[go: up one dir, main page]

CN1859413A - Safety processing device and method for public key operation data - Google Patents

Safety processing device and method for public key operation data Download PDF

Info

Publication number
CN1859413A
CN1859413A CNA2006100347900A CN200610034790A CN1859413A CN 1859413 A CN1859413 A CN 1859413A CN A2006100347900 A CNA2006100347900 A CN A2006100347900A CN 200610034790 A CN200610034790 A CN 200610034790A CN 1859413 A CN1859413 A CN 1859413A
Authority
CN
China
Prior art keywords
public key
data
input data
key operation
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2006100347900A
Other languages
Chinese (zh)
Other versions
CN100581163C (en
Inventor
王海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN200610034790A priority Critical patent/CN100581163C/en
Publication of CN1859413A publication Critical patent/CN1859413A/en
Priority to PCT/CN2007/000986 priority patent/WO2007109997A1/en
Application granted granted Critical
Publication of CN100581163C publication Critical patent/CN100581163C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明适用于信息安全领域,提供了一种公钥运算数据的安全处理设备及方法,所述安全处理设备包括:系统数据接口模块,用于接收系统总线的公钥运算输入数据,发送运算控制信号,输出运算结果;接口数据存储模块,用于存储所述系统数据接口模块接收的公钥运算输入数据以及运算结果;至少一个子数据接口模块,用于接收本地总线的公钥运算输入数据;至少一个子接口数据存储模块,用于存储所述子数据接口模块接收的公钥运算输入数据;以及公钥运算处理模块,用于读取所述接口数据存储模块和子接口数据存储模块存储的公钥运算输入数据,根据所述运算控制信号执行公钥运算,输出运算结果。本发明可提高公钥运算输入数据的安全性,增强设备的应用灵活性。

Figure 200610034790

The present invention is applicable to the field of information security, and provides a device and method for securely processing public key computing data. The secure processing device includes: a system data interface module, used to receive input data for public key computing on the system bus, and send computing control Signal, output operation result; interface data storage module, used to store the public key operation input data and operation result received by the system data interface module; at least one sub-data interface module, used to receive the public key operation input data of the local bus; At least one sub-interface data storage module, used to store the input data of the public key operation received by the sub-data interface module; and a public key operation processing module, used to read the public key operation data stored in the interface data storage module and the sub-interface data storage module key operation input data, execute public key operation according to the operation control signal, and output operation result. The invention can improve the security of the input data of the public key operation and enhance the application flexibility of the equipment.

Figure 200610034790

Description

一种公钥运算数据的安全处理设备及方法A device and method for securely processing public key computing data

技术领域technical field

本发明属于信息安全领域,尤其涉及一种公钥运算数据的安全处理设备及方法。The invention belongs to the field of information security, and in particular relates to a device and method for securely processing public key operation data.

背景技术Background technique

近年来,网络安全问题日益受到关注。由于因特网与大多数分组交换网络都建立在因特网协议(Internet Protocol,IP)之上,所以要解决这些网络的安全问题,首先必须解决IP协议的安全问题。因特网协议安全(Internet ProtocolSecurity,IPSec)、安全套接层(Security Socket Layer,SSL)等协议是解决IP协议通信安全的常用方案。因特网密钥交换协议(Internet Key Exchangeprotocol,IKE)也是因特网密钥交换和协商的一种常用方案。在IKE协议中,通常使用公钥加密算法RSA(Revest-Shamir-Adleman Algorithm)、密钥交换算法D-H(由Diffie和Hellman两人设计的一种密钥交换算法)以及数字签名算法(Digital Sign Algorithm,DSA)等进行通信双方的身份验证和密钥交换。In recent years, network security issues have received increasing attention. Since the Internet and most packet-switching networks are built on the Internet Protocol (IP), to solve the security problems of these networks, the security problems of the IP protocol must be solved first. Internet Protocol Security (Internet Protocol Security, IPSec), Secure Socket Layer (Security Socket Layer, SSL) and other protocols are common solutions to solve IP protocol communication security. Internet Key Exchange protocol (Internet Key Exchange protocol, IKE) is also a common scheme for Internet key exchange and negotiation. In the IKE protocol, the public key encryption algorithm RSA (Revest-Shamir-Adleman Algorithm), the key exchange algorithm D-H (a key exchange algorithm designed by Diffie and Hellman) and the digital signature algorithm (Digital Sign Algorithm) are usually used. , DSA) etc. for identity verification and key exchange between the communicating parties.

安全处理芯片主要是指带有公钥加速功能的IPSec处理芯片、SSL处理芯片或带有公钥加速功能的IKE协处理芯片。现有的一种带有公钥加速功能的IKE协处理芯片结构如图1所示,包括系统数据接口模块101、接口数据存储模块102以及公钥运算处理模块103。其中,系统数据接口模块101完成公钥运算输入数据的输入和输出,向公钥运算处理模块103发送运算控制信号;接口数据存储模块102存储公钥运算输入数据、输出数据和中间运算结果;公钥运算处理模块103读取接口数据存储模块102存储的公钥运算输入数据,根据运算控制信号完成IKE协议常用的公钥运算,包括RSA、D-H以及DSA等。The security processing chip mainly refers to the IPSec processing chip with the public key acceleration function, the SSL processing chip or the IKE co-processing chip with the public key acceleration function. The structure of an existing IKE co-processing chip with public key acceleration function is shown in FIG. 1 , which includes a system data interface module 101 , an interface data storage module 102 and a public key operation processing module 103 . Among them, the system data interface module 101 completes the input and output of the public key calculation input data, and sends the calculation control signal to the public key calculation processing module 103; the interface data storage module 102 stores the public key calculation input data, output data and intermediate calculation results; The key operation processing module 103 reads the public key operation input data stored in the interface data storage module 102, and completes common public key operations of the IKE protocol according to the operation control signal, including RSA, D-H, and DSA.

具体的数据处理过程详述如下:The specific data processing process is detailed as follows:

首先,系统数据接口模块101将接收到的公钥运算输入数据存储到接口数据存储模块102;First, the system data interface module 101 stores the received public key operation input data into the interface data storage module 102;

其次,系统数据接口模块101向公钥运算处理模块103发送开始运算指令和有关运算类型的控制信号,例如RSA运算、D-H运算、DSA运算、模幂运算以及模加运算等;Secondly, the system data interface module 101 sends a start operation instruction and control signals related to operation types to the public key operation processing module 103, such as RSA operation, D-H operation, DSA operation, modular exponentiation operation, and modular addition operation, etc.;

再次,公钥运算处理模块103根据运算类型,对接口数据存储模块102中的公钥运算输入数据进行相应的公钥运算,运算完成后,将运算结果回写到接口数据存储模块102,并通知系统数据接口模块101运算完成;Again, the public key calculation processing module 103 performs corresponding public key calculation on the input data of the public key calculation in the interface data storage module 102 according to the calculation type. After the calculation is completed, the calculation result is written back to the interface data storage module 102 and notified The operation of the system data interface module 101 is completed;

最后,系统数据接口模块101将存储在接口数据存储模块102中的运算结果输出。Finally, the system data interface module 101 outputs the operation result stored in the interface data storage module 102 .

在这种实现方案中,输入安全芯片的公钥运算输入数据都会出现在系统总线上,由于各种应用程序和远程终端在某些情况下可以访问系统总线,使得出现在系统总线上的关键公钥运算输入数据可能会被窃取,安全性较低。另外,只有一个数据输入接口,导致芯片的应用灵活性较低。In this implementation scheme, the input data of the public key operation input into the security chip will appear on the system bus. Since various applications and remote terminals can access the system bus in some cases, the key public keys appearing on the system bus The input data of the key operation may be stolen, and the security is low. In addition, there is only one data input interface, resulting in low application flexibility of the chip.

发明内容Contents of the invention

本发明的目的在于提供一种公钥运算数据的安全处理设备,旨在于解决现有技术中输入安全芯片的公钥运算输入数据均出现在系统总线上,使得关键公钥运算输入数据存在被窃取的风险,安全性较低以及只有一个数据输入接口,导致芯片灵活性较低的问题。The purpose of the present invention is to provide a security processing device for public-key computing data, aiming at solving the problem that in the prior art, the public-key computing input data input into the security chip all appear on the system bus, so that the key public-key computing input data exists to be stolen Risks, low security and only one data input interface, resulting in low chip flexibility.

本发明的另一目的在于提供一种公钥运算数据的安全处理方法。Another object of the present invention is to provide a method for securely processing public key computing data.

本发明的目的是这样实现的:一种公钥运算数据的安全处理设备,所述安全处理设备包括:The object of the present invention is achieved like this: a kind of security processing device of public key operation data, and described security processing device comprises:

系统数据接口模块,用于接收系统总线的公钥运算输入数据,发送运算控制信号,输出运算结果;The system data interface module is used to receive the public key calculation input data of the system bus, send the calculation control signal, and output the calculation result;

接口数据存储模块,用于存储所述系统数据接口模块接收的公钥运算输入数据以及运算结果;The interface data storage module is used to store the public key operation input data and operation results received by the system data interface module;

至少一个子数据接口模块,用于接收本地总线的公钥运算输入数据;At least one sub-data interface module is used to receive the input data of the public key operation of the local bus;

至少一个子接口数据存储模块,用于存储所述子数据接口模块接收的公钥运算输入数据;以及at least one sub-interface data storage module, configured to store the input data of the public key operation received by the sub-data interface module; and

公钥运算处理模块,用于读取所述接口数据存储模块和子接口数据存储模块存储的公钥运算输入数据,根据所述运算控制信号执行公钥运算,输出运算结果。The public key operation processing module is used to read the input data of the public key operation stored in the interface data storage module and the sub-interface data storage module, execute the public key operation according to the operation control signal, and output the operation result.

所述接口数据存储模块与子接口数据存储模块为相互独立的物理存储器。The interface data storage module and the sub-interface data storage module are physical memories independent of each other.

所述接口数据存储模块与子接口数据存储模块为一个物理存储器中相互独立的逻辑存储空间。The interface data storage module and the sub-interface data storage module are logical storage spaces independent of each other in a physical memory.

所述系统总线的公钥运算输入数据为非关键公钥运算输入数据,所述本地总线的公钥运算输入数据为关键公钥运算输入数据。The public key operation input data of the system bus is non-key public key operation input data, and the public key operation input data of the local bus is key public key operation input data.

所述运算控制信号包含有输入参数属性信息,用于指示公钥运算输入数据的存储位置。The operation control signal includes input parameter attribute information, which is used to indicate the storage location of the input data of the public key operation.

一种公钥运算数据的安全处理方法,所述方法包括:A method for securely processing public key computing data, the method comprising:

接收并存储系统总线的公钥运算输入数据;Receive and store the public key operation input data of the system bus;

接收并存储本地总线的公钥运算输入数据;Receive and store the public key operation input data of the local bus;

读取所述系统总线的公钥运算输入数据和本地总线的公钥运算输入数据,根据运算控制信号执行公钥运算,输出运算结果。Read the input data of the public key operation of the system bus and the input data of the public key operation of the local bus, execute the public key operation according to the operation control signal, and output the operation result.

所述系统总线的公钥运算输入数据和本地总线的公钥运算输入数据分别存储于相互独立的物理存储器。The public key operation input data of the system bus and the public key operation input data of the local bus are respectively stored in independent physical memories.

所述系统总线的公钥运算输入数据和本地总线的公钥运算输入数据分别存储于一个物理存储器中相互独立的逻辑存储空间。The public-key operation input data of the system bus and the public-key operation input data of the local bus are respectively stored in logical storage spaces independent of each other in a physical memory.

所述系统总线的公钥运算输入数据为非关键公钥运算输入数据,所述本地总线的公钥运算输入数据为关键公钥运算输入数据。The public key operation input data of the system bus is non-key public key operation input data, and the public key operation input data of the local bus is key public key operation input data.

所述运算控制信号包含有输入参数属性信息,用于指示公钥运算输入数据的存储位置。The operation control signal includes input parameter attribute information, which is used to indicate the storage location of the input data of the public key operation.

本发明通过在现有安全处理芯片的基础上增加多个子数据接口和对应的存储模块,使得不同的公钥运算输入数据从不同的数据接口输入,提高了关键公钥运算输入数据的安全性,并增强了安全处理芯片的应用灵活性。The present invention adds a plurality of sub-data interfaces and corresponding storage modules on the basis of the existing security processing chip, so that different public-key operation input data can be input from different data interfaces, thereby improving the security of key public-key operation input data, And the application flexibility of the security processing chip is enhanced.

附图说明Description of drawings

图1是现有安全处理芯片的结构图;FIG. 1 is a structural diagram of an existing security processing chip;

图2是本发明一个实施例中安全处理芯片的结构图;Fig. 2 is a structural diagram of a security processing chip in an embodiment of the present invention;

图3是本发明提供的安全处理芯片的一个应用示例示意图。Fig. 3 is a schematic diagram of an application example of the security processing chip provided by the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

本发明通过在现有安全处理芯片的基础上增加多个子数据接口模块,以及对应的子接口数据存储模块,将不同的公钥运算输入数据通过不同的数据接口输入安全处理芯片。The present invention adds multiple sub-data interface modules and corresponding sub-interface data storage modules on the basis of the existing security processing chip, and inputs different public key operation input data into the security processing chip through different data interfaces.

作为本发明的一个实施例,以增加一个子数据接口模块以及对应的子接口数据存储模块为例,说明安全处理芯片的结构。如图2所示,除了系统数据接口模块101、接口数据存储模块102以及公钥运算处理模块103外,安全处理芯片还包括子数据接口模块104以及子接口数据存储模块105。As an embodiment of the present invention, the structure of the security processing chip is described by taking adding a sub-data interface module and a corresponding sub-interface data storage module as an example. As shown in FIG. 2 , in addition to the system data interface module 101 , the interface data storage module 102 and the public key operation processing module 103 , the security processing chip also includes a sub-data interface module 104 and a sub-interface data storage module 105 .

接口数据存储模块102和子接口数据存储模块105是同类型的片内存储器,实现方法相同,区别在于存放的数据的安全级别不同。在本发明中,系统总线的非关键公钥运算输入数据存储到接口数据存储模块102中,而本地总线的关键公钥运算输入数据,例如密钥数据、身份鉴别数据等存储到子接口数据存储模块105中。The interface data storage module 102 and the sub-interface data storage module 105 are the same type of on-chip memory, and the implementation method is the same, the difference lies in the security level of the stored data. In the present invention, the non-critical public-key operation input data of the system bus is stored in the interface data storage module 102, and the key public-key operation input data of the local bus, such as key data and identity authentication data, are stored in the sub-interface data storage module 102. In module 105.

在本发明的一个实施例中,接口数据存储模块102和子接口数据存储模块105在物理上可以是一个物理存储器,但在逻辑上是两个相互独立的存储空间,保证系统数据接口模块101只能访问接口数据存储模块102中存储的数据,子数据接口模块104只能访问子接口数据存储模块105中存储的数据。In one embodiment of the present invention, the interface data storage module 102 and the sub-interface data storage module 105 can be a physical memory physically, but are two mutually independent storage spaces logically, ensuring that the system data interface module 101 can only To access the data stored in the interface data storage module 102 , the sub-data interface module 104 can only access the data stored in the sub-interface data storage module 105 .

在本发明的另一个实施例中,也可以将接口数据存储模块102和子接口数据存储模块105配置为两个相互独立的物理存储器。In another embodiment of the present invention, the interface data storage module 102 and the sub-interface data storage module 105 may also be configured as two mutually independent physical memories.

子数据接口模块104与本地总线连接,提供安全处理芯片与外界交换数据的通道,通过把一些通用总线接口,例如PCI总线、USB总线以及Intel Local Bus总线等转换为符合子接口数据存储模块105要求的接口,例如片内SRAM接口等,接收公钥运算中关键公钥运算输入数据的输入。The sub-data interface module 104 is connected to the local bus to provide a channel for the security processing chip to exchange data with the outside world. By converting some general-purpose bus interfaces, such as PCI bus, USB bus and Intel Local Bus bus, etc. to meet the requirements of the sub-interface data storage module 105 The interface, such as the on-chip SRAM interface, receives the input of the key public key operation input data in the public key operation.

图3示出了本发明的一种典型应用。其中,便携存储设备中存有与身份识别或重要应用相关的关键公钥运算输入数据,本地处理器用于读取便携存储设备经本地总线输入的关键公钥运算输入数据,通过子数据接口模块104传送到子接口数据存储模块105,同时通知主处理器数据准备完成。公钥运算处理模块103根据系统数据接口模块101的运算控制信号读取接口数据存储模块102和子接口数据存储模块105中的数据进行公钥运算,将运算结果存储到接口数据存储模块102,由系统数据接口模块101输出。Figure 3 shows a typical application of the present invention. Among them, the portable storage device stores key public key calculation input data related to identification or important applications, and the local processor is used to read the key public key calculation input data input from the portable storage device through the local bus, and through the sub-data interface module 104 The data is sent to the sub-interface data storage module 105, and at the same time, the main processor is notified that the data preparation is completed. The public key operation processing module 103 reads the data in the interface data storage module 102 and the sub-interface data storage module 105 according to the operation control signal of the system data interface module 101, and performs public key operation, and stores the operation result in the interface data storage module 102, and is controlled by the system The data interface module 101 outputs.

具体的数据处理过程详述如下:The specific data processing process is detailed as follows:

首先,子数据接口模块104读取外部便携存储设备经本地总线输入的关键公钥运算输入数据,存储到子接口数据存储模块105中,再由系统数据接口模块101将接收到的系统总线的非关键公钥运算输入数据存储到接口数据存储模块102;First, the sub-data interface module 104 reads the key public-key calculation input data input from the external portable storage device via the local bus, and stores it in the sub-interface data storage module 105, and then the system data interface module 101 transfers the received The key public key operation input data is stored in the interface data storage module 102;

其次,收到本地处理器发来的子接口数据存储模块105数据准备完成信号后,系统数据接口模块101向公钥运算处理模块103发送运算控制信号,即开始运算指令和运算类型,以及输入参数属性等信息。输入参数属性用来指示公钥运算输入数据的存储位置,例如1代表接口数据存储模块102,2代表子接口数据存储模块105等;Secondly, after receiving the data preparation completion signal from the sub-interface data storage module 105 sent by the local processor, the system data interface module 101 sends an operation control signal to the public key operation processing module 103, that is, the start operation instruction, operation type, and input parameters attributes and other information. The input parameter attribute is used to indicate the storage location of the input data of the public key operation, for example, 1 represents the interface data storage module 102, 2 represents the sub-interface data storage module 105, etc.;

再次,公钥运算处理模块103根据运算类型和输入参数属性,对接口数据存储模块102和子接口数据存储模块105中的输入数据进行相应的公钥运算,运算完成后,回写运算结果到接口数据存储模块102,并通知系统数据接口模块101运算完成;Again, the public key operation processing module 103 performs corresponding public key operations on the input data in the interface data storage module 102 and the sub-interface data storage module 105 according to the operation type and input parameter attributes, and writes back the operation results to the interface data after the operation is completed. storage module 102, and notify the system data interface module 101 that the operation is completed;

最后,系统数据接口模块101将存储在接口数据存储模块102中的运算结果从芯片输出。Finally, the system data interface module 101 outputs the operation result stored in the interface data storage module 102 from the chip.

需要说明的是在实际应用中,可以根据环境和应用需要,灵活安排公钥运算输入数据的存储位置,提高芯片的应用灵活性,同时可以把关键密钥数据通过子数据接口模块来调度,以提高系统的安全性,降低关键公钥运算输入数据被窃取的风险。It should be noted that in practical applications, according to the environment and application needs, the storage location of the input data of the public key operation can be flexibly arranged to improve the application flexibility of the chip. At the same time, the key key data can be scheduled through the sub-data interface module to Improve the security of the system and reduce the risk of key public key operation input data being stolen.

在本发明中,也可以在安全处理芯片内设置更多的子数据接口模块及相应的接口数据存储模块,分别接收和存储不同安全级别或者不同应用的公钥运算输入数据,具体实现与上述相同,不再赘述。In the present invention, more sub-data interface modules and corresponding interface data storage modules can also be set in the security processing chip to respectively receive and store public key calculation input data of different security levels or different applications, and the specific implementation is the same as above ,No longer.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

Claims (10)

1、一种公钥运算数据的安全处理设备,其特征在于,所述安全处理设备包括:1. A security processing device for public key computing data, characterized in that the security processing device includes: 系统数据接口模块,用于接收系统总线的公钥运算输入数据,发送运算控制信号,输出运算结果;The system data interface module is used to receive the public key calculation input data of the system bus, send the calculation control signal, and output the calculation result; 接口数据存储模块,用于存储所述系统数据接口模块接收的公钥运算输入数据以及运算结果;The interface data storage module is used to store the public key operation input data and operation results received by the system data interface module; 至少一个子数据接口模块,用于接收本地总线的公钥运算输入数据;At least one sub-data interface module is used to receive the input data of the public key operation of the local bus; 至少一个子接口数据存储模块,用于存储所述子数据接口模块接收的公钥运算输入数据;以及at least one sub-interface data storage module, configured to store the input data of the public key operation received by the sub-data interface module; and 公钥运算处理模块,用于读取所述接口数据存储模块和子接口数据存储模块存储的公钥运算输入数据,根据所述运算控制信号执行公钥运算,输出运算结果。The public key operation processing module is used to read the input data of the public key operation stored in the interface data storage module and the sub-interface data storage module, execute the public key operation according to the operation control signal, and output the operation result. 2、如权利要求1所述的安全处理设备,其特征在于,所述接口数据存储模块与子接口数据存储模块为相互独立的物理存储器。2. The security processing device according to claim 1, wherein the interface data storage module and the sub-interface data storage module are physical memories independent of each other. 3、如权利要求1所述的安全处理设备,其特征在于,所述接口数据存储模块与子接口数据存储模块为一个物理存储器中相互独立的逻辑存储空间。3. The security processing device according to claim 1, wherein the interface data storage module and the sub-interface data storage module are logical storage spaces independent of each other in a physical memory. 4、如权利要求1所述的安全处理设备,其特征在于,所述系统总线的公钥运算输入数据为非关键公钥运算输入数据,所述本地总线的公钥运算输入数据为关键公钥运算输入数据。4. The security processing device according to claim 1, wherein the input data of the public key operation of the system bus is non-key public key operation input data, and the input data of the public key operation of the local bus is a key public key Compute input data. 5、如权利要求1所述的安全处理设备,其特征在于,所述运算控制信号包含有输入参数属性信息,用于指示公钥运算输入数据的存储位置。5. The security processing device according to claim 1, wherein the operation control signal includes input parameter attribute information, which is used to indicate the storage location of the input data of the public key operation. 6、一种公钥运算数据的安全处理方法,其特征在于,所述方法包括:6. A method for securely processing public key computing data, characterized in that the method comprises: 接收并存储系统总线的公钥运算输入数据;Receive and store the public key operation input data of the system bus; 接收并存储本地总线的公钥运算输入数据;Receive and store the public key operation input data of the local bus; 读取所述系统总线的公钥运算输入数据和本地总线的公钥运算输入数据,根据运算控制信号执行公钥运算,输出运算结果。Read the input data of the public key operation of the system bus and the input data of the public key operation of the local bus, execute the public key operation according to the operation control signal, and output the operation result. 7、如权利要求4所述的安全处理方法,其特征在于,所述系统总线的公钥运算输入数据和本地总线的公钥运算输入数据分别存储于相互独立的物理存储器。7. The security processing method according to claim 4, characterized in that, the input data of the public key operation of the system bus and the input data of the public key operation of the local bus are respectively stored in independent physical memories. 8、如权利要求4所述的安全处理方法,其特征在于,所述系统总线的公钥运算输入数据和本地总线的公钥运算输入数据分别存储于一个物理存储器中相互独立的逻辑存储空间。8. The security processing method according to claim 4, characterized in that, the input data of the public key operation of the system bus and the input data of the public key operation of the local bus are respectively stored in a logical storage space independent of each other in a physical memory. 9、如权利要求4所述的安全处理方法,其特征在于,所述系统总线的公钥运算输入数据为非关键公钥运算输入数据,所述本地总线的公钥运算输入数据为关键公钥运算输入数据。9. The security processing method according to claim 4, wherein the input data of the public key operation of the system bus is non-key public key operation input data, and the public key operation input data of the local bus is a key public key Compute input data. 10、如权利要求4所述的安全处理方法,其特征在于,所述运算控制信号包含有输入参数属性信息,用于指示公钥运算输入数据的存储位置。10. The security processing method according to claim 4, wherein the operation control signal includes input parameter attribute information, which is used to indicate the storage location of the input data of the public key operation.
CN200610034790A 2006-03-28 2006-03-28 Safety processing device and method for public key operation data Expired - Fee Related CN100581163C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN200610034790A CN100581163C (en) 2006-03-28 2006-03-28 Safety processing device and method for public key operation data
PCT/CN2007/000986 WO2007109997A1 (en) 2006-03-28 2007-03-27 Device, method and system of data security processing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200610034790A CN100581163C (en) 2006-03-28 2006-03-28 Safety processing device and method for public key operation data

Publications (2)

Publication Number Publication Date
CN1859413A true CN1859413A (en) 2006-11-08
CN100581163C CN100581163C (en) 2010-01-13

Family

ID=37298275

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200610034790A Expired - Fee Related CN100581163C (en) 2006-03-28 2006-03-28 Safety processing device and method for public key operation data

Country Status (2)

Country Link
CN (1) CN100581163C (en)
WO (1) WO2007109997A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE217108T1 (en) * 1998-01-14 2002-05-15 Irdeto Access Bv INTEGRATED CIRCUIT AND CHIP CARD HAVING SUCH A CIRCUIT
US7289632B2 (en) * 2003-06-03 2007-10-30 Broadcom Corporation System and method for distributed security
US8028164B2 (en) * 2004-03-19 2011-09-27 Nokia Corporation Practical and secure storage encryption
CN1331017C (en) * 2005-03-23 2007-08-08 联想(北京)有限公司 Safety chip

Also Published As

Publication number Publication date
WO2007109997A1 (en) 2007-10-04
CN100581163C (en) 2010-01-13

Similar Documents

Publication Publication Date Title
EP3291122B1 (en) Anti-rollback version upgrade in secured memory chip
EP3629205A1 (en) Method for the integrated use of a secondary cloud resource
WO2020164211A1 (en) Data transmission method and apparatus, terminal device and medium
CN103150524B (en) A kind of safe storage chip, system and authentication method thereof
CN1838142A (en) USB device with data memory and intelligent secret key and control method thereof
CN111917551B (en) Handle access protection method and system based on certificateless public key
CN200994141Y (en) Network encryption card with PCI interface
CN1808456A (en) Method of adding trusted platform on portable terminal
Huang et al. Multimedia storage security in cloud computing: An overview
CN110598429A (en) Data encryption storage and reading method, terminal equipment and storage medium
CN112866236B (en) Internet of things identity authentication system based on simplified digital certificate
CN102882933B (en) A kind of encryption cloud storage system
CN1286286C (en) Method for implementing secret communication and encryption apparatus thereof
CN115659378A (en) Evidence storage method and related equipment for case record information
CN1808457A (en) Portable trusted platform module supporting remote dynamic management
EP4354329B1 (en) Boot verification method and related apparatus
CN1859413A (en) Safety processing device and method for public key operation data
CN104486311B (en) A kind of remote data integrity inspection method for supporting scalability
CN111400270A (en) Block chain-based file time service method and device
CN114978545B (en) Heterogeneous alliance chain-oriented cross-chain primitive generation method and related device
CN117349685A (en) Clustering method, system, terminal and medium for communication data
CN110543774A (en) A method and system for protecting XML file privacy data in a cloud environment
CN2914500Y (en) Portable and reliable platform module
CN114792015A (en) Block chain-based streaming data processing method, device, equipment and medium
WO2021223431A1 (en) Mimic storage system and method for data security of industrial control system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100113