memory in real time; if the effective data volume is smaller than the preset data volume, the control module sends a request interrupt to the computing system, and indicates that the computing system needs to load the next data block to be encrypted; the computing system reads the next data block to be encrypted from the original data to be encrypted, writes the next data block to be encrypted into the encryption memory, and uses the next data block to be encrypted as newly added data of the current data block; the external hardware encryption module continues to encrypt the current data block until the original data to be encrypted are completely encrypted; the new data block is actively loaded by monitoring the effective data quantity and the preset data quantity, so that the external hardware encryption module can continuously encrypt.

The encryption module controller comprises a memory state calculation module and a control module; the memory state calculation module is used for storing the effective data volume of the current data to be encrypted in the encrypted memory and the preset data volume corresponding to the encrypted memory; the control module is used for sending a request interrupt to the computing system to instruct the computing system to read the next data to be encrypted of the current data to be encrypted from the original data to be encrypted in the process of encrypting the current data to be encrypted by the external hardware encryption module, and storing the next data to be encrypted into the encryption memory, so that the next data to be encrypted is used as new data in the current data to be encrypted until the encryption of the original data to be encrypted is completed if the effective data amount stored by the memory state computing module is monitored to be smaller than the preset data amount; the sum of the data quantity of the next data to be encrypted and the preset data quantity is smaller than or equal to the storage space of the encryption memory, and the current data to be encrypted is part of the data in the original data to be encrypted. According to the scheme, when the effective data amount stored by the memory state calculation module is monitored to be smaller than the preset data amount, the next data to be encrypted is stored into the encryption memory, so that the next data to be encrypted is used as newly-added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; according to the scheme, the original data to be encrypted are stored into the encryption memory in blocks mainly according to the storage space of the encryption memory and the data quantity of the original data to be encrypted, and the next data to be encrypted is dynamically read in the encryption process, so that the encryption process efficiency is improved.

In an exemplary embodiment, referring to fig. 4 and 5, the memory state calculation module is further configured to store a data amount of the original data to be encrypted and an encrypted data amount of the original data to be encrypted;

and the control module is used for sending a request interrupt to the computing system under the condition that the effective data volume stored by the memory state computing module is monitored to be smaller than the preset data volume and the sum of the encrypted data volume and the effective data volume stored by the memory state computing module is monitored to be smaller than the data volume of the original data to be encrypted.

The encrypted data amount may be the data amount of which encryption processing has been completed in the original data to be encrypted.

The data size of the original data to be encrypted may be the data size of all original data to be encrypted.

Optionally, the control module monitors whether the effective data amount stored by the memory state calculation module is smaller than a preset data amount; when the effective data volume stored by the memory state calculation module is monitored to be smaller than the preset data volume, monitoring whether the sum of the encrypted data volume and the effective data volume stored by the memory state calculation module is smaller than the data volume of the original data to be encrypted; and sending a request interrupt to a computing system under the condition that the effective data volume stored by the memory state computing module is monitored to be smaller than the preset data volume and the sum of the encrypted data volume and the effective data volume stored by the memory state computing module is monitored to be smaller than the data volume of the original data to be encrypted.

According to the method and the device, the request interrupt can be sent only by simultaneously meeting the condition that the effective data size is smaller than the preset data size and the sum of the encrypted data size and the effective data size is smaller than the original data size, so that the fact that new data blocks are unnecessarily reloaded when data processing is close to completion can be avoided, the loading of the data blocks is controlled more accurately, and therefore the efficiency and the accuracy of encryption processing are improved.

In an exemplary embodiment, referring to fig. 4 and 5, the control module is further configured to confirm that the original data to be encrypted has been stored in the encrypted memory if it is detected that the sum of the encrypted data amount and the valid data amount stored by the memory status calculation module is equal to the data amount of the original data to be encrypted; after the current data to be encrypted in the encrypted memory is encrypted, sending an operation completion interrupt to the computing system; the operation completion interrupt is used to indicate that encryption of the original data to be encrypted is completed.

Optionally, the control module monitors whether the sum of the encrypted data volume and the valid data volume stored by the memory state calculation module is equal to the data volume of the original data to be encrypted; under the condition that the sum of the encrypted data quantity and the effective data quantity stored by the memory state calculation module is equal to the data quantity of the original data to be encrypted, confirming that the original data to be encrypted is completely stored in the encrypted memory (confirming that the original data to be encrypted is completely loaded); after the external hardware encryption module completes the encryption of the current data to be encrypted in the encryption memory, sending an operation completion interrupt to the computing system; the computing system can finish the encryption processing operation according to the operation completion interrupt, and the memory state computing module clears the relevant counter.

According to the embodiment of the application, the complete loading of the original data to be encrypted in the encrypted memory can be ensured by adding a complete judgment, and the operation completion interrupt is sent only after the encryption is completed, so that the correctness of encryption processing is ensured.

In one exemplary embodiment, referring to fig. 4 and 5, a memory state calculation module includes a memory state register set and a register value calculation unit;

the memory state register set is used for storing memory state data; the memory state data at least comprises a current encryption reading address in the encryption memory and a current storage end address of current data to be encrypted in the encryption memory;

the register value calculating unit is used for determining the effective data quantity of the current data to be encrypted in the encrypted memory according to the current encryption reading address and the current storage ending address, and storing the effective data quantity of the current data to be encrypted into the memory state register group.

The memory state register set may be a register set for storing memory state data.

The register value calculating unit may be a unit that calculates the effective data amount from the read address and the end address.

The current encrypted read address may be an encrypted memory address that is currently being read, for example, a memory address of an encrypted memory that is currently being read by the external hardware encryption module.

The current storage end address may be a storage end address of the current data to be encrypted being stored in the encrypted memory, for example, the current storage end address may be a final address pointed to by a write pointer of the current data to be encrypted written into the encrypted memory.

Optionally, the memory state register set stores memory state data, where the memory state data at least includes a current encryption read address in the encrypted memory and a current storage end address of current data to be encrypted in the encrypted memory; the register value calculating unit calculates the effective data volume of the current data to be encrypted in the encrypted memory according to the current encryption reading address and the current storage ending address, and records the calculated effective data volume of the current data to be encrypted into the memory state register group.

According to the embodiment of the application, the memory state is tracked and recorded in real time through the memory state calculation module, so that the calculation of the effective data amount and the synchronization of loading new data are realized, the continuity of an encryption process is ensured, and the efficiency of encryption processing is improved.

Based on the same inventive concept, referring to fig. 4 and 5, the present embodiment also provides an encryption module including: the cryptographic module controller as provided in any of the above embodiments;

and the external hardware encryption module is connected with the encryption module controller and is used for acquiring current data to be encrypted from the encryption memory through the encryption module controller and carrying out encryption processing on the current data to be encrypted.

Optionally, the encryption module includes an encryption module controller and an external hardware encryption module; the external hardware encryption module is connected with the encryption module controller and is used for acquiring current data to be encrypted from the encryption memory through the encryption module controller and carrying out encryption processing on the current data to be encrypted.

The encryption module provided by the embodiment of the application comprises an external hardware encryption module and the encryption module controller in any embodiment, and the encryption module controller can be responsible for coordinating the operation of a memory and hardware to realize the ordered operation of the whole encryption processing by utilizing the hardware advantage of the special external hardware encryption module to realize efficient encryption calculation. When the effective data amount stored by the memory state calculation module is monitored to be smaller than the preset data amount, storing the next data to be encrypted into the encryption memory, and enabling the next data to be encrypted to serve as newly-added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; according to the scheme, the original data to be encrypted are stored into the encryption memory in blocks mainly according to the storage space of the encryption memory and the data quantity of the original data to be encrypted, and the next data to be encrypted is dynamically read in the encryption process, so that the encryption process efficiency is improved.

Based on the same inventive concept, referring to fig. 4 and 5, the present embodiment also provides an encryption system including: the encryption module provided in any of the above embodiments;

and the computing system is used for reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted under the condition that the request sent by the encryption module is interrupted, storing the next data to be encrypted into the encryption memory, and enabling the next data to be encrypted to be used as new data in the current data to be encrypted until the encryption of the original data to be encrypted is completed.

Optionally, the encryption system comprises an encryption module and a computing system; under the condition that a request sent by the encryption module is interrupted, the computing system is used for reading next data to be encrypted of current data to be encrypted from original data to be encrypted, storing the next data to be encrypted into the encryption memory, and enabling the next data to be encrypted to be used as new data in the current data to be encrypted until the original data to be encrypted is encrypted.

The encryption system provided by the embodiment of the application comprises the computing system and the encryption module in any one of the embodiments, and the dynamic supplementation of the memory data is realized through the cooperation of the computing system and the encryption module, so that the continuous operation of the hardware encryption module is ensured. When the effective data amount stored by the memory state calculation module is monitored to be smaller than the preset data amount, storing the next data to be encrypted into the encryption memory, and enabling the next data to be encrypted to serve as newly-added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; according to the scheme, the original data to be encrypted are stored into the encryption memory in blocks mainly according to the storage space of the encryption memory and the data quantity of the original data to be encrypted, and the next data to be encrypted is dynamically read in the encryption process, so that the encryption process efficiency is improved.

In an exemplary embodiment, referring to fig. 4 and 5, the computing system is further configured to store current data to be encrypted in the encryption memory in the original data to be encrypted if the data size of the original data to be encrypted is larger than the storage space of the encryption memory; the current data volume of the data to be encrypted is smaller than or equal to the storage space of the encrypted memory.

Optionally, the computing system judges whether the data volume of the original data to be encrypted is larger than the storage space of the encrypted memory; under the condition that the data quantity of the original data to be encrypted is larger than the storage space of the encryption memory, selecting data with the data quantity smaller than or equal to the storage space of the encryption memory from the original data to be encrypted as current data to be encrypted in the original data to be encrypted, and storing the current data to be encrypted in the original data to be encrypted into the encryption memory.

According to the embodiment of the application, aiming at the situation that the original data to be encrypted is larger than the storage space of the encryption memory, the encryption processing under the limited memory is realized by a mode that the computing system reads and writes the original data to be encrypted into the encryption memory in a blocking manner; the key point is that the current data block size of the encrypted memory is controlled to be read each time according to the limitation of the storage space of the encrypted memory, so that the hardware encryption module can work continuously, and the encryption processing efficiency is improved.

In an exemplary embodiment, referring to fig. 4 and 5, the encryption system further includes:

the encryption memory is connected with the bus and used for storing current data to be encrypted;

the original data storage module is connected with the bus and used for storing original data to be encrypted;

the register is configured with a bus and is respectively connected with the bus and the encryption module controller.

The bus may be a communication bus used for connecting the modules for data transmission inside the encryption system.

The original data storage module may be used for storing original data to be encrypted which needs to be encrypted.

The register configuration bus may be a parameter bus dedicated to configuring the memory state register set.

Optionally, the encryption system further comprises an encryption memory, an original data storage module and a register configuration bus; the encryption memory is connected with the bus and used for storing current data to be encrypted; the original data storage module is connected with the bus and used for storing original data to be encrypted; the register configuration bus is respectively connected with the bus and the encryption module controller.

According to the embodiment of the application, the main modules of the encryption system and the connection relation between the main modules are determined, the transmission paths of data and parameters are defined, and hardware basic support is provided for the encryption processing work, so that the encryption processing efficiency and accuracy are improved.

