WO2020118583A1 - 数据处理方法、电路、终端设备及存储介质 - Google Patents
数据处理方法、电路、终端设备及存储介质 Download PDFInfo
- Publication number
- WO2020118583A1 WO2020118583A1 PCT/CN2018/120732 CN2018120732W WO2020118583A1 WO 2020118583 A1 WO2020118583 A1 WO 2020118583A1 CN 2018120732 W CN2018120732 W CN 2018120732W WO 2020118583 A1 WO2020118583 A1 WO 2020118583A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- key stream
- start address
- data processing
- physical start
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/0802—Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Definitions
- This application relates to the field of data processing, and in particular, to a data processing method, circuit, terminal device, and storage medium.
- SoC system-on-a-chip
- FLASH external flash memory
- the data stored in the external FLASH needs to be encrypted.
- the SOC chip with the function of executing the local load code directly (Execute In Place, XIP)
- the data decryption delay is an important performance to measure the quality of the product, so how to decrypt the data to reduce the data decryption delay is a technical problem to be solved in the field.
- the present application provides a data processing method, a circuit, a terminal device, and a storage medium, which can reduce data decryption delay.
- the present application provides a data processing method, including: before reading the first data from the flash memory, or during the reading of the first data from the flash memory, generating according to the physical start address of the first data Decryption key stream of the first data; decrypt the first data through the decryption key stream, and write the decrypted first data into the cache.
- the decryption key stream of the first data has been generated in advance, so that the data processing circuit can directly decrypt the first data, thereby reducing the data decryption delay.
- the first data when the first data is the first first data, acquire the logical start address of the first data from the micro control unit MCU, and determine the physical start address of the first data according to the logical start address; when the first When the data is not the first first data, the physical of the first data is determined according to the physical start address of the first first data and the offset between the first data and the physical start address of the first first data starting address.
- This method can effectively determine the physical start address of the first data.
- the first enable signal when the first enable signal is received, it is determined that the first data is the first first data; when the second enable signal is received, it is determined that the first data is not the first first data, where the first The enable signal is different from the second enable signal.
- decrypting the first data through the decryption key stream includes: when the length of the decryption key stream and the first data are the same, an XOR operation is performed on the decryption key stream and the first data to process the first data Perform decryption; when the length of the decryption key stream is greater than the length of the first data, intercept the decryption key stream according to the length of the first data, and perform an exclusive-OR operation on the intercepted decryption key stream and the first data to The first data is decrypted.
- the data processing circuit can use the XOR operation of the stream encryption method on the decryption key stream and the first data to decrypt the first data. Since the XOR operation is a combined circuit, the data can be further reduced in this way Decryption delay.
- the method further includes: generating an encryption key stream of the second data according to the physical start address of the second data; encrypting the second data through the encryption key stream, and writing the encrypted second data into the flash memory .
- the corresponding encryption key stream is the same as the decryption key stream, that is, synchronization of the encryption key and the decryption key is achieved.
- the second data when the second data is the first second data, obtain the logical start address of the second data from the MCU, and determine the physical start address of the second data according to the logical start address; when the second data is not the first For the second data, the physical start address of the second data is determined according to the physical start address of the first second data and the offset between the second data and the physical start address of the first second data .
- This method can effectively determine the physical start address of the second data.
- encrypting the second data through the encryption key stream includes: when the encryption key stream and the second data have the same length, performing an exclusive-OR operation on the encryption key stream and the second data to process the second data Encrypt; when the length of the encryption key stream is greater than the length of the second data, intercept the encryption key stream according to the length of the second data, and use the exclusive OR operation on the intercepted encryption key stream and the second data to The second data is encrypted.
- the data processing circuit may use an exclusive OR operation on the encryption key stream and the second data to decrypt the second data. Since the exclusive OR operation is a combined circuit, data encryption efficiency can be improved in this way.
- the present application provides a data processing circuit, including:
- the first generation module is used to generate a decryption key stream of the first data according to the physical start address of the first data before reading the first data from the flash memory, or during the process of reading the first data from the flash memory ;
- the decryption module is used to decrypt the first data through the decryption key stream, and write the decrypted first data into the cache.
- the present application provides a data processing circuit, including: a processor; a memory for storing executable instructions of the processor, so that the processor executes the first aspect or the optional aspect of the first aspect The data processing method described in the above.
- the present application provides a terminal device, including: a data processing circuit, an MCU, and a flash memory as in the second aspect or the third aspect. Wherein, both ends of the data processing circuit are respectively connected to the MCU and the flash memory.
- the present application provides a storage medium, including: executable instructions, which are used to implement the data processing method according to the first aspect or the optional manner of the first aspect.
- the present application provides a computer program product, including: executable instructions for implementing the data processing method according to the first aspect or the optional manner of the first aspect.
- the data processing circuit may generate the decryption password of the first data according to the physical start address of the first data before reading the first data from the flash memory, or during the process of reading the first data from the flash memory Keystream. Based on this, as long as the data processing circuit acquires the first data, the decryption key stream of the first data has also been generated in advance, so that the data processing circuit can directly decrypt the first data, thereby reducing the data decryption delay.
- the data processing circuit may use an exclusive OR operation on the decryption key stream and the first data to decrypt the first data. Since the exclusive OR operation is a combined circuit, the data can be further reduced in this way Decryption delay.
- FIG. 1 is a schematic diagram of an embedded SOC chip and external FLASH provided by the prior art
- FIG. 2 is a flowchart of a data processing method provided by an embodiment of the present application.
- FIG. 3 is a schematic diagram of command and data transmission provided by an embodiment of the present application.
- FIG. 4 is a schematic diagram of an internal module of a flash memory controller and a data processing flow provided by an embodiment of the present application;
- FIG. 5 is a flowchart of a data processing method according to another embodiment of this application.
- FIG. 6 is a schematic diagram of an internal module of a flash memory controller and a data processing flow provided by another embodiment of the present application;
- FIG. 7 is a schematic diagram of a data processing circuit provided by an embodiment of the present application.
- FIG. 8 is a schematic diagram of an embedded SOC chip and an external FLASH provided by an embodiment of this application.
- FIG. 1 is a schematic diagram of an embedded SOC chip and an external FLASH provided by the prior art.
- the SOC chip 10 includes:
- Microcontroller (Microcontroller Unit, MCU) 11 It is the core controller of the embedded SOC chip, used to run data such as code programs.
- Cache and the cache control unit 12 When the code program is cached, the code program can run at high speed in the MCU 11.
- the code program comes from on-chip static random access memory (Static Random-Access Memory, SRAM) and/or external FLASH.
- SRAM Static Random-Access Memory
- Flash memory controller 13 used to read and write data in external FLASH.
- FLASH is accessed in the form of a four-wire queue serial interface (QSPI) or serial peripheral interface (Serial Peripheral Interface, SPI).
- QSPI queue serial interface
- SPI Serial Peripheral Interface
- System encryption engine 14 adopts the same encryption mechanism as decryption, encrypts the data, and writes the encrypted data into the FLASH through the flash controller 13 via QSPI or SPI.
- On-chip SRAM15 used to store data such as program code.
- Read-Only Memory (ROM) 16 used to store programs for execution when the SOC chip is powered on.
- QSPI/SPI used to transfer data between the flash memory controller 13 and FLASH.
- plug-in FLASH17 used to store data such as code programs for the SoC chip to read and write data in FLASH.
- the data stored in the external FLASH needs to be encrypted.
- the SOC chip with XIP function it is required to load data directly from the external FLASH while the chip is powered on or running, and quickly decrypt the loaded data, and load the decrypted data into the cache (cahce) to For MCU to execute. Therefore, how to decrypt the data to reduce the data decryption delay is a technical problem to be solved urgently in this application.
- FIG. 2 is a flowchart of a data processing method provided by an embodiment of the present application.
- the method may be executed by a data processing circuit or a terminal device mentioned below, and the data processing circuit may be integrated on an SOC chip. If the circuit is integrated in the flash memory controller, or the circuit is a flash memory controller or SOC chip, this application does not limit this.
- the following uses the execution body of the method as a data processing circuit to illustrate, as shown in FIG. 2, the method includes the following steps:
- Step S21 Before reading the first data from the flash memory, or during reading the first data from the flash memory, the data processing circuit generates a decryption key stream of the first data according to the physical start address of the first data.
- Step S22 The data processing circuit decrypts the first data through the decryption key stream, and writes the decrypted first data into the cache.
- Step S21 is described as follows:
- FIG. 3 is a schematic diagram of command and data transmission provided by an embodiment of the present application. As shown in FIG.
- the data processing circuit sends the read command and the first to FLASH The physical start address of the first data, where the data processing circuit can generate a decryption key stream of each first data in advance in the process of sending the read command and the physical start address of the first first data in FLASH.
- the data processing circuit may generate the decryption key stream of the first data according to the physical start address of the first data.
- the physical start address of the first data refers to: the physical start address of the first data in the flash memory.
- the data processing circuit has different ways of acquiring the physical start address of the first data.
- the data processing circuit acquires the logical start address of the first data from the MCU, and determines the physical start address of the first data according to the logical start address.
- the data processing circuit according to the physical start address of the first first data, and, between the first data and the physical start address of the first first data The offset between them determines the physical start address of the first data.
- the physical start address of the first first data is addr
- the offset between the other first data and the physical start address of the first first data is 4, then the physical of the other first data
- the starting address is addr+4.
- the data processing circuit may also obtain the logical start address of the first data from the MCU, and determine the physical start address of the first data according to the logical start address.
- whether the first data is the first first data can be determined in the following optional manner.
- the first enable signal is an initial address access enable signal (spi_addr_start), which is used to indicate that the first data is the first first data, or used to indicate that the decryption key for generating the first first data is started flow.
- the second enable signal is a FIFO write enable signal (FIFO_wr), which is used to indicate that the first data is not the first first data, or used to indicate that the generation of a decryption key stream that is not the first first data is initiated, where the so-called "Write” refers to writing the data in FLASH into the cache.
- FIFO_wr FIFO write enable signal
- the first enable signal is 1, the second enable signal is 0, or the first enable signal is 0, and the second enable signal is 1. This embodiment does not limit the first enable signal and the second enable signal.
- the manner in which the data processing circuit generates the decryption key stream of the first data includes any one of the following, but is not limited to this:
- the data processing circuit obtains the public key, and generates an asymmetric shared key according to the public key.
- the data processing circuit may use the existing RSA algorithm to generate the asymmetric shared key, which is not described in this embodiment.
- the data processing circuit may acquire an initial vector, and the initial vector includes some public information that is used to generate a decryption key stream of the first data.
- the public information includes: a random number.
- the data processing circuit may use the physical start address of the first data and the initial vector as plain text in the counter (Counter, CTR) mode, and use the asymmetric shared key as the key in the CTR mode to generate the first data Decryption key stream.
- the data processing circuit directly adopts a certain algorithm to the physical start address of the first data to obtain the decryption key stream of the first data. For example, the data processing circuit intercepts the last 8 bits of the physical start address of the first data as the decryption key stream of the first data. Alternatively, the data processing circuit selects odd or even bits of the physical start address of the first data as the decryption key stream of the first data. Alternatively, the data processing circuit first selects odd or even bits of the physical start address of the first data, and then performs operations such as summing and multiplying the odd or even bits to obtain the decryption key stream of the first data.
- step S22 The following is a description of step S22:
- an XOR operation is performed on the decryption key stream and the first data to decrypt the first data; when the length of the decryption key stream is greater than the first data
- the length of the first data the decryption key stream is intercepted according to the length of the first data, and an exclusive-OR operation is performed on the intercepted decryption key stream and the first data to decrypt the first data.
- the data processing circuit can directly distinguish between the decryption key stream and the first data Or operation to decrypt the first data. Assuming that the decryption key stream is 64 bits, the data processing circuit can intercept the first 32 bits or the last 32 bits of the decryption key stream, and perform an exclusive-OR operation on the intercepted decryption key stream and the first data to The data is decrypted.
- the decrypted first data is written into the cache for the MCU to execute the first data.
- the data processing circuit may generate the first data according to the physical start address of the first data before reading the first data from the flash memory, or during the reading of the first data from the flash memory Data decryption key stream. Based on this, as long as the data processing circuit acquires the first data, the decryption key stream of the first data has also been acquired, so that the data processing circuit can directly decrypt the first data, thereby reducing the data decryption delay.
- the data processing circuit may use an exclusive OR operation on the decryption key stream and the first data to decrypt the first data. Since the exclusive OR operation is a combined circuit, the data can be further reduced in this way Decryption delay.
- the above data processing circuit may be integrated on the SOC chip, for example, the chip is integrated in the flash memory controller, or the data processing circuit is a flash memory controller or SOC chip. Assuming that the data processing circuit is a circuit integrated in the flash memory controller, in fact, there are other modules in the flash memory controller. The following further describes the above data processing method through the interaction of these modules with the data processing circuit:
- the flash memory controller 40 includes: a finite state machine (Finite State Machine, FSM) state machine module 41, receiving A first-in first-out (receive First Input First Output (rxFIFO) buffer 42, a serial-to-parallel (S2P) interface 43, a first register 44, a data processing circuit 45, and a selector 49.
- the data processing circuit 45 includes: a decryption key stream generation module 46, a second register 47, and an XOR operation module 48.
- the FSM state machine module 41 can receive the logical start address AHB_addr of the first first data, and convert the starting logical address AHB_addr to a physical start address, and convert the first first data
- the physical start address is transmitted to the decryption key stream generation module 46 in the data processing circuit 45, and sends the above-mentioned first enable signal spi_addr_start to the decryption key stream generation module 46.
- the FSM state machine module 41 may determine the physical start address of the first first data and the offset between the non-first first data and the physical start address of the first first data Shift, calculate the physical start address of the non-first first data, transfer the physical start address of the non-first first data to the decryption key stream generation module 46 in the data processing circuit 45, and decrypt The key stream generation module 46 sends the above-mentioned second enable signal FIFO_wr.
- the data processing circuit 45 may send the physical start address of the first data to the decryption key stream generation module 46 through the first register 44, where the first register 44 is used to implement between the flash memory controller 40 and FLASH Clock synchronization.
- the decryption key stream generation module 46 may first obtain the asymmetric shared key and the initial vector of the first data, and the data processing circuit may The physical start address of the first data and the initial vector are used as the plain text of the CTR mode, and the asymmetric shared key is used as the key of the CTR mode to generate a decryption key stream of the first data.
- the decryption key stream generation module 46 may transmit the generated decryption key stream to the second register 47, where the second register 47 is also used to synchronize the clock between the flash memory controller 40 and FLASH.
- the second register 47 transmits the decryption key stream to the XOR operation module 48.
- the S2P module 49 in the data processing circuit 45 can read the first data from FLASH through the QSPI method, where the S2P module 49 is used to realize serial paralleling, and the XOR operation module 48 can decrypt the key stream XOR operation with the first data, that is to decrypt the data to be interpreted.
- the XOR operation module 48 may output the decrypted first data to the selector 49, so that the selector 49 sends only the decrypted first data to the rxFIFO buffer 42, where the rxFIFO buffer 42 is to implement flash control
- the clock between the device 40 and FLASH is synchronized.
- the rxFIFO buffer 42 can write the decrypted first data into the buffer through the bus (for example, the AHB bus) for the MCU to execute the decrypted first data.
- modules and data processing circuits may be understood as software modules or hardware circuits, which are not limited in this embodiment.
- the above data processing method is further explained by dividing the flash memory controller into modules, and through the interaction of these modules with the data processing circuit, where, before reading the first data from the flash memory, or, in During the reading of the first data from the flash memory, the data processing circuit generates a decryption key stream of the first data according to the physical start address of the first data. Based on this, as long as the data processing circuit obtains the first data, the decryption key stream of the first data has been generated in advance, so that the data processing circuit can directly decrypt the first data, thereby reducing the data decryption delay.
- the data processing circuit may use an exclusive OR operation on the decryption key stream and the first data to decrypt the first data. Since the exclusive OR operation is a combined circuit, the data can be further reduced in this way Decryption delay.
- FIG. 5 is a flowchart of a data processing method according to another embodiment of the present application.
- the method may be executed by a data processing circuit or a terminal device.
- the data processing circuit may be integrated on an SOC chip.
- the circuit is integrated in In the flash memory controller, or, the circuit is a flash memory controller or an SOC chip, which is not limited in this application.
- the following uses the execution body of the method as a data processing circuit to illustrate, as shown in FIG. 5, the method includes the following steps:
- Step S51 The data processing circuit generates an encryption key stream of the second data according to the physical start address of the second data.
- Step S52 The data processing circuit encrypts the second data through the encryption key stream, and writes the encrypted second data into the flash memory.
- step S51 The following is a description of step S51:
- This embodiment is applied to the scenario where the data processing circuit writes data to the flash memory.
- the data in the flash memory is encrypted data. Therefore, when the data processing circuit accesses the data to the flash memory, the data needs to be encrypted.
- Each second data has a unique encryption key stream.
- the data processing circuit may generate the encryption key stream of the second data according to the physical start address of the second data.
- the physical start address of the second data refers to: the physical start address of the second data in the flash memory.
- the data processing circuit has different ways of acquiring the physical start address of the second data.
- the data processing circuit acquires the logical start address of the second data from the MCU, and determines the physical start address of the second data according to the logical start address.
- the data processing circuit is based on the physical start address of the first second data and the physical start address of the second data and the first second data The offset between them determines the physical start address of the second data.
- the physical start address of the first second data is addr
- the offset between the second second data and the physical start address of the first second data is 4, then the physical of the other second data
- the starting address is addr+4.
- the data processing circuit may also obtain the logical start address of the second data from the MCU, and determine the physical start address of the second data according to the logical start address.
- the manner in which the data processing circuit generates the encryption key stream of the second data includes any one of the following, but is not limited to this:
- the data processing circuit obtains the public key, and generates an asymmetric shared key according to the public key.
- the data processing circuit may use the existing RSA algorithm to generate the asymmetric shared key, which is not described in this embodiment.
- the data processing circuit may acquire an initial vector, and the initial vector includes some public information that is used to generate the encryption key stream of the second data.
- the public information includes: a random number.
- the data processing circuit can use the physical start address and the initial vector of the second data as the plain text of the CTR mode, and use the asymmetric shared key as the key of the CTR mode to generate an encrypted key stream of the second data .
- the data processing circuit directly uses a certain algorithm on the physical start address of the second data to obtain the encryption key stream of the second data. For example, the data processing circuit intercepts the last 8 bits of the physical start address of the second data as the encryption key stream of the second data. Alternatively, the data processing circuit selects odd or even bits of the physical start address of the second data as the encryption key stream of the second data. Alternatively, the data processing circuit first selects odd or even bits of the physical start address of the second data, and then performs operations such as summing and multiplying the odd or even bits to obtain the encryption key stream of the second data.
- the data processing circuit generates the encryption key stream in the same manner as the decryption key stream.
- Step S52 will be described as follows:
- an exclusive OR operation is performed on the encryption key stream and the second data to encrypt the second data; when the length of the encryption key stream is greater than the second data
- an exclusive OR operation is performed on the intercepted encryption key stream and the second data to encrypt the second data.
- the second data is a data block
- the length of the data block is 4 bytes, that is, 32 bits, assuming that the encryption key stream is also 32 bits
- the data processing circuit can directly distinguish between the encryption key stream and the second data Or operate to encrypt the second data.
- the data processing circuit can intercept the first 32 bits or the last 32 bits of the encryption key stream, and perform an exclusive-OR operation on the intercepted encryption key stream and the second data to The data is encrypted.
- the encryption process of the second data by the data processing circuit corresponds to the decryption process of the data.
- the data processing circuit uses the exclusive OR operation on the data and the encryption key stream.
- the data processing circuit also uses the exclusive OR operation on the data and the decryption key stream.
- the corresponding encryption key stream is the same as the decryption key stream, that is, synchronization of the encryption key and the decryption key is achieved.
- the above data processing circuit may be integrated on the SOC chip, for example, the data processing circuit is integrated in the flash memory controller, or the data processing circuit is a flash memory controller or SOC chip. Assuming that the data processing circuit is a circuit integrated in the flash memory controller, in fact, there are other modules in the flash memory controller. The following further describes the above data processing method through the interaction of these modules with the data processing circuit:
- FIG. 6 is a schematic diagram of an internal module of a flash memory controller and a data processing flow provided by another embodiment of the present application.
- the flash memory controller 60 includes: an FSM state machine module 61 and a first-in-first-out (transmit first) input. Output, txFIFO) cache 62, serial to parallel (P2S) interface 63, and data processing circuit 64.
- the data processing circuit 64 includes: an encryption key stream generation module 65 and an XOR operation module 66.
- the FSM state machine module 61 can receive the logical start address AHB_addr of the first second data, and convert the starting logical address AHB_addr to a physical start address, convert the first second data
- the physical start address is transferred to the txFIFO buffer 62, which is used to synchronize the clock between the flash memory controller 40 and FLASH.
- the txFIFO buffer 62 transmits the physical start address of the first second data to the encryption key stream generation module 65 in the data processing circuit.
- the FSM state machine module 61 may determine the physical start address of the first second data and the offset between the non-first second data and the physical start address of the first second data The shift amount is calculated to obtain the physical start address of the non-first second data, and the physical start address of the non-first second data is transmitted to the encryption key stream generation module 65 in the data processing circuit 64.
- the encryption key stream generation module 65 may first obtain the asymmetric shared key and the initial vector of the second data, and the data processing circuit may The physical start address of the second data and the initial vector are used as the plain text of the CTR mode, and the asymmetric shared key is used as the key of the CTR mode to generate an encrypted key stream of the second data.
- the encryption key stream generation module 65 transmits the encryption key stream to the XOR operation module 66.
- the XOR operation module 66 may perform an XOR operation on the encryption key stream and the second data, that is, encrypt the second data.
- the P2S63 in the data processing circuit can write the second data to the FLASH through the QSPI method, where the P2S63 is used to implement parallel conversion.
- modules and data processing circuits may be understood as software modules or hardware circuits, which are not limited in this embodiment.
- data processing circuit 64 in this embodiment may be integrated with the data processing circuit involved in the above data reading process.
- the above data processing method is further explained by dividing the flash memory controller into modules, and through the interaction between these modules and the data processing circuit.
- the data processing circuit is a circuit in a flash memory controller, a flash memory controller, or a system-on-chip SOC. As shown in FIG. 7, the data processing circuit includes:
- the first generating module 71 is configured to generate the first data according to the physical start address of the first data before reading the first data from the flash memory, or during the process of reading the first data from the flash memory Decryption key stream.
- the decryption module 72 is configured to decrypt the first data through the decryption key stream, and write the decrypted first data into the cache.
- the method further includes: a first determining module 73, configured to: when the first data is the first first data, obtain a logical start address of the first data from the MCU, and start according to the logic The start address determines the physical start address of the first data; when the first data is not the first first data, according to the physical start address of the first first data, and the first data and The offset between the physical start address of the first first data determines the physical start address of the first data.
- a first determining module 73 configured to: when the first data is the first first data, obtain a logical start address of the first data from the MCU, and start according to the logic The start address determines the physical start address of the first data; when the first data is not the first data, according to the physical start address of the first first data, and the first data and The offset between the physical start address of the first first data determines the physical start address of the first data.
- the first determination module 73 is specifically configured to: when receiving the first enable signal, determine that the first data is the first first data; when receive the second enable signal, determine the The first data is not the first first data.
- the decryption module 72 is specifically configured to: when the decryption key stream and the first data have the same length, perform an XOR operation on the decryption key stream and the first data to Decrypt the first data; when the length of the decryption key stream is greater than the length of the first data, intercept the decryption key stream according to the length of the first data, and decrypt the decrypted secret stream The key stream and the first data are XORed to decrypt the first data.
- it also includes:
- the second generation module 74 is configured to generate an encryption key stream of the second data according to the physical start address of the second data
- the encryption module 75 is configured to encrypt the second data through the encryption key stream and write the encrypted second data into the flash memory.
- the method further includes: a second determining module 76, configured to: when the second data is the first second data, obtain a logical start address of the second data from the MCU, and start according to the logic The start address determines the physical start address of the second data; when the second data is not the first second data, according to the physical start address of the first second data, and the second data and The offset between the physical start address of the first second data determines the physical start address of the second data.
- a second determining module 76 configured to: when the second data is the first second data, obtain a logical start address of the second data from the MCU, and start according to the logic The start address determines the physical start address of the second data; when the second data is not the first second data, according to the physical start address of the first second data, and the second data and The offset between the physical start address of the first second data determines the physical start address of the second data.
- the encryption module 75 is specifically configured to: when the encryption key stream and the second data have the same length, perform an XOR operation on the encryption key stream and the second data to Encrypt the second data; when the length of the encryption key stream is greater than the length of the second data, intercept the encryption key stream according to the length of the second data, and encrypt the intercepted encryption key The key stream and the second data are XORed to encrypt the second data.
- modules may be understood as software modules or hardware circuits.
- the first generation module 71 corresponds to the decryption key stream generation module 46 in FIG. 4, the decryption module 72 corresponds to the XOR operation module 48 in FIG. 4, and the first determination module 73 corresponds to the FSM state machine module 41 in FIG.
- the second generation module 74 corresponds to the encryption key stream generation module 65 in FIG. 6, the encryption module 75 corresponds to the XOR operation module 66 in FIG. 6, and the second determination module 76 corresponds to the FSM state machine module in FIG. 61, wherein the FSM state machine module 41 and the FSM state machine module 61 may be the same FSM state machine module.
- the data processing circuit provided in this embodiment can perform the above-mentioned data processing method, and the content and effect can refer to the method section.
- the data processing circuit provided in this embodiment of the present invention can be modularized in design, its structure is simple, and can be integrated To the flash memory controller.
- FIG. 8 is a schematic diagram of an embedded SOC chip and a plug-in FLASH provided by an embodiment of the present application.
- the SOC chip 80 includes an MCU 81, a cache, and a cache control unit 82 , FLASH controller 83, FLASH controller 83 includes: rxFIFO buffer 84 and data processing circuit 85, the data processing circuit 85 includes a first generation module 86 and a decryption module 87, optionally, the data processing circuit 85 further includes a register 88 .
- the MCU 81 is connected to the cache and the cache control unit 82, the FLASH controller 83 through a bus (such as an AHB bus), specifically connected to the rxFIFO cache 84, the first generation module 86 is connected to the decryption module 87 through the register 88, and the decryption module 87 Connected to the flash memory 89, the MCU 81, the cache and the cache control unit 82, the FLASH controller 83 can refer to the corresponding embodiment of FIG. 1, the rxFIFO cache 84 can refer to the corresponding embodiment of FIG. 4, the first generation module 86 and the decryption module 87 can With reference to the embodiment corresponding to FIG. 7, the content and effects thereof will not be repeated here.
- a bus such as an AHB bus
- the present application also provides a data processing circuit, including: a processor; a memory for storing executable instructions of the processor, so that the processor executes the above data processing method, wherein the memory may be non-volatile
- the content and effect can refer to the method section, which will not be repeated here.
- the present application also provides a terminal device, including the above-mentioned data processing circuit, MCU, and flash memory. Wherein, both ends of the data processing circuit are respectively connected to the MCU and the flash memory.
- the data processing circuit can be used to perform the above-mentioned data processing method. For the content and effect, refer to the method section, which will not be repeated here.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
本申请提供一种数据处理方法、电路、终端设备及存储介质。包括:在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,根据所述第一数据的物理起始地址生成所述第一数据的解密密钥流;通过所述解密密钥流对所述第一数据进行解密,并将解密后的所述第一数据写入缓存中。从而可以降低数据解密时延。
Description
本申请涉及数据处理领域,尤其涉及一种数据处理方法、电路、终端设备及存储介质。
随着信息技术的飞速发展,越来越多的嵌入式片上系统(System-on-a-chip,SoC)产品使用外挂闪存(FLASH)来存储程序代码等数据,以降低产品成本。
为了实现数据的安全性,需要对存储在外挂FLASH的数据进行加密。相应的,对于具有本地加载代码程序直接执行(Execute In Place,XIP)功能的SOC芯片,要求在芯片上电或运行期间,直接从外挂FLASH加载数据,并快速对加载的数据进行解密,将解密后的数据加载到缓存(cache)中,以供微控制单元(Microcontroller Unit,MCU)执行。因此数据解密时延是衡量产品好坏的一项重要性能,那么如何进行数据解密,才能降低数据解密时延是本领域亟待解决的技术问题。
发明内容
本申请提供一种数据处理方法、电路、终端设备及存储介质,从而可以降低数据解密时延。
第一方面,本申请提供一种数据处理方法,包括:在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,根据第一数据的物理起始地址生成第一数据的解密密钥流;通过解密密钥流对第一数据进行解密,并将解密后的第一数据写入缓存中。
基于此,只要数据处理电路获取到第一数据,该第一数据的解密密钥流也已预先生成好了,使得数据处理电路可以直接对第一数据进行解密,从而可以降低数据解密时延。
可选地,当第一数据是首个第一数据时,从微控制单元MCU获取第一 数据的逻辑起始地址,并根据逻辑起始地址确定第一数据的物理起始地址;当第一数据不是首个第一数据时,根据首个第一数据的物理起始地址,以及,第一数据与首个第一数据的物理起始地址之间的偏移量,确定第一数据的物理起始地址。通过该方法可以有效的确定第一数据的物理起始地址。
可选地,当接收到第一使能信号时,确定第一数据是首个第一数据;当接收到第二使能信号时,确定第一数据不是首个第一数据,其中,第一使能信号不同于第二使能信号。
可选地,通过解密密钥流对第一数据进行解密,包括:当解密密钥流和第一数据长度相同时,对解密密钥流和第一数据采用异或操作,以对第一数据进行解密;当解密密钥流的长度大于第一数据的长度时,按照第一数据的长度截取解密密钥流,并对截取后的解密密钥流和第一数据采用异或操作,以对第一数据进行解密。
在本实施例中,数据处理电路可以对解密密钥流和第一数据采用流加密方式的异或操作,以解密第一数据,由于异或操作是组合电路,通过该方式可以进一步地降低数据解密时延。
可选地,还包括:根据第二数据的物理起始地址生成第二数据的加密密钥流;通过加密密钥流对第二数据进行加密,并将加密后的第二数据写入闪存中。
在本实施例中,对于同一数据,其对应的加密密钥流与解密密钥流相同,即实现了加密密钥和解密密钥的同步。
可选地,当第二数据是首个第二数据时,从MCU获取第二数据的逻辑起始地址,并根据逻辑起始地址确定第二数据的物理起始地址;当第二数据不是首个第二数据时,根据首个第二数据的物理起始地址,以及,第二数据与首个第二数据的物理起始地址之间的偏移量,确定第二数据的物理起始地址。通过该方法可以有效的确定第二数据的物理起始地址。
可选地,通过加密密钥流对第二数据进行加密,包括:当加密密钥流和第二数据长度相同时,对加密密钥流和第二数据采用异或操作,以对第二数据进行加密;当加密密钥流的长度大于第二数据的长度时,按照第二数据的长度截取加密密钥流,并对截取后的加密密钥流和第二数据采用异或操作,以对第二数据进行加密。
在本实施例中,数据处理电路可以对加密密钥流和第二数据采用异或操作,以解密第二数据,由于异或操作是组合电路,通过该方式可以提高数据加密效率。
第二方面,本申请提供一种数据处理电路,包括:
第一生成模块,用于在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,根据第一数据的物理起始地址生成第一数据的解密密钥流;
解密模块,用于通过解密密钥流对第一数据进行解密,并将解密后的第一数据写入缓存中。
第三方面,本申请提供一种数据处理电路,包括:处理器;用于存储所述处理器的可执行指令的存储器,以使所述处理器执行如第一方面或第一方面的可选方式所述的数据处理方法。
第四方面,本申请提供一种终端设备,包括:如第二方面或第三方面的数据处理电路、MCU和闪存。其中,所述数据处理电路的两端分别于所述MCU和所述闪存连接。
第五方面,本申请提供一种存储介质,包括:可执行指令,所述指令用于实现如第一方面或第一方面的可选方式所述的数据处理方法。
第六方面,本申请提供一种计算机程序产品,包括:可执行指令,所述指令用于实现如第一方面或第一方面的可选方式所述的数据处理方法。
本申请提供数据处理方法、电路、终端设备及存储介质。其中,数据处理电路可以在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,数据处理电路根据第一数据的物理起始地址生成第一数据的解密密钥流。基于此,只要数据处理电路获取到第一数据,该第一数据的解密密钥流也已经预先生成好了,使得数据处理电路可以直接对第一数据进行解密,从而可以降低数据解密时延。可选地,在本实施例中,数据处理电路可以对解密密钥流和第一数据采用异或操作,以解密第一数据,由于异或操作是组合电路,通过该方式可以进一步地降低数据解密时延。
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实 施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。
图1为现有技术提供的一种嵌入式SOC芯片和外挂FLASH的示意图;
图2为本申请一实施例提供的一种数据处理方法的流程图;
图3为本申请一实施例提供的指令和数据传输的示意图;
图4为本申请一实施例提供的闪存控制器内部模块以及数据处理流程的示意图;
图5为本申请另一实施例提供的一种数据处理方法的流程图;
图6为本申请另一实施例提供的闪存控制器内部模块以及数据处理流程的示意图;
图7为本申请一实施例提供的一种数据处理电路的示意图;
图8为本申请一实施例提供的嵌入式SOC芯片和外挂FLASH的示意图。
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本申请的实施例,例如能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。
在介绍本申请技术方案之前,下面首先介绍嵌入式SOC芯片和外挂FLASH。
图1为现有技术提供的一种嵌入式SOC芯片和外挂FLASH的示意图,如图1所示,如图1所示,SOC芯片10包括:
微控制单元(Microcontroller Unit,MCU)11:其是嵌入式SOC芯片的核心控制器,用于运行代码程序等数据。
缓存(Cache)和该缓存的控制单元12:当代码程序缓存时,该代码程序可以在MCU11中高速运行。其中该代码程序来自片上静态随机存取存储器(Static Random-Access Memory,SRAM)和/或外挂FLASH。
闪存控制器13:用于读写外挂FLASH中的数据,一般以四线队列串行接口(QSPI)或者串行外设接口(Serial Peripheral Interface,SPI)的方式访问FLASH。
系统加密引擎14:采用和解密同样的加密机制,对数据进行加密,并将加密后的数据通过闪存控制器13经QSPI或者SPI写入FLASH中。
片上SRAM15:用于存储程序代码等数据。
只读存储器(Read-Only Memory,ROM)16:用于存储程序,以供SOC芯片上电时执行。
QSPI/SPI:用于实现闪存控制器13和FLASH之间的数据传输。
此外,外挂FLASH17:用于存储代码程序等数据,以供SoC芯片读写FLASH中的数据。
如上所述,为了实现数据的安全性,需要对存储在外挂FLASH的数据进行加密。相应的,对于具有XIP功能的SOC芯片,要求在芯片上电或运行期间,直接从外挂FLASH加载数据,并快速对加载的数据进行解密,将解密后的数据加载到缓存(cahce)中,以供MCU执行。因此如何进行数据解密,才能降低数据解密时延是本申请亟待解决的技术问题。
为了解决上述技术问题,本申请提供一种数据处理方法、电路、终端设备及存储介质。具体地,图2为本申请一实施例提供的一种数据处理方法的流程图,该方法的执行主体可以是下面提到的数据处理电路或者终端设备,该数据处理电路可以集成在SOC芯片上,如该电路集成在闪存控制器中,或者,该电路是闪存控制器或者SOC芯片,本申请对此不做限制。下面以该方法的执行主体为数据处理电路来举例说明,如图2所示,该方法包括如下步骤:
步骤S21:在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,数据处理电路根据第一数据的物理起始地址生成第一数据的解密密钥流。
步骤S22:数据处理电路通过解密密钥流对第一数据进行解密,并将解密后的第一数据写入缓存中。
针对步骤S21进行如下说明:
本实施例应用于数据处理电路从闪存中读取数据的场景。如上所述,为了实现数据的安全性,闪存中的数据为加密数据,因此,当数据处理电路从闪存中读取到第一数据之后,要对该第一数据进行解密。为了降低数据解密延迟,本实施例提出在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,生成第一数据的解密密钥流。其中每个第一数据具有唯一的解密密钥流。例如:图3为本申请一实施例提供的指令和数据传输的示意图,如图3所示,数据处理电路在读取首个第一数据之前,数据处理电路先向FLASH发送读命令以及首个第一数据的物理起始地址,其中可以在FLASH发送读命令以及首个第一数据的物理起始地址的过程中,数据处理电路提前生成各个第一数据的解密密钥流。
在本实施例中,数据处理电路可以根据第一数据的物理起始地址生成第一数据的解密密钥流。其中,第一数据的物理起始地址指的是:第一数据在闪存中的物理起始地址。
其中,数据处理电路针对不同的第一数据,其获取第一数据的物理起始地址的方式也不尽相同。可选地,当第一数据是首个第一数据时,数据处理电路从MCU获取第一数据的逻辑起始地址,并根据逻辑起始地址确定第一数据的物理起始地址。当第一数据不是首个第一数据时,数据处理电路根据所述首个第一数据的物理起始地址,以及,所述第一数据与所述首个第一数据的物理起始地址之间的偏移量,确定所述第一数据的物理起始地址。例如:首个第一数据的物理起始地址为addr,另一个第一数据与所述首个第一数据的物理起始地址之间的偏移量为4,则另一个第一数据的物理起始地址为addr+4。或者,当第一数据不是首个第一数据时,数据处理电路也可以从MCU获取该第一数据的逻辑起始地址,并根据逻辑起始地址确定该第一数据的物理起始地址。
进一步地,对于一个第一数据,可以通过如下可选方式确定该第一数据是否为首个第一数据。可选地,当数据处理电路接收到第一使能信号时,确定所述第一数据是首个第一数据;当数据处理电路接收到第二使能信号时,确定所述第一数据不是首个第一数据。可选地,该第一使能信号为初始地址访问使能信号(spi_addr_start),用于表示第一数据是首个第一数据,或者,用于表示启动生成首个第一数据的解密密钥流。第二使能信号为FIFO写使能信号(FIFO_wr),用于表示第一数据不是首个第一数据,或者,用于表示启动生成非首个第一数据的解密密钥流,其中这里所谓的“写”指的是将FLASH中的数据写入缓存中。例如:第一使能信号为1,第二使能信号为0,或者,第一使能信号为0,第二使能信号为1。本实施例对第一使能信号和第二使能信号不做限制。
可选地,数据处理电路生成第一数据的解密密钥流的方式包括以下任一项,但不限于此:
一种可选方式:数据处理电路获取公钥,根据公钥生成非对称共享密钥,其中数据处理电路可以采用现有的RSA算法生成非对称共享密钥,本实施例对此不做说明。进一步地,数据处理电路可以获取一个初始向量,该初始向量包括一些可以公开的信息,这些公开的信息用于生成第一数据的解密密钥流,例如:公开的信息包括:随机数。最后,数据处理电路可以将第一数据的物理起始地址和所述初始向量作为计数(Counter,CTR)模式的明文,将所述非对称共享密钥作为CTR模式的密钥,生成第一数据的解密密钥流。
另一种可选方式:数据处理电路直接对第一数据的物理起始地址采用一定的算法,以得到第一数据的解密密钥流。例如:数据处理电路截取第一数据的物理起始地址的后8位作为第一数据的解密密钥流。或者,数据处理电路选择第一数据的物理起始地址的奇数位或者偶数位作为第一数据的解密密钥流。或者,数据处理电路首先选择第一数据的物理起始地址的奇数位或者偶数位,再对奇数位或者偶数位采用求和、求积等操作,以得到第一数据的解密密钥流。
针对步骤S22进行如下说明:
可选地,当解密密钥流和第一数据长度相同时,对解密密钥流和第一数据采用异或操作,以对第一数据进行解密;当解密密钥流的长度大于第一数 据的长度时,按照第一数据的长度截取解密密钥流,并对截取后的解密密钥流和第一数据采用异或操作,以对第一数据进行解密。例如:通常第一数据是一个数据块,该数据块长度是4字节,即32比特,假设解密密钥流也是32比特,那么数据处理电路可以直接对解密密钥流和第一数据进行异或操作,以对第一数据进行解密。假设解密密钥流是64比特,那么数据处理电路可以截取解密密钥流的前32位或者后32位,并对截取后的解密密钥流和第一数据采用异或操作,以对第一数据进行解密。
进一步地,数据处理电路通过解密密钥流对第一数据进行解密之后,将解密后的第一数据写入缓存中,以供MCU执行第一数据。
在本实施例中,数据处理电路可以在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,数据处理电路根据第一数据的物理起始地址生成第一数据的解密密钥流。基于此,只要数据处理电路获取到第一数据,该第一数据的解密密钥流也已经被获取到了,使得数据处理电路可以直接对第一数据进行解密,从而可以降低数据解密时延。可选地,在本实施例中,数据处理电路可以对解密密钥流和第一数据采用异或操作,以解密第一数据,由于异或操作是组合电路,通过该方式可以进一步地降低数据解密时延。
如上所述,上述数据处理电路可以集成在SOC芯片上,如该芯片集成在闪存控制器中,或者,该数据处理电路是闪存控制器或者SOC芯片。假设该数据处理电路是集成在闪存控制器中的一个电路,实际上,闪存控制器还存在其他模块,下面通过这些模块与数据处理电路的交互来进一步对上述数据处理方法进行说明:
图4为本申请一实施例提供的闪存控制器内部模块以及数据处理流程的示意图,如图4所示,闪存控制器40包括:有限状态机(Finite State Machine,FSM)状态机模块41、接收先进先出(receive First Input First Output,rxFIFO)缓存42、串行转并行(Serial to Parallel,S2P)接口43、第一寄存器44、数据处理电路45以及选择器49。其中,数据处理电路45包括:解密密钥流生成模块46、第二寄存器47、异或操作模块48。其中,对于首个第一数据,FSM状态机模块41可以接收首个第一数据的逻辑起始地址AHB_addr,并将该起始逻辑地址AHB_addr转换为物理起始地址,将首个第一数据的物理起 始地址传输至数据处理电路45中的解密密钥流生成模块46,并向解密密钥流生成模块46发送上述的第一使能信号spi_addr_start。对于非首个第一数据,FSM状态机模块41可以根据首个第一数据的物理起始地址以及该非首个第一数据与所述首个第一数据的物理起始地址之间的偏移量,计算得到该非首个第一数据的物理起始地址,将该非首个第一数据的物理起始地址传输至数据处理电路45中的解密密钥流生成模块46,并向解密密钥流生成模块46发送上述的第二使能信号FIFO_wr。可选地,数据处理电路45可以通过第一寄存器44将第一数据的物理起始地址发送给解密密钥流生成模块46,其中,第一寄存器44用于实现闪存控制器40与FLASH之间的时钟同步。可选地,假设本实施例采用CTR模式确定第一数据的解密密钥流,那么解密密钥流生成模块46可以首先获取第一数据的非对称共享密钥以及初始向量,数据处理电路可以将第一数据的物理起始地址和所述初始向量作为CTR模式的明文,将所述非对称共享密钥作为CTR模式的密钥,生成第一数据的解密密钥流。可选地,解密密钥流生成模块46可以将生成的解密密钥流传输给第二寄存器47,其中,第二寄存器47也是用于实现闪存控制器40与FLASH之间的时钟同步。第二寄存器47将解密密钥流传输至异或操作模块48。另一方面,数据处理电路45中的S2P模块49可以通过QSPI方式从FLASH读取第一数据,其中,S2P模块49用于实现串转并,此时异或操作模块48可以对解密密钥流和第一数据采用异或操作,即解密待解读数据。可选地,异或操作模块48可以将解密后的第一数据输出至选择器49,使得选择器49仅将解密后的第一数据发送给rxFIFO缓存42,其中,rxFIFO缓存42要实现闪存控制器40与FLASH之间的时钟同步。最后,rxFIFO缓存42可以通过总线(例如AHB总线)将解密后的第一数据写入缓存中,以供MCU执行解密后的第一数据。
其中,上述的各个模块以及数据处理电路可以被理解为软件模块,也可以被理解为硬件电路,本实施例对此不做限制。
在本实施例中,通过对闪存控制器进行模块划分,并通过这些模块与数据处理电路的交互进一步地说明了上述数据处理方法,其中由于在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,数据处理电路根据第一数据的物理起始地址生成第一数据的解密密钥流。基于此,只要数据处理电路获取到第一数据,该第一数据的解密密钥流也已预先生成好了, 使得数据处理电路可以直接对第一数据进行解密,从而可以降低数据解密时延。可选地,在本实施例中,数据处理电路可以对解密密钥流和第一数据采用异或操作,以解密第一数据,由于异或操作是组合电路,通过该方式可以进一步地降低数据解密时延。
上面已对数据读取过程或者数据解密过程进行了说明,下面将对数据写入过程或者数据加密过程进行说明。
图5为本申请另一实施例提供的一种数据处理方法的流程图,该方法的执行主体可以是数据处理电路或者终端设备,该数据处理电路可以集成在SOC芯片上,如该电路集成在闪存控制器中,或者,该电路是闪存控制器或者SOC芯片,本申请对此不做限制。下面以该方法的执行主体为数据处理电路来举例说明,如图5所示,该方法包括如下步骤:
步骤S51:数据处理电路根据第二数据的物理起始地址生成第二数据的加密密钥流。
步骤S52:数据处理电路通过加密密钥流对第二数据进行加密,并将加密后的第二数据写入闪存中。
针对步骤S51进行如下说明:
本实施例应用于数据处理电路向闪存写入数据的场景。如上所述,为了实现数据的安全性,闪存中的数据为加密数据,因此,当数据处理电路向闪存接入数据时,需要对数据进行加密。其中每个第二数据具有唯一的加密密钥流。
在本实施例中,数据处理电路可以根据第二数据的物理起始地址生成第二数据的加密密钥流。其中,第二数据的物理起始地址指的是:第二数据在闪存中的物理起始地址。
其中,数据处理电路针对不同的第二数据,其获取第二数据的物理起始地址的方式也不尽相同。可选地,当第二数据是首个第二数据时,数据处理电路从MCU获取第二数据的逻辑起始地址,并根据逻辑起始地址确定第二数据的物理起始地址。当第二数据不是首个第二数据时,数据处理电路根据所述首个第二数据的物理起始地址,以及,所述第二数据与所述首个第二数据的物理起始地址之间的偏移量,确定所述第二数据的物理起始地址。例如: 首个第二数据的物理起始地址为addr,另一个第二数据与所述首个第二数据的物理起始地址之间的偏移量为4,则另一个第二数据的物理起始地址为addr+4。或者,当第二数据不是首个第二数据时,数据处理电路也可以从MCU获取该第二数据的逻辑起始地址,并根据逻辑起始地址确定该第二数据的物理起始地址。
可选地,数据处理电路生成第二数据的加密密钥流的方式包括以下任一项,但不限于此:
一种可选方式:数据处理电路获取公钥,根据公钥生成非对称共享密钥,其中数据处理电路可以采用现有的RSA算法生成非对称共享密钥,本实施例对此不做说明。进一步地,数据处理电路可以获取一个初始向量,该初始向量包括一些可以公开的信息,这些公开的信息用于生成第二数据的加密密钥流,例如:公开的信息包括:随机数。最后,数据处理电路可以将第二数据的物理起始地址和所述初始向量作为CTR模式的明文,将所述非对称共享密钥作为CTR模式的密钥,生成第二数据的加密密钥流。
另一种可选方式:数据处理电路直接对第二数据的物理起始地址采用一定的算法,以得到第二数据的加密密钥流。例如:数据处理电路截取第二数据的物理起始地址的后8位作为第二数据的加密密钥流。或者,数据处理电路选择第二数据的物理起始地址的奇数位或者偶数位作为第二数据的加密密钥流。或者,数据处理电路首先选择第二数据的物理起始地址的奇数位或者偶数位,再对奇数位或者偶数位采用求和、求积等操作,以得到第二数据的加密密钥流。
需要说明的是,数据处理电路生成加密密钥流的方式与生成解密密钥流的方式相同。
针对步骤S52进行如下说明:
可选地,当加密密钥流和第二数据长度相同时,对加密密钥流和第二数据采用异或操作,以对第二数据进行加密;当加密密钥流的长度大于第二数据的长度时,按照第二数据的长度截取加密密钥流,并对截取后的加密密钥流和第二数据采用异或操作,以对第二数据进行加密。例如:通常第二数据是一个数据块,该数据块长度是4字节,即32比特,假设加密密钥流也是32比特,那么数据处理电路可以直接对加密密钥流和第二数据进行异或操作, 以对第二数据进行加密。假设加密密钥流是64比特,那么数据处理电路可以截取加密密钥流的前32位或者后32位,并对截取后的加密密钥流和第二数据采用异或操作,以对第二数据进行加密。
需要说明的是,数据处理电路对第二数据的加密过程与对该数据的解密过程相应。例如:对于同一数据,数据处理电路对该数据和加密密钥流采用异或操作,同样的,数据处理电路对该数据和解密密钥流也采用的是异或操作。
在本实施例中,对于同一数据,其对应的加密密钥流与解密密钥流相同,即实现了加密密钥和解密密钥的同步。
如上所述,上述数据处理电路可以集成在SOC芯片上,如该数据处理电路集成在闪存控制器中,或者,该数据处理电路是闪存控制器或者SOC芯片。假设该数据处理电路是集成在闪存控制器中的一个电路,实际上,闪存控制器还存在其他模块,下面通过这些模块与数据处理电路的交互来进一步对上述数据处理方法进行说明:
图6为本申请另一实施例提供的闪存控制器内部模块以及数据处理流程的示意图,如图6所示,闪存控制器60包括:FSM状态机模块61、发送先进先出(transmit First Input First Output,txFIFO)缓存62、串行转并行(Parallel to Serial,P2S)接口63、数据处理电路64。其中,数据处理电路64包括:加密密钥流生成模块65和异或操作模块66。其中,对于首个第二数据,FSM状态机模块61可以接收首个第二数据的逻辑起始地址AHB_addr,并将该起始逻辑地址AHB_addr转换为物理起始地址,将首个第二数据的物理起始地址传输至txFIFO缓存62,该txFIFO缓存62用于实现闪存控制器40与FLASH之间的时钟同步。该txFIFO缓存62将首个第二数据的物理起始地址传输至数据处理电路中的加密密钥流生成模块65。对于非首个第二数据,FSM状态机模块61可以根据首个第二数据的物理起始地址以及该非首个第二数据与所述首个第二数据的物理起始地址之间的偏移量,计算得到该非首个第二数据的物理起始地址,将该非首个第二数据的物理起始地址传输至数据处理电路64中的加密密钥流生成模块65。可选地,假设本实施例采用CTR模式确定第二数据的加密密钥流,那么加密密钥流生成模块65可以首先获取第二数 据的非对称共享密钥以及初始向量,数据处理电路可以将第二数据的物理起始地址和所述初始向量作为CTR模式的明文,将所述非对称共享密钥作为CTR模式的密钥,生成第二数据的加密密钥流。加密密钥流生成模块65将加密密钥流传输至异或操作模块66,此时异或操作模块66可以对加密密钥流和第二数据采用异或操作,即加密第二数据。另一方面,数据处理电路中的P2S63可以通过QSPI方式向FLASH写入第二数据,其中,P2S63用于实现并转串。
其中,上述的各个模块以及数据处理电路可以被理解为软件模块,也可以被理解为硬件电路,本实施例对此不做限制。
需要说明的是,本实施例中的数据处理电路64可以与上述数据读取过程中涉及的数据处理电路可以集成在一起。
在本实施例中,通过对闪存控制器进行模块划分,并通过这些模块与数据处理电路的交互进一步地说明了上述数据处理方法。
图7为本申请一实施例提供的一种数据处理电路的示意图,可选地,该数据处理电路为闪存控制器中的电路、闪存控制器或者片上系统SOC。如图7所示,该数据处理电路包括:
第一生成模块71,用于在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,根据所述第一数据的物理起始地址生成所述第一数据的解密密钥流。
解密模块72,用于通过所述解密密钥流对所述第一数据进行解密,并将解密后的所述第一数据写入缓存中。
可选地,还包括:第一确定模块73,用于:当所述第一数据是首个第一数据时,从MCU获取所述第一数据的逻辑起始地址,并根据所述逻辑起始地址确定所述第一数据的物理起始地址;当所述第一数据不是首个第一数据时,根据所述首个第一数据的物理起始地址,以及,所述第一数据与所述首个第一数据的物理起始地址之间的偏移量,确定所述第一数据的物理起始地址。
可选地,第一确定模块73,具体用于:当接收到第一使能信号时,确定所述第一数据是首个第一数据;当接收到第二使能信号时,确定所述第一数 据不是首个第一数据。
可选地,所述解密模块72具体用于:当所述解密密钥流和所述第一数据长度相同时,对所述解密密钥流和所述第一数据采用异或操作,以对所述第一数据进行解密;当所述解密密钥流的长度大于所述第一数据的长度时,按照所述第一数据的长度截取所述解密密钥流,并对截取后的解密密钥流和所述第一数据采用异或操作,以对所述第一数据进行解密。
可选地,还包括:
第二生成模块74,用于根据第二数据的物理起始地址生成所述第二数据的加密密钥流;
加密模块75,用于通过所述加密密钥流对所述第二数据进行加密,并将加密后的所述第二数据写入闪存中。
可选地,还包括:第二确定模块76,用于:当所述第二数据是首个第二数据时,从MCU获取所述第二数据的逻辑起始地址,并根据所述逻辑起始地址确定所述第二数据的物理起始地址;当所述第二数据不是首个第二数据时,根据所述首个第二数据的物理起始地址,以及,所述第二数据与所述首个第二数据的物理起始地址之间的偏移量,确定所述第二数据的物理起始地址。
可选地,所述加密模块75具体用于:当所述加密密钥流和所述第二数据长度相同时,对所述加密密钥流和所述第二数据采用异或操作,以对所述第二数据进行加密;当所述加密密钥流的长度大于所述第二数据的长度时,按照所述第二数据的长度截取所述加密密钥流,并对截取后的加密密钥流和所述第二数据采用异或操作,以对所述第二数据进行加密。
其中,上述的模块可以被理解为软件模块,也可以被理解为硬件电路。
第一生成模块71相当于图4中的解密密钥流生成模块46,解密模块72相当于图4中的异或操作模块48,第一确定模块73相当于图4中的FSM状态机模块41,第二生成模块74相当于图6中的加密密钥流生成模块65,加密模块75相当于图6中的异或操作模块66,第二确定模块76相当于图6中的FSM状态机模块61,其中FSM状态机模块41和FSM状态机模块61可以是同一个FSM状态机模块。
本实施例所提供的数据处理电路可以执行上述的数据处理方法,其内容 和效果可参考方法部分,此外,本发明实施例提供的数据处理电路可以进行模块化设计,其结构简单,进而可以集成至闪存控制器中。
如上所述,上述模块以及数据处理电路可以被理解为软件模块,也可以被理解为硬件电路。假设这些模块是硬件电路,进一步地,图8为本申请一实施例提供的嵌入式SOC芯片和外挂FLASH的示意图,如图8所示,SOC芯片80包括MCU81、缓存和该缓存的控制单元82、FLASH控制器83,FLASH控制器83包括:rxFIFO缓存84和数据处理电路85,该数据处理电路85包括第一生成模块86以及解密模块87,可选地,该数据处理电路85还包括寄存器88。其中,MCU81与缓存和该缓存的控制单元82、FLASH控制器83通过总线(如AHB总线)连接,具体与rxFIFO缓存84连接,第一生成模块86通过寄存器88与解密模块87连接,解密模块87与闪存89连接,其中MCU81、缓存和该缓存的控制单元82、FLASH控制器83可参考图1对应实施例,rxFIFO缓存84可参考图4对应实施例,第一生成模块86与解密模块87可参考图7对应的实施例,其内容和效果在此不再赘述。
本申请还提供一种数据处理电路,包括:处理器;用于存储所述处理器的可执行指令的存储器,以使所述处理器执行上述的数据处理方法,其中,存储器可以是非易失性存储介质,其内容和效果可参考方法部分,对此不再赘述。
本申请还提供一种终端设备,包括:上述的数据处理电路、MCU和闪存。其中,数据处理电路的两端分别于MCU和闪存连接,该数据处理电路可以用于执行上述的数据处理方法,其内容和效果可参考方法部分,对此不再赘述。
本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改, 或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。
Claims (18)
- 一种数据处理方法,其特征在于,包括:在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,根据所述第一数据的物理起始地址生成所述第一数据的解密密钥流;通过所述解密密钥流对所述第一数据进行解密,并将解密后的所述第一数据写入缓存中。
- 根据权利要求1所述的方法,其特征在于,还包括:当所述第一数据是首个第一数据时,从微控制单元MCU获取所述第一数据的逻辑起始地址,并根据所述逻辑起始地址确定所述第一数据的物理起始地址;当所述第一数据不是首个第一数据时,根据所述首个第一数据的物理起始地址,以及,所述第一数据与所述首个第一数据的物理起始地址之间的偏移量,确定所述第一数据的物理起始地址。
- 根据权利要求2所述的方法,其特征在于,还包括:当接收到第一使能信号时,确定所述第一数据是首个第一数据;当接收到第二使能信号时,确定所述第一数据不是首个第一数据,其中,所述第一使能信号不同于所述第二使能信号。
- 根据权利要求1-3任一项所述的方法,其特征在于,所述通过所述解密密钥流对所述第一数据进行解密,包括:当所述解密密钥流和所述第一数据长度相同时,对所述解密密钥流和所述第一数据采用异或操作,以对所述第一数据进行解密;当所述解密密钥流的长度大于所述第一数据的长度时,按照所述第一数据的长度截取所述解密密钥流,并对截取后的解密密钥流和所述第一数据采用异或操作,以对所述第一数据进行解密。
- 根据权利要求1-3任一项所述的方法,其特征在于,还包括:根据第二数据的物理起始地址生成所述第二数据的加密密钥流;通过所述加密密钥流对所述第二数据进行加密,并将加密后的所述第二数据写入闪存中。
- 根据权利要求5所述的方法,其特征在于,还包括:当所述第二数据是首个第二数据时,从MCU获取所述第二数据的逻辑 起始地址,并根据所述逻辑起始地址确定所述第二数据的物理起始地址;当所述第二数据不是首个第二数据时,根据所述首个第二数据的物理起始地址,以及,所述第二数据与所述首个第二数据的物理起始地址之间的偏移量,确定所述第二数据的物理起始地址。
- 根据权利要求5所述的方法,其特征在于,所述通过所述加密密钥流对所述第二数据进行加密,包括:当所述加密密钥流和所述第二数据长度相同时,对所述加密密钥流和所述第二数据采用异或操作,以对所述第二数据进行加密;当所述加密密钥流的长度大于所述第二数据的长度时,按照所述第二数据的长度截取所述加密密钥流,并对截取后的加密密钥流和所述第二数据采用异或操作,以对所述第二数据进行加密。
- 一种数据处理电路,其特征在于,包括:第一生成模块,用于在从闪存中读取第一数据之前,或者,在从闪存中读取第一数据过程中,根据所述第一数据的物理起始地址生成所述第一数据的解密密钥流;解密模块,用于通过所述解密密钥流对所述第一数据进行解密,并将解密后的所述第一数据写入缓存中。
- 根据权利要求8所述的电路,其特征在于,还包括:第一确定模块,用于:当所述第一数据是首个第一数据时,从微控制单元MCU获取所述第一数据的逻辑起始地址,并根据所述逻辑起始地址确定所述第一数据的物理起始地址;当所述第一数据不是首个第一数据时,根据所述首个第一数据的物理起始地址,以及,所述第一数据与所述首个第一数据的物理起始地址之间的偏移量,确定所述第一数据的物理起始地址。
- 根据权利要求9所述的电路,其特征在于,所述第一确定模块,具体用于:当接收到第一使能信号时,确定所述第一数据是首个第一数据;当接收到第二使能信号时,确定所述第一数据不是首个第一数据,其中,所述第一使能信号不同于所述第二使能信号。
- 根据权利要求8-10中任一项所述的电路,其特征在于,所述解密模块具体用于:当所述解密密钥流和所述第一数据长度相同时,对所述解密密钥流和所述第一数据采用异或操作,以对所述第一数据进行解密;当所述解密密钥流的长度大于所述第一数据的长度时,按照所述第一数据的长度截取所述解密密钥流,并对截取后的解密密钥流和所述第一数据采用异或操作,以对所述第一数据进行解密。
- 根据权利要求8-10任一项所述的电路,其特征在于,还包括:第二生成模块,用于根据第二数据的物理起始地址生成所述第二数据的加密密钥流;加密模块,用于通过所述加密密钥流对所述第二数据进行加密,并将加密后的所述第二数据写入闪存中。
- 根据权利要求12所述的电路,其特征在于,还包括:第二确定模块,用于:当所述第二数据是首个第二数据时,从MCU获取所述第二数据的逻辑起始地址,并根据所述逻辑起始地址确定所述第二数据的物理起始地址;当所述第二数据不是首个第二数据时,根据所述首个第二数据的物理起始地址,以及,所述第二数据与所述首个第二数据的物理起始地址之间的偏移量,确定所述第二数据的物理起始地址。
- 根据权利要求13所述的电路,其特征在于,所述加密模块具体用于:当所述加密密钥流和所述第二数据长度相同时,对所述加密密钥流和所述第二数据采用异或操作,以对所述第二数据进行加密;当所述加密密钥流的长度大于所述第二数据的长度时,按照所述第二数据的长度截取所述加密密钥流,并对截取后的加密密钥流和所述第二数据采用异或操作,以对所述第二数据进行加密。
- 根据权利要求8-14任一项所述的电路,其特征在于,所述电路为以下任一项:闪存控制器中的电路、闪存控制器、片上系统SOC。
- 一种数据处理电路,其特征在于,包括:处理器;用于存储所述处理器的可执行指令的存储器,以使所述处理器执行如权 利要求1-7任一项所述的数据处理方法。
- 一种终端设备,其特征在于,包括:如权利要求8-16任一项所述的数据处理电路、MCU和闪存;其中,所述数据处理电路的两端分别于所述MCU和所述闪存连接。
- 一种存储介质,其特征在于,包括:可执行指令,所述指令用于实现如权利要求1-7任一项所述的数据处理方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18943152.1A EP3758276B1 (en) | 2018-12-12 | 2018-12-12 | Data processing method, circuit, terminal device storage medium |
PCT/CN2018/120732 WO2020118583A1 (zh) | 2018-12-12 | 2018-12-12 | 数据处理方法、电路、终端设备及存储介质 |
CN201880002532.5A CN111566987B (zh) | 2018-12-12 | 2018-12-12 | 数据处理方法、电路、终端设备及存储介质 |
US17/029,410 US20210006391A1 (en) | 2018-12-12 | 2020-09-23 | Data processing method, circuit, terminal device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2018/120732 WO2020118583A1 (zh) | 2018-12-12 | 2018-12-12 | 数据处理方法、电路、终端设备及存储介质 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/029,410 Continuation US20210006391A1 (en) | 2018-12-12 | 2020-09-23 | Data processing method, circuit, terminal device and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020118583A1 true WO2020118583A1 (zh) | 2020-06-18 |
Family
ID=71077068
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/120732 WO2020118583A1 (zh) | 2018-12-12 | 2018-12-12 | 数据处理方法、电路、终端设备及存储介质 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20210006391A1 (zh) |
EP (1) | EP3758276B1 (zh) |
CN (1) | CN111566987B (zh) |
WO (1) | WO2020118583A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230104633A1 (en) * | 2020-03-23 | 2023-04-06 | Btblock Llc | Management system and method for user authentication on password based systems |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2587354A (en) * | 2019-09-24 | 2021-03-31 | Nchain Holdings Ltd | Divisible tokens |
CN112463651A (zh) * | 2020-12-07 | 2021-03-09 | 长沙景嘉微电子股份有限公司 | Qspi控制器,图像处理器及闪存访问方法 |
CN113965321B (zh) * | 2021-10-15 | 2024-05-28 | 杭州安恒信息技术股份有限公司 | 基于密钥流池的实时加解密方法、系统、计算机和存储介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051892A (zh) * | 2007-03-14 | 2007-10-10 | 江中尧 | 一种cpu专用数据的加密装置及方法 |
CN101540191A (zh) * | 2009-04-21 | 2009-09-23 | 苏州国芯科技有限公司 | 实时加密u盘及高速加解密方法 |
CN106688027A (zh) * | 2014-09-15 | 2017-05-17 | Arm 有限公司 | 依赖puf和地址的数据加密 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7472285B2 (en) * | 2003-06-25 | 2008-12-30 | Intel Corporation | Apparatus and method for memory encryption with reduced decryption latency |
US8990582B2 (en) * | 2010-05-27 | 2015-03-24 | Cisco Technology, Inc. | Virtual machine memory compartmentalization in multi-core architectures |
US20120246384A1 (en) * | 2011-03-21 | 2012-09-27 | Winbond Electronics Corp. | Flash memory and flash memory accessing method |
US20140281587A1 (en) * | 2013-03-14 | 2014-09-18 | Ologn Technologies Ag | Systems, methods and apparatuses for using a secure non-volatile storage with a computer processor |
US9256551B2 (en) * | 2013-08-09 | 2016-02-09 | Apple Inc. | Embedded encryption/secure memory management unit for peripheral interface controller |
US9076003B2 (en) * | 2013-08-20 | 2015-07-07 | Janus Technologies, Inc. | Method and apparatus for transparently encrypting and decrypting computer interface data |
US10192062B2 (en) * | 2014-06-20 | 2019-01-29 | Cypress Semiconductor Corporation | Encryption for XIP and MMIO external memories |
US9678894B2 (en) * | 2015-03-27 | 2017-06-13 | Intel Corporation | Cache-less split tracker architecture for replay protection trees |
US10223289B2 (en) * | 2015-07-07 | 2019-03-05 | Qualcomm Incorporated | Secure handling of memory caches and cached software module identities for a method to isolate software modules by means of controlled encryption key management |
EP3262515B1 (en) * | 2015-09-30 | 2019-08-07 | Hewlett-Packard Enterprise Development LP | Cryptographic-based initialization of memory content |
US20170180116A1 (en) * | 2015-12-22 | 2017-06-22 | Kirk S. Yap | End-to-end protection scheme involving encrypted memory and storage |
CN107067251B (zh) * | 2016-01-25 | 2021-08-24 | 苹果公司 | 使用具有地理上受限的非本地凭据的电子设备进行交易 |
-
2018
- 2018-12-12 WO PCT/CN2018/120732 patent/WO2020118583A1/zh unknown
- 2018-12-12 EP EP18943152.1A patent/EP3758276B1/en active Active
- 2018-12-12 CN CN201880002532.5A patent/CN111566987B/zh active Active
-
2020
- 2020-09-23 US US17/029,410 patent/US20210006391A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051892A (zh) * | 2007-03-14 | 2007-10-10 | 江中尧 | 一种cpu专用数据的加密装置及方法 |
CN101540191A (zh) * | 2009-04-21 | 2009-09-23 | 苏州国芯科技有限公司 | 实时加密u盘及高速加解密方法 |
CN106688027A (zh) * | 2014-09-15 | 2017-05-17 | Arm 有限公司 | 依赖puf和地址的数据加密 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3758276A4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230104633A1 (en) * | 2020-03-23 | 2023-04-06 | Btblock Llc | Management system and method for user authentication on password based systems |
Also Published As
Publication number | Publication date |
---|---|
CN111566987A (zh) | 2020-08-21 |
EP3758276B1 (en) | 2022-08-17 |
EP3758276A4 (en) | 2021-10-13 |
EP3758276A1 (en) | 2020-12-30 |
US20210006391A1 (en) | 2021-01-07 |
CN111566987B (zh) | 2023-05-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220027288A1 (en) | Technologies for low-latency cryptography for processor-accelerator communication | |
JP4684550B2 (ja) | 多数の動作モードを支援する暗号化装置 | |
WO2020118583A1 (zh) | 数据处理方法、电路、终端设备及存储介质 | |
JP6067757B2 (ja) | ストレージ装置とホスト間でデータ伝送を保護するためのストレージ・コントローラ・バス・インターフェースの使用 | |
US11809346B2 (en) | System architecture with secure data exchange | |
CN112329038B (zh) | 一种基于usb接口的数据加密控制系统及芯片 | |
KR20150143708A (ko) | 스토리지 디바이스 보조 인라인 암호화 및 암호해독 | |
JP2004226969A (ja) | 暗号システム及び多様なモードを支援する方法 | |
WO2017045484A1 (zh) | 一种基于xts-sm4的存储加解密方法及装置 | |
US12010209B2 (en) | Memory-efficient hardware cryptographic engine | |
JP2008500638A (ja) | 暗号化オペレーションをサポートする複数のレジスタを備えたデータムーバコントローラ | |
US11429751B2 (en) | Method and apparatus for encrypting and decrypting data on an integrated circuit | |
CN109101829B (zh) | 基于可重构密码处理器的安全固态盘数据传输系统 | |
Homsirikamol et al. | A universal hardware API for authenticated ciphers | |
KR101126596B1 (ko) | 단일 및 다중 aes 동작을 지원하기 위한 듀얼 모드 aes 장치 및 방법 | |
US11886624B2 (en) | Crypto device, integrated circuit and computing device having the same, and writing method thereof | |
US20220416997A1 (en) | Handling unaligned transactions for inline encryption | |
RU2585988C1 (ru) | Устройство шифрования данных (варианты), система на кристалле с его использованием (варианты) | |
KR20090059602A (ko) | 세션 메모리 버스를 구비한 암호화 장치 | |
US10019584B2 (en) | Performance of image forming functions based on encrypted data stored in volatile memory | |
US20240160752A1 (en) | Apparatus for Cryptographic Operations on Information and Associated Methods | |
WO2024064234A1 (en) | Latency-controlled integrity and data encryption (ide) | |
COWART | AN IMPLEMENTATION AND EXPERIMENTAL EVALUATION OF HARDWARE ACCELERATED CIPHERS IN ALL-PROGRAMMABLE SoCs ON EMBEDDED AND WORKSTATION COMPUTER PLATFORMS | |
CN109460680A (zh) | 一种基于pci总线的硬件加解密实现方法及硬件加密板卡 | |
JP2011129073A (ja) | ホストコントローラ、情報処理装置および情報処理方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18943152 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2018943152 Country of ref document: EP Effective date: 20200923 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |