CN101710307A - Method for protecting data security of digital equipment - Google Patents
Method for protecting data security of digital equipment Download PDFInfo
- Publication number
- CN101710307A CN101710307A CN200910197317A CN200910197317A CN101710307A CN 101710307 A CN101710307 A CN 101710307A CN 200910197317 A CN200910197317 A CN 200910197317A CN 200910197317 A CN200910197317 A CN 200910197317A CN 101710307 A CN101710307 A CN 101710307A
- Authority
- CN
- China
- Prior art keywords
- data
- digital equipment
- encrypted
- memory address
- address space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for protecting data security of digital equipment. Stored data is taken as plaintext encrypted content and a 64bit uniquely-identified serial number of a key chip is taken as an encrypted key; when system software is in the first boot-strap, the encrypted content is read from a specific memory address and encrypted, and the encrypted content is rewritten into the same memory address space, so the encrypted protection of data is achieved; and the keys in different equipment units are unique; therefore, the encrypted data is also kept unique. After the data is encrypted by the method, real effective data is only stored in an RAM medium after a system is powered on and started up; a memory address of the data cannot be known by an illegal user; as long as the system is powered off, data acquired from a FLASH memorizer of the equipment by the illegal user is encrypted; even if the data is stolen, the breach of confidence cannot be caused, and the data confidentiality, integration and security of the digital equipment are improved.
Description
Technical field
The present invention relates to the data security field, particularly a kind of data security protection method of digital equipment.
Background technology
Along with the development of society, digital equipment day by day becomes the product that people be unable to do without.Become a kind of consumer electronics of popularizing very much such as mobile phone, the key code in the mobile phone and the security performance of critical data also come into one's own day by day, and people are studying confidentiality, integrality and security how to protect these code datas.Mobile phone was very simple for the safeguard measure of key code and critical data in the past, and its protection also is only limited to straightforward procedures such as cryptoguard reads and writes data.Yet, the form that is positioned at these key messages on the storer and all is with raw data exists, if grasped the memory address of these raw data for the very familiar people of cell phone system, read and write the data of respective stored address so by visit, just can reach the purpose of stealing these key codes and data, therefore the safety prevention measure in the cell phone system extremely thin a little less than, data are easy to be cracked and steal.
So press for a kind of new data security protection method about digital equipment, this method can solve the problem that above data security protecting occurred.
Summary of the invention
The data security protection method that the purpose of this invention is to provide a kind of digital equipment, it comes data are encrypted by the key chip with unique sequence number, has strengthened the confidentiality and the security of the data of digital equipment.
The invention provides a kind of data security protection method of digital equipment; set up key chip with unique sequence number; and by cryptographic algorithm the data of described digital equipment storage are encrypted, the sequence number that makes described key chip as the key of encrypting the back data and with data encrypted in original memory location storage.
Said method comprising the steps of:
A, with the data storage of described digital equipment in the specific memory address space;
B, when described digital equipment starts first, the data that read described step a are to the RAM of digital equipment;
C, be encryption key,, the data among the described RAM encrypted with cryptographic algorithm by relevant serial-port encryption instruction with the sequence number of described key chip;
D, will be through the described specific memory address space of described step c ciphered data write step a again, keep address data memory constant.
When described steps d writes described specific memory address space again with ciphered data, upgrade the distinctive mark position of described specific memory address space.
Described method also comprises following data decryption step:
When e, the each startup after described digital equipment starts first, the data of calling described specific memory address space are to the RAM of digital equipment, and whether the distinctive mark position of judging described specific memory address space is upgraded, if upgrade then execution in step f, then do not carry out described step c, steps d successively if upgrade;
F, be encryption key, described enciphered data be decrypted by corresponding reverse decipherment algorithm with the sequence number of described key chip, and the same memory address space of the RAM in the described step e of the data storage after will deciphering.
The sequence number length of described key chip is 64bit.
Described cryptographic algorithm is the des encryption algorithm.
The specific memory address space of described digital equipment is arranged in the flash memory of digital equipment.
Adopt the data security protection method of a kind of digital equipment of the present invention; its data with storage are the plain text encryption content; 64bit unique identification sequence number in the key chip is an encryption key; when system software is started shooting for the first time from specific storage address space reading encrypted content and after encrypting; again be written to same memory address space again; thereby accomplish the encrypted protection of data, and the key in the distinct device monomer is unique, enciphered data also just keeps unique like this.By institute of the present invention ciphered data, real valid data only are present in system and power in the later RAM medium of start, and its memory address is that illegal user can't know, as long as system's power down, the data of obtaining on the FLASH storer of disabled user's slave unit all are encrypted mistakes, divulge a secret even be stolen also can not cause, thereby strengthened confidentiality, integrality and the security of digital equipment data.
Description of drawings
Fig. 1 is the process flow diagram of one embodiment of the invention;
Fig. 2 uses cell phone system theory diagram of the present invention.
Embodiment
Further specify technical scheme of the present invention below in conjunction with drawings and Examples, the present invention is applied on the mobile phone as an embodiment, also may be used on other digital equipments certainly.
Referring to Fig. 1, Fig. 1 is flow process Figure 100 of one embodiment of the invention, concrete steps:
101, data in mobile phone is stored in the specific memory address space.
When compiling, link and generation cell phone system software, data are assigned to specific memory address space storage (in the mobile phone FLASH), purpose is that follow-up encryption and decryption flow process can read these data, for the realization of whole method for security protection is prepared.
When 102, mobile phone started first, reading of data was to RAM.
At system software first behind the starting up, boot (guiding) program at first from the particular memory space of FLASH reading of data in the RAM random access memory of mobile phone.
103, by the key chip of unique sequence number the data among the RAM are encrypted.
Have a key chip on the circuit board of described mobile phone, the key chip has unique sequence number, and sequence number length is 64bit.Read unique sequence number on the key chip as the key of data encryption or decipherment algorithm; send the encipherment protection startup command by PC instrument serial ports to mobile phone; program is an encrypting plaintext with the data among the RAM; sequence number with the key chip is an encryption key, obtains cipher-text information by the des encryption algorithm.
104, data encrypted is write again described specific memory space.
The cipher-text information that last step is obtained writes the space of specific memory described in the FLASH again.Upgrade the distinctive mark position on the FLASH storer simultaneously, system's this moment has started the encipherment protection measure with sign, and corresponding data are encrypted.
105, when the later each startup of mobile phone, call data to RAM.
106, judge whether the data among the RAM encrypt.
Mobile phone boot program judges by the distinctive mark position in the specific memory space of FLASH whether system has started encryption acts, then changes step down if data have wherein been encrypted, if unencryption then changes step 103.
107, the data among the RAM are decrypted.
With the data among the RAM is decrypting ciphertext, is encryption key with the sequence number of key chip, obtains cleartext information by reverse DES decipherment algorithm, realizes deciphering.
108, the data storage after will deciphering is in the same storage space of last step RAM.
Data storage after the deciphering duplicated store the same memory address space of RAM place before the deciphering into, thereby guarantee that the back program is correct to calling of data, system can normally move.
109, user's read data information.
Referring to Fig. 2, Fig. 2 uses cell phone system theory diagram of the present invention, comprises embedded system ARM chip, key chip, RAM random access memory and FLASH flash memory.
Those of ordinary skill in the art will be appreciated that, above embodiment is used for illustrating the present invention, and be not to be used as limitation of the invention, as long as in connotation scope of the present invention, all will drop in claims scope of the present invention variation, the modification of above embodiment.
Claims (7)
1. the data security protection method of a digital equipment; it is characterized in that; set up key chip with unique sequence number; and by cryptographic algorithm the data of described digital equipment storage are encrypted, the sequence number that makes described key chip as the key of encrypting the back data and with data encrypted in original memory location storage.
2. data security protection method as claimed in claim 1 is characterized in that, said method comprising the steps of:
A, with the data storage of described digital equipment in the specific memory address space;
B, when described digital equipment starts first, the data that read described step a are to the RAM of digital equipment;
C, be encryption key,, the data among the described RAM encrypted with cryptographic algorithm by relevant serial-port encryption instruction with the sequence number of described key chip;
D, will be through the described specific memory address space of described step c ciphered data write step a again, keep address data memory constant.
3. data security protection method as claimed in claim 2 is characterized in that, when described steps d writes described specific memory address space again with ciphered data, upgrades the distinctive mark position of described specific memory address space.
4. data security protection method as claimed in claim 3 is characterized in that, described method also comprises following data decryption step:
When e, the each startup after described digital equipment starts first, the data of calling described specific memory address space are to the RAM of digital equipment, and whether the distinctive mark position of judging described specific memory address space is upgraded, if upgrade then execution in step f, then do not carry out described step c, steps d successively if upgrade;
F, be encryption key, described enciphered data be decrypted by corresponding reverse decipherment algorithm with the sequence number of described key chip, and the same memory address space of the RAM in the described step e of the data storage after will deciphering.
5. as each described data security protection method of claim 1 to 4, it is characterized in that the sequence number length of described key chip is 64bit.
6. as each described data security protection method of claim 1 to 4, it is characterized in that described cryptographic algorithm is the des encryption algorithm.
7. as each described data security protection method of claim 1 to 4, it is characterized in that the specific memory address space of described digital equipment is arranged in the flash memory of digital equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910197317A CN101710307A (en) | 2009-10-16 | 2009-10-16 | Method for protecting data security of digital equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910197317A CN101710307A (en) | 2009-10-16 | 2009-10-16 | Method for protecting data security of digital equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101710307A true CN101710307A (en) | 2010-05-19 |
Family
ID=42403099
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910197317A Pending CN101710307A (en) | 2009-10-16 | 2009-10-16 | Method for protecting data security of digital equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101710307A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102612025A (en) * | 2011-01-25 | 2012-07-25 | 深圳富泰宏精密工业有限公司 | Protective system and protective method for mobile phone documents |
| EP2503482A1 (en) | 2011-03-23 | 2012-09-26 | ST-Ericsson SA | Electronic device with flash memory component |
| CN103873230A (en) * | 2014-04-06 | 2014-06-18 | 汪风珍 | Single-direction encryption-decryption technology |
| CN104252598A (en) * | 2013-06-28 | 2014-12-31 | 深圳市腾讯计算机***有限公司 | Method and device for detecting application bugs |
| CN105528548A (en) * | 2015-12-09 | 2016-04-27 | 乐鑫信息科技(上海)有限公司 | Method for encoding and automatically decoding codes in chip OutNvMem in batches |
| CN106131809A (en) * | 2016-08-31 | 2016-11-16 | 安徽拓通信科技集团股份有限公司 | Mobile terminal flow monitoring method |
| CN112100624A (en) * | 2020-08-24 | 2020-12-18 | 泰斗微电子科技有限公司 | Firmware protection method and device and terminal equipment |
| US11444918B2 (en) | 2017-05-26 | 2022-09-13 | Microsoft Technology Licensing, Llc | Subsystem firewalls |
-
2009
- 2009-10-16 CN CN200910197317A patent/CN101710307A/en active Pending
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102612025A (en) * | 2011-01-25 | 2012-07-25 | 深圳富泰宏精密工业有限公司 | Protective system and protective method for mobile phone documents |
| CN102612025B (en) * | 2011-01-25 | 2017-02-08 | 青岛稻谷智能科技有限公司 | Protective system and protective method for mobile phone documents |
| EP2503482A1 (en) | 2011-03-23 | 2012-09-26 | ST-Ericsson SA | Electronic device with flash memory component |
| WO2012126729A1 (en) | 2011-03-23 | 2012-09-27 | St-Ericsson Sa | Electronic device with flash memory component |
| CN104252598A (en) * | 2013-06-28 | 2014-12-31 | 深圳市腾讯计算机***有限公司 | Method and device for detecting application bugs |
| CN104252598B (en) * | 2013-06-28 | 2018-04-27 | 深圳市腾讯计算机***有限公司 | A kind of method and device detected using loophole |
| CN103873230A (en) * | 2014-04-06 | 2014-06-18 | 汪风珍 | Single-direction encryption-decryption technology |
| CN105528548A (en) * | 2015-12-09 | 2016-04-27 | 乐鑫信息科技(上海)有限公司 | Method for encoding and automatically decoding codes in chip OutNvMem in batches |
| CN106131809A (en) * | 2016-08-31 | 2016-11-16 | 安徽拓通信科技集团股份有限公司 | Mobile terminal flow monitoring method |
| CN106131809B (en) * | 2016-08-31 | 2019-08-09 | 一拓通信集团股份有限公司 | Mobile terminal flow monitoring method |
| US11444918B2 (en) | 2017-05-26 | 2022-09-13 | Microsoft Technology Licensing, Llc | Subsystem firewalls |
| CN112100624A (en) * | 2020-08-24 | 2020-12-18 | 泰斗微电子科技有限公司 | Firmware protection method and device and terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101710307A (en) | Method for protecting data security of digital equipment | |
| US7162645B2 (en) | Storage device including a non-volatile memory | |
| JP4060271B2 (en) | Content processing apparatus and content protection program | |
| CN101149768B (en) | Special processor software encryption and decryption method | |
| CN105681039A (en) | Method and device for secret key generation and corresponding decryption | |
| US20030084308A1 (en) | Memory encryption | |
| WO2010134192A1 (en) | Electronic device, key generation program, recording medium, and key generation method | |
| CN101441601B (en) | Ciphering transmission method of hard disk ATA instruction and system | |
| JPH09270785A (en) | Information processor | |
| JP2005050162A (en) | Hardware protection key and method for reissuing it | |
| CN102156843B (en) | Data encryption method and system as well as data decryption method | |
| JP5052287B2 (en) | Robot unauthorized use prevention device and robot unauthorized use prevention method | |
| KR20100120671A (en) | Securing a smart card | |
| CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
| CN102567688A (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
| WO2010057423A1 (en) | Encryption and decryption method and system for ic card and the reader device | |
| TW200622623A (en) | Memory information protection system, semiconductor memory and method of protecting memory information | |
| CN103971034A (en) | Method and device for protecting Java software | |
| CN101770559A (en) | Data protecting device and data protecting method | |
| US20130322619A1 (en) | Information processing apparatus, ic chip, and information processing method | |
| CN114785503B (en) | Cipher card, root key protection method thereof and computer readable storage medium | |
| CN101815292A (en) | Device and method for protecting data of mobile terminal | |
| CN103379483A (en) | Method, device and mobile terminal for mobile terminal information security management | |
| JP6343869B2 (en) | Portable terminal device and decryption processing program | |
| CN102224508B (en) | Method of storing data in a memory device and a processing device for processing such data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20100519 |