WO2024094137A1 - 一种数据传输方法、装置、系统及电子设备和存储介质 - Google Patents

一种数据传输方法、装置、系统及电子设备和存储介质 Download PDF

Info

Publication number
WO2024094137A1
WO2024094137A1 PCT/CN2023/129412 CN2023129412W WO2024094137A1 WO 2024094137 A1 WO2024094137 A1 WO 2024094137A1 CN 2023129412 W CN2023129412 W CN 2023129412W WO 2024094137 A1 WO2024094137 A1 WO 2024094137A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
encrypted
encryption
identifier
read
Prior art date
Application number
PCT/CN2023/129412
Other languages
English (en)
French (fr)
Inventor
孙旭
周玉龙
刘刚
李拓
Original Assignee
山东云海国创云计算装备产业创新中心有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 山东云海国创云计算装备产业创新中心有限公司 filed Critical 山东云海国创云计算装备产业创新中心有限公司
Publication of WO2024094137A1 publication Critical patent/WO2024094137A1/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4063Device-to-bus coupling
    • G06F13/4068Electrical coupling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/163Interprocessor communication
    • G06F15/173Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star, snowflake
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Definitions

  • the present application relates to the field of communication technology, and more specifically, to a data transmission method, device, system, an electronic device, and a computer non-volatile readable storage medium.
  • the AMBA Advanced Microcontroller Bus Architecture
  • APB Advanced Peripheral Bus
  • AHB Advanced High performance Bus
  • AXI Advanced eXtensible Interface
  • the purpose of the present application is to provide a data transmission method, device, system, electronic device and computer non-volatile readable storage medium, which realize encryption processing of AXI instructions and data.
  • the present application provides a data transmission method, which is applied to an internal interconnection module, wherein the internal interconnection module is connected to a plurality of master devices and a plurality of slave devices through an AXI bus, respectively, and the internal interconnection module comprises: an encryption calculation unit connected to each first device, an address decoding unit connected to each encryption calculation unit, each address decoding unit is connected to all second devices, the first device is any one of the master device and the slave device, and the second device is the other one of the master device and the slave device;
  • the method includes: obtaining target content from a first device; wherein the target content includes an address and/or an address identifier; encrypting the address using a first encryption algorithm in an encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or encrypting the address identifier using a second encryption algorithm to obtain an encrypted address identifier; selecting a transmission direction in an address decoding unit corresponding to the first device to determine the corresponding second device, and transmitting data to the second device based on the encrypted address and/or the encrypted address identifier.
  • obtaining the target content from the first device includes: obtaining a write address, a write address identifier and write data from the master device; correspondingly, encrypting the address using a first encryption algorithm in an encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or encrypting the address identifier using a second encryption algorithm to obtain an encrypted address identifier, including:
  • the write address is encrypted using a first encryption algorithm in the encryption calculation unit corresponding to the master device to obtain an encrypted write address.
  • the method comprises: decrypting the encrypted write address using the first decryption algorithm in the address decoding unit corresponding to the master device to obtain the write address, and determining the corresponding slave device based on the write address; sending a write instruction to the corresponding slave device; wherein the write instruction comprises the encrypted write data and the write address identifier.
  • the target content is obtained from the first device, including: obtaining a write response identifier from the slave device; wherein the write response identifier is a write address identifier in the write instruction; accordingly, in the encryption calculation unit corresponding to the first device, the address is encrypted using a first encryption algorithm to obtain an encrypted address, and/or, the address identifier is encrypted using a second encryption algorithm to obtain an encrypted address identifier, including: encrypting the write response identifier using the second encryption algorithm to obtain an encrypted write response identifier; accordingly, in the address decoding unit corresponding to the first device, the transmission direction is selected to determine the corresponding second device, and data is transmitted to the second device based on the encrypted address, and/or, the encrypted address identifier, including: in the address decoding unit corresponding to the slave device, the corresponding master device is determined based on the encrypted write response identifier, and the write operation result is transmitted to the corresponding master device
  • the internal interconnection module also includes a verification unit connected to each master device. Accordingly, the write operation result is transmitted to the corresponding master device based on the encrypted write response identifier, including: verifying whether the encrypted write response identifier is consistent with the encrypted write address identifier in the verification unit corresponding to the master device; if the encrypted write response identifier is consistent with the encrypted write address identifier, sending a write operation completion notification to the master device.
  • obtaining the target content from the first device includes: obtaining a read address and a read address identifier from the master device; correspondingly, encrypting the address using a first encryption algorithm in an encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or encrypting the address identifier using a second encryption algorithm to obtain an encrypted address identifier, including:
  • the read address is encrypted using a first encryption algorithm to obtain an encrypted read address
  • the read address identifier is encrypted using a second encryption algorithm to obtain an encrypted read address identifier
  • the transmission direction is selected to determine the corresponding second device, and data is transmitted to the second device based on the encrypted address and/or the encrypted address identifier, including: in the address decoding unit corresponding to the master device, the encrypted read address is decrypted using a first decryption algorithm to obtain a read address, and the corresponding slave device is determined based on the read address; a read instruction is sent to the corresponding slave device; wherein the read instruction includes the read address identifier.
  • the target content is obtained from the first device, including: obtaining read data and a read response identifier corresponding to the read instruction from the slave device; wherein the read response identifier is a read address identifier in the read instruction; accordingly, in the encryption calculation unit corresponding to the first device, the address is encrypted using a first encryption algorithm to obtain an encrypted address, and/or, the address identifier is encrypted using a second encryption algorithm to obtain an encrypted address identifier, including: in the encryption calculation unit corresponding to the first device, the read response identifier is encrypted using a second encryption algorithm to obtain an encrypted read response identifier; accordingly, in the address decoding unit corresponding to the first device, a transmission direction is selected to determine the corresponding second device, and data is transmitted to the second device based on the encrypted address and/or the encrypted address identifier, including: in the address decoding unit corresponding to the slave device, the corresponding master device is determined based on the encrypted read response
  • the internal interconnection module also includes a verification unit connected to each master device. Accordingly, the read operation result is transmitted to the corresponding master device based on the encrypted read response identifier, including: verifying whether the encrypted read response identifier is consistent with the encrypted read address identifier in the verification unit corresponding to the master device; if the encrypted read response identifier is consistent with the encrypted read address identifier, sending read data and read operation completion notification to the master device.
  • the first encryption algorithm is the SM4 (national secret algorithm SM4) encryption algorithm
  • the second encryption algorithm is the SM3 (national secret algorithm SM3) encryption algorithm.
  • the method also includes: receiving the keys of the first encryption algorithm and the second encryption algorithm sent by the management device.
  • the internal interconnection module further includes an encryption selection unit connected to each first device.
  • the selection unit is connected to each encryption calculation unit, and each encryption selection unit is connected to each address decoding unit; the method also includes: receiving the encryption and decryption configuration enable corresponding to the first device sent by the management device, and storing the encryption and decryption configuration enable in the encryption selection unit corresponding to the first device.
  • the target content before the target content is encrypted by using a preset encryption algorithm in the encryption calculation unit corresponding to the first device to obtain the encrypted content, it also includes: determining whether the encryption and decryption configuration stored in the encryption selection unit corresponding to the first device is enabled; if the encryption and decryption configuration is enabled to be a first preset value, executing the steps of encrypting the address by using the first encryption algorithm in the encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or encrypting the address identifier by using the second encryption algorithm to obtain an encrypted address identifier; if the encryption and decryption configuration is enabled to be a second preset value, selecting the transmission direction in the address decoding unit corresponding to the first device to determine the corresponding second device, and transmitting data to the second device based on the target content.
  • the internal interconnection module further includes an arbitration unit connected to each second device, and each arbitration unit is connected to all address decoding units; the method further includes: arbitrating in the arbitration unit requests of multiple first devices that simultaneously access the corresponding second device.
  • the present application provides a data transmission device, which is applied to an internal interconnection module, and the internal interconnection module is connected to multiple master devices and multiple slave devices through an AXI bus respectively.
  • the internal interconnection module includes: an encryption calculation unit connected to each first device, an address decoding unit connected to each encryption calculation unit, each address decoding unit is connected to all second devices, the first device is any one of the master device and the slave device, and the second device is the other of the master device and the slave device; the device includes: an acquisition submodule, which is configured to acquire target content from the first device; wherein the target content includes an address, and/or an address identifier; an encryption submodule, which is configured to encrypt the address using a first encryption algorithm in the encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or, encrypt the address identifier using a second encryption algorithm to obtain an encrypted address identifier; a transmission submodule, which is configured to select a transmission direction in the address decoding unit
  • the present application provides an electronic device, comprising: a memory configured to store a computer program; and a processor configured to implement the steps of the above data transmission method when executing the computer program.
  • the present application provides a computer non-volatile readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the above data transmission method are implemented.
  • the present application provides a data transmission system, including multiple master devices, an internal interconnection module and multiple slave devices, the internal interconnection module connects the multiple master devices and the multiple slave devices through an AXI bus respectively;
  • the internal interconnection module includes: an encryption calculation unit connected to each first device, configured to use a first encryption algorithm to encrypt an address to be transmitted between the first device and the second device to obtain an encrypted address, and/or, use a second encryption algorithm to encrypt an address identifier to be transmitted between the first device and the second device to obtain an encrypted address identifier; wherein the first device is any one of the master device and the slave device, and the second device is the other of the master device and the slave device; an address decoding unit connected to each encryption calculation unit, configured to select a transmission direction; wherein each address decoding unit is connected to all second devices.
  • the internal interconnection module also includes an encryption selection unit connected to each first device, each encryption selection unit is connected to each encryption calculation unit, and each encryption selection unit is connected to each address decoding unit; the encryption selection unit is configured to control whether the corresponding encryption calculation unit encrypts the address to be transmitted and/or the address identifier.
  • the internal interconnection module further includes an arbitration unit connected to each second device, each arbitration unit is connected to all address decoding units; the arbitration unit is configured to arbitrate requests of multiple first devices to simultaneously access the corresponding second device.
  • the internal interconnection module also includes a verification unit connected to each second device, and each verification unit is connected to each arbitration unit; the verification unit is configured to verify whether the read and write operations are completed.
  • the internal interconnection module further includes a verification unit connected to each second device and configured to verify whether the read and write operations are completed.
  • the internal interconnection module includes: an encryption calculation unit connected to each first device, an address decoding unit connected to each encryption calculation unit, each address decoding unit is connected to all second devices, the first device is any one of the master device and the slave device, and the second device is the other of the master device and the slave device; the method includes: obtaining target content from the first device; wherein the target content includes an address, and/or an address identifier; encrypting the address using a first encryption algorithm in the encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or encrypting the address identifier using a second encryption algorithm to obtain an encrypted address identifier; selecting a transmission direction in the address decoding unit corresponding to the first device to determine the corresponding second device, and transmitting data to the second device based on the encrypted address and/or the encrypted
  • the data transmission method provided by the present application is that the master device and the slave device transmit data through the internal interconnection module, and the internal interconnection module is used to encrypt the data passing through it, ensuring that the data transmitted on the AXI bus are in ciphertext form, thereby ensuring the information security of the entire system.
  • the present application not only encrypts the address, but also encrypts the address identifier, further improving the information security.
  • the dedicated encryption and decryption function is realized through the hardware of the internal interconnection module, it does not occupy additional CPU (Central Processing Unit) resources, nor does it reduce the original bus performance.
  • the present application also discloses a data transmission device, system, an electronic device and a computer non-volatile readable storage medium, which can also achieve the above-mentioned technical effects.
  • FIG1 is a structural diagram of a data transmission system according to an exemplary embodiment
  • FIG2 is a structural diagram of another data transmission system according to an exemplary embodiment
  • FIG3 is a structural diagram of yet another data transmission system according to an exemplary embodiment
  • FIG4 is a flow chart showing a data transmission method according to an exemplary embodiment
  • FIG5 is a flow chart of a data writing method according to an exemplary embodiment
  • FIG6 is a flow chart of a data reading method according to an exemplary embodiment
  • FIG7 is a flow chart showing another method for writing data according to an exemplary embodiment
  • FIG8 is a flow chart showing another data reading method according to an exemplary embodiment
  • FIG9 is a structural diagram of a data transmission device according to an exemplary embodiment
  • Fig. 10 is a structural diagram of an electronic device according to an exemplary embodiment.
  • FIG. 1 is a diagram showing a data transmission system according to an exemplary embodiment.
  • the data transmission system includes a plurality of master devices, an internal interconnection module 20 and a plurality of slave devices, wherein the internal interconnection module 20 connects the plurality of master devices and the plurality of slave devices through an AXI bus; wherein the first device 10 is any one of the master device and the slave device, and the second device 20 is the other one of the master device and the slave device;
  • the internal interconnection module 20 includes: an encryption calculation unit 201 connected to each first device 10, configured to use a first encryption algorithm to encrypt an address that needs to be transmitted between the first device 10 and the second device 20 to obtain an encrypted address, and/or, use a second encryption algorithm to encrypt an address identifier that needs to be transmitted between the first device 10 and the second device 20 to obtain an encrypted address identifier; an address decoding unit 202 connected to each encryption calculation unit 201, configured to select a transmission direction of the encrypted content; wherein each address decoding unit is connected to all second devices.
  • multiple master devices communicate with multiple slave devices through an AXI bus, and multiple master devices and multiple slave devices are respectively connected to an internal interconnect module (ICN) through the AXI bus.
  • the internal interconnect module is responsible for using a preset encryption algorithm to encrypt the target content transmitted between the master device and the slave device to obtain encrypted content.
  • the first device is any one of the master device and the slave device
  • the second device is the other of the master device and the slave device
  • the first device is the sender of the target content
  • the second device is the receiver of the target content.
  • the internal interconnection module includes multiple encryption calculation units and multiple address decoding units, the number of encryption calculation units and address decoding units in the internal interconnection module is consistent with the number of first devices, multiple encryption calculation units are connected to multiple first devices, multiple address decoding units are connected to multiple encryption calculation units, and each address decoding unit is connected to each second device.
  • the encryption calculation unit is responsible for using a preset encryption algorithm to encrypt the target content that the first device needs to send to the second device to obtain encrypted content.
  • the target content may include data and instruction identifiers.
  • the encryption calculation unit may use the SM4 encryption algorithm to encrypt the data and use the SM3 encryption algorithm to encrypt the instruction identifier.
  • the address decoding unit is responsible for selecting the transmission direction of the encrypted content, that is, to which specific second device the encrypted content needs to be sent.
  • the internal interconnection module also includes an encryption selection unit connected to each first device, each encryption selection unit is connected to each encryption calculation unit, and each encryption selection unit is connected to each address decoding unit; the encryption selection unit is configured to control whether the corresponding encryption calculation unit encrypts the address and/or address identifier to be transmitted.
  • each encryption calculation unit and each address decoding unit are connected through different encryption selection units, and each encryption selection unit is connected to the corresponding address decoding unit.
  • the encryption selection unit is used to determine whether the corresponding encryption calculation unit performs encryption processing on the target content. If the first device has performed data encryption processing, the encryption calculation unit does not need to perform encryption processing again, that is, the corresponding encryption calculation unit is skipped. If the first device has not performed encryption processing on the data, the corresponding encryption calculation unit is used to encrypt the data.
  • the internal interconnection module further includes a verification unit connected to each second device, configured to verify whether the read and write operations are completed.
  • the internal interconnection module when the first device is a slave device and the second device is a master device, the internal interconnection module also includes a verification unit connected to each master device, each verification unit is connected to all address decoding units and is configured to verify whether the read and write operations initiated by the corresponding master device are completed.
  • the internal interconnection module further includes an arbitration unit connected to each second device, each arbitration unit being connected to all address decoding units; the arbitration unit is configured to arbitrate requests from multiple first devices to simultaneously access the corresponding second device.
  • the number of arbitration units in the internal interconnection module is consistent with the number of second devices, multiple arbitration units are connected to multiple second devices correspondingly, each arbitration unit is connected to all address decoding units, and the arbitration unit is configured
  • the invention is to arbitrate requests of multiple first devices to access corresponding second devices at the same time.
  • the internal interconnection module also includes a verification unit connected to each second device, and each verification unit is connected to each arbitration unit; the verification unit is configured to verify whether the read and write operations are completed.
  • each arbitration unit and each second device are connected via different verification units, and the verification unit is configured to verify whether the read and write operations are completed.
  • the data transmission system includes two master devices and two slave devices, the first device is the master device, and the second device is the slave device, that is, the master device transmits data to the slave device.
  • the data transmission system includes two master devices, namely, master device 0 (Master_0) and master device 1 (Master_1), an internal interconnect module (ICN), two slave devices, namely, slave device 0 (Slave_0) and slave device 1 (Slave_1), the ICN includes an encryption selection unit (SEL), an encryption calculation unit (encrypt), an address decoding unit (Decoder) and an arbitration unit (arb), the address decoding unit 0 (Decoder_0) is the address decoding unit corresponding to the master device 0 (Master_0), and the arbitration unit 0 ( Arb_0) is the arbitration unit corresponding to slave device 0 (Slave_0), address decoding unit 1 (Decoder_1) is the address decoding unit corresponding to master device 1 (Master_1), arbitration unit 1 (ar
  • the encryption calculation unit (encrypt) includes an SM3 encryption module and an SM4 encryption module.
  • the SM3 encryption module is used to encrypt the instruction identifier using the SM3 encryption algorithm
  • the SM4 encryption module is used to encrypt the data using the SM4 encryption algorithm.
  • the first device is a slave device
  • the second device is a master device, that is, the slave device transmits data to the master device.
  • the data transmission system includes two master devices, namely, master device 0 (Master_0) and master device 1 (Master_1), an internal interconnection module (ICN), and two slave devices, namely, slave device 0 (Slave_0) and slave device 1 (Slave_1).
  • the ICN includes an encryption selection unit (SEL), an encryption calculation unit (encrypt), an address decoding unit (Decoder_ID), an arbitration unit (arb) and a check unit (check).
  • the arbitration unit 0 (arb_0) is the arbitration unit corresponding to the master device 0 (Master_0), and the arbitration unit 1 (arb_1) is the arbitration unit corresponding to the master device 1 (Master_1).
  • the encryption calculation unit (encrypt) includes an SM3 encryption module, which is used to encrypt the instruction identifier using the SM3 encryption algorithm.
  • the embodiment of the present application discloses a data transmission method, which realizes encryption processing of AXI instructions and data.
  • FIG. 4 a flow chart of a data transmission method according to an exemplary embodiment is shown. As shown in FIG. 4 , the method includes:
  • S101 Acquire target content from a first device; wherein the target content includes an address and/or an address identifier;
  • S102 Encrypting the address using a first encryption algorithm in an encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or encrypting the address identifier using a second encryption algorithm to obtain an encrypted address identifier;
  • S103 Select a transmission direction in an address decoding unit corresponding to the first device to determine a corresponding second device, and transmit data to the second device based on the encrypted address and/or the encrypted address identifier.
  • the execution subject of this embodiment is the above-mentioned internal interconnection module, which is connected to multiple master devices and multiple slave devices through the AXI bus respectively.
  • the internal interconnection module includes: an encryption calculation unit connected to each first device, an address decoding unit connected to each encryption calculation unit, and each address decoding unit is connected to all second devices.
  • the first device is any one of the master device and the slave device, and the second device is the other one of the master device and the slave device.
  • the first device sends the target content to the internal interconnection module, which may include an address, an address identifier, etc.
  • the encryption calculation unit in the internal interconnection module encrypts the address using a first encryption algorithm to obtain an encrypted address, and uses The second encryption algorithm encrypts the address identifier to obtain an encrypted address identifier, and the address decoding unit selects a transmission direction to determine the corresponding second device, and transmits data to the second device based on the encrypted content.
  • this embodiment also includes: receiving the keys of the first encryption algorithm and the second encryption algorithm sent by the management device.
  • the management device there is generally a CPU in the SOC system, which is responsible for various parameter configurations, task scheduling and other tasks.
  • one of the main devices can be used as a management device.
  • the CPU in the management device is responsible for sending the keys of the first encryption algorithm and the second encryption algorithm to other main devices, internal interconnection modules, and slave devices.
  • the internal interconnection module also includes an encryption selection unit connected to each first device, each encryption selection unit is connected to each encryption calculation unit, and each encryption selection unit is connected to each address decoding unit; this embodiment also includes: receiving the encryption and decryption configuration enable sent by the management device, and storing the encryption and decryption configuration enable in the encryption selection unit corresponding to the first device.
  • the management device is responsible for sending encryption and decryption configuration enable to the encryption selection units corresponding to other master devices and slave devices.
  • the encryption and decryption configuration enable is used to control whether the corresponding encryption calculation unit encrypts the target content obtained from the first device.
  • the target content before the target content is encrypted by using a preset encryption algorithm in the encryption calculation unit corresponding to the first device to obtain the encrypted content, it also includes: determining whether the encryption and decryption configuration stored in the encryption selection unit corresponding to the first device is enabled; if the encryption and decryption configuration is enabled to be a first preset value, executing the steps of encrypting the address by using the first encryption algorithm in the encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or encrypting the address identifier by using the second encryption algorithm to obtain an encrypted address identifier; if the encryption and decryption configuration is enabled to be a second preset value, selecting the transmission direction in the address decoding unit corresponding to the first device to determine the corresponding second device, and transmitting data to the second device based on the target content.
  • the encryption calculation unit when the encryption and decryption enable is a first preset value (e.g., 1), the encryption calculation unit encrypts the data and instructions sent from the first device; when the encryption and decryption enable is a second preset value (e.g., 0), no encryption is performed.
  • a first preset value e.g. 1
  • the encryption calculation unit encrypts the data and instructions sent from the first device
  • a second preset value e.g., 0
  • no encryption is performed.
  • Using encryption and decryption configuration enable can adapt to more systems. When the master and slave devices themselves have performed data encryption, there is no need to encrypt again, that is, the encryption calculation unit can be skipped. When the master and slave devices themselves cannot perform data encryption and decryption, the encryption calculation unit is used to perform encryption and decryption processing.
  • the data transmission method provided by the embodiment of the present application is that the master device and the slave device transmit data through the internal interconnection module, and the internal interconnection module is used to encrypt the data passing through it, ensuring that the data transmitted on the AXI bus are in ciphertext form, thereby ensuring the information security of the entire system.
  • the present application not only encrypts the address, but also encrypts the address identifier, further improving the information security.
  • the dedicated encryption and decryption function is realized through the hardware of the internal interconnection module, it does not occupy additional CPU resources and does not reduce the original bus performance.
  • the read and write channels of AXI are completely independent and separated, they are also introduced separately in the processing flow section, which are divided into two categories: master to slave transmission and slave to master transmission.
  • the master to slave transmission process includes the write address channel, write data channel, and read address channel.
  • the slave to master transmission includes the read data channel and write response channel.
  • FIG. 5 is a flow chart of a data writing method according to an exemplary embodiment, as shown in FIG. 5 , including:
  • S201 Obtain a write address, a write address identifier, and write data from a master device
  • the write address is encrypted by using the first encryption algorithm to obtain an encrypted write address
  • the write address identifier is encrypted by using the second encryption algorithm to obtain an encrypted write address identifier
  • the write data is encrypted by using the first encryption algorithm to obtain encrypted write data
  • S203 using a first decryption algorithm in an address decoding unit corresponding to the master device to decrypt the encrypted write address to obtain a write address, and determining a corresponding slave device based on the write address;
  • S204 Send a write instruction to the corresponding slave device; wherein the write instruction includes encrypted write data and a write address identifier.
  • the write address and write address identifier belong to the write address channel.
  • the write address axi_awaddr enters the encryption calculation unit, it is encrypted using the first encryption algorithm.
  • the first encryption algorithm can be specifically the SM4 encryption algorithm.
  • the processed data is consistent with the original data length, recorded as encr_awaddr.
  • axi_awid is a write address identifier, and its data length is generally configurable, recorded as awid_length. It is encrypted using the second encryption algorithm, which can be specifically the SM3 encryption algorithm. SM3 is a hash algorithm, and its essence is to perform multiple rounds of iterative compression on the input value. Regardless of the length of the input data, the length of the compressed data (i.e., the digest value) is fixed to 32Byte. Axi_awid is encrypted using the SM3 encryption algorithm, and the calculation result is recorded as digest_awid, and the data length is awid_length.
  • the first encryption algorithm can be specifically the SM4 encryption algorithm.
  • the processed data is consistent with the original data length.
  • the address decoding unit decodes the write address and passes the instructions and data sent by the master device to the corresponding slave device. Since the management device has configured the key to the internal interconnection module during the system startup phase, the internal interconnection module will pass the key to the internal address decoding unit.
  • the address decoding unit has a built-in decryption module, such as the SM4 decryption module, which will first decrypt encr_awaddr to restore the original write address, and then pass the corresponding write instruction to the arbitration unit corresponding to each slave device according to the system preset address mapping table. When multiple master devices access the same slave device at the same time, the arbitration unit arbitrates its selection.
  • FIG. 6 is a flow chart of a data reading method according to an exemplary embodiment, as shown in FIG. 6 , including:
  • S301 Obtain a read address and a read address identifier from a master device
  • S302 using a first encryption algorithm to encrypt the read address in the encryption calculation unit corresponding to the master device to obtain an encrypted read address, and using a second encryption algorithm to encrypt the read address identifier to obtain an encrypted read address identifier;
  • S303 using a first decryption algorithm to decrypt the encrypted read address in an address decoding unit corresponding to the master device to obtain a read address, and determining a corresponding slave device based on the read address;
  • S304 Send a read instruction to the corresponding slave device; wherein the read instruction includes a read address identifier.
  • the read address and read address identifier belong to the read address channel.
  • the read address axi_araddr enters the encryption calculation unit, it is encrypted using the first encryption algorithm.
  • the first encryption algorithm can be specifically the SM4 encryption algorithm.
  • the processed data is consistent with the original data length, which is recorded as encr_araddr.
  • axi_arid is the read address identifier, and its data length is generally configurable, recorded as arid_length. It is encrypted using the second encryption algorithm, which can be specifically the SM3 encryption algorithm. SM3 is a hash algorithm, and its essence is to perform multiple rounds of iterative compression on the input value. Regardless of the length of the input data, the length of the compressed data (i.e., the digest value) is fixed to 32Byte. Axi_arid is encrypted using the SM3 encryption algorithm, and the calculation result is recorded as digest_arid, and the data length is arid_length.
  • the address decoding unit decodes the read address and passes the instructions and data sent by the master device to the corresponding slave device. Since the management device has configured the key to the internal interconnection module during the system startup phase, the internal interconnection module will pass the key to the internal address decoding unit.
  • the address decoding unit has a built-in decryption module, such as the SM4 decryption module, which will first decrypt encr_araddr to restore the original read address, and then pass the corresponding read instruction to the arbitration unit corresponding to each slave device according to the system preset address mapping table. When multiple master devices access the same slave device at the same time, the arbitration unit arbitrates its selection.
  • FIG. 7 is based on an exemplary implementation.
  • a flowchart of another data writing method is shown in FIG7 , including:
  • S401 Obtain a write response identifier from a slave device; wherein the write response identifier is a write address identifier in a write instruction;
  • S402 Encrypting the write response identifier by using a second encryption algorithm in an encryption calculation unit corresponding to the slave device to obtain an encrypted write response identifier;
  • S403 Determine the corresponding master device based on the encrypted write response identifier in the address decoding unit corresponding to the slave device, and transmit the write operation result to the corresponding master device based on the encrypted write response identifier.
  • the write response identifier belongs to the write response channel, axi_bid is the write response identifier, and its value is equal to axi_awid, the write address identifier of the corresponding write instruction. This group of identifiers indicates the correspondence between the write data and the write instruction.
  • the second encryption algorithm is used to encrypt axi_bid, and the calculation result is recorded as digest_bid.
  • Decoder_ID is a decoder based on an identifier (ID), that is, the data transmission direction can be calculated by inputting an identifier.
  • ID identifier
  • the corresponding relationship between the identifier and the main device is the corresponding relationship between the encrypted identifier and the main device.
  • the arbitration unit arbitrates and selects them.
  • transmitting the write operation result to the corresponding master device based on the encrypted write response identifier includes: verifying whether the encrypted write response identifier is consistent with the encrypted write address identifier in the verification unit corresponding to the master device; if the encrypted write response identifier is consistent with the encrypted write address identifier, sending a write operation completion notification to the master device.
  • the verification unit verifies whether the write operation is complete. Specifically, when digest_bid is equal to digest_awid, it indicates that the write operation is completed. If digest_bid is not equal to digest_awid, it indicates that there is an error in the write operation, and the master device decides the subsequent operation.
  • FIG. 8 is a flowchart of another data reading method according to an exemplary embodiment, as shown in FIG. 8 , including:
  • S501 Acquire read data and a read response identifier corresponding to a read instruction from a slave device; wherein the read response identifier is a read address identifier in the read instruction;
  • S502 Encrypt the read response identifier by using a second encryption algorithm in an encryption calculation unit corresponding to the first device to obtain an encrypted read response identifier;
  • S503 Determine the corresponding master device based on the encrypted read response identifier in the address decoding unit corresponding to the slave device, and transmit the read operation result to the corresponding master device based on the encrypted read response identifier; wherein the read operation result at least includes read data.
  • the read response identifier belongs to the read data channel, axi_rid is the read response identifier, and its value is equal to the read address identifier axi_arid of the corresponding read instruction. This group of identifiers indicates the correspondence between the read data and the read instruction.
  • the axi_bid is encrypted using the second encryption algorithm, and the calculation result is recorded as digest_rid.
  • Decoder_ID is a decoder based on an identifier (ID), that is, the data transmission direction can be calculated by inputting an identifier.
  • ID identifier
  • the corresponding relationship between the identifier and the main device is the corresponding relationship between the encrypted identifier and the main device.
  • the arbitration unit arbitrates and selects them.
  • transmitting the read operation result to the corresponding master device based on the encrypted read response identifier includes: verifying whether the encrypted read response identifier is consistent with the encrypted read address identifier in the verification unit corresponding to the master device; if the encrypted read response identifier is consistent with the encrypted read address identifier, sending the read data and read operation completion notification to the master device.
  • the verification unit verifies whether the read operation is complete. Specifically, when digest_arid is equal to digest_rid, it indicates that the read operation is completed and the read data is passed to the corresponding master device; if they are not equal, it indicates that there is an error in the read operation and the master device decides the subsequent operation.
  • the data transmission device is applied to
  • the internal interconnection module is connected to multiple master devices and multiple slave devices through the AXI bus.
  • the data transmission device described below and the data transmission method described above can be referred to each other.
  • FIG. 9 a structural diagram of a data transmission device according to an exemplary embodiment is shown. As shown in FIG. 9 , the device includes:
  • the acquisition submodule 901 is configured to acquire target content from the first device; wherein the target content includes an address and/or an address identifier;
  • the encryption submodule 902 is configured to encrypt the address using a first encryption algorithm in an encryption calculation unit corresponding to the first device to obtain an encrypted address, and/or encrypt the address identifier using a second encryption algorithm to obtain an encrypted address identifier;
  • the transmission submodule 903 is configured to select a transmission direction in the address decoding unit corresponding to the first device to determine the corresponding second device, and transmit data to the second device based on the encrypted address and/or the encrypted address identifier.
  • the data transmission device performs data transmission between the master device and the slave device through an internal interconnection module, and the internal interconnection module is used to encrypt the data passing through it, ensuring that the data transmitted on the AXI bus are in ciphertext form, thereby ensuring the information security of the entire system.
  • the present application not only encrypts the address, but also encrypts the address identifier, further improving the information security.
  • the dedicated encryption and decryption function is realized through the hardware of the internal interconnection module, it does not occupy additional CPU resources and does not reduce the original bus performance.
  • the acquisition submodule 901 is configured to: acquire a write address, a write address identifier and write data from the master device;
  • the encryption submodule 902 is configured as follows: in the encryption calculation unit corresponding to the master device, the write address is encrypted using the first encryption algorithm to obtain an encrypted write address, the write address identifier is encrypted using the second encryption algorithm to obtain an encrypted write address identifier, and the write data is encrypted using the first encryption algorithm to obtain encrypted write data;
  • the transmission submodule 903 is configured as follows: in the address decoding unit corresponding to the master device, the encrypted write address is decrypted using the first decryption algorithm to obtain the write address, and the corresponding slave device is determined based on the write address; a write instruction is sent to the corresponding slave device; wherein the write instruction includes the encrypted write data and the write address identifier.
  • the acquisition submodule 901 is configured to: obtain a write response identifier from the slave device; wherein the write response identifier is a write address identifier in the write instruction; accordingly, the encryption submodule 902 is configured to: encrypt the write response identifier using a second encryption algorithm in the encryption calculation unit corresponding to the slave device to obtain an encrypted write response identifier; accordingly, the transmission submodule 903 is configured to: determine the corresponding master device based on the encrypted write response identifier in the address decoding unit corresponding to the slave device, and transmit the write operation result to the corresponding master device based on the encrypted write response identifier.
  • the internal interconnection module also includes a verification unit connected to each master device, and accordingly, the transmission submodule 903 is configured to: determine the corresponding master device based on the encrypted write response identifier in the address decoding unit corresponding to the slave device, and verify whether the encrypted write response identifier is consistent with the encrypted write address identifier in the verification unit corresponding to the master device; if the encrypted write response identifier is consistent with the encrypted write address identifier, send a write operation completion notification to the master device.
  • the acquisition submodule 901 is configured to: obtain a read address and a read address identifier from the master device; accordingly, the encryption submodule 902 is configured to: encrypt the read address using a first encryption algorithm in the encryption calculation unit corresponding to the master device to obtain an encrypted read address, and encrypt the read address identifier using a second encryption algorithm to obtain an encrypted read address identifier; accordingly, the transmission submodule 903 is configured to: decrypt the encrypted read address using a first decryption algorithm in the address decoding unit corresponding to the master device to obtain a read address, and determine the corresponding slave device based on the read address; send a read instruction to the corresponding slave device; wherein the read instruction includes a read address identifier.
  • the acquisition submodule 901 is configured to: obtain the read data and the read response identifier corresponding to the read instruction from the slave device; wherein the read response identifier is the read address identifier in the read instruction; accordingly, the encryption submodule 902 is configured to: encrypt the read response identifier using the second encryption algorithm in the encryption calculation unit corresponding to the first device to obtain an encrypted read response identifier; accordingly, the transmission submodule 903 is configured to: determine the corresponding master device based on the encrypted read response identifier in the address decoding unit corresponding to the slave device, and transmit the read operation result to the corresponding master device based on the encrypted read response identifier; wherein the read operation result at least includes the read data.
  • the internal interconnection module also includes a verification unit connected to each master device, and accordingly, the transmission submodule 903 is configured to: determine the corresponding master device based on the encrypted read response identifier in the address decoding unit corresponding to the slave device, and verify whether the encrypted read response identifier is consistent with the encrypted read address identifier in the verification unit corresponding to the master device; if the encrypted read response identifier is consistent with the encrypted read address identifier, send the read data and read operation completion notification to the master device.
  • the first encryption algorithm is the SM4 encryption algorithm
  • the second encryption algorithm is the SM3 encryption algorithm
  • a first receiving submodule which is used to receive keys of the first encryption algorithm and the second encryption algorithm sent by the management device.
  • the internal interconnection module also includes an encryption selection unit correspondingly connected to each first device, each encryption selection unit is correspondingly connected to each encryption calculation unit, and each encryption selection unit is correspondingly connected to each address decoding unit; the device also includes: a second receiving submodule, for receiving the encryption and decryption configuration enable corresponding to the first device sent by the management device, and storing the encryption and decryption configuration enable in the encryption selection unit corresponding to the first device.
  • a determination module configured to determine whether the encryption and decryption configuration stored in the encryption selection unit corresponding to the first device is enabled; if the encryption and decryption configuration is enabled to a first preset value, the working process of the encryption submodule 902 is started; if the encryption and decryption configuration is enabled to a second preset value, the transmission direction is selected in the address decoding unit corresponding to the first device to determine the corresponding second device, and data is transmitted to the second device based on the target content.
  • FIG10 is a structural diagram of an electronic device according to an exemplary embodiment. As shown in FIG10, the electronic device includes:
  • Communication interface 1 capable of exchanging information with other devices such as network devices;
  • the processor 2 is connected to the communication interface 1 to realize information exchange with other devices and is used to execute the data transmission method provided by one or more technical solutions when running the computer program.
  • the computer program is stored in the memory 3.
  • bus system 4 is used to realize the connection and communication between these components.
  • bus system 4 also includes a power bus, a control bus and a status signal bus.
  • various buses are marked as the bus system 4 in FIG. 10.
  • the memory 3 in the embodiment of the present application is used to store various types of data to support the operation of the electronic device. Examples of such data include: any computer program used to operate on the electronic device.
  • the memory 3 may be a volatile memory or a non-volatile memory, and may also include a volatile memory and a non-volatile memory. Both non-volatile memory.
  • non-volatile memory can be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic random access memory (FRAM), ferromagnetic random access memory, flash memory, magnetic surface memory, optical disk, or compact disc read-only memory (CD-ROM); magnetic surface memory can be disk memory or tape memory.
  • Volatile memory can be random access memory (RAM), which is used as an external cache.
  • RAM random access memory
  • SRAM static random access memory
  • SSRAM synchronous static random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • DDRSDRAM double data rate synchronous dynamic random access memory
  • ESDRAM enhanced synchronous dynamic random access memory
  • SLDRAM synchronous link dynamic random access memory
  • DRRAM direct memory bus random access memory
  • the method disclosed in the above embodiment of the present application can be applied to the processor 2, or implemented by the processor 2.
  • the processor 2 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method can be completed by the hardware integrated logic circuit in the processor 2 or the instruction in the form of software.
  • the above processor 2 may be a general-purpose processor, a DSP (Digital Signal Processing), or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc.
  • the processor 2 can implement or execute the various methods, steps and logic block diagrams disclosed in the embodiment of the present application.
  • the general-purpose processor may be a microprocessor or any conventional processor, etc.
  • the steps of the method disclosed in the embodiment of the present application can be directly embodied as a hardware decoding processor to execute, or a combination of hardware and software modules in the decoding processor to execute.
  • the software module can be located in a storage medium, which is located in the memory 3.
  • the processor 2 reads the program in the memory 3 and completes the steps of the above method in combination with its hardware.
  • the present application also provides a storage medium, namely a computer storage medium, specifically a non-volatile computer readable storage medium, for example, a memory 3 storing a computer program, and the computer program can be executed by a processor 2 to complete the aforementioned method steps.
  • the non-volatile computer readable storage medium can be a memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface storage, optical disk, or CD-ROM.
  • the above-mentioned integrated unit of the present application is implemented in the form of a software function module and sold or used as an independent product, it can also be stored in a computer-readable storage medium.
  • the computer software product is stored in a storage medium, including several instructions for enabling an electronic device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods of the embodiments of the present application.
  • the aforementioned storage medium includes: various media that can store program codes, such as mobile storage devices, ROM, RAM, magnetic disks or optical disks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

本申请公开了一种数据传输方法、装置、系统及电子设备和非易失性可读存储介质,涉及通信技术领域,解决的技术问题是:如何实现对AXI指令和数据进行加密处理。方法包括:从第一设备处获取目标内容;其中,目标内容包括地址和/或地址标识(S101);在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识(S102);在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址和/或加密地址标识向第二设备传输数据(S103)。本申请保证了在AXI总线上传输的数据均为密文形式,保证了信息安全。

Description

一种数据传输方法、装置、系统及电子设备和存储介质
相关申请的交叉引用
本申请要求于2022年11月03日提交中国专利局,申请号为202211365404.1,申请名称为“一种数据传输方法、装置、系统及电子设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及通信技术领域,更具体地说,涉及一种数据传输方法、装置、系统及一种电子设备和一种计算机非易失性可读存储介质。
背景技术
随着集成电路的不断发展,对SOC(System on Chip,片上系统)芯片的处理速度性能和安全性要求越来越高。系统总线作为连接各个模块的中枢桥梁,对SOC系统的性能起到重要影响,特别是在多个主设备和多个从设备的系统中。AMBA(Advanced Microcontroller Bus Architecture,高级微控制器总线架构)总线是ARM公司与其他芯片公司包括高通、东芝和爱立信共同研发的,以满足SOC系统对于多用户高性能低功耗的需求,并且目前已经得到了广泛的应用。根据总线开发时间及使用环境,AMBA总线又可简要分为APB(Advanced Peripheral Bus,外围总线)、AHB(Advanced High performance Bus,高级高性能总线)和AXI(Advanced eXtensible Interface,先进可扩展接口)总线,其支持的功能越来越复杂,同时开发的难度也越来越大。AXI总线作为高性能总线的代表,对开发人员提出了很高的要求,也对SOC系统的开发周期带来了很大的挑战。
与此同时,由于系统总线承担着整个系统的数据传输的功能,因此系统总线一旦被监听或控制,将会导致挂载在总线上的设备信息泄露,严重的会导致系统数据篡改。因此对总线系统及数据进行加密,保证数据安全,具有极为重要的作用。在相关技术,尚不存在针对AXI总线进行数据和系统加密的技术。
因此,如何对AXI指令和数据进行加密处理是本领域技术人员需要解决的技术问题。
发明内容
本申请的目的在于提供一种数据传输方法、装置、系统及一种电子设备和一种计算机非易失性可读存储介质,实现了对AXI指令和数据进行加密处理。
为实现上述目的,本申请提供了一种数据传输方法,应用于内部互联模块,内部互联模块分别通过AXI总线连接多个主设备和多个从设备,内部互联模块包括:与每个第一设备对应连接的加密计算单元、与每个加密计算单元对应连接的地址译码单元,每个地址译码单元连接所有第二设备,第一设备为主设备和从设备中的任一项,第二设备为主设备和从设备中的另一项;
方法包括:从第一设备处获取目标内容;其中,目标内容包括地址和/或地址标识;在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识;在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址,和/或,加密地址标识向第二设备传输数据。
其中,若第一设备为主设备、第二设备为从设备,则从第一设备处获取目标内容,包括:从主设备获取写地址、写地址标识和写数据;相应的,在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识,包括:
在主设备对应的加密计算单元中利用第一加密算法对写地址进行加密得到加密写地 址,利用第二加密算法对写地址标识进行加密得到加密写地址标识,利用第一加密算法对写数据进行加密得到加密写数据;相应的,在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址和/或加密地址标识向第二设备传输数据,包括:在主设备对应的地址译码单元中利用第一解密算法对加密写地址进行解密得到写地址,并基于写地址确定对应的从设备;向对应的从设备发送写指令;其中,写指令包括加密写数据和写地址标识。
其中,若第一设备为从设备、第二设备为主设备,则从第一设备处获取目标内容,包括:从从设备获取写响应标识;其中,写响应标识为写指令中的写地址标识;相应的,在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识,包括:利用第二加密算法对写响应标识进行加密得到加密写响应标识;相应的,在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址,和/或,加密地址标识向第二设备传输数据,包括:在从设备对应的地址译码单元中基于加密写响应标识确定对应的主设备,并基于加密写响应标识向对应的主设备传输写操作结果。
其中,若第一设备为从设备、第二设备为主设备,内部互联模块还包括与每个主设备对应连接的校验单元,相应的,基于加密写响应标识向对应的主设备传输写操作结果,包括:在主设备对应的校验单元中校验加密写响应标识与加密写地址标识是否一致;若加密写响应标识与加密写地址标识一致,则向主设备发送写操作完成通知。
其中,若第一设备为主设备、第二设备为从设备,则从第一设备处获取目标内容,包括:从主设备获取读地址、读地址标识;相应的,在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识,包括:
在主设备对应的加密计算单元中利用第一加密算法对读地址进行加密得到加密读地址,利用第二加密算法对读地址标识进行加密得到加密读地址标识;相应的,在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址和/或加密地址标识向第二设备传输数据,包括:在主设备对应的地址译码单元中利用第一解密算法对加密读地址进行解密得到读地址,并基于读地址确定对应的从设备;向对应的从设备发送读指令;其中,读指令包括读地址标识。
其中,若第一设备为从设备、第二设备为主设备,则从第一设备处获取目标内容,包括:从从设备获取读指令对应的读数据和读响应标识;其中,读响应标识为读指令中的读地址标识;相应的,在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识,包括:在第一设备对应的加密计算单元中利用第二加密算法对读响应标识进行加密得到加密读响应标识;相应的,在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址和/或加密地址标识向第二设备传输数据,包括:在从设备对应的地址译码单元中基于加密读响应标识确定对应的主设备,并基于加密读响应标识向对应的主设备传输读操作结果;其中,读操作结果至少包括读数据。
其中,若第一设备为从设备、第二设备为主设备,内部互联模块还包括与每个主设备对应连接的校验单元,相应的,基于加密读响应标识向对应的主设备传输读操作结果,包括:在主设备对应的校验单元中校验加密读响应标识与加密读地址标识是否一致;若加密读响应标识与加密读地址标识一致,则向主设备发送读数据和读操作完成通知。
其中,第一加密算法为SM4(国密算法SM4)加密算法,第二加密算法为SM3(国密算法SM3)加密算法。
其中,还包括:接收管理设备发送的第一加密算法和第二加密算法的密钥。
其中,内部互联模块还包括与每个第一设备对应连接的加密选择单元,每个加密选 择单元与每个加密计算单元对应连接,每个加密选择单元与每个地址译码单元对应连接;方法还包括:接收管理设备发送的第一设备对应的加解密配置使能,并将加解密配置使能存储至第一设备对应的加密选择单元中。
其中,在第一设备对应的加密计算单元中利用预设加密算法对目标内容进行加密处理得到加密内容之前,还包括:确定第一设备对应的加密选择单元中存储的加解密配置使能;若加解密配置使能为第一预设值,则执行在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识的步骤;若加解密配置使能为第二预设值,则在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于目标内容向第二设备传输数据。
其中,内部互联模块还包括与每个第二设备对应连接的仲裁单元,每个仲裁单元连接所有地址译码单元;方法还包括:在仲裁单元中对同时访问对应的第二设备的多个第一设备的请求进行仲裁。
为实现上述目的,本申请提供了一种数据传输装置,应用于内部互联模块,内部互联模块分别通过AXI总线连接多个主设备和多个从设备,内部互联模块包括:与每个第一设备对应连接的加密计算单元、与每个加密计算单元对应连接的地址译码单元,每个地址译码单元连接所有第二设备,第一设备为主设备和从设备中的任一项,第二设备为主设备和从设备中的另一项;装置包括:获取子模块,被配置为从第一设备处获取目标内容;其中,目标内容包括地址,和/或,地址标识;加密子模块,被配置为在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识;传输子模块,被配置为在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址,和/或,加密地址标识向第二设备传输数据。
为实现上述目的,本申请提供了一种电子设备,包括:存储器,被配置为存储计算机程序;处理器,被配置为执行计算机程序时实现如上述数据传输方法的步骤。
为实现上述目的,本申请提供了一种计算机非易失性可读存储介质,计算机非易失性可读存储介质上存储有计算机程序,计算机程序被处理器执行时实现如上述数据传输方法的步骤。
为实现上述目的,本申请提供了数据传输系统,包括多个主设备、内部互联模块和多个从设备,内部互联模块分别通过AXI总线连接多个主设备和多个从设备;内部互联模块包括:与每个第一设备对应连接的加密计算单元,被配置为利用第一加密算法对第一设备与第二设备之间需要传输的地址进行加密得到加密地址,和/或,利用第二加密算法对第一设备与第二设备之间需要传输的地址标识进行加密得到加密地址标识;其中,第一设备为主设备和从设备中的任一项,第二设备为主设备和从设备中的另一项;与每个加密计算单元对应连接的地址译码单元,被配置为对传输方向进行选择;其中,每个地址译码单元连接所有第二设备。
其中,内部互联模块还包括与每个第一设备对应连接的加密选择单元,每个加密选择单元与每个加密计算单元对应连接,每个加密选择单元与每个地址译码单元对应连接;加密选择单元,被配置为控制对应的加密计算单元是否对需要传输的地址,和/或,地址标识进行加密处理。
其中,内部互联模块还包括与每个第二设备对应连接的仲裁单元,每个仲裁单元连接所有地址译码单元;仲裁单元,被配置为对同时访问对应的第二设备的多个第一设备的请求进行仲裁。
其中,若第一设备为从设备,第二设备为主设备,则内部互联模块还包括与每个第二设备对应连接的校验单元,每个校验单元与每个仲裁单元对应连接;校验单元,被配置为校验读写操作是否完成。
其中,若第一设备为从设备,第二设备为主设备,则内部互联模块还包括与每个第二设备对应连接的校验单元,被配置为校验读写操作是否完成。
通过以上方案可知,本申请提供的一种数据传输方法,应用于内部互联模块,内部互联模块分别通过AXI总线连接多个主设备和多个从设备,内部互联模块包括:与每个第一设备对应连接的加密计算单元、与每个加密计算单元对应连接的地址译码单元,每个地址译码单元连接所有第二设备,第一设备为主设备和从设备中的任一项,第二设备为主设备和从设备中的另一项;方法包括:从第一设备处获取目标内容;其中,目标内容包括地址,和/或,地址标识;在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识;在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址和/或加密地址标识向第二设备传输数据。
本申请提供的数据传输方法,主设备与从设备之间通过内部互联模块进行数据传输,内部互联模块用于对经过其的数据进行加密,保证了在AXI总线上传输的数据均为密文形式,进而保证了整个系统的信息安全。另外,本申请不仅对地址进行加密,还对地址标识进行加密,进一步提高了信息安全性。同时,由于是通过内部互联模块这一硬件实现专用的加解密功能,因此并不会额外占用CPU(Central Processing Unit,中央处理器)资源,也不会降低原有的总线性能。本申请还公开了一种数据传输装置、系统及一种电子设备和一种计算机非易失性可读存储介质,同样能实现上述技术效果。
应当理解的是,以上的一般描述和后文的细节描述仅是示例性的,并不能限制本申请。
附图说明
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。附图是用来提供对本公开的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本公开,但并不构成对本公开的限制。在附图中:
图1为根据一示例性实施例示出的一种数据传输系统的结构图;
图2为根据一示例性实施例示出的另一种数据传输系统的结构图;
图3为根据一示例性实施例示出的又一种数据传输系统的结构图;
图4为根据一示例性实施例示出的一种数据传输方法的流程图;
图5为根据一示例性实施例示出的一种数据写入方法的流程图;
图6为根据一示例性实施例示出的一种数据读取方法的流程图;
图7根据一示例性实施例示出的另一种数据写入方法的流程图;
图8根据一示例性实施例示出的另一种数据读取方法的流程图;
图9为根据一示例性实施例示出的一种数据传输装置的结构图;
图10为根据一示例性实施例示出的一种电子设备的结构图。
具体实施方式
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。另外,在本申请实施例中,″第一″、″第二″等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。
本实施例公开了一种数据传输系统,参见图1,图1为根据一示例性实施例示出的一 种数据传输系统的结构图。如图1所示,该数据传输系统包括多个主设备、内部互联模块20和多个从设备,内部互联模块20分别通过AXI总线连接多个主设备和多个从设备;其中,第一设备10为主设备和从设备中的任一项,第二设备20为主设备和从设备中的另一项;
内部互联模块20包括:与每个第一设备10对应连接的加密计算单元201,被配置为利用第一加密算法对第一设备10与第二设备20之间需要传输的地址进行加密得到加密地址,和/或,利用第二加密算法对第一设备10与第二设备20之间需要传输的地址标识进行加密得到加密地址标识;与每个加密计算单元201对应连接的地址译码单元202,被配置为对加密内容的传输方向进行选择;其中,每个地址译码单元连接所有第二设备。
在本实施例中,多个主设备与多个从设备之间通过AXI总线通信,多个主设备与多个从设备分别通过AXI总线连接内部互联模块(Interconnect,ICN),内部互联模块负责采用预设加密算法对主设备与从设备之间传输的目标内容进行加密得到加密内容。
本实施例中第一设备为主设备和从设备中的任一项,第二设备为主设备和从设备中的另一项,第一设备为目标内容的发送方,第二设备为目标内容的接收方。内部互联模块包括多个加密计算单元和多个地址译码单元,内部互联模块中加密计算单元和地址译码单元的数量均与第一设备的数量一致,多个加密计算单元与多个第一设备对应连接,多个地址译码单元与多个加密计算单元对应连接,每个地址译码单元均与每个第二设备连接。
加密计算单元负责采用预设加密算法对第一设备需要发送至第二设备的目标内容进行加密得到加密内容,目标内容可以包括数据和指令标识,加密计算单元可以采用SM4加密算法对数据进行加密,采用SM3加密算的对指令标识进行加密。
地址译码单元负责对加密内容的传输方向进行选择,也即需要将加密内容发送至哪个具体的第二设备。
作为一种可选实施方式,内部互联模块还包括与每个第一设备对应连接的加密选择单元,每个加密选择单元与每个加密计算单元对应连接,每个加密选择单元与每个地址译码单元对应连接;加密选择单元,被配置为控制对应的加密计算单元是否对需要传输的地址和/或地址标识进行加密处理。
在可选实施中,每个加密计算单元和每个地址译码单元之间通过不同的加密选择单元进行连接,每个加密选择单元分别与对应的地址译码单元连接。加密选择单元用于对应的加密计算单元是否对目标内容进行加密处理。如果第一设备已经进行了数据加密处理,则不需要加密计算单元再进行加密处理,也即跳过对应的加密计算单元,如果第一设备没有对数据进行加密处理,则利用对应的加密计算单元对数据进行加密处理。
作为一种可选实施方式,若第一设备为从设备,第二设备为主设备,则内部互联模块还包括与每个第二设备对应连接的校验单元,被配置为校验读写操作是否完成。
在可选实施中,当第一设备为从设备、第二设备为主设备时,内部互联模块还包括与每个主设备对应连接的校验单元,每个校验单元连接所有的地址译码单元,被配置为校验对应主设备发起的读写操作是否完成。
作为一种可选实施方式,内部互联模块还包括与每个第二设备对应连接的仲裁单元,每个仲裁单元连接所有地址译码单元;仲裁单元,被配置为对同时访问对应的第二设备的多个第一设备的请求进行仲裁。
在可选实施中,内部互联模块中仲裁单元的数量与第二设备的数量一致,多个仲裁单元与多个第二设备对应连接,每个仲裁单元连接所有地址译码单元,仲裁单元被配置 为对同时访问对应的第二设备的多个第一设备的请求进行仲裁。
作为一种可选实施方式,若第一设备为从设备,第二设备为主设备,则内部互联模块还包括与每个第二设备对应连接的校验单元,每个校验单元与每个仲裁单元对应连接;校验单元,被配置为校验读写操作是否完成。
在可选实施中,从设备向主设备发送数据时,每个仲裁单元和每个第二设备(也即主设备)之间通过不同的校验单元进行连接,校验单元被配置为校验读写操作是否完成。
举例说明,数据传输系统包括两个主设备和两个从设备,第一设备为主设备,第二设备为从设备,也即主设备向从设备传输数据。如图2所示,数据传输系统包括两个主设备分别为主设备0(Master_0)和主设备1(Master_1)、内部互联模块(ICN)、两个从设备分别为从设备0(Slave_0)和从设备1(Slave_1),ICN包括加密选择单元(SEL)、加密计算单元(encrypt)、地址译码单元(Decoder)和仲裁单元(arb),地址译码单元0(Decoder_0)为主设备0(Master_0)对应的地址译码单元,仲裁单元0(arb_0)为从设备0(Slave_0)对应的仲裁单元,地址译码单元1(Decoder_1)为主设备1(Master_1)对应的地址译码单元,仲裁单元1(arb_1)为从设备1(Slave_1)对应的仲裁单元,仲裁单元0(arb_0)连接地址译码单元0(Decoder_0)和地址译码单元1(Decoder_1),仲裁单元1(arb_1)连接地址译码单元0(Decoder_0)和地址译码单元1(Decoder_1)。加密计算单元(encrypt)包括SM3加密模块和SM4加密模块,SM3加密模块用于对指令标识采用SM3加密算法进行加密,SM4加密模块用于对数据采用SM4加密算法进行加密。
第一设备为从设备,第二设备为主设备,也即从设备向主设备传输数据。如图3所示,数据传输系统包括两个主设备分别为主设备0(Master_0)和主设备1(Master_1)、内部互联模块(ICN)、两个从设备分别为从设备0(Slave_0)和从设备1(Slave_1),ICN包括加密选择单元(SEL)、加密计算单元(encrypt)、地址译码单元(Decoder_ID)、仲裁单元(arb)和校验单元(check),仲裁单元0(arb_0)为主设备0(Master_0)对应的仲裁单元,仲裁单元1(arb_1)为主设备1(Master_1)对应的仲裁单元。加密计算单元(encrypt)包括SM3加密模块,用于对指令标识采用SM3加密算法进行加密。
本申请实施例公开了一种数据传输方法,实现了对AXI指令和数据进行加密处理。
参见图4,根据一示例性实施例示出的一种数据传输方法的流程图,如图4所示,包括:
S101:从第一设备处获取目标内容;其中,目标内容包括地址和/或地址标识;
S102:在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识;
S103:在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址,和/或,加密地址标识向第二设备传输数据。
本实施例的执行主体为上述内部互联模块,内部互联模块分别通过AXI总线连接多个主设备和多个从设备,内部互联模块包括:与每个第一设备对应连接的加密计算单元、与每个加密计算单元对应连接的地址译码单元,每个地址译码单元连接所有第二设备。第一设备为主设备和从设备中的任一项,第二设备为主设备和从设备中的另一项。在可选实施中,第一设备向内部互联模块发送目标内容,其中可以包括地址、地址标识等,内部互联模块中的加密计算单元利用第一加密算法对地址进行加密得到加密地址,利用 第二加密算法对地址标识进行加密得到加密地址标识,地址译码单元对传输方向进行选择,以确定对应的第二设备,并基于加密内容向第二设备传输数据。
其中,本实施例还包括:接收管理设备发送的第一加密算法和第二加密算法的密钥。可以理解的是,在SOC系统中一般都会有CPU,负责进行各种参数配置、任务调度等工作。在可选实施中,可以将其中一个主设备作为管理设备,在系统的初始化阶段,管理设备中的CPU负责向其他主设备、内部互联模块、从设备发送第一加密算法和第二加密算法的密钥。
其中,内部互联模块还包括与每个第一设备对应连接的加密选择单元,每个加密选择单元与每个加密计算单元对应连接,每个加密选择单元与每个地址译码单元对应连接;本实施例还包括:接收管理设备发送的加解密配置使能,并将加解密配置使能存储至第一设备对应的加密选择单元中。
在可选实施中,在系统的初始化阶段,管理设备负责向其他主设备和从设备对应的加密选择单元发送加解密配置使能,该加解密配置使能用于控制对应的加密计算单元是否对从第一设备获取到的目标内容进行加密处理。
其中,在第一设备对应的加密计算单元中利用预设加密算法对目标内容进行加密处理得到加密内容之前,还包括:确定第一设备对应的加密选择单元中存储的加解密配置使能;若加解密配置使能为第一预设值,则执行在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识的步骤;若加解密配置使能为第二预设值,则在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于目标内容向第二设备传输数据。
在可选实施中,当加解密使能为第一预设值(例如1)时,则加密计算单元对第一设备发送过来的数据和指令进行加密;当加解密使能为第二预设值(例如0)时,则不进行加密。使用加解密配置使能可以适配更多的系统,当主从设备本身就进行过数据加密时,则不需要再次进行加密,即可以跳过加密计算单元,当主从设备本身不能进行数据加解密时,则使用加密计算单元进行加解密处理。
本申请实施例提供的数据传输方法,主设备与从设备之间通过内部互联模块进行数据传输,内部互联模块用于对经过其的数据进行加密,保证了在AXI总线上传输的数据均为密文形式,进而保证了整个系统的信息安全。另外,本申请不仅对地址进行加密,还对地址标识进行加密,进一步提高了信息安全性。同时,由于是通过内部互联模块这一硬件实现专用的加解密功能,因此并不会额外占用CPU资源,也不会降低原有的总线性能。
由于AXI的读写通道(共5组通道)是完全独立分离的,因此在处理流程部分也分开介绍,分为主设备向从设备传输和从设备向主设备传输两大类。主设备向从设备传输,这个过程包括写地址通道、写数据通道、读地址通道。从设备向主设备传输,则包括读数据通道和写响应通道。
若第一设备为主设备、第二设备为从设备,则参见图2和图5,图5为根据一示例性实施例示出的一种数据写入方法的流程图,如图5所示,包括:
S201:从主设备获取写地址、写地址标识和写数据;
S202:在主设备对应的加密计算单元中利用第一加密算法对写地址进行加密得到加密写地址,利用第二加密算法对写地址标识进行加密得到加密写地址标识,利用第一加密算法对写数据进行加密得到加密写数据;
S203:在主设备对应的地址译码单元中利用第一解密算法对加密写地址进行解密得到写地址,并基于写地址确定对应的从设备;
S204:向对应的从设备发送写指令;其中,写指令包括加密写数据和写地址标识。
写地址和写地址标识属于写地址通道,在可选实施中,当写地址axi_awaddr进入加密计算单元时,利用第一加密算法对其进行加密处理,第一加密算法可以具体为SM4加密算法,处理后数据与原始数据长度一致,记为encr_awaddr。
axi_awid为写地址标识,其数据长度一般是可配置的,记为awid_length。利用第二加密算法对其进行加密处理,第二加密算法可以具体为SM3加密算法,SM3为杂凑算法,其本质为对输入值进行多轮的迭代压缩,不管输入的数据长度为多少,其压缩后的数据(即摘要值)长度固定为32Byte。利用SM3加密算法对axi_awid进行加密处理,其计算结果记为digest_awid,数据长度为awid_length。
当写数据通道的数据axi_wdata进入加密计算单元时,利用第一加密算法对其进行加密处理,第一加密算法可以具体为SM4加密算法,处理后数据与原始数据长度一致。
地址译码单元进行写地址的译码,并将主设备发送的指令和数据的传递到对应的从设备。由于管理设备在系统启动阶段已经向内部互联模块进行了密钥配置,内部互联模块会将密钥传递至内部的地址译码单元中。地址译码单元中内置了解密模块,例如SM4解密模块,首先会将encr_awaddr进行解密处理,还原出原始的写地址,然后根据系统预设的地址映射表,将对应的写指令传递到每个从设备对应的仲裁单元。当多个主设备同时访问同一个从设备时,仲裁单元对其仲裁选择。
若第一设备为主设备、第二设备为从设备,则参见图2和图6,图6为根据一示例性实施例示出的一种数据读取方法的流程图,如图6所示,包括:
S301:从主设备获取读地址、读地址标识;
S302:在主设备对应的加密计算单元中利用第一加密算法对读地址进行加密得到加密读地址,利用第二加密算法对读地址标识进行加密得到加密读地址标识;
S303:在主设备对应的地址译码单元中利用第一解密算法对加密读地址进行解密得到读地址,并基于读地址确定对应的从设备;
S304:向对应的从设备发送读指令;其中,读指令包括读地址标识。
读地址和读地址标识属于读地址通道,在可选实施中,当读地址axi_araddr进入加密计算单元时,利用第一加密算法对其进行加密处理,第一加密算法可以具体为SM4加密算法,处理后数据与原始数据长度一致,记为encr_araddr。
axi_arid为读地址标识,其数据长度一般是可配置的,记为arid_length。利用第二加密算法对其进行加密处理,第二加密算法可以具体为SM3加密算法,SM3为杂凑算法,其本质为对输入值进行多轮的迭代压缩,不管输入的数据长度为多少,其压缩后的数据(即摘要值)长度固定为32Byte。利用SM3加密算法对axi_arid进行加密处理,其计算结果记为digest_arid,数据长度为arid_length。
地址译码单元进行读地址的译码,并将主设备发送的指令和数据的传递到对应的从设备。由于管理设备在系统启动阶段已经向内部互联模块进行了密钥配置,内部互联模块会将密钥传递至内部的地址译码单元中。地址译码单元中内置了解密模块,例如SM4解密模块,首先会将encr_araddr进行解密处理,还原出原始的读地址,然后根据系统预设的地址映射表,将对应的读指令传递到每个从设备对应的仲裁单元。当多个主设备同时访问同一个从设备时,仲裁单元对其仲裁选择。
若第一设备为从设备、第二设备为主设备,则参见图3和图7,图7根据一示例性实施 例示出的另一种数据写入方法的流程图,如图7所示,包括:
S401:从从设备获取写响应标识;其中,写响应标识为写指令中的写地址标识;
S402:在从设备对应的加密计算单元中利用第二加密算法对写响应标识进行加密得到加密写响应标识;
S403:在从设备对应的地址译码单元中基于加密写响应标识确定对应的主设备,并基于加密写响应标识向对应的主设备传输写操作结果。
写响应标识属于写响应通道,axi_bid为写响应标识,其值等于对应的写指令的写地址标识的axi_awid,通过这一组标识表明写数据和写指令的对应关系。利用第二加密算法对axi_bid进行加密处理,其计算结果记为digest_bid。
图3中Decoder_ID为基于标识(ID)的译码,即通过输入的标识就可以计算出数据的传递方向。在本实施例中,标识与主设备之间的对应关系为加密后的标识与主设备的对应关系。
当多个从设备同时访问同一个主设备时,仲裁单元对其仲裁选择。
其中,基于加密写响应标识向对应的主设备传输写操作结果,包括:在主设备对应的校验单元中校验加密写响应标识与加密写地址标识是否一致;若加密写响应标识与加密写地址标识一致,则向主设备发送写操作完成通知。
校验单元对写操作是否完全进行校验,具体的,当digest_bid与digest_awid相等时,表明写操作已完成,若digest_bid与digest_awid不相等,则表明写操作的过程中存在错误,由主设备决定后续的操作。
若第一设备为从设备、第二设备为主设备,则参见图3和图8,图8根据一示例性实施例示出的另一种数据读取方法的流程图,如图8所示,包括:
S501:从从设备获取读指令对应的读数据和读响应标识;其中,读响应标识为读指令中的读地址标识;
S502:在第一设备对应的加密计算单元中利用第二加密算法对读响应标识进行加密得到加密读响应标识;
S503:在从设备对应的地址译码单元中基于加密读响应标识确定对应的主设备,并基于加密读响应标识向对应的主设备传输读操作结果;其中,读操作结果至少包括读数据。
读响应标识属于读数据通道,axi_rid为读响应标识,其值等于对应的读指令的读地址标识的axi_arid,通过这一组标识表明读数据和读指令的对应关系。利用第二加密算法对axi_bid进行加密处理,其计算结果记为digest_rid。
图3中Decoder_ID为基于标识(ID)的译码,即通过输入的标识就可以计算出数据的传递方向。在本实施例中,标识与主设备之间的对应关系为加密后的标识与主设备的对应关系。
当多个从设备同时访问同一个主设备时,仲裁单元对其仲裁选择。
其中,基于加密读响应标识向对应的主设备传输读操作结果,包括:在主设备对应的校验单元中校验加密读响应标识与加密读地址标识是否一致;若加密读响应标识与加密读地址标识一致,则向主设备发送读数据和读操作完成通知。
校验单元对读操作是否完全进行校验,具体的,当digest_arid与digest_rid相等时,表明读操作已完成,将读数据传递到对应的主设备;若不相等,则表明读操作的过程中存在错误,由主设备决定后续的操作。
下面对本申请实施例提供的一种数据传输装置进行介绍,该数据传输装置应用于内 部互联模块,内部互联模块分别通过AXI总线连接多个主设备和多个从设备。下文描述的一种数据传输装置与上文描述的一种数据传输方法可以相互参照。
参见图9,根据一示例性实施例示出的一种数据传输装置的结构图,如图9所示,包括:
获取子模块901,被配置为从第一设备处获取目标内容;其中,目标内容包括地址,和/或,地址标识;
加密子模块902,被配置为在第一设备对应的加密计算单元中利用第一加密算法对地址进行加密得到加密地址,和/或,利用第二加密算法对地址标识进行加密得到加密地址标识;
传输子模块903,被配置为在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于加密地址,和/或,加密地址标识向第二设备传输数据。
本申请提供的数据传输装置,主设备与从设备之间通过内部互联模块进行数据传输,内部互联模块用于对经过其的数据进行加密,保证了在AXI总线上传输的数据均为密文形式,进而保证了整个系统的信息安全。另外,本申请不仅对地址进行加密,还对地址标识进行加密,进一步提高了信息安全性。同时,由于是通过内部互联模块这一硬件实现专用的加解密功能,因此并不会额外占用CPU资源,也不会降低原有的总线性能。
在上述实施例的基础上,作为一种可选实施方式,若第一设备为主设备、第二设备为从设备,则获取子模块901被配置为:从主设备获取写地址、写地址标识和写数据;
相应的,加密子模块902被配置为:在主设备对应的加密计算单元中利用第一加密算法对写地址进行加密得到加密写地址,利用第二加密算法对写地址标识进行加密得到加密写地址标识,利用第一加密算法对写数据进行加密得到加密写数据;相应的,传输子模块903被配置为:在主设备对应的地址译码单元中利用第一解密算法对加密写地址进行解密得到写地址,并基于写地址确定对应的从设备;向对应的从设备发送写指令;其中,写指令包括加密写数据和写地址标识。
在上述实施例的基础上,作为一种可选实施方式,若第一设备为从设备、第二设备为主设备,则获取子模块901被配置为:从从设备获取写响应标识;其中,写响应标识为写指令中的写地址标识;相应的,加密子模块902被配置为:在从设备对应的加密计算单元中利用第二加密算法对写响应标识进行加密得到加密写响应标识;相应的,传输子模块903被配置为:在从设备对应的地址译码单元中基于加密写响应标识确定对应的主设备,并基于加密写响应标识向对应的主设备传输写操作结果。
在上述实施例的基础上,作为一种可选实施方式,若第一设备为从设备、第二设备为主设备,内部互联模块还包括与每个主设备对应连接的校验单元,相应的,传输子模块903被配置为:在从设备对应的地址译码单元中基于加密写响应标识确定对应的主设备,并在主设备对应的校验单元中校验加密写响应标识与加密写地址标识是否一致;若加密写响应标识与加密写地址标识一致,则向主设备发送写操作完成通知。
在上述实施例的基础上,作为一种可选实施方式,若第一设备为主设备、第二设备为从设备,则获取子模块901被配置为:从主设备获取读地址、读地址标识;相应的,加密子模块902被配置为:在主设备对应的加密计算单元中利用第一加密算法对读地址进行加密得到加密读地址,利用第二加密算法对读地址标识进行加密得到加密读地址标识;相应的,传输子模块903被配置为:在主设备对应的地址译码单元中利用第一解密算法对加密读地址进行解密得到读地址,并基于读地址确定对应的从设备;向对应的从设备发送读指令;其中,读指令包括读地址标识。
在上述实施例的基础上,作为一种可选实施方式,若第一设备为从设备、第二设备为主设备,则获取子模块901被配置为:从从设备获取读指令对应的读数据和读响应标识;其中,读响应标识为读指令中的读地址标识;相应的,加密子模块902被配置为:在第一设备对应的加密计算单元中利用第二加密算法对读响应标识进行加密得到加密读响应标识;相应的,传输子模块903被配置为:在从设备对应的地址译码单元中基于加密读响应标识确定对应的主设备,并基于加密读响应标识向对应的主设备传输读操作结果;其中,读操作结果至少包括读数据。
在上述实施例的基础上,作为一种可选实施方式,若第一设备为从设备、第二设备为主设备,内部互联模块还包括与每个主设备对应连接的校验单元,相应的,传输子模块903被配置为:在从设备对应的地址译码单元中基于加密读响应标识确定对应的主设备,并在主设备对应的校验单元中校验加密读响应标识与加密读地址标识是否一致;若加密读响应标识与加密读地址标识一致,则向主设备发送读数据和读操作完成通知。
在上述实施例的基础上,作为一种可选实施方式,第一加密算法为SM4加密算法,第二加密算法为SM3加密算法。
在上述实施例的基础上,作为一种可选实施方式,还包括:第一接收子模块,用于接收管理设备发送的第一加密算法和第二加密算法的密钥。
在上述实施例的基础上,作为一种可选实施方式,内部互联模块还包括与每个第一设备对应连接的加密选择单元,每个加密选择单元与每个加密计算单元对应连接,每个加密选择单元与每个地址译码单元对应连接;装置还包括:第二接收子模块,用于接收管理设备发送的第一设备对应的加解密配置使能,并将加解密配置使能存储至第一设备对应的加密选择单元中。
在上述实施例的基础上,作为一种可选实施方式,还包括:确定模块,被配置为确定第一设备对应的加密选择单元中存储的加解密配置使能;若加解密配置使能为第一预设值,则启动加密子模块902的工作流程;若加解密配置使能为第二预设值,则在第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于目标内容向第二设备传输数据。
关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。
基于上述程序模块的硬件实现,且为了实现本申请实施例的方法,本申请实施例还提供了一种电子设备,图10为根据一示例性实施例示出的一种电子设备的结构图,如图10所示,电子设备包括:
通信接口1,能够与其它设备比如网络设备等进行信息交互;
处理器2,与通信接口1连接,以实现与其它设备进行信息交互,用于运行计算机程序时,执行上述一个或多个技术方案提供的数据传输方法。而计算机程序存储在存储器3上。
当然,实际应用时,电子设备中的各个组件通过总线系统4耦合在一起。可理解,总线系统4用于实现这些组件之间的连接通信。总线系统4除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图10中将各种总线都标为总线系统4。
本申请实施例中的存储器3用于存储各种类型的数据以支持电子设备的操作。这些数据的示例包括:用于在电子设备上操作的任何计算机程序。
可以理解,存储器3可以是易失性存储器或非易失性存储器,也可包括易失性和非易 失性存储器两者。其中,非易失性存储器可以是只读存储器(ROM,Read Only Memory)、可编程只读存储器(PROM,Programmable Read-Only Memory)、可擦除可编程只读存储器(EPROM,Erasable Programmable Read-Only Memory)、电可擦除可编程只读存储器(EEPROM,Electrically Erasable Programmable Read-Only Memory)、磁性随机存取存储器(FRAM,ferromagnetic random access memory)、快闪存储器(Flash Memory)、磁表面存储器、光盘、或只读光盘(CD-ROM,Compact Disc Read-Only Memory);磁表面存储器可以是磁盘存储器或磁带存储器。易失性存储器可以是随机存取存储器(RAM,Random Access Memory),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(SRAM,Static Random Access Memory)、同步静态随机存取存储器(SSRAM,Synchronous Static Random Access Memory)、动态随机存取存储器(DRAM,Dynamic Random Access Memory)、同步动态随机存取存储器(SDRAM,Synchronous Dynamic Random Access Memory)、双倍数据速率同步动态随机存取存储器(DDRSDRAM,Double Data Rate Synchronous Dynamic Random Access Memory)、增强型同步动态随机存取存储器(ESDRAM,Enhanced Synchronous Dynamic Random Access Memory)、同步连接动态随机存取存储器(SLDRAM,SyncLink Dynamic Random Access Memory)、直接内存总线随机存取存储器(DRRAM,Direct Rambus Random Access Memory)。本申请实施例描述的存储器3旨在包括但不限于这些和任意其它适合类型的存储器。
上述本申请实施例揭示的方法可以应用于处理器2中,或者由处理器2实现。处理器2可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器2中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器2可以是通用处理器、DSP(Digital Signal Processing,数字信号处理),或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。处理器2可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本申请实施例所公开的方法的步骤,可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于存储器3,处理器2读取存储器3中的程序,结合其硬件完成前述方法的步骤。
处理器2执行程序时实现本申请实施例的各个方法中的相应流程,为了简洁,在此不再赘述。
在示例性实施例中,本申请实施例还提供了一种存储介质,即计算机存储介质,具体为计算机非易失性可读存储介质,例如包括存储计算机程序的存储器3,上述计算机程序可由处理器2执行,以完成前述方法步骤。计算机非易失性可读存储介质可以是FRAM、ROM、PROM、EPROM、EEPROM、Flash Memory、磁表面存储器、光盘、或CD-ROM等存储器。
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:移动存储设备、ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。
或者,本申请上述集成的单元如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出 来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台电子设备(可以是个人计算机、服务器、或者网络设备等)执行本申请各个实施例方法的全部或部分。而前述的存储介质包括:移动存储设备、ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。
以上,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。

Claims (20)

  1. 一种数据传输方法,其特征在于,应用于内部互联模块,所述内部互联模块分别通过先进可扩展接口AXI总线连接多个主设备和多个从设备,所述内部互联模块包括:与每个第一设备对应连接的加密计算单元、与每个所述加密计算单元对应连接的地址译码单元,每个所述地址译码单元连接所有第二设备,所述第一设备为所述主设备和所述从设备中的任一项,所述第二设备为所述主设备和所述从设备中的另一项;
    所述方法包括:
    从第一设备处获取目标内容;其中,所述目标内容包括地址,和/或,地址标识;
    在所述第一设备对应的加密计算单元中利用第一加密算法对所述地址进行加密得到加密地址,和/或,利用第二加密算法对所述地址标识进行加密得到加密地址标识;
    在所述第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于所述加密地址,和/或,所述加密地址标识向所述第二设备传输数据。
  2. 根据权利要求1所述数据传输方法,其特征在于,若所述第一设备为主设备、所述第二设备为从设备,则所述从第一设备处获取目标内容,包括:
    从所述主设备获取写地址、写地址标识和写数据;
    相应的,在所述第一设备对应的加密计算单元中利用第一加密算法对所述地址进行加密得到加密地址,和/或,利用第二加密算法对所述地址标识进行加密得到加密地址标识,包括:
    在所述主设备对应的加密计算单元中利用第一加密算法对所述写地址进行加密得到加密写地址,利用第二加密算法对所述写地址标识进行加密得到加密写地址标识,利用第一加密算法对所述写数据进行加密得到加密写数据;
    相应的,在所述第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于所述加密地址和/或所述加密地址标识向所述第二设备传输数据,包括:
    在所述主设备对应的地址译码单元中利用第一解密算法对所述加密写地址进行解密得到所述写地址,并基于所述写地址确定对应的从设备;
    向对应的从设备发送写指令;其中,所述写指令包括所述加密写数据和所述写地址标识。
  3. 根据权利要求2所述数据传输方法,其特征在于,若所述第一设备为从设备、所述第二设备为主设备,则所述从第一设备处获取目标内容,包括:
    从所述从设备获取写响应标识;其中,所述写响应标识为所述写指令中的写地址标识;
    相应的,在所述第一设备对应的加密计算单元中利用第一加密算法对所述地址进行加密得到加密地址,和/或,利用第二加密算法对所述地址标识进行加密得到加密地址标识,包括:
    利用第二加密算法对所述写响应标识进行加密得到加密写响应标识;
    相应的,在所述第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于所述加密地址和/或所述加密地址标识向所述第二设备传输数据,包括:
    在所述从设备对应的地址译码单元中基于所述加密写响应标识确定对应的主设备,并基于所述加密写响应标识向对应的主设备传输写操作结果。
  4. 根据权利要求3所述数据传输方法,其特征在于,若所述第一设备为从设备、所 述第二设备为主设备,所述内部互联模块还包括与每个所述主设备对应连接的校验单元,相应的,所述基于所述加密写响应标识向对应的主设备传输写操作结果,包括:
    在所述主设备对应的校验单元中校验所述加密写响应标识与所述加密写地址标识是否一致;
    若所述加密写响应标识与所述加密写地址标识一致,则向所述主设备发送写操作完成通知。
  5. 根据权利要求1所述数据传输方法,其特征在于,若所述第一设备为主设备、所述第二设备为从设备,则所述从第一设备处获取目标内容,包括:
    从主设备获取读地址、读地址标识;
    相应的,在所述第一设备对应的加密计算单元中利用第一加密算法对所述地址进行加密得到加密地址,和/或,利用第二加密算法对所述地址标识进行加密得到加密地址标识,包括:
    在所述主设备对应的加密计算单元中利用第一加密算法对所述读地址进行加密得到加密读地址,利用第二加密算法对所述读地址标识进行加密得到加密读地址标识;
    相应的,在所述第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于所述加密地址和/或所述加密地址标识向所述第二设备传输数据,包括:
    在所述主设备对应的地址译码单元中利用第一解密算法对所述加密读地址进行解密得到所述读地址,并基于所述读地址确定对应的从设备;
    向对应的从设备发送读指令;其中,所述读指令包括所述读地址标识。
  6. 根据权利要求5所述数据传输方法,其特征在于,若所述第一设备为从设备、所述第二设备为主设备,则所述从第一设备处获取目标内容,包括:
    从所述从设备获取所述读指令对应的读数据和读响应标识;其中,所述读响应标识为所述读指令中的读地址标识;
    相应的,在所述第一设备对应的加密计算单元中利用第一加密算法对所述地址进行加密得到加密地址,和/或,利用第二加密算法对所述地址标识进行加密得到加密地址标识,包括:
    在所述第一设备对应的加密计算单元中利用第二加密算法对所述读响应标识进行加密得到加密读响应标识;
    相应的,在所述第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于所述加密地址和/或所述加密地址标识向所述第二设备传输数据,包括:
    在所述从设备对应的地址译码单元中基于所述加密读响应标识确定对应的主设备,并基于所述加密读响应标识向对应的主设备传输读操作结果;其中,所述读操作结果至少包括所述读数据。
  7. 根据权利要求6所述数据传输方法,其特征在于,若所述第一设备为从设备、所述第二设备为主设备,所述内部互联模块还包括与每个所述主设备对应连接的校验单元,相应的,所述基于所述加密读响应标识向对应的主设备传输读操作结果,包括:
    在所述主设备对应的校验单元中校验所述加密读响应标识与所述加密读地址标识是否一致;
    若所述加密读响应标识与所述加密读地址标识一致,则向所述主设备发送所述读数据和读操作完成通知。
  8. 根据权利要求1至7中任一项所述数据传输方法,其特征在于,所述第一加密算法为SM4加密算法,所述第二加密算法为SM3加密算法。
  9. 根据权利要求1所述数据传输方法,其特征在于,还包括:
    接收管理设备发送的所述第一加密算法和所述第二加密算法的密钥。
  10. 根据权利要求1所述数据传输方法,其特征在于,所述内部互联模块还包括与每个所述第一设备对应连接的加密选择单元,每个所述加密选择单元与每个所述加密计算单元对应连接,每个所述加密选择单元与每个所述地址译码单元对应连接;
    所述方法还包括:
    接收管理设备发送的所述第一设备对应的加解密配置使能,并将所述加解密配置使能存储至所述第一设备对应的加密选择单元中。
  11. 根据权利要求10所述数据传输方法,其特征在于,在所述第一设备对应的加密计算单元中利用预设加密算法对所述目标内容进行加密处理得到加密内容之前,还包括:
    确定所述第一设备对应的加密选择单元中存储的加解密配置使能;
    若所述加解密配置使能为第一预设值,则执行在所述第一设备对应的加密计算单元中利用第一加密算法对所述地址进行加密得到加密地址,和/或,利用第二加密算法对所述地址标识进行加密得到加密地址标识的步骤;
    若所述加解密配置使能为第二预设值,则在所述第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于所述目标内容向所述第二设备传输数据。
  12. 根据权利要求1所述数据传输方法,其特征在于,所述内部互联模块还包括与每个所述第二设备对应连接的仲裁单元,每个所述仲裁单元连接所有所述地址译码单元;
    所述方法还包括:
    在所述仲裁单元中对同时访问对应的第二设备的多个第一设备的请求进行仲裁。
  13. 一种数据传输装置,其特征在于,应用于内部互联模块,所述内部互联模块分别通过AXI总线连接多个主设备和多个从设备,所述内部互联模块包括:与每个第一设备对应连接的加密计算单元、与每个所述加密计算单元对应连接的地址译码单元,每个所述地址译码单元连接所有第二设备,所述第一设备为所述主设备和所述从设备中的任一项,所述第二设备为所述主设备和所述从设备中的另一项;
    所述装置包括:
    获取子模块,被配置为从第一设备处获取目标内容;其中,所述目标内容包括地址,和/或,地址标识;
    加密子模块,被配置为在所述第一设备对应的加密计算单元中利用第一加密算法对所述地址进行加密得到加密地址,和/或,利用第二加密算法对所述地址标识进行加密得到加密地址标识;
    传输子模块,被配置为在所述第一设备对应的地址译码单元中对传输方向进行选择,以确定对应的第二设备,并基于所述加密地址,和/或,所述加密地址标识向所述第二设备传输数据。
  14. 一种电子设备,其特征在于,包括:
    存储器,被配置为存储计算机程序;
    处理器,被配置为执行所述计算机程序时实现如权利要求1至12任一项所述数据传输方法的步骤。
  15. 一种计算机非易失性可读存储介质,其特征在于,所述计算机非易失性可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至12任一项所述数据传输方法的步骤。
  16. 一种数据传输系统,其特征在于,包括多个主设备、内部互联模块和多个从设备,所述内部互联模块分别通过AXI总线连接多个所述主设备和多个所述从设备;
    所述内部互联模块包括:
    与每个第一设备对应连接的加密计算单元,被配置为利用第一加密算法对所述第一设备与第二设备之间需要传输的地址进行加密得到加密地址,和/或,利用第二加密算法对所述第一设备与第二设备之间需要传输的地址标识进行加密得到加密地址标识;其中,所述第一设备为所述主设备和所述从设备中的任一项,所述第二设备为所述主设备和所述从设备中的另一项;
    与每个所述加密计算单元对应连接的地址译码单元,被配置为对传输方向进行选择;其中,每个所述地址译码单元连接所有所述第二设备。
  17. 根据权利要求16所述数据传输系统,其特征在于,所述内部互联模块还包括与每个所述第一设备对应连接的加密选择单元,每个所述加密选择单元与每个所述加密计算单元对应连接,每个所述加密选择单元与每个所述地址译码单元对应连接;
    所述加密选择单元,被配置为控制对应的加密计算单元是否对需要传输的所述地址和/或所述地址标识进行加密处理。
  18. 根据权利要求16所述数据传输系统,其特征在于,所述内部互联模块还包括与每个所述第二设备对应连接的仲裁单元,每个所述仲裁单元连接所有所述地址译码单元;
    所述仲裁单元,被配置为对同时访问对应的第二设备的多个第一设备的请求进行仲裁。
  19. 根据权利要求18所述数据传输系统,其特征在于,若所述第一设备为从设备,所述第二设备为主设备,则所述内部互联模块还包括与每个所述第二设备对应连接的校验单元,每个所述校验单元与每个所述仲裁单元对应连接;
    所述校验单元,被配置为校验读写操作是否完成。
  20. 根据权利要求16所述数据传输系统,其特征在于,若所述第一设备为从设备,所述第二设备为主设备,则所述内部互联模块还包括与每个所述第二设备对应连接的校验单元,被配置为校验读写操作是否完成。
PCT/CN2023/129412 2022-11-03 2023-11-02 一种数据传输方法、装置、系统及电子设备和存储介质 WO2024094137A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211365404.1A CN115408707B (zh) 2022-11-03 2022-11-03 一种数据传输方法、装置、系统及电子设备和存储介质
CN202211365404.1 2022-11-03

Publications (1)

Publication Number Publication Date
WO2024094137A1 true WO2024094137A1 (zh) 2024-05-10

Family

ID=84169363

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/129412 WO2024094137A1 (zh) 2022-11-03 2023-11-02 一种数据传输方法、装置、系统及电子设备和存储介质

Country Status (2)

Country Link
CN (1) CN115408707B (zh)
WO (1) WO2024094137A1 (zh)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115408707B (zh) * 2022-11-03 2023-03-24 山东云海国创云计算装备产业创新中心有限公司 一种数据传输方法、装置、系统及电子设备和存储介质
WO2023151354A2 (zh) * 2022-12-01 2023-08-17 黄建邦 数据传输方法、系统、第一端、中间网络设备及控制设备
CN116881934B (zh) * 2023-06-05 2024-02-23 珠海妙存科技有限公司 一种数据的加解密方法、系统、装置及存储介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180059944A1 (en) * 2016-08-26 2018-03-01 Sandisk Technologies Llc Storage System with Several Integrated Components and Method for Use Therewith
CN108874702A (zh) * 2018-06-15 2018-11-23 中国电子科技集团公司第五十二研究所 基于axi总线的多路对称加解密ip核并行处理装置和方法
CN110688328A (zh) * 2019-09-27 2020-01-14 山东华芯半导体有限公司 一种axi总线分主机映射集的可配置重映射实现方法
CN114465820A (zh) * 2022-03-31 2022-05-10 京东方科技集团股份有限公司 数据加密方法、数据加密设备、电子设备、程序及介质
CN114969794A (zh) * 2022-06-07 2022-08-30 北京紫光展锐通信技术有限公司 SoC系统及数据加密方法
CN115408707A (zh) * 2022-11-03 2022-11-29 山东云海国创云计算装备产业创新中心有限公司 一种数据传输方法、装置、系统及电子设备和存储介质

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE69535496T2 (de) * 1994-05-24 2008-04-10 Sony Corp. Datenbuskommunikation
CN103605632B (zh) * 2013-11-18 2016-06-29 山东大学 一种axi总线与ahb总线的通信方法与装置
CN106610906A (zh) * 2015-10-27 2017-05-03 深圳市中兴微电子技术有限公司 一种数据访问方法及总线
EP3572962B1 (en) * 2018-05-25 2020-12-16 Secure-IC SAS Multi-master security circuit
CN113220498B (zh) * 2021-05-08 2024-08-23 青芯半导体科技(上海)有限公司 一种支持加密存储的嵌入式Flash控制器

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180059944A1 (en) * 2016-08-26 2018-03-01 Sandisk Technologies Llc Storage System with Several Integrated Components and Method for Use Therewith
CN108874702A (zh) * 2018-06-15 2018-11-23 中国电子科技集团公司第五十二研究所 基于axi总线的多路对称加解密ip核并行处理装置和方法
CN110688328A (zh) * 2019-09-27 2020-01-14 山东华芯半导体有限公司 一种axi总线分主机映射集的可配置重映射实现方法
CN114465820A (zh) * 2022-03-31 2022-05-10 京东方科技集团股份有限公司 数据加密方法、数据加密设备、电子设备、程序及介质
CN114969794A (zh) * 2022-06-07 2022-08-30 北京紫光展锐通信技术有限公司 SoC系统及数据加密方法
CN115408707A (zh) * 2022-11-03 2022-11-29 山东云海国创云计算装备产业创新中心有限公司 一种数据传输方法、装置、系统及电子设备和存储介质

Also Published As

Publication number Publication date
CN115408707B (zh) 2023-03-24
CN115408707A (zh) 2022-11-29

Similar Documents

Publication Publication Date Title
WO2024094137A1 (zh) 一种数据传输方法、装置、系统及电子设备和存储介质
TWI308836B (en) Method and system to provide a trusted channel within a computer system for a sim device
US20150256518A1 (en) Scalable and Secure Key Management for Cryptographic Data Processing
CN108345806A (zh) 一种硬件加密卡和加密方法
CN104252375A (zh) 用于位于不同主机的多个虚拟机共享USB Key的方法和系统
JP2013243667A (ja) 記憶装置の識別子を基盤とするコンテンツの暗復号化装置及び方法
CN111131130B (zh) 密钥管理方法及系统
CN114417436A (zh) 安全子系统
CN113748698B (zh) 存取网络时的安全通信
US20240185245A1 (en) Secure Element Having Multiple Users
US20190012472A1 (en) Hierarchical bus encryption system
WO2020029254A1 (zh) 一种SoC芯片及总线访问控制方法
CN113039544A (zh) 应用程序完整性证实
CN104364760A (zh) 采用多个存储器件的并行计算
CN111881490A (zh) 与外置加密芯片融合应用nvme存储设备的共享数据保护方法
US12120100B2 (en) Secure communication between an intermediary device and a network
US20080080715A1 (en) Apparatus and method for high-speed, large-volume data encryption using secure memory
US20230179418A1 (en) Storage controller and method of operating electronic system
EP4134845A1 (en) Memory access method, system-on-chip, and electronic device
WO2021190218A1 (zh) 对数据进行加密处理的方法及控制设备
US11997192B2 (en) Technologies for establishing device locality
CN112395651B (zh) 存储器装置及用于操作存储器装置的方法
KR20090059602A (ko) 세션 메모리 버스를 구비한 암호화 장치
CN113190490A (zh) 用于加密的方法、电子系统和加密装置
US10331564B2 (en) Technologies for secure I/O with MIPI camera device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23885062

Country of ref document: EP

Kind code of ref document: A1