Method for accessing data and related circuit
阅读说明:本技术 用以存取数据的方法以及相关电路 (Method for accessing data and related circuit ) 是由 黄建兴 于 2018-06-28 设计创作,主要内容包括:一种用以存取一数据的方法,应用于一数据存取系统,该方法包含:依据该数据对应的一虚拟地址进行查表以得到一物理地址、一属性参数以及一密钥信息;依据一触发信号产生一密钥;依据该密钥信息储存该密钥;依据该属性参数判断该数据是否满足一加密条件;以及当该数据满足该加密条件时,依据该密钥对该数据执行一加密操作以产生一加密数据,以供该数据存取系统依据该物理地址将该加密数据写入该存储器。(A method for accessing a data is applied to a data access system and comprises the steps of looking up a table according to a virtual address corresponding to the data to obtain a physical address, an attribute parameter and key information; generating a key according to a trigger signal; storing the key according to the key information; judging whether the data meets an encryption condition according to the attribute parameters; and when the data meets the encryption condition, performing an encryption operation on the data according to the secret key to generate encrypted data so that the data access system writes the encrypted data into the memory according to the physical address.)
1. A method for accessing data from a memory, the method being applied to a data access system, the method comprising:
performing table lookup according to a virtual address corresponding to the data to obtain a physical address, an attribute parameter and key information;
generating a key according to a trigger signal;
storing the key according to the key information;
judging whether the data meets an encryption condition according to the attribute parameters; and
when the data meets the encryption condition, an encryption operation is executed on the data according to the secret key to generate encrypted data, so that the data access system can write the encrypted data into the memory according to the physical address.
2. The method of claim 1, wherein the step of performing the encryption operation on the data according to the secret key to generate the encrypted data comprises:
the encryption operation is performed on the data using the physical address and the key to generate the encrypted data.
3. The method of claim 1, wherein the physical address is a first physical address, the method further comprising:
performing table lookup according to the virtual address to obtain a second physical address, wherein the step of performing the encryption operation on the data according to the key to generate the encrypted data comprises:
the encryption operation is performed on the data using the first physical address, the second physical address and the key to generate the encrypted data.
4. The method of claim 1, wherein the physical address is a first physical address, the key information is first key information, and the key is a first key, the method further comprising:
looking up a table according to the virtual address to obtain a second physical address and second key information;
generating a second key according to the trigger signal; and
storing the second key according to the second key information, wherein the step of performing the encryption operation on the data according to the first key to generate the encrypted data comprises:
the encryption operation is performed on the data using the first key and the second key to generate the encrypted data.
5. The method of claim 1, further comprising:
when the data does not meet the encryption condition, looking up a table according to range information in the attribute parameters to obtain authority information; and
and when the permission information indicates that the data access system has a write permission aiming at the physical address, writing the data into the memory according to the physical address.
6. The method of claim 1, further comprising:
looking up a table according to the key information to obtain the key;
reading the encrypted data from the memory according to the physical address; and
and executing a decryption operation on the encrypted data according to the secret key to generate the data.
7. The method of claim 6, wherein the step of performing the decryption operation on the encrypted data according to the key to generate the data comprises:
the decryption operation is performed on the encrypted data using the physical address and the key to generate the data.
8. The method of claim 6, wherein the physical address is a first physical address, the method further comprising:
performing table lookup according to the virtual address to obtain a second physical address, wherein the step of performing the decryption operation on the encrypted data according to the key to generate the data comprises:
and executing the decryption operation on the encrypted data according to the first physical address, the second physical address and the secret key to generate the data.
9. The method of claim 6, wherein the physical address is a first physical address, the key information is first key information, and the key is a first key, the method further comprising:
looking up a table according to the virtual address to obtain a second physical address and second key information; and
performing table lookup according to the second key information to obtain the second key, wherein the step of performing the decryption operation on the encrypted data according to the key to generate the data comprises:
the decryption operation is performed on the encrypted data using the first key and the second key to generate the data.
10. The method of claim 6, further comprising:
when the data does not meet the encryption condition, looking up a table according to range information in the attribute parameters to obtain authority information; and
and when the permission information indicates that the physical address of the data access system has a reading permission, reading the data from the memory according to the physical address.
11. An access circuit for performing a data access, wherein the data corresponds to at least one virtual address, comprising:
an address lookup table, wherein the at least one virtual address corresponds to at least one physical address, an attribute parameter and at least one key information stored in the address lookup table;
a judging circuit for receiving the attribute parameter, wherein the judging circuit judges whether the data satisfies an encryption condition according to the attribute parameter;
a key generating circuit for receiving the at least key information, wherein the key generating circuit generates a key corresponding to the key information when data is written; and
and the processing circuit is coupled to the key generation circuit, and when the data meets the encryption condition, the processing circuit generates encrypted data by performing an encryption operation on the data according to the key and writes the encrypted data into a memory according to the physical address.
12. The access circuit of claim 11, wherein the processing circuit performs the encryption operation on the data using the physical address and the key to generate the encrypted data, and writes the encrypted data to the memory according to the physical address.
13. The accessing circuit of claim 11, wherein the physical address is a first physical address, the key information is specific key information, the virtual address further corresponds to a second physical address, and the second physical address corresponds to the specific key information, the key generating circuit generates a specific key corresponding to the specific key information when the data is written, the processing circuit generates the encrypted data by performing the encryption operation on the data according to the specific key when the data satisfies the encryption condition, and writes the encrypted data into the memory according to the first physical address and the second physical address.
14. The access circuit of claim 11 wherein the data comprises a first data and a second data, the encrypted data includes a first encrypted data and a second encrypted data, the physical address is a first physical address, the key information is a first key information, the virtual address corresponds to a second physical address, and the second physical address corresponds to a second key information, the key generating circuit generates a first key corresponding to the first key information and a second key corresponding to the second key information, when the data satisfies the encryption condition, the processing circuit performs the encryption operation on the data to generate the encrypted data according to the first key and the second key, and writing the encrypted data into the memory according to the first physical address and the second physical address.
15. The access circuit of claim 11 wherein the attribute parameter comprises a range information, further comprising:
a permission lookup table for storing a permission information corresponding to the range information;
when the data is written and the judging circuit judges that the data does not accord with the encryption condition, the processing circuit is further used for obtaining the authority information in the authority lookup table according to the range information, and when the authority information indicates that the at least one physical address has a writing authority, the processing circuit writes the data according to the at least one physical address.
16. The access circuit of claim 11, wherein the determining circuit is further configured to determine whether the data satisfies the encryption condition according to the attribute parameter when the data is read, and the processing circuit is further configured to read the encrypted data according to the physical address and perform a decryption operation on the encrypted data according to the key to generate the data when the data satisfies the encryption condition.
17. The access circuit of claim 16, wherein when the data is read and the data satisfies the encryption condition, the processing circuit performs the decryption operation on the encrypted data to generate the data by using the physical address and the key when the encrypted data is generated according to the physical address and the key.
18. The accessing circuit of claim 16, wherein the physical address is a first physical address, the key information is specific key information, the virtual address further corresponds to a second physical address, the second physical address corresponds to the specific key information, when the data is read and the data satisfies the encryption condition, the processing circuit obtains a specific key corresponding to the specific key information, reads the encrypted data according to the first physical address and the second physical address, and performs the decryption operation on the encrypted data according to the specific key to generate the data.
19. The access circuit of claim 16 wherein the data comprises a first data and a second data, the encrypted data includes a first encrypted data and a second encrypted data, the physical address is a first physical address, the key information is a first key information, the virtual address is further corresponding to a second physical address, and the second physical address corresponds to a second key information, when the data is read and the data satisfies the encryption condition, the processing circuit reads the encrypted data according to the first physical address and the second physical address, and obtain a first key corresponding to the first key information and a second key corresponding to the second key information, and performs the decryption operation on the first encrypted data according to the first key to generate the first data, and performing the decryption operation on the second encrypted data according to the second key to generate the second data.
20. The access circuit of claim 16, wherein the attribute parameter comprises a range information, further comprising:
a permission lookup table for storing a permission information corresponding to the range information;
when the data does not satisfy the encryption condition, the processing circuit is further configured to obtain the permission information in the permission lookup table according to the range information in the attribute parameter, and when the permission information indicates that the physical address of the data access system has a read permission, the processing circuit reads the data from the memory according to the physical address.
Technical Field
The present invention relates to a method for accessing data in a memory, and more particularly, to a method and related circuit for encrypting data to achieve protection.
Background
Conventionally, each functional circuit has different permissions for a memory, some circuits only allow writing data into the memory, some circuits only allow reading data from the memory, in order to achieve the efficacy of data security, it is usually determined whether a specific circuit can perform a write/read operation on a specific memory address, for example, when data is to be written into a first memory, a virtual address of the address is usually carried, a write circuit performs a table lookup to a second memory according to the virtual address to obtain a physical address in the memory corresponding to the virtual address, and a processing circuit receives the data and the physical address from the write circuit and performs a table lookup to a third memory according to the physical address to determine whether the write circuit has the permission for writing the physical address, if yes, the processing circuit writes the data into the physical address in the first memory; similarly, when data is to be read from the first memory, a virtual address of the address to be read is usually obtained, a reading circuit firstly performs table lookup to the second memory according to the virtual address to obtain a physical address in the memory corresponding to the virtual address, then a processing circuit receives the physical address from the reading circuit and performs table lookup to the third memory according to the physical address to judge whether the reading circuit has a reading authority for the physical address, and if so, the processing circuit reads the data from the physical address in the first memory and outputs the data to the reading circuit. However, when the data size of a data is large and the corresponding physical addresses are not continuous, the table lookup for each physical address to determine whether the data has the write/read permission is not efficient, and a new circuit architecture is needed for accessing the data.
Disclosure of Invention
Therefore, an objective of the present invention is to provide a method for accessing data and related circuit to solve the above problems.
According to an embodiment of the present invention, a method for accessing data is disclosed, which is applied to a data access system, and comprises performing table lookup according to a virtual address corresponding to the data to obtain a physical address, an attribute parameter and key information; generating a key according to a trigger signal; storing the key according to the key information; judging whether the data meets an encryption condition according to the attribute parameters; and when the data meets the encryption condition, performing an encryption operation on the data according to the secret key to generate encrypted data so that the data access system writes the encrypted data into the memory according to the physical address.
According to an embodiment of the present invention, an access circuit for performing a data access is disclosed, wherein the data corresponds to at least one virtual address, the access circuit comprises an address lookup table, a judgment circuit, a key generation circuit and a processing circuit, wherein the at least one virtual address corresponds to at least one physical address, an attribute parameter and at least one key information stored in the address lookup table; the judging circuit is used for receiving the attribute parameter, wherein the judging circuit judges whether the data meets an encryption condition according to the attribute parameter; the key generating circuit is used for receiving the at least key information, wherein when data is written, the key generating circuit generates a key corresponding to the key information; the processing circuit is coupled to the key generation circuit, wherein when the data meets the encryption condition, the processing circuit performs an encryption operation on the data according to the key to generate encrypted data, and writes the encrypted data into a memory according to the physical address.
Drawings
FIG. 1 is a diagram of a data access system according to an embodiment of the invention.
FIG. 2 is a diagram of an address lookup table in the first memory of FIG. 1.
FIG. 3 is a key lookup table in the second memory of FIG. 1
FIG. 4 is a flow chart of a method of writing data using the data access system shown in FIG. 1.
FIG. 5 is a flow chart of a method of reading data using the data access system shown in FIG. 1.
Description of the symbols
10 data access system
40 access circuit
20 write circuit
30 read circuit
70 third memory
41 first memory
42 judging circuit
43 Key Generation Circuit
44 processing circuit
45 second memory
VA virtual address
PA1, PA2 physical addresses
E1, E2 entries
key _ info1, key _ info2 Key information
att attribute parameter
key1, key2 Key
Crypto encrypted data
400,500 methods
401, 501, 508
DATA
Detailed Description
Fig. 1 is a schematic diagram of a data access system 10 according to an embodiment of the invention, as shown in fig. 1, the data access system 10 includes an
When the
In the present embodiment, a physical address PA represents a page (page) in the
Fig. 2 is a schematic diagram of an address lookup table in the
Fig. 3 is a schematic diagram of a key lookup table in the
Referring to fig. 1 and fig. 3, when the
With reference to fig. 1, the
On the other hand, when the attribute parameter att1 indicates that the DATA does not satisfy the encryption condition, for example, when the bit value of the specific bit in the attribute parameter att1 is '0', it represents that no encryption operation needs to be performed on the DATA, and the
It should be noted that although the physical address PA and the key information key _ info are corresponding to each other in one-to-one manner in the foregoing embodiments, in another embodiment, a virtual address VA corresponding to a DATA may correspond to a plurality of physical addresses, such as the physical addresses PA1 and PA2, and the plurality of physical addresses may correspond to the same key information at the same time. Furthermore, in yet another embodiment, the
Similar to the operation of the
On the other hand, when the attribute parameter att1 indicates that the DATA does not satisfy the encryption condition, the
It should be noted that although in the foregoing embodiment, the attribute parameter att1 and the key information key _ info1 are respectively transmitted to the determining
In addition, in a preferred embodiment, the
FIG. 4 is a flow chart of a
FIG. 5 is a flow chart of a
Step 503 is reading an encrypted data from a memory according to the physical address, and obtaining a key from the key lookup table according to the key information.
In
It should be noted that although the accessing
The above-mentioned embodiments are merely preferred embodiments of the present invention, and all equivalent changes and modifications made by the claims of the present invention should be covered by the scope of the present invention.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:一种面向无人智能装备数据总线的自动订阅方法