In an exemplary embodiment, an encryption processing method is provided, and this embodiment is exemplified by the method applied to a server; it will be appreciated that the method may also be applied to a terminal, and may also be applied to a system comprising a terminal and a server, and implemented by interaction between the terminal and the server. The terminal can be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers and the like; the server may be implemented as a stand-alone server or as a cluster of servers, such as a server containing an encryption system. In this embodiment, the method includes the steps of:

step S101, under the condition that the data volume of the original data to be encrypted is larger than the storage space of the encryption memory, storing the current data to be encrypted in the original data to be encrypted into the encryption memory; the current data volume of the data to be encrypted is smaller than or equal to the storage space of the encrypted memory.

Optionally, the server acquires the original data to be encrypted, determines the data amount of the original data to be encrypted and the storage space of the encryption memory, judges whether the data amount of the original data to be encrypted is larger than the storage space of the encryption memory, reads the current data to be encrypted from the original data to be encrypted under the condition that the data amount of the original data to be encrypted is larger than the storage space of the encryption memory, and stores (writes) the current data to be encrypted in the original data to be encrypted into the encryption memory.

For example, the server reads the original data to be encrypted, and determines the data amount (total data amount) of the original data to be encrypted and the storage space of the encrypted memory; judging whether the data volume of the original data to be encrypted is larger than the storage space of the encryption memory, and dividing the original data to be encrypted into a plurality of data blocks according to the size of the storage space of the encryption memory under the condition that the data volume of the original data to be encrypted is larger than the storage space of the encryption memory; and storing the first data block serving as current data to be encrypted into an encryption memory, setting a read-write pointer of the encryption memory to point to a starting address of the data block, reading the current data to be encrypted from the encryption memory through an encryption module in the encryption system, and carrying out encryption processing.

Step S102, in the process of encrypting the current data to be encrypted in the encrypted memory, determining the effective data quantity of the current data to be encrypted in the encrypted memory.

Optionally, the server monitors the effective data amount of the current data to be encrypted in the encrypted memory in real time during the encryption processing (e.g. encryption reading) of the current data to be encrypted in the encrypted memory.

For example, during the encryption processing (e.g. encryption reading) of the current data to be encrypted in the encrypted memory, the server monitors the start address and the end address of the current data to be encrypted in the encrypted memory in real time, and determines the effective data amount of the current data to be encrypted in the encrypted memory by calculating the data amount between the start address and the end address of the current data to be encrypted, so that the effective data amount of the current data to be encrypted can be stored in a specific register for subsequent judgment and processing.

Step S103, reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted under the condition that the effective data amount is smaller than the preset data amount; the sum of the data volume of the next data to be encrypted and the preset data volume is smaller than or equal to the storage space of the encrypted memory.

Optionally, the server determines whether the effective data amount is smaller than the preset data amount, and reads the next data to be encrypted of the current data to be encrypted from the original data to be encrypted while performing encryption processing when the effective data amount is smaller than the preset data amount.

For example, the server determines whether the effective data amount is smaller than the preset data amount, and when the effective data amount is smaller than the preset data amount, the server reads the next piece of data to be encrypted of the current data to be encrypted from the original data to be encrypted according to the preset read data amount while performing encryption processing, and the next piece of data to be encrypted is used as the next data to be encrypted of the current data to be encrypted.

Step S104, storing the next data to be encrypted into the encryption memory, and enabling the next data to be encrypted to be used as newly added data in the current data to be encrypted until the original data to be encrypted is encrypted.

Optionally, the server stores the next data to be encrypted into the encryption memory, so that the next data to be encrypted is used as newly added data in the current data to be encrypted, that is, the next data to be encrypted is used as newly added current data to be encrypted in the encryption memory, after the original current data to be encrypted in the encryption memory is subjected to encryption processing, the next data to be encrypted is continuously subjected to encryption processing, the steps are repeated, unread data to be encrypted in the original data to be encrypted are repeatedly stored (written) into the encryption memory until the original data to be encrypted are all stored into the encryption memory, and the encryption of the data to be encrypted stored in the encryption memory is all completed, so that the completion of encryption of the original data to be encrypted is confirmed.

In the encryption processing method, under the condition that the data volume of the original data to be encrypted is larger than the storage space of the encryption memory, the current data to be encrypted in the original data to be encrypted is stored in the encryption memory; the data volume of the current data to be encrypted is smaller than or equal to the storage space of the encrypted memory; in the process of encrypting the current data to be encrypted in the encrypted memory, determining the effective data quantity of the current data to be encrypted in the encrypted memory; under the condition that the effective data volume is smaller than the preset data volume, reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted; the sum of the data volume of the next data to be encrypted and the preset data volume is smaller than or equal to the storage space of the encrypted memory; and storing the next data to be encrypted into the encryption memory, and enabling the next data to be encrypted to serve as newly added data in the current data to be encrypted until the original data to be encrypted is encrypted. The method comprises the steps of storing current data to be encrypted into an encryption memory when the data amount of original data to be encrypted is larger than the storage space of the encryption memory, determining the effective data amount of the current data to be encrypted in the encryption memory when the current data to be encrypted in the encryption memory is subjected to encryption processing, reading next data to be encrypted from the original data to be encrypted when the effective data amount is smaller than the preset data amount, and storing the next data to be encrypted into the encryption memory as newly added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; according to the scheme, the original data to be encrypted are stored into the encryption memory in blocks mainly according to the storage space of the encryption memory and the data quantity of the original data to be encrypted, and the next data to be encrypted is dynamically read in the encryption process, so that the efficiency and the accuracy of encryption processing are improved.

In an exemplary embodiment, step S103 above, when the effective data size is smaller than the preset data size, further includes the following steps before reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted: acquiring the encrypted data volume of original data to be encrypted; in step S103, the next data to be encrypted of the current data to be encrypted is read from the original data to be encrypted, which specifically includes the following contents: and reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted under the condition that the sum of the encrypted data quantity and the effective data quantity is smaller than the data quantity of the original data to be encrypted.

Optionally, the server obtains an encrypted data volume of the original data to be encrypted; judging whether the sum of the encrypted data quantity and the effective data quantity is smaller than the data quantity of the original data to be encrypted or not; and reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted under the condition that the sum of the encrypted data quantity and the effective data quantity is smaller than the data quantity of the original data to be encrypted.

For example, the server first obtains an encrypted data amount before reading the next data to be encrypted, wherein this encrypted data amount can be recorded by a counter or register inside the computing system of the server; then, it is judged whether the sum of the encrypted data amount and the effective data amount is smaller than the data amount of the original data to be encrypted, and if so, the next data to be encrypted is read from the original data to be encrypted.

According to the technical scheme provided by the embodiment, when the sum of the encrypted data quantity and the effective data quantity is smaller than the data quantity of the original data to be encrypted, the next data to be encrypted of the current data to be encrypted is triggered to be read, so that the reading and encryption processes of the data to be encrypted can be controlled and managed more accurately, the correctness and the high efficiency of encryption operation are ensured, and the efficiency and the accuracy of encryption processing are improved.

In an exemplary embodiment, the method further includes the step of confirming that the encryption of the original data to be encrypted is completed, and specifically includes the following steps: under the condition that the sum of the encrypted data quantity and the effective data quantity is equal to the data quantity of the original data to be encrypted, confirming that the original data to be encrypted is completely stored in an encryption memory; after the current data to be encrypted in the encryption memory is encrypted, the original data to be encrypted is confirmed to be encrypted.

Optionally, the server judges whether the sum of the encrypted data amount and the effective data amount is smaller than the data amount of the original data to be encrypted; under the condition that the sum of the encrypted data quantity and the effective data quantity is equal to the data quantity of the original data to be encrypted, confirming that the original data to be encrypted are all stored in an encryption memory, and reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted is not needed; continuing to encrypt the current data to be encrypted in the encrypted memory, and after the current data to be encrypted in the encrypted memory is encrypted, confirming that the original data to be encrypted is encrypted.

According to the technical scheme provided by the embodiment, by confirming that the original data to be encrypted are all stored in the encryption memory and confirming that the encryption of the original data to be encrypted is completed, the completion condition of the encryption process is monitored and confirmed more accurately, all the data to be encrypted are ensured to be subjected to correct encryption processing, and therefore the accuracy of the encryption processing is improved.

In an exemplary embodiment, in step S102, the effective data amount of the current data to be encrypted in the encrypted memory is determined, which specifically includes the following contents: acquiring a current encryption reading address in an encryption memory and a current storage end address of current data to be encrypted in the encryption memory; and determining the effective data quantity of the current data to be encrypted in the encrypted memory according to the current encryption reading address and the current storage ending address.

Optionally, the server acquires a current encryption reading address in the encryption memory and a current storage ending address of current data to be encrypted in the encryption memory; and taking the data quantity between the current encryption reading address and the current storage ending address as the effective data quantity of the current data to be encrypted in the encryption memory.

For example, the server records a current encrypted read address in the encrypted memory and a current storage end address of current data to be encrypted in the encrypted memory through an internal register; taking the data volume between the current encryption reading address and the current storage ending address as the effective data volume of the current data to be encrypted in the encryption memory; according to the value of the effective data quantity, whether the original data to be encrypted needs to be continuously supplemented into the encrypted memory or not can be judged.

According to the technical scheme provided by the embodiment, the effective data quantity of the current data to be encrypted in the encrypted memory is effectively and accurately determined through the current encryption reading address and the current storage ending address, so that the efficiency and the accuracy of encryption processing are improved.

In an exemplary embodiment, in step S104, the next data to be encrypted is stored in the encrypted memory, which specifically includes the following contents: determining the address to be stored of the next data to be encrypted according to the current storage end address; and storing the next data to be encrypted into the encryption memory according to the address to be stored of the next data to be encrypted.

The address to be stored of the next data to be encrypted may be an address to store the next data to be encrypted into the encrypted memory.

Optionally, the server determines the address to be stored of the next data to be encrypted according to the current storage end address of the current data to be encrypted in the encrypted memory; and storing the next data to be encrypted into the encryption memory according to the address to be stored of the next data to be encrypted.

For example, the server records the current storage end address through the internal register, determines the address to be stored of the next data to be encrypted according to the current storage end address, and stores the next data to be encrypted into the encrypted memory pointed by the address to be stored.

According to the technical scheme provided by the embodiment, the address to be stored of the data to be encrypted is determined according to the current storage end address, and the data to be encrypted is stored into the encryption memory, so that the data to be encrypted is efficiently and accurately stored into the encryption memory, and the efficiency and the accuracy of encryption processing are improved.

In an exemplary embodiment, in the step, the determining the address to be stored of the next data to be encrypted according to the current storage end address specifically includes the following: determining a start address to be stored and an end address to be stored of the next data to be encrypted according to the current storage end address, the data volume of the next data to be encrypted, the start address of the encrypted memory and the end address of the encrypted memory; and determining the address to be stored of the next data to be encrypted according to the start address to be stored and the end address to be stored of the next data to be encrypted.

The data size of the next data to be encrypted may be the size of the next data to be encrypted, which represents the size of the storage space occupied by the next data to be encrypted.

The starting address of the encrypted memory and the ending address of the encrypted memory may represent the starting address and the ending address of the memory space allocated to the encryption module.

The start address and the end address to be stored of the next data to be encrypted may represent the start address and the end address of the next data to be encrypted stored in the encrypted memory.

Optionally, the server determines a start address to be stored of the next data to be encrypted and an end address to be stored of the next data to be encrypted according to the current storage end address of the current data to be encrypted in the encrypted memory, the data volume of the next data to be encrypted, the start address of the encrypted memory and the end address of the encrypted memory; and determining the address to be stored of the next data to be encrypted according to the start address to be stored of the next data to be encrypted and the end address to be stored of the next data to be encrypted.

For example, the server records the current storage end address, the data volume of the next data to be encrypted, the starting address of the encrypted memory and the end address of the encrypted memory through an internal register; according to the information, a start address to be stored and an end address to be stored of the next data to be encrypted can be determined, for example, the current end address to be stored can be used as the start address to be stored of the next data to be encrypted, the occupied space of the next data to be encrypted in the encryption memory can be determined according to the data quantity of the next data to be encrypted, and the next data to be encrypted is specified to be stored in the storage space between the start address of the encryption memory and the end address of the encryption memory, so that the start address to be stored and the end address to be stored of the next data to be encrypted can be determined; and taking the starting address to be stored of the next data to be encrypted to the ending address to be stored of the next data to be encrypted as the address to be stored of the next data to be encrypted.

According to the technical scheme provided by the embodiment, the address to be stored of the data to be encrypted is determined according to the current storage end address, the data quantity of the data to be encrypted, the starting address and the end address of the encryption memory, so that the address to be stored of the data to be encrypted is determined more accurately, and the accuracy of encryption processing is improved.

In an exemplary embodiment, in step S101, the current data to be encrypted in the original data to be encrypted is stored in the encrypted memory, which specifically includes the following contents: determining a to-be-stored starting address and a to-be-stored ending address of current to-be-encrypted data in original to-be-encrypted data according to the starting address of the encrypted memory and the ending address of the encrypted memory; and storing the current data to be encrypted in the original data to be encrypted into the encryption memory according to the initial address to be stored and the end address to be stored of the current data to be encrypted in the original data to be encrypted.

The start address to be stored and the end address to be stored of the current data to be encrypted may represent the start address and the end address of the current data to be encrypted stored in the encrypted memory.

Optionally, the server records a starting address of the encrypted memory and an ending address of the encrypted memory through an internal register; determining a to-be-stored starting address and a to-be-stored ending address of current to-be-encrypted data in original to-be-encrypted data according to a starting address of an encrypted memory and an ending address of the encrypted memory (for example, taking the starting address of the encrypted memory as the to-be-stored starting address of the current to-be-encrypted data and taking the ending address of the encrypted memory as the to-be-stored ending address of the current to-be-encrypted data); and storing the current data to be encrypted in the original data to be encrypted into the encryption memory according to the initial address to be stored and the end address to be stored of the current data to be encrypted in the original data to be encrypted.

According to the technical scheme provided by the embodiment, the starting address to be stored and the ending address to be stored of the current data to be encrypted in the original data to be encrypted are determined according to the starting address and the ending address of the encryption memory, and the current data to be encrypted is stored into the encryption memory, so that the current data to be encrypted in the original data to be encrypted can be efficiently and accurately stored into the encryption memory, and the efficiency and the accuracy of encryption processing can be improved.

Based on the same inventive concept, the present embodiment further provides an encryption processing method applied to an encryption module controller, referring to fig. 4, 5 and 6, the method includes:

step S601, obtaining effective data quantity and preset data quantity stored in a memory state calculation module; the effective data volume is the effective data volume of the current data to be encrypted in the encrypted memory, and the preset data volume is the preset data volume corresponding to the encrypted memory;

step S602, in the process of encrypting the current data to be encrypted by the external hardware encryption module, if the effective data amount stored by the memory state calculation module is monitored to be smaller than the preset data amount, a request is sent to the calculation system to instruct the calculation system to read the next data to be encrypted of the current data to be encrypted from the original data to be encrypted, the next data to be encrypted is stored in the encryption memory, and the next data to be encrypted is used as new data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; the sum of the data quantity of the next data to be encrypted and the preset data quantity is smaller than or equal to the storage space of the encryption memory, and the current data to be encrypted is part of the data in the original data to be encrypted.

Optionally, the encryption module controller acquires the effective data amount and the preset data amount stored in the memory state calculation module; in the process of encrypting the current data to be encrypted by the external hardware encryption module, if the effective data amount stored by the memory state calculation module is monitored to be smaller than the preset data amount, sending a request interrupt to the calculation system so as to instruct the calculation system to read the next data to be encrypted of the current data to be encrypted from the original data to be encrypted, storing the next data to be encrypted into the encryption memory, and enabling the next data to be encrypted to be used as new data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; therefore, by dynamically monitoring and supplementing the data blocks in the encryption process, the efficient block encryption processing under the condition of limited memory is realized.

According to the encryption processing method, when the effective data amount stored by the memory state calculation module is monitored to be smaller than the preset data amount, the next data to be encrypted is stored into the encryption memory, so that the next data to be encrypted is used as the newly-added data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; according to the scheme, the original data to be encrypted are stored into the encryption memory in blocks mainly according to the storage space of the encryption memory and the data quantity of the original data to be encrypted, and the next data to be encrypted is dynamically read in the encryption process, so that the encryption process efficiency is improved.

In an exemplary embodiment, the following details are further included: acquiring the data quantity of original data to be encrypted and the encrypted data quantity of the original data to be encrypted stored in a memory state calculation module; and sending a request interrupt to a computing system under the condition that the effective data volume stored by the memory state computing module is monitored to be smaller than the preset data volume and the sum of the encrypted data volume and the effective data volume stored by the memory state computing module is monitored to be smaller than the data volume of the original data to be encrypted.

Optionally, the encryption module controller acquires the data volume of the original data to be encrypted and the encrypted data volume of the original data to be encrypted stored in the memory state calculation module; and sending a request interrupt to a computing system under the condition that the effective data volume stored by the memory state computing module is monitored to be smaller than the preset data volume and the sum of the encrypted data volume and the effective data volume stored by the memory state computing module is monitored to be smaller than the data volume of the original data to be encrypted.

According to the embodiment of the application, unnecessary data supplement can be avoided through further judgment, so that the efficiency and the accuracy of encryption processing are improved.

In an exemplary embodiment, the method further comprises the following: if the sum of the encrypted data volume and the effective data volume stored by the memory state calculation module is monitored to be equal to the data volume of the original data to be encrypted, confirming that the original data to be encrypted is completely stored in the encrypted memory; after the current data to be encrypted in the encrypted memory is encrypted, sending an operation completion interrupt to the computing system; the operation completion interrupt is used to indicate that encryption of the original data to be encrypted is completed.

Optionally, if the encryption module controller monitors that the sum of the encrypted data amount and the effective data amount stored by the memory state calculation module is equal to the data amount of the original data to be encrypted, the encryption module controller confirms that the original data to be encrypted is completely stored in the encryption memory; after the current data to be encrypted in the encrypted memory is encrypted, sending an operation completion interrupt to the computing system; and when the encryption of the current data block is completed, sending an operation completion interrupt to the computing system to indicate that the encryption operation is finished.

According to the embodiment of the application, the judging conditions of the transmission and the encryption ending of the original data to be encrypted are increased, and the whole encryption process can be monitored and ended more accurately, so that the accuracy of encryption processing is improved.

The encryption processing method provided by the application is described in the following embodiment, and the embodiment is applied to a server for illustration by using the method, and the main steps include:

the method comprises the steps that firstly, a server determines a to-be-stored starting address and a to-be-stored ending address of current to-be-encrypted data in original to-be-encrypted data according to a starting address of an encryption memory and an ending address of the encryption memory under the condition that the data size of the original to-be-encrypted data is larger than the storage space of the encryption memory; and storing the current data to be encrypted in the original data to be encrypted into the encryption memory according to the initial address to be stored and the end address to be stored of the current data to be encrypted in the original data to be encrypted.

The data volume of the current data to be encrypted is smaller than or equal to the storage space of the encrypted memory.

Secondly, the server acquires a current encryption reading address in the encryption memory and a current storage ending address of the current data to be encrypted in the encryption memory in the process of encrypting the current data to be encrypted in the encryption memory; and determining the effective data quantity of the current data to be encrypted in the encrypted memory according to the current encryption reading address and the current storage ending address.

Thirdly, the server acquires the encrypted data volume of the original data to be encrypted; reading the next data to be encrypted of the current data to be encrypted from the original data to be encrypted under the condition that the effective data amount is smaller than the preset data amount and the sum of the encrypted data amount and the effective data amount is smaller than the data amount of the original data to be encrypted; under the condition that the sum of the encrypted data quantity and the effective data quantity is equal to the data quantity of the original data to be encrypted, confirming that the original data to be encrypted is completely stored in an encryption memory; after the current data to be encrypted in the encryption memory is encrypted, the original data to be encrypted is confirmed to be encrypted.

The sum of the data volume of the next data to be encrypted and the preset data volume is smaller than or equal to the storage space of the encrypted memory.

The fourth step, the server determines the initial address to be stored and the final address to be stored of the next data to be encrypted according to the current storage final address, the data volume of the next data to be encrypted, the initial address of the encrypted memory and the final address of the encrypted memory; and determining the address to be stored of the next data to be encrypted according to the start address to be stored and the end address to be stored of the next data to be encrypted.

And fifthly, the server stores the next data to be encrypted into the encryption memory according to the address to be stored of the next data to be encrypted, so that the next data to be encrypted is used as new data in the current data to be encrypted until the original data to be encrypted is encrypted.

According to the technical scheme provided by the embodiment, when the data volume of original data to be encrypted is larger than the storage space of the encryption memory, the current data to be encrypted is stored in the encryption memory, when the current data to be encrypted in the encryption memory is subjected to encryption processing, the effective data volume of the current data to be encrypted in the encryption memory is determined, when the effective data volume is smaller than the preset data volume, the next data to be encrypted is read from the original data to be encrypted, the next data to be encrypted is stored in the encryption memory and is used as new data in the current data to be encrypted until the encryption of the original data to be encrypted is completed; according to the scheme, the original data to be encrypted are stored into the encryption memory in blocks mainly according to the storage space of the encryption memory and the data quantity of the original data to be encrypted, and the next data to be encrypted is dynamically read in the encryption process, so that the efficiency and the accuracy of encryption processing are improved.

The encryption processing method provided by the application is described below by using an application example, and the application example is applied to a server by using the method for illustration, and the main steps include:

the first step, the server adds a memory state calculation module in an encryption module in the encryption system.

Referring to fig. 4 and fig. 5, the server includes an encryption system, the encryption system includes an encryption module, a bus, a data read-write bus and a register configuration bus, the encryption module includes an encryption module control logic and a hardware encryption computing core, the encryption module control logic includes a memory state computing module, and the memory state computing module includes a memory state register set and an operation logic of a related register value; the server may initiate an interrupt to write the original data to the memory request and an operation completion interrupt through the cryptographic module control logic.

Wherein the memory status register set refers to table 1.

TABLE 1

Second, two cases are discussed, the first, referring to FIG. 7, of the space usage of the encrypted memory segment: when the original data size S2 is smaller than or equal to the encrypted memory segment size S1, the server performs the following procedure: starting; 1, initializing; 2 writing the first original data; 3, encrypting the calculation process of the calculation core; 4, completing encryption calculation core calculation, triggering operation completion interrupt; resetting a memory state register; and (5) ending.

The server determines a memory segment allocated for encryption from the memory, wherein the size S1 of the encrypted memory segment is from a starting address a of the encrypted memory segment to an ending address B of the encrypted memory segment; in the initialization stage, the final address D pointed by the original data writing pointer and the memory address C pointed by the encryption core reading pointer are pointed at the encryption memory starting address A, the non-filling block indicates that the memory is empty or no effective data, and the encryption original data can be written into the memory; when writing the first original data, the memory address C pointed by the encryption calculation core read pointer points to the encryption memory initial address A, the final address D pointed by the original data write pointer written into the memory points to the final address of the black filling block, and the black filling block stores the original data which is not read by the encryption module; in the encryption calculation process, in fig. 7, the memory address C pointed by the encryption calculation core read pointer is marked, and the final address D pointed by the original data write pointer written into the memory is pointed by the final address of the black filling block; when the encryption calculation core is calculated, and the trigger operation is completed, the final address D pointed by the original data write pointer written into the memory coincides with the memory address C pointed by the encryption calculation core read pointer; when the memory status register is reset, the final address D pointed by the original data write pointer written into the memory and the memory address C pointed by the encryption core read pointer are pointed to the encryption memory starting address A.

For example, the server may obtain the value of the JM03 encrypted memory segment size S1 register by configuring the JM01 encrypted memory segment start address a register and the JM02 encrypted memory segment end address B register, while configuring the JM04 original data size S2 register; writing the first (and last) original data into the memory, wherein the final address D register pointed by the original data writing pointer of JM07 written into the memory changes as the "2 written first original data stage" in FIG. 7; after the configuration of the computing core configuration register, starting the encryption computing core to operate, and taking data by the encryption computing core to perform encryption operation, wherein the change of a memory address C register pointed by a JM05 encryption computing core read pointer is as the 3 encryption computing core calculation process in fig. 7; the encryption module control logic judges whether the sum of the value of the original data size S3 register which is already taken out by the JM06 encryption computing core and the effective original data size S4 in the JM08 current memory is the same as the value of the JM04 original data size S2 register, if so, the encryption computing core is considered to read all the original data, after the processing of the sent original data by the computing core is completed, an operation completion interrupt can be sent out to inform a computing system (computer system) that the data encryption operation is completed at the moment, and at the moment, the encryption computing core is completed as shown in figure 7"4; the JM10 memory status register reset registers are configured to reset the registers of the memory status register set, as shown in FIG. 7"5 for memory status registers.

Third, referring to fig. 8, the second case is the space usage of the encrypted memory segment: when the original data size S2 is larger than the encrypted memory segment size S1, the server performs the following procedure: starting; 1, initializing; 2 writing the first original data; 3, encrypting the calculation process of the calculation core; judging whether the effective original data size S4 in the current memory is smaller than the memory writing threshold of the computer system, if not, returning to the previous step, and if so, carrying out the next step; triggering the interrupt of writing the original data into the memory request (the encryption computing core continues the fetch computing); writing an nth original data stage (encryption calculation core continues to take the number for calculation), wherein n represents a number, and the number of the data is added with 1 when the step 5 is executed every time except that the step 2 is the first step; 6 encryption accounting procedures (same as stage 3); 7, executing a judging flow (the encryption calculation core continues to fetch the number to calculate); judging whether the effective original data size S4 in the current memory is smaller than the memory writing threshold of the computer system, if not, returning to the previous step, and if so, carrying out the next step; judging whether the sum of the original data size S3 which is already taken out by the encryption computing core and the effective original data size S4 in the current memory is equal to the original data size S2, if not, returning to the step 4, and if so, carrying out the next step; 8, triggering an operation completion interrupt after the encryption calculation core calculation is completely completed; 9 resetting the memory state register; and (5) ending.

The server determines a memory segment allocated for encryption from the memory, wherein the size S1 of the encrypted memory segment is from a starting address a of the encrypted memory segment to an ending address B of the encrypted memory segment; in the initialization stage, a final address D pointed by an original data write pointer written into the memory and a memory address C pointed by an encryption calculation core read pointer are pointed at an encryption memory initial address A;2, when writing the first original data, the memory address C pointed by the encryption calculation core read pointer points to the encryption memory initial address A, and the final address D pointed by the original data write pointer written into the memory points to the final address of the black filling block; 3 in the encryption calculation process, the memory address C pointed by the encryption calculation core read pointer and the final address D pointed by the original data write pointer written into the memory are marked in fig. 8, and the black filling block in this stage in fig. 8 represents the effective original data (current data to be encrypted) size S4 in the current memory; 4, when triggering the interrupt of writing the original data to the memory request, marking a memory address C pointed by the encryption computing core read pointer in fig. 8, and after the final address D … … pointed by the original data write pointer of the writing memory waits for the complete encryption computing core to complete the calculation, marking the final address D pointed by the original data write pointer of the writing memory and the memory address C pointed by the encryption computing core read pointer in fig. 8 to point to the same address when triggering the interrupt of the operation; 9 when the memory status register is reset, the final address D pointed by the original data write pointer written into the memory and the memory address C pointed by the encryption computing core read pointer are pointed to the encryption memory starting address A.

For example, the server (1) may obtain the value of the JM03 encrypted memory segment size S1 register by configuring the JM01 encrypted memory segment start address a register and the JM02 encrypted memory segment end address B register, and simultaneously configure the JM04 original data size S2 register, and configure the JM11 write original data to the memory request interrupt enable register to be 1 valid; (2) Writing a first original data into the memory, wherein the JM04 original data size S2 register value is larger than the JM03 encrypted memory segment size S1 register value, the first data is allowed to be maximally written into the memory (not forced), and the JM07 original data writing pointer points to a final address D register change as a first original data writing stage 2 in fig. 8; (3) After the configuration of the computing core configuration register, starting the encryption computing core to operate, and taking data by the encryption computing core to perform encryption operation, wherein the change of a memory address C register pointed by a JM05 encryption computing core read pointer is as the 3 encryption computing core calculation process in fig. 8; (4) When the value of the effective original data size S4 register in the JM08 current memory is smaller than the value of the JM09 computing system write memory threshold register, the interrupt of the original data write to the memory request is triggered, and the encryption computing core continuously and independently fetches the data; (5) Writing the nth original data into the memory by the computing system, wherein the encryption calculation core continuously and independently takes the number and the operation, n=2 when the step 5 is executed for the first time, n=3 when the step 5 is executed for the second time, and so on until the last original data (original data to be encrypted) of the operation is written; (6) Continuing to fetch data through the encryption computing core to carry out encryption operation, wherein the change of a memory address C register pointed by a JM05 encryption computing core read pointer is as a '6 encryption computing core computing process' in fig. 8; (7) When the value of the effective original data size S4 register in the JM08 current memory (current data to be encrypted) is smaller than the value of the JM09 computing system write memory threshold register again, the encryption module control logic judges whether the sum of the value of the original data size S3 register already fetched by the JM06 encryption computing core and the value of the effective original data size S2 register in the JM08 current memory is the same as the value of the JM04 original data size S2 register, if the sum of the value of the original data size S3 register already fetched by the JM06 encryption computing core and the value of the effective original data size S4 register in the JM08 current memory is smaller than the value of the JM04 original data size S2 register, the write original data is triggered again to the memory request interrupt, and the logic jumps back to the step (4), the step (4) is repeatedly executed from the step (5) and the step (7), if the sum of the value of the original data size S3 register already fetched by the JM06 encryption computing core and the effective original data size S4 in the JM08 current memory is equal to the value of the JM04, the step (8) is continued; (8) Judging whether the sum of the value of the original data size S3 register which is already taken out by the JM06 encryption computing core and the value of the effective original data size S4 in the JM08 current memory is the same as the value of the JM04 original data size S2 register or not through the encryption module control logic, if so, considering that the encryption computing core has read all the original data, after the processing of the sent original data by the computing core is completed, sending an operation completion interrupt to inform a computing system that the data encryption operation is completed at the moment, and triggering an operation completion interrupt after the computing of the encryption computing core is completely completed as shown in a figure 8"8; (9) The JM10 memory status register reset registers are configured to reset the registers of the memory status register set, as shown in FIG. 8"9 for memory status registers.

The improvement idea of the application example is as follows: for limited memory space for storing original data, when encryption operation is needed, a group of memory state register sets are used for representing the current state of the memory, the state is completed by a memory state calculating logic function, when the residual original data in the memory is smaller than or equal to a set threshold value, the original data can be considered to be supplemented, when the original data is required to be supplemented, a request interrupt for writing the original data into the memory is initiated, the computer system is required to supplement the original data into the memory space, thus, when the encryption computing core finishes reading the data before the interrupt for writing the original data into the memory, the operation can be continued by continuously reading the supplemented original data, and the hardware encryption computing core cannot be completely idle or idle too long at the stage of 'reading the data from a hard disk to the memory' of the system, so that the total duration of encryption operation is shortened.

In fig. 9, the server adds interruption of writing original data to the memory request, in the continuous calculation process of the encryption computing core, whether new original data need to be supplemented to the memory or not can be determined by monitoring the size of remaining original data in the memory, specifically, the server performs encryption operation according to configuration read data through the encryption computing core, reads the nth original data from the hard disk to the memory through the system, and triggers interruption of writing the original data to the memory request when the size S4 of the effective original data in the current memory is smaller than the memory writing threshold of the computer system, thereby avoiding idle waiting for filling the next original data after the encryption computing core processes the first original data, and enabling the computing core to perform encryption calculation in parallel because the remaining original data is in the memory when the system reads the nth original data from the hard disk after the interruption is triggered, and reducing waste of encryption computing core resources.

According to the technical scheme provided by the application example, when the size of the original data to be encrypted is larger than or far larger than the memory size allocated to encryption operation by a computing system under the limited memory condition, whether interruption of the original data writing to the memory request is generated or not is determined by judging the relation between the residual original data size in the current memory and the memory writing threshold of the computing system in a mode that the original data is written into the memory in a blocking manner is realized, so that the computing system can continuously supplement the original data writing under the condition that the original data in the memory is not exhausted, and can quickly obtain new original data after the current original data of the memory is taken from the perspective of encryption calculation core, and the total encryption time of the original data is shortened; in the process that the encryption calculation core takes the original data from the memory to carry out encryption operation, logic for monitoring the memory state in parallel is added, when the size of the residual original data in the memory is smaller than a set memory writing threshold value of the computing system, the interruption of the original data writing to the memory request is triggered, and when the computing system receives the interruption of the original data writing to the memory request, the next original data to be encrypted can be continuously written under the condition that the residual original data in the memory is not exhausted, so that the efficiency and the accuracy of encryption processing are improved.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

In an exemplary embodiment, a computer device is also provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.

In one exemplary embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method embodiments described above.

In an exemplary embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.

Claims

1. An encryption module controller, comprising:

2. The cryptographic module controller according to claim 1, wherein the memory state calculation module is further configured to store a data amount of the original data to be encrypted and an encrypted data amount of the original data to be encrypted;

3. The cryptographic module controller according to claim 2, wherein the control module is further configured to confirm that the original data to be encrypted has been stored entirely in the cryptographic memory if it is detected that the sum of the encrypted data amount and the effective data amount stored by the memory state calculation module is equal to the data amount of the original data to be encrypted; after the current data to be encrypted in the encrypted memory is encrypted, sending an operation completion interrupt to the computing system; the operation completion interrupt is used for indicating that the encryption of the original data to be encrypted is completed.

4. The cryptographic module controller according to claim 1, wherein the memory state calculation module includes a memory state register group and a register value calculation unit;

5. An encryption module, comprising:

a cryptographic module controller as in any one of claims 1-4;

6. An encryption system, comprising:

the encryption module of claim 5;

7. The encryption system of claim 6, wherein the computing system is further configured to store the current data to be encrypted in the original data to be encrypted into the encrypted memory if the data size of the original data to be encrypted is greater than the storage space of the encrypted memory; and the data volume of the current data to be encrypted is smaller than or equal to the storage space of the encryption memory.

8. The encryption system of claim 6, wherein the encryption system further comprises:

9. An encryption processing method, applied to an encryption module controller, comprising:

10. The encryption processing method according to claim 9, characterized in that the method further comprises:

11. The encryption processing method according to claim 10, characterized in that the method further comprises:

12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 9 to 11.