阅读说明：本技术 一种基于智能芯片的安全管控方法及系统 (Intelligent chip-based safety management and control method and system ) 是由 庄柳梅 于 2021-09-09 设计创作，主要内容包括：本发明提供了一种基于智能芯片的安全管控方法及系统,其方法包括：根据智能芯片的芯片类型,确定每类型数据的存放区域；向每类型数据的存放区域设置对应的安全管控域；根据控制指令,确定待管控区域,并判断控制指令是否满足对应待管控区域的安全管控域的管控条件,若满足,对待管控区域进行传输数据的安全管控；否则,对不满足管控条件的待管控区域进行显著性提示。通过设置安全管控区域以及对控制指令是否满足管控条件的判断,便于对智能芯片进行有效管控,可提高其的安全性。(The invention provides a safety management and control method and a system based on an intelligent chip, wherein the method comprises the following steps: determining a storage area of each type of data according to the chip type of the intelligent chip; setting a corresponding safety control domain for the storage region of each type of data; determining a region to be controlled according to the control instruction, judging whether the control instruction meets the control condition of a safety control region corresponding to the region to be controlled, and if so, performing safety control on transmission data of the region to be controlled; otherwise, carrying out significance prompt on the area to be controlled which does not meet the control conditions. Through setting up the safety control region and the judgement whether control instruction satisfies the management and control condition, be convenient for effectively manage and control intelligent chip, can improve its security.)

1. A safety management and control method based on an intelligent chip is characterized by comprising the following steps:

step 1: determining a storage area of each type of data according to the chip type of the intelligent chip;

step 2: setting a corresponding safety control domain for the storage region of each type of data;

and step 3: determining a region to be controlled according to a control instruction, judging whether the control instruction meets the control condition of a safety control region corresponding to the region to be controlled, and if so, performing safety control on transmission data of the region to be controlled;

otherwise, carrying out significance prompt on the area to be controlled which does not meet the control conditions.

2. The smart chip based security management method of claim 1, wherein step 1: determining a storage area of each type of data according to the chip type of the intelligent chip, wherein the storage area comprises the following steps:

obtaining the chip attribute of the intelligent chip, and determining the chip type according to the chip attribute;

acquiring related transmission data from a chip management database according to the chip type, and performing data type analysis on the transmission data to obtain the receivable data type of the intelligent chip;

acquiring a background log which is correspondingly generated when the intelligent chip receives the transmission data from the chip management database, determining the storage position of each type of data which can be received, and performing first marking;

and obtaining a storage area of the corresponding type data according to the first labeling result.

3. The method for security management and control based on smart chip as claimed in claim 1, wherein obtaining the background log generated by the smart chip when receiving the transmission data, and determining the storage location of each type of data that can be received comprises:

extracting a position set occupied by the same type of transmission data in the intelligent chip from the background log;

according to the position sets of different types of transmission data, carrying out multiple calibration on the position of the intelligent chip to obtain multiple types of data which can be stored correspondingly at the same position;

determining the data component of each type of data in the multiple types of data which can be stored correspondingly at the same position based on corresponding transmission, and further determining the data weight based on the corresponding transmission process;

determining data weights related to different transmission processes corresponding to the same position, determining a biased data type corresponding to the same position, and determining the maximum data capacity of each biased data type corresponding to the same position according to data components;

performing second labeling on the same corresponding position according to the type of the biased data and the maximum data capacity, wherein the color classification quantity of the second labeling is related to the type quantity of the biased data type;

and taking the second labeling result as a primary screening, and taking the multiple calibration result as a secondary screening to screen the same type of colors as the storage positions of the same type of data, thereby obtaining the storage position of each type of data.

4. The smart chip based security management method of claim 1, wherein after determining the storage area for each type of data in step 1, further comprising: performing a security check on the storage area, comprising:

performing area detection on the storage area to obtain inherent area information and changed area information of the storage area;

carrying out format conversion on the inherent region information and the changed region information according to a preset conversion rule to obtain corresponding first region characters and second region characters;

comparing the first region character to a standard region character;

if the two are completely consistent, determining the influence of the second region character on the region change of the corresponding storage region, simultaneously determining the position connection relation between the second region character and the first region character, and acquiring the character influence of the second region character on the first region character;

carrying out safety check on the region change influence result and the character influence result, and judging the safety influence behavior on the storage region;

and when the safety influence behavior does not meet the preset safety preset condition, upgrading the inherent area information and the changed area information of the corresponding storage area according to a safety check result to update the storage area in the area safety.

5. The smart chip based security management method of claim 1, wherein step 2: setting a corresponding safety control domain for the storage region of each type of data, including:

determining data transmission frequencies of different index data in corresponding types of data in the storage area and locking relations between the different index data and the storage area;

screening all first index data of which the data transmission frequency is greater than a preset transmission frequency;

determining a first area in which the first index data are stored based on the storage area based on the locking relation, performing first safety analysis on the first area, and performing second safety analysis on the first index data corresponding to the first area;

determining an allowed failure address in the first area based on a first safety analysis result and a second safety analysis result, and determining an allowed failure distribution according to the allowed failure address;

determining concentrated failure distribution of all first index data based on the allowable failure distribution, and determining concentrated distribution information of the concentrated failure distribution and index data information corresponding to the concentrated failure distribution;

determining a second area in which second index data is stored based on a storage area, and judging whether a historical safety protection area exists in the second area;

if yes, obtaining safety protection information of the historical safety protection area;

calling corresponding safety analysis regulations from a safety database according to the centralized distribution information, the safety protection information and the index data information;

constructing a security analysis window based on the security analysis regulations;

and determining an area transmission port of the storage area, adding a security analysis window to the area transmission port, and constructing to obtain a security control area.

6. The smart chip based security management method of claim 1, wherein step 3: according to the control instruction, determining an area to be controlled, including:

acquiring a control instruction transmitted by a transmission end;

performing instruction analysis on the control instruction to obtain a plurality of pieces of information;

matching each piece of sub information with a control analysis database to obtain the control trend of each piece of sub information, and obtaining the control trend of the control instruction according to all the control trends;

and screening the storage area to obtain the area to be controlled according to the control trend.

7. The intelligent chip-based security management and control method of claim 1, wherein the step 3 of determining whether the control instruction satisfies the management and control conditions of the security management and control domain corresponding to the area to be managed and controlled comprises:

calling target information of a safety control domain of the area to be controlled;

performing attribute management and control splitting on the target information to obtain a plurality of first management and control conditions;

performing type management and control splitting on the target information to obtain a plurality of second management and control conditions;

acquiring an overlapping control condition of the first control condition and the second control condition, and acquiring an independent control condition of the first control condition and the second control condition;

distributing corresponding control weights to the overlapping control conditions and the independent control conditions according to the region attributes of the region to be controlled;

and based on the control weight, sequentially ordering the control conditions, and judging whether the control instruction meets the sequentially ordered control conditions.

8. The intelligent chip-based security management and control method according to claim 1, wherein the step 3 of performing security management and control on the area to be managed and controlled for data transmission comprises:

acquiring a transmission identity of a transmission end corresponding to the transmission data, and calling a security control set from a security control database according to the transmission identity;

according to the data attribute of the transmission data, matching corresponding safety control business from the safety control set, and carrying out data safety specification on the transmission data based on the safety control business;

if the data with unqualified safety specifications exist, acquiring a corresponding service control execution result, feeding the result back to a transmission end, and acquiring a control scheme corresponding to the service control execution result;

if the control scheme is self-control, safety control is carried out on the data which are not qualified in the safety specification;

if the management and control scheme is the management and control of the transmission terminal, the transmission terminal attaches security permission to the newly acquired corresponding data according to the security region management and control condition of the region to be managed and controlled to replace security non-standard qualified data.

9. The intelligent chip-based security management and control method of claim 1, wherein the step 3 of performing significance prompting on the area to be managed which does not satisfy the management and control condition comprises the following steps:

acquiring a control condition that the area to be controlled does not satisfy;

acquiring a display mark corresponding to the unsatisfied control condition according to a condition-mark mapping table;

determining that the unsatisfied management and control conditions are based on the domain occupation weight and the domain occupation position of the corresponding safety management and control domain;

acquiring a significant prediction standard of the domain occupation weight based on a resource database;

constructing a domain display structure diagram according to the significant prediction standard and the domain occupied position;

and establishing the area relation between the domain display structure chart and the corresponding area to be controlled, and carrying out significance prompt.

10. The utility model provides a safe management and control system based on intelligent chip which characterized in that includes:

the determining module is used for determining the storage area of each type of data according to the chip type of the intelligent chip;

the setting module is used for setting a corresponding safety control domain for the storage region of each type of data;

the management and control module is used for determining a region to be managed and controlled according to a control instruction, judging whether the control instruction meets the management and control conditions of a safety management and control region corresponding to the region to be managed and controlled, and if so, performing safety management and control on transmission data of the region to be managed and controlled;

otherwise, carrying out significance prompt on the area to be controlled which does not meet the control conditions.

Technical Field

The invention relates to the technical field of intelligent safety control, in particular to a safety control method and a safety control system based on an intelligent chip.

Background

There are many classifications of smart chips, and the classifications may vary depending on the application. The smart chip generally functions with the sensing system and the power transmission system to compensate each other. The respective advantages are exerted. The general intelligent chip is equivalent to a single chip microcomputer and is responsible for processing the collected induction models, and then the electric motor is driven by the electric switch to transmit instructions to the transmission system to complete the initial effect.

Moreover, the intelligent chip is taken as the basis of many experiments, the importance of the intelligent chip is conceivable, and in the process of using the intelligent chip, an instruction is set in advance to realize the function to be expressed, but in the implementation process, because the safety of the intelligent chip is low, the intelligent chip may be influenced by external interference or burst factors, so that the function expression is wrong, and in order to avoid the occurrence of similar conditions, the invention provides a safety management and control method and a safety management and control system based on the intelligent chip.

Disclosure of Invention

The invention provides a safety control method and a safety control system based on an intelligent chip, which are used for setting a safety control area and judging whether a control instruction meets a control condition, so that the intelligent chip is conveniently and effectively controlled, and the safety of the intelligent chip can be improved.

The invention provides a safety management and control method based on an intelligent chip, which comprises the following steps:

step 1: determining a storage area of each type of data according to the chip type of the intelligent chip;

step 2: setting a corresponding safety control domain for the storage region of each type of data;

and step 3: determining a region to be controlled according to a control instruction, judging whether the control instruction meets the control condition of a safety control region corresponding to the region to be controlled, and if so, performing safety control on transmission data of the region to be controlled;

otherwise, carrying out significance prompt on the area to be controlled which does not meet the control conditions.

In one possible way of realisation,

step 1: determining a storage area of each type of data according to the chip type of the intelligent chip, wherein the storage area comprises the following steps:

obtaining the chip attribute of the intelligent chip, and determining the chip type according to the chip attribute;

acquiring related transmission data from a chip management database according to the chip type, and performing data type analysis on the transmission data to obtain the receivable data type of the intelligent chip;

acquiring a background log which is correspondingly generated when the intelligent chip receives the transmission data from the chip management database, determining the storage position of each type of data which can be received, and performing first marking;

and obtaining a storage area of the corresponding type data according to the first labeling result.

In one possible way of realisation,

acquiring a background log correspondingly generated when the intelligent chip receives the transmission data, and determining the storage position of each type of data which can be received, wherein the method comprises the following steps:

extracting a position set occupied by the same type of transmission data in the intelligent chip from the background log;

according to the position sets of different types of transmission data, carrying out multiple calibration on the position of the intelligent chip to obtain multiple types of data which can be stored correspondingly at the same position;

determining the data component of each type of data in the multiple types of data which can be stored correspondingly at the same position based on corresponding transmission, and further determining the data weight based on the corresponding transmission process;

determining data weights related to different transmission processes corresponding to the same position, determining a biased data type corresponding to the same position, and determining the maximum data capacity of each biased data type corresponding to the same position according to data components;

performing second labeling on the same corresponding position according to the type of the biased data and the maximum data capacity, wherein the color classification quantity of the second labeling is related to the type quantity of the biased data type;

and taking the second labeling result as a primary screening, and taking the multiple calibration result as a secondary screening to screen the same type of colors as the storage positions of the same type of data, thereby obtaining the storage position of each type of data.

In one possible way of realisation,

step 1, after determining the storage area of each type of data, further comprising: performing a security check on the storage area, comprising:

performing area detection on the storage area to obtain inherent area information and changed area information of the storage area;

carrying out format conversion on the inherent region information and the changed region information according to a preset conversion rule to obtain corresponding first region characters and second region characters;

comparing the first region character to a standard region character;

if the two are completely consistent, determining the influence of the second region character on the region change of the corresponding storage region, simultaneously determining the position connection relation between the second region character and the first region character, and acquiring the character influence of the second region character on the first region character;

carrying out safety check on the region change influence result and the character influence result, and judging the safety influence behavior on the storage region;

and when the safety influence behavior does not meet the preset safety preset condition, upgrading the inherent area information and the changed area information of the corresponding storage area according to a safety check result to update the storage area in the area safety.

In one possible way of realisation,

step 2: setting a corresponding safety control domain for the storage region of each type of data, including:

determining data transmission frequencies of different index data in corresponding types of data in the storage area and locking relations between the different index data and the storage area;

screening all first index data of which the data transmission frequency is greater than a preset transmission frequency;

determining a first area in which the first index data are stored based on the storage area based on the locking relation, performing first safety analysis on the first area, and performing second safety analysis on the first index data corresponding to the first area;

determining an allowed failure address in the first area based on a first safety analysis result and a second safety analysis result, and determining an allowed failure distribution according to the allowed failure address;

determining concentrated failure distribution of all first index data based on the allowable failure distribution, and determining concentrated distribution information of the concentrated failure distribution and index data information corresponding to the concentrated failure distribution;

determining a second area in which second index data is stored based on a storage area, and judging whether a historical safety protection area exists in the second area;

if yes, obtaining safety protection information of the historical safety protection area;

calling corresponding safety analysis regulations from a safety database according to the centralized distribution information, the safety protection information and the index data information;

constructing a security analysis window based on the security analysis regulations;

and determining an area transmission port of the storage area, adding a security analysis window to the area transmission port, and constructing to obtain a security control area.

In one possible way of realisation,

and step 3: according to the control instruction, determining an area to be controlled, including:

acquiring a control instruction transmitted by a transmission end;

performing instruction analysis on the control instruction to obtain a plurality of pieces of information;

matching each piece of sub information with a control analysis database to obtain the control trend of each piece of sub information, and obtaining the control trend of the control instruction according to all the control trends;

and screening the storage area to obtain the area to be controlled according to the control trend.

In one possible way of realisation,

step 3, judging whether the control instruction meets the control condition of the safety control domain corresponding to the area to be controlled, including:

calling target information of a safety control domain of the area to be controlled;

performing attribute management and control splitting on the target information to obtain a plurality of first management and control conditions;

performing type management and control splitting on the target information to obtain a plurality of second management and control conditions;

acquiring an overlapping control condition of the first control condition and the second control condition, and acquiring an independent control condition of the first control condition and the second control condition;

distributing corresponding control weights to the overlapping control conditions and the independent control conditions according to the region attributes of the region to be controlled;

and based on the control weight, sequentially ordering the control conditions, and judging whether the control instruction meets the sequentially ordered control conditions.

In one possible way of realisation,

and 3, performing safety control on the data transmission of the area to be controlled, wherein the safety control comprises the following steps:

acquiring a transmission identity of a transmission end corresponding to the transmission data, and calling a security control set from a security control database according to the transmission identity;

according to the data attribute of the transmission data, matching corresponding safety control business from the safety control set, and carrying out data safety specification on the transmission data based on the safety control business;

if the data with unqualified safety specifications exist, acquiring a corresponding service control execution result, feeding the result back to a transmission end, and acquiring a control scheme corresponding to the service control execution result;

if the control scheme is self-control, safety control is carried out on the data which are not qualified in the safety specification;

if the management and control scheme is the management and control of the transmission terminal, the transmission terminal attaches security permission to the newly acquired corresponding data according to the security region management and control condition of the region to be managed and controlled to replace security non-standard qualified data.

In one possible way of realisation,

step 3, carrying out significance prompt on the area to be controlled which does not meet the control conditions, wherein the significance prompt comprises the following steps:

acquiring a control condition that the area to be controlled does not satisfy;

acquiring a display mark corresponding to the unsatisfied control condition according to a condition-mark mapping table;

determining that the unsatisfied management and control conditions are based on the domain occupation weight and the domain occupation position of the corresponding safety management and control domain;

acquiring a significant prediction standard of the domain occupation weight based on a resource database;

constructing a domain display structure diagram according to the significant prediction standard and the domain occupied position;

and establishing the area relation between the domain display structure chart and the corresponding area to be controlled, and carrying out significance prompt.

The invention provides a safety management and control system based on an intelligent chip, which comprises:

the determining module is used for determining the storage area of each type of data according to the chip type of the intelligent chip;

the setting module is used for setting a corresponding safety control domain for the storage region of each type of data;

the management and control module is used for determining a region to be managed and controlled according to a control instruction, judging whether the control instruction meets the management and control conditions of a safety management and control region corresponding to the region to be managed and controlled, and if so, performing safety management and control on transmission data of the region to be managed and controlled;

otherwise, carrying out significance prompt on the area to be controlled which does not meet the control conditions.

Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:

FIG. 1 is a flowchart of a security management method based on an intelligent chip according to an embodiment of the present invention;

FIG. 2 is a block diagram of a security management and control system based on an intelligent chip according to an embodiment of the present invention;

FIG. 3 is a block diagram of a region character in an embodiment of the present invention;

FIG. 4 is a distribution diagram of the first region and the second region according to an embodiment of the present invention.

Detailed Description

The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.

Example 1:

the invention provides a safety control method based on an intelligent chip, as shown in figure 1, comprising the following steps:

step 1: determining a storage area of each type of data according to the chip type of the intelligent chip;

step 2: setting a corresponding safety control domain for the storage region of each type of data;

and step 3: determining a region to be controlled according to a control instruction, judging whether the control instruction meets the control condition of a safety control region corresponding to the region to be controlled, and if so, performing safety control on transmission data of the region to be controlled;

otherwise, carrying out significance prompt on the area to be controlled which does not meet the control conditions.

In this embodiment, the chip type of the smart chip may be determined according to chip functions, such as: communication chips, sensing chips, processing chips, etc. are distinguished by the functions of communication, sensing, data processing, etc., and thus the types of data received or transmitted by chips of different functions may be different, such as: the communication chip receives or transmits some instructions, and the data type of the transmission content corresponding to the instructions can be data distinguished according to the types of images, characters, sounds and the like.

In this embodiment, for example, the type data related to the control chip includes: the image and text type data may be in an area 1 corresponding to the control chip, and the sound type data may be in an area 2 corresponding to the control chip, so that the area 1 and the area 2 are set with security control areas.

In this embodiment, a control instruction, for example, needs to store some information in an area 3 in a memory chip, at this time, the area 3 is an area to be controlled, and a security control area of the area to be controlled is set on a data interface corresponding to the area 3, and may be implemented as a related security control constraint condition, so as to execute a related security control operation, at this time, if the control instruction meets the security control constraint condition, data transmission is performed on data that needs to be stored, and the data is subjected to security control, so that dual security control is implemented.

The beneficial effects of the above technical scheme are: through setting up the safety control region and the judgement whether control instruction satisfies the management and control condition, be convenient for effectively manage and control intelligent chip, can improve its security.

Example 2:

based on example 1, step 1: determining a storage area of each type of data according to the chip type of the intelligent chip, wherein the storage area comprises the following steps:

obtaining the chip attribute of the intelligent chip, and determining the chip type according to the chip attribute;

acquiring related transmission data from a chip management database according to the chip type, and performing data type analysis on the transmission data to obtain the receivable data type of the intelligent chip;

acquiring a background log which is correspondingly generated when the intelligent chip receives the transmission data from the chip management database, determining the storage position of each type of data which can be received, and performing first marking;

and obtaining a storage area of the corresponding type data according to the first labeling result.

In this embodiment, the chip attribute is related to a function that the chip can perform, and the chip management database includes: the data of different types of chips involved in the historical process also comprises logs recorded in different historical processes, and all data or part of data of the types of chips can be extracted from the involved data based on the database, so that the transmission data can be obtained.

In this embodiment, each chip may relate to a plurality of data types, and further, by performing data type classification on transmission data, it is ensured that data types receivable by the intelligent chip are effectively obtained.

In this embodiment, the background log is obtained by real-time recording in the background during the process of receiving and transmitting data by the intelligent chip, and the background log includes information related to the storage location of each type of data, for example, the data of type 1 is stored at the location p and the location u, and at this time, the storage area of type 1 is obtained by performing first labeling on the locations p and u.

In this embodiment, the first label may be simply distinguished by a color label.

The beneficial effects of the above technical scheme are: the transmission data is obtained through the chip type, the receivable data types are calculated reversely, the corresponding storage positions are obtained through the background logs, the first marking is carried out, the storage area is effectively obtained, and an area basis is provided for subsequently improving the safety of the chip.

Example 3:

based on embodiment 2, obtaining a background log correspondingly generated when the smart chip receives the transmission data, and determining a storage location of each type of data that can be received, includes:

extracting a position set occupied by the same type of transmission data in the intelligent chip from the background log;

according to the position sets of different types of transmission data, carrying out multiple calibration on the position of the intelligent chip to obtain multiple types of data which can be stored correspondingly at the same position;

determining the data component of each type of data in the multiple types of data which can be stored correspondingly at the same position based on corresponding transmission, and further determining the data weight based on the corresponding transmission process;

determining data weights related to different transmission processes corresponding to the same position, determining a biased data type corresponding to the same position, and determining the maximum data capacity of each biased data type corresponding to the same position according to data components;

performing second labeling on the same corresponding position according to the type of the biased data and the maximum data capacity, wherein the color classification quantity of the second labeling is related to the type quantity of the biased data type;

and taking the second labeling result as a primary screening, and taking the multiple calibration result as a secondary screening to screen the same type of colors as the storage positions of the same type of data, thereby obtaining the storage position of each type of data.

In this embodiment, the data component is the specific content of the data at the time of transmission, and the weight of the data in the transmission process is determined according to the specific content of the data.

In this embodiment, a biased data type may be determined according to a magnitude relationship of data weights, where the larger the weight is, the more the corresponding data type tends to be biased towards the data type, and the capacity of the corresponding content is also determined according to the specific content.

In this embodiment, the second label is selected based on the first label, and the number of color classifications of the second label is equal to the type quantity of the type of the deviation data, such as: if 2 biased data types exist, different color labels are respectively carried out on the 2 biased data types.

In this embodiment, for multiple calibration results: there are 3 positions, there are three types of data a1, a2, a3 in the first position, two types of data a4, a3 in the second position, and three types of data a4, a7, a8 in the second position, and at this time, color is repeatedly calibrated according to the type of each position.

In this embodiment, for example: primary screening for the second annotation result: a1, a2 for the first position, a4 for the second position, a7, a8 for the third position.

At this point, a secondary screen was performed for multiple calibration results: there is a3 for the first position, a3 for the second position, and a4 for the third position.

At this time, the corresponding same type position: such as: a1, a2 and a3 are at the first position, a4 is at the second position, a7 and a8 is at the third position, wherein for secondary screening, the judgment can be carried out according to the weight of the data, if the weight of the data does not reach the preset weight standard, at the moment, the corresponding type of data is removed, so that the data which is finally transmitted and received corresponding to the same position is ensured to be valid and used for analysis, and by removing some data, the effective analysis of the data in the storage position can be ensured to be carried out subsequently, and the analysis efficiency is improved.

For example, according to the background log analysis, the second location may store two types of data, a4 and a3, but the second location does not need to perform security control and protection for the a3 type of data, and therefore, the second location may directly read the a3 type of data in the storage area of the a4 type of data, which may reduce the amount of data for security control, and further provide security control efficiency.

The beneficial effects of the above technical scheme are: through carrying out multiple marking to same position to on the basis of multiple marking, carry out the second marking, guarantee the effective division to data area, provide the data basis for the safety control of chip.

Example 4:

based on embodiment 1, step 1, after determining the storage area of each type of data, further includes: performing a security check on the storage area, comprising:

performing area detection on the storage area to obtain inherent area information and changed area information of the storage area;

carrying out format conversion on the inherent region information and the changed region information according to a preset conversion rule to obtain corresponding first region characters and second region characters;

comparing the first region character to a standard region character;

if the two are completely consistent, determining the influence of the second region character on the region change of the corresponding storage region, simultaneously determining the position connection relation between the second region character and the first region character, and acquiring the character influence of the second region character on the first region character;

carrying out safety check on the region change influence result and the character influence result, and judging the safety influence behavior on the storage region;

and when the safety influence behavior does not meet the preset safety preset condition, upgrading the inherent area information and the changed area information of the corresponding storage area according to a safety check result to update the storage area in the area safety.

In this embodiment, the area detection is to acquire some component information inherent to the storage area itself, for example, the address information of the storage area is 0001-.

In this embodiment, the preset conversion rule is to convert information formats of information such as default information and structure, for example, to convert digital information into character information, so as to unify formats and facilitate effective comparison of characters in the following.

In this embodiment, the standard region character is a standard comparison character set by the chip factory, and is for comparison with the first region character, and when the first region character is completely consistent with the standard region character, at this time, by changing the region information, the influence on the storage region may be effectively determined, for example, by changing, the storage of the chip is safer, and the like.

In this embodiment, the first region character may be located in the middle of some positions in the first region character, or there may be a gap from the position of the first region character, and the influence of the second region character on the first region character may be obtained, and the character influence is, for example: the first region character is qqweer, the second region character is kk, at this time, as shown in fig. 3, the middle position of the second region character in the first region character is a position connection relationship, at this time, an influence of the second region character on the first region character can be obtained, the character influence refers to an influence of the second region character connected to the middle position of the first region character on the first region character, for example, the storage sequence of the data type is changed.

In this embodiment, the security impact behavior is obtained by performing security check on the two impacts, for example, the impact behavior on the storage sequence of the storage area, the area impact behavior of the storage area, and the like, and the security impact behavior is an unsafe behavior caused to the storage area.

In this embodiment, the preset safety preset condition is preset to judge the safety influence behavior, and the related information is updated or upgraded according to the safety check result, so as to ensure the safety of the storage area.

The beneficial effects of the above technical scheme are: the character comparison is carried out by acquiring two kinds of information of the storage area, the influence result is verified by acquiring, the safety influence behavior is acquired, the storage area is effectively and safely controlled by upgrading the related information, and a basis is provided for the safety control of the chip.

Example 5:

based on the example 1, the step 2: setting a corresponding safety control domain for the storage region of each type of data, including:

determining data transmission frequencies of different index data in corresponding types of data in the storage area and locking relations between the different index data and the storage area;

screening all first index data of which the data transmission frequency is greater than a preset transmission frequency;

determining a first area in which the first index data are stored based on the storage area based on the locking relation, performing first safety analysis on the first area, and performing second safety analysis on the first index data corresponding to the first area;

determining an allowed failure address in the first area based on a first safety analysis result and a second safety analysis result, and determining an allowed failure distribution according to the allowed failure address;

determining concentrated failure distribution of all first index data based on the allowable failure distribution, and determining concentrated distribution information of the concentrated failure distribution and index data information corresponding to the concentrated failure distribution;

determining a second area in which second index data is stored based on a storage area, and judging whether a historical safety protection area exists in the second area;

if yes, obtaining safety protection information of the historical safety protection area;

calling corresponding safety analysis regulations from a safety database according to the centralized distribution information, the safety protection information and the index data information;

constructing a security analysis window based on the security analysis regulations;

and determining an area transmission port of the storage area, adding a security analysis window to the area transmission port, and constructing to obtain a security control area.

In this embodiment, the locking relationship is the storage area corresponding to different index data, and at this time, the locking relationship is based on the relationship between the two.

In this embodiment, the preset transmission frequency is preset.

In this embodiment, the first area is a storage location of the first index data in the storage area, and the size of the first area is smaller than the size of the storage area.

In this embodiment, the safety resolution is to obtain unsafe factors, such as address unsafe factors, and the allowable invalid address may be effectively determined according to the resolution result, for example, the address of the storage area is 0001-.

In this embodiment, as shown in fig. 4, the first area is f1, the corresponding address is 0001-. The storage area includes a first area and a second area, the second area is f2, and the safety protection information is safety protection information.

In this embodiment, the security database is preset, and includes security analysis regulations corresponding to the centralized distribution information, the security protection information, and the index data information, that is, security analysis conditions, so as to construct a security analysis window according to the security analysis conditions.

In this embodiment, in the centralized failure distribution, some index data may be involved, and index data information may be obtained.

In this embodiment, the first index data refers to index data with a data transmission frequency greater than a preset transmission frequency, the index data information refers to index data in a centralized failure distribution in the first index data, and the second index data is remaining index data excluding the first index data from all different index data.

In this embodiment, the historical safety zone may be part of the second zone.

The beneficial effects of the above technical scheme are: the method comprises the steps of carrying out safety analysis by determining first index data and corresponding first areas, effectively determining allowable failure distribution of the first areas, preliminarily acquiring index data information and centralized failure distribution, obtaining safety protection information through the second areas, calling safety analysis regulations through three kinds of information, constructing an analysis window, facilitating obtaining of a safety control area and facilitating improvement of safety of a chip.

Example 6:

based on the example 1, the step 3: according to the control instruction, determining an area to be controlled, including:

acquiring a control instruction transmitted by a transmission end;

performing instruction analysis on the control instruction to obtain a plurality of pieces of information;

matching each piece of sub information with a control analysis database to obtain the control trend of each piece of sub information, and obtaining the control trend of the control instruction according to all the control trends;

and screening the storage area to obtain the area to be controlled according to the control trend.

In this embodiment, the control trend refers to a separate control operation that needs to be performed for each piece of sub information.

In this embodiment, the control trend refers to a total control operation of the entire control instruction, for example, instruction format conversion is required, and at this time, a region to be controlled in the storage region, which is related to the instruction format conversion, is obtained.

The beneficial effects of the above technical scheme are: the single sub-information is acquired by performing instruction analysis on the control instruction, and the control trend is comprehensively acquired through each control trend, so that the reliability of the area to be controlled is ensured to be acquired.

Example 7:

based on embodiment 1, step 3, determining whether the control instruction satisfies a control condition of a security control domain corresponding to the area to be controlled, includes:

calling target information of a safety control domain of the area to be controlled;

performing attribute management and control splitting on the target information to obtain a plurality of first management and control conditions;

performing type management and control splitting on the target information to obtain a plurality of second management and control conditions;

acquiring an overlapping control condition of the first control condition and the second control condition, and acquiring an independent control condition of the first control condition and the second control condition;

distributing corresponding control weights to the overlapping control conditions and the independent control conditions according to the region attributes of the region to be controlled;

and based on the control weight, sequentially ordering the control conditions, and judging whether the control instruction meets the sequentially ordered control conditions.

In this embodiment, the target information may be security constraint information of a security management and control domain, and the security constraint information is split by performing attribute management and control splitting, such as management and control splitting of a security level, to obtain a condition 1, a condition 2, and a condition 4; splitting safety constraint information by performing type management and control splitting, such as image and character types, to obtain a condition 1, a condition 3 and a condition 5;

at this time, the acquired overlap management and control conditions are condition 1, the independent management and control conditions are condition 2 and condition 4 in the first management and control condition, and condition 3 and condition 5 in the second management and control condition.

In this embodiment, for example, the area attribute of the area to be managed is mainly used for data storage, at this time, the corresponding condition 1 is not related to storage, the remaining conditions are related to storage, and management and control weights may be assigned to different conditions according to the correlation with storage.

The beneficial effects of the above technical scheme are: different management and control splits are carried out according to target information of a safety management and control domain to obtain different management and control conditions, relevant weights are given through overlapping and independent judgment, whether control instructions meet or not is judged in sequence through sequential sequencing, rationality and pertinence of judgment are guaranteed conveniently, and safety of a chip is indirectly improved.

Example 8:

based on embodiment 1, step 3 is to perform security control of data transmission on the to-be-controlled area, and includes:

acquiring a transmission identity of a transmission end corresponding to the transmission data, and calling a security control set from a security control database according to the transmission identity;

according to the data attribute of the transmission data, matching corresponding safety control business from the safety control set, and carrying out data safety specification on the transmission data based on the safety control business;

if the data with unqualified safety specifications exist, acquiring a corresponding service control execution result, feeding the result back to a transmission end, and acquiring a control scheme corresponding to the service control execution result;

if the control scheme is self-control, safety control is carried out on the data which are not qualified in the safety specification;

if the management and control scheme is the management and control of the transmission terminal, the transmission terminal attaches security permission to the newly acquired corresponding data according to the security region management and control condition of the region to be managed and controlled to replace security non-standard qualified data.

In this embodiment, the security management and control set includes a plurality of security management and control services, and is mainly used to perform security specification on the transmission data and avoid data errors.

In this embodiment, the self-management refers to automatic security management and control of the security specification unqualified data, and does not need human participation.

The beneficial effects of the above technical scheme are: through carrying out the safety standard to transmission data, subsequent safety control of being convenient for, and distinguish the management and control scheme, carry out different management and control operations, guarantee the validity of data, further improve the security of chip.

Example 9:

based on embodiment 1, step 3 is to perform significance prompt on the to-be-controlled area that does not satisfy the control condition, and includes:

acquiring a control condition that the area to be controlled does not satisfy;

acquiring a display mark corresponding to the unsatisfied control condition according to a condition-mark mapping table;

determining that the unsatisfied management and control conditions are based on the domain occupation weight and the domain occupation position of the corresponding safety management and control domain;

acquiring a significant prediction standard of the domain occupation weight based on a resource database;

constructing a domain display structure diagram according to the significant prediction standard and the domain occupied position;

and establishing the area relation between the domain display structure chart and the corresponding area to be controlled, and carrying out significance prompt.

In this embodiment, the condition-flag mapping table includes the management and control conditions and flags set for each management and control condition, and the security management and control weights of different management and control conditions in the security management and control domain are different, so that the total management and control weight of all the unsatisfied management and control conditions is obtained, that is, the domain occupancy weight.

In this embodiment, the domain occupation positions refer to that the management and control conditions are set in order, where the unsatisfied management and control conditions may be 1, 7, and 10 of the set order, and at this time, 1, 7, and 10 are the domain occupation positions.

In this embodiment, the resource database includes the domain occupation weight and the significant prediction standard, and the domain display structure diagram may be constructed according to the significant prediction standard and the domain occupation location.

The beneficial effects of the above technical scheme are: by acquiring the display mark and acquiring the significance prediction standard of the domain occupation weight, a display structure diagram is constructed based on the domain occupation position to display significance, so that the prompt is facilitated.

The invention provides a safety management and control system based on an intelligent chip, as shown in figure 2, comprising:

the determining module is used for determining the storage area of each type of data according to the chip type of the intelligent chip;

the setting module is used for setting a corresponding safety control domain for the storage region of each type of data;

the management and control module is used for determining a region to be managed and controlled according to a control instruction, judging whether the control instruction meets the management and control conditions of a safety management and control region corresponding to the region to be managed and controlled, and if so, performing safety management and control on transmission data of the region to be managed and controlled;

otherwise, carrying out significance prompt on the area to be controlled which does not meet the control conditions.

The beneficial effects of the above technical scheme are: through setting up the safety control region and the judgement whether control instruction satisfies the management and control condition, be convenient for effectively manage and control intelligent chip, can improve its security.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.