CN117910055A - Encryption transmission method and device for chip data, chip and storage medium - Google Patents
Encryption transmission method and device for chip data, chip and storage medium Download PDFInfo
- Publication number
- CN117910055A CN117910055A CN202311838633.5A CN202311838633A CN117910055A CN 117910055 A CN117910055 A CN 117910055A CN 202311838633 A CN202311838633 A CN 202311838633A CN 117910055 A CN117910055 A CN 117910055A
- Authority
- CN
- China
- Prior art keywords
- data
- data information
- information
- abnormal
- similarity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 51
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000002159 abnormal effect Effects 0.000 claims abstract description 289
- 238000012545 processing Methods 0.000 claims abstract description 164
- 230000002779 inactivation Effects 0.000 claims abstract description 46
- 238000004590 computer program Methods 0.000 claims abstract description 23
- 238000012216 screening Methods 0.000 claims description 9
- 230000011218 segmentation Effects 0.000 claims description 5
- 230000000694 effects Effects 0.000 abstract description 8
- 230000008569 process Effects 0.000 description 7
- 230000006378 damage Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Abstract
The application relates to an encryption transmission method, device, chip, storage medium and computer program product of chip data, and relates to the technical field of chips. The application can improve the safety protection effect of the chip. The method comprises the following steps: acquiring data processing requests received by a chip, and identifying data information corresponding to each data processing request; identifying the similarity between the data information, and carrying out clustering processing on the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information; identifying abnormal code information in the abnormal data information, and performing code inactivation treatment on the abnormal code information to obtain inactivated data information; performing first data encryption processing on normal data information except abnormal data information in the data information to obtain first encrypted data, and performing second data encryption processing on deactivated data information to obtain second encrypted data; and carrying out data transmission on the first encrypted data and each second encrypted data.
Description
Technical Field
The present application relates to the field of chip technologies, and in particular, to an encryption transmission method and apparatus for chip data, a chip, a storage medium, and a computer program product.
Background
With the rapid development of integrated circuit chips, when data interaction processing tasks are performed by a plurality of chips, the need for multiple data transmission between the plurality of chips is increasing. However, when the chip accepts the data processing request, the data processing request packaged by the malicious client may be received, which causes the chip to leak the processed data information in the data transmission process and affects the normal operation of the chip.
In the traditional technology, the chip data is transmitted by carrying out common encryption on the transmitted data and then carrying out interactive transmission, but the method cannot avoid the damage of packaged malicious data information on the encrypted data, so that the chip has lower safety protection effect.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a method, an apparatus, a chip, a computer-readable storage medium, and a computer program product for encrypted transmission of chip data.
In a first aspect, the present application provides an encrypted transmission method for chip data. The method comprises the following steps:
Acquiring data processing requests received by a chip, and identifying data information corresponding to each data processing request;
Identifying the similarity between the data information, and carrying out clustering processing on the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information;
identifying abnormal code information in the abnormal data information, and performing code inactivation treatment on the abnormal code information to obtain inactivated data information;
Performing first data encryption processing on each piece of normal data information except the abnormal data information in each piece of data information to obtain first encrypted data, and performing second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data;
and carrying out data transmission on the first encrypted data and each second encrypted data.
In one embodiment, the identifying the data information corresponding to each data processing request includes:
Identifying a request port and a data type of the data processing request for each data processing request, and extracting a data processing task of the data processing request and data content corresponding to the data processing request; and using the request port and the data type as data identification of the data content, and using the data content and the data processing task as data information corresponding to the data processing request.
In one embodiment, the identifying the similarity between the data information includes:
Determining first similarity between the data information based on the data identification of the data information, and judging whether the first similarity between the data information is larger than a similarity threshold value or not; for each first data information with the first similarity being greater than a similarity threshold, determining second similarity among the first data information based on a data processing task of each first data information, identifying a data structure of data content of each first data information, and calculating third similarity among the first data information based on the data structure; determining the similarity between the first data information based on the first similarity, the second similarity and the third similarity between the first data information; regarding each second data information of which the first similarity is not greater than the similarity threshold, taking the first similarity between the second data information as the similarity between the second data information.
In one embodiment, the clustering processing is performed on each data information based on the similarity between each data information to obtain a plurality of discrete abnormal data information, including:
Clustering the data information based on the first similarity among the data information to obtain a plurality of data groups and a plurality of discrete first abnormal data information; for each data set, clustering each data information in the data set based on a second similarity and a third similarity between each data information in the data set to obtain each discrete second abnormal data information; and using each of the first abnormal data information and each of the second abnormal data information as the plurality of discrete abnormal data information.
