TW490611B - Encryption and decryption memory and access control method - Google Patents

Encryption and decryption memory and access control method Download PDF

Info

Publication number
TW490611B
TW490611B TW89106128A TW89106128A TW490611B TW 490611 B TW490611 B TW 490611B TW 89106128 A TW89106128 A TW 89106128A TW 89106128 A TW89106128 A TW 89106128A TW 490611 B TW490611 B TW 490611B
Authority
TW
Taiwan
Prior art keywords
encryption
decryption
memory
data
encrypted
Prior art date
Application number
TW89106128A
Other languages
Chinese (zh)
Inventor
Jian-Tsz Hou
Original Assignee
Jian-Tsz Hou
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jian-Tsz Hou filed Critical Jian-Tsz Hou
Priority to TW89106128A priority Critical patent/TW490611B/en
Priority to GB0027694A priority patent/GB2364407B/en
Priority to DE2000156792 priority patent/DE10056792A1/en
Priority to FR0103889A priority patent/FR2807177A1/en
Application granted granted Critical
Publication of TW490611B publication Critical patent/TW490611B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

This invention is an encryption and decryption memory and access control method. It constructs an encryption controller in the memory like DRAM, SDRAM and SRAM and uses pre-defined specific encryption and decryption startup procedure to start the encryption controller. Usage of the encryption and decryption memory is like general memory before startup. After startup, data will be encrypted and decrypted by the encryption and decryption memory, and it changes any section of the stored address to the register area for storing the encryption and the decryption data. It makes the data encrypted or decrypted for system or peripherals to proceed access for preventing the memory location data from invasion of hacker or even that all peripherals are stolen to increase security of computer system.

Description

490611 A7 發明説明(一) 發明摘要說明: 本發明係有關一種加解密記憶體及其存取控制方 主要疋在記憶體中建構一加密控制器,透過記憶體 的讀寫使資料形成加密或解密資料之設計。 法 經 濟 部 智 慧 財 產 局 消 費 合 作 社 印 製 技術背景說明: 見今有越來越多的網路及系統連接至網際網路,任 何人皆透過内部網路(intranet)或網際網路⑽⑷ 存取所需的資料儲存在硬碟器中,或 2動、存取任何㈣,這使得網_連結日益危險, :、、、任何人均可輕易的擷取私人資料,包括了個人資料、 ==資料、往來的電子書信等,而形成—無隱私的開 止於此’對企#而言,對其電腦系統保全 威脅往往來自所雇用的職員,不需任何更多的專 業知識,只要知道如何去使用獅起 卸並取走_,這縣何人純是轉㈣的。將電崎 電腦犯罪的目的往往是竊取儲存在可能去終止,因此最佳的解決方 η王:碟的資料進行加密,藉以使外來 入知者(1^〇1^1〇自硬碟帶走的資料, text)外無法讀出任何資料。當是 clP er 情況也可能發生在其它週邊硬碟,相同的 ,+匕迫遭褒置如··網路介面卡 (如w〇rklnterfacecard;NIC)、印表機(的扣⑷卡 訂 # 本纸張尺度適用宁關家標準(CNS ) A4規^ 頁 490611 A7 __B7 _ _ 五、發明説明(> ) 因此這些裝置不論是任何型式的電腦犯罪,都是最難以 防禦的。 以硬碟資料存取來說,如第一圖所示,假設c P U10 (中 央處理器)向硬碟21要求一資料X,該資料X不會從硬 碟21直接到CPU10,而是先被寫至記憶體30(以下以 DRAM說明)内(如路線A),然後CPU10再從DRAM30將 資料X讀出(如路線B)。同樣的,如第二圖所示,在CPU10 處理資料X之後,也是先將處理後的資料寫入DRAM30C如 路線C),然後硬碟21再自DRAM30讀回資料X(如路線 D)。因此由上述可知,DRAM30是任何資料流在週邊裝置 20(包括硬碟21等)與系統核心40之間的一個必要路 徑,換言之,它可以是一個檢測點。 因此吾人可以想像DRAM30可以執行下列的技術 點: 1·在資料從週邊裝置20傳送至系統核心40之後,系統 核心40讀取的資料將被解密。 2·在資料從系統核心40傳送至週邊裝置20之前,為保 護抵抗非法入侵者(hacker),資料將被加密。 緣此’本發明之主要目的即是提供一種加解密記憶 體及其存取控制方法,主要是在記憶體(DRAM、SDRAM、 SR AM荨)中建構一加播控制器,並利用預設定的特殊加 解密啟動程序啟動加密控制器,在未啟動前,加解密記 憶體之使用即猶如一般記憶體。啟動後,資料將被加解 _^_第3頁,共百__ 氏張尺度適用中國國家標準(CNS ) A4規格(21〇X297公釐] ' ^ (請先閱讀背面之注意事項再填寫本頁) 訂 經濟部智慧財產局員工消費合作社印製 490611 A7 B7490611 A7 Description of the invention (1) Summary of the invention: The present invention relates to a kind of encryption and decryption memory and its access control party. It mainly constructs an encryption controller in the memory and encrypts or decrypts the data by reading and writing in the memory. Design of information. Printed by the Intellectual Property Bureau of the French Ministry of Economic Affairs and Consumer Cooperatives. Technical background: Today, more and more networks and systems are connected to the Internet. Anyone can access the office through an intranet or the Internet. The required data is stored in the hard disk drive, or it can be accessed twice. This makes the Internet link increasingly dangerous.: ,,, anyone can easily retrieve private data, including personal data, == data, E-letters and correspondence, etc., are formed-the beginning of non-privacy ends. For enterprises #, the threat to the security of their computer systems often comes from the employees they employ, without any further expertise, as long as they know how to use them. The lion unloaded and took away _, who in this county was purely reincarnated. The purpose of the Denizaki computer crime is often to steal the storage where it may be terminated. Therefore, the best solution is to encrypt the data of the disc, so that outsiders (1 ^ 〇1 ^ 1〇 take it away from the hard disk) Data, text). When it is clPer, the situation may also occur on other peripheral hard disks. The same, + + is forced to be installed, such as the network interface card (such as W〇rklnterfacecard; NIC), printer (buckle card order # 本The paper size applies the Ningguan Family Standard (CNS) A4 rule ^ Page 490611 A7 __B7 _ _ V. Description of the invention (>) Therefore, no matter what type of computer crime these devices are, it is the most difficult to defend. Hard disk data For access, as shown in the first figure, suppose c P U10 (Central Processing Unit) requests a data X from the hard disk 21. The data X will not be directly transferred from the hard disk 21 to the CPU 10, but will be written to the memory first. In the body 30 (illustrated by DRAM below) (such as route A), and then CPU 10 reads data X from DRAM 30 (such as route B). Similarly, as shown in the second figure, after CPU 10 processes data X, it also first The processed data is written into the DRAM 30C (such as route C), and then the hard disk 21 reads back the data X (such as route D) from the DRAM 30. Therefore, it can be known from the above that the DRAM 30 is a necessary path for any data flow between the peripheral device 20 (including the hard disk 21, etc.) and the system core 40. In other words, it can be a detection point. Therefore, we can imagine that the DRAM 30 can perform the following technical points: 1. After the data is transmitted from the peripheral device 20 to the system core 40, the data read by the system core 40 will be decrypted. 2. Before the data is transmitted from the system core 40 to the peripheral device 20, the data will be encrypted to protect against illegal hackers. Because of this, the main purpose of the present invention is to provide an encryption / decryption memory and an access control method thereof, which are mainly constructed in a memory (DRAM, SDRAM, SR AM net), and use a preset The special encryption and decryption startup program starts the encryption controller. Before the startup, the encryption and decryption memory is used like ordinary memory. After starting, the data will be interpreted. _ ^ _ Page 3 of 100__ The Zhang scale is applicable to China National Standard (CNS) A4 specifications (21 × 297 mm) '^ (Please read the precautions on the back before filling (This page) Order Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs Employee Cooperatives 490611 A7 B7

五、發明説明(三) 經濟部智慧財產局員工消費合作社印製 密=憶體進行加解密,並且設定錢體的任—段儲存位 址變更為暫存區儲存加解密資料,透過記憶體的讀寫, 使貧料形成加密或解密資料,供系統或週邊裝置進行存 取進而防止非法入侵者破解這些記憶體位置資料,甚 至是竊取走整個週邊裝置,以提升計算機系統的安全性。 依據前述,本發明之DRAM架構中包括有快閃記憶 體(flash)及加密控制器(encryption controller), 該快閃記憶體係用以儲存加密鑰匙(key)及加密/解密區 域設定後之定址訊息。該加密控制器係由特殊的加解密 啟動程序啟動,用以執行資料流加/解密之動作。 依據前述,該特殊的啟動程序對記憶體任一個相同 的地址持續地重複讀、寫動作一段時間,啟動加解/解密 程序,且因僅是做字符流加密(Streajn Cipher),加解 密不影響時序造成延遲,可視為一即時運算(Real Time Operation),寫入之後立刻便可以讀取。 以下將對本發明之結構設計與技術原理,作一詳細 之說明,並參閱附呈之圖式,將對本發明之特徵作更進 一步之瞭解,其中: 圖式說明: 第一圖係中央處理器自硬碟讀取資料之動作示意 圖; 第二圖係在中央處理器處理資料存入硬碟之動作示 筮4苜,共15百 本纸張尺度適用中國國家標準(CNS ) A4規格(210X297公釐) ΓΙ.-------Φ—— (請先閱讀背面之注意事項再填寫本頁) 訂 AW. 竹 U611 A7 五、發明説明(\10 ) 意圖; 第三圖係為本發明加解密記憶體之内部方 圖; 第四圖係本發明之巾央處理ϋ與硬碟間存取資料 動作示意圖; 4 第五圖係為本發明之方法流程圖。 示意 之 圖號說明: ίο cpu 20週邊裝置 21硬碟 30記憶體(DRAM) 系統核心 5〇加解密記憶體(DRAM) 51快閃記憶體 52加密控制器 53控制邏輯 54介面暫存器 55記憶方塊 56加密暫存器 ‘丨 I :-------^—— (請先閲讀背面之注意事項再填寫本頁} 钉 經濟部智慧財產局員工消費合作社印製 i 5苜,坊百 詳細内容: 本發明係利用硬體與軟體的技術,研發出_種特 的DRAM架構,利用與作業系統(QS)或軟體控制結合的 額外功能方塊,系統能偵測出DRAM中的一或多個區域, 硬碟資料將能在這些區域存取,且該區域加密或解密程 序係由特殊啟動而執行,這些DRAM中加密/解密區域的 數量係視系統設計需求而定。 該加解密記憶體50(以下以DRAM為例)架構如第三 本紙張尺度適用中國國家標準(CNS ) A4規格(210 X297公釐) 490611 A7 B7 五、發明説明(玉) 圖所示,在此DRAM50内部架構中本發明較一般DRAM30 增加了快閃記憶體5l(flash memory)及加密控制器 52(encryption controller)兩個功能方塊。其中·· 該快閃記憶體51係儲存下列兩種重要訊息: 1·獨一無二的加密錄起(encryption key)。 2·在設定加密/解密區域(如後述)之後,系統產生的定 址訊息。 該加密控制器52可為字符流加密器(stream cypher)或虛擬亂數產生器(pSUd〇 random generator) ’依據軟體所設定的加密/解密區域進行加 解密動作,以提供解密之資料供CPU10處理,或將加密 資料儲存於硬碟21中。 在本發明之加解密記憶體50中的其餘構件,如圖 所示之作為資料流存取流向控制之控制邏輯53、與匯流 排連結之介面暫存器54及儲存資料之記憶方塊55,均 與習用DRAM30相同,於此不作贅述。 DRAM50内的加密/解密區域及啟動加密/解密的執 行’係由作業系統或額外的軟體程式去幫助決定下列關 鍵點: L執行DRAM50中加密/解密區域區域的設定。 2·在設定加密/解密區域之後,必需要決定這個DRAM50 中的區域不是系統經常存取的位址,然後將所設定的 加密/解密區域的結果(包括起始及終止位址)寫入這 本纸張尺度適用- (請先閱讀背面之注意事項再填寫本頁) -訂 經濟部智慧財產局員工消費合作社印製 490611 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明説明($ ) 個空白的區域内,以使加密控制器52能知道加密/解 密的記憶體位址區域。 3·負責加密/解密程序的開始與結束控制。 4.將幫助資料直接進入正確的加密/解密區域。 依據前述之關鍵點,設定DRAM記憶體位址加密/ 解禮、區域的程序如下·(以下的實施例係以硬碟為例說明) 吾人假&又所要保護的硬碟21及相關於硬碟所有資 料將只存取記憶體位址的4個區域,每一個區域設定程 序如下列步驟: 1·決定設定那一個區域(area 1,area 2,area 3或area 4) 〇 2·選擇啟動(enable)或停止(disable)區域;如果系統 要求4個區域全部維持啟動狀態,軟體的作業系統將 能動態偵測,否則某些區域將會被停止。 3. 決定加密/解密區域的起始位址。 4. 決定加密/解密區域的大小。 5. 選擇執行加密或解密動作。 當作業系統或軟體程式完成上述工作,將會找尋記 憶體位址中不是系統經常存取的一段儲存位址變更為加 密暫存器56(encryption register),系統亦必須決 定採用何種加密/解密運算法則(例如RSA、ECC),之後 將設定的結果及決定的運算法則儲存至加密暫存器56 内。 __藍_7苜,萁忾百 本紙張尺度適用中國國家標準(CNS ) A4規格(210X297公釐) ^--、----*訂------0— (請先閱讀背面之注意事項再填寫本頁) 竹 U611 A7 五、發明説明(七) 另外,本發明設定該加密暫存器56中的一個位元, 作為加密/解密程序的終止(terininate)設定。 请 先 閱 % 背 面 之 注 意 事 項 再 填 寫 本 頁 又,因DRAM50屬於揮發性記憶體,系統電源關閉 暫存於DRAM的資料將會消失,而本發明上述的各項設 定將儲存在前述於DRAM50額外設定的快取記憶體51 内,因此電源重新開啟時,不必再重新執行上述的設定 步驟。 0 本發明係提供一種特殊的加密或解密啟動方法,利 用一預設定的特殊加解密啟動程序控制啟動,若這個特 殊的加岔或解密啟動方法在未啟動前,DRAM50將無加密 或解密動作,而維持如一般記憶體的使用功能,加解密 訂 記憶體之使用即猶如一般記憶體存取,不會發生任何的 加解密動作。舉例來說, 這個程序的啟動模式在下列幾種型式下將被啟動·· # L只有在當作業系統或軟體程式命令系統對記憶體任一 個相同的地址持續地重複”讀、讀、寫”複數次(如256 次或是由另一個大的數值取代)時便啟動加解密功 能。 2.持續地對該位址讀寫某一特定内容型式如該位址的内容 為10101010時則啟動加解/解密程序。 3·在以上兩種情況下均成立時啟動加解密功能。 當啟動特殊的加密/解密功能,加密控制器52將所 保持的設定結果去命令加密控制器52在先前設定的記憶 T 氏 家標準(cns ) A4 規格( 490611 五、發明説明(/、 ?位,域^所有的資料進行加密或解密,值得注以 制,而是由硬體L rj業系統或軟體程式所控 '长1 —染 本身此外,加密控制器52僅是一字符 加解密不影響時序造成延遲,可視為一即時 = Operation),寫入之後立刻便可以 配合第四圖所示的例子來說 資料至DRAM50,作章系鲚式扒触<』 馬入 f 域體程式資料指到解密區域 (如圖所不之第1及第3解密區ΚΜ、Α3),也就是說資 料!,送出時為加密的’但在到達咖〇前會先完 成解後,並且等待供系統讀取使用。 相反的,當系統欲將資料寫入DRAM5〇,作 或軟體程式會先將資料指到加密區域((如圖所示^第、 及第4加密區域A2、A4),也就是說資料從系統核 出k未加密,但在到達腸M5〇前已完成 回 硬碟儲存。 丹达回 經濟部智慧財產局員工消費合作社印製 本發明中,使騎有權決定結束加密或解密 藉由對作業系統或軟體程式下達命令,辦加密暫 預設為控制加密/解密程序的位元設定(dis^l ° 隨即轉變一般記憶體的使用功能。 6 本發明之方法可歸納出下列步驟(如第五圖所示 a·作業系統或軟體程式決定記憶體位址區,β 〇 變為加密暫存器56 ; χ 、’、^、轉V. Description of the invention (3) The secrets printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs = encryption and decryption of the memory body, and set the arbitrary-segment storage address of the money body to a temporary storage area to store the encryption and decryption data. Reading and writing makes the encrypted data encrypted or decrypted for access by the system or peripheral devices to prevent illegal intruders from cracking these memory location data, or even stealing the entire peripheral device to improve the security of the computer system. According to the foregoing, the DRAM architecture of the present invention includes a flash memory and an encryption controller. The flash memory system is used to store the encryption key and the addressing information after the encryption / decryption area is set. . The encryption controller is started by a special encryption and decryption startup program to perform the data stream encryption / decryption operation. According to the foregoing, this special startup program continuously repeats the read and write actions for any one of the same addresses in the memory for a period of time, and starts the encryption / decryption program. Because it only performs character stream encryption (Streajn Cipher), the encryption and decryption does not affect The delay caused by the timing can be regarded as a Real Time Operation, which can be read immediately after writing. The structure design and technical principle of the present invention will be described in detail below, and the features of the present invention will be further understood by referring to the attached drawings, wherein: Schematic diagram of the operation of reading data from the hard disk; The second picture shows the operation of storing data on the central processing unit by the central processor. 4 alfalfa, a total of 15 hundred paper sizes are applicable to the Chinese National Standard (CNS) A4 specification (210X297 mm) ) ΓΙ .------- Φ—— (Please read the notes on the back before filling in this page) Order AW. Bamboo U611 A7 V. Description of the invention (\ 10) Intent; The internal diagram of the decrypted memory. The fourth diagram is a schematic diagram of the operation of accessing data between the central processing unit and the hard disk of the present invention. The fifth diagram is a flowchart of the method of the present invention. Schematic drawing number description: cpu 20 peripheral devices 21 hard disk 30 memory (DRAM) system core 50 encryption and decryption memory (DRAM) 51 flash memory 52 encryption controller 53 control logic 54 interface register 55 memory Block 56 Encryption Register '丨 I: ------- ^ —— (Please read the precautions on the back before filling out this page} Nailed by the Intellectual Property Bureau of the Ministry of Economic Affairs, the Consumer Cooperatives printed i 5 alfalfa, Fang Bai Details: The present invention uses hardware and software technology to develop a special DRAM architecture. Using additional functional blocks combined with operating system (QS) or software control, the system can detect one or more of the DRAMs. In these areas, hard disk data will be accessible in these areas, and the encryption or decryption process in this area is executed by special startup. The number of encryption / decryption areas in these DRAMs depends on system design requirements. The encryption and decryption memory 50 (The following takes DRAM as an example) The architecture is as the third paper standard applicable to the Chinese National Standard (CNS) A4 specification (210 X297 mm) 490611 A7 B7 V. Description of the invention (jade) As shown in the figure, in this DRAM50 internal architecture The hair Compared with the ordinary DRAM30, two functional blocks of flash memory 5l (flash memory) and encryption controller 52 (encryption controller) are added. Among them, the flash memory 51 is used to store the following two important messages: 1. Unique encryption Encryption key. 2. After the encryption / decryption area is set (as described later), the addressing information generated by the system. The encryption controller 52 can be a stream cypher or a virtual random number generator (pSUd). 〇random generator) 'Perform the encryption / decryption operation according to the encryption / decryption area set by the software to provide the decrypted data for processing by the CPU 10, or store the encrypted data in the hard disk 21. In the encryption / decryption memory 50 of the present invention, The other components, as shown in the figure, are the control logic 53 for data flow access and flow direction control, the interface register 54 connected to the bus, and the memory block 55 for storing data, which are the same as the conventional DRAM 30, and will not be repeated here. The encryption / decryption area and the start of encryption / decryption execution are performed by the operating system or additional software programs to help determine the following key points: L Perform DRA The setting of the encryption / decryption area in M50. 2. After setting the encryption / decryption area, it must be determined that the area in this DRAM50 is not an address frequently accessed by the system, and then the result of the set encryption / decryption area (including Start and stop addresses) Write this paper to apply-(Please read the notes on the back before filling out this page)-Order printed by the Intellectual Property Bureau Employee Consumption Cooperative of the Ministry of Economy 490611 Print A7 B7 V. Description of the invention ($) blank areas, so that the encryption controller 52 can know the memory address area of the encryption / decryption. 3. Be responsible for the start and end control of the encryption / decryption program. 4. Direct the help data into the correct encryption / decryption area. According to the foregoing key points, the procedure for setting the DRAM memory address encryption / decryption and area is as follows. (The following examples are explained with the hard disk as an example.) The hard disk 21 we want to protect and related to the hard disk All data will only access the 4 areas of the memory address. The setting procedure of each area is as follows: 1. Decide which area (area 1, area 2, area 3, or area 4). 〇2. Select Enable ) Or disable (disable) area; if the system requires all 4 areas to remain activated, the software's operating system will be able to dynamically detect, otherwise some areas will be stopped. 3. Decide the starting address of the encryption / decryption area. 4. Decide on the size of the encryption / decryption area. 5. Choose to perform an encryption or decryption action. When the operating system or software program completes the above tasks, it will find a memory address in the memory address that is not frequently accessed by the system and change it to an encryption register 56. The system must also decide which encryption / decryption operation to use Rules (such as RSA, ECC), and then the set result and the determined algorithm are stored in the encryption register 56. __Blue_7 alfalfa, 萁 忾 100 paper sizes are applicable to China National Standard (CNS) A4 specifications (210X297 mm) ^-, ---- * Order ------ 0— (Please read the back first Please note this page to fill in this page) Bamboo U611 A7 V. Description of the invention (VII) In addition, the present invention sets a bit in the encryption register 56 as the terininate setting of the encryption / decryption program. Please read the notes on the back of the% before filling in this page. Because DRAM50 is a volatile memory, the data temporarily stored in the DRAM will disappear when the system is powered off, and the above settings of the present invention will be stored in the above-mentioned additional DRAM50. It is set in the cache memory 51, so when the power is turned on again, it is not necessary to perform the above setting steps again. 0 The present invention provides a special encryption or decryption startup method, which uses a preset special encryption and decryption startup program to control startup. If this special encryption or decryption startup method is not started, the DRAM 50 will have no encryption or decryption action. While maintaining the use function of general memory, the use of encryption and decryption memory is just like ordinary memory access, and no encryption and decryption action will occur. For example, the startup mode of this program will be activated in the following types: # L Only when the operating system or software program command system continuously repeats "read, read, write" to any one of the same addresses in the memory Encryption / decryption is activated multiple times (such as 256 times or replaced by another large value). 2. Continuously read and write a specific content type to the address. If the content of the address is 10101010, the encryption / decryption process is started. 3. In both cases, the encryption and decryption function is activated. When the special encryption / decryption function is activated, the encryption controller 52 instructs the encryption controller 52 to store the previously set memory T family standard (cns) A4 specification (490611 V. Description of the invention (/,? Bit, All data is encrypted or decrypted. It is worthy of note. It is controlled by the hardware Lrj system or software program. 'Long 1 — dye itself. In addition, the encryption controller 52 is only a character encryption and decryption does not affect the timing. The delay can be regarded as an instant = Operation). Immediately after writing, the data can be matched to the DRAM50 according to the example shown in the fourth figure. Area (as shown in the first and third decryption areas KM, A3), that is to say, data !, it is encrypted when it is sent out, but it will be completed before it arrives at coffee 0, and it is waiting for the system to read Conversely, when the system wants to write data into DRAM50, the software or software program will first point the data to the encrypted area (as shown in the figure, and the 4th and 4th encrypted areas A2 and A4). The system verified that k is not encrypted However, the hard disk storage has been completed before reaching the intestine M50. Danda printed back to the Intellectual Property Bureau of the Ministry of Economic Affairs, Employee Consumer Cooperative printed this invention, giving the rider the right to decide to end encryption or decryption by issuing an order to the operating system or software program The encryption is temporarily preset to control the bit setting of the encryption / decryption program (dis ^ l °, and then the general memory usage function is changed. 6 The method of the present invention can be summarized as follows (as shown in the fifth figure a · work The system or software program determines the memory address area, and β 〇 becomes the encryption register 56; χ, ', ^, and

丄⑺一 -镇亘,赴P F 本紙張尺度適用中國國家標準(CNS ) Α4規格(2ΐ〇χ297公釐) 490611 經濟部智慧財產局員工消費合作社印製 Μ Β7 五、發明説明(it ) b·設定選擇區域; c·決定區域的起始位址及大小; d·決定執行加密或解密作業;例如在第2區域係由硬碟 將資料傳送至DRAM50,再由DRAM50傳送至CPU10, 則第2區域A2將被決定為執行解密作業。 e·將步驟a〜d設定的結果儲存至加密暫存器,並選 擇運算法則(RSA、ECC)。 f·偵測特殊的加密/解密功能程序是否啟動(如對記憶體 任一個相同的地址持續地重複讀、讀、寫動作256或 更多次數,或是該位址的内容為某些特定的型式如 10101010,或是前述兩種情況均發生時) S·步驟f啟動後,即對資料進行加密或解密,並將資料 暫時存放在前述設定的加密或解密區域内,再將加密 資料傳送至硬碟21儲存,或將解密資料傳送至 CPU10 ; ' h·對加密暫存器56預設為控制加密/解密程序的位元下 達命令,以結束加密/解密動作; 1·若步驟f未啟動或是步驟h的終止設定,DRAM5〇將 回復為一般功能的記憶體使用。 綜上所述,本發明之優點如下·· 由於記憶體的資料經過加解密過程,非法入侵者無法 直接侵入,藉以逼迫非法入侵者必須經由正常的作業 I—^-------0-------1Τ------^9— (請先閱讀背面之注意事項再填寫本頁)丄 ⑺ 一-亘 亘, go to PF This paper size applies the Chinese National Standard (CNS) A4 specification (2 × 297 × 297 mm) 490611 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Β7 V. Description of invention (it) b · Set the selection area; c. Determine the start address and size of the area; d. Decide to perform the encryption or decryption operation; for example, in the second area, data is transmitted from the hard disk to the DRAM50, and then from the DRAM50 to the CPU10, then the second The area A2 will be decided to perform a decryption job. e. Store the result set in steps a to d to the encryption register, and select the algorithm (RSA, ECC). f. Detect whether a special encryption / decryption function program is started (such as continuously repeating read, read, and write actions for any same address in the memory 256 or more times, or if the content of the address is some specific Type is 10101010, or when both of the above situations occur) S. After step f is started, the data is encrypted or decrypted, and the data is temporarily stored in the previously set encryption or decryption area, and then the encrypted data is transmitted to The hard disk 21 stores or transmits the decrypted data to the CPU 10; 'h · issues a command to the bit of the encryption register 56 preset to control the encryption / decryption program to end the encryption / decryption action; 1. If step f is not started Or the termination setting of step h, DRAM50 will revert to normal function memory use. In summary, the advantages of the present invention are as follows: Since the data in the memory undergoes a process of encryption and decryption, illegal intruders cannot directly intrude, so that the illegal intruders must be forced through normal operations. I — ^ ------- 0 ------- 1Τ ------ ^ 9— (Please read the notes on the back before filling this page)

I _ A7 五、發明説明(十) 系統(OS)程式去擷取資料,而通過正常作業程式在現 有的保密技術上,極為容易被查覺,因此本發明確能 保護記憶體資料無法被破壞。 2·保密記憶體與一般記憶體針腳完全相同,可直接插設 於主機板的插槽,無需更換任何設備,即能增加現有 電腦的保密能力。 綜上所述,本發明所提供之加解密記憶體及其存取 =方法,能透過記憶體的讀寫使資料形成加密或解密 貝料,防止非法入侵者破解這些記憶體位置資料,甚至 是竊取走整個週邊裝置,提升計算__安全性;對 於傳統系統容易被拆除裝置竊取資料之缺失提出有效之 解決辦法及對策,確實已符合創作專利之申請要件,銀 ,釣局詳加審查,並惠賜奸專利,以嘉惠民生利^ 氏,實感德便。 僅心唯Γ上所敘述之技術、圖說、程式或控制等方法, ,僅係本發日錄佳實_之—而已;舉凡依本發明 專利範圍之技賴狀均㈣化雜 =料’皆應仍屬本發明專利權所涵蓋之範 不月b依此限定本發明實施之範圍。 本紙張尺度適用中國國家標準(CNS ) A4規格(2ι〇χ297公釐) 丨 -- (請先閲讀背面之注意事項再填寫本頁) 訂 經濟部智慧財產局員工消費合作社印製I _ A7 V. Description of the invention (ten) System (OS) program to retrieve data, and the existing security technology through the normal operating program is extremely easy to detect, so the invention can indeed protect the memory data from being destroyed . 2. The security memory is completely the same as the general memory pins, and can be directly inserted into the slot of the motherboard. It can increase the security capability of the existing computer without replacing any equipment. In summary, the encryption and decryption memory and the access method provided by the present invention can form data to be encrypted or decrypted by reading and writing in the memory, preventing illegal intruders from cracking these memory location data, and even Stealing the entire peripheral device to improve computing security; propose effective solutions and countermeasures for the lack of stolen data of traditional systems that can be easily dismantled by the device. It has indeed met the requirements for the creation of patent applications. Thanks to the patents for the benefit of people's livelihood ^, it really feels good. Only the techniques, illustrations, programs, or control methods described on Xinwei Γ are just the best practices recorded in this publication. They are all examples. All technical details according to the scope of the present patent are mixed. Fan Buyue b, which is still covered by the patent right of the present invention, defines the scope of implementation of the present invention accordingly. This paper size applies the Chinese National Standard (CNS) A4 specification (2 × 297 mm) 丨-(Please read the precautions on the back before filling this page)

HuHu

Claims (1)

^0611 A8 B8 C8 D8 、申請專利範圍 申請專利範圍: 1· 一種加解密記憶體,包含有一加密 ,二該:密控制器係『系統或顧外的 ^ ’將記憶體渺出加密區域、解密區域及控制加 费/解密作業的啟動與停止·,該快閃記憶體係儲存獨 y無二的加密鑰匙,及在設定加密/解龍域之後, 產生的定址訊息;前述之加密記憶體係由加密/ ^啟動程式所啟動’使週邊裝置所送出的加密資 :到達5己憶體前會先完成解密並等待供系統讀取使 ”及系統寫入記憶體的未加密資料,在到達 月】已凡成加岔,送回週邊装置儲存,以避免週邊裝置 被竊取、糸統被侵入時汽露出重要資料。 2.如申請專利範圍第1項所述之加解密記憶體,1中該 加密控制ϋ係為字符流加密器或虛擬亂數產生器,進 行資料加密或解密。 3·如專利範圍第1項所述之加解密記憶體,其中該 ^獪/解密啟動程序係於作業系統或軟體程式命令系 ^對把憶體任一個相同的地址持續地重複讀、寫動作 複讀、謂、寫動作256或更多次數),則啟動加 解/解密裎序。。 4· Τ申清專利範圍第1項所述之加解密記憶體,其中該 2 ^ i解密啟動程序係於作業系統或軟體程式命令系 、、對則述任一位址的内容持續讀/寫為某些特定的型 本纸張尺度適用中-------- 、準(CNS ) Α4規格(2縣只爾公着乡5頁 ---------- m —^i 1·----- 1 ϋϋ m I d' (請先閱讀背面之注意事項存填寫本 、IT、I d.0--------------- v^VJl v^VJl 經濟部智慧財產局員工消費合作社印製 A8 B8 C8 D8 申請專利範圍 式時(如10101010時)則啟動加解/解密程序。 5.如=請專利範圍第1項所述之加解密記憶體,其中該 加密/解密啟動程序於前述第3項及第4項岣發^時了 則啟動加解/解密程序。。 x 、 6·如1請專利範圍第1項所述之加解密記憶體,其中該 暫存器設有一位元,作為加密/解密程序的終止 設定。 7·如申睛專利範圍第1項所述之加解密記憶體,其中該 記憶體係DRAM、SDRAM、SRAM等。 、〜 8·如=請專利範圍第1項所述之加解密記憶體,其中該 加密/解密程序在啟動前或停止後,係作為一^功能 性記憶體者。 9· 一種加解密記憶體之控制方法,其中該作業系統戋軟 體程式設定加密記憶體的設定包括有下列步驟:〆 a•決定記憶體中記憶體位址區段,並將其轉變為加 密暫存器; . b·設定選擇區域; c·決定區域的起始位址及大小; d,依據資料的傳遞路徑,決定各區域執行加 解 密作業; ^ 己將步驟a〜d設定的結果儲存至加密暫存器,並選 擇運算法則。 " f·偵測特殊的加密/解密功能是否啟動; 本紙張巾目SJ家標準(CNS )( 公_ (請先閱讀背面之注意事項再填寫本頁)^ 0611 A8 B8 C8 D8, patent application scope, patent application scope: 1. A kind of encryption and decryption memory, which contains an encryption, and the second: the security controller system "system or extraneous ^" to the memory out of the encrypted area, decryption Area and control the start and stop of fee increase / decryption operations. The flash memory system stores unique encryption keys and addressing information generated after the encryption / decryption domain is set; the aforementioned encrypted memory system is encrypted / ^ Launched by the startup program to enable the encrypted data sent by the peripheral device: before reaching the 5th memory, it will complete the decryption and wait for the system to read and use the unencrypted data written to the memory by the system. Fancheng will send it back to the peripheral device for storage to prevent the important data from being exposed when the peripheral device is stolen or the system is invaded. 2. The encryption and decryption memory described in item 1 of the scope of patent application, the encryption control in 1 It is a character stream encryptor or a virtual random number generator for data encryption or decryption. 3. The encryption / decryption memory according to item 1 of the patent scope, wherein the ^ 狯 / decryption startup program is The operating system or software program command ^ continuously read, write, repeat, predicate, write 256 or more times for any of the same address in memory, then start the encryption / decryption sequence ... 4 · Τ Declaring the encryption and decryption memory described in item 1 of the patent scope, wherein the 2 ^ i decryption startup program is in the operating system or software program command system, and the content of any address is continuously read / written as some Specific paper sizes are applicable in --------, quasi (CNS) Α4 specifications (5 pages in Ghergong Township, 2 counties ---------- m — ^ i 1 · ----- 1 ϋϋ m I d '(Please read the notes, IT, I d. 0 --------------- v ^ VJl v ^ VJl When the consumer cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs prints A8 B8 C8 D8 when applying for a patent application (such as 10101010), the encryption / decryption process is started. 5. If = please ask for the encryption / decryption memory described in item 1 of the patent scope, The encryption / decryption activation program starts the encryption / decryption program when the aforementioned items 3 and 4 are issued. X, 6. · Please refer to the encryption and decryption memory described in item 1 of the patent scope. Among them, the register is provided with a bit as the termination setting of the encryption / decryption program. 7. The encryption and decryption memory as described in the first item of Shenyan's patent scope, in which the memory system is DRAM, SDRAM, SRAM, etc. ~ 8: If the encryption / decryption memory described in item 1 of the patent scope is requested, the encryption / decryption program is used as a functional memory before starting or stopping. 9. A kind of encryption / decryption memory A control method, wherein the operating system 戋 software program setting of the encrypted memory includes the following steps: 〆a • determine the memory address section in the memory and convert it into an encrypted register;. B. Setting the selection area ; C. Determine the starting address and size of the area; d, determine the encryption and decryption operations in each area according to the data transmission path; ^ the results set in steps a to d have been stored in the encryption register, and the algorithm is selected . " f · Detect whether the special encryption / decryption function is enabled; This paper is SJ home standard (CNS) (public _ (Please read the precautions on the back before filling this page) 申請專利範圍 g•步驟f啟動後,即對資 — 料儲存在前述設定的加密c戈解密;並將資 週邊裝置存取。 —解區域内,供系統或 10·如申請專利範圍第9項所 1 ^其中該設定㈣e所指的運算 填 之加解密記《之控制方 元預設為控制加密/解密程序的位 建v止命令,以結束加密/解密 訂 ) Λ4ΛΤ2ΪΙ Χ29你釐、)]Scope of patent application g • After step f is started, the encrypted data stored in the aforementioned settings is decrypted; the data is accessed by peripheral devices. —In the solution area, for the system or 10 · As in Item 9 of the scope of the patent application 1 ^ where the setting ㈣e refers to the operation of encryption and decryption, the control element is preset to control the encryption / decryption program. Order to end the encryption / decryption order) Λ4ΛΤ2ΪΙ Χ29 你 厘,)]
TW89106128A 2000-03-31 2000-03-31 Encryption and decryption memory and access control method TW490611B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
TW89106128A TW490611B (en) 2000-03-31 2000-03-31 Encryption and decryption memory and access control method
GB0027694A GB2364407B (en) 2000-03-31 2000-11-13 Encryption/decryption memory and methods of saving and retrieval
DE2000156792 DE10056792A1 (en) 2000-03-31 2000-11-16 Encryption / decryption memory and method for storing and reading out
FR0103889A FR2807177A1 (en) 2000-03-31 2001-03-22 Encryption/decryption method for protection of semi-conductor memories on networked computers uses coding controller running coding software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW89106128A TW490611B (en) 2000-03-31 2000-03-31 Encryption and decryption memory and access control method

Publications (1)

Publication Number Publication Date
TW490611B true TW490611B (en) 2002-06-11

Family

ID=21659282

Family Applications (1)

Application Number Title Priority Date Filing Date
TW89106128A TW490611B (en) 2000-03-31 2000-03-31 Encryption and decryption memory and access control method

Country Status (4)

Country Link
DE (1) DE10056792A1 (en)
FR (1) FR2807177A1 (en)
GB (1) GB2364407B (en)
TW (1) TW490611B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106326130A (en) * 2015-06-16 2017-01-11 联芯科技有限公司 Register address space control method and controller, and system on chip

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2852777B1 (en) 2003-03-21 2005-06-10 Gemplus Card Int METHOD FOR PROTECTING A MOBILE TELEPHONE TELECOMMUNICATION TERMINAL
US7636857B2 (en) 2004-05-24 2009-12-22 Interdigital Technology Corporation Data-mover controller with plural registers for supporting ciphering operations
ATE539438T1 (en) * 2005-10-28 2012-01-15 Shenzhen Chipsbank Technologies Co Ltd MEMORY MODULE WITH CONTROL CHIP WITH COMPATIBLE CONFIGURATION FUNCTION AND MANUFACTURING PROCESS THEREOF
AT511842B1 (en) * 2012-01-26 2013-03-15 Cordes Rene Michael Mag METHOD FOR WRITEING AND READING DATA

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4780905A (en) * 1984-11-26 1988-10-25 Nightwatch, Inc. Computer data encryption system
DE4120398A1 (en) * 1991-06-20 1993-01-07 Standard Elektrik Lorenz Ag DATA PROCESSING SYSTEM
US5987572A (en) * 1997-09-29 1999-11-16 Intel Corporation Method and apparatus employing a dynamic encryption interface between a processor and a memory
US6820203B1 (en) * 1999-04-07 2004-11-16 Sony Corporation Security unit for use in memory card
GB2353676A (en) * 1999-08-17 2001-02-28 Hewlett Packard Co Robust encryption and decryption of packetised data transferred across communications networks

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106326130A (en) * 2015-06-16 2017-01-11 联芯科技有限公司 Register address space control method and controller, and system on chip
CN106326130B (en) * 2015-06-16 2019-03-15 辰芯科技有限公司 Control method, controller and the system on chip of register address space

Also Published As

Publication number Publication date
FR2807177A1 (en) 2001-10-05
GB0027694D0 (en) 2000-12-27
DE10056792A1 (en) 2001-10-18
GB2364407B (en) 2004-08-25
GB2364407A (en) 2002-01-23

Similar Documents

Publication Publication Date Title
US10423804B2 (en) Cryptographic separation of users
TWI514187B (en) Systems and methods for providing anti-malware protection on storage devices
KR101081118B1 (en) System and method for securely restoring a program context from a shared memory
TW200405963A (en) Sleep protection
US9100173B2 (en) Security USB storage medium generation and decryption method, and medium recorded with program for generating security USB storage medium
KR101054981B1 (en) Computer-implemented methods, information processing systems, and computer-readable recording media for securely storing the context of a program
KR100831441B1 (en) Trusted peripheral mechanism
JP3801833B2 (en) Microprocessor
JPH0260009B2 (en)
EP1596269A2 (en) A system and method for rendering selective presentation of documents
KR20110032249A (en) Storage system including cryptography key selection device and selection method for cryptography key
US20130166922A1 (en) Method and system for frame buffer protection
JP2005327255A5 (en)
TW200947202A (en) System and method for providing secure access to system memory
US20060015753A1 (en) Internal RAM for integrity check values
EP2990953B1 (en) Periodic memory refresh in a secure computing system
KR980010802A (en) Auxiliary memory data protection device that places cryptographic circuitry within I / O system
TW490611B (en) Encryption and decryption memory and access control method
US20060101286A1 (en) Theft deterrence using trusted platform module authorization
JP2007310601A (en) Microcomputer and method for protecting its software
Sassani et al. Evaluating encryption algorithms for sensitive data using different storage devices
US20130145145A1 (en) System and method of securing data using a server-resident key
US8407479B2 (en) Data authentication and tamper detection
TWI276971B (en) Trusted input for mobile platform transactions
CN110837627A (en) Software copyright authentication method, system and equipment based on hard disk serial number

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent