WO2020224171A1 - Data security apparatus and method, electronic device, and storage medium - Google Patents

Data security apparatus and method, electronic device, and storage medium Download PDF

Info

Publication number
WO2020224171A1
WO2020224171A1 PCT/CN2019/109064 CN2019109064W WO2020224171A1 WO 2020224171 A1 WO2020224171 A1 WO 2020224171A1 CN 2019109064 W CN2019109064 W CN 2019109064W WO 2020224171 A1 WO2020224171 A1 WO 2020224171A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
encryption
main controller
encryption chip
decryption
Prior art date
Application number
PCT/CN2019/109064
Other languages
French (fr)
Chinese (zh)
Inventor
周正贤
谈超
胡琳
Original Assignee
深圳豪杰创新电子有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳豪杰创新电子有限公司 filed Critical 深圳豪杰创新电子有限公司
Publication of WO2020224171A1 publication Critical patent/WO2020224171A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Definitions

  • the present disclosure relates to the field of information security technology, and in particular, to a data security device, method, electronic device, and storage medium.
  • the purpose of the embodiments of the present disclosure includes, for example, providing a data security device, method, electronic device, and storage medium to improve the traditional hardware encryption algorithm or decryption algorithm that is difficult to update.
  • the embodiment of the present disclosure provides a data security device, including: a main controller, an encryption chip, and a memory, the main controller is connected to the encryption chip and the memory through a bus; the main controller is configured to The encryption chip sends an encryption request, and the encryption request includes the data to be encrypted; the encryption chip is configured to receive the encryption request sent by the main controller, and respond to the encryption request to the encryption request.
  • the data to be encrypted is encrypted to obtain ciphertext data, and the ciphertext data is sent to the main controller through the bus; the main controller is also configured to receive the ciphertext sent by the encryption chip Data, and store the ciphertext data in the memory; the main controller is also configured to send a decryption request to the encryption chip, the decryption request includes the data to be decrypted; the encryption chip is also configured to Receive the decryption request sent by the main controller, decrypt the to-be-decrypted data in the decryption request in response to the decryption request to obtain plaintext data, and send the plaintext data through the bus to the Main controller.
  • the main controller can send the data to be encrypted to the encryption chip for encryption, and then store the ciphertext data in the memory.
  • the data to be decrypted can also be sent to the encryption chip through the main controller, so that the encryption chip is to be decrypted
  • the data is decrypted to obtain plaintext data. Therefore, the main controller and the encryption chip are separately arranged, so that the encryption algorithm and the decryption algorithm in the encryption chip peripheral to the main controller can be updated more easily, and the timely update of the encryption algorithm can also make the data more securely stored.
  • all encryption chips in this application can be encryption and decryption chips that have both encryption and decryption functions. For the convenience of description, they are simply referred to as encryption chips, but this does not mean that the chips only have encryption functions.
  • the main controller is connected to at least one I/O interface through a bus, and the main controller is configured to receive the data to be encrypted sent by the I/O interface and send it to the I/O interface.
  • the interface sends the decrypted plaintext data.
  • the embodiment of the present disclosure connects the main controller with at least one I/O interface, so that the data security device can receive the data to be encrypted and perform encrypted storage, and can also send plaintext data through the I/O interface to ensure data security Transmit.
  • the main controller receives the to-be-encrypted data sent by an external device through the I/O interface.
  • the encryption chip encrypts the data and/or decrypts the data to be decrypted according to the pre-stored AES algorithm and/or the national secret SM algorithm.
  • the embodiments of the present disclosure adopt the AES algorithm and/or the national secret SM algorithm as the encryption algorithm or the decryption algorithm of the encryption chip, so that the encryption chip can encrypt or decrypt data more safely and quickly.
  • the encryption chip is set independently of the main controller, and the algorithm in the encryption chip is updated independently of the main controller.
  • the decryption request further includes an external device identification code corresponding to the data to be decrypted, and the main controller sends the decrypted plaintext data to the corresponding external device according to the external device identification code.
  • the encryption request further includes an encryption algorithm identifier corresponding to the data to be encrypted, and the encryption chip is configured to select a corresponding encryption algorithm according to the encryption algorithm identifier to encrypt the data to be encrypted, Thereby, ciphertext data is obtained.
  • the decryption request further includes a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip is configured to select a corresponding decryption algorithm according to the decryption algorithm identifier to decrypt the data to be decrypted, thereby obtaining plaintext data .
  • the request sent by the main controller includes the algorithm identifier, so that the encryption chip can select the corresponding algorithm according to the algorithm identifier to encrypt the data to be encrypted and decrypt the data to be decrypted, so that the data can be encrypted in a targeted manner Or decrypt it to ensure the safe storage of data.
  • the data to be encrypted is plaintext data or ciphertext data that has undergone encryption processing.
  • the encrypted ciphertext data is the ciphertext data that the main controller takes out from the memory.
  • the data to be decrypted is ciphertext data received by the main controller from an external device, or ciphertext data taken by the main controller from the memory.
  • the main controller is connected to the encryption chip through an SPI bus.
  • the main controller and the encryption chip perform data transmission through the SPI bus, so that data can be encrypted and decrypted more quickly, and the work efficiency of the data security device is improved.
  • the main controller includes a clock oscillation module, which is connected to the encryption chip through the SPI bus, and the clock oscillation module is configured to increase the transmission rate of the SPI bus by a preset multiple.
  • the transmission rate of the SPI bus can be increased through the clock oscillation module, so that data can be encrypted and decrypted more quickly, and the working efficiency of the data security device is improved.
  • the embodiment of the present disclosure also provides a data security method, including: an encryption chip receives an encryption request sent by a main controller through a bus, the encryption request includes data to be encrypted; and the encryption chip responds to the encryption request The data to be encrypted is encrypted to obtain ciphertext data; the encryption chip sends the ciphertext data to the main controller so that the main controller stores the ciphertext data in a memory; the encryption chip receives The decryption request sent by the main controller, the decryption request includes the data to be decrypted; the encryption chip decrypts the data to be decrypted in response to the decryption request to obtain plaintext data; the encryption chip sends the data to the host The controller sends the plaintext data.
  • the embodiment of the present disclosure encrypts the received data to be encrypted, and then sends the ciphertext data to the main controller for storage in the memory. It is also possible to decrypt the received data to be decrypted to obtain plaintext data, and then transfer the plaintext data Send to the main controller.
  • the encryption chip external to the main controller is encrypted and decrypted, and the ciphertext data can be stored more securely.
  • the encryption algorithm and decryption algorithm in the encryption chip are also easier to update, and the encryption chip is updated in time It can also make it possible to decrypt different ciphertext data.
  • the encryption request further includes an encryption algorithm identifier corresponding to the data to be encrypted, and the encryption chip is configured to select a corresponding encryption algorithm according to the encryption algorithm identifier to encrypt the data to be encrypted, Thereby, ciphertext data is obtained.
  • the decryption request further includes a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip is configured to select a corresponding decryption algorithm according to the decryption algorithm identifier to decrypt the data to be decrypted, thereby obtaining plaintext data .
  • the embodiment of the present disclosure includes an algorithm identifier in the request sent by the main controller to the encryption chip, so that the encryption chip can select the corresponding algorithm according to the algorithm identifier to encrypt the data to be encrypted and decrypt the data to be decrypted, so that the data can be targeted Perform encryption or decryption processing to ensure the safe storage of data.
  • the encryption chip encrypts the data and/or decrypts the data to be decrypted according to the pre-stored AES algorithm and/or the national secret SM algorithm.
  • the embodiments of the present disclosure adopt the AES algorithm and/or the national secret SM algorithm as the encryption algorithm or the decryption algorithm of the encryption chip, so that the encryption chip can encrypt or decrypt data more safely and quickly.
  • the encryption chip is set independently of the main controller, and the algorithm in the encryption chip is updated independently of the main controller.
  • the embodiment of the present disclosure also provides an electronic device including the above-mentioned data security device.
  • the embodiments of the present disclosure also provide a non-transitory computer-readable storage medium that stores computer instructions that cause the computer to execute the above-mentioned method.
  • FIG. 1 is a schematic structural diagram of a data security device provided by an embodiment of the disclosure
  • FIG. 2 is a schematic diagram of the pin structure of a main controller connected to an encryption chip according to an embodiment of the disclosure
  • FIG. 3 is a schematic flowchart of a data privacy method provided by an embodiment of the disclosure.
  • FIG. 4 is a structural block diagram of an electronic device that can be applied to the embodiments of the present disclosure provided by the embodiments of the present disclosure.
  • Icon 10-data security device; 110-main controller; 120-encryption chip; 130-memory; 140-I/O interface; 20-external equipment.
  • FIG. 1 is a schematic structural diagram of a data security device provided by an embodiment of the disclosure.
  • the data security device 10 provided by the embodiment of the present disclosure may include: a main controller 110, an encryption chip 120, and a memory 130.
  • the main controller 110 may communicate with the encryption chip 120 and the encryption chip 120 via a bus such as an SPI bus.
  • the storage 130 is connected.
  • the main controller 110 may be configured to send an encryption request to the encryption chip 120, and the encryption request may include the data to be encrypted.
  • the encryption chip 120 may be configured to receive the encryption request sent by the main controller 110, in response to the received encryption request, encrypt the data to be encrypted in the encryption request to obtain ciphertext data, and The ciphertext data is sent back to the main controller 110 through the bus.
  • the main controller 110 may also be configured to receive the ciphertext data sent by the encryption chip 120 and store the ciphertext data in the memory 130.
  • the encryption request sent by the main controller 110 to the encryption chip 120 may further include an external device identification code corresponding to the data to be encrypted.
  • the encryption chip 120 in response to receiving the encryption request from the main controller 110, the encryption chip 120 may encrypt the data to be encrypted in the encryption request to obtain the corresponding ciphertext data, and the encryption chip 120 may encrypt the encrypted data.
  • the text data, the aforementioned external device identification code, and the encryption algorithm identification corresponding to the cipher text data are sent to the main controller 110 together.
  • the main controller 110 may store the ciphertext data received from the encryption chip 120, the external device identification code, and the encryption algorithm identification corresponding to the ciphertext data together.
  • the data security device 10 can securely store the encrypted data, so that the source of the data can be easily and safely checked through the external device identification code.
  • the data to be encrypted may be plaintext data, or may also be ciphertext data that needs to be encrypted again.
  • the encryption chip 120 may encrypt the plaintext data included in the encryption request as the data to be encrypted to obtain ciphertext data, or may also perform the encryption on the ciphertext data included in the encryption request as the data to be encrypted. Encryption is performed to obtain twice-encrypted ciphertext data or multiple-encrypted ciphertext data.
  • the data security device 10 can also conveniently decrypt the ciphertext data to provide the decrypted data to the external device 20.
  • all the encryption chips 120 in this application may be encryption and decryption chips that have both encryption and decryption functions. For ease of description, they are simply referred to as encryption chips, but this does not mean that the chips only have encryption functions.
  • the main controller 110 may also be configured to send a decryption request to the encryption chip 120, and the decryption request may include the data to be decrypted.
  • the encryption chip 120 may also be configured to receive the decryption request sent by the main controller 110, decrypt data to be decrypted in the decryption request in response to the received decryption request to obtain plaintext data, and The plaintext data is sent to the main controller 110 through the bus.
  • the decryption request sent by the main controller 110 to the encryption chip 120 may further include an external device identification code corresponding to the data to be decrypted.
  • the encryption chip 120 in response to receiving the decryption request from the main controller 110, the encryption chip 120 can decrypt the data to be decrypted in the decryption request to obtain corresponding plaintext data, and the encryption chip 120 can decrypt the plaintext data obtained by decryption. It is sent to the main controller 110 together with the external device identification code corresponding to the plaintext data.
  • the main controller 110 can send the decrypted plaintext data to the corresponding external device 20 according to the external device identification code, that is, the data security device 10 can decrypt the data to be decrypted before sending it out.
  • the data to be decrypted may be ciphertext data retrieved from the memory 130 by the main controller 110, or ciphertext data received by the main controller 110 from the external device 20.
  • the source of the specific data to be decrypted can be selected according to the decryption requirements of the actual data.
  • the main controller 110 may send an encryption request including the data to be encrypted to the encryption chip 120, so that the encryption chip 120 encrypts the data to be encrypted in the encryption request to obtain the encryption.
  • the ciphertext data is stored in the memory 130; in addition, the main controller 110 may also send a decryption request including the data to be decrypted to the encryption chip 120, so that the encryption chip 120 decrypts the data to be decrypted in the decryption request , Get the plaintext data.
  • the main controller 110 can be set separately from the encryption chip 120, that is, independently, so that the encryption algorithm and decryption algorithm in the encryption chip 120 peripheral to the main controller can be updated more easily, and the encryption chip 120 can be updated in time.
  • the ciphertext data can also be stored more securely, and the timely update of the encryption chip can also enable the decryption of different ciphertext data.
  • the main controller 110 may be a controller capable of managing storage, which may be a single chip or a combination of multiple chips.
  • the memory 130 may be a mechanical hard disk, a solid state hard disk, a flash memory, or various memories using flash memory as storage, as well as other emerging types of memory 130. The specific types of the main controller 110 and the memory 130 can be adjusted according to actual requirements for at least one of data encryption and decryption.
  • the main controller 110 may be connected to at least one I/O interface 140 through a bus, and the main controller may be configured to receive an encryption request including the data to be encrypted sent by the I/O interface 140, And the decrypted plaintext data can be sent to the I/O interface 140.
  • the main controller 110 may receive the encryption request including the data to be encrypted sent by the external device 20 through the I/O interface 140, so as to send the encryption request to the encryption chip 120 to perform the encryption on the data to be encrypted. Encryption to obtain ciphertext data, and store the ciphertext data in the memory 130.
  • the main controller 110 may receive a data decryption request from the external device 20 through the I/O interface 140, and the data decryption request may include a key, a data identification, and an external device identification code corresponding to the data identification. Including the data to be decrypted.
  • the main controller 110 may first identify whether the key in the received data decryption request is consistent with the preset key. If the key in the data decryption request is consistent with the preset key, the main controller 110 may The data identifier in the data decryption request obtains the corresponding data to be decrypted from the memory 130, and includes the obtained data to be decrypted in the decryption request to be sent to the encryption chip 120 for decryption. Then, the main controller 110 may receive the plaintext data returned by the encryption chip 120 through decryption and the external device identification code corresponding to the plaintext data, and send the plaintext data to the corresponding external device according to the external device identification code 20.
  • the data security device 10 can not only receive the data to be encrypted for encrypted storage, but can also send the decrypted plaintext data to the external device 20 to ensure that the data security device 10 secure transmission of ciphertext data stored in the memory 130.
  • the main controller 110 may be connected to one external device 20 through a bus, or may be connected to multiple external devices 20 through multiple buses.
  • the specific number of connections between the external device 20 and the main controller 110 can be adjusted according to actual data encryption requirements.
  • the I/O interface 140 is various portable product interfaces such as Universal Serial Bus (USB), SD memory card interface, EMMC interface, CF interface, etc., and sends the encryption request or decryption request to the main controller 110.
  • USB Universal Serial Bus
  • EMMC interface EMMC interface
  • CF interface CF interface
  • the type of the specific I/O interface 140 can be adjusted according to actual data transmission requirements.
  • the external device 20 may be a terminal such as a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), and a wearable device.
  • a terminal such as a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), and a wearable device.
  • PC personal computer
  • PDA personal digital assistant
  • the encryption chip 120 may perform encryption processing and/or decryption processing on the data according to the pre-stored AES algorithm and/or the national secret SM algorithm.
  • the encryption chip 120 may perform encryption processing and/or decryption processing on data according to the pre-stored national standard algorithm AES128/256bit and/or national secret SM1/2/3/4 algorithm. Therefore, the encryption chip 120 can encrypt the data to be encrypted and decrypt the data to be decrypted more safely and quickly, so as to ensure the security of the data.
  • multiple encryption algorithms can be stored in the encryption chip 120 in advance.
  • the encryption algorithm can be updated by software burning, or the encryption algorithm can be updated by replacing the encryption chip 120.
  • the selection of the encryption chip 120 can be adjusted according to actual data encryption requirements.
  • multiple decryption algorithms may be stored in the encryption chip 120 in advance.
  • the decryption algorithm can also be updated by software burning, or the decryption algorithm can be updated by replacing the encryption chip 120.
  • the selection of the encryption chip 120 can be adjusted according to actual data decryption requirements.
  • the encryption request may further include an encryption algorithm identifier corresponding to the data to be encrypted.
  • the encryption chip 120 may be configured to select a corresponding encryption algorithm according to the encryption algorithm identifier to encrypt the data to be encrypted, thereby obtaining ciphertext data.
  • the decryption request may also include a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip 120 may be configured to select a corresponding decryption algorithm according to the decryption algorithm identifier to perform the decryption on the data to be decrypted. Perform decryption to obtain plaintext data.
  • the encryption algorithm identification may identify the AES algorithm and/or the national secret SM algorithm
  • the encryption chip 120 can select the pre-stored national standard algorithm AES128/256bit and/or the national secret SM1/2/3/4 algorithm to encrypt the encrypted data according to the encryption algorithm identifier in the encryption request.
  • the main controller 110 may send an encryption request to the encryption chip 120, where the encryption request may include the data A to be encrypted and the corresponding encryption algorithm identifier a, the encryption algorithm identifier a corresponds to the encryption algorithm 1, and the encryption request may also include the data to be encrypted. Encrypted data B and corresponding encryption algorithm identifier b, and encryption algorithm identifier b corresponds to encryption algorithm 2.
  • the encryption chip 120 can select the corresponding encryption algorithm 1 to encrypt the data A to be encrypted according to the encryption algorithm identifier a, and select the corresponding encryption algorithm 2 to encrypt the data B to be encrypted according to the encryption algorithm identifier b.
  • the decryption algorithm identifier may identify the AES algorithm and/or the national secret SM algorithm, so that the encryption chip 120 is receiving After the decryption request, the pre-stored national standard algorithm AES128/256bit or national secret SM1/2/3/4 algorithm can be selected according to the decryption algorithm identifier to decrypt the data to be decrypted.
  • the corresponding decryption algorithm identifier may be obtained according to the encryption algorithm identifier corresponding to the ciphertext data.
  • the main controller 110 may send a decryption request to the encryption chip 120, where the decryption request may include the data C to be decrypted and the corresponding decryption algorithm identifier c, the decryption algorithm identifier c corresponds to the decryption algorithm 3, and the decryption request may also include the data to be decrypted.
  • the decrypted data D and the corresponding decryption algorithm identifier d, the decryption algorithm identifier d corresponds to the decryption algorithm 4.
  • the encryption chip 120 can select the corresponding decryption algorithm 3 to decrypt the data C to be decrypted according to the decryption algorithm identifier c, and select the corresponding decryption algorithm 4 to decrypt the data D to be decrypted according to the decryption algorithm identifier d.
  • FIG. 2 is a schematic diagram of a pin structure for connecting a main controller and an encryption chip according to an embodiment of the present disclosure. As shown in FIG. 2, the main controller 110 may be connected to the encryption chip 120 via an SPI bus.
  • the data between the main controller 110 and the encryption chip 120 can be transmitted through the SPI bus, which can speed up the encryption and decryption of the data by the encryption chip 120, and improve the data security device 10. Work efficiency.
  • the SPI bus can be a synchronous serial peripheral interface, which can enable the main controller to communicate with various external devices in a serial manner to exchange information.
  • the SPI bus can be directly connected to a variety of standard external devices produced by various manufacturers, including network controllers, LCD display drivers, A/D converters, and micro control units.
  • both the main controller 110 and the encryption chip 120 may be provided with an SPI interface, the SPI interface of the main controller 110 may be used as a host side, and the SPI interface of the encryption chip 120 may be used as a slave side.
  • the main controller 110 and the encryption chip 120 may transmit the encryption request and/or the decryption request through four signal lines (SS1, SCK1, MOSI1, MISO1).
  • the main controller 110 can also control the encryption chip 120 through three signal lines (GINT0, GINT1, POR).
  • the SS1 pin of the encryption chip 120 can be connected to the SS1 pin of the main controller 110, the SCK1 pin of the encryption chip 120 can be connected to the SCK1 pin of the main controller 110, and the MOSI1 pin of the encryption chip 120 can be It is connected to the MOSI1 pin of the main controller 110, and the MISO1 pin of the encryption chip 120 can be connected to the MISO1 pin of the main controller 110.
  • the GINT1 pin of the encryption chip 120 can be connected to the GPIO1 pin of the main controller 110, the GINT0 pin of the encryption chip 120 can be connected to the GPIO2 pin of the main controller 110, and the POR pin of the encryption chip 120 can be connected to the main controller. 110 GPIO3 pin connection.
  • the main controller 110 may generally first send a low-level signal to the GINT0 pin of the encryption chip 120, so that the encryption chip 120 can wake up from a low power consumption state. Then, the main controller 110 can read the output signal sent by the GINT1 pin of the encryption chip 120. When the output signal is high, it indicates that the encryption chip 120 is in a busy state, and the encryption chip 120 cannot currently accept encryption requests or decryption requests.
  • the main controller 110 can send an encryption request or a decryption request to the encryption chip 120 through the SS1 signal line, SCK1 signal line, MOSI1 signal line, and MISO1 signal line, so that The encryption chip 120 works.
  • the encryption chip 120 After the encryption chip 120 completes encryption or decryption, it can send ciphertext data or plaintext data to the main controller 110 through the SS1 signal line, the SCK1 signal line, the MOSI1 signal line and the MISO1 signal line.
  • a low level can be sent to the POR pin of the encryption chip 120 so that the encryption chip 120 can be reset and wait for the next instruction of the main controller 110.
  • the main controller 110 and the encryption chip 120 can use the full-duplex mode SPI bus to transmit data, so that the main controller 110 can send an encryption request or decryption request to the encryption chip 120, and at the same time, the encryption chip 120 can send data to the main controller.
  • the device 110 sends ciphertext data or plaintext data, so that the working efficiency of the data security device 10 can be higher.
  • the main controller 110 includes a clock oscillation module that is connected to the encryption chip 120 through the SPI bus.
  • the clock oscillation module may be configured to increase the transmission rate of the SPI bus. Set multiples.
  • a clock oscillation module can be provided in the main controller 110 to perform frequency multiplication processing, so that the maximum transmission rate of the SPI bus can be increased, and the main controller 110 and the encryption chip 120 can be performed faster.
  • the data transfer between the two makes the data security device 10 work more efficiently.
  • the maximum transmission rate of the SPI bus is 52 Mbps
  • the maximum transmission rate of the SPI bus can be increased to 104 Mbps after the clock oscillation module of the main controller 110 doubles the frequency, so that the main controller and the encryption chip 120 Can carry on high-speed data transmission.
  • FIG. 3 is a schematic flowchart of a data privacy method provided by an embodiment of the disclosure. As shown in Figure 3, the data privacy method provided by the embodiment of the present disclosure may include:
  • Step 310 The encryption chip receives the encryption request sent by the main controller through the bus, and the encryption request may include the data to be encrypted.
  • Step 320 The encryption chip encrypts the data to be encrypted in the encryption request to obtain ciphertext data.
  • Step 330 The encryption chip sends the ciphertext data to the main controller, so that the main controller stores the ciphertext data in a memory.
  • the encryption chip may receive an encryption request sent by the main controller, and the encryption request may include the data to be encrypted.
  • the encryption chip can encrypt the to-be-encrypted data according to the encryption request to obtain the ciphertext data, and send the ciphertext data to the main controller, so that the main controller 110 stores the ciphertext data in the memory, thereby realizing the confidential storage of the data.
  • the encryption request may be received by the main controller from the external device.
  • the to-be-encrypted data in the encryption request may also be taken out by the main controller from pre-stored ciphertext data. That is, the encryption chip can encrypt plaintext data, can also re-encrypt ciphertext data, and can also encrypt plaintext data multiple times.
  • the specific encryption process of the encryption chip can be adjusted according to data encryption requirements.
  • Step 340 The encryption chip receives a decryption request sent by the main controller, and the decryption request may include data to be decrypted.
  • Step 350 The encryption chip decrypts the data to be decrypted in the decryption request to obtain plaintext data.
  • Step 360 The encryption chip sends the plaintext data to the main controller.
  • the encryption chip may also accept a decryption request sent by the main controller, where the decryption request includes the data to be decrypted.
  • the encryption chip can decrypt the data to be decrypted according to the decryption request to obtain plaintext data, and send the plaintext data to the main controller, so that the main controller can send the plaintext data to the corresponding external device.
  • the main controller may receive a data decryption request sent by an external device, extract the data to be decrypted from the pre-stored ciphertext data according to the data decryption request, and then include the extracted data to be decrypted in the decryption request sent to the encryption chip in.
  • the encryption chip may obtain the ciphertext data after receiving the encryption request to encrypt the data, and then receive the decryption request to decrypt the ciphertext data; the encryption chip may also first receive the decryption request and perform the encryption on the pre-stored ciphertext data. Decrypt, and then receive an encryption request to encrypt the data to be encrypted.
  • the encryption request may also include an encryption algorithm identifier corresponding to the data to be encrypted
  • the decryption request may also include a decryption algorithm identifier corresponding to the data to be decrypted
  • the encryption chip may be configured to A corresponding encryption algorithm is selected according to the encryption algorithm identifier to encrypt the data to be encrypted
  • the encryption chip may be configured to select a corresponding decryption algorithm according to the decryption algorithm identifier to decrypt the data to be decrypted.
  • the encryption chip can select the corresponding encryption algorithm from the pre-stored encryption algorithms to encrypt the data to be encrypted according to the encryption algorithm identifier in the encryption request, and the encryption chip can also encrypt the data to be encrypted according to the decryption request.
  • the decryption algorithm identification select the corresponding decryption algorithm from the pre-stored decryption algorithms to decrypt the data to be decrypted.
  • the encryption algorithm identifier may be selected by the main controller according to the type of data to be encrypted sent by the external device, and may also be selected by the main controller according to the time period during which the data to be encrypted is transmitted.
  • the encryption algorithm identifier may be configured to identify one or more encryption algorithms stored in advance.
  • the selection of a specific encryption algorithm identifier can be adjusted according to actual encryption requirements.
  • the decryption algorithm identification can be selected by the main controller according to the type of the data request sent by the external device, and can also be selected by the main controller according to the encryption algorithm corresponding to the data to be decrypted.
  • the decryption algorithm identification may be configured to identify one or more pre-stored decryption algorithms.
  • the selection of a specific decryption algorithm identifier can be adjusted according to actual decryption requirements.
  • step 310 to step 360 please refer to the detailed description above, which will not be repeated here.
  • FIG. 4 shows a structural block diagram of an electronic device 40 to which the embodiments of the present disclosure can be applied.
  • the electronic device 40 may include a storage device 401, a storage controller 402, a processor 403, a peripheral interface 404, an input output unit 405, and a display unit 407.
  • the storage device 401, the storage controller 402, the processor 403, the peripheral interface 404, the input output unit 405, and the display unit 407 are directly or indirectly electrically connected to each other to realize data transmission. Or interactive.
  • these components can be electrically connected to each other through one or more communication buses or signal lines.
  • at least one piece of software or firmware (firmware) may be stored in the storage device 401 or may be solidified in a software function module in an operating system (OS).
  • the processor 403 may be configured to execute executable modules, software function modules or computer programs stored in the storage device 401.
  • the storage device 401 may be, but is not limited to: Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read-Only Memory (PROM) , Erasable Programmable Read-Only Memory (EPROM), Electrical Erasable Programmable Read-Only Memory (EEPROM), etc.
  • RAM Random Access Memory
  • ROM Read Only Memory
  • PROM Programmable Read-Only Memory
  • EPROM Erasable Programmable Read-Only Memory
  • EEPROM Electrical Erasable Programmable Read-Only Memory
  • the storage device 401 may correspond to the storage 130 described above.
  • the storage device 401 may be configured to store a program, and the processor 403 may execute the program after receiving an execution instruction.
  • the encryption and/or decryption method described in the foregoing embodiments of the present disclosure may be applied to In the processor 403, or implemented by the processor 403.
  • the processor 403 may be an integrated circuit chip with the ability to process signals.
  • the aforementioned processor 403 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), Application specific integrated circuit (ASIC), off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
  • the processor 403 may implement or execute various methods, steps, and logical block diagrams disclosed in the embodiments of the present disclosure.
  • the general-purpose processor may be a microprocessor or the processor 403 may also be any conventional processor or the like.
  • the peripheral interface 404 can couple various input/output devices to the processor 403 and the storage device 401.
  • the peripheral interface 404, the processor 403, and the storage controller 402 may be implemented in a single chip. In some other examples, optionally, they can be implemented by independent chips.
  • the input and output unit 405 may be configured to provide user input data to realize the interaction between the user and the server (or local terminal).
  • the input and output unit 405 may be, but is not limited to, a mouse, a keyboard, and the like.
  • the display unit 407 may provide an interactive interface (for example, a user operation interface) between the electronic device 40 and the user, or may be configured to display image data for the user's reference.
  • the display unit 407 may be a liquid crystal display or a touch display. If it is a touch display, optionally, it can be a capacitive touch screen or a resistive touch screen that supports single-point and multi-touch operations. Supports single-point and multi-touch operations. It can mean that the touch display can sense simultaneous touch operations from one or more positions on the touch display, and can handle the sensed touch operations
  • the calculator 403 performs calculations and processing.
  • FIG. 4 is only for illustration, and the electronic device 40 may also include more or less components than those shown in FIG. 4, or may have a different configuration from that shown in FIG.
  • the components shown in FIG. 4 may be implemented by hardware, software, or a combination thereof, and the electronic device provided in FIG. 4 may be configured to execute the aforementioned data security method.
  • the embodiments of the present disclosure provide a data security device 10, a method, an electronic device, and a storage medium.
  • the data security device may include a main controller 110, an encryption chip 120, and a memory 130.
  • the main controller 110 It may be connected to the encryption chip 120 and the memory 130 through a bus; the main controller 110 may be configured to send an encryption request to the encryption chip 120, and the encryption request may include the data to be encrypted;
  • the encryption chip 120 may be configured to receive the encryption request sent by the main controller 110, encrypt data to be encrypted in the encryption request in response to the encryption request to obtain ciphertext data, and combine the ciphertext data It is sent to the main controller 110 via the bus;
  • the main controller 110 may also be configured to receive the ciphertext data sent by the encryption chip 120, and store the ciphertext data in the memory 130; the main controller 110 may also be configured to send a decryption request to the encryption chip 120, the decryption request may include the data to be decrypted;
  • the main controller 110 may send an encryption request including the data to be encrypted to the encryption chip 120, so that the encryption chip 120 encrypts the data to be encrypted in the encryption request to obtain ciphertext data , And then store the ciphertext data in the memory 130; in addition, the main controller 110 may also send a decryption request including the data to be decrypted to the encryption chip 120, so that the encryption chip 120 decrypts the data to be decrypted in the decryption request to obtain Plain text data.
  • the encryption algorithm and decryption algorithm in the encryption chip 120 external to the main controller 110 can be updated more easily, and the ciphertext data can be stored more securely, and the encryption chip can be updated in time. Make it possible to decrypt different ciphertext data.
  • each block in the flowchart or block diagram can represent a module, program segment, or part of the code, and the module, program segment, or part of the code contains one or more that can be configured to implement prescribed Executable instructions for logic functions.
  • the functions marked in the block may also occur in a different order from the order marked in the drawings.
  • each block in the block diagram and/or flowchart, and the combination of the blocks in the block diagram and/or flowchart can be implemented by a dedicated hardware-based system that performs the specified functions or actions Or it can be realized by a combination of dedicated hardware and computer instructions.
  • the functional modules in the various embodiments of the present disclosure may be integrated together to form an independent part, or each module may exist alone, or two or more modules may be integrated together to form an independent part. .
  • the function is implemented in the form of a software function module and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present disclosure.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM) 130, random access memory (Random Access Memory, RAM) 130, magnetic disks or optical disks, etc., which can store program code medium.
  • the data security device can send an encryption request including the data to be encrypted to the encryption chip through the main controller, so that the encryption chip encrypts the data to be encrypted in the encryption request to obtain the cipher text data, and then encrypts the data.
  • the text data is stored in the memory; the decryption request including the data to be decrypted can also be sent to the encryption chip through the main controller, so that the encryption chip decrypts the data to be decrypted in the decryption request to obtain plaintext data.
  • the data security device provided by the embodiment of the present disclosure can be set separately through the main controller and the encryption chip, that is, set independently, so that the encryption algorithm and decryption algorithm in the encryption chip peripheral to the main controller can be performed more easily
  • the update enables the ciphertext data to be stored more securely, and the timely update of the encryption chip can also enable the decryption of different ciphertext data.

Abstract

A data security apparatus (10) and method, an electronic device, and a storage medium, the data security apparatus (10) comprising: a master controller (110), an encryption chip (120), and a memory (130), the master controller (110) being connected to the encryption chip (120) and the memory (130) by means of a bus; the master controller (110) is configured to send an encryption request to the encryption chip (120), the encryption request comprising data to be encrypted; the encryption chip (120) is configured to receive the encryption request sent by the master controller (110) and, in response to the encryption request, encrypt the data to be encrypted in the encryption request to obtain ciphertext data, and to send the ciphertext to the master controller (110) by means of the bus; the master controller (110) is also configured to receive the ciphertext data sent by the encryption chip (120) and store the ciphertext in the memory (130); the master controller (110) is also configured to send a decryption request to the encryption chip (120), the decryption request comprising data to be decrypted; the encryption chip (120) is also configured to receive the decryption request sent by the master controller (110) and, in response to the decryption request, decrypt the data to be decrypted in the decryption request to obtain plaintext data, and to send the plaintext to the master controller (110) by means of the bus. Thus, the algorithms in the encryption chip (120) can be easily updated, and the data can be securely stored.

Description

一种数据保密装置、方法、电子设备及存储介质Data security device, method, electronic equipment and storage medium
相关申请的交叉引用Cross references to related applications
本公开要求于2019年05月08日提交中国专利局的申请号为2019103792753、名称为“一种数据保密装置、方法、电子设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本公开中。This disclosure claims the priority of a Chinese patent application filed with the Chinese Patent Office on May 8, 2019, with the application number 2019103792753, titled "A data security device, method, electronic equipment and storage medium", the entire content of which is by reference Incorporated in this disclosure.
技术领域Technical field
本公开涉及信息安全技术领域,具体而言,涉及一种数据保密装置、方法、电子设备及存储介质。The present disclosure relates to the field of information security technology, and in particular, to a data security device, method, electronic device, and storage medium.
背景技术Background technique
现代社会的数据安全一直是用户所担忧的问题,尤其是重要资料和个人私密图片、视频的安全保密存储,对当今用户而言需求是越来越迫切。传统的硬件加密是在主控器(主控制器)中加入加密或者解密算法,再封装成一块主控芯片,成本很高,并且由于硬件加密需要封装成为一块主控芯片,内部的加密或者解密算法不容易进行更新。Data security in modern society has always been a concern for users. In particular, the safe and confidential storage of important information and personal private pictures and videos is becoming more and more urgent for today's users. Traditional hardware encryption is to add encryption or decryption algorithms to the main controller (main controller), and then package it into a main control chip, which is very costly, and because the hardware encryption needs to be packaged into a main control chip, the internal encryption or decryption The algorithm is not easy to update.
发明内容Summary of the invention
有鉴于此,本公开实施例的目的例如包括提供一种数据保密装置、方法、电子设备及存储介质,以改善传统的硬件加密的加密算法或者解密算法不易更新的问题。In view of this, the purpose of the embodiments of the present disclosure includes, for example, providing a data security device, method, electronic device, and storage medium to improve the traditional hardware encryption algorithm or decryption algorithm that is difficult to update.
本公开的实施例例如可以通过如下方式来实现:The embodiments of the present disclosure may be implemented in the following manner, for example:
本公开实施例提供了一种数据保密装置,包括:主控器、加密芯片和存储器,所述主控器通过总线与所述加密芯片以及所述存储器连接;所述主控器被配置成向所述加密芯片发送加密请求,所述加密请求包括待加密数据;所述加密芯片被配置成接收所述主控器发送的所述加密请求,响应于所述加密请求对所述加密请求中的待加密数据进行加密以得到密文数据,并将所述密文数据通过所述总线发送至所述主控器;所述主控器还被配置成接收所述加密芯片发送的所述密文数据,并将所述密文数据存储至所述存储器;所述主控器还被配置成向所述加密芯片发送解密请求,所述解密请求包括待解密数据;所述加密芯片还被配置成接收所述主控器发送的所述解密请求,响应于所述解密请求对所述解密请求中的待解密数据进行解密以得到明文数据,并将所述明文数据通过所述总线发送至所述主控器。The embodiment of the present disclosure provides a data security device, including: a main controller, an encryption chip, and a memory, the main controller is connected to the encryption chip and the memory through a bus; the main controller is configured to The encryption chip sends an encryption request, and the encryption request includes the data to be encrypted; the encryption chip is configured to receive the encryption request sent by the main controller, and respond to the encryption request to the encryption request. The data to be encrypted is encrypted to obtain ciphertext data, and the ciphertext data is sent to the main controller through the bus; the main controller is also configured to receive the ciphertext sent by the encryption chip Data, and store the ciphertext data in the memory; the main controller is also configured to send a decryption request to the encryption chip, the decryption request includes the data to be decrypted; the encryption chip is also configured to Receive the decryption request sent by the main controller, decrypt the to-be-decrypted data in the decryption request in response to the decryption request to obtain plaintext data, and send the plaintext data through the bus to the Main controller.
本公开实施例通过主控器可以将待加密数据发送至加密芯片进行加密,再将密文数据储存在存储器中,还可以通过主控器将待解密数据发送至加密芯片,使得加密芯片对待解密数据进行解密,得到明文数据。由此,主控器与加密芯片分开设置,使得外设于主控器的加密芯片中的加密算法和解密算法更容易进行更新,加密算法的及时更新也可以使得数据更加安全地进行存储。需要说明的是,本申请中所有的加密芯片可以为既具有加密功能又具有解密功能的加密解密芯片,为了便于描述将其简称为加密芯片,但这并不代表该芯片仅具有加密功能。In the embodiments of the present disclosure, the main controller can send the data to be encrypted to the encryption chip for encryption, and then store the ciphertext data in the memory. The data to be decrypted can also be sent to the encryption chip through the main controller, so that the encryption chip is to be decrypted The data is decrypted to obtain plaintext data. Therefore, the main controller and the encryption chip are separately arranged, so that the encryption algorithm and the decryption algorithm in the encryption chip peripheral to the main controller can be updated more easily, and the timely update of the encryption algorithm can also make the data more securely stored. It should be noted that all encryption chips in this application can be encryption and decryption chips that have both encryption and decryption functions. For the convenience of description, they are simply referred to as encryption chips, but this does not mean that the chips only have encryption functions.
可选地,所述主控器通过总线与至少一个I/O接口连接,所述主控器被配置成接收所述I/O接口发送的所述待加密数据,并向所述I/O接口发送解密后的所述明文数据。Optionally, the main controller is connected to at least one I/O interface through a bus, and the main controller is configured to receive the data to be encrypted sent by the I/O interface and send it to the I/O interface. The interface sends the decrypted plaintext data.
本公开实施例通过将主控器与至少一个I/O接口进行连接,使得数据保密装置可以接收待加密数据,并进行加密存储,也可以通过I/O接口来发送明文数据,保证数据的安全传送。The embodiment of the present disclosure connects the main controller with at least one I/O interface, so that the data security device can receive the data to be encrypted and perform encrypted storage, and can also send plaintext data through the I/O interface to ensure data security Transmit.
可选地,所述主控器通过所述I/O接口接收外部设备发送的所述待加密数据。Optionally, the main controller receives the to-be-encrypted data sent by an external device through the I/O interface.
可选地,所述加密芯片根据预先存储的AES算法和/或国密SM算法对数据进行加密处理和/或对所述待解密数据进行解密处理。本公开实施例通过采用AES算法和/或国密SM算法作为加密芯片的加密算法或者解密算法,使得加密芯片可以更加安全、快速地对数据进行加密或者进行解密。Optionally, the encryption chip encrypts the data and/or decrypts the data to be decrypted according to the pre-stored AES algorithm and/or the national secret SM algorithm. The embodiments of the present disclosure adopt the AES algorithm and/or the national secret SM algorithm as the encryption algorithm or the decryption algorithm of the encryption chip, so that the encryption chip can encrypt or decrypt data more safely and quickly.
可选地,所述加密芯片独立于所述主控器设置,所述加密芯片中的算法独立于所述主控器被更新。Optionally, the encryption chip is set independently of the main controller, and the algorithm in the encryption chip is updated independently of the main controller.
可选地,所述解密请求还包括与所述待解密数据对应的外部设备标识码,所述主控器根据所述外部设备标识码将解密得到的明文数据发送至对应的外部设备。Optionally, the decryption request further includes an external device identification code corresponding to the data to be decrypted, and the main controller sends the decrypted plaintext data to the corresponding external device according to the external device identification code.
可选地,所述加密请求还包括与所述待加密数据对应的加密算法标识,所述加密芯片被配置成根据所述加密算法标识选择对应的加密算法以对所述待加密数据进行加密,从而得到密文数据。所述解密请求还包括与所述待解密数据对应的解密算法标识,所述加密芯片被配置成根据所述解密算法标识选择对应的解密算法以对所述待解密数据进行解密,从而得到明文数据。Optionally, the encryption request further includes an encryption algorithm identifier corresponding to the data to be encrypted, and the encryption chip is configured to select a corresponding encryption algorithm according to the encryption algorithm identifier to encrypt the data to be encrypted, Thereby, ciphertext data is obtained. The decryption request further includes a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip is configured to select a corresponding decryption algorithm according to the decryption algorithm identifier to decrypt the data to be decrypted, thereby obtaining plaintext data .
本公开实施例通过由主控器发送的请求中带有算法标识,使得加密芯片可以根据算法标识选择对应的算法对待加密数据进行加密,对待解密数据进行解密,使得数据可以有针对性的进行加密或者解密处理,保证数据的安全存储。In the embodiments of the present disclosure, the request sent by the main controller includes the algorithm identifier, so that the encryption chip can select the corresponding algorithm according to the algorithm identifier to encrypt the data to be encrypted and decrypt the data to be decrypted, so that the data can be encrypted in a targeted manner Or decrypt it to ensure the safe storage of data.
可选地,所述待加密数据是明文数据,或者是进行过加密处理的密文数据。所述进行过加密处理的密文数据所述主控器从所述存储器中取出的密文数据。所述待解密数据是所 述主控器从外部设备接收的密文数据,或者是所述主控器从所述存储器中取出的密文数据。Optionally, the data to be encrypted is plaintext data or ciphertext data that has undergone encryption processing. The encrypted ciphertext data is the ciphertext data that the main controller takes out from the memory. The data to be decrypted is ciphertext data received by the main controller from an external device, or ciphertext data taken by the main controller from the memory.
可选地,所述主控器通过SPI总线与所述加密芯片连接。Optionally, the main controller is connected to the encryption chip through an SPI bus.
本公开实施例通过主控器与加密芯片通过SPI总线进行数据传送,使得数据可以更加快速地进行的加密和解密,提高了数据保密装置的工作效率。In the embodiments of the present disclosure, the main controller and the encryption chip perform data transmission through the SPI bus, so that data can be encrypted and decrypted more quickly, and the work efficiency of the data security device is improved.
可选地,所述主控器包括时钟振荡模块,所述时钟振荡模块通过所述SPI总线与所述加密芯片连接,所述时钟振荡模块被配置成使所述SPI总线的传输速率增加预设倍数。Optionally, the main controller includes a clock oscillation module, which is connected to the encryption chip through the SPI bus, and the clock oscillation module is configured to increase the transmission rate of the SPI bus by a preset multiple.
本公开实施例通过时钟振荡模块可以增加SPI总线的传输速率,使得数据可以更加快速地进行的加密和解密,提高了数据保密装置的工作效率。In the embodiments of the present disclosure, the transmission rate of the SPI bus can be increased through the clock oscillation module, so that data can be encrypted and decrypted more quickly, and the working efficiency of the data security device is improved.
本公开实施例还提供了一种数据保密方法,包括:加密芯片通过总线接收主控器发送的加密请求,所述加密请求包括待加密数据;所述加密芯片响应于所述加密请求对所述待加密数据进行加密,得到密文数据;所述加密芯片向所述主控器发送所述密文数据,以使所述主控器将所述密文数据存储至存储器;所述加密芯片接收所述主控器发送的解密请求,所述解密请求包括待解密数据;所述加密芯片响应于所述解密请求对所述待解密数据进行解密,得到明文数据;所述加密芯片向所述主控器发送所述明文数据。The embodiment of the present disclosure also provides a data security method, including: an encryption chip receives an encryption request sent by a main controller through a bus, the encryption request includes data to be encrypted; and the encryption chip responds to the encryption request The data to be encrypted is encrypted to obtain ciphertext data; the encryption chip sends the ciphertext data to the main controller so that the main controller stores the ciphertext data in a memory; the encryption chip receives The decryption request sent by the main controller, the decryption request includes the data to be decrypted; the encryption chip decrypts the data to be decrypted in response to the decryption request to obtain plaintext data; the encryption chip sends the data to the host The controller sends the plaintext data.
本公开实施例通过将接收的待加密数据进行加密,再将密文数据发送至主控器以储存在存储器中,还可以通过将接收的待解密数据进行解密,得到明文数据,再将明文数据发送至主控器。由此,使得外设于主控器的加密芯片进行加密解密,密文数据可以更加安全地进行存储,同时,加密芯片中的加密算法和解密算法也更容易进行更新,并且加密芯片的及时更新也可以使得能够对不同的密文数据进行解密。The embodiment of the present disclosure encrypts the received data to be encrypted, and then sends the ciphertext data to the main controller for storage in the memory. It is also possible to decrypt the received data to be decrypted to obtain plaintext data, and then transfer the plaintext data Send to the main controller. As a result, the encryption chip external to the main controller is encrypted and decrypted, and the ciphertext data can be stored more securely. At the same time, the encryption algorithm and decryption algorithm in the encryption chip are also easier to update, and the encryption chip is updated in time It can also make it possible to decrypt different ciphertext data.
可选地,所述加密请求还包括与所述待加密数据对应的加密算法标识,所述加密芯片被配置成根据所述加密算法标识选择对应的加密算法以对所述待加密数据进行加密,从而得到密文数据。所述解密请求还包括与所述待解密数据对应的解密算法标识,所述加密芯片被配置成根据所述解密算法标识选择对应的解密算法以对所述待解密数据进行解密,从而得到明文数据。Optionally, the encryption request further includes an encryption algorithm identifier corresponding to the data to be encrypted, and the encryption chip is configured to select a corresponding encryption algorithm according to the encryption algorithm identifier to encrypt the data to be encrypted, Thereby, ciphertext data is obtained. The decryption request further includes a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip is configured to select a corresponding decryption algorithm according to the decryption algorithm identifier to decrypt the data to be decrypted, thereby obtaining plaintext data .
本公开实施例在主控器向加密芯片发送的请求中带有算法标识,使得加密芯片可以根据算法标识选择对应的算法对待加密数据进行加密,对待解密数据进行解密,使得数据可以有针对性的进行加密或者解密处理,保证数据的安全存储。The embodiment of the present disclosure includes an algorithm identifier in the request sent by the main controller to the encryption chip, so that the encryption chip can select the corresponding algorithm according to the algorithm identifier to encrypt the data to be encrypted and decrypt the data to be decrypted, so that the data can be targeted Perform encryption or decryption processing to ensure the safe storage of data.
可选地,所述加密芯片根据预先存储的AES算法和/或国密SM算法对数据进行加密处理和/或对所述待解密数据进行解密处理。本公开实施例通过采用AES算法和/或国密SM算法作为加密芯片的加密算法或者解密算法,使得加密芯片可以更加安全、快速地对数据进行加密或者进行解密。Optionally, the encryption chip encrypts the data and/or decrypts the data to be decrypted according to the pre-stored AES algorithm and/or the national secret SM algorithm. The embodiments of the present disclosure adopt the AES algorithm and/or the national secret SM algorithm as the encryption algorithm or the decryption algorithm of the encryption chip, so that the encryption chip can encrypt or decrypt data more safely and quickly.
可选地,所述加密芯片独立于所述主控器设置,所述加密芯片中的算法独立于所述主控器被更新。Optionally, the encryption chip is set independently of the main controller, and the algorithm in the encryption chip is updated independently of the main controller.
本公开实施例还提供了一种电子设备,包括上述的数据保密装置。The embodiment of the present disclosure also provides an electronic device including the above-mentioned data security device.
本公开实施例还提供了一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令使所述计算机执行上述的方法。The embodiments of the present disclosure also provide a non-transitory computer-readable storage medium that stores computer instructions that cause the computer to execute the above-mentioned method.
本公开的其他特征和优点将在随后的说明书阐述,并且,部分地从说明书中变得显而易见,或者通过实施本公开实施例了解。本公开的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present disclosure will be described in the following description, and partly become obvious from the description, or understood by implementing the embodiments of the present disclosure. The objectives and other advantages of the present disclosure can be realized and obtained through the structures specifically pointed out in the written description, claims, and drawings.
附图说明Description of the drawings
为了更清楚地说明本公开实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,应该理解,以下附图仅示出了本公开的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他相关的附图。In order to explain the technical solutions of the embodiments of the present disclosure more clearly, the following will briefly introduce the drawings that need to be used in the embodiments. It should be understood that the following drawings only show certain embodiments of the present disclosure, and therefore do not It should be regarded as a limitation of the scope. For those of ordinary skill in the art, other related drawings can be obtained based on these drawings without creative work.
图1为本公开实施例提供的一种数据保密装置的结构示意图;FIG. 1 is a schematic structural diagram of a data security device provided by an embodiment of the disclosure;
图2为本公开实施例提供的一种主控器与加密芯片连接的引脚结构示意图;2 is a schematic diagram of the pin structure of a main controller connected to an encryption chip according to an embodiment of the disclosure;
图3为本公开实施例提供的一种数据保密方法的流程示意图;FIG. 3 is a schematic flowchart of a data privacy method provided by an embodiment of the disclosure;
图4为本公开实施例提供的一种可以应用于本公开实施例中的电子设备的结构框图。FIG. 4 is a structural block diagram of an electronic device that can be applied to the embodiments of the present disclosure provided by the embodiments of the present disclosure.
图标:10-数据保密装置;110-主控器;120-加密芯片;130-存储器;140-I/O接口;20-外部设备。Icon: 10-data security device; 110-main controller; 120-encryption chip; 130-memory; 140-I/O interface; 20-external equipment.
具体实施方式Detailed ways
下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行描述。The technical solutions in the embodiments of the present disclosure will be described below in conjunction with the drawings in the embodiments of the present disclosure.
应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步定义和解释。同时,在本公开的描述中,术语“第一”、“第二”等仅用于区分描述,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征。在本发明本公开的描述中,“多个”的含义是两个或两个以上,除非另有明确具体的限定。It should be noted that similar reference numerals and letters indicate similar items in the following figures. Therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures. At the same time, in the description of the present disclosure, the terms “first”, “second”, etc. are only used to distinguish the description, and cannot be understood as indicating or implying relative importance or implicitly indicating the number of the indicated technical features. Thus, the features defined with "first" and "second" may explicitly or implicitly include one or more of these features. In the description of the present disclosure of the present invention, "plurality" means two or more, unless otherwise specifically defined.
图1为本公开实施例提供的一种数据保密装置的结构示意图。如图1所示,本公开实施例提供的数据保密装置10可以包括:主控器110、加密芯片120和存储器130,所述主 控器110可以通过总线例如SPI总线与所述加密芯片120以及所述存储器130连接。FIG. 1 is a schematic structural diagram of a data security device provided by an embodiment of the disclosure. As shown in FIG. 1, the data security device 10 provided by the embodiment of the present disclosure may include: a main controller 110, an encryption chip 120, and a memory 130. The main controller 110 may communicate with the encryption chip 120 and the encryption chip 120 via a bus such as an SPI bus. The storage 130 is connected.
可选地,所述主控器110可以被配置成向所述加密芯片120发送加密请求,所述加密请求可以包括待加密数据。所述加密芯片120可以被配置成接收所述主控器110发送的所述加密请求,响应于所接收的加密请求对所述加密请求中的待加密数据进行加密以得到密文数据,并将所述密文数据通过所述总线发送回所述主控器110。所述主控器110还可以被配置成接收所述加密芯片120发送的所述密文数据,并将所述密文数据存储至所述存储器130。Optionally, the main controller 110 may be configured to send an encryption request to the encryption chip 120, and the encryption request may include the data to be encrypted. The encryption chip 120 may be configured to receive the encryption request sent by the main controller 110, in response to the received encryption request, encrypt the data to be encrypted in the encryption request to obtain ciphertext data, and The ciphertext data is sent back to the main controller 110 through the bus. The main controller 110 may also be configured to receive the ciphertext data sent by the encryption chip 120 and store the ciphertext data in the memory 130.
在本公开的实施例中,可选地,主控器110发送至加密芯片120的加密请求还可以包括与待加密数据对应的外部设备标识码。在这种情况下,响应于从主控器110接收到加密请求,加密芯片120可以对加密请求中的待加密数据进行加密以得到对应的密文数据,并且加密芯片120可以将加密得到的密文数据、上述外部设备标识码以及与该密文数据对应的加密算法标识一起发送至主控器110。相应地,主控器110可以将从加密芯片120处接收到的密文数据、外部设备标识码以及与该密文数据对应的加密算法标识一起进行存储。以上述方式,数据保密装置10能够对待加密数据进行保密存储,以便后续能够通过外部设备标识码容易且安全地查看该数据的来源。In the embodiment of the present disclosure, optionally, the encryption request sent by the main controller 110 to the encryption chip 120 may further include an external device identification code corresponding to the data to be encrypted. In this case, in response to receiving the encryption request from the main controller 110, the encryption chip 120 may encrypt the data to be encrypted in the encryption request to obtain the corresponding ciphertext data, and the encryption chip 120 may encrypt the encrypted data. The text data, the aforementioned external device identification code, and the encryption algorithm identification corresponding to the cipher text data are sent to the main controller 110 together. Correspondingly, the main controller 110 may store the ciphertext data received from the encryption chip 120, the external device identification code, and the encryption algorithm identification corresponding to the ciphertext data together. In the above-mentioned manner, the data security device 10 can securely store the encrypted data, so that the source of the data can be easily and safely checked through the external device identification code.
可选地,在本公开实施例中,待加密数据可以为明文数据,或者还可以为需要再次进行加密的密文数据。相应地,在接收到加密请求时,加密芯片120可以对加密请求中包括的作为待加密数据的明文数据进行加密得到密文数据,也可以对加密请求中包括的作为待加密数据的密文数据进行加密,以得到二次加密的密文数据或者多次加密的密文数据。Optionally, in the embodiment of the present disclosure, the data to be encrypted may be plaintext data, or may also be ciphertext data that needs to be encrypted again. Correspondingly, upon receiving the encryption request, the encryption chip 120 may encrypt the plaintext data included in the encryption request as the data to be encrypted to obtain ciphertext data, or may also perform the encryption on the ciphertext data included in the encryption request as the data to be encrypted. Encryption is performed to obtain twice-encrypted ciphertext data or multiple-encrypted ciphertext data.
此外,当与主控器110连接的外部设备20需要数据时,数据保密装置10还可以方便地对密文数据进行针对性解密,以将解密后的数据提供给外部设备20。需要说明的是,本申请中所有的加密芯片120可以为既具有加密功能又具有解密功能的加密解密芯片,为了便于描述将其简称为加密芯片,但这并不代表该芯片仅具有加密功能。In addition, when the external device 20 connected to the main controller 110 needs data, the data security device 10 can also conveniently decrypt the ciphertext data to provide the decrypted data to the external device 20. It should be noted that all the encryption chips 120 in this application may be encryption and decryption chips that have both encryption and decryption functions. For ease of description, they are simply referred to as encryption chips, but this does not mean that the chips only have encryption functions.
具体地,所述主控器110还可以被配置成向所述加密芯片120发送解密请求,所述解密请求可以包括待解密数据。所述加密芯片120还可以被配置成接收所述主控器110发送的所述解密请求,响应于所接收的解密请求对所述解密请求中的待解密数据进行解密以得到明文数据,并将所述明文数据通过所述总线发送至所述主控器110。Specifically, the main controller 110 may also be configured to send a decryption request to the encryption chip 120, and the decryption request may include the data to be decrypted. The encryption chip 120 may also be configured to receive the decryption request sent by the main controller 110, decrypt data to be decrypted in the decryption request in response to the received decryption request to obtain plaintext data, and The plaintext data is sent to the main controller 110 through the bus.
在本公开的实施例中,可选地,主控器110发送至加密芯片120的解密请求还可以包括与待解密数据对应的外部设备标识码。在这种情况下,响应于从主控器110接收到解密请求,加密芯片120可以对解密请求中的待解密数据进行解密以得到对应的明文数据,并且加密芯片120可以将解密得到的明文数据和与该明文数据对应的外部设备标识码一起发 送至主控器110。相应地,主控器110可以根据外部设备标识码将解密得到的明文数据发送至对应的外部设备20,也即,数据保密装置10可以将待解密数据进行解密后传出。In the embodiment of the present disclosure, optionally, the decryption request sent by the main controller 110 to the encryption chip 120 may further include an external device identification code corresponding to the data to be decrypted. In this case, in response to receiving the decryption request from the main controller 110, the encryption chip 120 can decrypt the data to be decrypted in the decryption request to obtain corresponding plaintext data, and the encryption chip 120 can decrypt the plaintext data obtained by decryption. It is sent to the main controller 110 together with the external device identification code corresponding to the plaintext data. Correspondingly, the main controller 110 can send the decrypted plaintext data to the corresponding external device 20 according to the external device identification code, that is, the data security device 10 can decrypt the data to be decrypted before sending it out.
可选地,待解密数据可以是主控器110从存储器130中取出的密文数据,也可以是主控器110从外部设备20接收的密文数据。可选地,具体的待解密数据的来源可以根据实际数据的解密需求进行选择。Optionally, the data to be decrypted may be ciphertext data retrieved from the memory 130 by the main controller 110, or ciphertext data received by the main controller 110 from the external device 20. Optionally, the source of the specific data to be decrypted can be selected according to the decryption requirements of the actual data.
因此,在本公开的实施例中,可选地,主控器110可以将包括待加密数据的加密请求发送至加密芯片120,使得加密芯片120对加密请求中的待加密数据进行加密,得到密文数据,再将密文数据储存在存储器130中;此外,主控器110还可以将包括待解密数据的解密请求发送至加密芯片120,使得加密芯片120对解密请求中的待解密数据进行解密,得到明文数据。以此方式,主控器110可以与加密芯片120分开设置即独立设置,使得外设于主控器的加密芯片120中的加密算法和解密算法可以更容易地进行更新,加密芯片120的及时更新也可以使得密文数据能够更加安全地进行存储,并且加密芯片的及时更新也可以使得能够对不同的密文数据进行解密。Therefore, in the embodiment of the present disclosure, optionally, the main controller 110 may send an encryption request including the data to be encrypted to the encryption chip 120, so that the encryption chip 120 encrypts the data to be encrypted in the encryption request to obtain the encryption. The ciphertext data is stored in the memory 130; in addition, the main controller 110 may also send a decryption request including the data to be decrypted to the encryption chip 120, so that the encryption chip 120 decrypts the data to be decrypted in the decryption request , Get the plaintext data. In this way, the main controller 110 can be set separately from the encryption chip 120, that is, independently, so that the encryption algorithm and decryption algorithm in the encryption chip 120 peripheral to the main controller can be updated more easily, and the encryption chip 120 can be updated in time. The ciphertext data can also be stored more securely, and the timely update of the encryption chip can also enable the decryption of different ciphertext data.
可选地,主控器110可以为能够管理存储的控制器,其可以为单芯片、或者多芯片的组合等。可选地,存储器130可以为机械硬盘、固态硬盘、闪存存储器、或者以闪存为存储的各种存储器,以及新兴的其它类别的存储器130。具体的主控器110和存储器130的类型可以根据实际的数据加密和解密至少之一的需求进行调整。Optionally, the main controller 110 may be a controller capable of managing storage, which may be a single chip or a combination of multiple chips. Optionally, the memory 130 may be a mechanical hard disk, a solid state hard disk, a flash memory, or various memories using flash memory as storage, as well as other emerging types of memory 130. The specific types of the main controller 110 and the memory 130 can be adjusted according to actual requirements for at least one of data encryption and decryption.
可选地,所述主控器110可以通过总线与至少一个I/O接口140连接,所述主控器可以被配置成接收所述I/O接口140发送的包括待加密数据的加密请求,以及可以向所述I/O接口140发送解密后的所述明文数据。Optionally, the main controller 110 may be connected to at least one I/O interface 140 through a bus, and the main controller may be configured to receive an encryption request including the data to be encrypted sent by the I/O interface 140, And the decrypted plaintext data can be sent to the I/O interface 140.
在本公开的实施例中,可选地,主控器110可以通过I/O接口140接收外部设备20发送的包括待加密数据的加密请求,以将加密请求发送至加密芯片120对待加密数据进行加密,得到密文数据,并将密文数据存储至存储器130。In the embodiment of the present disclosure, optionally, the main controller 110 may receive the encryption request including the data to be encrypted sent by the external device 20 through the I/O interface 140, so as to send the encryption request to the encryption chip 120 to perform the encryption on the data to be encrypted. Encryption to obtain ciphertext data, and store the ciphertext data in the memory 130.
可选地,主控器110可以通过I/O接口140从外部设备20接收数据解密请求,该数据解密请求可以包括密钥、数据标识和与所述数据标识对应的外部设备标识码,而不包括待解密数据。相应地,主控器110可以先识别所接收的数据解密请求中的密钥是否与预设密钥一致,若数据解密请求中的密钥与预设密钥一致,则主控器110可以根据所述数据解密请求中的数据标识从存储器130中取得对应的待解密数据,并将所取得的待解密数据包括在解密请求中以发送至加密芯片120进行解密。然后,主控器110可以接收所述加密芯片120返回的通过解密得到的明文数据以及与明文数据对应的外部设备标识码,并根据所述外部设备标识码将该明文数据发送至对应的外部设备20。Optionally, the main controller 110 may receive a data decryption request from the external device 20 through the I/O interface 140, and the data decryption request may include a key, a data identification, and an external device identification code corresponding to the data identification. Including the data to be decrypted. Correspondingly, the main controller 110 may first identify whether the key in the received data decryption request is consistent with the preset key. If the key in the data decryption request is consistent with the preset key, the main controller 110 may The data identifier in the data decryption request obtains the corresponding data to be decrypted from the memory 130, and includes the obtained data to be decrypted in the decryption request to be sent to the encryption chip 120 for decryption. Then, the main controller 110 may receive the plaintext data returned by the encryption chip 120 through decryption and the external device identification code corresponding to the plaintext data, and send the plaintext data to the corresponding external device according to the external device identification code 20.
以此方式,数据保密装置10不仅可以接收待加密数据以对其进行加密存储,也可以向外部设备20发送解密得到的明文数据,保证在数据的写入和读取的过程中,数据保密装置10的存储器130中存储的密文数据的安全传送。In this way, the data security device 10 can not only receive the data to be encrypted for encrypted storage, but can also send the decrypted plaintext data to the external device 20 to ensure that the data security device 10 secure transmission of ciphertext data stored in the memory 130.
可选地,主控器110可以通过总线与一个外部设备20连接,也可以通过多个总线与多个外部设备20连接。外部设备20与主控器110连接的具体数量可以根据实际的数据加密需求进行调整。Optionally, the main controller 110 may be connected to one external device 20 through a bus, or may be connected to multiple external devices 20 through multiple buses. The specific number of connections between the external device 20 and the main controller 110 can be adjusted according to actual data encryption requirements.
可选地,I/O接口140为通用串行总线(Universal Serial Bus,USB)、SD内存卡接口、EMMC接口、CF接口等各种便携式产品接口,将加密请求或者解密请求发送至主控器110。具体的I/O接口140的类型可以根据实际数据传送需求进行调整。Optionally, the I/O interface 140 is various portable product interfaces such as Universal Serial Bus (USB), SD memory card interface, EMMC interface, CF interface, etc., and sends the encryption request or decryption request to the main controller 110. The type of the specific I/O interface 140 can be adjusted according to actual data transmission requirements.
可选地,外部设备20可以为个人电脑(personal computer,PC)、平板电脑、智能手机、个人数字助理(personal digital assistant,PDA)、可穿戴设备等终端。Optionally, the external device 20 may be a terminal such as a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), and a wearable device.
可选地,所述加密芯片120可以根据预先存储的AES算法和/或国密SM算法对数据进行加密处理和/或解密处理。Optionally, the encryption chip 120 may perform encryption processing and/or decryption processing on the data according to the pre-stored AES algorithm and/or the national secret SM algorithm.
在本公开的实施例中,可选地,加密芯片120可以根据预先存储的国标算法AES128/256bit和/或国密SM1/2/3/4算法对数据进行加密处理和/或解密处理。由此,加密芯片120可以更加安全、快速地对待加密数据进行加密,对待解密数据进行解密,确保数据的安全性。In the embodiment of the present disclosure, optionally, the encryption chip 120 may perform encryption processing and/or decryption processing on data according to the pre-stored national standard algorithm AES128/256bit and/or national secret SM1/2/3/4 algorithm. Therefore, the encryption chip 120 can encrypt the data to be encrypted and decrypt the data to be decrypted more safely and quickly, so as to ensure the security of the data.
可选地,加密芯片120中可以预先存储多种加密算法。可选地,可以采用软件烧录的方式对加密算法进行更新,也可以采用更换加密芯片120的方式对加密算法进行更新。可选地,加密芯片120的选择可以根据实际的数据加密需求进行调整。可选地,加密芯片120中还可以预先存储多种解密算法。可选地,还可以采用软件烧录的方式对解密算法进行更新,也可以采用更换加密芯片120的方式对解密算法进行更新。可选地,加密芯片120的选择可以根据实际的数据解密需求进行调整。Optionally, multiple encryption algorithms can be stored in the encryption chip 120 in advance. Optionally, the encryption algorithm can be updated by software burning, or the encryption algorithm can be updated by replacing the encryption chip 120. Optionally, the selection of the encryption chip 120 can be adjusted according to actual data encryption requirements. Optionally, multiple decryption algorithms may be stored in the encryption chip 120 in advance. Optionally, the decryption algorithm can also be updated by software burning, or the decryption algorithm can be updated by replacing the encryption chip 120. Optionally, the selection of the encryption chip 120 can be adjusted according to actual data decryption requirements.
可选地,所述加密请求还可以包括与所述待加密数据对应的加密算法标识。所述加密芯片120可以被配置成根据所述加密算法标识选择对应的加密算法以对所述待加密数据进行加密,从而得到密文数据。可选地,所述解密请求还可以包括与所述待解密数据对应的解密算法标识,所述加密芯片120可以被配置成根据所述解密算法标识选择对应的解密算法以对所述待解密数据进行解密,从而得到明文数据。Optionally, the encryption request may further include an encryption algorithm identifier corresponding to the data to be encrypted. The encryption chip 120 may be configured to select a corresponding encryption algorithm according to the encryption algorithm identifier to encrypt the data to be encrypted, thereby obtaining ciphertext data. Optionally, the decryption request may also include a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip 120 may be configured to select a corresponding decryption algorithm according to the decryption algorithm identifier to perform the decryption on the data to be decrypted. Perform decryption to obtain plaintext data.
在本公开的实施例中,在加密请求包括待加密数据以及与待加密数据对应的加密算法标识的情况下,可选地,所述加密算法标识可以标识AES算法和/或国密SM算法,使得加密芯片120在接收到加密请求后,可以根据加密请求中的加密算法标识选择预先存储的国 标算法AES128/256bit和/或国密SM1/2/3/4算法对待加密数据进行加密。In the embodiment of the present disclosure, in the case that the encryption request includes the data to be encrypted and the encryption algorithm identification corresponding to the data to be encrypted, optionally, the encryption algorithm identification may identify the AES algorithm and/or the national secret SM algorithm, After receiving the encryption request, the encryption chip 120 can select the pre-stored national standard algorithm AES128/256bit and/or the national secret SM1/2/3/4 algorithm to encrypt the encrypted data according to the encryption algorithm identifier in the encryption request.
举例来说,主控器110可以向加密芯片120发送加密请求,其中,加密请求可以包括待加密数据A和对应的加密算法标识a,加密算法标识a对应加密算法①,加密请求还可以包括待加密数据B和对应的加密算法标识b,加密算法标识b对应加密算法②。加密芯片120接收到加密请求后,可以根据加密算法标识a选择对应的加密算法①对待加密数据A进行加密,根据加密算法标识b选择对应的加密算法②对待加密数据B进行加密。For example, the main controller 110 may send an encryption request to the encryption chip 120, where the encryption request may include the data A to be encrypted and the corresponding encryption algorithm identifier a, the encryption algorithm identifier a corresponds to the encryption algorithm ①, and the encryption request may also include the data to be encrypted. Encrypted data B and corresponding encryption algorithm identifier b, and encryption algorithm identifier b corresponds to encryption algorithm ②. After receiving the encryption request, the encryption chip 120 can select the corresponding encryption algorithm ① to encrypt the data A to be encrypted according to the encryption algorithm identifier a, and select the corresponding encryption algorithm ② to encrypt the data B to be encrypted according to the encryption algorithm identifier b.
可选地,在解密请求包括待解密数据以及与所述待解密数据对应的解密算法标识的情况下,所述解密算法标识可以标识AES算法和/或国密SM算法,使得加密芯片120在接收到解密请求后,可以根据解密算法标识选择预先存储的国标算法AES128/256bit或者国密SM1/2/3/4算法对待解密数据进行解密。可选地,若待解密数据为预先存储在存储器130中的密文数据,则可以根据与密文数据对应的加密算法标识得到对应的解密算法标识。Optionally, when the decryption request includes the data to be decrypted and the decryption algorithm identifier corresponding to the data to be decrypted, the decryption algorithm identifier may identify the AES algorithm and/or the national secret SM algorithm, so that the encryption chip 120 is receiving After the decryption request, the pre-stored national standard algorithm AES128/256bit or national secret SM1/2/3/4 algorithm can be selected according to the decryption algorithm identifier to decrypt the data to be decrypted. Optionally, if the data to be decrypted is ciphertext data pre-stored in the memory 130, the corresponding decryption algorithm identifier may be obtained according to the encryption algorithm identifier corresponding to the ciphertext data.
举例来说,主控器110可以向加密芯片120发送解密请求,其中,解密请求可以包括待解密数据C和对应的解密算法标识c,解密算法标识c对应解密算法③,解密请求还可以包括待解密数据D和对应的解密算法标识d,解密算法标识d对应解密算法④。加密芯片120接收到解密请求后,可以根据解密算法标识c选择对应的解密算法③对待解密数据C进行解密,根据解密算法标识d选择对应的解密算法④对待解密数据D进行解密。For example, the main controller 110 may send a decryption request to the encryption chip 120, where the decryption request may include the data C to be decrypted and the corresponding decryption algorithm identifier c, the decryption algorithm identifier c corresponds to the decryption algorithm ③, and the decryption request may also include the data to be decrypted. The decrypted data D and the corresponding decryption algorithm identifier d, the decryption algorithm identifier d corresponds to the decryption algorithm ④. After receiving the decryption request, the encryption chip 120 can select the corresponding decryption algorithm ③ to decrypt the data C to be decrypted according to the decryption algorithm identifier c, and select the corresponding decryption algorithm ④ to decrypt the data D to be decrypted according to the decryption algorithm identifier d.
图2为本公开实施例提供的一种主控器与加密芯片连接的引脚结构示意图,如图2所示,所述主控器110可以通过SPI总线与所述加密芯片120连接。FIG. 2 is a schematic diagram of a pin structure for connecting a main controller and an encryption chip according to an embodiment of the present disclosure. As shown in FIG. 2, the main controller 110 may be connected to the encryption chip 120 via an SPI bus.
在本公开的实施例中,可选地,主控器110与加密芯片120之间的数据可以通过SPI总线进行传输,这可以加快加密芯片120对数据的加密和解密,提高了数据保密装置10的工作效率。In the embodiment of the present disclosure, optionally, the data between the main controller 110 and the encryption chip 120 can be transmitted through the SPI bus, which can speed up the encryption and decryption of the data by the encryption chip 120, and improve the data security device 10. Work efficiency.
可选地,SPI总线可以是一种同步串行外设接口,其可以使主控器与各种外部设备以串行方式进行通信以交换信息。SPI总线可以直接与各个厂家生产的多种标准外部设备相连,包括网络控制器、LCD显示驱动器、A/D转换器和微控制单元等。Optionally, the SPI bus can be a synchronous serial peripheral interface, which can enable the main controller to communicate with various external devices in a serial manner to exchange information. The SPI bus can be directly connected to a variety of standard external devices produced by various manufacturers, including network controllers, LCD display drivers, A/D converters, and micro control units.
可选地,主控器110与加密芯片120中均可以设置有SPI接口,主控器110的SPI接口可以作为主机端,加密芯片120的SPI接口可以作为从机端。可选地,主控器110和加密芯片120可以通过四个信号线(SS1、SCK1、MOSI1、MISO1)来传送加密请求和/或解密请求。主控器110还可以通过三个信号线(GINT0、GINT1、POR)来控制加密芯片120。Optionally, both the main controller 110 and the encryption chip 120 may be provided with an SPI interface, the SPI interface of the main controller 110 may be used as a host side, and the SPI interface of the encryption chip 120 may be used as a slave side. Optionally, the main controller 110 and the encryption chip 120 may transmit the encryption request and/or the decryption request through four signal lines (SS1, SCK1, MOSI1, MISO1). The main controller 110 can also control the encryption chip 120 through three signal lines (GINT0, GINT1, POR).
可选地,加密芯片120的SS1引脚可以与主控器110的SS1引脚连接,加密芯片120的SCK1引脚可以与主控器110的SCK1引脚连接,加密芯片120的MOSI1引脚可以与主控器110的MOSI1引脚连接,加密芯片120的MISO1引脚可以与主控器110的MISO1引 脚连接。加密芯片120的GINT1引脚可以与主控器110的GPIO1引脚连接,加密芯片120的GINT0引脚可以与主控器110的GPIO2引脚连接,加密芯片120的POR引脚可以与主控器110的GPIO3引脚连接。Optionally, the SS1 pin of the encryption chip 120 can be connected to the SS1 pin of the main controller 110, the SCK1 pin of the encryption chip 120 can be connected to the SCK1 pin of the main controller 110, and the MOSI1 pin of the encryption chip 120 can be It is connected to the MOSI1 pin of the main controller 110, and the MISO1 pin of the encryption chip 120 can be connected to the MISO1 pin of the main controller 110. The GINT1 pin of the encryption chip 120 can be connected to the GPIO1 pin of the main controller 110, the GINT0 pin of the encryption chip 120 can be connected to the GPIO2 pin of the main controller 110, and the POR pin of the encryption chip 120 can be connected to the main controller. 110 GPIO3 pin connection.
可选地,在数据保密装置10运行的过程中,主控器110一般可以先向加密芯片120的GINT0引脚发送低电平信号,使得加密芯片120可以从低功耗状态唤醒。然后,主控器110可以读取加密芯片120的GINT1引脚发送的输出信号,当该输出信号为高电平时,表示加密芯片120处于忙碌状态,加密芯片120目前不能接受加密请求或者解密请求。当输出信号为低电平时,表示加密芯片120处于就绪状态,则主控器110可以通过SS1信号线、SCK1信号线、MOSI1信号线和MISO1信号线向加密芯片120发送加密请求或者解密请求,使加密芯片120进行工作。在加密芯片120完成加密或者解密后,可以通过SS1信号线、SCK1信号线、MOSI1信号线和MISO1信号线向主控器110发送密文数据或者明文数据,主控器110在接收到数据之后,可以向加密芯片120的POR引脚发送低电平,使得加密芯片120可以复位,等待主控器110的下一步指令。Optionally, during the operation of the data security device 10, the main controller 110 may generally first send a low-level signal to the GINT0 pin of the encryption chip 120, so that the encryption chip 120 can wake up from a low power consumption state. Then, the main controller 110 can read the output signal sent by the GINT1 pin of the encryption chip 120. When the output signal is high, it indicates that the encryption chip 120 is in a busy state, and the encryption chip 120 cannot currently accept encryption requests or decryption requests. When the output signal is low, it indicates that the encryption chip 120 is in a ready state, and the main controller 110 can send an encryption request or a decryption request to the encryption chip 120 through the SS1 signal line, SCK1 signal line, MOSI1 signal line, and MISO1 signal line, so that The encryption chip 120 works. After the encryption chip 120 completes encryption or decryption, it can send ciphertext data or plaintext data to the main controller 110 through the SS1 signal line, the SCK1 signal line, the MOSI1 signal line and the MISO1 signal line. After the main controller 110 receives the data, A low level can be sent to the POR pin of the encryption chip 120 so that the encryption chip 120 can be reset and wait for the next instruction of the main controller 110.
可选地,主控器110与加密芯片120可以采用全双工模式的SPI总线传送数据,使得主控器110可以向加密芯片120发送加密请求或者解密请求,同时,加密芯片120可以向主控器110发送密文数据或者明文数据,使得数据保密装置10的工作效率可以更高。Optionally, the main controller 110 and the encryption chip 120 can use the full-duplex mode SPI bus to transmit data, so that the main controller 110 can send an encryption request or decryption request to the encryption chip 120, and at the same time, the encryption chip 120 can send data to the main controller. The device 110 sends ciphertext data or plaintext data, so that the working efficiency of the data security device 10 can be higher.
可选地,主控器110包括时钟振荡模块,所述时钟振荡模块通过所述SPI总线与所述加密芯片120连接,所述时钟振荡模块可以被配置成使所述SPI总线的传输速率增加预设倍数。Optionally, the main controller 110 includes a clock oscillation module that is connected to the encryption chip 120 through the SPI bus. The clock oscillation module may be configured to increase the transmission rate of the SPI bus. Set multiples.
在本公开的实施例中,可选地,主控器110中可以设置时钟振荡模块进行倍频处理,使得SPI总线的传输最大速率提升,可以更快地进行主控器110与加密芯片120之间的数据传送,使得数据保密装置10的工作效率可以更高。In the embodiment of the present disclosure, optionally, a clock oscillation module can be provided in the main controller 110 to perform frequency multiplication processing, so that the maximum transmission rate of the SPI bus can be increased, and the main controller 110 and the encryption chip 120 can be performed faster. The data transfer between the two makes the data security device 10 work more efficiently.
举例来说,若SPI总线传输的最大速率为52Mbps,则通过主控器110的时钟振荡模块进行两倍频后,可以将SPI总线传送的最大速率提升至104Mbps,使得主控器与加密芯片120可以进行高速数据传输。For example, if the maximum transmission rate of the SPI bus is 52 Mbps, the maximum transmission rate of the SPI bus can be increased to 104 Mbps after the clock oscillation module of the main controller 110 doubles the frequency, so that the main controller and the encryption chip 120 Can carry on high-speed data transmission.
图3为本公开实施例提供的数据保密方法的流程示意图。如图3所示,本公开实施例提供的数据保密方法可以包括:FIG. 3 is a schematic flowchart of a data privacy method provided by an embodiment of the disclosure. As shown in Figure 3, the data privacy method provided by the embodiment of the present disclosure may include:
步骤310:加密芯片通过总线接收主控器发送的加密请求,所述加密请求可以包括待加密数据。Step 310: The encryption chip receives the encryption request sent by the main controller through the bus, and the encryption request may include the data to be encrypted.
步骤320:所述加密芯片对加密请求中的待加密数据进行加密,得到密文数据。Step 320: The encryption chip encrypts the data to be encrypted in the encryption request to obtain ciphertext data.
步骤330:所述加密芯片向所述主控器发送所述密文数据,以使所述主控器将所述密 文数据存储至存储器。Step 330: The encryption chip sends the ciphertext data to the main controller, so that the main controller stores the ciphertext data in a memory.
在本公开的实施例中,可选地,加密芯片可以接收主控器发送的加密请求,该加密请求可以包括待加密数据。加密芯片可以根据加密请求对待加密数据进行加密,得到密文数据,并向主控器发送密文数据,使得主控器110将密文数据存储至存储器,由此实现数据的保密存储。In the embodiment of the present disclosure, optionally, the encryption chip may receive an encryption request sent by the main controller, and the encryption request may include the data to be encrypted. The encryption chip can encrypt the to-be-encrypted data according to the encryption request to obtain the ciphertext data, and send the ciphertext data to the main controller, so that the main controller 110 stores the ciphertext data in the memory, thereby realizing the confidential storage of the data.
可选地,加密请求可以是主控器从外部设备接收的。可选地,加密请求中的待加密数据也可以是主控器从预先存储的密文数据中取出的。即,加密芯片可以对明文数据进行加密,也可以对密文数据进行再次加密,还可以对明文数据进行多次加密。可选地,加密芯片的具体加密过程可以根据数据加密的需求进行调整。Optionally, the encryption request may be received by the main controller from the external device. Optionally, the to-be-encrypted data in the encryption request may also be taken out by the main controller from pre-stored ciphertext data. That is, the encryption chip can encrypt plaintext data, can also re-encrypt ciphertext data, and can also encrypt plaintext data multiple times. Optionally, the specific encryption process of the encryption chip can be adjusted according to data encryption requirements.
步骤340:所述加密芯片接收所述主控器发送的解密请求,所述解密请求可以包括待解密数据。Step 340: The encryption chip receives a decryption request sent by the main controller, and the decryption request may include data to be decrypted.
步骤350:所述加密芯片对所述解密请求中的待解密数据进行解密,得到明文数据。Step 350: The encryption chip decrypts the data to be decrypted in the decryption request to obtain plaintext data.
步骤360:所述加密芯片向所述主控器发送所述明文数据。Step 360: The encryption chip sends the plaintext data to the main controller.
在本公开的实施例中,可选地,加密芯片还可以接受主控器发送的解密请求,其中,解密请求包括待解密数据。加密芯片可以根据解密请求对待解密数据进行解密,得到明文数据,并向主控器发送明文数据,使得主控器可以将明文数据发送至对应的外部设备。In the embodiment of the present disclosure, optionally, the encryption chip may also accept a decryption request sent by the main controller, where the decryption request includes the data to be decrypted. The encryption chip can decrypt the data to be decrypted according to the decryption request to obtain plaintext data, and send the plaintext data to the main controller, so that the main controller can send the plaintext data to the corresponding external device.
可选地,主控器可以接收外部设备发送的数据解密请求,根据数据解密请求从预先存储的密文数据中取出待解密数据,然后将取出的待解密数据包括在发送给加密芯片的解密请求中。Optionally, the main controller may receive a data decryption request sent by an external device, extract the data to be decrypted from the pre-stored ciphertext data according to the data decryption request, and then include the extracted data to be decrypted in the decryption request sent to the encryption chip in.
可选地,加密芯片可以在接收加密请求对数据进行加密后得到密文数据,再接收解密请求对所述密文数据进行解密;加密芯片还可以先接收解密请求对预先存储的密文数据进行解密,再接收加密请求对待加密数据进行加密。Optionally, the encryption chip may obtain the ciphertext data after receiving the encryption request to encrypt the data, and then receive the decryption request to decrypt the ciphertext data; the encryption chip may also first receive the decryption request and perform the encryption on the pre-stored ciphertext data. Decrypt, and then receive an encryption request to encrypt the data to be encrypted.
可选地,所述加密请求还可以包括与所述待加密数据对应的加密算法标识,所述解密请求还可以包括与所述待解密数据对应的解密算法标识,所述加密芯片可以被配置成根据所述加密算法标识选择对应的加密算法以对所述待加密数据进行加密,所述加密芯片可以被配置成根据所述解密算法标识选择对应的解密算法以对所述待解密数据进行解密。Optionally, the encryption request may also include an encryption algorithm identifier corresponding to the data to be encrypted, the decryption request may also include a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip may be configured to A corresponding encryption algorithm is selected according to the encryption algorithm identifier to encrypt the data to be encrypted, and the encryption chip may be configured to select a corresponding decryption algorithm according to the decryption algorithm identifier to decrypt the data to be decrypted.
在本公开的实施例中,可选地,加密芯片可以根据加密请求中的加密算法标识,从预先存储的加密算法中选择对应的加密算法来对待加密数据进行加密,加密芯片还可以根据解密请求中的解密算法标识,从预先存储的解密算法中选择对应的解密算法来对待解密数据进行解密。In the embodiment of the present disclosure, optionally, the encryption chip can select the corresponding encryption algorithm from the pre-stored encryption algorithms to encrypt the data to be encrypted according to the encryption algorithm identifier in the encryption request, and the encryption chip can also encrypt the data to be encrypted according to the decryption request. In the decryption algorithm identification, select the corresponding decryption algorithm from the pre-stored decryption algorithms to decrypt the data to be decrypted.
可选地,加密算法标识可以由主控器根据外部设备发送的待加密数据的类型进行选择, 还可以由主控器根据待加密数据传送的时间段进行选择。加密算法标识可以被配置成标识预先存储的一种或者多种加密算法。可选地,具体的加密算法标识的选择可以根据实际加密需求进行调整。Optionally, the encryption algorithm identifier may be selected by the main controller according to the type of data to be encrypted sent by the external device, and may also be selected by the main controller according to the time period during which the data to be encrypted is transmitted. The encryption algorithm identifier may be configured to identify one or more encryption algorithms stored in advance. Optionally, the selection of a specific encryption algorithm identifier can be adjusted according to actual encryption requirements.
并且,解密算法标识可以由主控器根据外部设备发送的数据请求的类型进行选择,还可以由主控器根据待解密数据对应的加密算法进行选择。解密算法标识可以被配置成标识预先存储的一种或者多种解密算法。可选地,具体的解密算法标识的选择可以根据实际解密需求进行调整。In addition, the decryption algorithm identification can be selected by the main controller according to the type of the data request sent by the external device, and can also be selected by the main controller according to the encryption algorithm corresponding to the data to be decrypted. The decryption algorithm identification may be configured to identify one or more pre-stored decryption algorithms. Optionally, the selection of a specific decryption algorithm identifier can be adjusted according to actual decryption requirements.
步骤310至步骤360的具体实施请参看上文的详细描述,在此不再赘述。For the specific implementation of step 310 to step 360, please refer to the detailed description above, which will not be repeated here.
请参照图4,图4示出了可以应用本公开实施例中的电子设备40的结构框图。电子设备40可以包括存储设备401、存储控制器402、处理器403、外设接口404、输入输出单元405、显示单元407。Please refer to FIG. 4, which shows a structural block diagram of an electronic device 40 to which the embodiments of the present disclosure can be applied. The electronic device 40 may include a storage device 401, a storage controller 402, a processor 403, a peripheral interface 404, an input output unit 405, and a display unit 407.
可选地,所述存储设备401、存储控制器402、处理器403、外设接口404、输入输出单元405、显示单元407各元件相互之间直接或间接地电性连接,以实现数据的传输或交互。例如,这些元件相互之间可以通过一条或多条通讯总线或信号线实现电性连接。可选地,至少一个软件或固件(firmware)可以存储于所述存储设备401中或者可以固化在操作系统(operating system,OS)中的软件功能模块中。所述处理器403可以被配置成执行存储设备401中存储的可执行模块、软件功能模块或计算机程序。Optionally, the storage device 401, the storage controller 402, the processor 403, the peripheral interface 404, the input output unit 405, and the display unit 407 are directly or indirectly electrically connected to each other to realize data transmission. Or interactive. For example, these components can be electrically connected to each other through one or more communication buses or signal lines. Optionally, at least one piece of software or firmware (firmware) may be stored in the storage device 401 or may be solidified in a software function module in an operating system (OS). The processor 403 may be configured to execute executable modules, software function modules or computer programs stored in the storage device 401.
可选地,存储设备401可以是但不限于:随机存取存储器(Random Access Memory,RAM)、只读存储器(Read Only Memory,ROM)、可编程只读存储器(Programmable Read-Only Memory,PROM)、可擦除只读存储器(Erasable Programmable Read-Only Memory,EPROM)、电可擦除只读存储器(Electric Erasable Programmable Read-Only Memory,EEPROM)等。可选地,存储设备401可以对应于上文描述的存储器130。可选地,存储设备401可以被配置成存储程序,所述处理器403可以在接收到执行指令后,执行所述程序,前述本公开实施例中所描述的加密和/或解密方法可以应用于处理器403中,或者由处理器403实现。Optionally, the storage device 401 may be, but is not limited to: Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read-Only Memory (PROM) , Erasable Programmable Read-Only Memory (EPROM), Electrical Erasable Programmable Read-Only Memory (EEPROM), etc. Optionally, the storage device 401 may correspond to the storage 130 described above. Optionally, the storage device 401 may be configured to store a program, and the processor 403 may execute the program after receiving an execution instruction. The encryption and/or decryption method described in the foregoing embodiments of the present disclosure may be applied to In the processor 403, or implemented by the processor 403.
可选地,处理器403可以是一种集成电路芯片,具有处理信号的能力。可选地,上述处理器403可以是通用处理器,包括中央处理器(Central Processing Unit,简称CPU)、网络处理器(Network Processor,简称NP)等;还可以是数字信号处理器(DSP)、专用集成电路(ASIC)、现成可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。处理器403可以实现或者执行本公开实施例中公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器403也可以是任何常规的处理器等。Optionally, the processor 403 may be an integrated circuit chip with the ability to process signals. Optionally, the aforementioned processor 403 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), Application specific integrated circuit (ASIC), off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component. The processor 403 may implement or execute various methods, steps, and logical block diagrams disclosed in the embodiments of the present disclosure. The general-purpose processor may be a microprocessor or the processor 403 may also be any conventional processor or the like.
可选地,所述外设接口404可以将各种输入/输出装置耦合至处理器403以及存储设备401。在一些实施例中,可选地,外设接口404、处理器403以及存储控制器402可以在单个芯片中实现。在其他一些实例中,可选地,它们可以分别由独立的芯片实现。Optionally, the peripheral interface 404 can couple various input/output devices to the processor 403 and the storage device 401. In some embodiments, optionally, the peripheral interface 404, the processor 403, and the storage controller 402 may be implemented in a single chip. In some other examples, optionally, they can be implemented by independent chips.
可选地,输入输出单元405可以被配置成提供用户输入数据,以实现用户与所述服务器(或本地终端)的交互。所述输入输出单元405可以是但不限于鼠标和键盘等。Optionally, the input and output unit 405 may be configured to provide user input data to realize the interaction between the user and the server (or local terminal). The input and output unit 405 may be, but is not limited to, a mouse, a keyboard, and the like.
可选地,显示单元407可以在所述电子设备40与用户之间提供一个交互界面(例如用户操作界面),或者可以被配置成显示图像数据给用户参考。在本实施例中,所述显示单元407可以是液晶显示器或触控显示器。若为触控显示器,可选地,其可以为支持单点和多点触控操作的电容式触控屏或电阻式触控屏等。支持单点和多点触控操作可以指触控显示器可以感应到来自该触控显示器上的一个或多个位置处同时产生的触控操作,并且可以将该感应到的触控操作交由处理器403进行计算和处理。Optionally, the display unit 407 may provide an interactive interface (for example, a user operation interface) between the electronic device 40 and the user, or may be configured to display image data for the user's reference. In this embodiment, the display unit 407 may be a liquid crystal display or a touch display. If it is a touch display, optionally, it can be a capacitive touch screen or a resistive touch screen that supports single-point and multi-touch operations. Supports single-point and multi-touch operations. It can mean that the touch display can sense simultaneous touch operations from one or more positions on the touch display, and can handle the sensed touch operations The calculator 403 performs calculations and processing.
可以理解,图4所示的结构仅为示意,所述电子设备40还可以包括比图4中所示更多或者更少的组件,或者可以具有与图4所示不同的配置。图4中所示的各组件可以采用硬件、软件或其组合实现,图4提供的电子设备可以被配置成执行上述数据保密方法。It can be understood that the structure shown in FIG. 4 is only for illustration, and the electronic device 40 may also include more or less components than those shown in FIG. 4, or may have a different configuration from that shown in FIG. The components shown in FIG. 4 may be implemented by hardware, software, or a combination thereof, and the electronic device provided in FIG. 4 may be configured to execute the aforementioned data security method.
所属领域的技术人员可以清楚地了解到,为方便和简洁地进行描述,上述设备的具体工作过程可以参考前述方法中的对应过程,在此不再过多赘述。Those skilled in the art can clearly understand that, for the convenience and concise description, the specific working process of the above-mentioned device can refer to the corresponding process in the aforementioned method, which will not be repeated here.
综上所述,本公开实施例提供了数据保密装置10、方法、电子设备及存储介质,所述数据保密装置可以包括:主控器110、加密芯片120和存储器130,所述主控器110可以通过总线与所述加密芯片120以及所述存储器130连接;所述主控器110可以被配置成向所述加密芯片120发送加密请求,所述加密请求可以包括待加密数据;所述加密芯片120可以被配置成接收所述主控器110发送的所述加密请求,响应于所述加密请求对所述加密请求中的待加密数据进行加密以得到密文数据,并将所述密文数据通过所述总线发送至所述主控器110;所述主控器110还可以被配置成接收所述加密芯片120发送的所述密文数据,并将所述密文数据存储至所述存储器130;所述主控器110还可以被配置成向所述加密芯片120发送解密请求,所述解密请求可以包括待解密数据;所述加密芯片120还可以被配置成接收所述主控器110发送的所述解密请求,响应于所述解密请求对所述解密请求中的待解密数据进行解密以得到明文数据,并将所述明文数据通过所述总线发送至所述主控器110。在本公开的实施例中,可选地,主控器110可以将包括待加密数据的加密请求发送至加密芯片120,使得加密芯片120对加密请求中的待加密数据进行加密,得到密文数据,再将密文数据储存在存储器130中;此外,主控器110还可以将包括待解密数据的解密请求发送至加密芯片120,使得加密芯片120对解密请求中的待解密数据进行解密,得到明 文数据。由此,使得外设于主控器110的加密芯片120中的加密算法和解密算法可以更容易地进行更新,也可以使密文数据能够更加安全地进行存储,并且加密芯片的及时更新也可以使得能够对不同的密文数据进行解密。In summary, the embodiments of the present disclosure provide a data security device 10, a method, an electronic device, and a storage medium. The data security device may include a main controller 110, an encryption chip 120, and a memory 130. The main controller 110 It may be connected to the encryption chip 120 and the memory 130 through a bus; the main controller 110 may be configured to send an encryption request to the encryption chip 120, and the encryption request may include the data to be encrypted; the encryption chip 120 may be configured to receive the encryption request sent by the main controller 110, encrypt data to be encrypted in the encryption request in response to the encryption request to obtain ciphertext data, and combine the ciphertext data It is sent to the main controller 110 via the bus; the main controller 110 may also be configured to receive the ciphertext data sent by the encryption chip 120, and store the ciphertext data in the memory 130; the main controller 110 may also be configured to send a decryption request to the encryption chip 120, the decryption request may include the data to be decrypted; the encryption chip 120 may also be configured to receive the main controller 110 The sent decryption request decrypts the to-be-decrypted data in the decryption request in response to the decryption request to obtain plaintext data, and sends the plaintext data to the main controller 110 through the bus. In the embodiment of the present disclosure, optionally, the main controller 110 may send an encryption request including the data to be encrypted to the encryption chip 120, so that the encryption chip 120 encrypts the data to be encrypted in the encryption request to obtain ciphertext data , And then store the ciphertext data in the memory 130; in addition, the main controller 110 may also send a decryption request including the data to be decrypted to the encryption chip 120, so that the encryption chip 120 decrypts the data to be decrypted in the decryption request to obtain Plain text data. As a result, the encryption algorithm and decryption algorithm in the encryption chip 120 external to the main controller 110 can be updated more easily, and the ciphertext data can be stored more securely, and the encryption chip can be updated in time. Make it possible to decrypt different ciphertext data.
在本公开所提供的几个实施例中,应该理解到,所揭露的装置和方法也可以通过其它的方式实现。以上所描述的装置实施例仅仅是示意性的,例如,附图中的流程图和框图示出了根据本公开的多个实施例的装置、方法以及计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框都可以代表一个模块、程序段或代码的一部分,所述模块、程序段或代码的一部分包含一个或多个可以被配置成实现规定的逻辑功能的可执行指令。还应该注意,在一些作为替换的实现方式中,方框中所标注的功能还可以以与附图中所标注的顺序不同的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。还要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。In the several embodiments provided in the present disclosure, it should be understood that the disclosed device and method may also be implemented in other ways. The device embodiments described above are merely illustrative. For example, the flowcharts and block diagrams in the accompanying drawings show possible implementation architectures of the devices, methods, and computer program products according to multiple embodiments of the present disclosure. Function and operation. In this regard, each block in the flowchart or block diagram can represent a module, program segment, or part of the code, and the module, program segment, or part of the code contains one or more that can be configured to implement prescribed Executable instructions for logic functions. It should also be noted that, in some alternative implementations, the functions marked in the block may also occur in a different order from the order marked in the drawings. For example, two consecutive blocks can actually be executed in parallel, or they can sometimes be executed in the reverse order, depending on the functions involved. It should also be noted that each block in the block diagram and/or flowchart, and the combination of the blocks in the block diagram and/or flowchart, can be implemented by a dedicated hardware-based system that performs the specified functions or actions Or it can be realized by a combination of dedicated hardware and computer instructions.
另外,本公开各个实施例中的各功能模块可以集成在一起以形成一个独立的部分,也可以是各个模块单独存在,也可以是两个或两个以上模块集成在一起以形成一个独立的部分。In addition, the functional modules in the various embodiments of the present disclosure may be integrated together to form an independent part, or each module may exist alone, or two or more modules may be integrated together to form an independent part. .
所述功能如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本公开的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)执行本公开各个实施例所述方法的全部或部分步骤。前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)130、随机存取存储器(Random Access Memory,RAM)130、磁碟或者光盘等各种可以存储程序代码的介质。If the function is implemented in the form of a software function module and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present disclosure essentially or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product. The computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present disclosure. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM) 130, random access memory (Random Access Memory, RAM) 130, magnetic disks or optical disks, etc., which can store program code medium.
以上所述仅为本公开的优选实施例而已,并不用于限制本公开,对于本领域的技术人员来说,本公开可以有各种更改和变化。凡在本公开的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本公开的保护范围之内。应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步定义和解释。The foregoing descriptions are only preferred embodiments of the present disclosure, and are not intended to limit the present disclosure. For those skilled in the art, the present disclosure may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure shall be included in the protection scope of the present disclosure. It should be noted that similar reference numerals and letters indicate similar items in the following figures. Therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures.
以上所述仅为本公开的具体实施方式,但本公开的保护范围并不局限于此,任何熟悉 本技术领域的技术人员在本公开揭露的技术范围内可以轻易想到的变化或替换都应涵盖在本公开的保护范围之内。The above are only specific implementations of the present disclosure, but the protection scope of the present disclosure is not limited thereto. Any change or replacement that can be easily conceived by those skilled in the art within the technical scope disclosed in the present disclosure shall be covered Within the protection scope of this disclosure.
需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply one of these entities or operations. There is any such actual relationship or order between. Moreover, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article, or device that includes a series of elements includes not only those elements, but also includes Other elements of, or also include elements inherent to this process, method, article or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other same elements in the process, method, article, or equipment that includes the element.
工业实用性Industrial applicability
本公开的实施例提供的数据保密装置可以通过主控器将包括待加密数据的加密请求发送至加密芯片,使得加密芯片对加密请求中的待加密数据进行加密,得到密文数据,再将密文数据储存在存储器中;还可以通过主控器将包括待解密数据的解密请求发送至加密芯片,使得加密芯片对解密请求中的待解密数据进行解密,得到明文数据。由此,本公开的实施例提供的数据保密装置可以通过主控器与加密芯片的分开设置即独立设置,使得外设于主控器的加密芯片中的加密算法和解密算法可以更容易地进行更新,使得密文数据能够更加安全地进行存储,并且加密芯片的及时更新也可以使得能够对不同的密文数据进行解密。The data security device provided by the embodiment of the present disclosure can send an encryption request including the data to be encrypted to the encryption chip through the main controller, so that the encryption chip encrypts the data to be encrypted in the encryption request to obtain the cipher text data, and then encrypts the data. The text data is stored in the memory; the decryption request including the data to be decrypted can also be sent to the encryption chip through the main controller, so that the encryption chip decrypts the data to be decrypted in the decryption request to obtain plaintext data. Therefore, the data security device provided by the embodiment of the present disclosure can be set separately through the main controller and the encryption chip, that is, set independently, so that the encryption algorithm and decryption algorithm in the encryption chip peripheral to the main controller can be performed more easily The update enables the ciphertext data to be stored more securely, and the timely update of the encryption chip can also enable the decryption of different ciphertext data.

Claims (20)

  1. 一种数据保密装置,其特征在于,包括:A data security device, characterized in that it comprises:
    主控器、加密芯片和存储器,所述主控器通过总线与所述加密芯片以及所述存储器连接;A main controller, an encryption chip and a memory, the main controller being connected to the encryption chip and the memory through a bus;
    所述主控器被配置成向所述加密芯片发送加密请求,所述加密请求包括待加密数据;The main controller is configured to send an encryption request to the encryption chip, the encryption request including data to be encrypted;
    所述加密芯片被配置成接收所述主控器发送的所述加密请求,响应于所述加密请求对所述加密请求中的待加密数据进行加密以得到密文数据,并将所述密文数据通过所述总线发送至所述主控器;The encryption chip is configured to receive the encryption request sent by the main controller, encrypt the data to be encrypted in the encryption request in response to the encryption request to obtain ciphertext data, and combine the ciphertext Data is sent to the master controller via the bus;
    所述主控器还被配置成接收所述加密芯片发送的所述密文数据,并将所述密文数据存储至所述存储器;The main controller is also configured to receive the ciphertext data sent by the encryption chip, and store the ciphertext data in the memory;
    所述主控器还被配置成向所述加密芯片发送解密请求,所述解密请求包括待解密数据;The main controller is further configured to send a decryption request to the encryption chip, where the decryption request includes data to be decrypted;
    所述加密芯片还被配置成接收所述主控器发送的所述解密请求,响应于所述解密请求对所述解密请求中的待解密数据进行解密以得到明文数据,并将所述明文数据通过所述总线发送至所述主控器。The encryption chip is also configured to receive the decryption request sent by the main controller, decrypt the data to be decrypted in the decryption request in response to the decryption request to obtain plaintext data, and combine the plaintext data Send to the main controller via the bus.
  2. 根据权利要求1所述的数据保密装置,其特征在于,所述主控器通过所述总线与至少一个I/O接口连接,所述主控器被配置成接收所述I/O接口发送的所述待加密数据,并向所述I/O接口发送解密后的所述明文数据。The data security device according to claim 1, wherein the main controller is connected to at least one I/O interface through the bus, and the main controller is configured to receive data sent by the I/O interface. The data to be encrypted, and the decrypted plaintext data is sent to the I/O interface.
  3. 根据权利要求1-2中任一项所述的数据保密装置,其特征在于,所述主控器通过所述I/O接口接收外部设备发送的所述待加密数据。The data security device according to any one of claims 1-2, wherein the main controller receives the data to be encrypted sent by an external device through the I/O interface.
  4. 根据权利要求1-3中任一项所述的数据保密装置,其特征在于,所述加密芯片根据预先存储的AES算法和/或国密SM算法对所述待加密数据进行加密处理和/或对所述待解密数据进行解密处理。The data security device according to any one of claims 1-3, wherein the encryption chip encrypts and/or encrypts the data to be encrypted according to the pre-stored AES algorithm and/or the national secret SM algorithm Perform decryption processing on the data to be decrypted.
  5. 根据权利要求1-4中任一项所述的数据保密装置,其特征在于,所述加密芯片独立于所述主控器设置,所述加密芯片中的算法独立于所述主控器被更新。The data security device according to any one of claims 1 to 4, wherein the encryption chip is set independently of the main controller, and the algorithm in the encryption chip is updated independently of the main controller .
  6. 根据权利要求1-5中任一项所述的数据保密装置,其特征在于,所述解密请求还包括与所述待解密数据对应的外部设备标识码,所述主控器根据所述外部设备标识码将解密得到的明文数据发送至对应的外部设备。The data security device according to any one of claims 1 to 5, wherein the decryption request further includes an external device identification code corresponding to the data to be decrypted, and the main controller according to the external device The identification code sends the decrypted plaintext data to the corresponding external device.
  7. 根据权利要求1-6中任一项所述的数据保密装置,其特征在于,所述加密请求还包括与所述待加密数据对应的加密算法标识,所述加密芯片被配置成根据所述加密算法标识选择对应的加密算法以对所述待加密数据进行加密,从而得到密文数据;The data security device according to any one of claims 1-6, wherein the encryption request further includes an encryption algorithm identifier corresponding to the data to be encrypted, and the encryption chip is configured to Algorithm identification: selecting a corresponding encryption algorithm to encrypt the data to be encrypted, thereby obtaining ciphertext data;
  8. 根据权利要求1-7中任一项所述的数据保密装置,其特征在于,所述解密请求还包 括与所述待解密数据对应的解密算法标识,所述加密芯片被配置成根据所述解密算法标识选择对应的解密算法以对所述待解密数据进行解密,从而得到明文数据。The data security device according to any one of claims 1-7, wherein the decryption request further includes a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip is configured to be based on the decryption The algorithm identification selects a corresponding decryption algorithm to decrypt the data to be decrypted, thereby obtaining plaintext data.
  9. 根据权利要求1-8中任一项所述的数据保密装置,其特征在于,所述待加密数据是明文数据,或者是进行过加密处理的密文数据。The data security device according to any one of claims 1-8, wherein the data to be encrypted is plaintext data or ciphertext data that has undergone encryption processing.
  10. 根据权利要求1-9中任一项所述的数据保密装置,其特征在于,所述进行过加密处理的密文数据是所述主控器从所述存储器中取出的密文数据。The data security device according to any one of claims 1-9, wherein the ciphertext data that has undergone encryption processing is ciphertext data retrieved from the memory by the main controller.
  11. 根据权利要求1-10中任一项所述的数据保密装置,其特征在于,所述待解密数据是所述主控器从外部设备接收的密文数据,或者是所述主控器从所述存储器中取出的密文数据。The data security device according to any one of claims 1-10, wherein the data to be decrypted is ciphertext data received by the main controller from an external device, or the main controller receives The ciphertext data fetched from the memory.
  12. 根据权利要求1-11中任一项所述的数据保密装置,其特征在于,所述主控器通过SPI总线与所述加密芯片连接。The data security device according to any one of claims 1-11, wherein the main controller is connected to the encryption chip through an SPI bus.
  13. 根据权利要求1-12中任一项所述的数据保密装置,其特征在于,所述主控器包括时钟振荡模块,所述时钟振荡模块通过所述SPI总线与所述加密芯片连接,所述时钟振荡模块被配置成使所述SPI总线的传输速率增加预设倍数。The data security device according to any one of claims 1-12, wherein the main controller comprises a clock oscillation module, and the clock oscillation module is connected to the encryption chip through the SPI bus, and the The clock oscillation module is configured to increase the transmission rate of the SPI bus by a preset multiple.
  14. 一种数据保密方法,其特征在于,所述方法包括:A data security method, characterized in that the method includes:
    加密芯片通过总线接收主控器发送的加密请求,所述加密请求包括待加密数据;The encryption chip receives the encryption request sent by the main controller through the bus, where the encryption request includes the data to be encrypted;
    所述加密芯片响应于所述加密请求对所述待加密数据进行加密,得到密文数据;The encryption chip encrypts the data to be encrypted in response to the encryption request to obtain ciphertext data;
    所述加密芯片向所述主控器发送所述密文数据,以使所述主控器将所述密文数据存储至存储器;The encryption chip sends the ciphertext data to the main controller, so that the main controller stores the ciphertext data in a memory;
    所述加密芯片接收所述主控器发送的解密请求,所述解密请求包括待解密数据;The encryption chip receives a decryption request sent by the main controller, where the decryption request includes data to be decrypted;
    所述加密芯片响应于所述解密请求对所述待解密数据进行解密,得到明文数据;The encryption chip decrypts the data to be decrypted in response to the decryption request to obtain plaintext data;
    所述加密芯片向所述主控器发送所述明文数据。The encryption chip sends the plaintext data to the main controller.
  15. 根据权利要求14所述的数据保密方法,其特征在于,所述加密请求还包括与所述待加密数据对应的加密算法标识,所述加密芯片被配置成根据所述加密算法标识选择对应的加密算法以对所述待加密数据进行加密,从而得到密文数据。The data security method according to claim 14, wherein the encryption request further includes an encryption algorithm identifier corresponding to the data to be encrypted, and the encryption chip is configured to select a corresponding encryption algorithm according to the encryption algorithm identifier. An algorithm is used to encrypt the data to be encrypted to obtain ciphertext data.
  16. 根据权利要求14-15所述的数据保密方法,其特征在于,所述解密请求还包括与所述待解密数据对应的解密算法标识,所述加密芯片被配置成根据所述解密算法标识选择对应的解密算法以对所述待解密数据进行解密,从而得到明文数据。The data security method according to claims 14-15, wherein the decryption request further includes a decryption algorithm identifier corresponding to the data to be decrypted, and the encryption chip is configured to select the corresponding decryption algorithm identifier according to the decryption algorithm identifier. The decryption algorithm is used to decrypt the to-be-decrypted data to obtain plaintext data.
  17. 根据权利要求14-16所述的数据保密方法,其特征在于,所述加密芯片根据预先存储的AES算法和/或国密SM算法对所述待加密数据进行加密处理和/或对所述待解密数据进行解密处理。The data security method according to claims 14-16, wherein the encryption chip encrypts the data to be encrypted and/or performs encryption processing on the data to be encrypted according to the pre-stored AES algorithm and/or the national secret SM algorithm. Decrypt the data for decryption processing.
  18. 根据权利要求14-17所述的数据保密方法,其特征在于,所述加密芯片独立于所述 主控器设置,所述加密芯片中的算法独立于所述主控器被更新。The data security method according to claims 14-17, wherein the encryption chip is set independently of the main controller, and the algorithm in the encryption chip is updated independently of the main controller.
  19. 一种电子设备,其特征在于,包括根据权利要求1-13中任一项所述的数据保密装置。An electronic device, characterized by comprising the data security device according to any one of claims 1-13.
  20. 一种非暂态计算机可读存储介质,其特征在于,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令使所述计算机执行根据权利要求14-18中任一项所述的方法。A non-transitory computer-readable storage medium, wherein the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions cause the computer to execute the computer according to any one of claims 14-18 Methods.
PCT/CN2019/109064 2019-05-08 2019-09-29 Data security apparatus and method, electronic device, and storage medium WO2020224171A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910379275.3 2019-05-08
CN201910379275.3A CN110084054A (en) 2019-05-08 2019-05-08 A kind of data privacy device, method, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2020224171A1 true WO2020224171A1 (en) 2020-11-12

Family

ID=67419231

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/109064 WO2020224171A1 (en) 2019-05-08 2019-09-29 Data security apparatus and method, electronic device, and storage medium

Country Status (2)

Country Link
CN (1) CN110084054A (en)
WO (1) WO2020224171A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110084054A (en) * 2019-05-08 2019-08-02 深圳豪杰创新电子有限公司 A kind of data privacy device, method, electronic equipment and storage medium
GB2584091A (en) * 2019-05-20 2020-11-25 Oxti Corp Safety communication module
CN110995720B (en) * 2019-12-09 2022-09-23 北京天融信网络安全技术有限公司 Encryption method, device, host terminal and encryption chip
CN111488305B (en) * 2020-03-27 2021-12-17 郑州信大捷安信息技术股份有限公司 Method and system for realizing rapid communication of security chip
CN112148739B (en) * 2020-09-25 2023-12-29 世融能量科技有限公司 Ciphertext index method and system independent of encryption database
CN113093678B (en) * 2021-04-07 2022-12-20 国能(泉州)热电有限公司 Data processing method for power plant DCS (distributed control System)
CN113761560B (en) * 2021-09-15 2022-09-02 北京中科胜芯科技有限公司 On-chip bus system safety transmission device suitable for Soc FPGA
CN114142998B (en) * 2021-11-26 2024-03-15 北京神经元网络技术有限公司 Data encryption processing method and device, electronic equipment and storage medium
CN114172664B (en) * 2021-12-07 2024-02-09 天融信雄安网络安全技术有限公司 Data encryption and data decryption methods and devices, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090037747A1 (en) * 2005-03-23 2009-02-05 Beijing Lenovo Software Ltd. Security Chip
CN101950345A (en) * 2010-09-29 2011-01-19 山东大学 Hardware decryption-based high-reliability terminal equipment and working method thereof
CN102740285A (en) * 2011-04-06 2012-10-17 中兴通讯股份有限公司 Terminal and encryption method
CN105243344A (en) * 2015-11-02 2016-01-13 上海兆芯集成电路有限公司 Chipset with hard disk encryption function and host computer controller
CN110084054A (en) * 2019-05-08 2019-08-02 深圳豪杰创新电子有限公司 A kind of data privacy device, method, electronic equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9325709B2 (en) * 2012-12-21 2016-04-26 Dropbox, Inc. System and method for importing and merging content items from different sources
CN107959567B (en) * 2016-10-14 2021-07-27 阿里巴巴集团控股有限公司 Data storage method, data acquisition method, device and system
CN107256363B (en) * 2017-06-13 2020-03-06 杭州华澜微电子股份有限公司 High-speed encryption and decryption device composed of encryption and decryption module array
CN109325356A (en) * 2018-07-28 2019-02-12 杭州电子科技大学 A kind of encryption card architecture

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090037747A1 (en) * 2005-03-23 2009-02-05 Beijing Lenovo Software Ltd. Security Chip
CN101950345A (en) * 2010-09-29 2011-01-19 山东大学 Hardware decryption-based high-reliability terminal equipment and working method thereof
CN102740285A (en) * 2011-04-06 2012-10-17 中兴通讯股份有限公司 Terminal and encryption method
CN105243344A (en) * 2015-11-02 2016-01-13 上海兆芯集成电路有限公司 Chipset with hard disk encryption function and host computer controller
CN110084054A (en) * 2019-05-08 2019-08-02 深圳豪杰创新电子有限公司 A kind of data privacy device, method, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN110084054A (en) 2019-08-02

Similar Documents

Publication Publication Date Title
WO2020224171A1 (en) Data security apparatus and method, electronic device, and storage medium
CN101551784B (en) Method and device for encrypting data in ATA memory device with USB interface
CN108769027B (en) Secure communication method, device, mobile terminal and storage medium
KR102061483B1 (en) Data processing methods and systems, and wearable electronic devices
USRE47324E1 (en) Data encryption systems and methods
WO2018205456A1 (en) Password input method, computer device, and storage medium
WO2019127863A1 (en) Key saving device and method, key obtaining device and method, and computer readable storage medium
WO2023109235A1 (en) Encryption and decryption initialization configuration method, edge end, encryption and decryption platform and security system
CN113890728A (en) Key processing method, system, equipment and medium based on FPGA encryption card
US8639941B2 (en) Data security in mobile devices
CN110955888B (en) Application program data protection method, device, equipment and storage medium
CN102739393B (en) Hardware encrypting UART (Universal Asynchronous Receiver Transmitter) device based on APB (Advanced Peripheral Bus) bus
US11775652B2 (en) Platform security mechanism
US10380037B2 (en) Secure data transfer with compute stick
TWI253586B (en) Control system for controlling a plurality of computers
CN104915583A (en) Interface decryption processing method and mobile terminal
CN111368322B (en) File decryption method and device, electronic equipment and storage medium
CN103902932B (en) Method for encryption through data encryption and decryption device for USB storage devices
JP5054317B2 (en) Encryption key setting method, network system, management apparatus, information processing terminal, and encryption key setting program
CN113422832B (en) File transmission method, device, equipment and storage medium
CN110837627A (en) Software copyright authentication method, system and equipment based on hard disk serial number
US9628451B2 (en) Power and cost efficient peripheral input
KR20130139207A (en) Portable terminal, and method for securing of transmission data between hardware module of portable terminal
CN102055887A (en) Network camera and data management and control method thereof
EP4086800A1 (en) Integrated circuit module for information security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19927895

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19927895

Country of ref document: EP

Kind code of ref document: A1