In one embodiment, the identifying the abnormal code information in the abnormal data information includes:
When the abnormal data information is first abnormal data information, identifying code sequences of the first abnormal data information, and carrying out segmentation processing on the code sequences to obtain code segments of the first abnormal data information; for each code sequence, inquiring a code segment which does not belong to the white list database in the code white list database as an abnormal code segment, and taking all abnormal code segments of the code sequence as abnormal code information of abnormal data information corresponding to the code sequence; when the abnormal data information is second abnormal data information, screening data information with highest similarity with the second abnormal data information in each data information to serve as target data information, and identifying code segments with different code sequences of the second abnormal data information and the target data information as candidate abnormal code segments; identifying difference information between the candidate abnormal code segment of the second abnormal data information and the code segment of the target data information, and a difference type of the difference information; and taking the candidate abnormal code segments as target abnormal code segments and taking each target abnormal code segment of the second abnormal data information as the abnormal code information of the abnormal data information under the condition that the difference type is the code structure difference type.
In one embodiment, the performing code inactivation processing on the abnormal code information to obtain inactivation data information includes:
acquiring code inactivation label information, and identifying a target position corresponding to an abnormal code segment in each abnormal code information; and adding the code inactivation label information to the target position of each abnormal code segment to obtain inactivation data information corresponding to each abnormal data information.
In one embodiment, the performing first data encryption processing on each normal data information except for the abnormal data information in each data information to obtain first encrypted data, and performing second data encryption processing on each deactivated data information to obtain each second encrypted data respectively includes:
Generating private key information of each piece of normal data information based on the data content of each piece of normal data information, and generating public key information of each piece of normal data information based on the data identification of each piece of normal data information; encrypting each piece of normal data information based on the private key information and the public key information of each piece of normal data information to obtain first encrypted data; and respectively carrying out hash encryption processing on each piece of the inactivated data information to obtain second encrypted data corresponding to each piece of the inactivated data information.
In a second aspect, the application further provides an encryption transmission device of the chip data. The device comprises:
The information identification module is used for acquiring the data processing requests received by the chip and identifying the data information corresponding to each data processing request;
the clustering processing module is used for identifying the similarity between the data information, and clustering the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information;
the inactivation processing module is used for identifying the abnormal code information in the abnormal data information and carrying out code inactivation processing on the abnormal code information to obtain inactivation data information;
The data encryption module is used for carrying out first data encryption processing on each piece of normal data information except the abnormal data information in each piece of data information to obtain first encrypted data, and carrying out second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data;
And the data transmission module is used for carrying out data transmission on the first encrypted data and each second encrypted data.
In a third aspect, the application also provides a chip. The chip comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the following steps when executing the computer program:
Acquiring data processing requests received by a chip, and identifying data information corresponding to each data processing request; identifying the similarity between the data information, and carrying out clustering processing on the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information; identifying abnormal code information in the abnormal data information, and performing code inactivation treatment on the abnormal code information to obtain inactivated data information; performing first data encryption processing on each piece of normal data information except the abnormal data information in each piece of data information to obtain first encrypted data, and performing second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data; and carrying out data transmission on the first encrypted data and each second encrypted data.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
Acquiring data processing requests received by a chip, and identifying data information corresponding to each data processing request; identifying the similarity between the data information, and carrying out clustering processing on the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information; identifying abnormal code information in the abnormal data information, and performing code inactivation treatment on the abnormal code information to obtain inactivated data information; performing first data encryption processing on each piece of normal data information except the abnormal data information in each piece of data information to obtain first encrypted data, and performing second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data; and carrying out data transmission on the first encrypted data and each second encrypted data.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:
Acquiring data processing requests received by a chip, and identifying data information corresponding to each data processing request; identifying the similarity between the data information, and carrying out clustering processing on the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information; identifying abnormal code information in the abnormal data information, and performing code inactivation treatment on the abnormal code information to obtain inactivated data information; performing first data encryption processing on each piece of normal data information except the abnormal data information in each piece of data information to obtain first encrypted data, and performing second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data; and carrying out data transmission on the first encrypted data and each second encrypted data.
According to the encryption transmission method, the encryption transmission device, the encryption transmission chip, the encryption transmission storage medium and the encryption transmission computer program product for the chip data, the abnormal data information is screened out by calculating the similarity between the data information, the abnormal code information in the abnormal data information is identified, and the code inactivation treatment is carried out on the abnormal code information to obtain the inactivated data information, so that the abnormal data information is prevented from being transmitted outwards, the abnormal data information is prevented from running independently and stealing the data information of the chip in the chip transmission process, and the information damage risk and the like of the abnormal data information in the data processing process of the chip are also prevented. And finally, encrypting the normal data information and the inactivated data information respectively to obtain first encrypted data and second encrypted data, thereby reducing the risk of damaging the normal data information by abnormal malicious data information and effectively improving the safety protection effect of the chip.
Drawings
FIG. 1 is a flow chart of a method for encrypted transmission of chip data in one embodiment;
FIG. 2 is a flowchart illustrating a step of identifying similarities between data messages according to one embodiment;
FIG. 3 is a flow chart illustrating a method for encrypted transmission of chip data in one embodiment;
FIG. 4 is a block diagram of an encryption transmission device for chip data in one embodiment;
Fig. 5 is an internal structural diagram of a chip in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In one embodiment, as shown in fig. 1, an encryption transmission method of chip data is provided, and this embodiment is applied to a terminal for illustration by using the method, it can be understood that the method can also be applied to application environments of an internet of things chip, an integrated circuit chip and a server, and can also be applied to a system including the terminal and the server, and is implemented through interaction between the terminal and the server. The terminal can be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers and the like; the server may be implemented as a stand-alone server or as a server cluster composed of a plurality of servers. In this embodiment, the method includes the steps of:
step S101, data processing requests received by a chip are acquired, and data information corresponding to each data processing request is identified.
Specifically, the terminal monitors request messages sent to the chip by each port in real time, and screens data processing request messages in the request messages; then, the terminal extracts the information content in each data processing request to obtain the data information corresponding to each data processing request.
The information content is used for representing each component part of the data information corresponding to the data processing request.
Step S102, the similarity between the data information is identified, and based on the similarity between the data information, clustering processing is performed on the data information to obtain a plurality of discrete abnormal data information.
Wherein the similarity between the data information includes a similarity between information contents of the data information.
Wherein the discrete abnormal data information includes discrete data information compared to all data information, and discrete data information in each data group.
Specifically, the terminal identifies the similarity between the data information, and performs clustering processing on the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information.
Step S103, identifying the abnormal code information in the abnormal data information, and performing code inactivation treatment on the abnormal code information to obtain the inactivated data information.
The inactivation processing mode can be to add specific characters at two ends of the abnormal code information, so that the section of code cannot normally run.
Specifically, the terminal identifies the abnormal code information in the abnormal data information, and performs code inactivation treatment on the abnormal code information to obtain the inactivated data information.
Step S104, performing first data encryption processing on each piece of normal data information except for the abnormal data information in each piece of data information to obtain first encrypted data, and performing second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data.
The processing modes of the first data encryption processing and the second data encryption processing are different, the first data encryption processing is bidirectional encryption processing, and the second data encryption processing is single data encryption processing.
It should be noted that, the purpose of performing the single data encryption processing on the deactivated data information is to destroy the data structure of the deactivated data information, and prevent the data information from radiating signals outwards, running automatically, recording data, and the like, thereby eliminating the destruction function of the data information on the integrated circuit chip, and simultaneously, avoiding the situation that the abnormal data information is deleted directly to cause the erroneous deletion of new data information.
Specifically, the terminal performs first data encryption processing on each piece of normal data information before each piece of different data information is removed to obtain first encrypted data, and performs second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data.
Step S105, data transmission is performed on the first encrypted data and each of the second encrypted data.
Specifically, the terminal performs data transmission processing on the first encrypted data and each second encrypted data, and the data encryption transmission task of the chip is completed.
According to the encryption transmission method for the chip data, the abnormal data information is screened out by calculating the similarity between the data information, the abnormal code information in the abnormal data information is identified, and the abnormal code information is subjected to code inactivation treatment to obtain the inactivated data information, so that the abnormal data information is prevented from being transmitted outwards, the abnormal data information is prevented from running independently and stealing the data information of the chip in the chip transmission process, and the risk of information damage of the abnormal data information in the data processing process of the chip is also avoided. And finally, encrypting the normal data information and the inactivated data information respectively to obtain first encrypted data and second encrypted data, thereby reducing the risk of damaging the normal data information by abnormal malicious data information and effectively improving the safety protection effect of the chip.
In one embodiment, in the step S101, the identifying the data information corresponding to each data processing request specifically includes the following steps:
Identifying a request port and a data type of the data processing request for each data processing request, and extracting a data processing task of the data processing request and data content corresponding to the data processing request; and using the request port and the data type as data identification of the data content, and using the data content and the data processing task as data information corresponding to the data processing request.
The data types include, but are not limited to, text data, picture data, audio data, table data, and the like.
Wherein the data content comprises a code sequence of the data.
Specifically, the terminal identifies a request port data type of the data processing request for each data processing request, and extracts a data processing task of the data processing request and a data content corresponding to the data processing request. Then, the terminal uses the request port and the data type as data identification of the data content, and uses the data content and the data processing task as data information corresponding to the data processing request.
In this embodiment, the information content of each aspect in the data processing request is extracted, so that the data information corresponding to the data processing request is obtained, and the comprehensiveness of obtaining the data information is improved.
In one embodiment, as shown in fig. 2, in the step S102, the similarity between the data information is identified, which specifically includes the following steps:
Step S201, based on the data identification of each data information, determining the first similarity between each data information, and judging whether the first similarity between each data information is larger than a similarity threshold.
Step S202, for each first data information with the first similarity greater than the similarity threshold, determining a second similarity between the first data information based on the data processing task of each first data information, identifying the data structure of the data content of each first data information, and calculating a third similarity between the first data information based on the data structure; the similarity between the first data information is determined based on the first similarity, the second similarity, and the third similarity between the first data information.
In step S203, for each second data information whose first similarity is not greater than the similarity threshold, the first similarity between each second data information is taken as the similarity between each second data information.
The first similarity is determined in such a way that when the source ports are the same, the first similarity is 1, when the source ports are different, the first similarity is 0, when the data types are the same, the first similarity is 1, when the data types are different, the first similarity is 0, and the proportion of the source ports and the data types is 50%; for example, if the source ports of a and B are the same and the data types are different, the first similarity between a and B is 50%; the source ports of A and B are different and the data types are the same, and the first similarity of A and B is 50%; the source ports and data types of A and B are the same, and the first similarity of A and B is 100%.
The third similarity is calculated by a similarity distance algorithm such as a mahalanobis distance algorithm and a Euclidean distance algorithm.
Specifically, the terminal determines a first similarity between the data information based on the data identification of the data information, and determines whether the first similarity between the data information is greater than a similarity threshold. The terminal determines second similarity among the data information based on the data processing task of the data information for each data information with the first similarity larger than the similarity threshold, identifies the data structure of the data content of the data information, and calculates third similarity among the data information based on the data structure of the data information. Finally, the terminal determines the similarity between the data information based on the first similarity between the data information, the second similarity between the data information, and the third similarity between the data information. The terminal identifies, for each data information having a first similarity not greater than a similarity threshold, the first similarity between the data information as the similarity between the data information.
In this embodiment, by calculating a plurality of similarities, the similarities between the individual data are obtained, and accuracy of calculating the similarities is improved.
In one embodiment, in the step S102, clustering is performed on each data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information, which specifically includes the following steps:
Clustering the data information based on the first similarity among the data information to obtain a plurality of data groups and a plurality of discrete first abnormal data information; for each data set, clustering each data information in the data set based on a second similarity and a third similarity between each data information in the data set to obtain each discrete second abnormal data information; and using each of the first abnormal data information and each of the second abnormal data information as the plurality of discrete abnormal data information.
The first abnormal data information is data information which is discrete from each data group.
The second abnormal data information is data information which is discrete from each data information in the data group.
Specifically, the terminal performs clustering processing on each data information based on a first similarity between each data information to obtain a plurality of data groups and a plurality of discrete first abnormal data information. And for each data group, the terminal performs clustering processing on each data information in the data group based on the second similarity and the third similarity among the data information in the data group to obtain each discrete second abnormal data information. The specific clustering method is that the average value between the second similarity and the third similarity among the data information is calculated for the terminal, the average similarity among the data information is obtained, and the terminal performs clustering on the data information based on the average similarity. Finally, the terminal uses each first abnormal data information and each second abnormal data information as a plurality of discrete abnormal data information.
In this embodiment, the accuracy of screening the abnormal data information is improved by screening the global discrete abnormal data information and the local discrete abnormal data information respectively.
In one embodiment, in the step S103, based on the identifying abnormal code information in the abnormal data information, the method specifically includes the following steps:
When the abnormal data information is first abnormal data information, identifying code sequences of the first abnormal data information, and carrying out segmentation processing on the code sequences to obtain code segments of the first abnormal data information; for each code sequence, inquiring a code segment which does not belong to the white list database in the code white list database as an abnormal code segment, and taking all abnormal code segments of the code sequence as abnormal code information of abnormal data information corresponding to the code sequence; when the abnormal data information is the second abnormal data information, screening the data information with highest similarity with the second abnormal data information in each data information to serve as target data information, and identifying code segments with different code sequences of the second abnormal data information and the target data information as candidate abnormal code segments; identifying difference information between the candidate abnormal code segment of the second abnormal data information and the code segment of the target data information, and a difference type of the difference information; in the case where the difference type is the code structure difference type, the candidate abnormal code segment is taken as the target abnormal code segment, and each target abnormal code segment of the second abnormal data information is taken as the abnormal code information of the abnormal data information.
The white list database comprises a white list code section recorded by staff, a cloud-stored white list code section of an internet open source, a white list code section summarized based on experience of professionals and the like.
Wherein the difference types include, but are not limited to, code structure differences, substantial content differences, code form differences, and the like.
Specifically, when the abnormal data information is first abnormal data information, the terminal identifies the code sequence of each first abnormal data information, and performs segmentation processing on each code sequence to obtain code segments of each first abnormal data information. Then, the terminal queries, for each code sequence, code segments in the code white list database, which do not belong to the white list database, as abnormal code segments, and uses all abnormal code segments of the code sequence as abnormal code information of abnormal data information corresponding to the code sequence. When the abnormal data information is the second abnormal data information, the terminal screens the data information with highest similarity with the abnormal data information from the data information as target data information. Then, the terminal identifies, as a candidate abnormal code segment, a code segment whose code sequence of the abnormal data information is different from that of the target data information. The terminal identifies difference information between the candidate abnormal code segment of the abnormal data information and the code segment of the target data information, and identifies a difference type of the difference information. In the case that the difference type is a code structure difference type, the terminal takes the candidate abnormal code segment as a target abnormal code segment and takes each target abnormal code segment of the abnormal data information as the abnormal code information of the abnormal data information.
In this embodiment, the white list is queried to screen the abnormal code segments, so that the comprehensiveness of screening the abnormal code segments is improved, and the abnormal code segments are determined by screening the target data information, so that the packaged abnormal data information is eliminated, and the protection effect on the packaged abnormal data information is improved.
In one embodiment, in the step S103, the code inactivation process is performed on the abnormal code information to obtain the inactivated data information, which specifically includes the following steps:
Acquiring code inactivation label information, and identifying a target position corresponding to an abnormal code segment in each abnormal code information; and adding code inactivation label information to the target position of each abnormal code segment to obtain inactivation data information corresponding to each abnormal data information.
Specifically, the terminal acquires code inactivation tag information and identifies an abnormal code segment in each abnormal code information and a target position corresponding to each abnormal code segment. And then, adding code inactivation label information to the target position of each abnormal code segment by the terminal to obtain inactivation data information corresponding to each abnormal data information.
In this embodiment, the inactivation tag information is added to inactivate the abnormal code information, so as to avoid outward transmission of each data information by the abnormal data information, avoid autonomous operation of the abnormal data information in the chip transmission process and theft of the data information of the chip, and avoid risk of information destruction of the abnormal data information in the data processing process of the chip.
In one embodiment, in the step S104, first data encryption processing is performed on each normal data information except for the abnormal data information in each data information to obtain first encrypted data, and second data encryption processing is performed on each inactivated data information to obtain each second encrypted data, which specifically includes the following steps:
Generating private key information of each normal data information based on the data content of each normal data information, and generating public key information of each normal data information based on the data identification of each normal data information; encrypting each piece of normal data information based on the private key information and the public key information of each piece of normal data information to obtain first encrypted data; and respectively carrying out hash encryption processing on each piece of inactivated data information to obtain second encrypted data corresponding to each piece of inactivated data information.
The first encryption processing mode may be a blockchain encryption mode.
The second encryption data processing mode may be a one-way encryption mode.
Specifically, the terminal generates private key information of each normal data information based on the data content of each normal data information, and generates public key information of each normal data information based on the data identification of each normal data information. Then, the terminal encrypts each piece of normal data information based on the private key information of each piece of normal data information and the public key information of each piece of normal data information to obtain first encrypted data. The terminal carries out hash encryption processing on each piece of inactivated data information to obtain second encrypted data corresponding to each piece of inactivated data information.
In the embodiment, the situation that normal data information is interfered and destroyed can be avoided by a block chain encryption mode, so that the safety protection effect on the normal data information is improved; through the single encryption mode, the risk that normal data information is damaged by abnormal data information is reduced, and therefore the safety protection effect of the chip is improved.
In one embodiment, as shown in fig. 3, a method for encrypting and transmitting chip data in a specific embodiment is provided, which specifically includes the following steps:
Step S301, obtaining data processing requests received by a chip, identifying a request port and a data type of the data processing requests aiming at each data processing request, and extracting data processing tasks of the data processing requests and data contents corresponding to the data processing requests; the request port and the data type are used as data identification of the data content, and the data content and the data processing task are used as data information corresponding to the data processing request.
Step S302, based on the data identification of each data information, determining a first similarity between each data information, and judging whether the first similarity between each data information is larger than a similarity threshold.
Step S303, for each first data information with the first similarity greater than the similarity threshold, determining a second similarity between each first data information based on the data processing task of each first data information, identifying the data structure of the data content of each first data information, and calculating a third similarity between each first data information based on the data structure; the similarity between the first data information is determined based on the first similarity, the second similarity, and the third similarity between the first data information.
Step S304, regarding each second data information with the first similarity not greater than the similarity threshold, the first similarity between the second data information is taken as the similarity between the second data information.
Step S305, clustering the data information based on the first similarity among the data information to obtain a plurality of data groups and a plurality of discrete first abnormal data information; clustering the data information in the data groups based on the second similarity and the third similarity among the data information in the data groups to obtain discrete second abnormal data information; the first abnormal data information and the second abnormal data information are used as a plurality of discrete abnormal data information.
Step S306, when the abnormal data information is the first abnormal data information, identifying the code sequence of each first abnormal data information, and carrying out segmentation processing on each code sequence to obtain code segments of each first abnormal data information; for each code sequence, inquiring the code segments which do not belong to the white list database in the code white list database as abnormal code segments, and taking all abnormal code segments of the code sequence as abnormal code information of abnormal data information corresponding to the code sequence.
Step S307, when the abnormal data information is the second abnormal data information, screening the data information with highest similarity with the second abnormal data information in each data information as target data information, and identifying the code segments with different code sequences of the second abnormal data information and the target data information as candidate abnormal code segments; identifying difference information between the candidate abnormal code segment of the second abnormal data information and the code segment of the target data information, and a difference type of the difference information; in the case where the difference type is the code structure difference type, the candidate abnormal code segment is taken as the target abnormal code segment, and each target abnormal code segment of the second abnormal data information is taken as the abnormal code information of the abnormal data information.
Step S308, code inactivation label information is obtained, and the target position corresponding to the abnormal code segment in each abnormal code information is identified; and adding code inactivation label information to the target position of each abnormal code segment to obtain inactivation data information corresponding to each abnormal data information.
Step S309, generating private key information of each normal data information based on the data content of each normal data information, and generating public key information of each normal data information based on the data identifier of each normal data information; encrypting each piece of normal data information based on the private key information and the public key information of each piece of normal data information to obtain first encrypted data; and respectively carrying out hash encryption processing on each piece of inactivated data information to obtain second encrypted data corresponding to each piece of inactivated data information.
Step S310, data transmission is performed on the first encrypted data and each second encrypted data.
The beneficial effects brought by the embodiment are as follows:
According to the scheme, the abnormal data information is screened out by calculating the similarity between the data information, the abnormal code information in the abnormal data information is identified, and the code inactivation treatment is carried out on the abnormal code information to obtain the inactivated data information, so that the abnormal data information is prevented from being transmitted outwards, the abnormal data information is prevented from running independently in the chip transmission process and stealing the data information of the chip, and the information damage risk and the like of the abnormal data information in the data processing process of the chip are also avoided. And finally, encrypting the normal data information and the inactivated data information respectively to obtain first encrypted data and second encrypted data, thereby reducing the risk of damaging the normal data information by abnormal malicious data information and effectively improving the safety protection effect of the chip.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides an encryption transmission device for chip data, which is used for realizing the above related encryption transmission method for chip data. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of the encryption transmission device for chip data provided below may refer to the limitation of the encryption transmission method for chip data hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 4, there is provided an encrypted transmission device for chip data, including:
The information identifying module 401 is configured to obtain data processing requests received by the chip, and identify data information corresponding to each data processing request;
The clustering module 402 is configured to identify a similarity between each data information, and perform clustering processing on each data information based on the similarity between each data information to obtain a plurality of discrete abnormal data information;
The inactivation processing module 403 is configured to identify abnormal code information in the abnormal data information, and perform code inactivation processing on the abnormal code information to obtain inactivated data information;
The data encryption module 404 is configured to perform a first data encryption process on each normal data information except for the abnormal data information in each data information to obtain first encrypted data, and perform a second data encryption process on each deactivated data information to obtain each second encrypted data;
The data transmission module 405 is configured to perform data transmission on the first encrypted data and each second encrypted data.
In one embodiment, the information identifying module 401 is further configured to identify, for each data processing request, a request port and a data type of the data processing request, and extract a data processing task of the data processing request and a data content corresponding to the data processing request; the request port and the data type are used as data identification of the data content, and the data content and the data processing task are used as data information corresponding to the data processing request.
In one embodiment, the cluster processing module 402 is further configured to determine a first similarity between the data information based on the data identifier of each data information, and determine whether the first similarity between the data information is greater than a similarity threshold; for each first data information with the first similarity greater than the similarity threshold, determining second similarity among the first data information based on the data processing task of each first data information, identifying the data structure of the data content of each first data information, and calculating third similarity among the first data information based on the data structure; determining the similarity between the first data information based on the first similarity, the second similarity and the third similarity between the first data information; for each second data information of which the first similarity is not greater than the similarity threshold, the first similarity between the second data information is taken as the similarity between the second data information.
In one embodiment, the clustering module 402 is further configured to perform clustering processing on each data information based on a first similarity between each data information, to obtain a plurality of data groups and a plurality of discrete first abnormal data information; clustering the data information in the data groups based on the second similarity and the third similarity among the data information in the data groups to obtain discrete second abnormal data information; the first abnormal data information and the second abnormal data information are used as a plurality of discrete abnormal data information.
In one embodiment, the inactivation processing module 403 is further configured to identify a code sequence of each first abnormal data information when the abnormal data information is the first abnormal data information, and perform segment processing on each code sequence to obtain a code segment of each first abnormal data information; for each code sequence, inquiring a code segment which does not belong to the white list database in the code white list database as an abnormal code segment, and taking all abnormal code segments of the code sequence as abnormal code information of abnormal data information corresponding to the code sequence; when the abnormal data information is the second abnormal data information, screening the data information with highest similarity with the second abnormal data information in each data information to serve as target data information, and identifying code segments with different code sequences of the second abnormal data information and the target data information as candidate abnormal code segments; identifying difference information between the candidate abnormal code segment of the second abnormal data information and the code segment of the target data information, and a difference type of the difference information; in the case where the difference type is the code structure difference type, the candidate abnormal code segment is taken as the target abnormal code segment, and each target abnormal code segment of the second abnormal data information is taken as the abnormal code information of the abnormal data information.
In one embodiment, the inactivation processing module 403 is further configured to obtain code inactivation tag information, and identify a target location corresponding to the abnormal code segment in each abnormal code information; and adding code inactivation label information to the target position of each abnormal code segment to obtain inactivation data information corresponding to each abnormal data information.
In one embodiment, the data transmission module 405 is further configured to generate private key information of each normal data information based on the data content of each normal data information, and generate public key information of each normal data information based on the data identifier of each normal data information; encrypting each piece of normal data information based on the private key information and the public key information of each piece of normal data information to obtain first encrypted data; and respectively carrying out hash encryption processing on each piece of inactivated data information to obtain second encrypted data corresponding to each piece of inactivated data information.
The above-mentioned various modules in the encryption transmission device of chip data may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or independent of a processor in a chip, or may be stored in software in a memory in the chip, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a chip is provided, the internal structure of which may be as shown in FIG. 5. The chip includes a processor, a memory, an input/output interface, and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the chip is configured to provide computing and control capabilities. The memory of the chip includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the chip is used for exchanging information between the processor and the external device. The communication interface of the chip is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program, when executed by a processor, implements a method for encrypted transmission of chip data.
It will be appreciated by those skilled in the art that the structure shown in fig. 5 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the chip to which the present inventive arrangements are applied, and that a particular chip may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, there is also provided a chip including a memory and a processor, the memory storing a computer program, the processor implementing the steps of the method embodiments described above when executing the computer program.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile memory may include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high density embedded nonvolatile memory, resistive random access memory (ReRAM), magneto-resistive random access memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric memory (Ferroelectric Random Access Memory, FRAM), phase change memory (PHASE CHANGE memory, PCM), graphene memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.
Claims (10)
1. A method for encrypted transmission of chip data, the method comprising:
Acquiring data processing requests received by a chip, and identifying data information corresponding to each data processing request;
Identifying the similarity between the data information, and carrying out clustering processing on the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information;
identifying abnormal code information in the abnormal data information, and performing code inactivation treatment on the abnormal code information to obtain inactivated data information;
Performing first data encryption processing on each piece of normal data information except the abnormal data information in each piece of data information to obtain first encrypted data, and performing second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data;
and carrying out data transmission on the first encrypted data and each second encrypted data.
2. The method of claim 1, wherein identifying data information corresponding to each of the data processing requests comprises:
Identifying a request port and a data type of the data processing request for each data processing request, and extracting a data processing task of the data processing request and data content corresponding to the data processing request;
And using the request port and the data type as data identification of the data content, and using the data content and the data processing task as data information corresponding to the data processing request.
3. The method of claim 2, wherein said identifying a similarity between each of said data messages comprises:
Determining first similarity between the data information based on the data identification of the data information, and judging whether the first similarity between the data information is larger than a similarity threshold value or not;
For each first data information with the first similarity being greater than a similarity threshold, determining second similarity among the first data information based on a data processing task of each first data information, identifying a data structure of data content of each first data information, and calculating third similarity among the first data information based on the data structure; determining the similarity between the first data information based on the first similarity, the second similarity and the third similarity between the first data information;
Regarding each second data information of which the first similarity is not greater than the similarity threshold, taking the first similarity between the second data information as the similarity between the second data information.
4. The method of claim 3, wherein clustering each of the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information comprises:
Clustering the data information based on the first similarity among the data information to obtain a plurality of data groups and a plurality of discrete first abnormal data information;
for each data set, clustering each data information in the data set based on a second similarity and a third similarity between each data information in the data set to obtain each discrete second abnormal data information;
and using each of the first abnormal data information and each of the second abnormal data information as the plurality of discrete abnormal data information.
5. The method of claim 4, wherein the identifying the anomaly code information in the anomaly data information comprises:
When the abnormal data information is first abnormal data information, identifying code sequences of the first abnormal data information, and carrying out segmentation processing on the code sequences to obtain code segments of the first abnormal data information;
For each code sequence, inquiring a code segment which does not belong to the white list database in the code white list database as an abnormal code segment, and taking all abnormal code segments of the code sequence as abnormal code information of abnormal data information corresponding to the code sequence;
When the abnormal data information is second abnormal data information, screening data information with highest similarity with the second abnormal data information in each data information to serve as target data information, and identifying code segments with different code sequences of the second abnormal data information and the target data information as candidate abnormal code segments;
Identifying difference information between the candidate abnormal code segment of the second abnormal data information and the code segment of the target data information, and a difference type of the difference information;
And taking the candidate abnormal code segments as target abnormal code segments and taking each target abnormal code segment of the second abnormal data information as the abnormal code information of the abnormal data information under the condition that the difference type is the code structure difference type.
6. The method according to claim 1, wherein the performing the code inactivation processing on the anomaly code information to obtain the inactivation data information includes:
Acquiring code inactivation label information, and identifying a target position corresponding to an abnormal code segment in each abnormal code information;
and adding the code inactivation label information to the target position of each abnormal code segment to obtain inactivation data information corresponding to each abnormal data information.
7. The method according to any one of claims 1 to 6, wherein said performing first data encryption processing on each of the normal data information other than the abnormal data information in each of the data information to obtain first encrypted data, and performing second data encryption processing on each of the deactivated data information to obtain each of the second encrypted data, respectively, comprises:
Generating private key information of each piece of normal data information based on the data content of each piece of normal data information, and generating public key information of each piece of normal data information based on the data identification of each piece of normal data information;
Encrypting each piece of normal data information based on the private key information and the public key information of each piece of normal data information to obtain first encrypted data;
And respectively carrying out hash encryption processing on each piece of the inactivated data information to obtain second encrypted data corresponding to each piece of the inactivated data information.
8. An encrypted transmission device for chip data, the device comprising:
The information identification module is used for acquiring the data processing requests received by the chip and identifying the data information corresponding to each data processing request;
the clustering processing module is used for identifying the similarity between the data information, and clustering the data information based on the similarity between the data information to obtain a plurality of discrete abnormal data information;
the inactivation processing module is used for identifying the abnormal code information in the abnormal data information and carrying out code inactivation processing on the abnormal code information to obtain inactivation data information;
The data encryption module is used for carrying out first data encryption processing on each piece of normal data information except the abnormal data information in each piece of data information to obtain first encrypted data, and carrying out second data encryption processing on each piece of inactivated data information to obtain each piece of second encrypted data;
And the data transmission module is used for carrying out data transmission on the first encrypted data and each second encrypted data.
9. A chip comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311838633.5A CN117910055A (en) | 2023-12-28 | 2023-12-28 | Encryption transmission method and device for chip data, chip and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311838633.5A CN117910055A (en) | 2023-12-28 | 2023-12-28 | Encryption transmission method and device for chip data, chip and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117910055A true CN117910055A (en) | 2024-04-19 |
Family
ID=90689004
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311838633.5A Pending CN117910055A (en) | 2023-12-28 | 2023-12-28 | Encryption transmission method and device for chip data, chip and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117910055A (en) |
-
2023
- 2023-12-28 CN CN202311838633.5A patent/CN117910055A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180285596A1 (en) | System and method for managing sensitive data | |
| US20150039903A1 (en) | Masking query data access pattern in encrypted data | |
| US20230385417A1 (en) | Coordinate-system-based data protection techniques | |
| US10083194B2 (en) | Process for obtaining candidate data from a remote storage server for comparison to a data to be identified | |
| CN112514349B (en) | Detecting duplication using exact and fuzzy matching of cryptographic matching indices | |
| CN115248919A (en) | Method and device for calling function interface, electronic equipment and storage medium | |
| US11321431B2 (en) | Data processing, watermark embedding and watermark extraction | |
| US11080280B2 (en) | Enable merge join on encrypted data | |
| US11934539B2 (en) | Method and apparatus for storing and processing application program information | |
| CN114116637A (en) | Data sharing method, device, equipment and storage medium | |
| US9218296B2 (en) | Low-latency, low-overhead hybrid encryption scheme | |
| CN117910055A (en) | Encryption transmission method and device for chip data, chip and storage medium | |
| US11455404B2 (en) | Deduplication in a trusted execution environment | |
| CN114297274A (en) | Big data extraction method and device, computer equipment and storage medium | |
| CN113159952A (en) | Method, system, device and storage medium for storing digital assets based on block chain | |
| US11176264B2 (en) | Data access control using data block level decryption | |
| CN115438037A (en) | Data processing method, device, system and storage medium thereof | |
| CN112632054A (en) | Data set duplication removing method based on attribute encryption, storage medium and system | |
| US11816242B2 (en) | Log compression and obfuscation using embeddings | |
| US11921847B1 (en) | Detection of abnormal application programming interface (API) sessions including a sequence of API requests using space partitioning data structures | |
| US11900179B1 (en) | Detection of abnormal application programming interface (API) sessions including a sequence of API requests | |
| CN112035471B (en) | Transaction processing method and computer equipment | |
| US11003783B1 (en) | Searchable encrypted data stores | |
| CN117978446A (en) | Chip communication transmission encryption method, device, computer equipment and storage medium | |
| Chouragade et al. | A Survey on Privacy Preserving Content Based Image Retrieval and Information Sharing in Cloud Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |